chore(release): 2.182.0 #33687
Merged
chore(release): 2.182.0 #33687
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### Issue # Closes #32756 ### Reason for this change The original issue was related to over permissive s3 permissions. Which originally was being caused by what seems to be something related to an undefined `iam.OrgranizationPrincipal` being allowed. However when using 2.178.2, I'm not seeing this particular issue, but the policy that is generated could still be incorrectly created by leaving a blank string. `iam.OrgranizationPrincipal('')` This can be avoided with a simple check. Although this is not a golden solution since it's not able to check if that organization exists, but for the use case it's better than nothing. ### Description of changes Adding a regex check that matches the Organization ID regex pattern in the docs; https://docs.aws.amazon.com/organizations/latest/APIReference/API_Organization.html ``` if (!organizationId.match(/^o-[a-z0-9]{10,32}$/)) { throw new Error(`Expected Organization ID must match regex pattern ^o-[a-z0-9]{10,32}$, received ${organizationId}`); } ``` ### Description of how you validated changes Added a test for bad names ``` test('throw error when Organization ID does not match regex pattern', () => { // GIVEN const shortOrgId = 'o-shortname'; const noOOrgName = 'no-o-name'; const longOrgName = 'o-thisnameistoooooooooooooooooolong'; // THEN expect(() => new iam.OrganizationPrincipal(shortOrgId)).toThrow(`Expected Organization ID must match regex pattern ^o-[a-z0-9]{10,32}$, received ${shortOrgId}`); expect(() => new iam.OrganizationPrincipal(noOOrgName)).toThrow(`Expected Organization ID must match regex pattern ^o-[a-z0-9]{10,32}$, received ${noOOrgName}`); expect(() => new iam.OrganizationPrincipal(longOrgName)).toThrow(`Expected Organization ID must match regex pattern ^o-[a-z0-9]{10,32}$, received ${longOrgName}`); }); ``` ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ted in the same order (#33596) document that we don't guarantee the same order for aspects with the same priority level. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ypes, including EBS and VPC_LATTICE types (#31286) ### Issue # (if applicable) Closes #31289 . ### Reason for this change Only ONE HealthCheckType can be selected for an existing healthCheck property: EC2 or ELB. https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-autoscaling/lib/auto-scaling-group.ts#L233 https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-autoscaling/lib/auto-scaling-group.ts#L2232-L2258 However, the current CFn specification allows multiple health check types to be specified, separated by commas. > A comma-separated value string of one or more health check types. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-autoscaling-autoscalinggroup.html#cfn-autoscaling-autoscalinggroup-healthchecktype Also, besides EC2 and ELB, EBS and VPC_LATTICE can now be configured. > The valid values are EC2, EBS, ELB, and VPC_LATTICE. EC2 is the default health check and cannot be disabled. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-autoscaling-autoscalinggroup.html#cfn-autoscaling-autoscalinggroup-healthchecktype If it was just EC2 and ELB, there would not be a need for multiple specifications. (Because specifying EC2 and another type at the same time would result in [a CFn error](#31286 (comment)). **This means that when specifying an ELB, it is a single specification.**) But the increase in the number of these property types makes multiple specifications necessary. Therefore, **it is good to support the specification of multiple health check types and the addition of new types at the same time.** See the docs for more details. https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html ### Description of changes So, I add a new `HealthChecks` class and `healthChecks` property. - One or more health check types can be selected. - Added EBS and VPC_LATTIC types. And I deprecated the existing `healthCheck` property. ### Description of how you validated changes Unit and integ tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) Fixes #18387, #31012, #24848 Pre-requisite for #16271, #29511 ### Reason for this change For SNS topics with SSE enabled, the grants added by `grantPublish` are insufficient, since they don't include any KMS actions. The SNS docs discuss what's required to publish to an encrypted topic [here](https://docs.aws.amazon.com/sns/latest/dg/sns-key-management.html#sns-what-permissions-for-sse) (`sns:Publish`, `kms:Decrypt`, `kms:GenerateKeyData*`). ### Description of changes I used the SQS queue implementation as a reference, since it's configured similarly, etc. * Have `Topic#grantPublish` grant `kms:Decrypt` + `kms:GenerateKeyData*` * This is least-privilege, but slightly inconsistent with SQS queues, which [need these same actions](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-key-management.html) and use `grantEncryptDecrypt` (but I have no preference -- just let me know what's best) * Exposes `masterKey` as a property of `ITopic` so callers can access it after creation * Enables [this](#16271 (comment)), for example, and in general makes it consistent with SQS queues ### Describe any new or updated permissions being added (Discussed above) ### Description of how you validated changes * Unit/integration tests * `yarn integ test/aws-sns/test/integ.sns.js --update-on-failed` ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) Closes #33380 ### Reason for this change ECS cluster doesn't support encrypting managed storage ### Description of changes `managedStorageConfiguration` support encrypting managed storage ### Description of how you validated changes Unit + Integ ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Reason for this change Current shebang in `link_all.sh` is `!#/bin/bash`, which does not work if the `bash` binary is not present in `/bin` (such is the case on e.g. NixOS). ### Description of changes Change the sheband to `!#/usr/bin/env bash`, so that bash is executed from wherever it's present, not necessarily `/bin/bash`. ### Description of how you validated changes The current script fails on NixOS for me. The script with the updated shebang suceeds. