chore(release): 2.223.0 #35993
Merged
chore(release): 2.223.0 #35993
+158,894
−102,630
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### Issue # (if applicable) N/A ### Reason for this change `onEvent()` has a lot of options other than description e.g. `ruleName` `detail` etc.. The old code didn't pass those values to rule, so it will never be propagated properly, so the consumer of this method will think that we're respecting their options, but in real we're discarding it. ### Description of changes Creating the rule first with all the options so all the options from the consumer get propagated properly to the rule, then add the specific things that you want. ### Describe any new or updated permissions being added N/A ### Description of how you validated changes Add unit tests ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
… and alpha integration test packages (#35934) ### Issue # (if applicable) ### Reason for this change The deployment integ test does not find snapshots of alpha packages. See this log: https://github.com/aws/aws-cdk/actions/runs/18824890075/job/53705955618?pr=35705#step:13:382 This was due to the fact that only integration test for stable packages where build and not for alpha packages. ### Description of changes The change should build integration test for both alpha and stable packages. ### Describe any new or updated permissions being added ### Description of how you validated changes Test run: https://github.com/Abogical/aws-cdk/actions/runs/19066544528/job/54458557618 ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…instead of title (#35886) ### Reason for this change The Auto Enum Updater action is failing because it attempts to create a new PR when there's already an existing PR with identical changes. The workflow should handle this scenario by closing the existing PR and creating a new one, but this functionality appears to be broken. - Failed Job URL: https://github.com/aws/aws-cdk/actions/runs/18874502066/job/53878253437 - Workflow: `.github/workflows/enum-auto-updater.yml` The issue is that when the workflow trying to find existing pr with `--search $}{tittle}`, it's not working. ### Description of changes Instead of listing the existing pr using `--search`, this change lists the pr using `--base` and `--head`. ### Description of how you validated changes The workflow has been tested in fork. - Job: https://github.com/abidhasan-aws/aws-cdk/actions/runs/18906468702/job/53965818347 ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Reason for this change Routing through Cloud WAN Core Network ### Description of changes Added Core Network to RouterType enum, updated typeToParameter function, updated tests. ### Describe any new or updated permissions being added None ### Description of how you validated changes Updated and ran the tests. C ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) None ### Reason for this change Removed unnecessary commit information that was directly written in the README. ### Description of changes ```diff - >>>>>>> 39ec36e (feat(codebuild): add custom instance type and VPC to Fleets) ``` ### Describe any new or updated permissions being added None ### Description of how you validated changes None ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable)
N/A - Minor typo fixes
### Reason for this change
Fixed typos in code comments that had duplicate words ("the the").
### Description of changes
Corrected two instances of "the the" to "the" in:
- `packages/aws-cdk-lib/aws-events/lib/rule.ts` (line 225)
- `packages/aws-cdk-lib/aws-events-targets/lib/log-group.ts` (line 40)
### Describe any new or updated permissions being added
N/A - No permission changes
### Description of how you validated changes
Manual review of the changes. No functional code was modified, only comments.
### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)
----
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 5 to 6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/download-artifact/releases">actions/download-artifact's releases</a>.</em></p> <blockquote> <h2>v6.0.0</h2> <h2>What's Changed</h2> <p><strong>BREAKING CHANGE:</strong> this update supports Node <code>v24.x</code>. This is not a breaking change per-se but we're treating it as such.</p> <ul> <li>Update README for download-artifact v5 changes by <a href="https://github.com/yacaovsnc"><code>@yacaovsnc</code></a> in <a href="https://github.com/actions/download-artifact/pull/417">actions/download-artifact#417</a></li> <li>Update README with artifact extraction details by <a href="https://github.com/yacaovsnc"><code>@yacaovsnc</code></a> in <a href="https://github.com/actions/download-artifact/pull/424">actions/download-artifact#424</a></li> <li>Readme: spell out the first use of GHES by <a href="https://github.com/danwkennedy"><code>@danwkennedy</code></a> in <a href="https://github.com/actions/download-artifact/pull/431">actions/download-artifact#431</a></li> <li>Bump <code>@actions/artifact</code> to <code>v4.0.0</code></li> <li>Prepare <code>v6.0.0</code> by <a href="https://github.com/danwkennedy"><code>@danwkennedy</code></a> in <a href="https://github.com/actions/download-artifact/pull/438">actions/download-artifact#438</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/danwkennedy"><code>@danwkennedy</code></a> made their first contribution in <a href="https://github.com/actions/download-artifact/pull/431">actions/download-artifact#431</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/download-artifact/compare/v5...v6.0.0">https://github.com/actions/download-artifact/compare/v5...v6.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/download-artifact/commit/018cc2cf5baa6db3ef3c5f8a56943fffe632ef53"><code>018cc2c</code></a> Merge pull request <a href="https://github.com/actions/download-artifact/issues/438">#438</a> from actions/danwkennedy/prepare-6.0.0</li> <li><a href="https://github.com/actions/download-artifact/commit/815651c680ffe1c95719d0ed08aba1a2f9d5c177"><code>815651c</code></a> Revert "Remove <code>github.dep.yml</code>"</li> <li><a href="https://github.com/actions/download-artifact/commit/bb3a066a8babc8ed7b3e4218896c548fe34e7115"><code>bb3a066</code></a> Remove <code>github.dep.yml</code></li> <li><a href="https://github.com/actions/download-artifact/commit/fa1ce46bbd11b8387539af12741055a76dfdf804"><code>fa1ce46</code></a> Prepare <code>v6.0.0</code></li> <li><a href="https://github.com/actions/download-artifact/commit/4a24838f3d5601fd639834081e118c2995d51e1c"><code>4a24838</code></a> Merge pull request <a href="https://github.com/actions/download-artifact/issues/431">#431</a> from danwkennedy/patch-1</li> <li><a