chore(release): 2.124.0 #28889
Merged
chore(release): 2.124.0 #28889
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ISO regions (#28704) This PR addresses the issue where the SAML federation principal is hardcoded with URLs specific to standard AWS and China partitions, causing failures in GovCloud, Iso, and Iso-b partitions. The provided solution dynamically sets the SAML sign-on URL based on the partition. ```diff - 'SAML:aud': cdk.Aws.PARTITION==='aws-cn'? 'https://signin.amazonaws.cn/saml': 'https://signin.aws.amazon.com/saml', + 'SAML:aud': RegionInfo.get(samlProvider.stack.region).samlSignOnUrl ?? 'https://signin.aws.amazon.com/saml', ``` ```ts export const PARTITION_SAML_SIGN_ON_URL: Record<Partition, string> = { [Partition.Default]: 'https://signin.aws.amazon.com/saml', [Partition.Cn]: 'https://signin.amazonaws.cn/saml', [Partition.UsGov]: 'https://signin.amazonaws-us-gov.com/saml', [Partition.UsIso]: 'https://signin.c2shome.ic.gov/saml', [Partition.UsIsoB]: 'https://signin.sc2shome.sgov.gov/saml', }; ``` Closes #25723. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
In this PR, I have made the RecordSet compatible with latency-based routing.
You can set it by providing a Region name to the region argument.
```ts
new route53.ARecord(this, 'ARecord', {
zone: myZone,
target: route53.RecordTarget.fromIpAddresses('1.2.3.4'),
region: 'ap-northeast-1', // added
})
```
Closes #28722.
----
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
> # Issue > > When using `CfnInclude` it was not possible to have an intrinsic function in the `DeletionPolicy`. It only allowed the DeletionPolicy to be explicitly defined. > # Solution > > Check if policy looks like an intrinsic. Check if it is an explicitly defined DeletionPolicy. Then Default to a case that checks if this is an intrinsic if it is return the policy after using parseValue. Else throw the same error it was previously. > # Important Design Decisions > > Unsure if any have been made please let me know if there are any I didn't think were Important Design Decisions. > > Remember to follow the [CONTRIBUTING GUIDE] and [DESIGN GUIDELINES] for any > code you submit. > > [CONTRIBUTING GUIDE]: https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md > [DESIGN GUIDELINES]: https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md Closes #28292 . ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
CloudFormation now supports specifying [`KeyValueStoreAssocations`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-function-keyvaluestoreassociation.html) on a `AWS::CloudFront::Function`. This adds that support to the CDK. Even though the field is plural (in CloudFormation and the API), [a function can have one value store](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/kvs-with-functions-associate.html) so the implementation here tries to provide a nicer API around that. If a Key Value Store is specified, the function will default to `js-2.0` instead of `js-1.0`. Behavior for existing functions is retained. Additionally, an error is thrown if 1.0 is used. Closes #28377. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…me Lambda fail (under feature flag) (#28712) Multiple alarms with LambdaAction for the same Lambda fail, because of the same logical IDs for generated lambda permissions. ```ts alarmConcurrentLambdasMaximumReached.addAlarmAction(new awsCloudWatchActions.LambdaAction(lambda)); alarmRdsCpuUtilizationMaximumReached.addAlarmAction(new awsCloudWatchActions.LambdaAction(lambda)); ``` ``` throw new Error(`There is already a Construct with name '${childName}' in ${typeName}${name.length > 0 ? ' [' + name + ']' : ''}`); ^ Error: There is already a Construct with name 'AlarmPermission' in NodejsFunction [...] ``` Since the existing logical IDs would change, I implemented this with a feature flag. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
When I change the text in the "{##Verify Email##}" placeholder, e.g. to "{##verify your email##}", cdk synth and cdk deploy commands yield the error,
```
Error: Verification email body must contain the template string '{##Verify Email##}'
```
This is incorrect as that documentation states that this string may be customised.
https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-email-verification-message-customization.html
Help text in the AWS Cognito console reads:
You can customize this message with HTML. "Verify email" is the text that will be displayed over the clickable link in the message. You can customize the "Verify email" string, but the variable - some text enclosed by "{##" and "##}" - must be kept in the message.
Expected Behavior
Be able to change the emailBody property of a UserPool to include the placeholder of format, "{##Verify Your Email##}" with any custom string allowed by AWS Cognito.
Closes #23828
----
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Current situation: yarn integ allows to run a TS integ file CI doesn’t allow it, which caused confusing issues. What we want instead: Both local integ-runner and CI don’t allow it, so that this issue won’t happen again. To do this, we need to update integ-runner to disable running TS locally. Closes #<issue number here>. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Closes #28765. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
When creating an RDS proxy. If the Secrets Manager Secret that holds the credentials is encrypted with a KMS key, any registered ProxyTarget(s) will fail to connect as they lack access the secret as it requires the ability to `kms:Decrypt` using the Secret's encrypted key.
When this occurs the following can be observed in the DatabaseProxy logs but only when `debugLogging` is set `true`.
```
Credentials couldn't be retrieved. The IAM role "arn:aws:iam:::role/ProxyIAMRole2FE8AB0F" is not authorized to read the AWS Secrets Manager secret with the ARN "arn:aws:secretsmanager:::secret:SecretA720EF05"
```
Reproduction steps
```
const vpc = new Vpc(stack, 'Vpc');
const kmsKey = new Key(stack, 'Key');
const kmsEncryptedSecret = new secretsmanager.Secret(stack, 'Secret', {encryptionKey: kmsKey});
const cluster = new rds.DatabaseCluster(stack, 'Database', {
engine: rds.DatabaseClusterEngine.AURORA,
instanceProps: { vpc },
});
new rds.DatabaseProxy(stack, 'Proxy', {
proxyTarget: rds.ProxyTarget.fromCluster(cluster),
debugLogging: true,
vpc,
secrets: [kmsEncryptedSecret],
});
```
This is my first CDK PR, i've run the following:
```
yarn install
npx lerna run build --scope=aws-cdk-lib
cd packages/aws-cdk-lib
npx yarn test aws-rds
npx yarn lint aws-rds
npx yarn eslint --fix aws-rds/lib/proxy.ts aws-rds/test/proxy.test.ts
# Running integration tests
cd ../../
npx lerna run build --scope=@aws-cdk-testing/framework-integ
cd packages/@aws-cdk-testing/framework-integ
npx yarn integ test/aws-rds/test/*.js --update-on-failed
```
Closes #28850
----
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This PR supports the activation of [additional cloudfront distribution metrics](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/viewing-cloudfront-metrics.html#monitoring-console.distributions-additional). ```ts new cloudfront.Distribution(this, 'myDist', { defaultBehavior: { origin: new origins.HttpOrigin('www.example.com') }, publishAdditionalMetrics: true, // added }); ``` Closes #22922. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…`Wait` (#28830) I have a stack that installs and uninstalls helm charts, where the underlying resources use [Kubernetes Finalizers](https://kubernetes.io/docs/concepts/overview/working-with-objects/finalizers/). CDK's helm construct currently ignores `--wait`, which means that any object finalization in those helm charts is not respected in my dependency ordering. ## Compatibility I could see some debate around whether or not this is a breaking change. I'm currently viewing it as a bug fix. I'm a bit cautious about how valuable it would be to gate this behavior compared to the additional complexity. ## Testing Tested on a local fork and it worked like a charm Closes #28831 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
S3 server access logging newly supports date-based partitioning.
This feature allows key formats of log objects to be partitioned by date, which is useful when querying from Athena.
In CloudFormation, `TargetObjectKeyFormat` was added.
This object has the `PartitionedPrefix` and the `SimplePrefix` property, only one of which is allowed.
The `SimplePrefix` is the key format that originally existed.
The `PartitionedPrefix` is the new key format and allows the user to select either the event time or delivery time as the date source.