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ipe data (#33546) ### Issue # (if applicable) Closes #31453 ### Reason for this change AWS Pipes supports for encrypting data by customer managed KMS key instead of Amazon managed key. https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-encryption-pipes-cmkey.html The L2 Pipe construct does not support this feature now. ### Description of changes - Add `kmsKey` prop to `PipeProps` - ### Describe any new or updated permissions being added - Add KMS key policy which enables pipes to access to the key. https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-encryption-key-policy.html#eb-encryption-key-policy-pipe ### Description of how you validated changes Add both unit and integ tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…rrectly (#33609) ### Issue # (if applicable) Closes #33510 ### Reason for this change A previous change ([PR33305](#33305)) removed the `IdentityPoolRoleAttachment` L2 construct, which also changed the creation logic of the default role attachment in the `IdentityPool` L2. This not only triggered redeployments, but did not allow for redeployment at all, as the new role attachment (with a different resource hash) was trying to be created before the old one was removed. This led to failed deployments, as only one role attachment can exist per identity pool. ### Description of changes Brought back the `IdentityPoolRoleAttachment` L2 logic to prevent redeployment for customers using CDK `<v2.179.0`. However, the construct is now no longer being exported, which preserves the original intention of preventing confusion about using this resource. ### Describe any new or updated permissions being added N/A ### Description of how you validated changes `yarn test && yarn integ test/integ.identitypool.js --update-on-failed` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) **BREAKING CHANGE**: Any `IdentityPool` resources deployed in versions `>=2.179.0` will now fail to deploy. You will need to delete the `IdentityPoolRoleAttachment` from your stack via the console before redeploying. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ageVersion in ManagedComputeEnvironmentProps. (#33594) ### Issue # (if applicable) Closes #33582. ### Reason for this change Documentation string for `updateToLatestImageVersion` in `ManagedComputeEnvironmentProps` was incorrect w.r.t. changes introduced in [diff](https://github.com/aws/aws-cdk/pull/27059/files#diff-7ae09067a7ce8a58d494da3c01be13161be021e9cdb96008221d6e16cd0366b3). ### Description of changes Corrected the documentation string for `updateToLatestImageVersion` in `ManagedComputeEnvironmentProps`. (taken from [IManagedComputeEnvironment](https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-batch/lib/managed-compute-environment.ts#L97-L99)) ### Describe any new or updated permissions being added N/A ### Description of how you validated changes N/A (simple documentation fix) ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) Closes #33347. ### Reason for this change The fargate cluster deletion issue is because the cluster admin access entry is deleted before deleting `KubernetesPatch`. Since deleting `KubernetesPatch` requires applying a restore patch to the cluster, it will still need the cluster access. In this case, because the access entry is deleted, kubectl provider won't be able to apply the patch to the cluster anymore. ### Description of changes add an explicit dependency from patch to the access entry so the patch will only be deleted after the access entry ### Description of how you validated changes unit tests/integration tests ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Reason for this change Updating to v40 of `@aws-cdk/cloud-assembly-schema` to support the new CloudControl Context Provider. ### Description of changes Updated `@aws-cdk/cloud-assembly-schema` and `cdk-assets` to latest versions. ### Describe any new or updated permissions being added n/a ### Description of how you validated changes existing tests ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Unbound method calls using `this` are likely to have unintended effects.
Here is an example with static methods, but the same thing applies to object methods:
```ts
class Class {
public static staticMethod() {
this.otherStaticMethod()
}
public static otherStaticMethod() { }
}
// ✅ valid
Class.staticMethod();
// ❌ boom
const x = Class.staticMethod;
x();
```
When assigning a method to a variable, you need to take extra care and this linter rule is going to remind you.
This rule also catches a lot of cases were we meant to call a function but accidentally didn't:
```ts
// Actual examples of unintentional code in our code base
list.map(x => x.toString).join(', ')
expect(x).toBeTruthy
```
----
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) Closes #33621 ### Reason for this change ### Description of changes ### Describe any new or updated permissions being added ### Description of how you validated changes ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Reason for this change #33291 This PR incorrectly updates integration test snapshots without introducing new feature flags. This is causing some issues with local integration test because in local, we expect new feature flag to be default off while in CI, it's expected to be default to true. ### Description of changes Revert back snapshot changes ### Describe any new or updated permissions being added N/A ### Description of how you validated changes Tests pass ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Reason for this change lambda DotNet 9 runtime support. ### Description of changes [runtimes](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html) ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ables (#33587) ### Issue # (if applicable) Closes #<issue number here>. This update improves the AWS Lambda component documentation in AWS CDK by recommending a single source of truth for environment variables. It addresses potential inconsistencies when defining environment variables separately in function code and infrastructure code, which can lead to mismatches during deployments. ### Reason for this change When updating a Lambda function in AWS CDK, CloudFormation applies configuration updates before code updates, which can temporarily cause environment variables to be removed or changed before the new function code is deployed. If the function executes during this period, it may fail due to missing or outdated environment variables. Defining environment variables in a single source of truth helps minimize inconsistencies and reduces the risk of deployment errors. ### Description of changes - Expanded documentation to emphasize defining environment variables centrally. - Clarified best practices for referencing environment variables in both the handler and infrastructure code. - Provided a recommendation to define environment variables in env.ts and reference them consistently. ### Describe any new or updated permissions being added ### Description of how you validated changes The updated recommendations were tested with a standard AWS CDK deployment to confirm that environment variables remain consistent across Lambda function executions. Ensured that the proposed approach aligns with AWS CDK’s best practices for maintainability and type safety. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) Closes #33295 ### Reason for this change SpecRestApi support `endpointConfiguration` ### Description of changes Move endpointConfiguration to RestApiBaseProps ### Description of how you validated changes Unit + integ ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Reason for this change Improved assertion tests for newly added AppSync Event API + Channel namespace constructs. Improved documentation to show no channel namespace is created by default, one must be explicitly defined. ### Description of changes * Added assertions to the following integration tests: * `integ.appsync-event-api.ts` * `integ.appsync-eventapi-api-key-auth.ts` * `integ.appsync-eventapi-cognito-auth.ts` * `integ.appsync-eventapi-grants.ts` * `integ.appsync-eventapi-iam-auth.ts` * `integ.appsync-eventapi-lambda-auth.ts` To validate Cognito authorization, I needed to include the following package `@aws-sdk/client-cognito-identity-provider` which is why `yarn.lock` is updated in this PR. - Added channel namespace usage to all Event API examples in `README.md`. ### Describe any new or updated permissions being added N/A ### Description of how you validated changes Integration tests all run successfully with passed assertion tests. ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Automated changes by [create-pull-request](https://github.com/peter-evans/create-pull-request) GitHub action
### Issue # (if applicable) Closes #<issue number here>. ### Reason for this change The Kinesis Firehose module is now stabilized, need to update package imports accordingly. ### Description of changes Fix import paths for Kinesis Firehose target ### Describe any new or updated permissions being added n/a ### Description of how you validated changes Updated integration test ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…mplate and fromCfnAssessmentTemplate() (#33614) ### Issue # (if applicable) Closes #<issue number here>. ### Reason for this change As part of effort to stabilize `scheduler-targets-alpha` module, the Inspector start assessment run target currently uses the L1 `CfnAssessmentTemplate` as the target. Using the L1 as a target goes against our general design guidelines for CDK L2s so we need an intermediary solution. Separate PR to follow to update the scheduler target API. ### Description of changes - L2 interface `IAssessmentTemplate` which contains the ARN attribute - New class containing a static method to allow users to pass in L1 but returns L2 interface for usage with functions that expect L2 ### Describe any new or updated permissions being added n/a ### Description of how you validated changes Added unit tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…33653) ### Description of changes backfill missing enums for kinesisfirehose ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact) from 8 to 9. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dawidd6/action-download-artifact/releases">dawidd6/action-download-artifact's releases</a>.</em></p> <blockquote> <h2>v9</h2> <h2>What's Changed</h2> <ul> <li>add merge_multiple option by <a href="https://github.com/timostroehlein"><code>@timostroehlein</code></a> in <a href="https://redirect.github.com/dawidd6/action-download-artifact/pull/327">dawidd6/action-download-artifact#327</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/timostroehlein"><code>@timostroehlein</code></a> made their first contribution in <a href="https://redirect.github.com/dawidd6/action-download-artifact/pull/327">dawidd6/action-download-artifact#327</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/dawidd6/action-download-artifact/compare/v8...v9">https://github.com/dawidd6/action-download-artifact/compare/v8...v9</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/dawidd6/action-download-artifact/commit/07ab29fd4a977ae4d2b275087cf67563dfdf0295"><code>07ab29f</code></a> add merge_multiple option (<a href="https://redirect.github.com/dawidd6/action-download-artifact/issues/327">#327</a>)</li> <li>See full diff in <a href="https://github.com/dawidd6/action-download-artifact/compare/v8...v9">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec`
**L1 CloudFormation resource definition changes:**
```
├[~] service aws-apigateway
│ └ resources
│ └[~] resource AWS::ApiGateway::RestApi
│ └ properties
│ └ Parameters: - Map<string, string> | string ⇐ Map<string, string>
│ + Map<string, string>
├[~] service aws-batch
│ └ resources
│ ├[+] resource AWS::Batch::ConsumableResource
│ │ ├ name: ConsumableResource
│ │ │ cloudFormationType: AWS::Batch::ConsumableResource
│ │ │ documentation: Creates an AWS Batch consumable resource.
│ │ │ tagInformation: {"tagPropertyName":"Tags","variant":"map"}
│ │ ├ properties
│ │ │ ├ ConsumableResourceName: string (immutable)
│ │ │ ├ TotalQuantity: integer (required)
│ │ │ ├ ResourceType: string (required, immutable)
│ │ │ └ Tags: Map<string, string> (immutable)
│ │ └ attributes
│ │ ├ ConsumableResourceArn: string
│ │ ├ CreatedAt: integer
│ │ ├ InUseQuantity: integer
│ │ └ AvailableQuantity: integer
│ └[~] resource AWS::Batch::JobDefinition
│ ├ properties
│ │ └[+] ConsumableResourceProperties: ConsumableResourceProperties
│ └ types
│ ├[+] type ConsumableResourceProperties
│ │ ├ documentation: Contains a list of consumable resources required by a job.
│ │ │ name: ConsumableResourceProperties
│ │ └ properties
│ │ └ ConsumableResourceList: Array<ConsumableResourceRequirement> (required)
│ ├[+] type ConsumableResourceRequirement
│ │ ├ documentation: Information about a consumable resource required to run a job.
