chore(release): 2.169.0 #32224
Merged
chore(release): 2.169.0 #32224
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Collaborator
aws-cdk-automation
commented
Nov 21, 2024
•
aws-cdk-automation
commented
- See CHANGELOG
- See Alpha Modules CHANGELOG
Closes #32195 ### Reason for this change Upgrading the version will pull in the required fix from the SDK: aws/aws-sdk-js-v3#6472 ### Description of changes Only dependency upgrades ### Description of how you validated changes Manual test. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
We were using the `localAddress` of the request handler options, which is the incorrect property. Instead, create an instance of `ProxyAgent`, passing the CA certificate and a function that resolves to the proxy address option from the command line. If no proxy address was passed, it defaults to the environment variables. Tested manually using `mitmproxy` with a custom certificate. While testing this, I noticed that the retry strategy function was incorrect. Closes #32208 ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
(description based on #30479) ### Issue # (if applicable) n/A ### Reason for this change Add support for newly supported 8.0.mysql_aurora.3.08.0. https://docs.aws.amazon.com/AmazonRDS/latest/AuroraMySQLReleaseNotes/AuroraMySQL.Updates.3080.html ### Description of changes Add a new version as a new property to AuroraMysqlEngineVersion class. ### Description of how you validated changes I used the AWS CLI to verify that the new version is available. ```sh $ aws rds describe-db-engine-versions --engine aurora-mysql --query "DBEngineVersions[?EngineVersion=='8.0.mysql_aurora.3.08.0']" [ { "Engine": "aurora-mysql", "EngineVersion": "8.0.mysql_aurora.3.08.0", "DBParameterGroupFamily": "aurora-mysql8.0", "DBEngineDescription": "Aurora MySQL", "DBEngineVersionDescription": "Aurora MySQL 3.08.0 (compatible with MySQL 8.0.39)", "ValidUpgradeTarget": [], "ExportableLogTypes": [ "audit", "error", "general", "slowquery" ], "SupportsLogExportsToCloudwatchLogs": true, "SupportsReadReplica": false, "SupportedEngineModes": [ "provisioned" ], "SupportedFeatureNames": [ "Bedrock" ], "Status": "available", "SupportsParallelQuery": true, "SupportsGlobalDatabases": true, "MajorEngineVersion": "8.0", "SupportsBabelfish": false, "SupportsCertificateRotationWithoutRestart": true, "SupportedCACertificateIdentifiers": [ "rds-ca-ecc384-g1", "rds-ca-rsa4096-g1", "rds-ca-rsa2048-g1" ], "SupportsLocalWriteForwarding": true, "SupportsIntegrations": true } ] ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) Closes #29612. ### Reason for this change AWS Glue Ray job has some restriction. - must use Z.2X worker type ```sh CREATE_FAILED [...] Worker type cannot be null and only [Z.2X] worker types are supported for glueray jobs ``` - must not specify timeout ```sh UPDATE_FAILED [...] Timeout not supported for Ray jobs ``` ### Description of changes Add validation for above restriction. ```ts if (executable.type.name === JobType.RAY.name) { if (props.workerType !== WorkerType.Z_2X) { throw new Error(`WorkerType must be Z_2X for Ray jobs, got: ${props.workerType}`); } if (props.timeout !== undefined) { throw new Error('Timeout cannot be set for Ray jobs'); } } ``` ### Description of how you validated changes Add unit test. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) Closes #17576. ### Reason for this change To allow setting of delivery policy for appropriate sns subscriptions. ### Description of changes Subscriptions can now take a new parameter `deliveryPolicy` which consists of a `healthyRetryPolicy`, a `throttlePolicy`, and a `requestPolicy` (each having the same parameters described here: https://docs.aws.amazon.com/sns/latest/dg/sns-message-delivery-retries.html#creating-delivery-policy). ### Description of how you validated changes New integration test along with unit tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) N/A ### Reason for this change According to the [CFn documentation](https://docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/aws-resource-location-tracker.html#cfn-location-tracker-trackername), underscores should be allowed in the name of the following resources. However, the Regex pattern is incorrect, and underscores are not permitted. * [geofenceCollectionName](https://docs.aws.amazon.com/cdk/api/v2/docs/@aws-cdk_aws-location-alpha.GeofenceCollection.html#geofencecollectionnamespan-classapi-icon-api-icon-experimental-titlethis-api-element-is-experimental-it-may-change-without-noticespan) * [placeIndexName](https://docs.aws.amazon.com/cdk/api/v2/docs/@aws-cdk_aws-location-alpha.PlaceIndex.html#placeindexnamespan-classapi-icon-api-icon-experimental-titlethis-api-element-is-experimental-it-may-change-without-noticespan) * [routeCalculatorName](https://docs.aws.amazon.com/cdk/api/v2/docs/@aws-cdk_aws-location-alpha.RouteCalculator.html#routecalculatornamespan-classapi-icon-api-icon-experimental-titlethis-api-element-is-experimental-it-may-change-without-noticespan) * [trackerName](https://docs.aws.amazon.com/cdk/api/v2/docs/@aws-cdk_aws-location-alpha.Tracker.html#trackernamespan-classapi-icon-api-icon-experimental-titlethis-api-element-is-experimental-it-may-change-without-noticespan) ### Description of changes Fix regex pattern in validations. Additionally, I separated the Regex pattern validation and the character count validation to make it more user-friendly. ### Description of how you validated changes Add unit tests and integ tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…buckets (#32064) ### Issue # (if applicable) Closes #31982 ### Reason for this change KMS keys should be rotated by default, for security reasons ### Description of changes KMS keys created by s3.Bucket are now rotated ### Description of how you validated changes Updated existing unit tests and integ tests ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) Closes #30647. ### Reason for this change In [aws-location-alpha](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-location-alpha-readme.html), `map` has not been supported yet. ### Description of changes Add `Map` class. ### Description of how you validated changes Add a unit test and a integ test. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…icy()` (#31167) ### Issue # (if applicable) None ### Reason for this change By using `AwsApiCall.provider.addToRolePolicy()`, we can add the necessary IAM policy to execute `AwsApiCall`. However, when using `waitForAssertions()`, the test will fail unless we use `AwsApiCall.waiterProvider.addToRolePolicy()`. Since this information was not mentioned in the official documentation, I struggled to resolve the issue, so I submitted a pull request to add it to the documentation." ### Description of changes Add description. ### Description of how you validated changes None ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec` **L1 CloudFormation resource definition changes:** ``` ├[~] service aws-accessanalyzer │ └ resources │ └[~] resource AWS::AccessAnalyzer::Analyzer │ ├ properties │ │ ├ AnalyzerConfiguration: - AnalyzerConfiguration (immutable) │ │ │ + AnalyzerConfiguration │ │ │ (documentation changed) │ │ └ Tags: (documentation changed) │ └ types │ ├[+] type AnalysisRule │ │ ├ documentation: Contains information about analysis rules for the analyzer. Analysis rules determine which entities will generate findings based on the criteria you define when you create the rule. │ │ │ name: AnalysisRule │ │ └ properties │ │ └Exclusions: Array<AnalysisRuleCriteria> │ ├[+] type AnalysisRuleCriteria │ │ ├ documentation: The criteria for an analysis rule for an analyzer. The criteria determine which entities will generate findings. │ │ │ name: AnalysisRuleCriteria │ │ └ properties │ │ ├AccountIds: Array<string> │ │ └ResourceTags: Array<Array<tag>> │ ├[~] type AnalyzerConfiguration │ │ ├ - documentation: Contains information about the configuration of an unused access analyzer for an AWS organization or account. │ │ │ + documentation: Contains information about the configuration of an analyzer for an AWS organization or account. │ │ └ properties │ │ └ UnusedAccessConfiguration: (documentation changed) │ ├[~] type ArchiveRule │ │ └ - documentation: Contains information about an archive rule. │ │ + documentation: Contains information about an archive rule. Archive rules automatically archive new findings that meet the criteria you define when you create the rule. │ └[~] type UnusedAccessConfiguration │ └ properties │ ├[+] AnalysisRule: AnalysisRule │ └ UnusedAccessAge: (documentation changed) ├[~] service aws-applicationsignals │ └ resources │ └[~] resource AWS::ApplicationSignals::ServiceLevelObjective │ ├ - documentation: Creates or updates a service level objective (SLO), which can help you ensure that your critical business operations are meeting customer expectations. Use SLOs to set and track specific target levels for the reliability and availability of your applications and services. SLOs use service level indicators (SLIs) to calculate whether the application is performing at the level that you want. │ │ Create an SLO to set a target for a service or operation’s availability or latency. CloudWatch measures this target frequently you can find whether it has been breached. │ │ The target performance quality that is defined for an SLO is the *attainment goal* . An attainment goal is the percentage of time or requests that the SLI is expected to meet the threshold over each time interval. For example, an attainment goal of 99.9% means that within your interval, you are targeting 99.9% of the periods to be in healthy state. │ │ When you create an SLO, you specify whether it is a *period-based SLO* or a *request-based SLO* . Each type of SLO has a different way of evaluating your application's performance against its attainment goal. │ │ - A *period-based SLO* uses defined *periods* of time within a specified total time interval. For each period of time, Application Signals determines whether the application met its goal. The attainment rate is calculated as the `number of good periods/number of total periods` . │ │ For example, for a period-based SLO, meeting an attainment goal of 99.9% means that within your interval, your application must meet its performance goal during at least 99.9% of the time periods. │ │ - A *request-based SLO* doesn't use pre-defined periods of time. Instead, the SLO measures `number of good requests/number of total requests` during the interval. At any time, you can find the ratio of good requests to total requests for the interval up to the time stamp that you specify, and measure that ratio against the goal set in your SLO. │ │ After you have created an SLO, you can retrieve error budget reports for it. An *error budget* is the amount of time or amount of requests that your application can be non-compliant with the SLO's goal, and still have your application meet the goal. │ │ - For a period-based SLO, the error budget starts at a number defined by the highest number of periods that can fail to meet the threshold, while still meeting the overall goal. The *remaining error budget* decreases with every failed period that is recorded. The error budget within one interval can never increase. │ │ For example, an SLO with a threshold that 99.95% of requests must be completed under 2000ms every month translates to an error budget of 21.9 minutes of downtime per month. │ │ - For a request-based SLO, the remaining error budget is dynamic and can increase or decrease, depending on the ratio of good requests to total requests. │ │ When you call this operation, Application Signals creates the *AWSServiceRoleForCloudWatchApplicationSignals* service-linked role, if it doesn't already exist in your account. This service- linked role has the following permissions: │ │ - `xray:GetServiceGraph` │ │ - `logs:StartQuery` │ │ - `logs:GetQueryResults` │ │ - `cloudwatch:GetMetricData` │ │ - `cloudwatch:ListMetrics` │ │ - `tag:GetResources` │ │ - `autoscaling:DescribeAutoScalingGroups` │ │ You can easily set SLO targets for your applications that are discovered by Application Signals, using critical metrics such as latency and availability. You can also set SLOs against any CloudWatch metric or math expression that produces a time series. │ │ You cannot change from a period-based SLO to a request-based SLO, or change from a request-based SLO to a period-based SLO. │ │ For more information about SLOs, see [Service level objectives (SLOs)](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-ServiceLevelObjectives.html) . │ │ + documentation: Creates or updates a service level objective (SLO), which can help you ensure that your critical business operations are meeting customer expectations. Use SLOs to set and track specific target levels for the reliability and availability of your applications and services. SLOs use service level indicators (SLIs) to calculate whether the