```yaml
Resources:
S3BucketServerAccessLogEnabledTest:
Type: AWS::S3::Bucket
Properties:
BucketName: access-log-test
LoggingConfiguration:
DestinationBucketName: myDestinationBucket
LogFilePrefix: 'hello'
TargetObjectKeyFormat:
# You can deploy in either of the following formats
SimplePrefix: {} # 1
PartitionedPrefix: {} # 2
PartitionedPrefix: # 3
PartitionDateSource: EventTime # | DeliveryTime
```
whats-new
https://aws.amazon.com/about-aws/whats-new/2023/11/amazon-s3-server-access-logging-date-partitioning
CloudFormation User Guides
https://docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-loggingconfiguration.html#cfn-s3-bucket-loggingconfiguration-targetobjectkeyformat
S3 User Guides
https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerLogs.html#server-access-logging-overview
Closes #28141
----
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ogging is enabled (#28707) This PR adds an option to suppress the creation of logs resource policy when logging is enabled. ### Description Currently, a CloudWatch Logs resource policy is created by default when the Domain logging is enabled. However, since only ten resource policies can be created per region, deploying multiple Domains may cause errors. The `tryRemoveChild` method can be used as a workaround to delete custom resources, but a better user experience is desirable. ```ts const domain = new opensearch.Domain(this, 'Domain', domainProps); const domainResource = domain.node.defaultChild as opensearch.CfnDomain; domainResource.addOverride('DependsOn', undefined); // remove dependency on the custom resource domain.node.children .filter(child => child instanceof AwsCustomResource) .forEach(value => domain.node.tryRemoveChild(value.node.id)); ``` So, I add an option to suppress the creation of resource policies. This option allows users to reuse a broader resource policy and successfully deploy several domains. https://docs.aws.amazon.com/opensearch-service/latest/developerguide/createdomain-configure-slow-logs.html#:~:text=Resource%22%3A%20%22cw_log_group_arn%3A*%22%7D%5D%7D%27-,Important,-CloudWatch%20Logs%20supports Closes #23637 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Update the enum ObjectOwnership docs to be more explicit. As mentioned [here](#28866) the documentation is not explicit but in S3 [documentation](https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) its explicit. We had discussed with Kaizen in [issue](#28866) before entering this PR/Issue. Closes #28866 . ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
TSDoc for `logGroup` is not being rendered properly due to the use of `<` and `>`. This affects Vscode:  And `aws-cdk-lib` docs as well: https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_lambda.Function.html#loggroup  Fixed by escaping `<` and `>` properly This is probably caused by `<` is interpreted as opening `JSX` tags by `MDX`. After fix:  ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec`
**L1 CloudFormation resource definition changes:**
```
├[~] service aws-autoscaling
│ └ resources
│ └[~] resource AWS::AutoScaling::AutoScalingGroup
│ └ types
│ └[~] type InstanceRequirements
│ └ properties
│ └[+] MaxSpotPriceAsPercentageOfOptimalOnDemandPrice: integer
├[~] service aws-batch
│ └ resources
│ └[~] resource AWS::Batch::JobDefinition
│ ├ properties
│ │ ├ ContainerProperties: - ContainerProperties (immutable)
│ │ │ + ContainerProperties
│ │ ├ EksProperties: - EksProperties (immutable)
│ │ │ + EksProperties
│ │ ├ NodeProperties: - NodeProperties (immutable)
│ │ │ + NodeProperties
│ │ ├ Parameters: - Map<string, string> ⇐ json (immutable)
│ │ │ + json
│ │ ├ PlatformCapabilities: - Array<string> (immutable)
│ │ │ + Array<string>
│ │ ├ PropagateTags: - boolean (immutable)
│ │ │ + boolean
│ │ ├ RetryStrategy: - RetryStrategy (immutable)
│ │ │ + RetryStrategy
│ │ ├ SchedulingPriority: - integer (immutable)
│ │ │ + integer
│ │ ├ Tags: - Map<string, string> ⇐ json (immutable)
│ │ │ + json (immutable)
│ │ ├ Timeout: - JobTimeout ⇐ Timeout (immutable)
│ │ │ + Timeout
│ │ └ Type: - string (required, immutable)
│ │ + string (required)
│ ├ attributes
│ │ ├[-] ContainerOrchestrationType: string
│ │ ├[+] Id: string
│ │ ├[-] JobDefinitionArn: string
│ │ ├[-] Revision: integer
│ │ └[-] Status: string
│ └ types
│ ├[~] type AuthorizationConfig
│ │ ├ - documentation: undefined
│ │ │ + documentation: The authorization configuration details for the Amazon EFS file system.
│ │ └ properties
│ │ ├ AccessPointId: (documentation changed)
│ │ └ Iam: (documentation changed)
│ ├[~] type ContainerProperties
│ │ └ properties
│ │ ├ MountPoints: - Array<MountPoint> ⇐ Array<MountPoints>
│ │ │ + Array<MountPoints>
│ │ └ Volumes: - Array<Volume> ⇐ Array<Volumes>
│ │ + Array<Volumes>
│ ├[-] type EFSAuthorizationConfig
│ │ ├ documentation: The authorization configuration details for the Amazon EFS file system.
│ │ │ name: EFSAuthorizationConfig
│ │ └ properties
│ │ ├AccessPointId: string
│ │ └Iam: string
│ ├[~] type EfsVolumeConfiguration
│ │ ├ - documentation: undefined
│ │ │ + documentation: This is used when you're using an Amazon Elastic File System file system for job storage. For more information, see [Amazon EFS Volumes](https://docs.aws.amazon.com/batch/latest/userguide/efs-volumes.html) in the *AWS Batch User Guide* .
│ │ └ properties
│ │ ├ AuthorizationConfig: (documentation changed)
│ │ ├ FileSystemId: (documentation changed)
│ │ ├ RootDirectory: (documentation changed)
│ │ ├ TransitEncryption: (documentation changed)
│ │ └ TransitEncryptionPort: (documentation changed)
│ ├[-] type EFSVolumeConfiguration
│ │ ├ documentation: This is used when you're using an Amazon Elastic File System file system for job storage. For more information, see [Amazon EFS Volumes](https://docs.aws.amazon.com/batch/latest/userguide/efs-volumes.html) in the *AWS Batch User Guide* .
│ │ │ name: EFSVolumeConfiguration
│ │ └ properties
│ │ ├FileSystemId: string (required)
│ │ ├RootDirectory: string
│ │ ├TransitEncryption: string
│ │ ├TransitEncryptionPort: integer
│ │ └AuthorizationConfig: EFSAuthorizationConfig
│ ├[-] type EksMetadata
│ │ ├ documentation: Describes and uniquely identifies Kubernetes resources. For example, the compute environment that a pod runs in or the `jobID` for a job running in the pod. For more information, see [Understanding Kubernetes Objects](https://docs.aws.amazon.com/https://kubernetes.io/docs/concepts/overview/working-with-objects/kubernetes-objects/) in the *Kubernetes documentation* .
│ │ │ name: EksMetadata
│ │ └ properties
│ │ └Labels: Map<string, string>
│ ├[-] type EksPodProperties
│ │ ├ documentation: The properties for the pod.
│ │ │ name: EksPodProperties
│ │ └ properties
│ │ ├ServiceAccountName: string
│ │ ├HostNetwork: boolean
│ │ ├DnsPolicy: string
│ │ ├Containers: Array<EksContainer>
│ │ ├Volumes: Array<EksVolume>
│ │ └Metadata: EksMetadata
│ ├[~] type EksProperties
│ │ └ properties
│ │ └ PodProperties: - EksPodProperties ⇐ PodProperties
│ │ + PodProperties
│ ├[-] type Host
│ │ ├ documentation: Determine whether your data volume persists on the host container instance and where it's stored. If this parameter is empty, then the Docker daemon assigns a host path for your data volume. However, the data isn't guaranteed to persist after the containers that are associated with it stop running.
│ │ │ name: Host
│ │ └ properties
│ │ └SourcePath: string
│ ├[-] type JobTimeout
│ │ ├ documentation: An object that represents a job timeout configuration.
│ │ │ name: JobTimeout
│ │ └ properties
│ │ └AttemptDurationSeconds: integer
│ ├[~] type LogConfiguration
│ │ └ properties
│ │ └ Options: - Map<string, string> ⇐ json
│ │ + json
│ ├[-] type MountPoint
│ │ ├ documentation: Details for a Docker volume mount point that's used in a job's container properties. This parameter maps to `Volumes` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.43/#tag/Container/operation/ContainerCreate) section of the *Docker Remote API* and the `--volume` option to docker run.
│ │ │ name: MountPoint
│ │ └ properties
│ │ ├ContainerPath: string
│ │ ├ReadOnly: boolean
│ │ └SourceVolume: string
│ ├[~] type MountPoints
│ │ ├ - documentation: undefined
│ │ │ + documentation: Details for a Docker volume mount point that's used in a job's container properties. This parameter maps to `Volumes` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.43/#tag/Container/operation/ContainerCreate) section of the *Docker Remote API* and the `--volume` option to docker run.
│ │ └ properties
│ │ ├ ContainerPath: (documentation changed)
│ │ ├ ReadOnly: (documentation changed)
│ │ └ SourceVolume: (documentation changed)
│ ├[~] type Resources
│ │ └ properties
│ │ ├ Limits: - Map<string, string> ⇐ json
│ │ │ + json
│ │ └ Requests: - Map<string, string> ⇐ json
│ │ + json
│ ├[~] type Timeout
│ │ ├ - documentation: undefined
│ │ │ + documentation: An object that represents a job timeout configuration.
│ │ └ properties
│ │ └ AttemptDurationSeconds: (documentation changed)
│ ├[-] type Volume
│ │ ├ documentation: A data volume that's used in a job's container properties.
│ │ │ name: Volume
│ │ └ properties
│ │ ├Host: Host
│ │ ├EfsVolumeConfiguration: EFSVolumeConfiguration
│ │ └Name: string
│ ├[~] type Volumes
│ │ ├ - documentation: undefined
│ │ │ + documentation: A list of volumes that are associated with the job.
│ │ └ properties
│ │ ├ EfsVolumeConfiguration: (documentation changed)
│ │ ├ Host: (documentation changed)
│ │ └ Name: (documentation changed)
│ └[~] type VolumesHost
│ ├ - documentation: undefined
│ │ + documentation: Determine whether your data volume persists on the host container instance and where it's stored. If this parameter is empty, then the Docker daemon assigns a host path for your data volume. However, the data isn't guaranteed to persist after the containers that are associated with it stop running.