href="https://github.com/actions/download-artifact/commit/5e3251c4ff5a32e4cf8dd4adaee0e692365237ae"><code>5e3251c</code></a> Readme: spell out the first use of GHES</li> <li><a href="https://github.com/actions/download-artifact/commit/abefc31eafcfbdf6c5336127c1346fdae79ff41c"><code>abefc31</code></a> Merge pull request <a href="https://github.com/actions/download-artifact/issues/424">#424</a> from actions/yacaovsnc/update_readme</li> <li><a href="https://github.com/actions/download-artifact/commit/ac43a6070aa7db8a41e756e7a2846221edca7027"><code>ac43a60</code></a> Update README with artifact extraction details</li> <li><a href="https://github.com/actions/download-artifact/commit/de96f4613b77ec03b5cf633e7c350c32bd3c5660"><code>de96f46</code></a> Merge pull request <a href="https://github.com/actions/download-artifact/issues/417">#417</a> from actions/yacaovsnc/update_readme</li> <li><a href="https://github.com/actions/download-artifact/commit/7993cb44e9052f2f08f9b828ae5ef3ecca7d2ac7"><code>7993cb4</code></a> Remove migration guide for artifact download changes</li> <li>Additional commits viewable in <a href="https://github.com/actions/download-artifact/compare/v5...v6">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
…33233) ### Issue 33229 closes #33229 ### Reason for this change The `BucketDeployment` construct in AWS CDK allows deploying assets to S3 buckets, often requiring a Lambda function to perform the deployment. Currently, users can specify a **custom VPC** via `BucketDeploymentProps`, ensuring the deployment happens within a restricted network. However, many organizations require more granular network security control. While specifying a VPC is helpful, **allowing custom security groups** would enable teams to define specific ingress/egress rules, meeting stricter compliance and security requirements. ### Description of changes - **Updated `BucketDeploymentProps`** to include an optional `securityGroups?: ec2.ISecurityGroup[]` property. - **Modified `BucketDeployment` constructor** to pass `securityGroups` to the Lambda function. - **Ensured backward compatibility** by keeping `securityGroups` optional. - **Updated README** to include guidance on setting ``vpc``, ``vpcSubnets``, and ``securityGroups`` parameters. - **Testing** has been implemented at a unit test and integration test level for all new logic.. - **Improved** unit testing patterns through all other unit tests in this module. ### Describe any new or updated permissions being added N/A ### Description of how you validated changes Added unit tests to the relevant code modules to cover feature usage. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…BuildFlags and commandHooks (#35830) ### Issue # (if applicable) Closes #<issue number here>. ### Reason for this change In the @aws-cdk/aws-lambda-go-alpha package, user-controlled inputs in `goBuildFlags` and `commandHooks` parameters are executed directly in shell commands. This creates a potential command injection vulnerability that allows malicious CDK templates to execute arbitrary commands during cdk synth or cdk deploy on developer machines and CI/CD systems. ### Description of changes This change adds security warnings for `commandHooks` and `goBuildFlags` parameters to alert users about potential command injection risks during bundling. The implementation uses CDK annotations to display standardized warnings when these potentially unsafe bundling options are used. The solution provides consistent security education through CDK's built-in warning system, alerting users whenever `goBuildFlags` or `commandHooks` are specified without blocking execution. This maintains full backward compatibility while ensuring users are aware of security implications. Documentation has been updated with security warnings in JSDoc comments and README, including cross-platform examples and third-party construct safety guidelines. ### Describe any new or updated permissions being added NA ### Description of how you validated changes Added new unit tests ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This PR updates the enum values for codebuild.
The `spec2cdk` tool was originally written to generate every service submodule insularly.
We want to now extend it to emit structures into a new shared submodule. In order to do that, this refactors the generator to have a more shared, mutable object-oriented design which will be easier to share state in.
The core of the change looks like this:
```ts
// Old
for (const service of services) {
const module = AstBuilder.forService(service);
const writer = new TsFileWriter();
writer.write(module);
}
// New
const ast = new AstBuilder();
for (const service of service) {
ast.addService(service);
}
const writer = new TsFileWriter();
ast.writeAll(writer);
```
* Make the API based more around mutable objects with shared state.
* Remove the specific `ServiceModule`, `ResourceModule` classes, because they were adding no benefit over the generic `Module`.
* Simplify the API around file name patterns, because they were being overly flexible and annoying to work with for no real benefit.
----
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable)
Closes #<issue number here>.
### Reason for this change
In some languages for which jsii cannot properly generate unions like Go, if a user passes the wrong property (i.e an `ILayerRef` instead of an `IRoleRef`), the error message will be unclear:
```
panic: ValidationError: Resolution error: Resolution error: Trying to resolve() a Construct at /Resources/${Token[GoAppStack.SampleFunction.LogicalID.139]}/Properties/role/node..
```
### Description of changes
Add a check to ensure that all unions have been resolved to a string and throw an error if not, at runtime it will look like:
```
panic: TypeError: Property role should be one of iam.IRoleRef | string
```
### Description of how you validated changes
Ran locally, updated snapshot tests. Unit test will be added once the relationships are enabled for `lambda`.
### Checklist
- [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)
----
