Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(release): 2.173.0 #32491

Merged
merged 35 commits into from
Dec 11, 2024
Merged

chore(release): 2.173.0 #32491

merged 35 commits into from
Dec 11, 2024

Conversation

aws-cdk-automation
Copy link
Collaborator

@aws-cdk-automation aws-cdk-automation commented Dec 11, 2024

See CHANGELOG

KuramaeNaputo and others added 30 commits December 6, 2024 10:45
)

### Issue # (if applicable)

Closes #32307 .

### Reason for this change
Enum SslPolicy doesn't have a TLS13_12.
When I try to add, it was failed caused by the value conflicts with the
exiting value `RECOMMENDED_TLS`.
But User will be confused. So I add a comment.

#32377 (comment)

### Description of changes

add comment to doc. 

### Description of how you validated changes

<!--Have you added any unit tests and/or integration tests?-->

### Checklist
- [x] My code adheres to the [CONTRIBUTING
GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and
[DESIGN
GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache-2.0 license*

---------

Co-authored-by: MasakiYamanaka <[email protected]>
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
### Issue # (if applicable)

N/A

### Reason for this change

Amazon Cognito introduces the feature plans which replaces the Advanced
Security Mode.
See:
https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-sign-in-feature-plans.html

Related to #32369 - passwordless sign-in requires Essentials or higher
feature plan.

### Description of changes

- Add new `featurePlan` property and `FeaturePlan` enum to specify user
pool feature plan.
- Deprecate `advancedSecurityMode` property and `AdvancedSecurityMode`
enum.

Note that the previous AWS document about Advanced Security Mode is now
redirected to [Advanced security with threat
protection](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-threat-protection.html).

### Description of how you validated changes

Added new unit tests and an integ test.

### Checklist
- [x] My code adheres to the [CONTRIBUTING
GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and
[DESIGN
GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache-2.0 license*

---------

Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
### Issue # (if applicable)

Closes #32127

### Reason for this change

New feature for DynamoDB

### Description of changes

Implemented warm throughput for Table and TableV2

### Description of how you validated changes

Unit + Integ tests

### Checklist
- [x] My code adheres to the [CONTRIBUTING
GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and
[DESIGN
GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache-2.0 license*

Co-authored-by: Lee Hannigan <[email protected]>
#32348)

Ref: [Amazon Bedrock now supports Rerank API to improve accuracy of RAG
applications](https://aws.amazon.com/about-aws/whats-new/2024/12/amazon-bedrock-rerank-api-accuracy-rag-applications/)

```sh
% aws bedrock get-foundation-model --model-identifier amazon.rerank-v1:0 --region us-west-2

{
    "modelDetails": {
        "modelArn": "arn:aws:bedrock:us-west-2::foundation-model/amazon.rerank-v1:0",
        "modelId": "amazon.rerank-v1:0",
        "modelName": "Rerank 1.0",
        "providerName": "Amazon",
        "inputModalities": [
            "TEXT"
        ],
        "outputModalities": [


% aws bedrock get-foundation-model --model-identifier cohere.rerank-v3-5:0 --region us-west-2

{
    "modelDetails": {
        "modelArn": "arn:aws:bedrock:us-west-2::foundation-model/cohere.rerank-v3-5:0",
        "modelId": "cohere.rerank-v3-5:0",
        "modelName": "Rerank 3.5",
        "providerName": "Cohere",
        "inputModalities": [
            "TEXT"
```

### Checklist
- [x] My code adheres to the [CONTRIBUTING
GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and
[DESIGN
GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache-2.0 license*

Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
### Issue # (if applicable)

None

### Reason for this change

Some interface VPC endpoints are newly added.

### Description of changes

Add 3 interface VPC endpoints
- s3tables
- sagemaker-data-science-assistant'
- sagemaker-partner-app

### Description of how you validated changes

Executed AWS CLI:

```sh
$ aws ec2 describe-vpc-endpoint-services --filters Name=service-type,Values=Interface Name=owner,Values=amazon --region us-east-1 --query ServiceNames
    ...
    "aws.sagemaker.us-east-1.partner-app",
    ...
    "com.amazonaws.us-east-1.sagemaker-data-science-assistant",
    ...
    "com.amazonaws.us-east-1.s3tables",
```

### Checklist
- [x] My code adheres to the [CONTRIBUTING
GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and
[DESIGN
GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache-2.0 license*

---------

Co-authored-by: Jimmy Gaussen <[email protected]>
…#32232)

### Issue # (if applicable)

N/A

### Reason for this change
In [CFn docs](https://docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-serverlessv2scalingconfiguration.html#cfn-rds-dbcluster-serverlessv2scalingconfiguration-maxcapacity),  MaximumCapacity value must be higher than 0.5 ACUs.

```
The maximum capacity must be higher than 0.5 ACUs.
```

This means MaximumCapacity cannot be set to 0.5 ACUs. 
However, in the CDK, `serverlessV2MaxCapacity` can be set to 0.5, which is invalid.

When I attempted to deploy with `serverlessV2MaxCapacity` set to 0.5, I encountered the following error:
> CREATE_FAILED        | AWS::RDS::DBCluster                         | Integ-Cluster (IntegCluster4261F36F) Resource handler returned message: "Serverless v2 maximum capacity 0.5 isn't valid. The maximum capacity must be at least 1.0.

In the Management Console, Maximum Capacity cannot be set to 0.5.

<img width="854" alt="image" src="https://github.com/user-attachments/assets/37c127d8-cd5d-4e88-a699-dff7929a8b95">




### Description of changes
Fix a validation.



### Description of how you validated changes
Fix unit tests.


### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Reason for this change

logging tests would break when running `npx jest` but not when running `yarn test` as npx jest was not pulling out the ansi codes which were failing the string comparisons.

### Description of changes

Removed all the ansi codes from stdout in logging and log-monitor tests

### Description of how you validated changes

ran `npx jest` and `yarn test` as well as rebuilt the package

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable)

Relates to #32324 

### Reason for this change

Currently all errors are untyped. This makes it difficult users to programmatically distinguish between different classes of errors, e.g. what is a validation error vs what is a syntax error? With this change, users can catch errors and check their type before proceeding accordingly.

### Description of changes

Addition of a new Error type `ValidationError`. For now this error is used only in a single file. The intention is to extend this to all error cases. `ValidationError` extends an abstract `ConstructError` which also handles any improvements to error display.

`ConstructError` manipulates the stack trace to improve display. It's changing two things, both of which are based on a construct that is passed in on error creation. If not construct is passed, the error behaves as before.

1. Construct information is inserted as the first line of the stack trace.
2. The strack trace is captured from the point of _creation of the construct_. That is the class constructor call. This is achieved by passing the error's constructs into [Error.captureStackTrace](https://nodejs.org/docs/latest-v22.x/api/errors.html#errorcapturestacktracetargetobject-constructoropt). As a side effect, in many cases the "line of error" is not minified code anymore and thus doesn't ruin the error experience for users.

See comments for current vs future errors.

### Description of how you validated changes

Existing test. Manual testing of error cases.

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…k NLB (#32184)

### Issue # (if applicable)

None

### Reason for this change

NetworkListener has the validation that it does not create UDP listeners for dual-stack NLB.

However, dual-stack NLB now supports the creation of UDP listeners, and this validation is no longer required.

<https://aws.amazon.com/about-aws/whats-new/2024/10/aws-udp-privatelink-dual-stack-network-load-balancers/?nc1=h_ls>

### Description of changes

- Remove this validation from NetworkListener class.

```ts
    if (
      props.loadBalancer.ipAddressType === IpAddressType.DUAL_STACK &&
      (props.protocol === Protocol.UDP || props.protocol === Protocol.TCP_UDP)
    ) {
      throw new Error('UDP or TCP_UDP listeners cannot be added to a dualstack network load balancer.');
    }
```

- Add `enablePrefixIpv6SourceNat` to the `NetworkLoadbalancerProps`
  - It is essential to enable this parameter for UDP listener with dual-stack NLB.
  - ref: #32184 (comment)

### Description of how you validated changes

Add both unit and integ tests.