│ └ properties
│ └ SourcePath: (documentation changed)
├[~] service aws-cloud9
│ └ resources
│ └[~] resource AWS::Cloud9::EnvironmentEC2
│ └ properties
│ └ ImageId: (documentation changed)
├[~] service aws-cloudtrail
│ └ resources
│ ├[~] resource AWS::CloudTrail::EventDataStore
│ │ └ types
│ │ └[~] type AdvancedEventSelector
│ │ └ - documentation: Advanced event selectors let you create fine-grained selectors for the following AWS CloudTrail event record fields. They help you control costs by logging only those events that are important to you. For more information about advanced event selectors, see [Logging data events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) in the *AWS CloudTrail User Guide* .
│ │ - `readOnly`
│ │ - `eventSource`
│ │ - `eventName`
│ │ - `eventCategory`
│ │ - `resources.type`
│ │ - `resources.ARN`
│ │ You cannot apply both event selectors and advanced event selectors to a trail.
│ │ + documentation: Advanced event selectors let you create fine-grained selectors for CloudTrail management and data events. They help you control costs by logging only those events that are important to you. For more information about advanced event selectors, see [Logging management events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html) and [Logging data events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) in the *AWS CloudTrail User Guide* .
│ │ You cannot apply both event selectors and advanced event selectors to a trail.
│ │ *Supported CloudTrail event record fields for management events*
│ │ - `eventCategory` (required)
│ │ - `eventSource`
│ │ - `readOnly`
│ │ *Supported CloudTrail event record fields for data events*
│ │ - `eventCategory` (required)
│ │ - `resources.type` (required)
│ │ - `readOnly`
│ │ - `eventName`
│ │ - `resources.ARN`
│ │ > For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the only supported field is `eventCategory` .
│ └[~] resource AWS::CloudTrail::Trail
│ └ types
│ └[~] type AdvancedEventSelector
│ └ - documentation: Advanced event selectors let you create fine-grained selectors for the following AWS CloudTrail event record fields. They help you control costs by logging only those events that are important to you. For more information about advanced event selectors, see [Logging data events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) in the *AWS CloudTrail User Guide* .
│ - `readOnly`
│ - `eventSource`
│ - `eventName`
│ - `eventCategory`
│ - `resources.type`
│ - `resources.ARN`
│ You cannot apply both event selectors and advanced event selectors to a trail.
│ + documentation: Advanced event selectors let you create fine-grained selectors for CloudTrail management and data events. They help you control costs by logging only those events that are important to you. For more information about advanced event selectors, see [Logging management events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html) and [Logging data events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) in the *AWS CloudTrail User Guide* .
│ You cannot apply both event selectors and advanced event selectors to a trail.
│ *Supported CloudTrail event record fields for management events*
│ - `eventCategory` (required)
│ - `eventSource`
│ - `readOnly`
│ *Supported CloudTrail event record fields for data events*
│ - `eventCategory` (required)
│ - `resources.type` (required)
│ - `readOnly`
│ - `eventName`
│ - `resources.ARN`
│ > For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the only supported field is `eventCategory` .
├[~] service aws-codebuild
│ └ resources
│ ├[+] resource AWS::CodeBuild::Fleet
│ │ ├ name: Fleet
│ │ │ cloudFormationType: AWS::CodeBuild::Fleet
│ │ │ documentation: The `AWS::CodeBuild::Fleet` resource configures a compute fleet, a set of dedicated instances for your build environment.
│ │ │ tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│ │ ├ properties
│ │ │ ├Name: string
│ │ │ ├BaseCapacity: integer
│ │ │ ├EnvironmentType: string
│ │ │ ├ComputeType: string
│ │ │ └Tags: Array<tag>
│ │ └ attributes
│ │ └Arn: string
│ └[~] resource AWS::CodeBuild::Project
│ └ types
│ └[~] type Environment
│ └ properties
│ └ Type: (documentation changed)
├[~] service aws-cognito
│ └ resources
│ ├[~] resource AWS::Cognito::IdentityPool
│ │ └ attributes
│ │ └ Id: (documentation changed)
│ ├[~] resource AWS::Cognito::IdentityPoolRoleAttachment
│ │ └ attributes
│ │ └ Id: (documentation changed)
│ └[~] resource AWS::Cognito::UserPoolIdentityProvider
│ └ properties
│ ├ AttributeMapping: - json
│ │ + Map<string, string> ⇐ json
│ └ ProviderDetails: - json
│ + Map<string, string> ⇐ json (required)
├[~] service aws-connect
│ └ resources
│ └[~] resource AWS::Connect::Rule
│ └ types
│ └[~] type FieldValue
│ └ - documentation: The value of the field.
│ + documentation: Object for case field values.
├[~] service aws-datasync
│ └ resources
│ └[~] resource AWS::DataSync::LocationS3
│ ├ properties
│ │ ├ Subdirectory: (documentation changed)
│ │ └ Tags: (documentation changed)
│ └ types
│ └[~] type S3Config
│ ├ - documentation: The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role used to access an Amazon S3 bucket.
│ │ For detailed information about using such a role, see [Creating a Location for Amazon S3](https://docs.aws.amazon.com/datasync/latest/userguide/create-s3-location.html) in the *AWS DataSync User Guide* .
│ │ + documentation: Specifies the Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that DataSync uses to access your S3 bucket.
│ │ For more information, see [Accessing S3 buckets](https://docs.aws.amazon.com/datasync/latest/userguide/create-s3-location.html#create-s3-location-access) .
│ └ properties
│ └ BucketAccessRoleArn: (documentation changed)
├[~] service aws-datazone
│ └ resources
│ ├[~] resource AWS::DataZone::DataSource
│ │ ├ - documentation: Definition of AWS::DataZone::DataSource Resource Type
│ │ │ + documentation: The `AWS::DataZone::DataSource` resource specifies an Amazon DataZone data source that is used to import technical metadata of assets (data) from the source databases or data warehouses into Amazon DataZone.
│ │ ├ properties
│ │ │ ├ AssetFormsInput: (documentation changed)
│ │ │ ├ Configuration: (documentation changed)
│ │ │ ├ ProjectIdentifier: (documentation changed)
│ │ │ └ Recommendation: (documentation changed)
│ │ ├ attributes
│ │ │ ├ DomainId: (documentation changed)
│ │ │ ├ EnvironmentId: (documentation changed)
│ │ │ ├ Id: (documentation changed)
│ │ │ ├ LastRunAssetCount: (documentation changed)
│ │ │ ├ LastRunAt: (documentation changed)
│ │ │ ├ LastRunStatus: (documentation changed)
│ │ │ ├ ProjectId: (documentation changed)
│ │ │ └ UpdatedAt: (documentation changed)
│ │ └ types
│ │ ├[~] type DataSourceConfigurationInput
│ │ │ ├ - documentation: undefined
│ │ │ │ + documentation: The configuration of the data source.
│ │ │ └ properties
│ │ │ ├ GlueRunConfiguration: (documentation changed)
│ │ │ └ RedshiftRunConfiguration: (documentation changed)
│ │ ├[~] type FilterExpression
│ │ │ ├ - documentation: The search filter expression.
│ │ │ │ + documentation: A filter expression in Amazon DataZone.
│ │ │ └ properties
│ │ │ ├ Expression: (documentation changed)
│ │ │ └ Type: (documentation changed)
│ │ ├[~] type GlueRunConfigurationInput
│ │ │ └ - documentation: undefined
│ │ │ + documentation: The configuration details of the AWS Glue data source.
│ │ ├[~] type RecommendationConfiguration
│ │ │ └ - documentation: The recommendation to be updated as part of the UpdateDataSource action.
│ │ │ + documentation: The recommendation configuration for the data source.
│ │ ├[~] type RedshiftClusterStorage
│ │ │ └ - documentation: The name of an Amazon Redshift cluster.
│ │ │ + documentation: The details of the Amazon Redshift cluster storage.
│ │ ├[~] type RedshiftCredentialConfiguration
│ │ │ └ - documentation: The ARN of a secret manager for an Amazon Redshift cluster.
│ │ │ + documentation: The details of the credentials required to access an Amazon Redshift cluster.
│ │ ├[~] type RedshiftRunConfigurationInput
│ │ │ ├ - documentation: The configuration details of the Amazon Redshift data source.
│ │ │ │ + documentation: The relational filter configurations included in the configuration details of the Amazon Redshift data source.
│ │ │ └ properties
│ │ │ ├ DataAccessRole: (documentation changed)
│ │ │ ├ RedshiftCredentialConfiguration: (documentation changed)
│ │ │ └ RelationalFilterConfigurations: (documentation changed)
│ │ ├[~] type RedshiftStorage
│ │ │ ├ - documentation: The details of the Amazon Redshift cluster source.
│ │ │ │ + documentation: The details of the Amazon Redshift storage as part of the configuration of an Amazon Redshift data source run.
