chore(release): 2.167.0 #32114
Merged
chore(release): 2.167.0 #32114
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
found a very very small typo. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) Closes #31780. ### Reason for this change To use recording configuration for IVS channel. ### Description of changes * Add `RecordingConfiguration` Construct. * Add `recordingConfiguration` property to the Channel. ### Description of how you validated changes Add unit tests and integ test. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…d of queue policy (#32032) ### Issue # (if applicable) Tracking #31785. ### Reason for this change Currently if a dead letter queue (DLQ) is specified then a queue policy is created for the DLQ which allows the schedule to send messages. This is incorrect and the permissions should be added to the schedule's execution role instead. ### Description of changes Add `sqs:SendMessage` permission to execution role's policy statement if dead letter queue is specified. This follows the [service docs](https://docs.aws.amazon.com/scheduler/latest/UserGuide/configuring-schedule-dlq.html#configuring-schedule-dlq-permissions) for configuring a schedule DLQ. Also removed cross-region validation as the deployment will fail fast for this case so the validation is unnecessary. ### Description of how you validated changes Updated unit tests and added a new integration test with dead letter queue setup on the schedule ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…rting and stack descriptions (#31985) ### Issue # (if applicable) Closes #31924 ### Reason for this change Product Stack cannot override analytics reporting and descriptions. Support these two props. ### Description of changes The reason I didn't choose to allow ProductStackProps to extend StackProps and instead manually add these two properties are because all of the other properties, i.e. `stackName`, `env`, `notificationArns`, `terminationProtection`, `crossRegionReferences`, `permissionsBoundary`, `suppressTemplateIndentation`, do not mutate the stack template but are used by CDK CLI. These properties have no impact on the Product Stack template generated and thus I did not include them. ### Description of how you validated changes Unit and integ tests added. ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ancer (#31990) ### Issue # (if applicable) Closes #31983. ### Reason for this change AWS CDK does not support for configuring zonal shift for a NLB. ### Description of changes Add `zonalShift` prop to `NetworkLoadBalancerProps` ### Description of how you validated changes Add both unit and integ tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ame is unresolved token (#31967) ### Issue # (if applicable) Closes #31436. ### Reason for this change When nested stack is used with CodePipeline, the stack name is actually a token which will fail regex check. We can't simply add a `Token.isUnresolved` check before the regex check because stack name must be a resolved string otherwise the template file would include `Token[xxx]`. ### Description of changes The only feasible fix would be allowing users to override the nested stack name if users provide one. Currently nested stack names are auto-generated and are a token value. Allow users to specify the stack name. ### Description of how you validated changes New integ tests pass. Existing tests pass. ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) NA ### Reason for this change Adds Python 3.13 to the available [Lambda Runtimes constants](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_lambda.Runtime.html#initializer) ### Description of how you validated changes Have added integration tests to validate the runtime support ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This PR supports minor versions for oracle 19c and 21c. - 19c - 19.0.0.0.ru-2024-07.rur-2024-07.r1 - 19.0.0.0.ru-2024-10.rur-2024-10.r1 - 21c - 21.0.0.0.ru-2024-07.rur-2024-07.r1 - 21.0.0.0.ru-2024-10.rur-2024-10.r1 What's new and Ref - https://aws.amazon.com/jp/about-aws/whats-new/2024/11/amazon-rds-oracle-october-2024-update/ - https://docs.aws.amazon.com/AmazonRDS/latest/OracleReleaseNotes/oracle-version-21-0.html - https://docs.aws.amazon.com/AmazonRDS/latest/OracleReleaseNotes/oracle-version-19-0.html ```sh ❯ aws rds describe-db-engine-versions --engine oracle-ee-cdb --query "DBEngineVersions[?EngineVersion=='19.0.0.0.ru-2024-07.rur-2024-07.r1'||EngineVersion=='19.0.0.0.ru-2024-10.rur-2024-10.r1'||EngineVersion=='21.0.0.0.ru-2024-07.rur-2024-07.r1'||EngineVersion=='21.0.0.0.ru-2024-10.rur-2024-10.r1'].[DBEngineVersionDescription,EngineVersion,DBParameterGroupFamily,MajorEngineVersion,Status]" [ [ "Oracle 19.0.0.0.ru-2024-07.rur-2024-07.r1", "19.0.0.0.ru-2024-07.rur-2024-07.r1", "oracle-ee-cdb-19", "19", "available" ], [ "Oracle 19.0.0.0.ru-2024-10.rur-2024-10.r1", "19.0.0.0.ru-2024-10.rur-2024-10.r1", "oracle-ee-cdb-19", "19", "available" ], [ "Oracle 21.0.0.0.ru-2024-07.rur-2024-07.r1", "21.0.0.0.ru-2024-07.rur-2024-07.r1", "oracle-ee-cdb-21", "21", "available" ], [ "Oracle 21.0.0.0.ru-2024-10.rur-2024-10.r1", "21.0.0.0.ru-2024-10.rur-2024-10.r1", "oracle-ee-cdb-21", "21", "available" ] ] ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Add some new minor versions for RDS for SQL Server. Ref: https://aws.amazon.com/about-aws/whats-new/2024/11/amazon-rds-sql-server-minor-versions-october-2024/ ```sh aws rds describe-db-engine-versions --engine sqlserver-ee --query "DBEngineVersions[?EngineVersion=='13.00.6450.1.v1'||EngineVersion=='14.00.3480.1.v1'||EngineVersion=='15.00.4395.2.v1'||EngineVersion=='16.00.4150.1.v1'].