│ │ │ name: ConsumableResourceRequirement
│ │ └ properties
│ │ ├ ConsumableResource: string (required)
│ │ └ Quantity: integer (required)
│ └[~] type NodeRangeProperty
│ └ properties
│ └[+] ConsumableResourceProperties: ConsumableResourceProperties
├[~] service aws-bedrock
│ └ resources
│ ├[~] resource AWS::Bedrock::Prompt
│ │ └ types
│ │ ├[+] type PromptMetadataEntry
│ │ │ ├ documentation: Contains a key-value pair that defines a metadata tag and value to attach to a prompt variant. For more information, see [Create a prompt using Prompt management](https://docs.aws.amazon.com/bedrock/latest/userguide/prompt-management-create.html) .
│ │ │ │ name: PromptMetadataEntry
│ │ │ └ properties
│ │ │ ├ Key: string (required)
│ │ │ └ Value: string (required)
│ │ └[~] type PromptVariant
│ │ └ properties
│ │ └[+] Metadata: Array<PromptMetadataEntry>
│ └[~] resource AWS::Bedrock::PromptVersion
│ └ types
│ ├[+] type PromptMetadataEntry
│ │ ├ documentation: Contains a key-value pair that defines a metadata tag and value to attach to a prompt variant. For more information, see [Create a prompt using Prompt management](https://docs.aws.amazon.com/bedrock/latest/userguide/prompt-management-create.html) .
│ │ │ name: PromptMetadataEntry
│ │ └ properties
│ │ ├ Key: string (required)
│ │ └ Value: string (required)
│ └[~] type PromptVariant
│ └ properties
│ └[+] Metadata: Array<PromptMetadataEntry>
├[~] service aws-cloudformation
│ └ resources
│ ├[~] resource AWS::CloudFormation::GuardHook
│ │ └ types
│ │ ├[+] type HookTarget
│ │ │ ├ documentation: Hook targets are the destination where hooks will be invoked against.
│ │ │ │ name: HookTarget
│ │ │ └ properties
│ │ │ ├ TargetName: string (required)
│ │ │ ├ Action: string (required)
│ │ │ └ InvocationPoint: string (required)
│ │ └[~] type TargetFilters
│ │ └ properties
│ │ └[+] Targets: Array<HookTarget> (required)
│ └[~] resource AWS::CloudFormation::LambdaHook
│ └ types
│ ├[+] type HookTarget
│ │ ├ documentation: Hook targets are the destination where hooks will be invoked against.
│ │ │ name: HookTarget
│ │ └ properties
│ │ ├ TargetName: string (required)
│ │ ├ Action: string (required)
│ │ └ InvocationPoint: string (required)
│ └[~] type TargetFilters
│ └ properties
│ └[+] Targets: Array<HookTarget> (required)
├[~] service aws-cloudfront
│ └ resources
│ └[~] resource AWS::CloudFront::Distribution
│ └ types
│ └[~] type Origin
│ └ - documentation: An origin.
│ An origin is the location where content is stored, and from which CloudFront gets content to serve to viewers. To specify an origin:
│ - Use `S3OriginConfig` to specify an Amazon S3 bucket that is not configured with static website hosting.
│ - Use `CustomOriginConfig` to specify all other kinds of origins, including:
│ - An Amazon S3 bucket that is configured with static website hosting
│ - An Elastic Load Balancing load balancer
│ - An AWS Elemental MediaPackage endpoint
│ - An AWS Elemental MediaStore container
│ - Any other HTTP server, running on an Amazon EC2 instance or any other kind of host
│ For the current maximum number of origins that you can specify per distribution, see [General Quotas on Web Distributions](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html#limits-web-distributions) in the *Amazon CloudFront Developer Guide* (quotas were formerly referred to as limits).
│ + documentation: An origin.
│ An origin is the location where content is stored, and from which CloudFront gets content to serve to viewers. To specify an origin:
│ - Use `S3OriginConfig` to specify an Amazon S3 bucket that is not configured with static website hosting.
│ - Use `VpcOriginConfig` to specify a VPC origin.
│ - Use `CustomOriginConfig` to specify all other kinds of origins, including:
│ - An Amazon S3 bucket that is configured with static website hosting
│ - An Elastic Load Balancing load balancer
│ - An AWS Elemental MediaPackage endpoint
│ - An AWS Elemental MediaStore container
│ - Any other HTTP server, running on an Amazon EC2 instance or any other kind of host
│ For the current maximum number of origins that you can specify per distribution, see [General Quotas on Web Distributions](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html#limits-web-distributions) in the *Amazon CloudFront Developer Guide* (quotas were formerly referred to as limits).
├[~] service aws-cloudtrail
│ └ resources
│ └[~] resource AWS::CloudTrail::Trail
│ └ properties
│ └ SnsTopicName: (documentation changed)
├[~] service aws-databrew
│ └ resources
│ └[~] resource AWS::DataBrew::Recipe
│ └ types
│ └[~] type Action
│ └ properties
│ └ Parameters: - RecipeParameters | Map<string, string> ⇐ Map<string, string>
│ + Map<string, string>
├[~] service aws-datazone
│ └ resources
│ └[~] resource AWS::DataZone::Domain
│ └ properties
│ ├[+] DomainVersion: string (immutable)
│ └[+] ServiceRole: string
├[~] service aws-ec2
│ └ resources
│ ├[~] resource AWS::EC2::IPAM
│ │ ├ properties
│ │ │ └ DefaultResourceDiscoveryOrganizationalUnitExclusions: (documentation changed)
│ │ └ types
│ │ └[~] type IpamOrganizationalUnitExclusion
│ │ └ - documentation: If your IPAM is integrated with AWS Organizations and you add an organizational unit (OU) exclusion, IPAM will not manage the IP addresses in accounts in that OU exclusion.