│ │ │ └ properties
│ │ │ ├ RedshiftClusterSource: (documentation changed)
│ │ │ └ RedshiftServerlessSource: (documentation changed)
│ │ └[~] type ScheduleConfiguration
│ │ ├ - documentation: The schedule of the data source runs.
│ │ │ + documentation: The details of the schedule of the data source runs.
│ │ └ properties
│ │ └ Timezone: (documentation changed)
│ ├[~] resource AWS::DataZone::Domain
│ │ ├ - documentation: A domain is an organizing entity for connecting together assets, users, and their projects
│ │ │ + documentation: The `AWS::DataZone::Domain` resource specifies an Amazon DataZone domain. You can use domains to organize your assets, users, and their projects.
│ │ ├ properties
│ │ │ └ SingleSignOn: (documentation changed)
│ │ ├ attributes
│ │ │ ├ CreatedAt: (documentation changed)
│ │ │ ├ Id: (documentation changed)
│ │ │ ├ LastUpdatedAt: (documentation changed)
│ │ │ └ PortalUrl: (documentation changed)
│ │ └ types
│ │ └[~] type SingleSignOn
│ │ └ - documentation: The single-sign on configuration of the Amazon DataZone domain.
│ │ + documentation: The single sign-on details in Amazon DataZone.
│ ├[~] resource AWS::DataZone::Environment
│ │ ├ - documentation: Definition of AWS::DataZone::Environment Resource Type
│ │ │ + documentation: The `AWS::DataZone::Environment` resource specifies an Amazon DataZone environment, which is a collection of zero or more configured resources with a given set of IAM principals who can operate on those resources.
│ │ ├ properties
│ │ │ ├ Description: (documentation changed)
│ │ │ ├ DomainIdentifier: (documentation changed)
│ │ │ ├ EnvironmentProfileIdentifier: (documentation changed)
│ │ │ ├ GlossaryTerms: (documentation changed)
│ │ │ ├ Name: (documentation changed)
│ │ │ ├ ProjectIdentifier: (documentation changed)
│ │ │ └ UserParameters: (documentation changed)
│ │ ├ attributes
│ │ │ ├ AwsAccountId: (documentation changed)
│ │ │ ├ AwsAccountRegion: (documentation changed)
│ │ │ ├ DomainId: (documentation changed)
│ │ │ ├ EnvironmentBlueprintId: (documentation changed)
│ │ │ ├ EnvironmentProfileId: (documentation changed)
│ │ │ ├ Id: (documentation changed)
│ │ │ ├ ProjectId: (documentation changed)
│ │ │ ├ Provider: (documentation changed)
│ │ │ └ Status: (documentation changed)
│ │ └ types
│ │ └[~] type EnvironmentParameter
│ │ ├ - documentation: The parameter details of an environment.
│ │ │ + documentation: The parameter details of the environment.
│ │ └ properties
│ │ ├ Name: (documentation changed)
│ │ └ Value: (documentation changed)
│ ├[~] resource AWS::DataZone::EnvironmentBlueprintConfiguration
│ │ ├ - documentation: Definition of AWS::DataZone::EnvironmentBlueprintConfiguration Resource Type
│ │ │ + documentation: The configuration details of an environment blueprint.
│ │ ├ properties
│ │ │ ├ DomainIdentifier: (documentation changed)
│ │ │ ├ EnabledRegions: (documentation changed)
│ │ │ ├ EnvironmentBlueprintIdentifier: (documentation changed)
│ │ │ ├ ManageAccessRoleArn: (documentation changed)
│ │ │ ├ ProvisioningRoleArn: (documentation changed)
│ │ │ └ RegionalParameters: (documentation changed)
│ │ ├ attributes
│ │ │ ├ CreatedAt: (documentation changed)
│ │ │ ├ DomainId: (documentation changed)
│ │ │ ├ EnvironmentBlueprintId: (documentation changed)
│ │ │ └ UpdatedAt: (documentation changed)
│ │ └ types
│ │ └[~] type RegionalParameter
│ │ ├ - documentation: undefined
│ │ │ + documentation: The regional parameters in the environment blueprint.
│ │ └ properties
│ │ ├ Parameters: (documentation changed)
│ │ └ Region: (documentation changed)
│ ├[~] resource AWS::DataZone::EnvironmentProfile
│ │ ├ - documentation: AWS Datazone Environment Profile is pre-configured set of resources and blueprints that provide reusable templates for creating environments.
│ │ │ + documentation: The details of an environment profile.
│ │ ├ properties
│ │ │ ├ AwsAccountId: - string
│ │ │ │ + string (required)
│ │ │ │ (documentation changed)
│ │ │ ├ AwsAccountRegion: - string
│ │ │ │ + string (required)
│ │ │ │ (documentation changed)
│ │ │ ├ Description: (documentation changed)
│ │ │ ├ DomainIdentifier: (documentation changed)
│ │ │ ├ EnvironmentBlueprintIdentifier: (documentation changed)
│ │ │ ├ Name: (documentation changed)
│ │ │ └ ProjectIdentifier: (documentation changed)
│ │ ├ attributes
│ │ │ ├ CreatedAt: (documentation changed)
│ │ │ ├ CreatedBy: (documentation changed)
│ │ │ ├ DomainId: (documentation changed)
│ │ │ ├ EnvironmentBlueprintId: (documentation changed)
│ │ │ ├ Id: (documentation changed)
│ │ │ ├ ProjectId: (documentation changed)
│ │ │ └ UpdatedAt: (documentation changed)
│ │ └ types
│ │ └[~] type EnvironmentParameter
│ │ └ properties
│ │ ├ Name: (documentation changed)
│ │ └ Value: (documentation changed)
│ ├[~] resource AWS::DataZone::Project
│ │ ├ - documentation: Amazon DataZone projects are business use case–based groupings of people, assets (data), and tools used to simplify access to the AWS analytics.
│ │ │ + documentation: The `AWS::DataZone::Project` resource specifies an Amazon DataZone project. Projects enable a group of users to collaborate on various business use cases that involve publishing, discovering, subscribing to, and consuming data in the Amazon DataZone catalog. Project members consume assets from the Amazon DataZone catalog and produce new assets using one or more analytical workflows.
│ │ ├ properties
│ │ │ ├ Description: (documentation changed)
│ │ │ ├ DomainIdentifier: (documentation changed)
│ │ │ └ Name: (documentation changed)
│ │ └ attributes
│ │ ├ CreatedAt: (documentation changed)
│ │ ├ DomainId: (documentation changed)
│ │ └ Id: (documentation changed)
│ └[~] resource AWS::DataZone::SubscriptionTarget
│ ├ - documentation: Subscription targets enables one to access the data to which you have subscribed in your projects.
│ │ + documentation: The `AWS::DataZone::SubscriptionTarget` resource specifies an Amazon DataZone subscription target. Subscription targets enable you to access the data to which you have subscribed in your projects. A subscription target specifies the location (for example, a database or a schema) and the required permissions (for example, an IAM role) that Amazon DataZone can use to establish a connection with the source data and to create the necessary grants so that members of the Amazon DataZone project can start querying the data to which they have subscribed.
│ ├ properties
│ │ ├ ApplicableAssetTypes: (documentation changed)
│ │ ├ AuthorizedPrincipals: (documentation changed)
│ │ ├ DomainIdentifier: (documentation changed)
│ │ └ EnvironmentIdentifier: (documentation changed)
│ └ attributes
│ ├ DomainId: (documentation changed)
│ ├ EnvironmentId: (documentation changed)
│ └ Id: (documentation changed)
├[~] service aws-ec2
│ └ resources
│ ├[~] resource AWS::EC2::Instance
│ │ └ properties
│ │ └ ElasticGpuSpecifications: (documentation changed)
│ ├[~] resource AWS::EC2::LaunchTemplate
│ │ └ types
│ │ ├[~] type LaunchTemplateData
│ │ │ └ properties
│ │ │ └ ElasticGpuSpecifications: (documentation changed)
│ │ └[~] type TagSpecification
│ │ └ properties
│ │ └ ResourceType: (documentation changed)
│ ├[~] resource AWS::EC2::NetworkAclEntry
│ │ ├ properties
│ │ │ ├ CidrBlock: (documentation changed)
│ │ │ ├ Icmp: (documentation changed)
│ │ │ ├ Ipv6CidrBlock: (documentation changed)
│ │ │ └ PortRange: (documentation changed)
│ │ └ types
│ │ └[~] type Icmp
│ │ └ properties
│ │ └ Code: (documentation changed)
│ ├[~] resource AWS::EC2::SecurityGroup
│ │ ├ properties
│ │ │ └ VpcId: (documentation changed)
│ │ └ types
│ │ ├[~] type Egress
│ │ │ ├ - documentation: Adds the specified egress rules to a security group for use with a VPC.
│ │ │ │ An outbound rule permits instances to send traffic to the specified destination IPv4 or IPv6 CIDR address ranges, or to the specified destination security groups for the same VPC.
│ │ │ │ You specify a protocol for each rule (for example, TCP). For the TCP and UDP protocols, you must also specify the destination port or port range. For the ICMP protocol, you must also specify the ICMP type and code. You can use -1 for the type or code to mean all types or all codes.