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec`

**L1 CloudFormation resource definition changes:**
```
├[~] service aws-amazonmq
│ └ resources
│    └[~] resource AWS::AmazonMQ::Configuration
│      └ properties
│         └ Data: - string (required)
│                 + string
├[~] service aws-apigateway
│ └ resources
│    ├[~] resource AWS::ApiGateway::BasePathMapping
│    │ └  - documentation: The `AWS::ApiGateway::BasePathMapping` resource creates a base path that clients who call your API must use in the invocation URL.
│    │    + documentation: The `AWS::ApiGateway::BasePathMapping` resource creates a base path that clients who call your API must use in the invocation URL. Supported only for public custom domain names.
│    ├[~] resource AWS::ApiGateway::BasePathMappingV2
│    │ ├  - documentation: Resource Type definition for AWS::ApiGateway::BasePathMappingV2
│    │ │  + documentation: The `AWS::ApiGateway::BasePathMappingV2` resource creates a base path that clients who call your API must use in the invocation URL. Supported only for private custom domain names.
│    │ └ properties
│    │    ├ BasePath: (documentation changed)
│    │    ├ DomainNameArn: (documentation changed)
│    │    ├ RestApiId: (documentation changed)
│    │    └ Stage: (documentation changed)
│    ├[~] resource AWS::ApiGateway::DomainName
│    │ ├  - documentation: The `AWS::ApiGateway::DomainName` resource specifies a custom domain name for your API in API Gateway.
│    │ │  You can use a custom domain name to provide a URL that's more intuitive and easier to recall. For more information about using custom domain names, see [Set up Custom Domain Name for an API in API Gateway](https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-custom-domains.html) in the *API Gateway Developer Guide* .
│    │ │  + documentation: The `AWS::ApiGateway::DomainName` resource specifies a public custom domain name for your API in API Gateway.
│    │ │  You can use a custom domain name to provide a URL that's more intuitive and easier to recall. For more information about using custom domain names, see [Set up Custom Domain Name for an API in API Gateway](https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-custom-domains.html) in the *API Gateway Developer Guide* .
│    │ └ properties
│    │    └ CertificateArn: (documentation changed)
│    ├[~] resource AWS::ApiGateway::DomainNameAccessAssociation
│    │ ├  - documentation: Resource Type definition for AWS::ApiGateway::DomainNameAccessAssociation.
│    │ │  + documentation: The `AWS::ApiGateway::DomainNameAccessAssociation` resource creates a domain name access association between an access association source and a private custom domain name.
│    │ │  Use a domain name access association to invoke a private custom domain name while isolated from the public internet.
│    │ │  You can only create or delete a DomainNameAccessAssociation using CloudFormation. To reject a domain name access association, use the AWS CLI.
│    │ ├ properties
│    │ │  ├ AccessAssociationSource: (documentation changed)
│    │ │  ├ AccessAssociationSourceType: (documentation changed)
│    │ │  ├ DomainNameArn: (documentation changed)
│    │ │  └ Tags: (documentation changed)
│    │ └ attributes
│    │    └ DomainNameAccessAssociationArn: (documentation changed)
│    └[~] resource AWS::ApiGateway::DomainNameV2
│      ├  - documentation: Resource Type definition for AWS::ApiGateway::DomainNameV2.
│      │  + documentation: The `AWS::ApiGateway::DomainNameV2` resource specifies a custom domain name for your private APIs in API Gateway. You can use a private custom domain name to provide a URL for your private API that's more intuitive and easier to recall.
│      ├ properties
│      │  ├ CertificateArn: (documentation changed)
│      │  ├ DomainName: (documentation changed)
│      │  ├ EndpointConfiguration: (documentation changed)
│      │  ├ Policy: (documentation changed)
│      │  ├ SecurityPolicy: (documentation changed)
│      │  └ Tags: (documentation changed)
│      ├ attributes
│      │  ├ DomainNameArn: (documentation changed)
│      │  └ DomainNameId: (documentation changed)
│      └ types
│         └[~] type EndpointConfiguration
│           ├  - documentation: undefined
│           │  + documentation: The endpoint configuration to indicate the types of endpoints an API (RestApi) or its custom domain name (DomainName) has.
│           └ properties
│              └ Types: (documentation changed)
├[~] service aws-applicationautoscaling
│ └ resources
│    └[~] resource AWS::ApplicationAutoScaling::ScalingPolicy
│      ├ properties
│      │  └ PredictiveScalingPolicyConfiguration: (documentation changed)
│      └ types
│         ├[~] type PredictiveScalingCustomizedCapacityMetric
│         │ ├  - documentation: undefined
│         │ │  + documentation: Represents a CloudWatch metric of your choosing for a predictive scaling policy.
│         │ └ properties
│         │    └ MetricDataQueries: (documentation changed)
│         ├[~] type PredictiveScalingCustomizedLoadMetric
│         │ └  - documentation: undefined
│         │    + documentation: The customized load metric specification.
│         ├[~] type PredictiveScalingCustomizedScalingMetric
│         │ └ properties
│         │    └ MetricDataQueries: (documentation changed)
│         ├[~] type PredictiveScalingMetric
│         │ ├  - documentation: undefined
│         │ │  + documentation: Describes the scaling metric.
│         │ └ properties
│         │    └ Dimensions: (documentation changed)
│         ├[~] type PredictiveScalingMetricDataQuery
│         │ ├  - documentation: undefined
│         │ │  + documentation: The metric data to return. Also defines whether this call is returning data for one metric only, or whether it is performing a math expression on the values of returned metric statistics to create a new time series. A time series is a series of data points, each of which is associated with a timestamp.
│         │ └ properties
│         │    ├ Expression: (documentation changed)
│         │    ├ Id: (documentation changed)
│         │    ├ MetricStat: (documentation changed)
│         │    └ ReturnData: (documentation changed)
│         ├[~] type PredictiveScalingMetricDimension
│         │ └  - documentation: undefined
│         │    + documentation: Describes the dimension of a metric.
│         ├[~] type PredictiveScalingMetricSpecification
│         │ ├  - documentation: undefined
│         │ │  + documentation: This structure specifies the metrics and target utilization settings for a predictive scaling policy.
│         │ │  You must specify either a metric pair, or a load metric and a scaling metric individually. Specifying a metric pair instead of individual metrics provides a simpler way to configure metrics for a scaling policy. You choose the metric pair, and the policy automatically knows the correct sum and average statistics to use for the load metric and the scaling metric.
│         │ └ properties
│         │    ├ CustomizedCapacityMetricSpecification: (documentation changed)
│         │    ├ CustomizedLoadMetricSpecification: (documentation changed)
│         │    ├ CustomizedScalingMetricSpecification: (documentation changed)
│         │    ├ PredefinedLoadMetricSpecification: (documentation changed)
│         │    ├ PredefinedMetricPairSpecification: (documentation changed)
│         │    ├ PredefinedScalingMetricSpecification: (documentation changed)
│         │    └ TargetValue: (documentation changed)
│         ├[~] type PredictiveScalingMetricStat
│         │ ├  - documentation: undefined
│         │ │  + documentation: This structure defines the CloudWatch metric to return, along with the statistic and unit.
│         │ └ properties
│         │    ├ Metric: (documentation changed)
│         │    ├ Stat: (documentation changed)
│         │    └ Unit: (documentation changed)
│         ├[~] type PredictiveScalingPolicyConfiguration
│         │ ├  - documentation: undefined
│         │ │  + documentation: Represents a predictive scaling policy configuration.
│         │ └ properties
│         │    ├ MaxCapacityBreachBehavior: (documentation changed)
│         │    ├ MaxCapacityBuffer: (documentation changed)
│         │    ├ MetricSpecifications: (documentation changed)
│         │    ├ Mode: (documentation changed)
│         │    └ SchedulingBufferTime: (documentation changed)
│         ├[~] type PredictiveScalingPredefinedLoadMetric
│         │ ├  - documentation: undefined
│         │ │  + documentation: Describes a load metric for a predictive scaling policy.
│         │ │  When returned in the output of `DescribePolicies` , it indicates that a predictive scaling policy uses individually specified load and scaling metrics instead of a metric pair.
│         │ └ properties
│         │    ├ PredefinedMetricType: (documentation changed)
│         │    └ ResourceLabel: (documentation changed)
│         ├[~] type PredictiveScalingPredefinedMetricPair
│         │ ├  - documentation: undefined
│         │ │  + documentation: Represents a metric pair for a predictive scaling policy.
│         │ └ properties
│         │    ├ PredefinedMetricType: (documentation changed)
│         │    └ ResourceLabel: (documentation changed)
│         └[~] type PredictiveScalingPredefinedScalingMetric
│           ├  - documentation: undefined
│           │  + documentation: Describes a scaling metric for a predictive scaling policy.
│           │  When returned in the output of `DescribePolicies` , it indicates that a predictive scaling policy uses individually specified load and scaling metrics instead of a metric pair.
│           └ properties
│              ├ PredefinedMetricType: (documentation changed)
│              └ ResourceLabel: (documentation changed)
├[~] service aws-appsync
│ └ resources
│    └[~] resource AWS::AppSync::DataSource
│      └ properties
│         └ Type: (documentation changed)
├[~] service aws-autoscaling
│ └ resources
│    └[~] resource AWS::AutoScaling::ScalingPolicy
│      └ types
│         ├[~] type CustomizedMetricSpecification
│         │ └ properties
│         │    └ Period: (documentation changed)
│         ├[~] type TargetTrackingMetricDataQuery
│         │ └ properties
│         │    └ Period: (documentation changed)
│         └[~] type TargetTrackingMetricStat
│           └ properties
│              └ Period: (documentation changed)
├[~] service aws-bedrock
│ └ resources
│    ├[~] resource AWS::Bedrock::Agent
│    │ └ types
│    │    ├[~] type ActionGroupExecutor
│    │    │ └ properties
│    │    │    └ CustomControl: (documentation changed)
│    │    ├[~] type AgentActionGroup
│    │    │ ├  - documentation: Contains details about an action group.
│    │    │ │  + documentation: Contains details of the inline agent's action group.
│    │    │ └ properties
│    │    │    ├ ApiSchema: (documentation changed)
│    │    │    ├ Description: (documentation changed)
│    │    │    └ FunctionSchema: (documentation changed)
│    │    ├[~] type APISchema
│    │    │ ├  - documentation: Contains details about the OpenAPI schema for the action group. For more information, see [Action group OpenAPI schemas](https://docs.aws.amazon.com/bedrock/latest/userguide/agents-api-schema.html) . You can either include the schema directly in the `payload` field or you can upload it to an S3 bucket and specify the S3 bucket location in the `s3` field.
│    │    │ │  + documentation: Contains details about the OpenAPI schema for the action group. For more information, see [Action group OpenAPI schemas](https://docs.aws.amazon.com//bedrock/latest/userguide/agents-api-schema.html) . You can either include the schema directly in the payload field or you can upload it to an S3 bucket and specify the S3 bucket location in the s3 field.
│    │    │ └ properties
│    │    │    ├ Payload: (documentation changed)
│    │    │    └ S3: (documentation changed)
│    │    ├[~] type FunctionSchema
│    │    │ └  - documentation: Defines functions that each define parameters that the agent needs to invoke from the user. Each function represents an action in an action group.
│    │    │    This data type is used in the following API operations:
│    │    │    - [CreateAgentActionGroup request](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_CreateAgentActionGroup.html#API_agent_CreateAgentActionGroup_RequestSyntax)
│    │    │    - [CreateAgentActionGroup response](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_CreateAgentActionGroup.html#API_agent_CreateAgentActionGroup_ResponseSyntax)
│    │    │    - [UpdateAgentActionGroup request](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_UpdateAgentActionGroup.html#API_agent_UpdateAgentActionGroup_RequestSyntax)
│    │    │    - [UpdateAgentActionGroup response](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_UpdateAgentActionGroup.html#API_agent_UpdateAgentActionGroup_ResponseSyntax)
│    │    │    - [GetAgentActionGroup response](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_GetAgentActionGroup.html#API_agent_GetAgentActionGroup_ResponseSyntax)
│    │    │    + documentation: Contains details about the function schema for the action group or the JSON or YAML-formatted payload defining the schema.
│    │    ├[~] type ParameterDetail
│    │    │ └  - documentation: Contains details about a parameter in a function for an action group.
│    │    │    This data type is used in the following API operations:
│    │    │    - [CreateAgentActionGroup request](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_CreateAgentActionGroup.html#API_agent_CreateAgentActionGroup_RequestSyntax)
│    │    │    - [CreateAgentActionGroup response](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_CreateAgentActionGroup.html#API_agent_CreateAgentActionGroup_ResponseSyntax)
│    │    │    - [UpdateAgentActionGroup request](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_UpdateAgentActionGroup.html#API_agent_UpdateAgentActionGroup_RequestSyntax)
│    │    │    - [UpdateAgentActionGroup response](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_UpdateAgentActionGroup.html#API_agent_UpdateAgentActionGroup_ResponseSyntax)
│    │    │    - [GetAgentActionGroup response](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_GetAgentActionGroup.html#API_agent_GetAgentActionGroup_ResponseSyntax)
│    │    │    + documentation: Contains details about a parameter in a function for an action group.
│    │    └[~] type PromptConfiguration
│    │      └ properties
│    │         └ PromptState: (documentation changed)
│    └[~] resource AWS::Bedrock::KnowledgeBase
│      ├ properties
│      │  └ Description: (documentation changed)
│      └ attributes
│         └ KnowledgeBaseId: (documentation changed)
├[~] service aws-chatbot
│ └ resources
│    ├[~] resource AWS::Chatbot::CustomAction
│    │ ├  - documentation: Definition of AWS::Chatbot::CustomAction Resource Type
│    │ │  + documentation: The `AWS::Chatbot::CustomAction` resource creates a custom action that can be invoked as an alias or as a button on a notification.
│    │ ├ properties
│    │ │  ├ ActionName: (documentation changed)
│    │ │  ├ AliasName: (documentation changed)
│    │ │  ├ Attachments: (documentation changed)
│    │ │  ├ Definition: (documentation changed)
│    │ │  └ Tags: (documentation changed)
│    │ ├ attributes
│    │ │  └ CustomActionArn: (documentation changed)
│    │ └ types
│    │    ├[~] type CustomActionAttachment
│    │    │ ├  - documentation: undefined
│    │    │ │  + documentation: Defines when a custom action button should be attached to a notification.
│    │    │ └ properties
│    │    │    ├ ButtonText: (documentation changed)
│    │    │    ├ Criteria: (documentation changed)
│    │    │    ├ NotificationType: (documentation changed)
│    │    │    └ Variables: (documentation changed)
│    │    ├[~] type CustomActionAttachmentCriteria
│    │    │ ├  - documentation: undefined
│    │    │ │  + documentation: A criteria for when a button should be shown based on values in the notification.
│    │    │ └ properties
│    │    │    ├ Operator: (documentation changed)
│    │    │    ├ Value: (documentation changed)
│    │    │    └ VariableName: (documentation changed)
│    │    └[~] type CustomActionDefinition
│    │      ├  - documentation: undefined
│    │      │  + documentation: The definition of the command to run when invoked as an alias or as an action button.