application is performing at the level that you want. │ │ Create an SLO to set a target for a service or operation’s availability or latency. CloudWatch measures this target frequently you can find whether it has been breached. │ │ The target performance quality that is defined for an SLO is the *attainment goal* . An attainment goal is the percentage of time or requests that the SLI is expected to meet the threshold over each time interval. For example, an attainment goal of 99.9% means that within your interval, you are targeting 99.9% of the periods to be in healthy state. │ │ When you create an SLO, you specify whether it is a *period-based SLO* or a *request-based SLO* . Each type of SLO has a different way of evaluating your application's performance against its attainment goal. │ │ - A *period-based SLO* uses defined *periods* of time within a specified total time interval. For each period of time, Application Signals determines whether the application met its goal. The attainment rate is calculated as the `number of good periods/number of total periods` . │ │ For example, for a period-based SLO, meeting an attainment goal of 99.9% means that within your interval, your application must meet its performance goal during at least 99.9% of the time periods. │ │ - A *request-based SLO* doesn't use pre-defined periods of time. Instead, the SLO measures `number of good requests/number of total requests` during the interval. At any time, you can find the ratio of good requests to total requests for the interval up to the time stamp that you specify, and measure that ratio against the goal set in your SLO. │ │ After you have created an SLO, you can retrieve error budget reports for it. An *error budget* is the amount of time or amount of requests that your application can be non-compliant with the SLO's goal, and still have your application meet the goal. │ │ - For a period-based SLO, the error budget starts at a number defined by the highest number of periods that can fail to meet the threshold, while still meeting the overall goal. The *remaining error budget* decreases with every failed period that is recorded. The error budget within one interval can never increase. │ │ For example, an SLO with a threshold that 99.95% of requests must be completed under 2000ms every month translates to an error budget of 21.9 minutes of downtime per month. │ │ - For a request-based SLO, the remaining error budget is dynamic and can increase or decrease, depending on the ratio of good requests to total requests. │ │ When you call this operation, Application Signals creates the *AWSServiceRoleForCloudWatchApplicationSignals* service-linked role, if it doesn't already exist in your account. This service- linked role has the following permissions: │ │ - `xray:GetServiceGraph` │ │ - `logs:StartQuery` │ │ - `logs:GetQueryResults` │ │ - `cloudwatch:GetMetricData` │ │ - `cloudwatch:ListMetrics` │ │ - `tag:GetResources` │ │ - `autoscaling:DescribeAutoScalingGroups` │ │ You can easily set SLO targets for your applications that are discovered by Application Signals, using critical metrics such as latency and availability. You can also set SLOs against any CloudWatch metric or math expression that produces a time series. │ │ > You can't create an SLO for a service operation that was discovered by Application Signals until after that operation has reported standard metrics to Application Signals. │ │ You cannot change from a period-based SLO to a request-based SLO, or change from a request-based SLO to a period-based SLO. │ │ For more information about SLOs, see [Service level objectives (SLOs)](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-ServiceLevelObjectives.html) . │ └ types │ └[~] type BurnRateConfiguration │ └ - documentation: This object defines the length of the look-back window used to calculate one burn rate metric for this SLO. The burn rate measures how fast the service is consuming the error budget, relative to the attainment goal of the SLO. A burn rate of exactly 1 indicates that the SLO goal will be met exactly. │ For example, if you specify 60 as the number of minutes in the look-back window, the burn rate is calculated as the following: │ burn rate = error rate over the look-back window / (1 - attainment goal percentage) │ + documentation: This object defines the length of the look-back window used to calculate one burn rate metric for this SLO. The burn rate measures how fast the service is consuming the error budget, relative to the attainment goal of the SLO. A burn rate of exactly 1 indicates that the SLO goal will be met exactly. │ For example, if you specify 60 as the number of minutes in the look-back window, the burn rate is calculated as the following: │ *burn rate = error rate over the look-back window / (100% - attainment goal percentage)* │ For more information about burn rates, see [Calculate burn rates](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-ServiceLevelObjectives.html#CloudWatch-ServiceLevelObjectives-burn) . ├[~] service aws-autoscaling │ └ resources │ ├[~] resource AWS::AutoScaling::AutoScalingGroup │ │ ├ properties │ │ │ ├ AvailabilityZoneImpairmentPolicy: (documentation changed) │ │ │ └[+] CapacityReservationSpecification: CapacityReservationSpecification │ │ └ types │ │ ├[~] type AvailabilityZoneImpairmentPolicy │ │ │ ├ - documentation: undefined │ │ │ │ + documentation: Describes an Availability Zone impairment policy. │ │ │ └ properties │ │ │ ├ ImpairedZoneHealthCheckBehavior: (documentation changed) │ │ │ └ ZonalShiftEnabled: (documentation changed) │ │ ├[+] type CapacityReservationSpecification │ │ │ ├ name: CapacityReservationSpecification │ │ │ └ properties │ │ │ ├CapacityReservationPreference: string (required) │ │ │ └CapacityReservationTarget: CapacityReservationTarget │ │ └[+] type CapacityReservationTarget │ │ ├ name: CapacityReservationTarget │ │ └ properties │ │ ├CapacityReservationIds: Array<string> │ │ └CapacityReservationResourceGroupArns: Array<string> │ └[~] resource AWS::AutoScaling::ScalingPolicy │ └ types │ ├[~] type CustomizedMetricSpecification │ │ └ properties │ │ └[+] Period: integer │ ├[~] type TargetTrackingMetricDataQuery │ │ └ properties │ │ └[+] Period: integer │ └[~] type TargetTrackingMetricStat │ └ properties │ └[+] Period: integer ├[~] service aws-cloudformation │ └ resources │ └[~] resource AWS::CloudFormation::TypeActivation │ └ properties │ ├ ExecutionRoleArn: - string │ │ + string (immutable) │ ├ PublicTypeArn: - string │ │ + string (immutable) │ ├ PublisherId: - string │ │ + string (immutable) │ ├ Type: - string │ │ + string (immutable) │ ├ TypeName: - string │ │ + string (immutable) │ └ TypeNameAlias: - string │ + string (immutable) ├[~] service aws-codebuild │ └ resources │ └[~] resource AWS::CodeBuild::Project │ └ types │ └[~] type Source │ └ properties │ └ ReportBuildStatus: (documentation changed) ├[~] service aws-connect │ └ resources │ └[+] resource AWS::Connect::EmailAddress │ ├ name: EmailAddress │ │ cloudFormationType: AWS::Connect::EmailAddress │ │ documentation: Resource Type definition for AWS::Connect::EmailAddress │ │ tagInformation: {"tagPropertyName":"Tags","variant":"standard"} │ ├ properties │ │ ├InstanceArn: string (required) │ │ ├Description: string │ │ ├EmailAddress: string (required, immutable) │ │ ├DisplayName: string │ │ └Tags: Array<tag> │ └ attributes │ └EmailAddressArn: string ├[~] service aws-customerprofiles │ └ resources │ └[~] resource AWS::CustomerProfiles::Integration │ └ properties │ └[+] EventTriggerNames: Array<string> ├[~] service aws-deadline │ └ resources │ └[~] resource AWS::Deadline::Fleet │ └ types │ ├[+] type AcceleratorCapabilities │ │ ├ documentation: Provides information about the GPU accelerators used for jobs processed by a fleet. │ │ │ name: AcceleratorCapabilities │ │ └ properties │ │ ├Selections: Array<AcceleratorSelection> (required) │ │ └Count: AcceleratorCountRange │ ├[~] type AcceleratorCountRange │ │ ├ - documentation: The range for the GPU fleet acceleration. │ │ │ + documentation: Defines the maximum and minimum number of GPU accelerators required for a worker instance.. │ │ └ properties │ │ ├ Max: (documentation changed) │ │ └ Min: (documentation changed) │ ├[+] type AcceleratorSelection │ │ ├ documentation: Describes a specific GPU accelerator required for an Amazon Elastic Compute Cloud worker host. │ │ │ name: AcceleratorSelection │ │ └ properties │ │ ├Name: string (required) │ │ └Runtime: string │ ├[~] type AcceleratorTotalMemoryMiBRange │ │ └ - documentation: The range for memory, in MiB, to use for the accelerator. │ │ + documentation: Defines the maximum and minimum amount of memory, in MiB, to use for the accelerator. │ └[~] type ServiceManagedEc2InstanceCapabilities │ └ properties │ └[+] AcceleratorCapabilities: AcceleratorCapabilities ├[~] service aws-dynamodb │ └ resources │ ├[~] resource AWS::DynamoDB::GlobalTable │ │ ├ properties │ │ │ └ WarmThroughput: (documentation changed) │ │ └ types │ │ ├[~] type GlobalSecondaryIndex │ │ │ └ properties │ │ │ └ WarmThroughput: (documentation changed) │ │ └[~] type WarmThroughput │ │ ├ - documentation: undefined │ │ │ + documentation: Provides visibility into the number of read and write operations your table or secondary index can instantaneously support. The settings can be modified using the `UpdateTable` operation to meet the throughput requirements of an upcoming peak event. │ │ └ properties │ │ ├ ReadUnitsPerSecond: (documentation changed) │ │ └ WriteUnitsPerSecond: (documentation changed) │ └[~] resource AWS::DynamoDB::Table │ ├ properties │ │ ├ ImportSourceSpecification: (documentation changed) │ │ └ WarmThroughput: (documentation changed) │ └ types │ ├[~] type GlobalSecondaryIndex │ │ └ properties │ │ └ WarmThroughput: (documentation changed) │ └[~] type WarmThroughput │ ├ - documentation: undefined │ │ + documentation: Provides visibility into the number of read and write operations your table or secondary index can instantaneously support. The settings can be modified using the `UpdateTable` operation to meet the throughput requirements of an upcoming peak event. │ └ properties │ ├ ReadUnitsPerSecond: (documentation changed) │ └ WriteUnitsPerSecond: (documentation changed) ├[~] service aws-ec2 │ └ resources │ └[~] resource AWS::EC2::PrefixList │ └ properties │ └ MaxEntries: (documentation changed) ├[~] service aws-ecs │ └ resources │ ├[~] resource AWS::ECS::Service │ │ ├ properties │ │ │ ├ HealthCheckGracePeriodSeconds: (documentation changed) │ │ │ └ VpcLatticeConfigurations: (documentation changed) │ │ └ types │ │ └[~] type VpcLatticeConfiguration │ │ ├ - documentation: undefined │ │ │ + documentation: The VPC Lattice configuration for your service that holds the information for the target group(s) Amazon ECS tasks will be registered to. │ │ └ properties │ │ ├ PortName: (documentation changed) │ │ ├ RoleArn: (documentation changed) │ │ └ TargetGroupArn: (documentation changed) │ └[~] resource AWS::ECS::TaskDefinition │ └ types │ └[~] type PortMapping │ └ properties │ └ Name: (documentation changed) ├[~] service aws-efs │ └ resources │ └[~] resource AWS::EFS::FileSystem │ └ types │ └[~] type ReplicationDestination │ └ properties │ ├[+] RoleArn: string │ ├[+] Status: string │ └[+] StatusMessage: string ├[~] service aws-eks │ └ resources │ └[~] resource AWS::EKS::Nodegroup │ ├ properties │ │ └[+] NodeRepairConfig: NodeRepairConfig │ └ types │ └[+] type NodeRepairConfig │ ├ documentation: The node auto repair configuration for node group. │ │ name: NodeRepairConfig │ └ properties │ └Enabled: boolean ├[~] service aws-gamelift │ └ resources │ ├[~] resource AWS::GameLift::Build │ │ └ properties │ │ └ OperatingSystem: (documentation changed) │ ├[~] resource AWS::GameLift::ContainerFleet │ │ ├ - documentation: The AWS::GameLift::ContainerFleet resource creates an Amazon GameLift (GameLift) container fleet to host game servers. │ │ │ + documentation: Describes an Amazon GameLift managed container fleet. │ │ ├ properties │ │ │ ├ BillingType: (documentation changed) │ │ │ ├ DeploymentConfiguration: (documentation changed) │ │ │ ├ Description: (documentation changed) │ │ │ ├ FleetRoleArn: (documentation changed) │ │ │ ├ GameServerContainerGroupDefinitionName: (documentation changed) │ │ │ ├ GameServerContainerGroupsPerInstance: (documentation changed) │ │ │ ├ GameSessionCreationLimitPolicy: (documentation changed) │ │ │ ├ InstanceConnectionPortRange: (documentation changed) │ │ │ ├ InstanceInboundPermissions: (documentation changed) │ │ │ ├ InstanceType: (documentation changed) │ │ │ ├ LogConfiguration: (documentation changed) │ │ │ ├ MetricGroups: (documentation changed) │ │ │ ├ NewGameSessionProtectionPolicy: (documentation changed) │ │ │ └ PerInstanceContainerGroupDefinitionName: (documentation changed) │ │ ├ attributes │ │ │ ├ CreationTime: (documentation changed) │ │ │ ├ FleetArn: (documentation changed) │ │ │ ├ FleetId: (documentation