│ │ │ │ You must specify only one of the following properties: `CidrIp` , `CidrIpv6` , `DestinationPrefixListId` , or `DestinationSecurityGroupId` .
│ │ │ │ You must specify a destination security group ( `DestinationPrefixListId` or `DestinationSecurityGroupId` ) or a CIDR range ( `CidrIp` or `CidrIpv6` ). If you do not specify one of these parameters, the stack will launch successfully but the rule will not be added to the security group.
│ │ │ │ Rule changes are propagated to affected instances as quickly as possible. However, a small delay might occur.
│ │ │ │ For more information about VPC security group limits, see [Amazon VPC Limits](https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html) .
│ │ │ │ Use `SecurityGroup.Ingress` and `SecurityGroup.Egress` only when necessary, typically to allow security groups to reference each other in ingress and egress rules. Otherwise, use the embedded ingress and egress rules of the security group. For more information, see [Amazon EC2 Security Groups](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html) .
│ │ │ │ The EC2 Security Group Rule is an embedded property of the `AWS::EC2::SecurityGroup` type.
│ │ │ │ + documentation: Adds the specified outbound (egress) rule to a security group.
│ │ │ │ An outbound rule permits instances to send traffic to the specified IPv4 or IPv6 address range, the IP address ranges that are specified by a prefix list, or the instances that are associated with a destination security group. For more information, see [Security group rules](https://docs.aws.amazon.com/vpc/latest/userguide/security-group-rules.html) .
│ │ │ │ You must specify exactly one of the following destinations: an IPv4 or IPv6 address range, a prefix list, or a security group. Otherwise, the stack launches successfully but the rule is not added to the security group.
│ │ │ │ You must specify a protocol for each rule (for example, TCP). If the protocol is TCP or UDP, you must also specify a port or port range. If the protocol is ICMP or ICMPv6, you must also specify the ICMP/ICMPv6 type and code.
│ │ │ │ Rule changes are propagated to instances associated with the security group as quickly as possible. However, a small delay might occur.
│ │ │ └ properties
│ │ │ ├ FromPort: (documentation changed)
│ │ │ └ ToPort: (documentation changed)
│ │ └[~] type Ingress
│ │ ├ - documentation: Adds an inbound rule to a security group.
│ │ │ An inbound rule permits instances to receive traffic from the specified IPv4 or IPv6 CIDR address range, or from the instances associated with the specified security group.
│ │ │ You must specify only one of the following properties: `CidrIp` , `CidrIpv6` , `SourcePrefixListId` , `SourceSecurityGroupId` , or `SourceSecurityGroupName` .
│ │ │ You specify a protocol for each rule (for example, TCP). For TCP and UDP, you must also specify a port or port range. For ICMP/ICMPv6, you must also specify the ICMP/ICMPv6 type and code. You can use -1 to mean all types or all codes.
│ │ │ You must specify a source security group ( `SourcePrefixListId` , `SourceSecurityGroupId` , or `SourceSecurityGroupName` ) or a CIDR range ( `CidrIp` or `CidrIpv6` ). If you do not specify one of these parameters, the stack will launch successfully but the rule will not be added to the security group.
│ │ │ Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur.
│ │ │ The EC2 Security Group Rule is an embedded property of the `AWS::EC2::SecurityGroup` type.
│ │ │ + documentation: Adds an inbound (ingress) rule to a security group.
│ │ │ An inbound rule permits instances to receive traffic from the specified IPv4 or IPv6 address range, the IP address ranges that are specified by a prefix list, or the instances that are associated with a source security group. For more information, see [Security group rules](https://docs.aws.amazon.com/vpc/latest/userguide/security-group-rules.html) .
│ │ │ You must specify exactly one of the following sources: an IPv4 or IPv6 address range, a prefix list, or a security group. Otherwise, the stack launches successfully, but the rule is not added to the security group.
│ │ │ You must specify a protocol for each rule (for example, TCP). If the protocol is TCP or UDP, you must also specify a port or port range. If the protocol is ICMP or ICMPv6, you must also specify the ICMP/ICMPv6 type and code.
│ │ │ Rule changes are propagated to instances associated with the security group as quickly as possible. However, a small delay might occur.
│ │ └ properties
│ │ ├ FromPort: (documentation changed)
│ │ ├ SourceSecurityGroupId: (documentation changed)
│ │ └ ToPort: (documentation changed)
│ ├[~] resource AWS::EC2::SecurityGroupEgress
│ │ ├ - documentation: Adds the specified egress rules to a security group.
│ │ │ An outbound rule permits instances to send traffic to the specified destination IPv4 or IPv6 CIDR address ranges, or to the specified destination security groups for the same VPC.
│ │ │ You specify a protocol for each rule (for example, TCP). For the TCP and UDP protocols, you must also specify the destination port or port range. For the ICMP protocol, you must also specify the ICMP type and code. You can use -1 for the type or code to mean all types or all codes.
│ │ │ You must specify only one of the following properties: `CidrIp` , `CidrIpv6` , `DestinationPrefixListId` , or `DestinationSecurityGroupId` .
│ │ │ You must specify a destination security group ( `DestinationPrefixListId` or `DestinationSecurityGroupId` ) or a CIDR range ( `CidrIp` or `CidrIpv6` ). If you do not specify one of these parameters, the stack will launch successfully but the rule will not be added to the security group.
│ │ │ Rule changes are propagated to affected instances as quickly as possible. However, a small delay might occur.
│ │ │ For more information about VPC security group limits, see [Amazon VPC Limits](https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html) .
│ │ │ Use `AWS::EC2::SecurityGroupIngress` and `AWS::EC2::SecurityGroupEgress` only when necessary, typically to allow security groups to reference each other in ingress and egress rules. Otherwise, use the embedded ingress and egress rules of the security group. For more information, see [Amazon EC2 Security Groups](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html) .
│ │ │ + documentation: Adds the specified outbound (egress) rule to a security group.
│ │ │ An outbound rule permits instances to send traffic to the specified IPv4 or IPv6 address range, the IP addresses that are specified by a prefix list, or the instances that are associated with a destination security group. For more information, see [Security group rules](https://docs.aws.amazon.com/vpc/latest/userguide/security-group-rules.html) .
│ │ │ You must specify exactly one of the following destinations: an IPv4 or IPv6 address range, a prefix list, or a security group. Otherwise, the stack launches successfully but the rule is not added to the security group.
│ │ │ You must specify a protocol for each rule (for example, TCP). If the protocol is TCP or UDP, you must also specify a port or port range. If the protocol is ICMP or ICMPv6, you must also specify the ICMP/ICMPv6 type and code. To specify all types or all codes, use -1.
│ │ │ Rule changes are propagated to instances associated with the security group as quickly as possible. However, a small delay might occur.
│ │ └ properties
│ │ ├ FromPort: (documentation changed)
│ │ └ ToPort: (documentation changed)
│ ├[~] resource AWS::EC2::SecurityGroupIngress
│ │ └ - documentation: Adds an inbound rule to a security group.
│ │ An inbound rule permits instances to receive traffic from the specified IPv4 or IPv6 CIDR address range, or from the instances associated with the specified security group.
│ │ You must specify only one of the following properties: `CidrIp` , `CidrIpv6` , `SourcePrefixListId` , `SourceSecurityGroupId` , or `SourceSecurityGroupName` .
│ │ You specify a protocol for each rule (for example, TCP). For TCP and UDP, you must also specify a port or port range. For ICMP/ICMPv6, you must also specify the ICMP/ICMPv6 type and code. You can use -1 to mean all types or all codes.
│ │ You must specify a source security group ( `SourcePrefixListId` , `SourceSecurityGroupId` , or `SourceSecurityGroupName` ) or a CIDR range ( `CidrIp` or `CidrIpv6` ). If you do not specify one of these parameters, the stack will launch successfully but the rule will not be added to the security group.
│ │ Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur.
│ │ + documentation: Adds an inbound (ingress) rule to a security group.
│ │ An inbound rule permits instances to receive traffic from the specified IPv4 or IPv6 address range, the IP addresses that are specified by a prefix list, or the instances that are associated with a source security group. For more information, see [Security group rules](https://docs.aws.amazon.com/vpc/latest/userguide/security-group-rules.html) .
│ │ You must specify only one of the following sources: an IPv4 or IPv6 address range, a prefix list, or a security group. Otherwise, the stack launches successfully, but the rule is not added to the security group.
│ │ You must specify a protocol for each rule (for example, TCP). If the protocol is TCP or UDP, you must also specify a port or port range. If the protocol is ICMP or ICMPv6, you must also specify the ICMP/ICMPv6 type and code.
│ │ Rule changes are propagated to instances associated with the security group as quickly as possible. However, a small delay might occur.