│    │      └ properties
│    │         └ CommandText: (documentation changed)
│    ├[~] resource AWS::Chatbot::MicrosoftTeamsChannelConfiguration
│    │ ├ properties
│    │ │  └ CustomizationResourceArns: (documentation changed)
│    │ └ attributes
│    │    └ Arn: (documentation changed)
│    └[~] resource AWS::Chatbot::SlackChannelConfiguration
│      ├ properties
│      │  └ CustomizationResourceArns: (documentation changed)
│      └ attributes
│         └ Arn: (documentation changed)
├[~] service aws-cleanrooms
│ └ resources
│    └[~] resource AWS::CleanRooms::ConfiguredTable
│      ├ properties
│      │  └ TableReference: (documentation changed)
│      └ types
│         └[~] type TableReference
│           └  - documentation: A pointer to the dataset that underlies this table. Currently, this can only be an AWS Glue table.
│              + documentation: A pointer to the dataset that underlies this table.
├[~] service aws-cloudfront
│ └ resources
│    └[~] resource AWS::CloudFront::Distribution
│      └ types
│         └[~] type OriginGroup
│           └  - documentation: An origin group includes two origins (a primary origin and a second origin to failover to) and a failover criteria that you specify. You create an origin group to support origin failover in CloudFront. When you create or update a distribution, you can specify the origin group instead of a single origin, and CloudFront will failover from the primary origin to the second origin under the failover conditions that you've chosen.
│              + documentation: An origin group includes two origins (a primary origin and a secondary origin to failover to) and a failover criteria that you specify. You create an origin group to support origin failover in CloudFront. When you create or update a distribution, you can specify the origin group instead of a single origin, and CloudFront will failover from the primary origin to the secondary origin under the failover conditions that you've chosen.
│              Optionally, you can choose selection criteria for your origin group to specify how your origins are selected when your distribution routes viewer requests.
├[~] service aws-cloudtrail
│ └ resources
│    ├[~] resource AWS::CloudTrail::Dashboard
│    │ ├  - documentation: The Amazon CloudTrail dashboard resource allows customers to manage managed dashboards and create custom dashboards. You can manually refresh custom and managed dashboards. For custom dashboards, you can also set up an automatic refresh schedule and modify dashboard widgets.
│    │ │  + documentation: Creates a custom dashboard or the Highlights dashboard.
│    │ │  - *Custom dashboards* - Custom dashboards allow you to query events in any event data store type. You can add up to 10 widgets to a custom dashboard. You can manually refresh a custom dashboard, or you can set a refresh schedule.
│    │ │  - *Highlights dashboard* - You can create the Highlights dashboard to see a summary of key user activities and API usage across all your event data stores. CloudTrail Lake manages the Highlights dashboard and refreshes the dashboard every 6 hours. To create the Highlights dashboard, you must set and enable a refresh schedule.
│    │ │  CloudTrail runs queries to populate the dashboard's widgets during a manual or scheduled refresh. CloudTrail must be granted permissions to run the `StartQuery` operation on your behalf. To provide permissions, run the `PutResourcePolicy` operation to attach a resource-based policy to each event data store. For more information, see [Example: Allow CloudTrail to run queries to populate a dashboard](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/security_iam_resource-based-policy-examples.html#security_iam_resource-based-policy-examples-eds-dashboard) in the *AWS CloudTrail User Guide* .
│    │ │  To set a refresh schedule, CloudTrail must be granted permissions to run the `StartDashboardRefresh` operation to refresh the dashboard on your behalf. To provide permissions, run the `PutResourcePolicy` operation to attach a resource-based policy to the dashboard. For more information, see [Resource-based policy example for a dashboard](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/security_iam_resource-based-policy-examples.html#security_iam_resource-based-policy-examples-dashboards) in the *AWS CloudTrail User Guide* .
│    │ │  For more information about dashboards, see [CloudTrail Lake dashboards](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/lake-dashboard.html) in the *AWS CloudTrail User Guide* .
│    │ ├ properties
│    │ │  ├ Name: (documentation changed)
│    │ │  ├ RefreshSchedule: (documentation changed)
│    │ │  ├ Tags: (documentation changed)
│    │ │  ├ TerminationProtectionEnabled: (documentation changed)
│    │ │  └ Widgets: (documentation changed)
│    │ ├ attributes
│    │ │  ├ CreatedTimestamp: (documentation changed)
│    │ │  ├ DashboardArn: (documentation changed)
│    │ │  ├ Status: (documentation changed)
│    │ │  ├ Type: (documentation changed)
│    │ │  └ UpdatedTimestamp: (documentation changed)
│    │ └ types
│    │    ├[~] type Frequency
│    │    │ ├  - documentation: undefined
│    │    │ │  + documentation: Specifies the frequency for a dashboard refresh schedule.
│    │    │ │  For a custom dashboard, you can schedule a refresh for every 1, 6, 12, or 24 hours, or every day.
│    │    │ └ properties
│    │    │    ├ Unit: (documentation changed)
│    │    │    └ Value: (documentation changed)
│    │    ├[~] type RefreshSchedule
│    │    │ ├  - documentation: Configures the automatic refresh schedule for the dashboard. Includes the frequency unit (DAYS or HOURS) and value, as well as the status (ENABLED or DISABLED) of the refresh schedule.
│    │    │ │  + documentation: The schedule for a dashboard refresh.
│    │    │ └ properties
│    │    │    ├ Frequency: (documentation changed)
│    │    │    ├ Status: (documentation changed)
│    │    │    └ TimeOfDay: (documentation changed)
│    │    └[~] type Widget
│    │      ├  - documentation: The dashboard widget
│    │      │  + documentation: Contains information about a widget on a CloudTrail Lake dashboard.
│    │      └ properties
│    │         ├ QueryParameters: (documentation changed)
│    │         ├ QueryStatement: (documentation changed)
│    │         └ ViewProperties: (documentation changed)
│    └[~] resource AWS::CloudTrail::ResourcePolicy
│      ├  - documentation: Attaches a resource-based permission policy to a CloudTrail channel that is used for an integration with an event source outside of AWS . For more information about resource-based policies, see [CloudTrail resource-based policy examples](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/security_iam_resource-based-policy-examples.html) in the *CloudTrail User Guide* .
│      │  + documentation: Attaches a resource-based permission policy to a CloudTrail event data store, dashboard, or channel. For more information about resource-based policies, see [CloudTrail resource-based policy examples](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/security_iam_resource-based-policy-examples.html) in the *CloudTrail User Guide* .
│      └ properties
│         ├ ResourceArn: (documentation changed)
│         └ ResourcePolicy: (documentation changed)
├[~] service aws-codebuild
│ └ resources
│    └[~] resource AWS::CodeBuild::Project
│      └ properties
│         └[+] AutoRetryLimit: integer
├[~] service aws-codepipeline
│ └ resources
│    └[~] resource AWS::CodePipeline::Pipeline
│      └ types
│         ├[~] type Condition
│         │ └  - documentation: The condition for the stage. A condition is made up of the rules and the result for the condition.
│         │    + documentation: The condition for the stage. A condition is made up of the rules and the result for the condition. For more information about conditions, see [Stage conditions](https://docs.aws.amazon.com/codepipeline/latest/userguide/stage-conditions.html) . For more information about rules, see the [AWS CodePipeline rule reference](https://docs.aws.amazon.com/codepipeline/latest/userguide/rule-reference.html) .
│         └[~] type RuleDeclaration
│           ├  - documentation: Represents information about the rule to be created for an associated condition. An example would be creating a new rule for an entry condition, such as a rule that checks for a test result before allowing the run to enter the deployment stage.
│           │  + documentation: Represents information about the rule to be created for an associated condition. An example would be creating a new rule for an entry condition, such as a rule that checks for a test result before allowing the run to enter the deployment stage. For more information about conditions, see [Stage conditions](https://docs.aws.amazon.com/codepipeline/latest/userguide/stage-conditions.html) . For more information about rules, see the [AWS CodePipeline rule reference](https://docs.aws.amazon.com/codepipeline/latest/userguide/rule-reference.html) .
│           └ properties
│              └ Name: (documentation changed)
├[~] service aws-cognito
│ └ resources
│    ├[~] resource AWS::Cognito::ManagedLoginBranding
│    │ ├  - documentation: Resource Type definition for AWS::Cognito::ManagedLoginBranding
│    │ │  + documentation: Creates a new set of branding settings for a user pool style and associates it with an app client. This operation is the programmatic option for the creation of a new style in the branding designer.
│    │ │  Provides values for UI customization in a `Settings` JSON object and image files in an `Assets` array. To send the JSON object `Document` type parameter in `Settings` , you might need to update to the most recent version of your AWS SDK.
│    │ │  This operation has a 2-megabyte request-size limit and include the CSS settings and image assets for your app client. Your branding settings might exceed 2MB in size. Amazon Cognito doesn't require that you pass all parameters in one request and preserves existing style settings that you don't specify. If your request is larger than 2MB, separate it into multiple requests, each with a size smaller than the limit.
│    │ │  As a best practice, modify the output of [DescribeManagedLoginBrandingByClient](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeManagedLoginBrandingByClient.html) into the request parameters for this operation. To get all settings, set `ReturnMergedResources` to `true` . For more information, see [API and SDK operations for managed login branding](https://docs.aws.amazon.com/cognito/latest/developerguide/managed-login-brandingdesigner.html#branding-designer-api)
│    │ │  > Amazon Cognito evaluates AWS Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
│    │ │  > 
│    │ │  > **Learn more** - [Signing AWS API Requests](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html)
│    │ │  > - [Using the Amazon Cognito user pools API and user pool endpoints](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html)
│    │ ├ properties
│    │ │  ├ Assets: (documentation changed)
│    │ │  ├ Settings: (documentation changed)
│    │ │  ├ UseCognitoProvidedValues: (documentation changed)
│    │ │  └ UserPoolId: (documentation changed)
│    │ ├ attributes
│    │ │  └ ManagedLoginBrandingId: (documentation changed)
│    │ └ types
│    │    └[~] type AssetType
│    │      ├  - documentation: undefined
│    │      │  + documentation: An image file from a managed login branding style in a user pool.
│    │      │  This data type is a request parameter of [CreateManagedLoginBranding](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateManagedLoginBranding.html) and [UpdateManagedLoginBranding](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateManagedLoginBranding.html) , and a response parameter of [DescribeManagedLoginBranding](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeManagedLoginBranding.html) .
│    │      └ properties
│    │         ├ Bytes: (documentation changed)
│    │         ├ Category: (documentation changed)
│    │         ├ ColorMode: (documentation changed)
│    │         ├ Extension: (documentation changed)
│    │         └ ResourceId: (documentation changed)
│    ├[~] resource AWS::Cognito::UserPool
│    │ ├ properties
│    │ │  └ UserPoolTier: (documentation changed)
│    │ └ types
│    │    ├[~] type AdminCreateUserConfig
│    │    │ └ properties
│    │    │    └ InviteMessageTemplate: (documentation changed)
│    │    └[~] type InviteMessageTemplate
│    │      └  - documentation: The template for the welcome message to new users.
│    │         See also [Customizing User Invitation Messages](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-message-customizations.html#cognito-user-pool-settings-user-invitation-message-customization) .
│    │         + documentation: The template for the welcome message to new users. This template must include the `{####}` temporary password placeholder if you are creating users with passwords. If your users don't have passwords, you can omit the placeholder.
│    │         See also [Customizing User Invitation Messages](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-message-customizations.html#cognito-user-pool-settings-user-invitation-message-customization) .
│    ├[~] resource AWS::Cognito::UserPoolClient
│    │ └ properties
│    │    ├ EnablePropagateAdditionalUserContextData: (documentation changed)
│    │    ├ ExplicitAuthFlows: (documentation changed)
│    │    └ SupportedIdentityProviders: (documentation changed)
│    ├[~] resource AWS::Cognito::UserPoolDomain
│    │ └ properties
│    │    ├ CustomDomainConfig: (documentation changed)
│    │    └[+] ManagedLoginVersion: integer
│    └[~] resource AWS::Cognito::UserPoolUser
│      └ properties
│         └ UserAttributes: (documentation changed)
├[~] service aws-config
│ └ resources
│    └[~] resource AWS::Config::ConfigurationRecorder
│      ├ properties
│      │  └ RecordingMode: (documentation changed)
│      └ types
│         ├[~] type RecordingMode
│         │ └ properties
│         │    └ RecordingFrequency: (documentation changed)
│         └[~] type RecordingModeOverride
│           └ properties
│              └ ResourceTypes: (documentation changed)
├[~] service aws-connect
│ └ resources
│    ├[~] resource AWS::Connect::EmailAddress
│    │ ├  - documentation: Resource Type definition for AWS::Connect::EmailAddress
│    │ │  + documentation: Create new email address in the specified Amazon Connect instance. For more information about email addresses, see [Create email addresses](https://docs.aws.amazon.com/connect/latest/adminguide/create-email-address1.html) in the Amazon Connect Administrator Guide.
│    │ ├ properties
│    │ │  ├ Description: (documentation changed)
│    │ │  ├ DisplayName: (documentation changed)
│    │ │  ├ EmailAddress: (documentation changed)
│    │ │  └ InstanceArn: (documentation changed)
│    │ └ attributes
│    │    └ EmailAddressArn: (documentation changed)
│    └[~] resource AWS::Connect::PhoneNumber
│      └ properties
│         └ SourcePhoneNumberArn: (documentation changed)
├[~] service aws-connectcampaignsv2
│ └ resources
│    └[~] resource AWS::ConnectCampaignsV2::Campaign
│      ├  - documentation: Definition of AWS::ConnectCampaignsV2::Campaign Resource Type
│      │  + documentation: Creates an outbound campaign.
│      │  > - For users to be able to view or edit a campaign at a later date by using the Amazon Connect user interface, you must add the instance ID as a tag. For example, `{ "tags": {"owner": "arn:aws:connect:{REGION}:{AWS_ACCOUNT_ID}:instance/{CONNECT_INSTANCE_ID}"}}` .
│      │  > - After a campaign is created, you can't add/remove source.
│      ├ properties
│      │  ├ ChannelSubtypeConfig: (documentation changed)
│      │  ├ CommunicationLimitsOverride: (documentation changed)
│      │  ├ CommunicationTimeConfig: (documentation changed)
│      │  ├ ConnectCampaignFlowArn: (documentation changed)
│      │  ├ ConnectInstanceId: (documentation changed)
│      │  ├ Name: (documentation changed)
│      │  ├ Schedule: (documentation changed)
│      │  ├ Source: (documentation changed)
│      │  └ Tags: (documentation changed)
│      ├ attributes
│      │  └ Arn: (documentation changed)
│      └ types
│         ├[~] type AnswerMachineDetectionConfig
│         │ ├  - documentation: The configuration used for answering machine detection during outbound calls