│ │ + documentation: If your IPAM is integrated with AWS Organizations, you can exclude an [organizational unit (OU)](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#organizationalunit) from being managed by IPAM. When you exclude an OU, IPAM will not manage the IP addresses in accounts in that OU. For more information, see [Exclude organizational units from IPAM](https://docs.aws.amazon.com/vpc/latest/ipam/exclude-ous.html) in the *Amazon Virtual Private Cloud IP Address Manager User Guide* .
│ └[~] resource AWS::EC2::IPAMResourceDiscovery
│ ├ properties
│ │ └ OrganizationalUnitExclusions: (documentation changed)
│ └ types
│ └[~] type IpamResourceDiscoveryOrganizationalUnitExclusion
│ ├ - documentation: If your IPAM is integrated with AWS Organizations and you add an organizational unit (OU) exclusion, IPAM will not manage the IP addresses in accounts in that OU exclusion.
│ │ + documentation: If your IPAM is integrated with AWS Organizations, you can exclude an [organizational unit (OU)](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#organizationalunit) from being managed by IPAM. When you exclude an OU, IPAM will not manage the IP addresses in accounts in that OU. For more information, see [Exclude organizational units from IPAM](https://docs.aws.amazon.com/vpc/latest/ipam/exclude-ous.html) in the *Amazon Virtual Private Cloud IP Address Manager User Guide* .
│ └ properties
│ └ OrganizationsEntityPath: (documentation changed)
├[~] service aws-ecr
│ └ resources
│ └[~] resource AWS::ECR::RepositoryCreationTemplate
│ └ properties
│ └ RepositoryPolicy: (documentation changed)
├[~] service aws-guardduty
│ └ resources
│ ├[~] resource AWS::GuardDuty::MalwareProtectionPlan
│ │ └ types
│ │ └[~] type CFNStatusReasons
│ │ └ properties
│ │ └ Message: (documentation changed)
│ └[~] resource AWS::GuardDuty::PublishingDestination
│ ├ - documentation: Resource Type definition for AWS::GuardDuty::PublishingDestination
│ │ + documentation: Creates a publishing destination where you can export your GuardDuty findings. Before you start exporting the findings, the destination resource must exist.
│ │ For more information about considerations and permissions, see [Exporting GuardDuty findings to Amazon S3 buckets](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_exportfindings.html) in the *Amazon GuardDuty User Guide* .
│ ├ properties
│ │ ├ DestinationProperties: (documentation changed)
│ │ ├ DestinationType: (documentation changed)
│ │ ├ DetectorId: (documentation changed)
│ │ └ Tags: (documentation changed)
│ └ types
│ ├[~] type CFNDestinationProperties
│ │ ├ - documentation: undefined
│ │ │ + documentation: Contains the Amazon Resource Name (ARN) of the resource that receives the published findings, such as an S3 bucket, and the ARN of the KMS key that is used to encrypt these published findings.
│ │ └ properties
│ │ └ DestinationArn: (documentation changed)
│ └[~] type TagItem
│ ├ - documentation: undefined
│ │ + documentation: Describes a tag.
│ └ properties
│ ├ Key: (documentation changed)
│ └ Value: (documentation changed)
├[~] service aws-iotsitewise
│ └ resources
│ └[~] resource AWS::IoTSiteWise::Gateway
│ └ types
│ └[~] type GatewayPlatform
│ └ properties
│ └ Greengrass: (documentation changed)
├[~] service aws-lambda
│ └ resources
│ └[~] resource AWS::Lambda::Function
│ └ properties
│ └ PackageType: - string
│ + string (immutable)
├[~] service aws-mediapackagev2
│ └ resources
│ └[~] resource AWS::MediaPackageV2::Channel
│ ├ properties
│ │ ├ InputSwitchConfiguration: (documentation changed)
│ │ └ OutputHeaderConfiguration: (documentation changed)
│ └ types
│ ├[~] type InputSwitchConfiguration
│ │ ├ - documentation: <p>The configuration for input switching based on the media quality confidence score (MQCS) as provided from AWS Elemental MediaLive.</p>
│ │ │ + documentation: The configuration for input switching based on the media quality confidence score (MQCS) as provided from AWS Elemental MediaLive.
│ │ └ properties
│ │ └ MQCSInputSwitching: (documentation changed)
│ └[~] type OutputHeaderConfiguration
│ ├ - documentation: <p>The settings for what common media server data (CMSD) headers AWS Elemental MediaPackage includes in responses to the CDN.</p>
│ │ + documentation: The settings for what common media server data (CMSD) headers AWS Elemental MediaPackage includes in responses to the CDN.