│ ├[~] resource AWS::EC2::Subnet
│ │ └ properties
│ │ ├ AssignIpv6AddressOnCreation: (documentation changed)
│ │ ├ Ipv6CidrBlock: (documentation changed)
│ │ └ Ipv6CidrBlocks: (documentation changed)
│ └[~] resource AWS::EC2::SubnetCidrBlock
│ └ properties
│ └ Ipv6CidrBlock: (documentation changed)
├[~] service aws-ecs
│ └ resources
│ ├[~] resource AWS::ECS::Service
│ │ └ types
│ │ ├[~] type AwsVpcConfiguration
│ │ │ └ - documentation: An object representing the networking details for a task or service.
│ │ │ + documentation: An object representing the networking details for a task or service. For example `awsvpcConfiguration={subnets=["subnet-12344321"],securityGroups=["sg-12344321"]}`
│ │ ├[~] type DeploymentConfiguration
│ │ │ └ properties
│ │ │ └ MinimumHealthyPercent: (documentation changed)
│ │ ├[~] type ServiceConnectService
│ │ │ └ properties
│ │ │ ├ Timeout: (documentation changed)
│ │ │ └ Tls: (documentation changed)
│ │ ├[~] type ServiceConnectTlsCertificateAuthority
│ │ │ ├ - documentation: undefined
│ │ │ │ + documentation: An object that represents the AWS Private Certificate Authority certificate.
│ │ │ └ properties
│ │ │ └ AwsPcaAuthorityArn: (documentation changed)
│ │ ├[~] type ServiceConnectTlsConfiguration
│ │ │ ├ - documentation: undefined
│ │ │ │ + documentation: An object that represents the configuration for Service Connect TLS.
│ │ │ └ properties
│ │ │ ├ IssuerCertificateAuthority: (documentation changed)
│ │ │ ├ KmsKey: (documentation changed)
│ │ │ └ RoleArn: (documentation changed)
│ │ └[~] type TimeoutConfiguration
│ │ ├ - documentation: undefined
│ │ │ + documentation: An object that represents the timeout configurations for Service Connect.
│ │ │ > If `idleTimeout` is set to a time that is less than `perRequestTimeout` , the connection will close when the `idleTimeout` is reached and not the `perRequestTimeout` .
│ │ └ properties
│ │ ├ IdleTimeoutSeconds: (documentation changed)
│ │ └ PerRequestTimeoutSeconds: (documentation changed)
│ ├[~] resource AWS::ECS::TaskDefinition
│ │ └ types
│ │ ├[~] type ContainerDefinition
│ │ │ └ properties
│ │ │ └ SystemControls: (documentation changed)
│ │ └[~] type Ulimit
│ │ └ - documentation: The `ulimit` settings to pass to the container.
│ │ Amazon ECS tasks hosted on AWS Fargate use the default resource limit values set by the operating system with the exception of the `nofile` resource limit parameter which AWS Fargate overrides. The `nofile` resource limit sets a restriction on the number of open files that a container can use. The default `nofile` soft limit is `1024` and the default hard limit is `4096` .
│ │ You can specify the `ulimit` settings for a container in a task definition.
│ │ + documentation: The `ulimit` settings to pass to the container.
│ │ Amazon ECS tasks hosted on AWS Fargate use the default resource limit values set by the operating system with the exception of the `nofile` resource limit parameter which AWS Fargate overrides. The `nofile` resource limit sets a restriction on the number of open files that a container can use. The default `nofile` soft limit is `1024` and the default hard limit is `65535` .
│ │ You can specify the `ulimit` settings for a container in a task definition.
│ └[~] resource AWS::ECS::TaskSet
│ ├ - documentation: Create a task set in the specified cluster and service. This is used when a service uses the `EXTERNAL` deployment controller type. For more information, see [Amazon ECS deployment types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-types.html) in the *Amazon Elastic Container Service Developer Guide* .
│ │ You can create a maximum of 5 tasks sets for a deployment.
│ │ + documentation: Create a task set in the specified cluster and service. This is used when a service uses the `EXTERNAL` deployment controller type. For more information, see [Amazon ECS deployment types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-types.html) in the *Amazon Elastic Container Service Developer Guide* .
│ │ For information about the maximum number of task sets and otther quotas, see [Amazon ECS service quotas](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-quotas.html) in the *Amazon Elastic Container Service Developer Guide* .
│ └ types
│ └[~] type AwsVpcConfiguration
│ └ - documentation: An object representing the networking details for a task or service.
│ + documentation: An object representing the networking details for a task or service. For example `awsvpcConfiguration={subnets=["subnet-12344321"],securityGroups=["sg-12344321"]}`
├[~] service aws-eks
│ └ resources
│ └[~] resource AWS::EKS::Cluster
│ └ - documentation: Creates an Amazon EKS control plane.
│ The Amazon EKS control plane consists of control plane instances that run the Kubernetes software, such as `etcd` and the API server. The control plane runs in an account managed by AWS , and the Kubernetes API is exposed by the Amazon EKS API server endpoint. Each Amazon EKS cluster control plane is single tenant and unique. It runs on its own set of Amazon EC2 instances.
│ The cluster control plane is provisioned across multiple Availability Zones and fronted by an Elastic Load Balancing Network Load Balancer. Amazon EKS also provisions elastic network interfaces in your VPC subnets to provide connectivity from the control plane instances to the nodes (for example, to support `kubectl exec` , `logs` , and `proxy` data flows).
│ Amazon EKS nodes run in your AWS account and connect to your cluster's control plane over the Kubernetes API server endpoint and a certificate file that is created for your cluster.
│ You can use the `endpointPublicAccess` and `endpointPrivateAccess` parameters to enable or disable public and private access to your cluster's Kubernetes API server endpoint. By default, public access is enabled, and private access is disabled. For more information, see [Amazon EKS Cluster Endpoint Access Control](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) in the **Amazon EKS User Guide** .
│ You can use the `logging` parameter to enable or disable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs. By default, cluster control plane logs aren't exported to CloudWatch Logs. For more information, see [Amazon EKS Cluster Control Plane Logs](https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) in the **Amazon EKS User Guide** .
│ > CloudWatch Logs ingestion, archive storage, and data scanning rates apply to exported control plane logs. For more information, see [CloudWatch Pricing](https://docs.aws.amazon.com/cloudwatch/pricing/) .
│ In most cases, it takes several minutes to create a cluster. After you create an Amazon EKS cluster, you must configure your Kubernetes tooling to communicate with the API server and launch nodes into your cluster. For more information, see [Managing Cluster Authentication](https://docs.aws.amazon.com/eks/latest/userguide/managing-auth.html) and [Launching Amazon EKS nodes](https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html) in the *Amazon EKS User Guide* .
│ + documentation: Creates an Amazon EKS control plane.
│ The Amazon EKS control plane consists of control plane instances that run the Kubernetes software, such as `etcd` and the API server. The control plane runs in an account managed by AWS , and the Kubernetes API is exposed by the Amazon EKS API server endpoint. Each Amazon EKS cluster control plane is single tenant and unique. It runs on its own set of Amazon EC2 instances.
│ The cluster control plane is provisioned across multiple Availability Zones and fronted by an Elastic Load Balancing Network Load Balancer. Amazon EKS also provisions elastic network interfaces in your VPC subnets to provide connectivity from the control plane instances to the nodes (for example, to support `kubectl exec` , `logs` , and `proxy` data flows).
│ Amazon EKS nodes run in your AWS account and connect to your cluster's control plane over the Kubernetes API server endpoint and a certificate file that is created for your cluster.
│ You can use the `endpointPublicAccess` and `endpointPrivateAccess` parameters to enable or disable public and private access to your cluster's Kubernetes API server endpoint. By default, public access is enabled, and private access is disabled. For more information, see [Amazon EKS Cluster Endpoint Access Control](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) in the **Amazon EKS User Guide** .
│ You can use the `logging` parameter to enable or disable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs. By default, cluster control plane logs aren't exported to CloudWatch Logs. For more information, see [Amazon EKS Cluster Control Plane Logs](https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) in the **Amazon EKS User Guide** .
│ > CloudWatch Logs ingestion, archive storage, and data scanning rates apply to exported control plane logs. For more information, see [CloudWatch Pricing](https://docs.aws.amazon.com/cloudwatch/pricing/) .
│ In most cases, it takes several minutes to create a cluster. After you create an Amazon EKS cluster, you must configure your Kubernetes tooling to communicate with the API server and launch nodes into your cluster. For more information, see [Allowing users to access your cluster](https://docs.aws.amazon.com/eks/latest/userguide/cluster-auth.html) and [Launching Amazon EKS nodes](https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html) in the *Amazon EKS User Guide* .
├[~] service aws-elasticache
│ └ resources
│ └[~] resource AWS::ElastiCache::ServerlessCache
│ ├ attributes
│ │ ├ Endpoint.Port: - integer
│ │ │ + integer ⇐ string
│ │ └ ReaderEndpoint.Port: - integer
│ │ + integer ⇐ string
│ └ types
│ └[~] type Endpoint
│ └ properties
│ └ Port: - integer
│ + integer ⇐ string
├[~] service aws-elasticloadbalancingv2
│ └ resources
│ └[~] resource AWS::ElasticLoadBalancingV2::LoadBalancer
│ └ properties
│ └ EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic: (documentation changed)
├[~] service aws-fis
│ └ resources
│ └[~] resource AWS::FIS::ExperimentTemplate
│ ├ - documentation: Specifies an experiment template.