│         │ │  + documentation: Contains answering machine detection configuration.
│         │ └ properties
│         │    ├ AwaitAnswerMachinePrompt: (documentation changed)
│         │    └ EnableAnswerMachineDetection: (documentation changed)
│         ├[~] type ChannelSubtypeConfig
│         │ ├  - documentation: The possible types of channel subtype config parameters
│         │ │  + documentation: Contains channel subtype configuration for an outbound campaign.
│         │ └ properties
│         │    ├ Email: (documentation changed)
│         │    ├ Sms: (documentation changed)
│         │    └ Telephony: (documentation changed)
│         ├[~] type CommunicationLimit
│         │ ├  - documentation: Communication Limit
│         │ │  + documentation: Contains information about a communication limit.
│         │ └ properties
│         │    ├ Frequency: (documentation changed)
│         │    ├ MaxCountPerRecipient: (documentation changed)
│         │    └ Unit: (documentation changed)
│         ├[~] type CommunicationLimits
│         │ ├  - documentation: Communication limits
│         │ │  + documentation: Contains information about communication limits.
│         │ └ properties
│         │    └ CommunicationLimitList: (documentation changed)
│         ├[~] type CommunicationLimitsConfig
│         │ ├  - documentation: Communication limits config
│         │ │  + documentation: Contains the communication limits configuration for an outbound campaign.
│         │ └ properties
│         │    └ AllChannelsSubtypes: (documentation changed)
│         ├[~] type CommunicationTimeConfig
│         │ ├  - documentation: Campaign communication time config
│         │ │  + documentation: Communication time configuration for an outbound campaign.
│         │ └ properties
│         │    ├ Email: (documentation changed)
│         │    ├ LocalTimeZoneConfig: (documentation changed)
│         │    ├ Sms: (documentation changed)
│         │    └ Telephony: (documentation changed)
│         ├[~] type DailyHour
│         │ ├  - documentation: Daily Hour
│         │ │  + documentation: The daily hours configuration.
│         │ └ properties
│         │    ├ Key: (documentation changed)
│         │    └ Value: (documentation changed)
│         ├[~] type EmailChannelSubtypeConfig
│         │ ├  - documentation: Email Channel Subtype config
│         │ │  + documentation: The configuration for the email channel subtype.
│         │ └ properties
│         │    ├ Capacity: (documentation changed)
│         │    ├ DefaultOutboundConfig: (documentation changed)
│         │    └ OutboundMode: (documentation changed)
│         ├[~] type EmailOutboundConfig
│         │ ├  - documentation: Default SMS outbound config
│         │ │  + documentation: The outbound configuration for email.
│         │ └ properties
│         │    ├ ConnectSourceEmailAddress: (documentation changed)
│         │    ├ SourceEmailAddressDisplayName: (documentation changed)
│         │    └ WisdomTemplateArn: (documentation changed)
│         ├[~] type EmailOutboundMode
│         │ ├  - documentation: Email Outbound Mode
│         │ │  + documentation: Contains information about email outbound mode.
│         │ └ properties
│         │    └ AgentlessConfig: (documentation changed)
│         ├[~] type LocalTimeZoneConfig
│         │ ├  - documentation: Local time zone config
│         │ │  + documentation: The configuration of timezone for recipient.
│         │ └ properties
│         │    ├ DefaultTimeZone: (documentation changed)
│         │    └ LocalTimeZoneDetection: (documentation changed)
│         ├[~] type OpenHours
│         │ ├  - documentation: Open Hours config
│         │ │  + documentation: Contains information about open hours.
│         │ └ properties
│         │    └ DailyHours: (documentation changed)
│         ├[~] type PredictiveConfig
│         │ ├  - documentation: Predictive config
│         │ │  + documentation: Contains predictive outbound mode configuration.
│         │ └ properties
│         │    └ BandwidthAllocation: (documentation changed)
│         ├[~] type ProgressiveConfig
│         │ ├  - documentation: Progressive config
│         │ │  + documentation: Contains the progressive outbound mode configuration.
│         │ └ properties
│         │    └ BandwidthAllocation: (documentation changed)
│         ├[~] type RestrictedPeriod
│         │ ├  - documentation: Restricted period
│         │ │  + documentation: Contains information about a restricted period.
│         │ └ properties
│         │    ├ EndDate: (documentation changed)
│         │    ├ Name: (documentation changed)
│         │    └ StartDate: (documentation changed)
│         ├[~] type RestrictedPeriods
│         │ ├  - documentation: Restricted period config
│         │ │  + documentation: Contains information about restricted periods.
│         │ └ properties
│         │    └ RestrictedPeriodList: (documentation changed)
│         ├[~] type Schedule
│         │ ├  - documentation: Campaign schedule
│         │ │  + documentation: Contains the schedule configuration.
│         │ └ properties
│         │    ├ EndTime: (documentation changed)
│         │    ├ RefreshFrequency: (documentation changed)
│         │    └ StartTime: (documentation changed)
│         ├[~] type SmsChannelSubtypeConfig
│         │ ├  - documentation: SMS Channel Subtype config
│         │ │  + documentation: The configuration for the SMS channel subtype.
│         │ └ properties
│         │    ├ Capacity: (documentation changed)
│         │    ├ DefaultOutboundConfig: (documentation changed)
│         │    └ OutboundMode: (documentation changed)
│         ├[~] type SmsOutboundConfig
│         │ ├  - documentation: Default SMS outbound config
│         │ │  + documentation: The outbound configuration for SMS.
│         │ └ properties
│         │    ├ ConnectSourcePhoneNumberArn: (documentation changed)
│         │    └ WisdomTemplateArn: (documentation changed)
│         ├[~] type SmsOutboundMode
│         │ ├  - documentation: SMS Outbound Mode
│         │ │  + documentation: Contains information about the SMS outbound mode.
│         │ └ properties
│         │    └ AgentlessConfig: (documentation changed)
│         ├[~] type Source
│         │ ├  - documentation: The possible types of channel config parameters
│         │ │  + documentation: Contains source configuration.
│         │ └ properties
│         │    └ CustomerProfilesSegmentArn: (documentation changed)
│         ├[~] type TelephonyChannelSubtypeConfig
│         │ ├  - documentation: Telephony Channel Subtype config
│         │ │  + documentation: The configuration for the telephony channel subtype.
│         │ └ properties
│         │    ├ Capacity: (documentation changed)
│         │    ├ ConnectQueueId: (documentation changed)
│         │    ├ DefaultOutboundConfig: (documentation changed)
│         │    └ OutboundMode: (documentation changed)
│         ├[~] type TelephonyOutboundConfig
│         │ ├  - documentation: Default Telephone Outbound config
│         │ │  + documentation: The outbound configuration for telephony.
│         │ └ properties
│         │    ├ AnswerMachineDetectionConfig: (documentation changed)
│         │    ├ ConnectContactFlowId: (documentation changed)
│         │    └ ConnectSourcePhoneNumber: (documentation changed)
│         ├[~] type TelephonyOutboundMode
│         │ ├  - documentation: Telephony Outbound Mode
│         │ │  + documentation: Contains information about telephony outbound mode.
│         │ └ properties
│         │    ├ AgentlessConfig: (documentation changed)
│         │    ├ PredictiveConfig: (documentation changed)
│         │    └ ProgressiveConfig: (documentation changed)
│         ├[~] type TimeRange
│         │ ├  - documentation: Time range in 24 hour format
│         │ │  + documentation: Contains information about a time range.
│         │ └ properties
│         │    ├ EndTime: (documentation changed)
│         │    └ StartTime: (documentation changed)
│         └[~] type TimeWindow
│           ├  - documentation: Time window config
│           │  + documentation: Contains information about a time window.
│           └ properties
│              ├ OpenHours: (documentation changed)
│              └ RestrictedPeriods: (documentation changed)
├[~] service aws-docdb
│ └ resources
│    └[~] resource AWS::DocDB::DBCluster
│      ├ properties
│      │  └[+] ServerlessV2ScalingConfiguration: ServerlessV2ScalingConfiguration
│      └ types
│         └[+] type ServerlessV2ScalingConfiguration
│           ├  name: ServerlessV2ScalingConfiguration
│           └ properties
│              ├MinCapacity: number (required)
│              └MaxCapacity: number (required)
├[~] service aws-ec2
│ └ resources
│    ├[~] resource AWS::EC2::CapacityReservation
│    │ └ properties
│    │    ├ EndDate: (documentation changed)
│    │    ├ InstanceCount: (documentation changed)
│    │    ├ InstanceMatchCriteria: (documentation changed)
│    │    ├ InstanceType: (documentation changed)
│    │    ├ OutPostArn: (documentation changed)
│    │    └ PlacementGroupArn: (documentation changed)
│    ├[~] resource AWS::EC2::EC2Fleet
│    │ └ types
│    │    └[~] type InstanceRequirementsRequest
│    │      └ properties
│    │         └ CpuManufacturers: (documentation changed)
│    ├[~] resource AWS::EC2::LaunchTemplate
│    │ └ types
│    │    ├[~] type BaselinePerformanceFactors
│    │    │ ├  - documentation: undefined
│    │    │ │  + documentation: The baseline performance to consider, using an instance family as a baseline reference. The instance family establishes the lowest acceptable level of performance. Amazon EC2 uses this baseline to guide instance type selection, but there is no guarantee that the selected instance types will always exceed the baseline for every application.
│    │    │ │  Currently, this parameter only supports CPU performance as a baseline performance factor. For example, specifying `c6i` would use the CPU performance of the `c6i` family as the baseline reference.
│    │    │ └ properties
│    │    │    └ Cpu: (documentation changed)
│    │    ├[~] type CapacityReservationSpecification
│    │    │ └ properties
│    │    │    └ CapacityReservationPreference: (documentation changed)
│    │    └[~] type InstanceRequirements
│    │      └ properties
│    │         ├ BaselinePerformanceFactors: (documentation changed)
│    │         └ CpuManufacturers: (documentation changed)
│    ├[~] resource AWS::EC2::SpotFleet
│    │ └ types
│    │    └[~] type InstanceRequirementsRequest
│    │      └ properties
│    │         └ CpuManufacturers: (documentation changed)
│    ├[~] resource AWS::EC2::VPCBlockPublicAccessExclusion
│    │ ├  - documentation: Resource Type definition for AWS::EC2::VPCBlockPublicAccessExclusion.
│    │ │  + documentation: Create a VPC Block Public Access (BPA) exclusion. A VPC BPA exclusion is a mode that can be applied to a single VPC or subnet that exempts it from the account’s BPA mode and will allow bidirectional or egress-only access. You can create BPA exclusions for VPCs and subnets even when BPA is not enabled on the account to ensure that there is no traffic disruption to the exclusions when VPC BPA is turned on. To learn more about VPC BPA, see [Block public access to VPCs and subnets](https://docs.aws.amazon.com/vpc/latest/userguide/security-vpc-bpa.html) in the *Amazon VPC User Guide* .
│    │ ├ properties
│    │ │  ├ InternetGatewayExclusionMode: (documentation changed)
│    │ │  ├ SubnetId: (documentation changed)
│    │ │  └ VpcId: (documentation changed)
│    │ └ attributes
│    │    └ ExclusionId: (documentation changed)
│    └[~] resource AWS::EC2::VPCBlockPublicAccessOptions
│      ├  - documentation: Resource Type definition for AWS::EC2::VPCBlockPublicAccessOptions
│      │  + documentation: VPC Block Public Access (BPA) enables you to block resources in VPCs and subnets that you own in a Region from reaching or being reached from the internet through internet gateways and egress-only internet gateways. To learn more about VPC BPA, see [Block public access to VPCs and subnets](https://docs.aws.amazon.com/vpc/latest/userguide/security-vpc-bpa.html) in the *Amazon VPC User Guide* .
│      ├ properties
│      │  └ InternetGatewayBlockMode: (documentation changed)
│      └ attributes
│         └ AccountId: (documentation changed)
├[~] service aws-ecs
│ └ resources
│    ├[~] resource AWS::ECS::Cluster
│    │ ├ properties
│    │ │  └ ClusterSettings: (documentation changed)
│    │ └ types
│    │    └[~] type ClusterSettings
│    │      ├  - documentation: The settings to use when creating a cluster. This parameter is used to turn on CloudWatch Container Insights for a cluster.
│    │      │  + documentation: The settings to use when creating a cluster. This parameter is used to turn on CloudWatch Container Insights with enhanced observability or CloudWatch Container Insights for a cluster.
│    │      │  Container Insights with enhanced observability provides all the Container Insights metrics, plus additional task and container metrics. This version supports enhanced observability for Amazon ECS clusters using the Amazon EC2 and Fargate launch types. After you configure Container Insights with enhanced observability on Amazon ECS, Container Insights auto-collects detailed infrastructure telemetry from the cluster level down to the container level in your environment and displays these critical performance data in curated dashboards removing the heavy lifting in observability set-up.
│    │      │  For more information, see [Monitor Amazon ECS containers using Container Insights with enhanced observability](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cloudwatch-container-insights.html) in the *Amazon Elastic Container Service Developer Guide* .
│    │      └ properties
│    │         └ Value: (documentation changed)
│    ├[~] resource AWS::ECS::Service
│    │ └ types
│    │    └[~] type AwsVpcConfiguration
│    │      └ properties
│    │         └ AssignPublicIp: (documentation changed)
│    ├[~] resource AWS::ECS::TaskDefinition
│    │ └ types
│    │    └[~] type EphemeralStorage
│    │      └ properties
│    │         └ SizeInGiB: (documentation changed)
│    └[~] resource AWS::ECS::TaskSet
│      └ types
│         └[~] type AwsVpcConfiguration
│           └ properties
│              └ AssignPublicIp: (documentation changed)
├[~] service aws-eks
│ └ resources
│    └[~] resource AWS::EKS::Cluster
│      ├ properties
│      │  ├ ComputeConfig: (documentation changed)
│      │  ├ RemoteNetworkConfig: (documentation changed)
│      │  └ StorageConfig: (documentation changed)
│      └ types
│         ├[~] type BlockStorage
│         │ ├  - documentation: Todo: add description
│         │ │  + documentation: Indicates the current configuration of the block storage capability on your EKS Auto Mode cluster. For example, if the capability is enabled or disabled. If the block storage capability is enabled, EKS Auto Mode will create and delete EBS volumes in your AWS account. For more information, see EKS Auto Mode block storage capability in the EKS User Guide.
│         │ └ properties
│         │    └ Enabled: (documentation changed)
│         ├[~] type ElasticLoadBalancing
│         │ ├  - documentation: Todo: add description
│         │ │  + documentation: Indicates the current configuration of the load balancing capability on your EKS Auto Mode cluster. For example, if the capability is enabled or disabled. For more information, see EKS Auto Mode load balancing capability in the EKS User Guide.
│         │ └ properties
│         │    └ Enabled: (documentation changed)
│         ├[~] type RemoteNodeNetwork
│         │ ├  - documentation: Network configuration of nodes run on-premises with EKS Hybrid Nodes.
│         │ │  + documentation: A network CIDR that can contain hybrid nodes.
│         │ │  These CIDR blocks define the expected IP address range of the hybrid nodes that join the cluster. These blocks are typically determined by your network administrator.
│         │ │  Enter one or more IPv4 CIDR blocks in decimal dotted-quad notation (for example, `10.2.0.0/16` ).
│         │ │  It must satisfy the following requirements:
│         │ │  - Each block must be within an `IPv4` RFC-1918 network range. Minimum allowed size is /24, maximum allowed size is /8. Publicly-routable addresses aren't supported.