[DBEngineVersionDescription,EngineVersion,DBParameterGroupFamily,MajorEngineVersion,Status]" [ [ "SQL Server 2016 13.00.6450.1.v1", "13.00.6450.1.v1", "sqlserver-ee-13.0", "13.00", "available" ], [ "SQL Server 2017 14.00.3480.1.v1", "14.00.3480.1.v1", "sqlserver-ee-14.0", "14.00", "available" ], [ "SQL Server 2019 15.00.4395.2.v1", "15.00.4395.2.v1", "sqlserver-ee-15.0", "15.00", "available" ], [ "SQL Server 2022 16.00.4150.1.v1", "16.00.4150.1.v1", "sqlserver-ee-16.0", "16.00", "available" ] ] ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) Closes #30989 ### Reason for this change To support `KEY_AGREEMENT` for KeyUsage. ### Description of changes * Add `KEY_AGREEMENT` to KeyUsage enum * Add validation rule ### Description of how you validated changes Add unit test and integ test. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…#32053) ### Issue # (if applicable) Closes #31860. ### Reason for this change Currently customers can pass one property `tagOrDigest` and if the customers pass a CFN parameter, CDK could not know if it is a tag or digest, and so the generated URI is not correct. Now the same parameter can supports Tokens, and it will generate a CFN condition to check if the value of this token is digest or tag, and then update the uri based on the condition output. ### Description of changes Check if the input is a Token, and so instead of determining if its value is a tag or digest in synth time, we create a CFN condition to do this check in CFN, and then determine how to build the repo uri. ### Description of how you validated changes Added unit test cases, and integration test cases with assertions. ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Leverage [Codecov](https://about.codecov.io/) to enforce (new) code coverage requirements. Resolves #31931 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Followup to #32079 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec` **L1 CloudFormation resource definition changes:** ``` ├[~] service aws-appsync │ └ resources │ ├[~] resource AWS::AppSync::Api │ │ ├ - documentation: Creates a `GraphqlApi` object. │ │ │ + documentation: The `AWS::AppSync::Api` resource creates an AWS AppSync API that you can use for an AWS AppSync API with your preferred configuration, such as an Event API that provides real-time message publishing and message subscriptions over WebSockets. │ │ ├ properties │ │ │ ├ EventConfig: (documentation changed) │ │ │ ├ Name: (documentation changed) │ │ │ └ Tags: (documentation changed) │ │ ├ attributes │ │ │ ├ ApiArn: (documentation changed) │ │ │ ├ ApiId: (documentation changed) │ │ │ ├ Dns: - Map<string, string> │ │ │ │ + DnsMap │ │ │ ├[+] Dns.Http: string │ │ │ └[+] Dns.Realtime: string │ │ └ types │ │ ├[~] type AuthMode │ │ │ ├ - documentation: An auth mode. │ │ │ │ + documentation: Describes an authorization configuration. Use `AuthMode` to specify the publishing and subscription authorization configuration for an Event API. │ │ │ └ properties │ │ │ └ AuthType: (documentation changed) │ │ ├[~] type AuthProvider │ │ │ ├ - documentation: An auth provider for the AppSync API. │ │ │ │ + documentation: Describes an authorization provider. │ │ │ └ properties │ │ │ ├ AuthType: (documentation changed) │ │ │ ├ CognitoConfig: (documentation changed) │ │ │ ├ LambdaAuthorizerConfig: (documentation changed) │ │ │ └ OpenIDConnectConfig: (documentation changed) │ │ ├[~] type CognitoConfig │ │ │ ├ - documentation: Optional authorization configuration for using Amazon Cognito user pools with your API endpoint. │ │ │ │ + documentation: Describes an Amazon Cognito configuration. │ │ │ └ properties │ │ │ ├ AppIdClientRegex: (documentation changed) │ │ │ ├ AwsRegion: (documentation changed) │ │ │ └ UserPoolId: (documentation changed) │ │ ├[+] type DnsMap │ │ │ ├ documentation: A map of DNS names for the Api. │ │ │ │ name: DnsMap │ │ │ └ properties │ │ │ ├Realtime: string │ │ │ └Http: string │ │ ├[~] type EventConfig │ │ │ ├ - documentation: The configuration for an Event Api │ │ │ │ + documentation: Describes the authorization configuration for connections, message publishing, message subscriptions, and logging for an Event API. │ │ │ └ properties │ │ │ ├ AuthProviders: (documentation changed) │ │ │ ├ ConnectionAuthModes: (documentation changed) │ │ │ ├ DefaultPublishAuthModes: (documentation changed) │ │ │ ├ DefaultSubscribeAuthModes: (documentation changed) │ │ │ └ LogConfig: (documentation changed) │ │ └[~] type EventLogConfig │ │ ├ - documentation: The log config for the AppSync API. │ │ │ + documentation: Describes the CloudWatch Logs configuration for the Event API. │ │ └ properties │ │ ├ CloudWatchLogsRoleArn: (documentation changed) │ │ └ LogLevel: (documentation changed) │ └[~] resource AWS::AppSync::ChannelNamespace │ ├ - documentation: Resource schema for AppSync ChannelNamespace │ │ + documentation: The `AWS::AppSync::ChannelNamespace` resource creates a channel namespace associated with an `Api` . The `ChannelNamespace` contains the definitions for code handlers for the `Api` . │ ├ properties │ │ ├ ApiId: (documentation changed) │ │ ├ CodeHandlers: (documentation changed) │ │ ├ Name: (documentation changed) │ │ ├ PublishAuthModes: (documentation changed) │ │ ├ SubscribeAuthModes: (documentation changed) │ │ └ Tags: (documentation changed) │ ├ attributes │ │ └ ChannelNamespaceArn: (documentation changed) │ └ types │ └[~] type AuthMode │ ├ - documentation: An auth mode. │ │ + documentation: Describes an authorization configuration. Use `AuthMode` to specify the publishing and subscription authorization configuration for an Event API. │ └ properties │ └ AuthType: (documentation changed) ├[~] service aws-bedrock │ └ resources │ ├[~] resource AWS::Bedrock::ApplicationInferenceProfile │ │ ├ - documentation: Definition of AWS::Bedrock::ApplicationInferenceProfile Resource Type │ │ │ + documentation: Specifies an inference profile as a resource in a top-level template. Use the `ModelSource` field to specify the inference profile to copy into the resource. For more information about using inference profiles in Amazon Bedrock , see [Improve resilience with cross-region inference](https://docs.aws.amazon.com/bedrock/latest/userguide/cross-region-inference.html) . │ │ │ See the *Properties* section below for descriptions of both the required and optional properties. │ │ ├ properties │ │ │ ├ Description: (documentation changed) │ │ │ ├ InferenceProfileName: (documentation changed) │ │ │ ├ ModelSource: (documentation changed) │ │ │ └ Tags: (documentation changed) │ │ ├ attributes │ │ │ ├ CreatedAt: (documentation changed) │ │ │ ├ InferenceProfileArn: (documentation changed) │ │ │ ├ InferenceProfileId: (documentation changed) │ │ │ ├ InferenceProfileIdentifier: (documentation changed) │ │ │ ├ Models: (documentation changed) │ │ │ ├ Status: (documentation changed) │ │ │ ├ Type: (documentation changed) │ │ │ └ UpdatedAt: (documentation changed) │ │ └ types │ │ ├[~] type InferenceProfileModel │ │ │ ├ - documentation: Model configuration │ │ │ │ + documentation: Contains information about a model. │ │ │ └ properties │ │ │ └ ModelArn: (documentation changed) │ │ └[~] type InferenceProfileModelSource │ │ ├ - documentation: Various ways to encode a list of models in a CreateInferenceProfile request │ │ │ + documentation: Contains information about the model or system-defined inference profile that is the source for an inference profile.. │ │ └ properties │ │ └ CopyFrom: (documentation changed) │ ├[~] resource AWS::Bedrock::FlowVersion │ │ └ attributes │ │ └ CustomerEncryptionKeyArn: (documentation changed) │ ├[~] resource AWS::Bedrock::KnowledgeBase │ │ └ types │ │ └[~] type VectorKnowledgeBaseConfiguration │ │ └ properties │ │ └ EmbeddingModelArn: (documentation changed) │ └[~] resource AWS::Bedrock::PromptVersion │ ├ properties │ │ └ Tags: (documentation changed) │ └ attributes │ └ CustomerEncryptionKeyArn: (documentation changed) ├[~] service aws-cleanrooms │ └ resources │ ├[~] resource AWS::CleanRooms::Collaboration │ │ └ properties │ │ └[+] AnalyticsEngine: string (immutable) │ └[~] resource AWS::CleanRooms::Membership │ └ types │ └[~] type ProtectedQueryS3OutputConfiguration │ └ properties │ └[+] SingleFileOutput: boolean ├[~] service aws-codebuild │ └ resources │ ├[~] resource AWS::CodeBuild::Fleet │ │ └ properties │ │ ├ ComputeType: (documentation changed) │ │ └ EnvironmentType: (documentation changed) │ └[~] resource AWS::CodeBuild::Project │ └ types │ └[~] type Environment │ └ properties │ └ ComputeType: (documentation changed) ├[~] service aws-datasync │ └ resources │ └[~] resource AWS::DataSync::Task │ └ properties │ └[+] TaskMode: string (immutable) ├[~] service aws-ec2 │ └ resources │ ├[~] resource AWS::EC2::EIP │ │ └ properties │ │ ├ Address: (documentation changed) │ │ └ IpamPoolId: (documentation changed) │ └[+] resource AWS::EC2::SecurityGroupVpcAssociation │ ├ name: SecurityGroupVpcAssociation │ │ cloudFormationType: AWS::EC2::SecurityGroupVpcAssociation │ │ documentation: A security group association with a VPC. │ ├ properties │ │ ├GroupId: string (required, immutable) │ │ └VpcId: string (required, immutable) │ └ attributes │ ├VpcOwnerId: string │ ├State: string │ └StateReason: string ├[~] service aws-ecs │ └ resources │ ├[~] resource AWS::ECS::CapacityProvider │ │ └ types │ │ └[~] type ManagedScaling │ │ └ properties │ │ └ MinimumScalingStepSize: (documentation changed) │ ├[~] resource AWS::ECS::Service │ │ ├ properties │ │ │ └ DeploymentConfiguration: (documentation changed) │ │ └ types │ │ ├[~] type DeploymentConfiguration │ │ │ └ - documentation: Optional deployment parameters that control how many tasks run during the deployment and the failure detection methods. │ │ │ + documentation: Optional deployment parameters that control how many tasks run during a deployment and the ordering of stopping and starting tasks. │ │ └[~] type LoadBalancer │ │ └ properties │ │ └ LoadBalancerName: (documentation changed) │ └[~] resource AWS::ECS::TaskDefinition │ ├ properties │ │ ├ IpcMode: (documentation changed) │ │ ├ NetworkMode: (documentation changed) │ │ └ PidMode: (documentation changed) │ └ types │ ├[~] type PortMapping │ │ └ properties │ │ └ ContainerPort: (documentation changed) │ └[~] type RuntimePlatform │ └ properties │ ├ CpuArchitecture: (documentation changed) │ └ OperatingSystemFamily: (documentation changed) ├[~] service aws-elasticache │ └ resources │ └[~] resource AWS::ElastiCache::ReplicationGroup │ └ properties │ └ TransitEncryptionEnabled: (documentation changed) ├[~] service aws-elasticloadbalancingv2 │ └ resources │ ├[~] resource AWS::ElasticLoadBalancingV2::Listener │ │ ├ properties │ │ │ ├ Port: (documentation changed) │ │ │ └ Protocol: (documentation changed) │ │ └ types │ │ └[~] type RedirectConfig │ │ └ properties │ │ └ Protocol: (documentation changed) │ ├[~] resource AWS::ElasticLoadBalancingV2::ListenerRule │ │ └ types │ │ └[~] type RedirectConfig │ │ └ properties │ │ └ Protocol: (documentation changed) │ ├[~] resource AWS::ElasticLoadBalancingV2::LoadBalancer │ │ ├ properties │ │ │ ├ IpAddressType: (documentation changed) │ │ │ ├ Scheme: (documentation changed) │ │ │ ├ SubnetMappings: (documentation changed) │ │ │ └ Subnets: (documentation changed) │ │ └ types │ │ └[~] type LoadBalancerAttribute │ │ └ properties │ │ └ Key: (documentation changed) │ └[~] resource AWS::ElasticLoadBalancingV2::TargetGroup │ ├ properties │ │ ├ HealthCheckEnabled: (documentation changed) │ │ └ IpAddressType: (documentation changed) │ └ types │ └[~] type TargetGroupAttribute │ └ properties │ └ Key: (documentation changed) ├[~] service aws-gamelift │ └ resources │ ├[~] resource AWS::GameLift::ContainerGroupDefinition │ │ ├ - documentation: *This data type is used with the Amazon GameLift containers feature, which is currently in public preview.* │ │ │ The properties that describe a container group resource. Container group definition properties can't be updated. To change a property, create a new container group definition. │ │ │ *Used with:* `CreateContainerGroupDefinition` │ │ │ *Returned by:* `DescribeContainerGroupDefinition` , `ListContainerGroupDefinitions` │ │ │ + documentation: *This data type is currently not available. It is under improvement as we respond to customer feedback from the Containers public preview.* │ │ │ The properties that describe a container group resource. Container group definition properties can't be updated. To change a property, create a new container group definition. │ │ │ *Used with:* `CreateContainerGroupDefinition` │ │ │ *Returned by:* `DescribeContainerGroupDefinition` , `ListContainerGroupDefinitions` │ │ ├ properties │ │ │ ├ TotalCpuLimit: (documentation changed) │ │ │ └ TotalMemoryLimit: (documentation changed) │ │ └ types │ │ ├[~] type ContainerDefinition │ │ │ └ - documentation: *This data type is used with the Amazon GameLift containers feature, which is currently in public preview.* │ │ │ Describes a container in a container fleet, the resources available to the container, and the commands that are run when the container starts. Container properties can't be updated. To change a property, create a new container group definition. See also `ContainerDefinitionInput` . │ │ │ *Part of:* `ContainerGroupDefinition` │ │ │ *Returned by:* `DescribeContainerGroupDefinition` , `ListContainerGroupDefinitions` │ │ │ + documentation: *This data type is currently not available. It is under improvement as we respond to customer feedback from the Containers public preview.* │ │ │ Describes a container in a container fleet, the resources available to the container, and the commands that are run when the container starts. Container properties can't be updated. To change a property, create a new container group definition. See also `ContainerDefinitionInput` . │ │ │ *Part of:* `ContainerGroupDefinition` │ │ │ *Returned by:* `DescribeContainerGroupDefinition` , `ListContainerGroupDefinitions` │ │ ├[~] type ContainerDependency │ │ │ └ - documentation: *This data type is used with the Amazon GameLift containers feature, which is currently in public preview.* │ │ │ A container's dependency on another container in the same container group. The dependency impacts how the dependent container is able to start or shut down based the status of the other container. │ │ │ For example, ContainerA is configured with the following dependency: a `START` dependency on ContainerB. This means that ContainerA can't start until ContainerB has started. It also means that ContainerA must shut down before ContainerB. │ │ │ *Part of:* `ContainerDefinition` │ │ │ + documentation: *This data type is currently not available. It is under improvement as we respond to customer feedback from the Containers public preview.* │ │ │ A container's dependency on another container in the same container group. The dependency impacts how the dependent container is able to start or shut down based the status of the other container. │ │ │ For example, ContainerA is configured with the following dependency: a `START` dependency on ContainerB. This means that ContainerA can't start until ContainerB has started. It also means that ContainerA must shut down before ContainerB. │ │ │ *Part of:* `ContainerDefinition` │ │ ├[~] type ContainerEnvironment │ │ │ └ - documentation: *This data type is used with the Amazon GameLift containers feature, which is currently in public preview.