│ │ An experiment template includes the following components:
│ │ - *Targets* : A target can be a specific resource in your AWS environment, or one or more resources that match criteria that you specify, for example, resources that have specific tags.
│ │ - *Actions* : The actions to carry out on the target. You can specify multiple actions, the duration of each action, and when to start each action during an experiment.
│ │ - *Stop conditions* : If a stop condition is triggered while an experiment is running, the experiment is automatically stopped. You can define a stop condition as a CloudWatch alarm.
│ │ For more information, see [Experiment templates](https://docs.aws.amazon.com/fis/latest/userguide/experiment-templates.html) in the *AWS Fault Injection Service User Guide* .
│ │ + documentation: Describes an experiment template.
│ └ types
│ ├[~] type ExperimentTemplateAction
│ │ └ - documentation: Specifies an action for an experiment template.
│ │ For more information, see [Actions](https://docs.aws.amazon.com/fis/latest/userguide/actions.html) in the *AWS Fault Injection Service User Guide* .
│ │ + documentation: Describes an action for an experiment template.
│ ├[~] type ExperimentTemplateLogConfiguration
│ │ ├ - documentation: Specifies the configuration for experiment logging.
│ │ │ For more information, see [Experiment logging](https://docs.aws.amazon.com/fis/latest/userguide/monitoring-logging.html) in the *AWS Fault Injection Service User Guide* .
│ │ │ + documentation: Describes the configuration for experiment logging.
│ │ └ properties
│ │ ├ CloudWatchLogsConfiguration: (documentation changed)
│ │ └ S3Configuration: (documentation changed)
│ ├[~] type ExperimentTemplateStopCondition
│ │ └ - documentation: Specifies a stop condition for an experiment template.
│ │ For more information, see [Stop conditions](https://docs.aws.amazon.com/fis/latest/userguide/stop-conditions.html) in the *AWS Fault Injection Service User Guide* .
│ │ + documentation: Describes a stop condition for an experiment template.
│ ├[~] type ExperimentTemplateTarget
│ │ ├ - documentation: Specifies a target for an experiment. You must specify at least one Amazon Resource Name (ARN) or at least one resource tag. You cannot specify both ARNs and tags.
│ │ │ For more information, see [Targets](https://docs.aws.amazon.com/fis/latest/userguide/targets.html) in the *AWS Fault Injection Service User Guide* .
│ │ │ + documentation: Describes a target for an experiment template.
│ │ └ properties
│ │ └ Parameters: (documentation changed)
│ └[~] type ExperimentTemplateTargetFilter
│ └ - documentation: Specifies a filter used for the target resource input in an experiment template.
│ For more information, see [Resource filters](https://docs.aws.amazon.com/fis/latest/userguide/targets.html#target-filters) in the *AWS Fault Injection Service User Guide* .
│ + documentation: Describes a filter used for the target resources in an experiment template.
├[~] service aws-guardduty
│ └ resources
│ └[~] resource AWS::GuardDuty::Filter
│ ├ properties
│ │ ├ Action: - string (required)
│ │ │ + string
│ │ ├ Description: - string (required)
│ │ │ + string
│ │ ├ DetectorId: - string (required, immutable)
│ │ │ + string (immutable)
│ │ ├ Name: - string (required, immutable)
│ │ │ + string (immutable)
│ │ ├ Rank: - integer (required)
│ │ │ + integer
│ │ └ Tags: - Array<tag>
│ │ + Array<TagItem> ⇐ Array<tag>
│ └ types
│ ├[~] type FindingCriteria
│ │ └ properties
│ │ ├ Criterion: - json
│ │ │ + Map<string, Condition> ⇐ json
│ │ └ ItemType: (documentation changed)
│ └[+] type TagItem
│ ├ name: TagItem
│ └ properties
│ ├Key: string (required)
│ └Value: string (required)
├[~] service aws-internetmonitor
│ └ resources
│ └[~] resource AWS::InternetMonitor::Monitor
│ └ types
│ ├[~] type InternetMeasurementsLogDelivery
│ │ └ properties
│ │ └ S3Config: (documentation changed)
│ └[~] type S3Config
│ ├ - documentation: The configuration for publishing Amazon CloudWatch Internet Monitor internet measurements to Amazon S3. The configuration includes the bucket name and (optionally) prefix for the S3 bucket to store the measurements, and the delivery status. The delivery status is `ENABLED` or `DISABLED` , depending on whether you choose to deliver internet measurements to S3 logs.
│ │ + documentation: The configuration for publishing Amazon CloudWatch Internet Monitor internet measurements to Amazon S3. The configuration includes the bucket name and (optionally) bucket prefix for the S3 bucket to store the measurements, and the delivery status. The delivery status is `ENABLED` if you choose to deliver internet measurements to S3 logs, and `DISABLED` otherwise.
│ │ The measurements are also published to Amazon CloudWatch Logs.
│ └ properties
│ ├ BucketName: (documentation changed)
│ ├ BucketPrefix: (documentation changed)
│ └ LogDeliveryStatus: (documentation changed)
├[~] service aws-ivs
│ └ resources
│ ├[~] resource AWS::IVS::Channel
│ │ └ - documentation: The `AWS::IVS::Channel` resource specifies an channel. A channel stores configuration information related to your live stream. For more information, see [CreateChannel](https://docs.aws.amazon.com/ivs/latest/APIReference/API_CreateChannel.html) in the *Amazon Interactive Video Service API Reference* .
│ │ > By default, the IVS API CreateChannel endpoint creates a stream key in addition to a channel. The Channel resource *does not* create a stream key; to create a stream key, use the StreamKey resource instead.
│ │ + documentation: The `AWS::IVS::Channel` resource specifies an channel. A channel stores configuration information related to your live stream. For more information, see [CreateChannel](https://docs.aws.amazon.com/ivs/latest/LowLatencyAPIReference/API_CreateChannel.html) in the *Amazon IVS Low-Latency Streaming API Reference* .
│ │ > By default, the IVS API CreateChannel endpoint creates a stream key in addition to a channel. The Channel resource *does not* create a stream key; to create a stream key, use the StreamKey resource instead.
│ ├[~] resource AWS::IVS::PlaybackKeyPair
│ │ └ - documentation: The `AWS::IVS::PlaybackKeyPair` resource specifies an playback key pair. uses a public playback key to validate playback tokens that have been signed with the corresponding private key. For more information, see [Setting Up Private Channels](https://docs.aws.amazon.com/ivs/latest/userguide/private-channels.html) in the *Amazon Interactive Video Service User Guide* .
│ │ + documentation: The `AWS::IVS::PlaybackKeyPair` resource specifies an playback key pair. uses a public playback key to validate playback tokens that have been signed with the corresponding private key. For more information, see [Setting Up Private Channels](https://docs.aws.amazon.com/ivs/latest/LowLatencyUserGuide/private-channels.html) in the *Amazon IVS Low-Latency Streaming User Guide* .
│ ├[~] resource AWS::IVS::RecordingConfiguration
│ │ ├ - documentation: The `AWS::IVS::RecordingConfiguration` resource specifies an recording configuration. A recording configuration enables the recording of a channel’s live streams to a data store. Multiple channels can reference the same recording configuration. For more information, see [RecordingConfiguration](https://docs.aws.amazon.com/ivs/latest/APIReference/API_RecordingConfiguration.html) in the *Amazon Interactive Video Service API Reference* .
│ │ │ + documentation: The `AWS::IVS::RecordingConfiguration` resource specifies an recording configuration. A recording configuration enables the recording of a channel’s live streams to a data store. Multiple channels can reference the same recording configuration. For more information, see [RecordingConfiguration](https://docs.aws.amazon.com/ivs/latest/LowLatencyAPIReference/API_RecordingConfiguration.html) in the *Amazon IVS Low-Latency Streaming API Reference* .
│ │ └ types
│ │ ├[~] type RenditionConfiguration
│ │ │ └ properties
│ │ │ └ Renditions: (documentation changed)
│ │ └[~] type ThumbnailConfiguration
│ │ └ properties
│ │ ├ Resolution: (documentation changed)
│ │ └ TargetIntervalSeconds: (documentation changed)
│ └[~] resource AWS::IVS::Stage
│ ├ - documentation: Resource Definition for type AWS::IVS::Stage.
│ │ + documentation: The `AWS::IVS::Stage` resource specifies an stage. A stage is a virtual space where participants can exchange video in real time. For more information, see [CreateStage](https://docs.aws.amazon.com/ivs/latest/RealTimeAPIReference/API_CreateStage.html) in the *Amazon IVS Real-Time Streaming API Reference* .