changed) │ │ │ ├ GameServerContainerGroupDefinitionArn: (documentation changed) │ │ │ ├ MaximumGameServerContainerGroupsPerInstance: (documentation changed) │ │ │ ├ PerInstanceContainerGroupDefinitionArn: (documentation changed) │ │ │ └ Status: (documentation changed) │ │ └ types │ │ ├[~] type ConnectionPortRange │ │ │ ├ - documentation: Defines the range of ports on the instance that allow inbound traffic to connect with containers in a fleet. │ │ │ │ + documentation: The set of port numbers to open on each instance in a container fleet. Connection ports are used by inbound traffic to connect with processes that are running in containers on the fleet. │ │ │ └ properties │ │ │ ├ FromPort: (documentation changed) │ │ │ └ ToPort: (documentation changed) │ │ ├[~] type DeploymentConfiguration │ │ │ ├ - documentation: Provides details about how to drain old tasks and replace them with new updated tasks. │ │ │ │ + documentation: Set of rules for processing a deployment for a container fleet update. │ │ │ └ properties │ │ │ ├ ImpairmentStrategy: (documentation changed) │ │ │ ├ MinimumHealthyPercentage: (documentation changed) │ │ │ └ ProtectionStrategy: (documentation changed) │ │ ├[~] type DeploymentDetails │ │ │ ├ - documentation: Provides information about the last deployment ID and its status. │ │ │ │ + documentation: Information about the most recent deployment for the container fleet. │ │ │ └ properties │ │ │ └ LatestDeploymentId: (documentation changed) │ │ ├[~] type GameSessionCreationLimitPolicy │ │ │ ├ - documentation: A policy that limits the number of game sessions a player can create on the same fleet. This optional policy gives game owners control over how players can consume available game server resources. A resource creation policy makes the following statement: "An individual player can create a maximum number of new game sessions within a specified time period". │ │ │ │ The policy is evaluated when a player tries to create a new game session. For example, assume you have a policy of 10 new game sessions and a time period of 60 minutes. On receiving a CreateGameSession request, Amazon GameLift checks that the player (identified by CreatorId) has created fewer than 10 game sessions in the past 60 minutes. │ │ │ │ + documentation: A policy that puts limits on the number of game sessions that a player can create within a specified span of time. With this policy, you can control players' ability to consume available resources. │ │ │ │ The policy is evaluated when a player tries to create a new game session. On receiving a `CreateGameSession` request, Amazon GameLift checks that the player (identified by `CreatorId` ) has created fewer than game session limit in the specified time period. │ │ │ └ properties │ │ │ └ NewGameSessionsPerCreator: (documentation changed) │ │ ├[~] type IpPermission │ │ │ ├ - documentation: A range of IP addresses and port settings that allow inbound traffic to connect to server processes on an Amazon GameLift hosting resource. New game sessions that are started on the fleet are assigned an IP address/port number combination, which must fall into the fleet's allowed ranges. For fleets created with a custom game server, the ranges reflect the server's game session assignments. For Realtime Servers fleets, Amazon GameLift automatically opens two port ranges, one for TCP messaging and one for UDP, for use by the Realtime servers. │ │ │ │ + documentation: A range of IP addresses and port settings that allow inbound traffic to connect to processes on an instance in a fleet. Processes are assigned an IP address/port number combination, which must fall into the fleet's allowed ranges. │ │ │ │ For Realtime Servers fleets, Amazon GameLift automatically opens two port ranges, one for TCP messaging and one for UDP. │ │ │ └ properties │ │ │ ├ FromPort: (documentation changed) │ │ │ ├ IpRange: (documentation changed) │ │ │ └ ToPort: (documentation changed) │ │ ├[~] type LocationConfiguration │ │ │ ├ - documentation: A remote location where a multi-location fleet can deploy EC2 instances for game hosting. │ │ │ │ + documentation: A remote location where a multi-location fleet can deploy game servers for game hosting. │ │ │ └ properties │ │ │ └ Location: (documentation changed) │ │ ├[~] type LogConfiguration │ │ │ ├ - documentation: A policy the location and provider of logs from the fleet. │ │ │ │ + documentation: A method for collecting container logs for the fleet. Amazon GameLift saves all standard output for each container in logs, including game session logs. You can select from the following methods: │ │ │ └ properties │ │ │ ├ LogDestination: (documentation changed) │ │ │ └ S3BucketName: (documentation changed) │ │ └[~] type ScalingPolicy │ │ └ properties │ │ ├ MetricName: (documentation changed) │ │ ├ PolicyType: (documentation changed) │ │ ├ ScalingAdjustmentType: (documentation changed) │ │ └ TargetConfiguration: (documentation changed) │ ├[~] resource AWS::GameLift::ContainerGroupDefinition │ │ ├ - documentation: The properties that describe a container group resource. You can update all properties of a container group definition properties. Updates to a container group definition are saved as new versions. │ │ │ *Used with:* `CreateContainerGroupDefinition` │ │ │ *Returned by:* `DescribeContainerGroupDefinition` , `ListContainerGroupDefinitions` , `UpdateContainerGroupDefinition` │ │ │ + documentation: The properties that describe a container group resource. You can update all properties of a container group definition properties. Updates to a container group definition are saved as new versions. │ │ │ *Used with:* [CreateContainerGroupDefinition](https://docs.aws.amazon.com/gamelift/latest/apireference/API_CreateContainerGroupDefinition.html) │ │ │ *Returned by:* [DescribeContainerGroupDefinition](https://docs.aws.amazon.com/gamelift/latest/apireference/API_DescribeContainerGroupDefinition.html) , [ListContainerGroupDefinitions](https://docs.aws.amazon.com/gamelift/latest/apireference/API_ListContainerGroupDefinitions.html) , [UpdateContainerGroupDefinition](https://docs.aws.amazon.com/gamelift/latest/apireference/API_UpdateContainerGroupDefinition.html) │ │ ├ properties │ │ │ ├ ContainerGroupType: (documentation changed) │ │ │ ├ GameServerContainerDefinition: (documentation changed) │ │ │ ├ TotalMemoryLimitMebibytes: (documentation changed) │ │ │ ├ TotalVcpuLimit: (documentation changed) │ │ │ └ VersionDescription: (documentation