* │ │ │ An environment variable to set inside a container, in the form of a key-value pair. │ │ │ *Related data type:* `ContainerDefinition$Environment` │ │ │ + documentation: *This data type is currently not available. It is under improvement as we respond to customer feedback from the Containers public preview.* │ │ │ An environment variable to set inside a container, in the form of a key-value pair. │ │ │ *Related data type:* `ContainerDefinition$Environment` │ │ └[~] type ContainerPortRange │ │ └ - documentation: *This data type is used with the Amazon GameLift containers feature, which is currently in public preview.* │ │ A set of one or more port numbers that can be opened on the container. │ │ *Part of:* `ContainerPortConfiguration` │ │ + documentation: *This data type is currently not available. It is under improvement as we respond to customer feedback from the Containers public preview.* │ │ A set of one or more port numbers that can be opened on the container. │ │ *Part of:* `ContainerPortConfiguration` │ └[~] resource AWS::GameLift::Fleet │ ├ properties │ │ ├ ApplyCapacity: (documentation changed) │ │ ├ ContainerGroupsConfiguration: (documentation changed) │ │ ├ InstanceRoleARN: (documentation changed) │ │ └ InstanceRoleCredentialsProvider: (documentation changed) │ └ types │ ├[~] type ConnectionPortRange │ │ └ - documentation: *This operation has been expanded to use with the Amazon GameLift containers feature, which is currently in public preview.* │ │ The set of port numbers to open on each instance in a container fleet. Connection ports are used by inbound traffic to connect with processes that are running in containers on the fleet. │ │ *Part of:* `ContainerGroupsConfiguration` , `ContainerGroupsAttributes` │ │ + documentation: *This data type is currently not available. It is under improvement as we respond to customer feedback from the Containers public preview.* │ │ The set of port numbers to open on each instance in a container fleet. Connection ports are used by inbound traffic to connect with processes that are running in containers on the fleet. │ │ *Part of:* `ContainerGroupsConfiguration` , `ContainerGroupsAttributes` │ ├[~] type ContainerGroupsConfiguration │ │ └ - documentation: *This data type is used with the Amazon GameLift containers feature, which is currently in public preview.* │ │ Configuration details for a set of container groups, for use when creating a fleet with compute type `CONTAINER` . │ │ *Used with:* `CreateFleet` │ │ + documentation: *This data type is currently not available. It is under improvement as we respond to customer feedback from the Containers public preview.* │ │ Configuration details for a set of container groups, for use when creating a fleet with compute type `CONTAINER` . │ │ *Used with:* `CreateFleet` │ ├[~] type ContainerGroupsPerInstance │ │ └ - documentation: *This data type is used with the Amazon GameLift containers feature, which is currently in public preview.* │ │ Determines how many replica container groups that Amazon GameLift deploys to each instance in a container fleet. │ │ Amazon GameLift calculates the maximum possible replica groups per instance based on the instance 's CPU and memory resources. When deploying a fleet, Amazon GameLift places replica container groups on each fleet instance based on the following: │ │ - If no desired value is set, Amazon GameLift places the calculated maximum. │ │ - If a desired number is set to a value higher than the calculated maximum, fleet creation fails.. │ │ - If a desired number is set to a value lower than the calculated maximum, Amazon GameLift places the desired number. │ │ *Part of:* `ContainerGroupsConfiguration` , `ContainerGroupsAttributes` │ │ *Returned by:* `DescribeFleetAttributes` , `CreateFleet` │ │ + documentation: *This data type is currently not available. It is under improvement as we respond to customer feedback from the Containers public preview.* │ │ Determines how many replica container groups that Amazon GameLift deploys to each instance in a container fleet. │ │ Amazon GameLift calculates the maximum possible replica groups per instance based on the instance 's CPU and memory resources. When deploying a fleet, Amazon GameLift places replica container groups on each fleet instance based on the following: │ │ - If no desired value is set, Amazon GameLift places the calculated maximum. │ │ - If a desired number is set to a value higher than the calculated maximum, fleet creation fails.. │ │ - If a desired number is set to a value lower than the calculated maximum, Amazon GameLift places the desired number. │ │ *Part of:* `ContainerGroupsConfiguration` , `ContainerGroupsAttributes` │ │ *Returned by:* `DescribeFleetAttributes` , `CreateFleet` │ ├[~] type LocationCapacity │ │ └ - documentation: Current resource capacity settings for managed EC2 fleets and container fleets. For multi-location fleets, location values might refer to a fleet's remote location or its home Region. │ │ *Returned