│         │ │  - Each block cannot overlap with the range of the VPC CIDR blocks for your EKS resources, or the block of the Kubernetes service IP range.
│         │ │  - Each block must have a route to the VPC that uses the VPC CIDR blocks, not public IPs or Elastic IPs. There are many options including AWS Transit Gateway , AWS Site-to-Site VPN , or AWS Direct Connect .
│         │ │  - Each host must allow outbound connection to the EKS cluster control plane on TCP ports `443` and `10250` .
│         │ │  - Each host must allow inbound connection from the EKS cluster control plane on TCP port 10250 for logs, exec and port-forward operations.
│         │ │  - Each host must allow TCP and UDP network connectivity to and from other hosts that are running `CoreDNS` on UDP port `53` for service and pod DNS names.
│         │ └ properties
│         │    └ Cidrs: (documentation changed)
│         └[~] type RemotePodNetwork
│           ├  - documentation: Network configuration of pods run on-premises with EKS Hybrid Nodes.
│           │  + documentation: A network CIDR that can contain pods that run Kubernetes webhooks on hybrid nodes.
│           │  These CIDR blocks are determined by configuring your Container Network Interface (CNI) plugin. We recommend the Calico CNI or Cilium CNI. Note that the Amazon VPC CNI plugin for Kubernetes isn't available for on-premises and edge locations.
│           │  Enter one or more IPv4 CIDR blocks in decimal dotted-quad notation (for example, `10.2.0.0/16` ).
│           │  It must satisfy the following requirements:
│           │  - Each block must be within an `IPv4` RFC-1918 network range. Minimum allowed size is /24, maximum allowed size is /8. Publicly-routable addresses aren't supported.
│           │  - Each block cannot overlap with the range of the VPC CIDR blocks for your EKS resources, or the block of the Kubernetes service IP range.
│           └ properties
│              └ Cidrs: (documentation changed)
├[~] service aws-elasticache
│ └ resources
│    ├[~] resource AWS::ElastiCache::CacheCluster
│    │ └ properties
│    │    ├ IpDiscovery: (documentation changed)
│    │    └ NetworkType: (documentation changed)
│    ├[~] resource AWS::ElastiCache::ReplicationGroup
│    │ └ properties
│    │    ├ IpDiscovery: (documentation changed)
│    │    └ NetworkType: (documentation changed)
│    ├[~] resource AWS::ElastiCache::ServerlessCache
│    │ └ properties
│    │    ├ DailySnapshotTime: (documentation changed)
│    │    └ SnapshotRetentionLimit: (documentation changed)
│    └[~] resource AWS::ElastiCache::User
│      └ properties
│         └ Engine: (documentation changed)
├[~] service aws-elasticloadbalancingv2
│ └ resources
│    ├[~] resource AWS::ElasticLoadBalancingV2::Listener
│    │ └ types
│    │    ├[~] type ListenerAttribute
│    │    │ └ properties
│    │    │    └ Key: (documentation changed)
│    │    └[~] type MutualAuthentication
│    │      └ properties
│    │         └[+] AdvertiseTrustStoreCaNames: string
│    └[~] resource AWS::ElasticLoadBalancingV2::LoadBalancer
│      ├ properties
│      │  └ MinimumLoadBalancerCapacity: (documentation changed)
│      └ types
│         ├[~] type LoadBalancerAttribute
│         │ └ properties
│         │    └ Key: (documentation changed)
│         └[~] type MinimumLoadBalancerCapacity
│           ├  - documentation: undefined
│           │  + documentation: The minimum capacity for a load balancer.
│           └ properties
│              └ CapacityUnits: (documentation changed)
├[~] service aws-events
│ └ resources
│    ├[~] resource AWS::Events::Connection
│    │ ├  - documentation: Creates a connection. A connection defines the authorization type and credentials to use for authorization with an API destination HTTP endpoint.
│    │ │  + documentation: Creates a connection. A connection defines the authorization type and credentials to use for authorization with an API destination HTTP endpoint.
│    │ │  For more information, see [Connections for endpoint targets](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-target-connection.html) in the *Amazon EventBridge User Guide* .
│    │ ├ properties
│    │ │  └ AuthParameters: (documentation changed)
│    │ ├ attributes
│    │ │  ├ AuthParameters.ConnectivityParameters.ResourceParameters.ResourceAssociationArn: (documentation changed)
│    │ │  └ InvocationConnectivityParameters.ResourceParameters.ResourceAssociationArn: (documentation changed)
│    │ └ types
│    │    ├[~] type ApiKeyAuthParameters
│    │    │ └  - documentation: Contains the API key authorization parameters for the connection.
│    │    │    + documentation: The API key authorization parameters for the connection.
│    │    ├[~] type AuthParameters
│    │    │ └  - documentation: Contains the authorization parameters to use for the connection.
│    │    │    + documentation: Tthe authorization parameters to use for the connection.
│    │    ├[~] type BasicAuthParameters
│    │    │ └  - documentation: Contains the Basic authorization parameters for the connection.
│    │    │    + documentation: The Basic authorization parameters for the connection.
│    │    ├[~] type ClientParameters
│    │    │ └  - documentation: Contains the OAuth authorization parameters to use for the connection.
│    │    │    + documentation: The OAuth authorization parameters to use for the connection.
│    │    ├[~] type ConnectionHttpParameters
│    │    │ ├  - documentation: Contains additional parameters for the connection.
│    │    │ │  + documentation: Any additional parameters for the connection.
│    │    │ └ properties
│    │    │    ├ BodyParameters: (documentation changed)
│    │    │    ├ HeaderParameters: (documentation changed)
│    │    │    └ QueryStringParameters: (documentation changed)
│    │    ├[~] type OAuthParameters
│    │    │ └ properties
│    │    │    ├ ClientParameters: (documentation changed)
│    │    │    └ OAuthHttpParameters: (documentation changed)
│    │    ├[~] type Parameter
│    │    │ └  - documentation: Additional query string parameter for the connection. You can include up to 100 additional query string parameters per request. Each additional parameter counts towards the event payload size, which cannot exceed 64 KB.
│    │    │    + documentation: Any additional query string parameter for the connection. You can include up to 100 additional query string parameters per request. Each additional parameter counts towards the event payload size, which cannot exceed 64 KB.
│    │    └[~] type ResourceParameters
│    │      └ properties
│    │         └ ResourceAssociationArn: (documentation changed)
│    └[~] resource AWS::Events::Rule
│      └ types
│         └[~] type Target
│           └ properties
│              └ RetryPolicy: (documentation changed)
├[~] service aws-fsx
│ └ resources
│    ├[~] resource AWS::FSx::FileSystem
│    │ ├ properties
│    │ │  └ StorageType: (documentation changed)
│    │ └ types
│    │    ├[~] type LustreConfiguration
│    │    │ └ properties
│    │    │    └[+] EfaEnabled: boolean
│    │    ├[~] type OpenZFSConfiguration
│    │    │ └ properties
│    │    │    └[+] ReadCacheConfiguration: ReadCacheConfiguration
│    │    └[+] type ReadCacheConfiguration
│    │      ├  name: ReadCacheConfiguration
│    │      └ properties
│    │         ├SizingMode: string
│    │         └SizeGiB: integer
│    └[~] resource AWS::FSx::Volume
│      └ types
│         └[~] type OpenZFSConfiguration
│           └ properties
│              └ RecordSizeKiB: (documentation changed)
├[~] service aws-imagebuilder
│ └ resources
│    ├[~] resource AWS::ImageBuilder::ContainerRecipe
│    │ └ types
│    │    └[~] type TargetContainerRepository
│    │      └ properties
│    │         └ RepositoryName: (documentation changed)
│    ├[~] resource AWS::ImageBuilder::DistributionConfiguration
│    │ └ types
│    │    └[~] type TargetContainerRepository
│    │      └ properties
│    │         └ RepositoryName: (documentation changed)
│    ├[~] resource AWS::ImageBuilder::Image
│    │ └ types
│    │    └[~] type ImageTestsConfiguration
│    │      └ properties
│    │         └ TimeoutMinutes: (documentation changed)
│    └[~] resource AWS::ImageBuilder::ImagePipeline
│      └ types
│         └[~] type ImageTestsConfiguration
│           └ properties
│              └ TimeoutMinutes: (documentation changed)
├[+] service aws-invoicing
│ ├  capitalized: Invoicing
│ │  cloudFormationNamespace: AWS::Invoicing
│ │  name: aws-invoicing
│ │  shortName: invoicing
│ └ resources
│    └resource AWS::Invoicing::InvoiceUnit
│     ├  name: InvoiceUnit
│     │  cloudFormationType: AWS::Invoicing::InvoiceUnit
│     │  documentation: An invoice unit is a set of mutually exclusive accounts that correspond to your business entity. Invoice units allow you to separate AWS account costs and configures your invoice for each business entity.
│     │  tagInformation: {"tagPropertyName":"ResourceTags","variant":"standard"}
│     ├ properties
│     │  ├InvoiceReceiver: string (required, immutable)
│     │  ├Name: string (required, immutable)
│     │  ├Description: string
│     │  ├TaxInheritanceDisabled: boolean
│     │  ├Rule: Rule (required)
│     │  └ResourceTags: Array<ResourceTag>
│     ├ attributes
│     │  ├InvoiceUnitArn: string
│     │  └LastModified: number
│     └ types
│        ├type Rule
│        │├  name: Rule
│        │└ properties
│        │   └LinkedAccounts: Array<string> (required)
│        └type ResourceTag
│         ├  name: ResourceTag
│         └ properties
│            ├Key: string (required)
│            └Value: string (required)
├[~] service aws-iot
│ └ resources
│    └[~] resource AWS::IoT::ThingType
│      ├ properties
│      │  ├ DeprecateThingType: (documentation changed)
│      │  └ ThingTypeProperties: (documentation changed)
│      └ types
│         ├[~] type Mqtt5Configuration
│         │ ├  - documentation: undefined
│         │ │  + documentation: The configuration to add user-defined properties to enrich MQTT 5 messages.
│         │ └ properties
│         │    └ PropagatingAttributes: (documentation changed)
│         ├[~] type PropagatingAttribute
│         │ ├  - documentation: undefined
│         │ │  + documentation: An object that represents the connection attribute, the thing attribute, and the MQTT 5 user property key.
│         │ └ properties
│         │    ├ ConnectionAttribute: (documentation changed)
│         │    ├ ThingAttribute: (documentation changed)
│         │    └ UserPropertyKey: (documentation changed)
│         └[~] type ThingTypeProperties
│           └ properties
│              └ Mqtt5Configuration: (documentation changed)
├[~] service aws-iotfleetwise
│ └ resources
│    ├[~] resource AWS::IoTFleetWise::Campaign
│    │ ├  - documentation: Creates an orchestration of data collection rules. The AWS IoT FleetWise Edge Agent software running in vehicles uses campaigns to decide how to collect and transfer data to the cloud. You create campaigns in the cloud. After you or your team approve campaigns, AWS IoT FleetWise automatically deploys them to vehicles.
│    │ │  For more information, see [Collect and transfer data with campaigns](https://docs.aws.amazon.com/iot-fleetwise/latest/developerguide/campaigns.html) in the *AWS IoT FleetWise Developer Guide* .
│    │ │  + documentation: Creates an orchestration of data collection rules. The AWS IoT FleetWise Edge Agent software running in vehicles uses campaigns to decide how to collect and transfer data to the cloud. You create campaigns in the cloud. After you or your team approve campaigns, AWS IoT FleetWise automatically deploys them to vehicles.
│    │ │  For more information, see [Campaigns](https://docs.aws.amazon.com/iot-fleetwise/latest/developerguide/campaigns.html) in the *AWS IoT FleetWise Developer Guide* .
│    │ │  > Access to certain AWS IoT FleetWise features is currently gated. For more information, see [AWS Region and feature availability](https://docs.aws.amazon.com/iot-fleetwise/latest/developerguide/fleetwise-regions.html) in the *AWS IoT FleetWise Developer Guide* .
│    │ ├ properties
│    │ │  ├ Compression: (documentation changed)
│    │ │  ├ DataDestinationConfigs: (documentation changed)
│    │ │  ├ DataExtraDimensions: (documentation changed)
│    │ │  ├ DataPartitions: (documentation changed)
│    │ │  ├ Description: (documentation changed)
│    │ │  ├ DiagnosticsMode: (documentation changed)
│    │ │  ├ ExpiryTime: (documentation changed)
│    │ │  ├ PostTriggerCollectionDuration: (documentation changed)
│    │ │  ├ Priority: (documentation changed)
│    │ │  ├ SignalsToCollect: (documentation changed)
│    │ │  ├ SignalsToFetch: (documentation changed)
│    │ │  ├ SpoolingMode: (documentation changed)
│    │ │  ├ StartTime: (documentation changed)
│    │ │  └ Tags: (documentation changed)
│    │ └ types
│    │    ├[~] type CollectionScheme
│    │    │ └ properties
│    │    │    ├ ConditionBasedCollectionScheme: (documentation changed)
│    │    │    └ TimeBasedCollectionScheme: (documentation changed)
│    │    ├[~] type ConditionBasedCollectionScheme
│    │    │ └ properties
│    │    │    ├ ConditionLanguageVersion: (documentation changed)
│    │    │    ├ MinimumTriggerIntervalMs: (documentation changed)
│    │    │    └ TriggerMode: (documentation changed)
│    │    ├[~] type ConditionBasedSignalFetchConfig
│    │    │ ├  - documentation: undefined
│    │    │ │  + documentation: Specifies the condition under which a signal fetch occurs.
│    │    │ └ properties
│    │    │    ├ ConditionExpression: (documentation changed)
│    │    │    └ TriggerMode: (documentation changed)
│    │    ├[~] type DataDestinationConfig
│    │    │ └ properties
│    │    │    ├ MqttTopicConfig: (documentation changed)
│    │    │    ├ S3Config: (documentation changed)
│    │    │    └ TimestreamConfig: (documentation changed)
│    │    ├[~] type DataPartition
│    │    │ ├  - documentation: undefined
│    │    │ │  + documentation: The configuration for signal data storage and upload options. You can only specify these options when the campaign's spooling mode is `TO_DISK` .
│    │    │ │  > Access to certain AWS IoT FleetWise features is currently gated. For more information, see [AWS Region and feature availability](https://docs.aws.amazon.com/iot-fleetwise/latest/developerguide/fleetwise-regions.html) in the *AWS IoT FleetWise Developer Guide* .
│    │    │ └ properties
│    │    │    ├ Id: (documentation changed)
│    │    │    ├ StorageOptions: (documentation changed)
│    │    │    └ UploadOptions: (documentation changed)
│    │    ├[~] type DataPartitionStorageOptions
│    │    │ ├  - documentation: undefined
│    │    │ │  + documentation: Size, time, and location options for the data partition.
│    │    │ └ properties
│    │    │    ├ MaximumSize: (documentation changed)
│    │    │    ├ MinimumTimeToLive: (documentation changed)
│    │    │    └ StorageLocation: (documentation changed)
│    │    ├[~] type DataPartitionUploadOptions
│    │    │ ├  - documentation: undefined
│    │    │ │  + documentation: The upload options for the data partition. If upload options are specified, you must also specify storage options. See [DataPartitionStorageOptions](https://docs.aws.amazon.com/iot-fleetwise/latest/APIReference/API_Dat…
…dCount (#32387)

### Issue # (if applicable)

Closes #32365 .

### Reason for this change

There is no mention of `unHealthyThresholdCount` being the same with `healthyThresholdCount` in case of NLB in ELBV2 as stated in given docs - 

- cloudformation docs - https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-targetgroup.html#cfn-elasticloadbalancingv2-targetgroup-healthythresholdcount
- AWS Docs -https://docs.aws.amazon.com/elasticloadbalancing/latest/network/target-group-health-checks.html


### Description of changes

removed the in-line comment


### Checklist
- [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Fixes #32376

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…e or mixedInstancesPolicy throws unclear error (#32220)

### Issue #27586

Fixes #27586

The above issue is already marked as closed, but there is some discussion in it about an additional edge case that this pull request fixes.

### Reason for this change

When defining an AutoScalingGroup with both the `requireImdsv2` prop and the `launchTemplate` prop, the error message is not clear about the problem.