changed) │ │ ├ attributes │ │ │ ├ StatusReason: (documentation changed) │ │ │ └ VersionNumber: (documentation changed) │ │ └ types │ │ ├[~] type ContainerDependency │ │ │ ├ - documentation: A dependency that impacts a container's startup and shutdown. │ │ │ │ + documentation: A container's dependency on another container in the same container group. The dependency impacts how the dependent container is able to start or shut down based the status of the other container. │ │ │ │ For example, *ContainerA* is configured with the following dependency: a `START` dependency on *ContainerB* . This means that *ContainerA* can't start until *ContainerB* has started. It also means that *ContainerA* must shut down before *ContainerB* . │ │ │ │ *Part of:* [GameServerContainerDefinition](https://docs.aws.amazon.com/gamelift/latest/apireference/API_GameServerContainerDefinition.html) , [GameServerContainerDefinitionInput](https://docs.aws.amazon.com/gamelift/latest/apireference/API_GameServerContainerDefinitionInput.html) , [SupportContainerDefinition](https://docs.aws.amazon.com/gamelift/latest/apireference/API_SupportContainerDefinition.html) , [SupportContainerDefinitionInput](https://docs.aws.amazon.com/gamelift/latest/apireference/API_SupportContainerDefinitionInput.html) │ │ │ └ properties │ │ │ ├ Condition: (documentation changed) │ │ │ └ ContainerName: (documentation changed) │ │ ├[~] type ContainerEnvironment │ │ │ └ - documentation: An environment variable to set inside a container, in the form of a key-value pair. │ │ │ + documentation: An environment variable to set inside a container, in the form of a key-value pair. │ │ │ *Part of:* [GameServerContainerDefinition](https://docs.aws.amazon.com/gamelift/latest/apireference/API_GameServerContainerDefinition.html) , [GameServerContainerDefinitionInput](https://docs.aws.amazon.com/gamelift/latest/apireference/API_GameServerContainerDefinitionInput.html) , [SupportContainerDefinition](https://docs.aws.amazon.com/gamelift/latest/apireference/API_SupportContainerDefinition.html) , [SupportContainerDefinitionInput](https://docs.aws.amazon.com/gamelift/latest/apireference/API_SupportContainerDefinitionInput.html) │ │ ├[~] type ContainerHealthCheck │ │ │ ├ - documentation: Specifies how the process manager checks the health of containers. │ │ │ │ + documentation: Instructions on when and how to check the health of a support container in a container fleet. These properties override any Docker health checks that are set in the container image. For more information on container health checks, see [HealthCheck command](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_HealthCheck.html#ECS-Type-HealthCheck-command) in the *Amazon Elastic Container Service API* . Game server containers don't have a health check parameter; Amazon GameLift automatically handles health checks for these containers. │ │ │ │ The following example instructs the container to initiate a health check command every 60 seconds and wait 10 seconds for it to succeed. If it fails, retry the command 3 times before flagging the container as unhealthy. It also tells the container to wait 100 seconds after launch before counting failed health checks. │ │ │ │ `{"Command": [ "CMD-SHELL", "ps cax | grep "processmanager" || exit 1" ], "Interval": 60, "Timeout": 10, "Retries": 3, "StartPeriod": 100 }` │ │ │ │ *Part of:* [SupportContainerDefinition](https://docs.aws.amazon.com/gamelift/latest/apireference/API_SupportContainerDefinition.html) , [SupportContainerDefinitionInput](https://docs.aws.amazon.com/gamelift/latest/apireference/API_SupportContainerDefinitionInput.html) │ │ │ └ properties │ │ │ ├ Command: (documentation changed) │ │ │ ├ Interval: (documentation changed) │ │ │ ├ Retries: (documentation changed) │ │ │ ├ StartPeriod: (documentation changed) │ │ │ └ Timeout: (documentation changed) │ │ ├[~] type ContainerMountPoint │ │ │ ├ - documentation: Defines the mount point configuration within a container. │ │ │ │ + documentation: A mount point that binds a container to a file or directory on the host system. │ │ │ │ *Part of:* [GameServerContainerDefinition](https://docs.aws.amazon.com/gamelift/latest/apireference/API_GameServerContainerDefinition.html) , [](https://docs.aws.amazon.com/gamelift/latest/apireference/API_GameServerContainerDefinitionInput.html) , [SupportContainerDefinition](https://docs.aws.amazon.com/gamelift/latest/apireference/API_SupportContainerDefinition.html) , [](https://docs.aws.amazon.com/gamelift/latest/apireference/API_SupportContainerDefinitionInput.html) │ │ │ └ properties │ │ │ ├ AccessLevel: (documentation changed) │ │ │ ├ ContainerPath: (documentation changed) │ │ │ └ InstancePath: (documentation changed) │ │ ├[~] type ContainerPortRange │ │ │ ├ - documentation: A set of one or more port numbers that can be opened on the container. │ │ │ │ + documentation: A set of one or more port numbers that can be opened on the container. │ │ │ │ *Part of:* [ContainerPortConfiguration](https://docs.aws.amazon.com/gamelift/latest/apireference/API_ContainerPortConfiguration.html) │ │ │ └ properties │ │ │ ├ Protocol: (documentation changed) │ │ │ └ ToPort: (documentation changed) │ │ ├[~] type GameServerContainerDefinition │ │ │ ├ - documentation: Specifies the information required to run game servers with this container group │ │ │ │ + documentation: Describes the game server container in an existing game server container group. A game server container identifies a container image with your game server build. A game server container is automatically considered essential; if an essential container fails, the entire container group restarts. │ │ │ │ You can update a container definition and deploy the updates to an existing fleet. When creating or updating a game server container group definition, use the property [](https://docs.aws.amazon.com/gamelift/latest/apireference/API_GameServerContainerDefinitionInput) . │ │ │ │ *Part of:* [ContainerGroupDefinition](https://docs.aws.amazon.com/gamelift/latest/apireference/API_ContainerGroupDefinition.html) │ │ │ │ *Returned by:* [DescribeContainerGroupDefinition](https://docs.aws.amazon.com/gamelift/latest/apireference/API_DescribeContainerGroupDefinition.html) , [ListContainerGroupDefinitions](https://docs.aws.amazon.com/gamelift/latest/apireference/API_ListContainerGroupDefinitions.html) , [UpdateContainerGroupDefinition](https://docs.aws.amazon.com/gamelift/latest/apireference/API_UpdateContainerGroupDefinition.html) │ │ │ └ properties │ │ │ ├ ContainerName: (documentation changed) │ │ │ ├ DependsOn: (documentation changed) │ │ │ ├ EnvironmentOverride: (documentation changed) │ │ │ ├ ImageUri: (documentation changed) │ │ │ ├ MountPoints: (documentation changed) │ │ │ ├ PortConfiguration: (documentation changed) │ │ │ ├ ResolvedImageDigest: (documentation changed) │ │ │ └ ServerSdkVersion: (documentation changed) │ │ └[~] type SupportContainerDefinition │ │ ├ - documentation: Supports the function of the main container group │ │ │ + documentation: Describes a support container in a container group. A support container might be in a game server container group or a per-instance container group. Support containers don't run game server processes. │ │ │ You can update a support container definition and deploy the updates to an existing fleet. When creating or updating a game server container group definition, use the property [GameServerContainerDefinitionInput](https://docs.aws.amazon.com/gamelift/latest/apireference/API_GameServerContainerDefinitionInput.html) . │ │ │ *Part of:* [ContainerGroupDefinition](https://docs.aws.amazon.com/gamelift/latest/apireference/API_ContainerGroupDefinition.html) │ │ │ *Returned by:* [DescribeContainerGroupDefinition](https://docs.aws.amazon.com/gamelift/latest/apireference/API_DescribeContainerGroupDefinition.html) , [ListContainerGroupDefinitions](https://docs.aws.amazon.com/gamelift/latest/apireference/API_ListContainerGroupDefinitions.html) , [UpdateContainerGroupDefinition](https://docs.aws.amazon.com/gamelift/latest/apireference/API_UpdateContainerGroupDefinition.html) │ │ └ properties │ │ ├ ContainerName: (documentation changed) │ │ ├ DependsOn: (documentation changed) │ │ ├ EnvironmentOverride: (documentation changed) │ │ ├ Essential: (documentation changed) │ │ ├ HealthCheck: (documentation changed) │ │ ├ ImageUri: (documentation changed) │ │ ├ MemoryHardLimitMebibytes: (documentation changed) │ │ ├ MountPoints: (documentation changed) │ │ ├ PortConfiguration: (documentation changed) │ │ ├ ResolvedImageDigest: (documentation changed) │ │ └ Vcpu: (documentation changed) │ └[~] resource AWS::GameLift::Fleet │ ├ properties │ │ ├ ComputeType: (documentation changed) │ │ ├ EC2InboundPermissions: (documentation changed) │ │ ├ InstanceRoleARN: (documentation changed) │ │ └ InstanceRoleCredentialsProvider: (documentation changed) │ └ types │ ├[~] type CertificateConfiguration │ │ └ properties │ │ └ CertificateType: (documentation changed) │ └[~] type RuntimeConfiguration │ └ properties │ └ MaxConcurrentGameSessionActivations: (documentation changed) ├[~] service aws-iot │ └ resources │ └[~] resource AWS::IoT::ThingType │ └ types │ ├[+] type Mqtt5Configuration │ │ ├ name: Mqtt5Configuration │ │ └ properties │ │ └PropagatingAttributes: Array<PropagatingAttribute> │ ├[+] type PropagatingAttribute │ │ ├ name: PropagatingAttribute │ │ └ properties │ │ ├UserPropertyKey: string (required) │ │ ├ThingAttribute: string │ │ └ConnectionAttribute: string │ └[~] type ThingTypeProperties │ └ properties │ └[+] Mqtt5Configuration: Mqtt5Configuration ├[~] service aws-iotfleetwise │ └ resources │ └[~] resource AWS::IoTFleetWise::Campaign │ ├ properties │ │ └[+] DataPartitions: Array<DataPartition> (immutable) │ └ types │ ├[+] type DataPartition │ │ ├ name: DataPartition │ │ └ properties │ │ ├Id: string (required) │ │ ├StorageOptions: DataPartitionStorageOptions (required) │ │ └UploadOptions: DataPartitionUploadOptions │ ├[+] type DataPartitionStorageOptions │ │ ├ name: DataPartitionStorageOptions │ │ └ properties │ │ ├MaximumSize: StorageMaximumSize (required) │ │ ├MinimumTimeToLive: StorageMinimumTimeToLive (required) │ │ └StorageLocation: string (required) │ ├[+] type DataPartitionUploadOptions │ │ ├ name: DataPartitionUploadOptions │ │ └ properties │ │ ├Expression: string (required) │ │ └ConditionLanguageVersion: integer │ ├[~] type SignalInformation │ │ └ properties │ │ └[+] DataPartitionId: string │ ├[+] type StorageMaximumSize │ │ ├ name: StorageMaximumSize │ │ └ properties │ │ ├Unit: string (required) │ │ └Value: integer (required) │ └[+] type StorageMinimumTimeToLive │ ├ name: StorageMinimumTimeToLive │ └ properties │ ├Unit: string (required) │ └Value: integer (required) ├[~] service aws-iotsitewise │ └ resources │ └[~] resource AWS::IoTSiteWise::Dashboard │ └ properties │ └ DashboardDefinition: (documentation changed) ├[~] service aws-ivs │ └ resources │ └[+] resource AWS::IVS::IngestConfiguration │ ├ name: IngestConfiguration │ │ cloudFormationType: AWS::IVS::IngestConfiguration │ │ documentation: Resource Type definition for AWS::IVS::IngestConfiguration │ │ tagInformation: {"tagPropertyName":"Tags","variant":"standard"} │ ├ properties │ │ ├Name: string (default="-", immutable) │ │ ├StageArn: string (default="") │ │ ├IngestProtocol: string (default="RTMPS", immutable) │ │ ├InsecureIngest: boolean (default=false, immutable) │ │ ├UserId: string (immutable) │ │ └Tags: Array<tag> │ └ attributes │ ├Arn: string │ ├ParticipantId: string │ ├StreamKey: string │ └State: string (default="INACTIVE") ├[~] service aws-kinesisfirehose │ └ resources │ └[~] resource AWS::KinesisFirehose::DeliveryStream │ ├ properties │ │ ├ DatabaseSourceConfiguration: (documentation changed) │ │ └ Tags: (documentation changed) │ └ types │ ├[~] type DatabaseSourceAuthenticationConfiguration │ │ └ - documentation: undefined │ │ + documentation: The structure to configure the authentication methods for Firehose to connect to source database endpoint. │ │ Amazon Data Firehose is in preview release and is subject to change. │ ├[~] type DatabaseSourceConfiguration │ │ ├ - documentation: undefined │ │ │ + documentation: The top level object for configuring streams with database as a source. │ │ │ Amazon Data Firehose is in preview release and is subject to change. │ │ └ properties │ │ ├ Columns: (documentation changed) │ │ ├ Databases: (documentation changed) │ │ ├ DatabaseSourceAuthenticationConfiguration: (documentation changed) │ │ ├ DatabaseSourceVPCConfiguration: (documentation changed) │ │ ├ Endpoint: (documentation changed) │ │ ├ Port: (documentation changed) │ │ ├ SnapshotWatermarkTable: (documentation changed) │ │ ├ SSLMode: (documentation changed) │ │ ├ SurrogateKeys: (documentation changed) │ │ ├ Tables: (documentation changed) │ │ └ Type: (documentation changed) │ └[~] type DatabaseSourceVPCConfiguration │ ├ - documentation: undefined │ │ + documentation: The structure for