│ └ properties
│ └ PublishMQCS: (documentation changed)
├[~] service aws-nimblestudio
│ └ resources
│ ├[~] resource AWS::NimbleStudio::LaunchProfile
│ │ └ - tagInformation: {"tagPropertyName":"Tags","variant":"map"}
│ │ + tagInformation: undefined
│ ├[~] resource AWS::NimbleStudio::StreamingImage
│ │ └ - tagInformation: {"tagPropertyName":"Tags","variant":"map"}
│ │ + tagInformation: undefined
│ └[~] resource AWS::NimbleStudio::StudioComponent
│ └ - tagInformation: {"tagPropertyName":"Tags","variant":"map"}
│ + tagInformation: undefined
├[~] service aws-pcaconnectorad
│ └ resources
│ └[~] resource AWS::PCAConnectorAD::Connector
│ └ types
│ └[~] type VpcInformation
│ └ properties
│ └[+] IpAddressType: string
├[~] service aws-pipes
│ └ resources
│ └[~] resource AWS::Pipes::Pipe
│ └ types
│ └[~] type PipeTargetCloudWatchLogsParameters
│ └ properties
│ └ Timestamp: (documentation changed)
├[~] service aws-quicksight
│ └ resources
│ ├[~] resource AWS::QuickSight::Analysis
│ │ └ types
│ │ ├[~] type GeospatialLayerMapConfiguration
│ │ │ └ properties
│ │ │ └ Interactions: - json
│ │ │ + VisualInteractionOptions
│ │ ├[~] type GeospatialMapConfiguration
│ │ │ └ properties
│ │ │ └ Interactions: - json
│ │ │ + VisualInteractionOptions
│ │ ├[~] type ImageMenuOption
│ │ │ └ properties
│ │ │ └ AvailabilityStatus: - json
│ │ │ + string
│ │ ├[~] type Sheet
│ │ │ └ properties
│ │ │ └[-] Images: Array<SheetImage>
│ │ └[+] type VisualInteractionOptions
│ │ ├ documentation: The general visual interactions setup for visual publish options
│ │ │ name: VisualInteractionOptions
│ │ └ properties
│ │ ├ ContextMenuOption: json
│ │ └ VisualMenuOption: json
│ ├[~] resource AWS::QuickSight::Dashboard
│ │ └ types
│ │ ├[~] type DashboardPublishOptions
│ │ │ └ properties
│ │ │ └ VisualMenuOption: - json ⇐ VisualMenuOption
│ │ │ + VisualMenuOption
│ │ ├[~] type GeospatialLayerMapConfiguration
│ │ │ └ properties
│ │ │ └ Interactions: - json
│ │ │ + VisualInteractionOptions
│ │ ├[~] type GeospatialMapConfiguration
│ │ │ └ properties
│ │ │ └ Interactions: - json
│ │ │ + VisualInteractionOptions
│ │ ├[~] type Sheet
│ │ │ └ properties
│ │ │ └[-] Images: Array<SheetImage>
│ │ ├[+] type VisualInteractionOptions
│ │ │ ├ documentation: The general visual interactions setup for visual publish options
│ │ │ │ name: VisualInteractionOptions
│ │ │ └ properties
│ │ │ ├ ContextMenuOption: json
│ │ │ └ VisualMenuOption: VisualMenuOption
│ │ └[~] type VisualMenuOption
│ │ ├ - documentation: undefined
│ │ │ + documentation: The menu options for a visual.
│ │ └ properties
│ │ └ AvailabilityStatus: (documentation changed)
│ └[~] resource AWS::QuickSight::Template
│ └ types
│ ├[~] type ImageMenuOption
│ │ └ properties
│ │ └ AvailabilityStatus: - json
│ │ + string
│ └[~] type Sheet
│ └ properties
│ └[-] Images: Array<SheetImage>
├[~] service aws-rds
│ └ resources
│ └[~] resource AWS::RDS::DBCluster
│ └ properties
│ └ DatabaseInsightsMode: (documentation changed)
├[~] service aws-sagemaker
│ └ resources
│ ├[~] resource AWS::SageMaker::Cluster
│ │ ├ properties
│ │ │ └ InstanceGroups: (documentation changed)
│ │ └ types
│ │ └[~] type ClusterInstanceGroup
│ │ └ properties
│ │ └ OverrideVpcConfig: (documentation changed)
│ ├[~] resource AWS::SageMaker::Domain
│ │ └ types
│ │ └[~] type KernelGatewayAppSettings
│ │ └ properties
│ │ └ CustomImages: (documentation changed)
│ ├[~] resource AWS::SageMaker::EndpointConfig
│ │ └ types
│ │ └[~] type ProductionVariant
│ │ └ properties
│ │ └[+] InferenceAmiVersion: string
│ ├[~] resource AWS::SageMaker::ModelPackage
│ │ ├ - documentation: A versioned model that can be deployed for SageMaker inference.
│ │ │ + documentation: A container for your trained model that can be deployed for SageMaker inference. This can include inference code, artifacts, and metadata. The model package type can be one of the following.
│ │ │ - Versioned model: A part of a model package group in Model Registry.
│ │ │ - Unversioned model: Not part of a model package group and used in AWS Marketplace.
│ │ │ For more information, see [`CreateModelPackage`](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateModelPackage.html) .
│ │ └ properties
│ │ └ ModelPackageName: (documentation changed)
│ ├[~] resource AWS::SageMaker::ModelPackageGroup
│ │ └ - documentation: A group of versioned models in the model registry.
│ │ + documentation: A group of versioned models in the Model Registry.
│ ├[~] resource AWS::SageMaker::Space
│ │ └ types
│ │ └[~] type KernelGatewayAppSettings
│ │ └ properties
│ │ └ CustomImages: (documentation changed)
│ └[~] resource AWS::SageMaker::UserProfile
│ └ types
│ └[~] type KernelGatewayAppSettings
│ └ properties
│ └ CustomImages: (documentation changed)
├[~] service aws-sam
│ └ resources
│ └[~] resource AWS::Serverless::Function
│ └ types
│ └[~] type ApiEvent
│ └ properties
│ └ RequestParameters: - Array<string | Map<string, RequestParameter>> ⇐ Array<string | RequestParameter> (immutable)
│ + Array<string | RequestParameter> (immutable)
├[~] service aws-vpclattice
│ └ resources
│ └[~] resource AWS::VpcLattice::ResourceConfiguration
│ └ types
│ ├[+] type DnsResource
│ │ ├ documentation: The domain name of the resource configuration.