```
    // example asg definition
    const asg = new AutoScalingGroup(this, "myasg", {
      vpc,
      launchTemplate: lt,
      requireImdsv2: true,
    });
```

```
TypeError: Cannot read properties of undefined (reading 'node')
    at AutoScalingGroupRequireImdsv2Aspect.visit (~/git/cdkApp2/node_modules/aws-cdk-lib/aws-autoscaling/lib/aspects/require-imdsv2-aspect.js:1:715)
    at recurse (~/git/cdkApp2/node_modules/aws-cdk-lib/core/lib/private/synthesis.js:2:2236)
    at recurse (~/git/cdkApp2/node_modules/aws-cdk-lib/core/lib/private/synthesis.js:2:2600)
    at recurse (~/git/cdkApp2/node_modules/aws-cdk-lib/core/lib/private/synthesis.js:2:2600)
    at invokeAspects (~/git/cdkApp2/node_modules/aws-cdk-lib/core/lib/private/synthesis.js:2:1860)
    at synthesize (~/git/cdkApp2/node_modules/aws-cdk-lib/core/lib/private/synthesis.js:1:1473)
    at App.synth (~/git/cdkApp2/node_modules/aws-cdk-lib/core/lib/stage.js:1:2382)
    at process.<anonymous> (~/git/cdkApp2/node_modules/aws-cdk-lib/core/lib/app.js:1:1767)
    at Object.onceWrapper (node:events:632:26)
    at process.emit (node:events:517:28)
```

It is not clear from the error that `requireImdsv2` should be set in the provided launchTemplate itself rather than the AutoScalingGroup.

The error occurs because setting `requireImdsv2` on the AutoScalingGroup adds the aspect AutoScalingGroupRequireImdsv2Aspect to it, which expects there to be a child node called either `'LaunchConfig'` or `'LaunchTemplate'` depending on a feature flag. This child node is only set in the AutoScalingGroup when neither `launchTemplate` nor `mixedInstancesPolicy` props are provided.

### Description of changes

Add the `requireImdsv2` prop to the `verifyNoLaunchConfigPropIsGiven` method, which throws errors when certains props are set at the same time as `launchTemplate` or `mixedInstancesPolicy`.

### Description of how you validated changes

- Added a unit test
- Confirmed the new error message works in a sample cdk app