details of the VPC Endpoint Service which Firehose uses to create a PrivateLink to the database. │ │ Amazon Data Firehose is in preview release and is subject to change. │ └ properties │ └ VpcEndpointServiceName: (documentation changed) ├[~] service aws-lambda │ └ resources │ └[~] resource AWS::Lambda::EventSourceMapping │ ├ properties │ │ └[+] MetricsConfig: MetricsConfig │ └ types │ └[+] type MetricsConfig │ ├ name: MetricsConfig │ └ properties │ └Metrics: Array<string> ├[+] service aws-rbin │ ├ capitalized: Rbin │ │ cloudFormationNamespace: AWS::Rbin │ │ name: aws-rbin │ │ shortName: rbin │ └ resources │ └resource AWS::Rbin::Rule │ ├ name: Rule │ │ cloudFormationType: AWS::Rbin::Rule │ │ documentation: Resource Type definition for AWS::Rbin::Rule │ │ tagInformation: {"tagPropertyName":"Tags","variant":"standard"} │ ├ properties │ │ ├Description: string │ │ ├ResourceTags: Array<ResourceTag> │ │ ├ExcludeResourceTags: Array<ResourceTag> │ │ ├ResourceType: string (required, immutable) │ │ ├Tags: Array<tag> │ │ ├RetentionPeriod: RetentionPeriod (required) │ │ ├Status: string │ │ └LockConfiguration: UnlockDelay │ ├ attributes │ │ ├Arn: string │ │ ├Identifier: string │ │ └LockState: string │ └ types │ ├type ResourceTag │ │├ documentation: The resource tag of the rule. │ ││ name: ResourceTag │ │└ properties │ │ ├ResourceTagKey: string (required) │ │ └ResourceTagValue: string (required) │ ├type RetentionPeriod │ │├ documentation: The retention period of the rule. │ ││ name: RetentionPeriod │ │└ properties │ │ ├RetentionPeriodValue: integer (required) │ │ └RetentionPeriodUnit: string (required) │ └type UnlockDelay │ ├ name: UnlockDelay │ └ properties │ ├UnlockDelayValue: integer │ └UnlockDelayUnit: string ├[~] service aws-rds │ └ resources │ └[~] resource AWS::RDS::GlobalCluster │ ├ properties │ │ └[+] GlobalEndpoint: GlobalEndpoint │ └ types │ └[+] type GlobalEndpoint │ ├ name: GlobalEndpoint │ └ properties │ └Address: string ├[~] service aws-redshiftserverless │ └ resources │ └[~] resource AWS::RedshiftServerless::Namespace │ └ - tagInformation: undefined │ + tagInformation: {"tagPropertyName":"Tags","variant":"standard"} ├[~] service aws-route53resolver │ └ resources │ └[~] resource AWS::Route53Resolver::FirewallRuleGroup │ └ types │ └[~] type FirewallRule │ └ properties │ ├[+] ConfidenceThreshold: string │ ├[+] DnsThreatProtection: string │ ├ FirewallDomainListId: - string (required) │ │ + string │ └[+] FirewallThreatProtectionId: string ├[~] service aws-sagemaker │ └ resources │ └[~] resource AWS::SageMaker::Cluster │ └ types │ └[~] type ClusterInstanceGroup │ └ properties │ └[+] OverrideVpcConfig: VpcConfig (immutable) ├[~] service aws-synthetics │ └ resources │ └[~] resource AWS::Synthetics::Canary │ └ properties │ └[+] ProvisionedResourceCleanup: string ├[~] service aws-vpclattice │ └ resources │ └[~] resource AWS::VpcLattice::ServiceNetwork │ ├ properties │ │ └[+] SharingConfig: SharingConfig │ └ types │ └[+] type SharingConfig │ ├ name: SharingConfig │ └ properties │ └enabled: boolean (required) └[~] service aws-wisdom └ resources ├[~] resource AWS::Wisdom::AIAgentVersion │ └ attributes │ ├ AIAgentArn: (documentation changed) │ └ AssistantArn: (documentation changed) ├[~] resource AWS::Wisdom::AIPromptVersion │ └ attributes │ └ AssistantArn: (documentation changed) └[~] resource AWS::Wisdom::Assistant ├ - documentation: Creates an Amazon Q in Connect assistant. │ + documentation: Specifies an Amazon Connect Wisdom assistant. ├ properties │ ├ Description: (documentation changed) │ ├ Name: (documentation changed) │ └ ServerSideEncryptionConfiguration: (documentation changed) └ attributes └ AssistantId: (documentation changed) ```
### Reason for this change
I often create a custom construct for a WAF only. I also create resources (such as API Gateway, ALB, etc...) that attach the WAF in separate constructs. Instead of attaching the WAF in the target resource's construct, I create a method for attaching it in the WAF's construct.
In this way, the constructs can be loosely coupled, and the target resource's constructs can be more simply. The WAF can also be attached to multiple resources at once later.
```ts
export class Waf extends Construct {
public readonly webAcl: CfnWebACL;
constructor(scope: Construct, id: string, props: WafProps) {
super(scope, id);
this.webAcl = new CfnWebACL(this, 'WebAcl', {
// ...
},
});
public attachToRegionalResource(id: string, resourceArn: string) {
new CfnWebACLAssociation(this, `${id}Association`, {
resourceArn: resourceArn,
webAclArn: this.webAcl.attrArn,
});
}
}
const waf = new Waf(this, 'Waf', { /* props */ });
waf.attachToRegionalResource('A', resourceA);
waf.attachToRegionalResource('B', resourceB);
waf.attachToRegionalResource('C', resourceC);
```
However, when attaching a WAF to a CloudFront, the WAF attaching configuration needs to be defined through CloudFront props, rather than using CfnWebACLAssociation.
To do this with the above WAF construct, a method is needed to pass a pre-defined CloudFront and override the properties of that definition with an escape hatch. This is a bit complicated.
```ts
public attachToCloudFront(distribution: Distribution) {
// override the webAcl using escape hatch
}
```
In other words, it would be good if CloudFront also had a mechanism (like CfnWebACLAssociation) to attach WAF after defining resources.
This would allow WAF custom constructs to be more generic.
### Description of changes
Add `attachWebAclId` method for Distribution.
```ts
declare const bucketOrigin: origins.S3Origin;
declare const webAcl: wafv2.CfnWebACL;
const distribution = new cloudfront.Distribution(stack, 'Distribution', {
defaultBehavior: { origin: bucketOrigin },
});
distribution.attachWebAclId(webAcl.attrArn);
```
### Description of how you validated changes
Both of unit and integ tests.
### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)
----
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws-cdk-automation
added
auto-approve
pr/no-squash
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
aws-cdk-automation
requested a deployment
to
test-pipeline
GitHub Actions
Waiting
iliapolo
added
pr/do-not-merge
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be automatically updated and merged without squashing (do not update manually, and be sure to allow changes to be pushed to your fork). |
|
Comments on closed issues and PRs are hard for our team to see. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.