│ │ │ name: DnsResource
│ │ └ properties
│ │ ├ IpAddressType: string (required)
│ │ └ DomainName: string (required)
│ └[~] type ResourceConfigurationDefinition
│ └ properties
│ ├[+] ArnResource: string
│ ├[+] DnsResource: DnsResource
│ └ IpResource: - string (required)
│ + string
├[~] service aws-wafv2
│ └ resources
│ ├[~] resource AWS::WAFv2::RuleGroup
│ │ └ types
│ │ ├[~] type FieldToMatch
│ │ │ └ properties
│ │ │ └[+] JA4Fingerprint: JA4Fingerprint
│ │ ├[+] type JA4Fingerprint
│ │ │ ├ documentation: Includes the JA4 fingerprint of a web request.
│ │ │ │ name: JA4Fingerprint
│ │ │ └ properties
│ │ │ └ FallbackBehavior: string (required)
│ │ ├[~] type RateBasedStatementCustomKey
│ │ │ └ properties
│ │ │ ├[+] JA3Fingerprint: RateLimitJA3Fingerprint
│ │ │ └[+] JA4Fingerprint: RateLimitJA4Fingerprint
│ │ ├[+] type RateLimitJA3Fingerprint
│ │ │ ├ documentation: Specifies the request's JA3 fingerprint as an aggregate key for a rate-based rule.
│ │ │ │ name: RateLimitJA3Fingerprint
│ │ │ └ properties
│ │ │ └ FallbackBehavior: string (required)
│ │ └[+] type RateLimitJA4Fingerprint
│ │ ├ documentation: Specifies the request's JA4 fingerprint as an aggregate key for a rate-based rule.
│ │ │ name: RateLimitJA4Fingerprint
│ │ └ properties
│ │ └ FallbackBehavior: string (required)
│ └[~] resource AWS::WAFv2::WebACL
│ └ types
│ ├[~] type FieldToMatch
│ │ └ properties
│ │ └[+] JA4Fingerprint: JA4Fingerprint
│ ├[+] type JA4Fingerprint
│ │ ├ documentation: Includes the JA4 fingerprint of a web request.
│ │ │ name: JA4Fingerprint
│ │ └ properties
│ │ └ FallbackBehavior: string (required)
│ ├[~] type RateBasedStatementCustomKey
│ │ └ properties
│ │ ├[+] JA3Fingerprint: RateLimitJA3Fingerprint
│ │ └[+] JA4Fingerprint: RateLimitJA4Fingerprint
│ ├[+] type RateLimitJA3Fingerprint
│ │ ├ documentation: Specifies the request's JA3 fingerprint as an aggregate key for a rate-based rule.
│ │ │ name: RateLimitJA3Fingerprint
│ │ └ properties
│ │ └ FallbackBehavior: string (required)
│ └[+] type RateLimitJA4Fingerprint
│ ├ documentation: Specifies the request's JA4 fingerprint as an aggregate key for a rate-based rule.
│ │ name: RateLimitJA4Fingerprint
│ └ properties
│ └ FallbackBehavior: string (required)
├[~] service aws-wisdom
│ └ resources
│ ├[~] resource AWS::Wisdom::AIAgent
│ │ └ types
│ │ ├[~] type AIAgentConfiguration
│ │ │ └ properties
│ │ │ └[-] SessionSummarizationAIAgentConfiguration: SessionSummarizationAIAgentConfiguration
│ │ └[-] type SessionSummarizationAIAgentConfiguration
│ │ ├ name: SessionSummarizationAIAgentConfiguration
│ │ └ properties
│ │ ├ SessionSummarizationAIPromptId: string
│ │ └ Locale: string
│ └[~] resource AWS::Wisdom::AIPrompt
│ └ properties
│ └ ModelId: (documentation changed)
├[~] service aws-workspacesthinclient
│ └ resources
│ └[~] resource AWS::WorkSpacesThinClient::Environment
│ └ properties
│ └ DesktopArn: (documentation changed)
└[~] service aws-workspacesweb
└ resources
└[~] resource AWS::WorkSpacesWeb::UserSettings
├ properties
│ └[+] ToolbarConfiguration: ToolbarConfiguration
└ types
└[+] type ToolbarConfiguration
├ documentation: The configuration of the toolbar. This allows administrators to select the toolbar type and visual mode, set maximum display resolution for sessions, and choose which items are visible to end users during their sessions. If administrators do not modify these settings, end users retain control over their toolbar preferences.
│ name: ToolbarConfiguration
└ properties
├ ToolbarType: string
├ VisualMode: string
├ HiddenToolbarItems: Array<string>
└ MaxDisplayResolution: string
```
### Reason for this change
Sometimes you want to correlate how cloudformation resources correlate to each other.
CDK synthesizes the template expectedly with `Ref` and `Fn:GetAtt`.
Currently you'll have to do something like this to verify that a bucketpolicy is attached to the correct bucket:
```ts
const resources = template.findResources('AWS::S3::Bucket', {
Properties: {
BucketName: 'my-bucket',
}
})
const keys = Object.keys(resources)
if (keys.length === 0) {
throw new Error('Resource not found.')
}
if (keys.length !== 1) {
throw new Error('Resource is not unique.')