```
Error: Setting 'requireImdsv2' must not be set when 'launchTemplate' or 'mixedInstancesPolicy' is set
    at AutoScalingGroup.verifyNoLaunchConfigPropIsGiven (~/git/aws-cdk/packages/aws-cdk-lib/aws-autoscaling/lib/auto-scaling-group.ts:1762:13)
    at new AutoScalingGroup (~/git/aws-cdk/packages/aws-cdk-lib/aws-autoscaling/lib/auto-scaling-group.ts:1333:12)
    at new CdkAppStack (~/git/cdkApp/lib/cdk_app-stack.ts:31:17)
    at Object.<anonymous> (~/git/cdkApp/bin/cdk_app.ts:6:1)
    at Module._compile (node:internal/modules/cjs/loader:1256:14)
    at Module.m._compile (~/git/cdkApp/node_modules/ts-node/src/index.ts:1618:23)
    at Module._extensions..js (node:internal/modules/cjs/loader:1310:10)
    at Object.require.extensions.<computed> [as .ts] (~/git/cdkApp/node_modules/ts-node/src/index.ts:1621:12)
    at Module.load (node:internal/modules/cjs/loader:1119:32)
    at Function.Module._load (node:internal/modules/cjs/loader:960:12)
```

### Checklist
- [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
(description based on #30479)

### Reason for this change

Add support for newly supported 8.0.mysql_aurora.3.04.3.
https://docs.aws.amazon.com/AmazonRDS/latest/AuroraMySQLReleaseNotes/AuroraMySQL.Updates.3043.html

### Description of changes

Add a new version as a new property to AuroraMysqlEngineVersion class.

### Description of how you validated changes

I used the AWS CLI to verify that the new version is available.
```
aws rds describe-db-engine-versions --engine aurora-mysql --query "DBEngineVersions[?EngineVersion=='8.0.mysql_aurora.3.04.3']"
[
    {
        "Engine": "aurora-mysql",
        "EngineVersion": "8.0.mysql_aurora.3.04.3",
        "DBParameterGroupFamily": "aurora-mysql8.0",
        "DBEngineDescription": "Aurora MySQL",
        "DBEngineVersionDescription": "Aurora MySQL 3.04.3 (compatible with MySQL 8.0.28)",
        "ValidUpgradeTarget": [
            {
                "Engine": "aurora-mysql",
                "EngineVersion": "8.0.mysql_aurora.3.06.1",
                "Description": "Aurora MySQL 3.06.1 (compatible with MySQL 8.0.34)",
                "AutoUpgrade": false,
                "IsMajorVersionUpgrade": false,
                "SupportedEngineModes": [
                    "provisioned"
                ],
                "SupportsParallelQuery": true,
                "SupportsGlobalDatabases": true,
                "SupportsBabelfish": false,
                "SupportsLocalWriteForwarding": true
            },
            {
                "Engine": "aurora-mysql",
                "EngineVersion": "8.0.mysql_aurora.3.07.1",
                "Description": "Aurora MySQL 3.07.1 (compatible with MySQL 8.0.36)",
                "AutoUpgrade": false,
                "IsMajorVersionUpgrade": false,
                "SupportedEngineModes": [
                    "provisioned"
                ],
                "SupportsParallelQuery": true,
                "SupportsGlobalDatabases": true,
                "SupportsBabelfish": false,
                "SupportsLocalWriteForwarding": true
            },
            {
                "Engine": "aurora-mysql",
                "EngineVersion": "8.0.mysql_aurora.3.08.0",
                "Description": "Aurora MySQL 3.08.0 (compatible with MySQL 8.0.39)",
                "AutoUpgrade": false,
                "IsMajorVersionUpgrade": false,
                "SupportedEngineModes": [
                    "provisioned"
                ],
                "SupportsParallelQuery": true,
                "SupportsGlobalDatabases": true,
                "SupportsBabelfish": false,
                "SupportsLocalWriteForwarding": true
            }
        ],
        "ExportableLogTypes": [
            "audit",
            "error",
            "general",
            "slowquery"
        ],
        "SupportsLogExportsToCloudwatchLogs": true,
        "SupportsReadReplica": false,
        "SupportedEngineModes": [
            "provisioned"
        ],
        "SupportedFeatureNames": [],
        "Status": "available",
        "SupportsParallelQuery": true,
        "SupportsGlobalDatabases": true,
        "MajorEngineVersion": "8.0",
        "SupportsBabelfish": false,
        "SupportsCertificateRotationWithoutRestart": true,
        "SupportedCACertificateIdentifiers": [
            "rds-ca-ecc384-g1",
            "rds-ca-rsa4096-g1",
            "rds-ca-rsa2048-g1"
        ],
        "SupportsLocalWriteForwarding": true
    }
]
```

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…024 (#32305)

Ref: https://aws.amazon.com/about-aws/whats-new/2024/11/amazon-rds-sql-server-versions-november-2024/