by:* [DescribeFleetCapacity](https://docs.aws.amazon.com/gamelift/latest/apireference/API_DescribeFleetCapacity.html) , [DescribeFleetLocationCapacity](https://docs.aws.amazon.com/gamelift/latest/apireference/API_DescribeFleetLocationCapacity.html) , [UpdateFleetCapacity](https://docs.aws.amazon.com/gamelift/latest/apireference/API_UpdateFleetCapacity.html) │ │ + documentation: Current resource capacity settings for managed EC2 fleets. For multi-location fleets, location values might refer to a fleet's remote location or its home Region. │ │ *Returned by:* [DescribeFleetCapacity](https://docs.aws.amazon.com/gamelift/latest/apireference/API_DescribeFleetCapacity.html) , [DescribeFleetLocationCapacity](https://docs.aws.amazon.com/gamelift/latest/apireference/API_DescribeFleetLocationCapacity.html) , [UpdateFleetCapacity](https://docs.aws.amazon.com/gamelift/latest/apireference/API_UpdateFleetCapacity.html) │ ├[~] type LocationConfiguration │ │ ├ - documentation: *This data type has been expanded to use with the Amazon GameLift containers feature, which is currently in public preview.* │ │ │ A remote location where a multi-location fleet can deploy game servers for game hosting. │ │ │ + documentation: A remote location where a multi-location fleet can deploy game servers for game hosting. │ │ └ properties │ │ └ LocationCapacity: (documentation changed) │ ├[~] type RuntimeConfiguration │ │ └ properties │ │ └ MaxConcurrentGameSessionActivations: (documentation changed) │ └[~] type ServerProcess │ └ properties │ └ ConcurrentExecutions: (documentation changed) ├[~] service aws-inspectorv2 │ └ resources │ └[~] resource AWS::InspectorV2::CisScanConfiguration │ └ types │ └[~] type CisTargets │ └ properties │ └ TargetResourceTags: - Map<string, Array<string>> │ + Map<string, Array<string>> (required) ├[~] service aws-lambda │ └ resources │ └[~] resource AWS::Lambda::Function │ └ types │ └[~] type Code │ ├ - documentation: The [deployment package](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html) for a Lambda function. To deploy a function defined as a container image, you specify the location of a container image in the Amazon ECR registry. For a .zip file deployment package, you can specify the location of an object in Amazon S3. For Node.js and Python functions, you can specify the function code inline in the template. │ │ Changes to a deployment package in Amazon S3 or a container image in ECR are not detected automatically during stack updates. To update the function code, change the object key or version in the template. │ │ + documentation: The [deployment package](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html) for a Lambda function. To deploy a function defined as a container image, you specify the location of a container image in the Amazon ECR registry. For a .zip file deployment package, you can specify the location of an object in Amazon S3. For Node.js and Python functions, you can specify the function code inline in the template. │ │ > When you specify source code inline for a Node.js function, the `index` file that AWS CloudFormation creates uses the extension `.js` . This means that Lambda treats the file as a CommonJS module. ES modules aren't supported for inline functions. │ │ Changes to a deployment package in Amazon S3 or a container image in ECR are not detected automatically during stack updates. To update the function code, change the object key or version in the template. │ └ properties │ └ ZipFile: (documentation changed) ├[~] service aws-logs │ └ resources │ ├[~] resource AWS::Logs::Delivery │ │ └ properties │ │ ├[+] FieldDelimiter: string │ │ ├[+] RecordFields: Array<string> │ │ ├[+] S3EnableHiveCompatiblePath: boolean │ │ └[+] S3SuffixPath: string │ └[~] resource AWS::Logs::DeliveryDestination │ └ properties │ └[+] OutputFormat: string (immutable) ├[~] service aws-nimblestudio │ └ resources │ ├[~] resource AWS::NimbleStudio::LaunchProfile │ │ └ types │ │ ├[~] type StreamConfiguration │ │ │ └ properties │ │ │ ├ MaxSessionLengthInMinutes: - number (default=690) │ │ │ │ + number │ │ │ └ MaxStoppedSessionLengthInMinutes: - number (default=0) │ │ │ + number │ │ ├[~] type StreamConfigurationSessionBackup │ │ │ └ properties │ │ │ └ MaxBackupsToRetain: - number (default=0) │ │ │ + number │ │ └[~] type VolumeConfiguration │ │ └ properties │ │ ├ Iops: - number (default=3000) │ │ │ + number │ │ ├ Size: - number (default=500) │ │ │ + number │ │ └ Throughput: - number (default=125) │ │ + number │ ├[~] resource AWS::NimbleStudio::StreamingImage │ │ └ attributes │ │ └ EncryptionConfiguration: (documentation changed) │ └[~] resource AWS::NimbleStudio::StudioComponent │ └ properties │ ├[-] RuntimeRoleArn: string │ └[-] SecureInitializationRoleArn: string ├[~] service aws-quicksight │ └ resources │ └[~] resource AWS::QuickSight::DataSource │ └ types │ ├[+] type OAuthParameters │ │ ├ name: OAuthParameters │ │ └ properties │ │ ├TokenProviderUrl: string (required) │ │ ├OAuthScope: string │ │ ├IdentityProviderVpcConnectionProperties: VpcConnectionProperties │ │ └IdentityProviderResourceUri: string │ ├[~] type SnowflakeParameters │ │ └ properties │ │ ├[+] AuthenticationType: string │ │ ├[+] DatabaseAccessControlRole: string │ │ └[+] OAuthParameters: OAuthParameters │ └[~] type StarburstParameters │ └ properties │ ├[+] AuthenticationType: string │ ├[+] DatabaseAccessControlRole: string │ └[+] OAuthParameters: OAuthParameters ├[~] service aws-rds │ └ resources │ ├[~] resource AWS::RDS::DBCluster │ │ └ properties │ │ └[+] ClusterScalabilityType: string (immutable) │ └[+] resource AWS::RDS::DBShardGroup │ ├ name: DBShardGroup │ │ cloudFormationType: AWS::RDS::DBShardGroup │ │ documentation: Creates a new DB shard group for Aurora Limitless Database. You must enable Aurora Limitless Database to create a DB shard group. │ │ Valid for: Aurora DB clusters only │ │ tagInformation: {"tagPropertyName":"Tags","variant":"standard"} │ ├ properties │ │ ├DBShardGroupIdentifier: string (immutable) │ │ ├DBClusterIdentifier: string (required, immutable) │ │ ├ComputeRedundancy: integer │ │ ├MaxACU: number (required) │ │ ├MinACU: number │ │ ├PubliclyAccessible: boolean (immutable) │ │ └Tags: Array<tag> │ └ attributes │ ├DBShardGroupResourceId: string │ └Endpoint: string ├[~] service aws-ses │ └ resources │ ├[~] resource AWS::SES::ConfigurationSet │ │ └ types │ │ └[~] type DeliveryOptions │ │ └ properties │ │ └ MaxDeliverySeconds: (documentation changed) │ └[~] resource AWS::SES::Template │ └ types │ └[~] type Template │ └ - documentation: An object that defines the email template to use for an email message, and the values to use for any message variables in that template. An *email template* is a type of message template that contains content that you want to define, save, and reuse in email messages that you send. │ + documentation: An object that defines the email template to use for an email message, and the values to use for any message variables in that template. An *email template* is a type of message template that contains content that you want to reuse in email messages that you send. You can specifiy the email template by providing the name or ARN of an *email template* previously saved in your Amazon SES account or by providing the full template content. └[~] service aws-wisdom └ resources ├[~] resource AWS::Wisdom::AIAgent │ ├ - documentation: Definition of AWS::Wisdom::AIAgent Resource Type │ │ + documentation: Creates an Amazon Q in Connect AI Agent. │ ├ properties │ │ ├ AssistantId: (documentation changed) │ │ ├ Configuration: (documentation changed) │ │ ├ Description: (documentation changed) │ │ ├ Name: (documentation changed) │ │ ├ Tags: (documentation changed) │ │ └ Type: (documentation changed) │ └ attributes │ ├ AIAgentArn: (documentation changed) │ ├ AIAgentId: (documentation changed) │ └ AssistantArn: (documentation changed) ├[+] resource AWS::Wisdom::AIAgentVersion │ ├ name: AIAgentVersion │ │ cloudFormationType: AWS::Wisdom::AIAgentVersion │ │ documentation: Creates and Amazon Q in Connect AI Agent version. │ ├ properties │ │ ├AIAgentId: string (required, immutable) │ │ ├AssistantId: string (required, immutable) │ │ └ModifiedTimeSeconds: number (immutable) │ └ attributes │ ├AIAgentVersionId: string │ ├AIAgentArn: string │ ├AssistantArn: string │ └VersionNumber: number └[~] resource AWS::Wisdom::AIPromptVersion ├ - documentation: Definition of AWS::Wisdom::AIPromptVersion Resource Type │ + documentation: Creates an Amazon Q in Connect AI Prompt version. └ attributes └ VersionNumber: (documentation changed) ```
This PR updates the CDK CLI to use the AWS SDK V3 instead of V2. ### Manual Test Cases for Authorization All tests were run verbosely so that I could manually check the credentials being used from the CLI output. - [x] No credentials setup and no default profile fails as expected (established to ensure nothing was unintentionally setup) - [x] Explicitly provided profile sourced from config file, tested with both `--profile` and `AWS_PROFILE` - [x] `aws_access_key_id` and `aws_secret_access_key` - [x] `aws_access_key_id` and `aws_secret_access_key` and `region` - [x] `source_profile` and `role_arn` that points to another profile with `aws_access_key_id` and `aws_secret_access_key` in both config and credentials - [x] `source_profile` and `role_arn` that points to Environment - [x] `source_profile` that and `role_arn` that points to SSO profile in both config and credentials - [x] SSO both using all fields in `[profile]` and split between `[sso-session]` and `[profile]` - [x] `credential_source` is Environment - [x] `credential_process` - [x] Explicitly provided profile sourced from credentials file - [x] `aws_access_key_id` and `aws_secret_access_key` - [x] `aws_access_key_id` and `aws_secret_access_key` and `region` - [x] `source_profile` and `role_arn` that points to another profile with `aws_access_key_id` and `aws_secret_access_key` in both config and credentials - [x] `source_profile` and `role_arn` that points to Environment - [x] `source_profile` that and `role_arn` that points to SSO profile in both config and credentials - [x] `credential_source` is Environment - [x] `credential_source` is EcsContainer (integ tests in CodeBuild) - [x] `credential_process` - [x] Default profile (in both config file and credentials file) - [x] `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` environment variables set (cleared after test) - [x] `AMAZON_ACCESS_KEY_ID` and `AMAZON_SECRET_ACCESS_KEY` environment variables set (cleared after test) - [x] `aws_access_key_id` and `aws_secret_access_key` - [x] `aws_access_key_id` and `aws_secret_access_key` and `region` - [x] `source_profile` and `role_arn` that points to a profile with `aws_access_key_id` and `aws_secret_access_key` - [x] `source_profile` and `role_arn` that points to Environment (this will use `fromEnv` prior to getting to looking for `source_profile` in the Ini file) - [x] SSO profile is setup as default - [x] `credential_process` Closes #25870, #26292, #20956, #24744, #27265, 20896. ### Reason for this change The AWS SDK V2 is now in maintenance mode. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --------- Co-authored-by: Otavio Macedo <[email protected]> Co-authored-by: Rico Huijbers <[email protected]>