}
const bucket = keys[0]
template.hasResourceProperties('AWS::S3::BucketPolicy', {
Bucket: {
Ref: bucket,
},
// ....
})
```
### Description of changes
Added method `getResourceId` on `Template` to retrieve a distinct match's resource id.
```ts
// throws AssertionError on none or multiple matches
const bucket = template.getResourceId('AWS::S3::Bucket', {
Properties: {
BucketName: 'my-bucket',
}
})
template.hasResourceProperties('AWS::S3::BucketPolicy', {
Bucket: {
Ref: bucket,
},
// ....
})
```
### Description of how you validated changes
Unit tests. Integration tests not applicable.
### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)
----
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ture flag) (#33360) ### Issue # (if applicable) Closes #33355. ### Reason for this change We cannot deploy multiple source buckets for object replication due to the explicitly set replication role name. ### Description of changes Set replication role name by `PhysicalName.GENERATE_IF_NEEDED`. ### Describe any new or updated permissions being added None ### Description of how you validated changes Update both unit and integ test. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue #32906 Closes #32906. ### Reason for this change When I implemented `bun` support, I accidentally used `--frozen-lockfile`, which caused issues when the lockfile contained additional entries other than what's being bundled in the docker container. The issue has a small repro-case. ### Description of changes I removed the `--frozen-lockfile` flag, which resolved the problem. ### Describe any new or updated permissions being added N/A ### Description of how you validated changes I added an additional package to the `bun.lockb` file in the integration test. This caused the issue to occur in the test suite. Once I made the changes in this PR, the test started passing again. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…:UnknownIdentifier warnings (#33591) (#33592) ### Issue # (if applicable) Closes #33591 ### Reason for this change * The validation is causing false-positive warning messages when using partial identifiers on CloudWatch Metric expressions supporting them. ### Description of changes * Update the condition to generate the warning message in order to prevent false-positives when one of the special keywords is used. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…33674) ### Issue # (if applicable) ### Reason for this change There are no VPC endpoints for Amazon Bedrock Data Automation so I added. Ref: https://aws.amazon.com/about-aws/whats-new/2024/12/amazon-bedrock-data-automation-available-preview/ ```bash % aws ec2 describe-vpc-endpoint-services --filters "Name=service-name,Values=*data-automation*" --region us-east-1 --query "ServiceNames[]" [ "com.amazonaws.us-east-1.bedrock-data-automation", "com.amazonaws.us-east-1.bedrock-data-automation-fips", "com.amazonaws.us-east-1.bedrock-data-automation-runtime", "com.amazonaws.us-east-1.bedrock-data-automation-runtime-fips" ] ``` ### Description of changes ### Describe any new or updated permissions being added ### Description of how you validated changes ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) Closes #32553. ### Reason for this change #32553. Recently as a part of coordinator node project we introduced a new parameter called NodeOptions, currently its part of L1 construct but we wanted it to be part of L2 construct and that is why raising this PR. ### Description of changes The code is very much similar to - #28497 and follows all standard practices in the repository. ### Describe any new or updated permissions being added N/A ### Description of how you validated changes Unit tests - ``` > yarn test aws-opensearchservice yarn run v1.22.22 $ jest aws-opensearchservice PASS aws-opensearchservice/test/log-group-resource-policy.test.ts PASS aws-opensearchservice/test/opensearch-access-policy.test.ts PASS aws-opensearchservice/test/domain.test.ts (5.687 s) =============================== Coverage summary =============================== Statements : 43.87% ( 9437/21508 ) Branches : 23.09% ( 2037/8820 ) Functions : 25.62% ( 1229/4796 ) Lines : 44.6% ( 9285/20816 ) ================================================================================ Jest: "global" coverage threshold for statements (55%) not met: 43.87% Jest: "global" coverage threshold for branches (35%) not met: 23.09% Test Suites: 3 passed, 3 total Tests: 1326 passed, 1326 total Snapshots: 0 total Time: 7.538 s ``` Integration Tests - ``` Running in parallel across regions: us-east-1, us-east-2, us-west-2 Running test /Users/dubesar/aws-cdk/packages/@aws-cdk-testing/framework-integ/test/aws-opensearchservice/test/integ.opensearch.nodeoptions.js in us-east-1 SUCCESS aws-opensearchservice/test/integ.opensearch.nodeoptions-OpenSearchInteg/DefaultTest 658.125s NO ASSERTIONS Test Results: Tests: 1 passed, 1 total ✨ Done in 659.62s. ``` Snapshots is also generated as a part of integration tests ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) YES ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…autoscaling (#33635) ### Description of changes backfill missing enums for applicationautoscaling ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Description of changes chore(amplify-alpha): backfill missing enums for amplify-alpha ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Description of changes backfill missing enums for fsx ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Description of changes backfill missing enums for eks-v2-alpha ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ger (#33638) ### Description of changes backfill missing enums for certificatemanager ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Description of changes backfill missing enums for ecr ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Description of changes backfill missing enums for s3 ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Description of changes Remove the auto-approve label being added to the L1 CFN resource definition update PR. We want to manually review this PR before merging it in for any potential breaking changes. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws-cdk-automation
added
auto-approve
pr/no-squash
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
paulhcsun
added
pr/do-not-merge
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
aws-cdk-automation
added
the
pr/needs-community-review
|
Thank you for contributing! Your pull request will be automatically updated and merged without squashing (do not update manually, and be sure to allow changes to be pushed to your fork). |
|
Comments on closed issues and PRs are hard for our team to see. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See CHANGELOG