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) None ### Reason for this change Fixed issues where the README format did not comply with the rules. ### Description of changes - remove unnecessary decorator (`@required`) - modify `@default` description ### Describe any new or updated permissions being added None ### Description of how you validated changes None ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Reason for this change https://aws.amazon.com/about-aws/whats-new/2025/11/memory-optimized-amazon-ec2-r8a-instances/ ### Description of changes Add r8a instance class ### Description of how you validated changes ```console $ aws ec2 describe-instance-types \ --filters "Name=instance-type,Values=r8a.*" \ --query "InstanceTypes[].InstanceType" \ --output table ----------------------- |DescribeInstanceTypes| +---------------------+ | r8a.large | | r8a.2xlarge | | r8a.medium | | r8a.8xlarge | | r8a.48xlarge | | r8a.metal-24xl | | r8a.metal-48xl | | r8a.xlarge | | r8a.12xlarge | | r8a.24xlarge | | r8a.16xlarge | | r8a.4xlarge | +---------------------+ ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) Relates #32569 ### Reason for this change Throw typed errors everywhere. ### Description of changes - add typed error for neptune alpha module ### Describe any new or updated permissions being added n/a ### Description of how you validated changes Existing tests. Exemptions granted as this is a refactor of existing code. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…age selection (#35834) ### Issue # (if applicable) Close #35403 ### Reason for this change - Incorrect template when using StateMachine JSONPath with DistributedMap's ResultWriter with JSONata - Streamline JSONata migration. Without this fix, the only workaround is switching entire StateMachine to JSONata, requiring too much change. ### Description of changes - DistributedMap add query language validation - DistributedMap ResultWriter correct query language selection ### Description of how you validated changes Unit + Integ ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec` **L1 CloudFormation resource definition changes:** ``` ├[~] service aws-amazonmq │ └ resources │ ├[~] resource AWS::AmazonMQ::Broker │ │ ├ - documentation: A *broker* is a message broker environment running on Amazon MQ . It is the basic building block of Amazon MQ . │ │ │ The `AWS::AmazonMQ::Broker` resource lets you create Amazon MQ for ActiveMQ and Amazon MQ for RabbitMQ brokers, add configuration changes or modify users for a speified ActiveMQ broker, return information about the specified broker, and delete the broker. For more information, see [How Amazon MQ works](https://docs.aws.amazon.com//amazon-mq/latest/developer-guide/amazon-mq-how-it-works.html) in the *Amazon MQ Developer Guide* . │ │ │ - `ec2:CreateNetworkInterface` │ │ │ This permission is required to allow Amazon MQ to create an elastic network interface (ENI) on behalf of your account. │ │ │ - `ec2:CreateNetworkInterfacePermission` │ │ │ This permission is required to attach the ENI to the broker instance. │ │ │ - `ec2:DeleteNetworkInterface` │ │ │ - `ec2:DeleteNetworkInterfacePermission` │ │ │ - `ec2:DetachNetworkInterface` │ │ │ - `ec2:DescribeInternetGateways` │ │ │ - `ec2:DescribeNetworkInterfaces` │ │ │ - `ec2:DescribeNetworkInterfacePermissions` │ │ │ - `ec2:DescribeRouteTables` │ │ │ - `ec2:DescribeSecurityGroups` │ │ │ - `ec2:DescribeSubnets` │ │ │ - `ec2:DescribeVpcs` │ │ │ + documentation: Creates a broker. Note: This API is asynchronous. │ │ │ To create a broker, you must either use the `AmazonMQFullAccess` IAM policy or include the following EC2 permissions in your IAM policy. │ │ │ - `ec2:CreateNetworkInterface` │ │ │ This permission is required to allow Amazon MQ to create an elastic network interface (ENI) on behalf of your account. │ │ │ - `ec2:CreateNetworkInterfacePermission` │ │ │ This permission is required to attach the ENI to the broker instance. │ │ │ - `ec2:DeleteNetworkInterface` │ │ │ - `ec2:DeleteNetworkInterfacePermission` │ │ │ - `ec2:DetachNetworkInterface` │ │ │ - `ec2:DescribeInternetGateways` │ │ │ - `ec2:DescribeNetworkInterfaces` │ │ │ - `ec2:DescribeNetworkInterfacePermissions` │ │ │ - `ec2:DescribeRouteTables` │ │ │ - `ec2:DescribeSecurityGroups` │ │ │ - `ec2:DescribeSubnets` │ │ │ - `ec2:DescribeVpcs` │ │ │ For more information, see [Create an IAM User and Get Your AWS Credentials](https://docs.aws.amazon.com//amazon-mq/latest/developer-guide/amazon-mq-setting-up.html#create-iam-user) and [Never Modify or Delete the Amazon MQ Elastic Network Interface](https://docs.aws.amazon.com//amazon-mq/latest/developer-guide/connecting-to-amazon-mq.html#never-modify-delete-elastic-network-interface) in the *Amazon MQ Developer Guide* . │ │ ├ properties │ │ │ ├ AutoMinorVersionUpgrade: (documentation changed) │ │ │ ├ BrokerName: (documentation changed) │ │ │ ├ Configuration: (documentation changed) │ │ │ ├ DeploymentMode: (documentation changed) │ │ │ ├ EncryptionOptions: (documentation changed) │ │ │ ├ EngineType: (documentation changed) │ │ │ ├ EngineVersion: (documentation changed) │ │ │ ├ HostInstanceType: (documentation changed) │ │ │ ├ MaintenanceWindowStartTime: (documentation changed) │ │ │ ├ PubliclyAccessible: (documentation changed) │ │ │ ├ SubnetIds: (documentation changed) │ │ │ ├ Tags: (documentation changed) │ │ │ └ Users: (documentation changed) │ │ ├ attributes │ │ │ └ Id: (documentation changed) │ │ └ types │ │ ├[~] type ConfigurationId │ │ │ ├ - documentation: A list of information about the configuration. │ │ │ │ > Does not apply to RabbitMQ brokers. │ │ │ │ + documentation: A list of information about the configuration. │ │ │ └ properties │ │ │ └ Id: (documentation changed) │ │ ├[~] type EncryptionOptions │ │ │ └ - documentation: Encryption options for the broker. │ │ │ > Does not apply to RabbitMQ brokers. │ │ │ + documentation: Encryption options for the broker. │ │ ├[~] type LdapServerMetadata │ │ │ ├ - documentation: Optional. The metadata of the LDAP server used to authenticate and authorize connections to the broker. │ │ │ │ > Does not apply to RabbitMQ brokers. │ │ │ │ + documentation: Optional. The metadata of the LDAP server used to authenticate and authorize connections to the broker. Does not apply to RabbitMQ brokers. │ │ │ └ properties │ │ │ ├ Hosts: (documentation changed) │ │ │ ├ RoleBase: (documentation changed) │ │ │ ├ RoleName: (documentation changed) │ │ │ ├ RoleSearchMatching: (documentation changed) │ │ │ ├ RoleSearchSubtree: (documentation changed) │ │ │ ├ ServiceAccountPassword: (documentation changed) │ │ │ ├ ServiceAccountUsername: (documentation changed) │ │ │ ├ UserBase: (documentation changed) │ │ │ ├ UserRoleName: (documentation changed) │ │ │ ├ UserSearchMatching: (documentation changed) │ │ │ └ UserSearchSubtree: (documentation changed) │ │ ├[~] type MaintenanceWindow │ │ │ ├ - documentation: The parameters that determine the `WeeklyStartTime` to apply pending updates or patches to the broker. │ │ │ │ + documentation: The parameters that determine the WeeklyStartTime. │ │ │ └ properties │ │ │ ├ DayOfWeek: (documentation changed) │ │ │ └ TimeOfDay: (documentation changed) │ │ ├[~] type TagsEntry │ │ │ ├ - documentation: A key-value pair to associate with the broker. │ │ │ │ + documentation: Create tags when creating the broker. │ │ │ └ properties │ │ │ ├ Key: (documentation changed) │ │ │ └ Value: (documentation changed) │ │ └[~] type User │ │ ├ - documentation: The list of broker users (persons or applications) who can access queues and topics. For Amazon MQ for RabbitMQ brokers, one and only one administrative user is accepted and created when a broker is first provisioned. All subsequent broker users are created via the RabbitMQ web console or by using the RabbitMQ management API. │ │ │ + documentation: The list of broker users (persons or applications) who can access queues and topics. For Amazon MQ for RabbitMQ brokers, one and only one administrative user is accepted and created when a broker is first provisioned. All subsequent broker users are created by making RabbitMQ API calls directly to brokers or via the RabbitMQ web console. │ │ │ When OAuth 2.0 is enabled, the broker accepts one or no users. │ │ └ properties │ │ ├ ConsoleAccess: (documentation changed) │ │ ├ Password: (documentation changed) │ │ └ Username: (documentation changed) │ ├[~] resource AWS::AmazonMQ::Configuration │ │ ├ - documentation: Creates a new configuration for the specified configuration name. Amazon MQ uses the default configuration (the engine type and version). │ │ │ > Does not apply to RabbitMQ brokers. │ │ │ + documentation: Creates a new configuration for the specified configuration name. Amazon MQ uses the default configuration (the engine type and version). │ │ ├ properties │ │ │ ├ Data: (documentation changed) │ │ │ ├ EngineType: (documentation changed) │ │ │ ├ EngineVersion: (documentation changed) │ │ │ └ Name: (documentation changed) │ │ └ types │ │ └[~] type TagsEntry │ │ ├ - documentation: A key-value pair to associate with the configuration. │ │ │ + documentation: The list of all tags associated with this configuration. │ │ └ properties │ │ ├ Key: (documentation changed) │ │ └ Value: (documentation changed) │ └[~] resource AWS::AmazonMQ::ConfigurationAssociation │ ├ - documentation: Use the AWS CloudFormation `AWS::AmazonMQ::ConfigurationAssociation` resource to associate a configuration with a broker, or return information about the specified ConfigurationAssociation. Only use one per broker, and don't use a configuration on the broker resource if you have associated a configuration with that broker. │ │ > Does not apply to RabbitMQ brokers. │ │ + documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-amazonmq-configurationassociation.html │ ├ properties │ │ ├ Broker: (documentation changed) │ │ └ Configuration: (documentation changed) │ └ types │ └[~] type ConfigurationId │ ├ - documentation: The `ConfigurationId` property type specifies a configuration Id and the revision of a configuration. │ │ + documentation: A list of information about the configuration. │ └ properties │ └ Id: (documentation changed) ├[~] service aws-batch │ └ resources │ └[~] resource AWS::Batch::JobDefinition │ ├ properties │ │ └[+] ResourceRetentionPolicy: ResourceRetentionPolicy │ └ types │ └[+] type ResourceRetentionPolicy │ ├ name: ResourceRetentionPolicy │ └ properties │ └ SkipDeregisterOnUpdate: boolean (default=false) ├[~] service aws-bedrock │ └ resources │ └[~] resource AWS::Bedrock::AutomatedReasoningPolicy │ ├ properties │ │ ├[+] ForceDelete: boolean (default=false, immutable) │ │ └[+] KmsKeyId: string (immutable) │ └ attributes │ └[+] KmsKeyArn: string ├[~] service aws-billingconductor │ └ resources │ └[~] resource AWS::BillingConductor::CustomLineItem │ ├ properties │ │ ├[+] ComputationRule: string (immutable) │ │ └[+] PresentationDetails: PresentationDetails (immutable) │ └ types │ └[+] type PresentationDetails │ ├ name: PresentationDetails │ └ properties │ └ Service: string (required) ├[~] service aws-cloudfront │ └ resources │ ├[~] resource AWS::CloudFront::Distribution │ │ └ types │ │ └[~] type VpcOriginConfig │ │ └ properties │ │ └[+] OwnerAccountId: string │ └[~] resource AWS::CloudFront::VpcOrigin │ └ attributes │ └[+] AccountId: string ├[~] service aws-connect │ └ resources │ └[~] resource AWS::Connect::EmailAddress │ ├ properties │ │ └[+] AliasConfigurations: Array<AliasConfiguration> │ └ types │ └[+] type AliasConfiguration │ ├ documentation: Configuration information of an email alias. │ │ name: AliasConfiguration │ └ properties │ └ EmailAddressArn: string (required) ├[~] service aws-connectcampaignsv2 │ └ resources │ └[~] resource AWS::ConnectCampaignsV2::Campaign │ └ types │ ├[+] type PreviewConfig │ │ ├ documentation: Contains preview outbound mode configuration. │ │ │ name: PreviewConfig │ │ └ properties │ │ ├ BandwidthAllocation: number (required) │ │ ├ TimeoutConfig: TimeoutConfig (required) │ │ └ AgentActions: Array<string> │ ├[~] type TelephonyOutboundMode │ │ └ properties │ │ └[+] PreviewConfig: PreviewConfig │ └[+] type TimeoutConfig │ ├ documentation: Contains preview outbound mode timeout configuration. │ │ name: TimeoutConfig │ └ properties │ └ DurationInSeconds: integer ├[~] service aws-datazone │ └ resources │ └[~] resource AWS::DataZone::Connection │ ├ properties │ │ ├[+] EnableTrustedIdentityPropagation: boolean (immutable) │ │ ├ EnvironmentIdentifier: - string (required, immutable) │ │ │ + string (immutable) │ │ └[+] ProjectIdentifier: string (immutable) │ └ types │ ├[~] type ConnectionPropertiesInput │ │ └ properties │ │ └[+] S3Properties: S3PropertiesInput │ └[+] type S3PropertiesInput │ ├ documentation: S3 Properties Input │ │ name: S3PropertiesInput │ └ properties │ ├ S3Uri: string (required) │ └ S3AccessGrantLocationId: string ├[~] service aws-dynamodb │ └ resources │ ├[~] resource AWS::DynamoDB::GlobalTable │ │ └ properties │ │ ├[-] GlobalTableSettingsReplicationMode: string │ │ └[-] GlobalTableSourceArn: string (immutable) │ └[~] resource AWS::DynamoDB::Table │ └ properties │ └[-] GlobalTableSettingsReplicationMode: string ├[~] service aws-ec2 │ └ resources │ ├[+] resource AWS::EC2::CapacityManagerDataExport │ │ ├ name: CapacityManagerDataExport │ │ │ cloudFormationType: AWS::EC2::CapacityManagerDataExport │ │ │ documentation: Creates a new data export configuration for EC2 Capacity Manager. This allows you to automatically export capacity usage data to an S3 bucket on a scheduled basis. The exported data includes metrics for On-Demand, Spot, and Capacity Reservations usage across your organization. │ │ │ tagInformation: {"tagPropertyName":"Tags","variant":"standard"} │ │ ├ properties │ │ │ ├ S3BucketName: string (required, immutable) │ │ │ ├ S3BucketPrefix: string (immutable) │ │ │ ├ Schedule: string (required, immutable) │ │ │ ├ OutputFormat: string (required, immutable) │ │ │ └ Tags: Array<tag> │ │ └ attributes │ │ └ CapacityManagerDataExportId: string │ ├[~] resource AWS::EC2::NatGateway │ │ └ attributes │ │ └ EniId: (documentation changed) │ └[~] resource AWS::EC2::Volume │ └ properties │ ├ AvailabilityZone: - string (required) │ │ + string │ ├[+] AvailabilityZoneId: string │ └[+] SourceVolumeId: string ├[~] service aws-ecs │ └ resources │ └[~] resource AWS::ECS::Service │ └ types │ ├[+] type CanaryConfiguration │ │ ├ name: CanaryConfiguration │ │ └ properties │ │ ├ CanaryPercent: number │ │ └ CanaryBakeTimeInMinutes: integer │ ├[~] type DeploymentConfiguration │ │ └ properties │ │ ├[+] CanaryConfiguration: CanaryConfiguration │ │ └[+] LinearConfiguration: LinearConfiguration │ ├[+] type LinearConfiguration │ │ ├ name: LinearConfiguration │ │ └ properties │ │ ├ StepBakeTimeInMinutes: integer │ │ └ StepPercent: number │ ├[+] type ServiceConnectAccessLogConfiguration │ │ ├ name: ServiceConnectAccessLogConfiguration │ │ └ properties │ │ ├ Format: string (required) │ │ └ IncludeQueryParameters: string │ └[~] type ServiceConnectConfiguration │ └ properties │ └[+] AccessLogConfiguration: ServiceConnectAccessLogConfiguration ├[~] service aws-eks │ └ resources │ └[~] resource AWS::EKS::Nodegroup │ └ types │ ├[~] type NodeRepairConfig │ │ └ properties │ │ ├[+] MaxParallelNodesRepairedCount: integer │ │ ├[+] MaxParallelNodesRepairedPercentage: integer │ │ ├[+] MaxUnhealthyNodeThresholdCount: integer │ │ ├[+] MaxUnhealthyNodeThresholdPercentage: integer │ │ └[+] NodeRepairConfigOverrides: Array<NodeRepairConfigOverrides> │ └[+] type NodeRepairConfigOverrides │ ├ documentation: Specify granular overrides for specific repair actions. These overrides control the repair action and the repair delay time before a node is considered eligible for repair. If you use this, you must specify all the values. │ │ name: NodeRepairConfigOverrides │ └ properties │ ├ NodeMonitoringCondition: string │ ├ NodeUnhealthyReason: string │ ├ MinRepairWaitTimeMins: integer │ └ RepairAction: string ├[~] service aws-elasticloadbalancingv2 │ └ resources │ └[~] resource AWS::ElasticLoadBalancingV2::ListenerRule │ └ types │ ├[~] type RewriteConfig │ │ ├ - documentation: undefined │ │ │ + documentation: Information about a rewrite transform. This transform matches a pattern and replaces it with the specified string. │ │ └ properties │ │ ├ Regex: (documentation changed) │ │ └ Replace: (documentation changed) │ ├[~] type RuleCondition │ │ └ properties │ │ └ RegexValues: (documentation changed) │ └[~] type Transform │ └ properties │ └ Type: (documentation changed) ├[~] service aws-events │ └ resources │ ├[~] resource AWS::Events::ApiDestination │ │ └ attributes │ │ └ ArnForPolicy: (documentation changed) │ ├[~] resource AWS::Events::Connection │ │ └ attributes │ │ └ ArnForPolicy: (documentation changed) │ └[~] resource AWS::Events::EventBusPolicy │ ├ properties │ │ ├ Condition: (documentation changed) │ │ └ Principal: (documentation changed) │ ├ attributes │ │ └[-] Id: string │ └ types │ └[~] type Condition │ ├ - documentation: A JSON string which you can use to limit the event bus permissions you are granting to only accounts that fulfill the condition. Currently, the only supported condition is membership in a certain AWS organization. The string must contain `Type` , `Key` , and `Value` fields. The `Value` field specifies the ID of the AWS organization. Following is an example value for `Condition` : │ │ `'{"Type" : "StringEquals", "Key": "aws:PrincipalOrgID", "Value": "o-1234567890"}'` │ │ + documentation: This parameter enables you to limit the permission to accounts that fulfill a certain condition, such as being a member of a certain AWS organization. │ └ properties │ ├ Key: (documentation changed) │ ├ Type: (documentation changed) │ └ Value: (documentation changed) ├[~] service aws-fsx │ └ resources │ └[~] resource AWS::FSx::FileSystem │ └ types │ └[~] type OntapConfiguration │ └ properties │ └[+] EndpointIpv6AddressRange: string ├[~] service aws-guardduty │ └ resources │ └[~] resource AWS::GuardDuty::TrustedEntitySet │ └ - documentation: The `AWS::GuardDuty::TrustedEntitySet` resource helps you create a list of IP addresses and domain names that you can use for secure communication with your AWS infrastructure and applications. Once you activate this list, GuardDuty will not generate findings when there is an activity associated with these safe IP addresses and domain names. At any given time, you can have only one trusted entity set. │ Only the users of the GuardDuty administrator account can manage the entity sets. These settings automatically apply member accounts. │ + documentation: Creates a new trusted entity set. In the trusted entity set, you can provide IP addresses and domains that you believe are secure for communication in your AWS environment. GuardDuty will not generate findings for the entries that are specified in a trusted entity set. At any given time, you can have only one trusted entity set. │ Only users of the administrator account can manage the entity sets, which automatically apply to member accounts. ├[~] service aws-iam │ └ resources │ └[~] resource AWS::IAM::Policy │ └ - documentation: Adds or updates an inline policy document that is embedded in the specified IAM group, user or role. │ An IAM user can also have a managed policy attached to it. For information about policies, see [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide* . │ The Groups, Roles, and Users properties are optional. However, you must specify at least one of these properties. │ For information about policy documents see [Creating IAM policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html) in the *IAM User Guide* . │ For information about limits on the number of inline policies that you can embed in an identity, see [Limitations on IAM Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *IAM User Guide* . │ > This resource does not support [drift detection](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html) . The following inline policy resource types support drift detection: │ > │ > - [`AWS::IAM::GroupPolicy`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-grouppolicy.html) │ > - [`AWS::IAM::RolePolicy`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-rolepolicy.html) │ > - [`AWS::IAM::UserPolicy`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-userpolicy.html) │ + documentation: Adds or updates an inline policy document that is embedded in the specified IAM group, user or role. │ An IAM user can also have a managed policy attached to it. For information about policies, see [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide* . │ The Groups, Roles, and Users properties are optional. However, you must specify at least one of these properties. │ For information about policy documents, see [Creating IAM policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html) in the *IAM User Guide* . │ For information about limits on the