`yargs-gen` used to be a runtime dependency. The only reason seemed to be that there was a factory class for `DynamicResult` types in `yargs-gen`, called `DynamicValue`. In this PR, move the factory to the only location where it is used in the CLI itself, and turn the `import` of `yargs-gen` into an `import type`, which does not imply any runtime dependency. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) None ### Reason for this change AWS Redshift supports for configuring [relocation a cluster](https://docs.aws.amazon.com/redshift/latest/mgmt/managing-cluster-recovery.html) and this feature is supported by [cfn](https://docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html#cfn-redshift-cluster-availabilityzonerelocationstatus). ### Description of changes Add `availabilityZoneRelocation` to `CusterProps`. [Documents](https://docs.aws.amazon.com/redshift/latest/mgmt/managing-cluster-recovery.html) says that this feature is not supported for DC2 node type. ``` Relocation isn't supported on DC2 instance families of products. ``` However, this feature is only supported for RA3 node type in actual. Example implementation: ```ts new redshift.Cluster(stack, 'Cluster', { vpc: vpc, masterUser: { masterUsername: 'admin', }, availabilityZoneRelocation: true, nodeType: redshift.NodeType.DC2_LARGE, }); ``` Result: ```sh Failed resources: AzRelocationClusterStack | 6:52:00 PM | CREATE_FAILED | AWS::Redshift::Cluster | Cluster (ClusterEB0386A7) Resource handler returned message: "If the cluster node type isn?t RA3, availability zone relocation isn?t supported. (Service: Redshift, Status Code: 400, Request ID: 6382b593-cce5-4fe5-b4de-de1ad1c3a604)" (RequestToken: 94c999d9-7b72-19c4-9cfe-154fe6abc717, HandlerErrorCode: GeneralServiceException) ``` So I added this validation. ```ts if (props.availabilityZoneRelocation && !nodeType.startsWith('ra3')) { throw new Error(`Availability zone relocation is supported for only RA3 node types, got: ${props.nodeType}`); } ``` ### Description of how you validated changes Add both unit and integ tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Code that *may* or *may not* run should be excluded from coverage. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
We shouldn't be trying to publish codecov results when the workflow runs in a fork. Nevermind that it will most likely fail because a token is required. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) NA ### Reason for this change AWS Lambda is adding a new feature that allows customers to use their own AWS KMS keys to encrypt their Lambda function code stored in Amazon S3. This gives customers greater control and flexibility over the encryption of their sensitive data and code. The new SourceKMSKeyArn field in the Lambda function's Code object enables customers to specify the ARN of the KMS key to be used for encryption. ### Description of how you validated changes Have added unit tests and integration test to verify the feature. ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…#32112) ### Issue # (if applicable) N/A ### Description of changes This change adds supportsSnapStart as true to dotnet8. This change is needed as Lambda Runtimes team is working on launching Snapstart support for dotnet8. Original PR raised by @Beau-Gosse-dev ### Description of how you validated changes Verified the change is the same as Python and Java. In addition, added new integ test ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws-cdk-automation
added
auto-approve
pr/no-squash
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
aws-cdk-automation
temporarily deployed
to
test-pipeline
GitHub Actions
Inactive
pahud
reviewed
Nov 13, 2024
| if (props.availabilityZoneRelocation && !nodeType.startsWith('ra3')) { | ||
| throw new Error(`Availability zone relocation is supported for only RA3 node types, got: ${props.nodeType}`); | ||
| } | ||
|
|
||
| this.cluster = new CfnCluster(this, 'Resource', { |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
Ensure that user activity logging is enabled for the Redshift cluster. This feature logs each query before it is executed on the cluster's database. To activate this, associate a Redshift Cluster Parameter Group with the enable_user_activity_logging parameter set to true.
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
aws-cdk-automation
added
the
pr/needs-community-review
|
➡️ PR build request submitted to A maintainer must now check the pipeline and add the |
|
Comments on closed issues and PRs are hard for our team to see. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See CHANGELOG