│ ├ properties
│ │ ├ Name: (documentation changed)
│ │ └ Tags: (documentation changed)
│ └ attributes
│ ├ ActiveSessionId: (documentation changed)
│ └ Arn: (documentation changed)
├[~] service aws-kendra
│ └ resources
│ └[~] resource AWS::Kendra::Faq
│ └ properties
│ └[+] LanguageCode: string
├[~] service aws-kinesisfirehose
│ └ resources
│ └[~] resource AWS::KinesisFirehose::DeliveryStream
│ ├ properties
│ │ └[+] SnowflakeDestinationConfiguration: SnowflakeDestinationConfiguration
│ └ types
│ ├[+] type SnowflakeDestinationConfiguration
│ │ ├ name: SnowflakeDestinationConfiguration
│ │ └ properties
│ │ ├AccountUrl: string (required)
│ │ ├PrivateKey: string (required)
│ │ ├KeyPassphrase: string
│ │ ├User: string (required)
│ │ ├Database: string (required)
│ │ ├Schema: string (required)
│ │ ├Table: string (required)
│ │ ├SnowflakeRoleConfiguration: SnowflakeRoleConfiguration
│ │ ├DataLoadingOption: string
│ │ ├MetaDataColumnName: string
│ │ ├ContentColumnName: string
│ │ ├SnowflakeVpcConfiguration: SnowflakeVpcConfiguration (immutable)
│ │ ├CloudWatchLoggingOptions: CloudWatchLoggingOptions
│ │ ├ProcessingConfiguration: ProcessingConfiguration
│ │ ├RoleARN: string (required)
│ │ ├RetryOptions: SnowflakeRetryOptions
│ │ ├S3BackupMode: string
│ │ └S3Configuration: S3DestinationConfiguration (required)
│ ├[+] type SnowflakeRetryOptions
│ │ ├ name: SnowflakeRetryOptions
│ │ └ properties
│ │ └DurationInSeconds: integer
│ ├[+] type SnowflakeRoleConfiguration
│ │ ├ name: SnowflakeRoleConfiguration
│ │ └ properties
│ │ ├Enabled: boolean
│ │ └SnowflakeRole: string
│ └[+] type SnowflakeVpcConfiguration
│ ├ name: SnowflakeVpcConfiguration
│ └ properties
│ └PrivateLinkVpceId: string (required)
├[~] service aws-lakeformation
│ └ resources
│ └[~] resource AWS::LakeFormation::Resource
│ └ properties
│ └ HybridAccessEnabled: (documentation changed)
├[~] service aws-networkmanager
│ └ resources
│ └[~] resource AWS::NetworkManager::Device
│ └ attributes
│ └ CreatedAt: (documentation changed)
├[~] service aws-opensearchservice
│ └ resources
│ └[~] resource AWS::OpenSearchService::Domain
│ └ types
│ ├[~] type ClusterConfig
│ │ └ properties
│ │ └ ColdStorageOptions: (documentation changed)
│ └[~] type ColdStorageOptions
│ ├ - documentation: Specifies options for cold storage. For more information, see [Cold storage for Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/cold-storage.html) .
│ │ + documentation: Container for the parameters required to enable cold storage for an OpenSearch Service domain. For more information, see [Cold storage for Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/cold-storage.html) .
│ └ properties
│ └ Enabled: (documentation changed)
├[~] service aws-route53
│ └ resources
│ └[~] resource AWS::Route53::RecordSetGroup
│ └ attributes
│ └ Id: (documentation changed)
├[~] service aws-route53resolver
│ └ resources
│ └[~] resource AWS::Route53Resolver::FirewallRuleGroup
│ └ types
│ └[~] type FirewallRule
│ └ properties
│ └[+] Qtype: string
├[~] service aws-servicecatalogappregistry
│ └ resources
│ └[~] resource AWS::ServiceCatalogAppRegistry::Application
│ └ attributes
│ ├ ApplicationTagKey: (documentation changed)
│ └ ApplicationTagValue: (documentation changed)
├[+] service aws-ssmguiconnect
│ ├ capitalized: SSMGuiConnect
│ │ cloudFormationNamespace: AWS::SSMGuiConnect
│ │ name: aws-ssmguiconnect
│ │ shortName: ssmguiconnect
│ └ resources
│ └resource AWS::SSMGuiConnect::Preferences
│ ├ name: Preferences
│ │ cloudFormationType: AWS::SSMGuiConnect::Preferences
│ │ documentation: Definition of AWS::SSMGuiConnect::Preferences Resource Type
│ ├ properties
│ │ └IdleConnection: Array<IdleConnectionPreferences>
│ ├ attributes
│ │ └AccountId: string
│ └ types
│ ├type IdleConnectionPreferences
│ │├ documentation: Idle Connection Preferences
│ ││ name: IdleConnectionPreferences
│ │└ properties
│ │ ├Timeout: IdleConnectionTimeout
│ │ └Alert: IdleConnectionAlert
│ ├type IdleConnectionTimeout
│ │├ name: IdleConnectionTimeout
│ │└ properties
│ │ ├Type: string
│ │ └Value: integer (required, default=10)
│ └type IdleConnectionAlert
│ ├ name: IdleConnectionAlert
│ └ properties
│ ├Type: string
│ └Value: integer (required, default=1)
└[~] service aws-transfer
└ resources
└[~] resource AWS::Transfer::Connector
└ types
└[~] type SftpConfig
└ properties
└ TrustedHostKeys: (documentation changed)
```
---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec`
**L1 CloudFormation resource definition changes:**
```
├[-] service amzn-sdc
│ ├ capitalized: SDC
│ │ cloudFormationNamespace: AMZN::SDC
│ │ name: amzn-sdc
│ │ shortName: sdc
│ └ resources
│ └resource AMZN::SDC::Deployment
│ ├ name: Deployment
│ │ cloudFormationType: AMZN::SDC::Deployment
│ │ documentation: Resource Type definition for AMZN::SDC::Deployment
│ ├ properties
│ │ ├ConfigName: string (required)
│ │ ├S3Bucket: string (required)
│ │ ├TargetRegionOverride: string
│ │ ├S3Key: string (required, immutable)
│ │ ├Stage: string (required)
│ │ ├PipelineId: string
│ │ └Dimension: string (required)
│ └ attributes
│ └Id: string
├[~] service aws-amazonmq
│ └ resources
│ └[~] resource AWS::AmazonMQ::Broker
│ └ types
│ └[~] type User
│ └ properties
│ └[+] ReplicationUser: boolean
├[~] service aws-backup
│ └ resources
│ └[~] resource AWS::Backup::BackupPlan
│ └ types
│ └[~] type LifecycleResourceType
│ └ properties
│ └[+] OptInToArchiveForSupportedResources: boolean
├[~] service aws-codebuild
│ └ resources
│ └[~] resource AWS::CodeBuild::Project
│ └ types
│ ├[~] type Environment
│ │ └ properties
│ │ ├ ComputeType: - string
│ │ │ + string (required)
│ │ ├[+] Fleet: ProjectFleet
│ │ └ Type: - string
│ │ + string (required)
│ └[+] type ProjectFleet
│ ├ name: ProjectFleet
│ └ properties
│ └FleetArn: string
├[-] service aws-codetest
│ ├ capitalized: CodeTest
│ │ cloudFormationNamespace: AWS::CodeTest
│ │ name: aws-codetest
│ │ shortName: codetest
│ └ resources
│ ├resource AWS::CodeTest::PersistentConfiguration
│ │├ name: PersistentConfiguration
│ ││ cloudFormationType: AWS::CodeTest::PersistentConfiguration
│ ││ documentation: Resource Type definition for AWS::CodeTest::PersistentConfiguration
│ │├ properties
│ ││ ├Version: string
│ ││ ├VpcConfig: VpcConfig
│ ││ ├Name: string (immutable)
│ ││ └ResultsRoleArn: string (required)
│ │├ attributes
│ ││ └Id: string
│ │└ types
│ │ └type VpcConfig
│ │ ├ name: VpcConfig
│ │ └ properties
│ │ ├SecurityGroupIds: Array<string>
│ │ └Subnets: Array<string>
│ └resource AWS::CodeTest::Series
│ ├ name: Series
│ │ cloudFormationType: AWS::CodeTest::Series
│ │ documentation: Resource Type definition for AWS::CodeTest::Series
│ ├ properties
│ │ ├PersistentConfigurationId: string (required, immutable)
│ │ ├RunDefinition: json (required)
│ │ ├State: string (required)
│ │ └Name: string (immutable)
│ └ attributes
│ └Id: string
├[~] service aws-elasticache
│ └ resources
│ └[~] resource AWS::ElastiCache::ServerlessCache
│ ├ attributes
│ │ ├ Endpoint.Port: - integer ⇐ string
│ │ │ + string
│ │ └ ReaderEndpoint.Port: - integer ⇐ string
│ │ + string
│ └ types
│ └[~] type Endpoint
│ └ properties
│ └ Port: - integer ⇐ string
│ + string
├[~] service aws-guardduty
│ └ resources
│ └[~] resource AWS::GuardDuty::Filter
└[~] service aws-iot
└ resources
└[~] resource AWS::IoT::FleetMetric
└ attributes
├ CreationDate: - number
│ + string ⇐ number
└ LastModifiedDate: - number
+ string ⇐ number
```
aws-cdk-automation
added
auto-approve
pr/no-squash
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
|
Thank you for contributing! Your pull request will be automatically updated and merged without squashing (do not update manually, and be sure to allow changes to be pushed to your fork). |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See CHANGELOG