number of inline policies that you can embed in an identity, see [Limitations on IAM Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *IAM User Guide* . │ > This resource does not support [drift detection](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html) . The following inline policy resource types support drift detection: │ > │ > - [`AWS::IAM::GroupPolicy`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-grouppolicy.html) │ > - [`AWS::IAM::RolePolicy`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-rolepolicy.html) │ > - [`AWS::IAM::UserPolicy`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-userpolicy.html) ├[~] service aws-imagebuilder │ └ resources │ ├[~] resource AWS::ImageBuilder::Image │ │ ├ properties │ │ │ ├[+] DeletionSettings: DeletionSettings │ │ │ └[+] ImagePipelineExecutionSettings: ImagePipelineExecutionSettings │ │ └ types │ │ ├[+] type DeletionSettings │ │ │ ├ documentation: The deletion settings of the image, indicating whether to delete the underlying resources in addition to the image. │ │ │ │ name: DeletionSettings │ │ │ └ properties │ │ │ └ ExecutionRole: string (required) │ │ └[+] type ImagePipelineExecutionSettings │ │ ├ documentation: The settings for starting an image pipeline execution. │ │ │ name: ImagePipelineExecutionSettings │ │ └ properties │ │ ├ DeploymentId: string │ │ └ OnUpdate: boolean │ └[~] resource AWS::ImageBuilder::ImagePipeline │ └ attributes │ └[+] DeploymentId: string ├[~] service aws-iotwireless │ └ resources │ └[~] resource AWS::IoTWireless::WirelessDeviceImportTask │ └ - arnTemplate: arn:${Partition}:iotwireless:${Region}:${Account}:WirelessDeviceImportTask/${WirelessDeviceImportTaskId} │ + arnTemplate: arn:${Partition}:iotwireless:${Region}:${Account}:ImportTask/${ImportTaskId} ├[~] service aws-lambda │ └ resources │ ├[~] resource AWS::Lambda::EventInvokeConfig │ │ └ types │ │ ├[~] type OnFailure │ │ │ └ properties │ │ │ └ Destination: (documentation changed) │ │ └[~] type OnSuccess │ │ └ properties │ │ └ Destination: (documentation changed) │ └[~] resource AWS::Lambda::EventSourceMapping │ └ types │ └[~] type OnFailure │ └ properties │ └ Destination: (documentation changed) ├[~] service aws-mediapackagev2 │ └ resources │ └[~] resource AWS::MediaPackageV2::OriginEndpoint │ ├ properties │ │ └[+] MssManifests: Array<MssManifestConfiguration> │ ├ attributes │ │ └[+] MssManifestUrls: Array<string> │ └ types │ ├[~] type EncryptionMethod │ │ └ properties │ │ └[+] IsmEncryptionMethod: string │ └[+] type MssManifestConfiguration │ ├ documentation: <p>Configuration details for a Microsoft Smooth Streaming (MSS) manifest associated with an origin endpoint. This includes all the settings and properties that define how the MSS content is packaged and delivered.</p> │ │ name: MssManifestConfiguration │ └ properties │ ├ ManifestName: string (required) │ ├ FilterConfiguration: FilterConfiguration │ ├ ManifestWindowSeconds: integer │ └ ManifestLayout: string ├[~] service aws-networkfirewall │ └ resources │ ├[~] resource AWS::NetworkFirewall::Firewall │ │ └ attributes │ │ └[+] TransitGatewayAttachmentId: string │ ├[~] resource AWS::NetworkFirewall::FirewallPolicy │ │ └ types │ │ └[~] type FirewallPolicy │ │ └ properties │ │ └[+] EnableTLSSessionHolding: boolean │ └[~] resource AWS::NetworkFirewall::RuleGroup │ └ - arnTemplate: arn:${Partition}:network-firewall:${Region}:${Account}:stateful-rulegroup/${Name} │ + arnTemplate: arn:${Partition}:network-firewall:${Region}:${Account}:stateless-rulegroup/${Name} ├[~] service aws-observabilityadmin │ └ resources │ ├[~] resource AWS::ObservabilityAdmin::OrganizationCentralizationRule │ │ └ - arnTemplate: arn:${Partition}:observabilityadmin:${Region}:${Account}:organization-centralization-rule:${CentralizationRuleName} │ │ + arnTemplate: arn:${Partition}:observabilityadmin:${Region}:${Account}:organization-centralization-rule/${CentralizationRuleName} │ ├[~] resource AWS::ObservabilityAdmin::OrganizationTelemetryRule │ │ └ - arnTemplate: arn:${Partition}:observabilityadmin:${Region}:${Account}:organization-telemetry-rule:${TelemetryRuleName} │ │ + arnTemplate: arn:${Partition}:observabilityadmin:${Region}:${Account}:organization-telemetry-rule/${TelemetryRuleName} │ └[~] resource AWS::ObservabilityAdmin::TelemetryRule │ └ - arnTemplate: arn:${Partition}:observabilityadmin:${Region}:${Account}:telemetry-rule:${TelemetryRuleName} │ + arnTemplate: arn:${Partition}:observabilityadmin:${Region}:${Account}:telemetry-rule/${TelemetryRuleName} ├[~] service aws-odb │ └ resources │ └[~] resource AWS::ODB::OdbNetwork │ └ types │ ├[~] type ManagedS3BackupAccess │ │ └ properties │ │ └ Status: (documentation changed) │ ├[~] type S3Access │ │ └ properties │ │ └ Status: (documentation changed) │ ├[~] type ServiceNetworkEndpoint │ │ └ properties │ │ └ VpcEndpointType: (documentation changed) │ └[~] type ZeroEtlAccess │ └ properties │ └ Status: (documentation changed) ├[~] service aws-organizations │ └ resources │ └[~] resource AWS::Organizations::Account │ └ attributes │ └[+] State: string ├[~] service aws-osis │ └ resources │ └[~] resource AWS::OSIS::Pipeline │ └ properties │ └ PipelineRoleArn: (documentation changed) ├[~] service aws-pinpoint │ └ resources │ ├[~] resource AWS::Pinpoint::EmailTemplate │ │ └ - arnTemplate: arn:${Partition}:mobiletargeting:${Region}:${Account}:templates/${TemplateName}/VOICE │ │ + arnTemplate: arn:${Partition}:mobiletargeting:${Region}:${Account}:templates/${TemplateName}/EMAIL │ └[~] resource AWS::Pinpoint::PushTemplate │ └ - arnTemplate: arn:${Partition}:mobiletargeting:${Region}:${Account}:templates/${TemplateName}/VOICE │ + arnTemplate: arn:${Partition}:mobiletargeting:${Region}:${Account}:templates/${TemplateName}/PUSH ├[~] service aws-quicksight │ └ resources │ └[~] resource AWS::QuickSight::Dashboard │ └ types │ └[~] type DashboardPublishOptions │ └ - documentation: Dashboard publish options. │ + documentation: Dashboard publish options: │ - `AvailabilityStatus` for `AdHocFilteringOption` - This status can be either `ENABLED` or `DISABLED` . When this is set to `DISABLED` , Amazon Quick Sight disables the left filter pane on the published dashboard, which can be used for ad hoc (one-time) filtering. This option is `ENABLED` by default. │ - `AvailabilityStatus` for `ExportToCSVOption` - This status can be either `ENABLED` or `DISABLED` . The visual option to export data to .CSV format isn't enabled when this is set to `DISABLED` . This option is `ENABLED` by default. │ - `VisibilityState` for `SheetControlsOption` - This visibility state can be either `COLLAPSED` or `EXPANDED` . This option is `COLLAPSED` by default. │ - `AvailabilityStatus` for `QuickSuiteActionsOption` - This status can be either `ENABLED` or `DISABLED` . Features related to Actions in Amazon Quick Suite on dashboards are disabled when this is set to `DISABLED` . This option is `DISABLED` by default. │ - `AvailabilityStatus` for `ExecutiveSummaryOption` - This status can be either `ENABLED` or `DISABLED` . The option to build an executive summary is disabled when this is set to `DISABLED` . This option is `ENABLED` by default. │ - `AvailabilityStatus` for `DataStoriesSharingOption` - This status can be either `ENABLED` or `DISABLED` . The option to share a data story is disabled when this is set to `DISABLED` . This option is `ENABLED` by default. ├[~] service aws-ram │ └ resources │ └[~] resource AWS::RAM::Permission │ └ - arnTemplate: arn:${Partition}:ram::${Account}:permission/${ResourcePath} │ + arnTemplate: arn:${Partition}:ram:${Region}:${Account}:permission/${ResourcePath} ├[+] service aws-rtbfabric │ ├ capitalized: RTBFabric │ │ cloudFormationNamespace: AWS::RTBFabric │ │ name: aws-rtbfabric │ │ shortName: rtbfabric │ └ resources │ ├ resource AWS::RTBFabric::Link │ │ ├ name: Link │ │ │ cloudFormationType: AWS::RTBFabric::Link │ │ │ documentation: Resource Type definition for AWS::RTBFabric::Link Resource Type │ │ │ tagInformation: {"tagPropertyName":"Tags","variant":"standard"} │ │ ├ properties │ │ │ ├ Tags: Array<tag> │ │ │ ├ GatewayId: string (required) │ │ │ ├ PeerGatewayId: string (required) │ │ │ ├ LinkAttributes: LinkAttributes │ │ │ ├ HttpResponderAllowed: boolean │ │ │ ├ LinkLogSettings: LinkLogSettings (required) │ │ │ └ ModuleConfigurationList: Array<ModuleConfiguration> │ │ ├ attributes │ │ │ ├ LinkId: string │ │ │ ├ Arn: string │ │ │ ├ LinkStatus: string │ │ │ ├ CreatedTimestamp: string │ │ │ ├ UpdatedTimestamp: string │ │ │ └ LinkDirection: string │ │ └ types │ │ ├ type Action │ │ │ ├ name: Action │ │ │ └ properties │ │ │ ├ NoBid: NoBidAction (required) │ │ │ └ HeaderTag: HeaderTagAction (required) │ │ ├ type ApplicationLogs │ │ │ ├ name: ApplicationLogs │ │ │ └ properties │ │ │ └ LinkApplicationLogSampling: LinkApplicationLogSampling (required) │ │ ├ type Filter │ │ │ ├ name: Filter │ │ │ └ properties │ │ │ └ Criteria: Array<FilterCriterion> (required) │ │ ├ type FilterCriterion │ │ │ ├ name: FilterCriterion │ │ │ └ properties │ │ │ ├ Path: string (required) │ │ │ └ Values: Array<string> (required) │ │ ├ type HeaderTagAction │ │ │ ├ name: HeaderTagAction │ │ │ └ properties │ │ │ ├ Name: string (required) │ │ │ └ Value: string (required) │ │ ├ type LinkApplicationLogSampling │ │ │ ├ name: LinkApplicationLogSampling │ │ │ └ properties │ │ │ ├ ErrorLog: number (required) │ │ │ └ FilterLog: number (required) │ │ ├ type LinkAttributes │ │ │ ├ name: LinkAttributes │ │ │ └ properties │ │ │ ├ ResponderErrorMasking: Array<ResponderErrorMaskingForHttpCode> │ │ │ └ CustomerProvidedId: string │ │ ├ type LinkLogSettings │ │ │ ├ name: LinkLogSettings │ │ │ └ properties │ │ │ └ ApplicationLogs: ApplicationLogs (required) │ │ ├ type ModuleConfiguration │ │ │ ├ name: ModuleConfiguration │ │ │ └ properties │ │ │ ├ Version: string │ │ │ ├ Name: string (required) │ │ │ ├ DependsOn: Array<string> │ │ │ └ ModuleParameters: ModuleParameters │ │ ├ type ModuleParameters │ │ │ ├ name: ModuleParameters │ │ │ └ properties │ │ │ ├ NoBid: NoBidModuleParameters │ │ │ └ OpenRtbAttribute: OpenRtbAttributeModuleParameters │ │ ├ type NoBidAction │ │ │ ├ name: NoBidAction │ │ │ └ properties │ │ │ └ NoBidReasonCode: integer │ │ ├ type NoBidModuleParameters │ │ │ ├ name: NoBidModuleParameters │ │ │ └ properties │ │ │ ├ Reason: string │ │ │ ├ ReasonCode: integer │ │ │ └ PassThroughPercentage: number │ │ ├ type OpenRtbAttributeModuleParameters │ │ │ ├ name: OpenRtbAttributeModuleParameters │ │ │ └ properties │ │ │ ├ FilterType: string (required) │ │ │ ├ FilterConfiguration: Array<Filter> (required) │ │ │ ├ Action: Action (required) │ │ │ └ HoldbackPercentage: number (required) │ │ └ type ResponderErrorMaskingForHttpCode │ │ ├ name: ResponderErrorMaskingForHttpCode │ │ └ properties │ │ ├ HttpCode: string (required) │ │ ├ Action: string (required) │ │ ├ LoggingTypes: Array<string> (required) │ │ └ ResponseLoggingPercentage: number │ ├ resource AWS::RTBFabric::RequesterGateway │ │ ├ name: RequesterGateway │ │ │ cloudFormationType: AWS::RTBFabric::RequesterGateway │ │ │ documentation: Resource Type definition for AWS::RTBFabric::RequesterGateway Resource Type. │ │ │ tagInformation: {"tagPropertyName":"Tags","variant":"standard"} │ │ │ arnTemplate: arn:${Partition}:rtbfabric:${Region}:${Account}:gateway/${GatewayId} │ │ ├ properties │ │ │ ├ Tags: Array<tag> │ │ │ ├ Description: string │ │ │ ├ VpcId: string (required) │ │ │ ├ SubnetIds: Array<string> (required) │ │ │ └ SecurityGroupIds: Array<string> (required) │ │ └ attributes │ │ ├ GatewayId: string │ │ ├ Arn: string │ │ ├ RequesterGatewayStatus: string │ │ ├ DomainName: string │ │ ├ CreatedTimestamp: string │ │ ├ UpdatedTimestamp: string │ │ ├ ActiveLinksCount: integer │ │ └ TotalLinksCount: integer │ └ resource AWS::RTBFabric::ResponderGateway │ ├ name: ResponderGateway │ │ cloudFormationType: AWS::RTBFabric::ResponderGateway │ │ documentation: Resource Type definition for AWS::RTBFabric::ResponderGateway Resource Type │ │ tagInformation: {"tagPropertyName":"Tags","variant":"standard"} │ │ arnTemplate: arn:${Partition}:rtbfabric:${Region}:${Account}:gateway/${GatewayId} │ ├ properties │ │ ├ TrustStoreConfiguration: TrustStoreConfiguration │ │ ├ Description: string │ │ ├ DomainName: string │ │ ├ Port: integer (required) │ │ ├ ManagedEndpointConfiguration: ManagedEndpointConfiguration │ │ ├ SubnetIds: Array<string> (required) │ │ ├ SecurityGroupIds: Array<string> (required) │ │ ├ VpcId: string (required) │ │ ├ Protocol: string (required) │ │ └ Tags: Array<tag> │ ├ attributes │ │ ├ GatewayId: string │ │ ├ Arn: string │ │ ├ ResponderGatewayStatus: string │ │ ├ CreatedTimestamp: string │ │ └ UpdatedTimestamp: string │ └ types │ ├ type AutoScalingGroupsConfiguration │ │ ├ name: AutoScalingGroupsConfiguration │ │ └ properties │ │ ├ AutoScalingGroupNameList: Array<string> (required) │ │ └ RoleArn: string (required) │ ├ type EksEndpointsConfiguration │ │ ├ name: EksEndpointsConfiguration │ │ └ properties │ │ ├ ClusterApiServerCaCertificateChain: string (required) │ │ ├ EndpointsResourceName: string (required) │ │ ├ ClusterApiServerEndpointUri: string (required) │ │ ├ ClusterName: string (required) │ │ ├ EndpointsResourceNamespace: string (required) │ │ └ RoleArn: string (required) │ ├ type ManagedEndpointConfiguration │ │ ├ name: ManagedEndpointConfiguration │ │ └ properties │ │ ├ AutoScalingGroupsConfiguration: AutoScalingGroupsConfiguration │ │ └ EksEndpointsConfiguration: EksEndpointsConfiguration │ └ type TrustStoreConfiguration │ ├ name: TrustStoreConfiguration │ └ properties │ └ CertificateAuthorityCertificates: Array<string> (required) ├[~] service aws-s3 │ └ resources │ └[~] resource AWS::S3::Bucket │ └ types │ ├[~] type DeleteMarkerReplication │ │ └ properties │ │ └ Status: (documentation changed) │ └[~] type VersioningConfiguration │ └ - documentation: Describes the versioning state of an Amazon S3 bucket. For more information, see [PUT Bucket versioning](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTVersioningStatus.html) in the *Amazon S3 API Reference* . │ > When you enable versioning on a bucket for the first time, it might take a short amount of time for the change to be fully propagated. We recommend that you wait for 15 minutes after enabling versioning before issuing write operations ( `PUT` or `DELETE` ) on objects in the bucket. │ + documentation: Describes the versioning state of an Amazon S3 bucket. For more information, see [PUT Bucket versioning](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTVersioningStatus.html) in the *Amazon S3 API Reference* . │ Keep the following timing in mind when enabling, suspending, or transitioning between versioning states: │ - *Enabling versioning* - Changes may take up to 15 minutes to propagate across all AWS regions for full consistency. │ - *Suspending versioning* - Takes effect immediately with no propagation delay. │ - *Transitioning between states* - Any change from Suspended to Enabled has a 15-minute delay. ├[+] service aws-s3vectors │ ├ capitalized: S3Vectors │ │ cloudFormationNamespace: AWS::S3Vectors │ │ name: aws-s3vectors │ │ shortName: s3vectors │ └ resources │ ├ resource AWS::S3Vectors::Index │ │ ├ name: Index │ │ │ cloudFormationType: AWS::S3Vectors::Index │ │ │ documentation: Resource Type definition for AWS::S3Vectors::Index │ │ ├ properties │ │ │ ├ DataType: string (required, immutable) │ │ │ ├ Dimension: integer (required, immutable) │ │ │ ├ DistanceMetric: string (required, immutable) │ │ │ ├ IndexName: string (immutable) │ │ │ ├ MetadataConfiguration: MetadataConfiguration (immutable) │ │ │ ├ VectorBucketArn: string (immutable) │ │ │ └ VectorBucketName: string (immutable) │ │ ├ attributes │ │ │ ├ CreationTime: string │ │ │ └ IndexArn: string │ │ └ types │ │ └ type MetadataConfiguration │ │ ├ documentation: The metadata configuration for the vector index. │ │ │ name: MetadataConfiguration │ │ └ properties │ │ └ NonFilterableMetadataKeys: Array<string> │ ├ resource AWS::S3Vectors::VectorBucket │ │ ├ name: VectorBucket │ │ │ cloudFormationType: AWS::S3Vectors::VectorBucket │ │ │ documentation: Resource Type definition for AWS::S3Vectors::VectorBucket │ │ ├ properties │ │ │ ├ VectorBucketName: string (immutable) │ │ │ └ EncryptionConfiguration: EncryptionConfiguration (immutable) │ │ ├ attributes │ │ │ ├ VectorBucketArn: string │ │ │ └ CreationTime: string │ │ └ types │ │ └ type EncryptionConfiguration │ │ ├ documentation: The encryption configuration for the vector bucket. │ │ │ name: EncryptionConfiguration │ │ └ properties │ │ ├ SseType: string (default="AES256") │ │ └ KmsKeyArn: string │ └ resource AWS::S3Vectors::VectorBucketPolicy │ ├ name: VectorBucketPolicy │ │ cloudFormationType: AWS::S3Vectors::VectorBucketPolicy │ │ documentation: Resource Type definition for AWS::S3Vectors::VectorBucketPolicy │ │ scrutinizable: ResourcePolicyResource │ └ properties │ ├ Policy: json | string (required) │ ├ VectorBucketArn: string (immutable) │ └ VectorBucketName: string (immutable) ├[~] service aws-sagemaker │ └ resources │ ├[~] resource AWS::SageMaker::NotebookInstance │ │ └ properties │ │ └ PlatformIdentifier: (documentation changed) │ └[~] resource AWS::SageMaker::ProcessingJob │ └ types │ └[~] type S3Input │ └ properties │ └ S3DataDistributionType: (documentation changed) ├[~] service aws-securityhub │ └ resources │ ├[~] resource AWS::SecurityHub::AggregatorV2 │ │ └ - documentation: Enables aggregation across AWS Regions . This API is in private preview and subject to change. │ │ + documentation: Enables aggregation across AWS Regions . This API is in public preview and subject to change. │ ├[~] resource AWS::SecurityHub::AutomationRuleV2 │ │ └ - documentation: Creates a V2 automation rule. This API is in private preview and subject to change. │ │ + documentation: Creates a V2 automation rule. This API is in public preview and subject to change. │ └[~] resource AWS::SecurityHub::HubV2 │ └ - documentation: Returns details about the service resource in your account. This API is in private preview and subject to change. │ + documentation: Returns details about the service resource in your account. This API is in public preview and subject to change. ├[~] service aws-ses │ └ resources │ └[~] resource AWS::SES::MailManagerAddressList │ └ - arnTemplate: undefined │ + arnTemplate: arn:${Partition}:ses:${Region}:${Account}:mailmanager-address-list/${AddressListId} └[~] service aws-transfer └ resources └[~] resource AWS::Transfer::Connector ├ properties │ ├[+] EgressConfig: ConnectorEgressConfig │ ├[+] EgressType: string │ └ Url: - string (required) │ + string ├ attributes │ └[+] Status: string └ types ├[+] type ConnectorEgressConfig │ ├ documentation: Configuration structure that defines how traffic is routed from the connector to the SFTP server. Contains VPC Lattice settings when using VPC_LATTICE egress type for private connectivity through customer VPCs. │ │ name: ConnectorEgressConfig │ └ properties │ └ VpcLattice: ConnectorVpcLatticeEgressConfig (required) └[+] type ConnectorVpcLatticeEgressConfig ├ documentation: VPC_LATTICE egress configuration that specifies the Resource Configuration ARN and port for connecting to SFTP servers through customer VPCs. Requires a valid Resource Configuration with appropriate network access. │ name: ConnectorVpcLatticeEgressConfig └ properties ├ ResourceConfigurationArn: string (required) └ PortNumber: integer ```
aws-cdk-automation
added
auto-approve
pr/no-squash
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
aws-cdk-automation
requested a deployment
to
test-pipeline
GitHub Actions
Waiting
aws-cdk-automation
requested a deployment
to
test-pipeline
GitHub Actions
Waiting
aws-cdk-automation
requested a deployment
to
test-pipeline
GitHub Actions
Waiting
kumsmrit
requested a deployment
to
test-pipeline
GitHub Actions
Waiting
Contributor
|
Thank you for contributing! Your pull request will be automatically updated and merged without squashing (do not update manually, and be sure to allow changes to be pushed to your fork). |
Contributor
|
Comments on closed issues and PRs are hard for our team to see. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
13 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See CHANGELOG