```sh
% aws rds describe-db-engine-versions --engine sqlserver-ee --query "DBEngineVersions[?EngineVersion=='13.00.6455.2.v1'||EngineVersion=='14.00.3485.1.v1'||EngineVersion=='15.00.4410.1.v1'||EngineVersion=='16.00.4165.4.v1'].[DBEngineVersionDescription,EngineVersion,DBParameterGroupFamily,MajorEngineVersion,Status]"

[
    [
        "SQL Server 2016 13.00.6455.2.v1",
        "13.00.6455.2.v1",
        "sqlserver-ee-13.0",
        "13.00",
        "available"
    ],
    [
        "SQL Server 2017 14.00.3485.1.v1",
        "14.00.3485.1.v1",
        "sqlserver-ee-14.0",
        "14.00",
        "available"
    ],
    [
        "SQL Server 2019 15.00.4410.1.v1",
        "15.00.4410.1.v1",
        "sqlserver-ee-15.0",
        "15.00",
        "available"
    ],
    [
        "SQL Server 2022 16.00.4165.4.v1",
        "16.00.4165.4.v1",
        "sqlserver-ee-16.0",
        "16.00",
        "available"
    ]
]
```

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable)

Closes #31634.

### Reason for this change

add support for RA3.large node type

### Description of changes

extended the NodeType enum in ClusterProps.nodeType to include RA3.large

### Description of how you validated changes

ran all tests

### Checklist
- [ x ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable)

Closes #32378 

### Reason for this change

<!--What is the bug or use case behind this change?-->
- Missing AL2023 AMI type

### Description of changes

<!--What code changes did you make? Have you made any important design
decisions?-->
- Add missing AL2023 AMI type

### Description of how you validated changes

<!--Have you added any unit tests and/or integration tests?-->
Integration test

### Checklist
- [x] My code adheres to the [CONTRIBUTING
GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and
[DESIGN
GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache-2.0 license*

---------

Co-authored-by: Jimmy Gaussen <[email protected]>
### Issue # (if applicable)

Closes #31761 

### Reason for this change

Missing feature for kinesis data streams

### Description of changes

Added feature and unit tests

### Description of how you validated changes

Unit tests and integ tests included

### Checklist
- [X] My code adheres to the [CONTRIBUTING
GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and
[DESIGN
GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache-2.0 license*

---------

Co-authored-by: Lee Hannigan <[email protected]>
### Issue # (if applicable)

Part of #9481 
Another PR for this ticket #30664 

### Reason for this change

Added L2 construct for `AWS::Route53::HealthCheck` resource

### Description of changes

The changes only introduces the L2 construct for Route53 health check resources. Except the L2 construct itself, I added basic validations for the input props.

### Description of how you validated changes

- unit tests
- integration tests

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable)

Closes #32417.

### Reason for this change

The Step Function actions for `elasticloadbalancingv2` require IAM policies from the `elasticloadbalancing` service, which was missing from the list of exceptions

### Description of changes

Added `elasticloadbalancingv2` to the existing `iamServiceMap` exception table.
I've also sorted said service map alphabetically, which was previously a mix of chronological and alphabetical sorting (see [blame](https://github.com/aws/aws-cdk/blame/2607eb3a905f735b96713dda4f32d28d10d686fd/packages/aws-cdk-lib/aws-stepfunctions-tasks/lib/aws-sdk/call-aws-service.ts#L93-L97)). The only actual change to the list was the addition of `elasticloadbalancingv2`

### Description of how you validated changes

Added both unit and integ test

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable)

N/A

### Reason for this change

Accidentally added the temporary schema in
https://github.com/aws/aws-cdk/pull/32204/files#diff-e0a6c532aa72e71d2fbedefa7286b214a0c0c39251595a11d84f415004d3d1ba.
Should rely on the official CFN schema as it will contain the most
up-to-date information.

### Description of changes

Remove the temporary schema file.

### Description of how you validated changes

N/A

### Checklist
- [ ] My code adheres to the [CONTRIBUTING
GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and
[DESIGN
GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache-2.0 license*
### Issue # (if applicable)

Closes #30761.

### Checklist
- [x] My code adheres to the [CONTRIBUTING
GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and
[DESIGN
GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache-2.0 license*

---------

Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
…xpression` is ignored (#30986)

### Issue # (if applicable)

Closes #<issue number here>.

### Reason for this change



The `usingMetrics` property (`Record<string, IMetric>`) in `MathExpressionProps` has Metric objects with a `period`.

On the other hand, in the `MathExpression` construct, the `period` of each metric in the `usingMetrics` is ignored and instead overridden by the `period` of the `MathExpression`. Even if the `period` of the `MathExpression` is not specified, it is overridden by its default value.

https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-cloudwatch/lib/metric.ts#L606-L608

However the statement is not written in the JSDoc.

https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-cloudwatch/lib/metric.ts#L566

```ts
new MathExpression({
  expression: "m1+m2",
  label: "AlbErrors",
  usingMetrics: {
    m1: metrics.custom("HTTPCode_ELB_500_Count", {
      period: Duration.minutes(1), // <- ignored and overridden by default value `Duration.minutes(5)` of `period` in the `MathExpressionOptions`
      statistic: "Sum",
      label: "HTTPCode_ELB_500_Count",
    }),
    m2: metrics.custom("HTTPCode_ELB_502_Count", {
      period: Duration.minutes(1), // <- ignored and overridden by default value `Duration.minutes(5)` of `period` in the `MathExpressionOptions`
      statistic: "Sum",
      label: "HTTPCode_ELB_502_Count",
    }),
  },
}),
```

### Description of changes



The current documentation could be confusing to users, so add this description. Also added warnings in the situation.

### Description of how you validated changes



### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…EKS Cluster (#32400)

### Reason for this change

Get rid of the custom resource to provision EKS cluster by using L1 CfnCluster.

### Description of changes

Replace custom resource with native L1 CfnCluster

### Description of how you validated changes
unit tests and integration tests

### Checklist
- [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…egions (#32456)

SDK v3 is ignoring the `region` configuration if it's a non-commercial
region, such as `cn-*`.

This PR also removes a duplicate test suite.

Fixes #32357.

----

*By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache-2.0 license*

Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
Ref: [Amazon MQ now supports AWS PrivateLink](https://aws.amazon.com/about-aws/whats-new/2024/12/amazon-mq-aws-privatelink/)

```sh
% aws ec2 describe-vpc-endpoint-services --filters Name=service-type,Values=Interface Name=owner,Values=amazon --region us-east-1 --query ServiceNames | grep mq

    "com.amazonaws.us-east-1.mq",
```

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Add two options that were not being exposed via the CLI:

- `minifyWhitespace`
- Packing `target`

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…cannot be parsed (#32461)

We are using `this` to refer to static methods, which fails at runtime. Use the class name instead.

Fixes #32454.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
xazhao and others added 4 commits December 11, 2024 17:55
### Reason for this change

I don't see `patch-package` is used anywhere in the code and version is too old.

Based on CVE-2024-21538 https://nvd.nist.gov/vuln/detail/CVE-2024-21538, it should be upgraded to at least 7.0.5. If it's not used anymore, we can remove it from the dependency.

### Description of changes
Remove `patch-package` from dependency

### Description of how you validated changes



### Checklist
- [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
… Type (#32453)

### Issue # (if applicable)

Closes #32359

### Reason for this change

Now, I can't put the workers type dynamic from payload input in the state machine because it only accept a enum type workerType that its a enum and only accepts the define workers. If i pass a string that references the payload input it shows an error.

### Description of changes

Turn the ENUM type `WorkerType` to a class-based implementation. This should be backward compatible as there's no change on user side.

### Description of how you validated changes

New integ tests that use dynamic value for Worker type. When invoking StateMachine with the JSON payload, it will fetch the data correctly and invoke the Glue job with the current worker type and number of workers.

### Checklist
- [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…9481) (#30664)

### Issue # (if applicable)

Part of a bigger piece of work for #9481 
Another PR for this ticket #30739 

### Reason for this change

At this moment constructing the Route53 health checks is available only via L1 construct, this PR is one of the series to introduce the R53 health checks via higher-level constructs.

### Description of changes

The underlying L1 construct of a few L2 constructs for Alias targets already has the `EvaluateTargetHealth` property, so by adding this prop to the L2 construct we get the quick win to introduce the health checks for Alias records.

### Description of how you validated changes

- unit tests
- integration tests

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@aws-cdk-automation aws-cdk-automation requested a review from a team as a code owner December 11, 2024 21:51
@aws-cdk-automation aws-cdk-automation added auto-approve pr/no-squash This PR should be merged instead of squash-merging it labels Dec 11, 2024
@aws-cdk-automation aws-cdk-automation requested a review from a team December 11, 2024 21:51
@xazhao xazhao added pr/do-not-merge This PR should not be merged at this time. and removed pr/do-not-merge This PR should not be merged at this time. labels Dec 11, 2024
if (props.serviceIpv4Cidr && props.ipFamily == IpFamily.IP_V6) {
throw new Error('Cannot specify serviceIpv4Cidr with ipFamily equal to IpFamily.IP_V6');
}

this.authenticationMode = props.authenticationMode;

const resource = this._clusterResource = new ClusterResource(this, 'Resource', {
const resource = this._clusterResource = new CfnCluster(this, 'Resource', {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.

The Kubernetes API server for the Amazon EKS cluster is exposed if endpointAccess is set to EndpointAccess.PUBLIC in the Cluster resource or endpointPublicAccess is true in the CfnCluster resource. This configuration allows unauthorized internet access, increasing security risks such as data breaches and malicious activities. To secure the cluster, set endpointAccess to EndpointAccess.PRIVATE in the Cluster resource and endpointPublicAccess to false in the CfnCluster resource. Implement network access controls to restrict access to trusted sources within the AWS VPC. For more information refer to the documentation https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-eks.EndpointAccess.html.

@aws-cdk-automation
Copy link
Collaborator Author

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
  • Commit ID: 59216bd
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

Copy link
Contributor

mergify bot commented Dec 11, 2024

Thank you for contributing! Your pull request will be automatically updated and merged without squashing (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify mergify bot merged commit b5c2189 into v2-release Dec 11, 2024
15 of 16 checks passed
@mergify mergify bot deleted the bump/2.173.0 branch December 11, 2024 22:27
Copy link

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 11, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
auto-approve p2 pr/no-squash This PR should be merged instead of squash-merging it
Projects
None yet
Development

Successfully merging this pull request may close these issues.