chore(release): 2.195.0 #34383
Merged
chore(release): 2.195.0 #34383
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…34334) ### Issue # (if applicable) Fixes issues when AWS::IAM::Role doesnt exist in the snapshot templates in the PR and yet security guardian complained incorrectly. Closes #<issue number here>. ### Reason for this change ### Description of changes ### Describe any new or updated permissions being added ### Description of how you validated changes ### Checklist - [ x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ecate 16.5, 17.1, 17.2 (#34340) ### Issue # (if applicable) None ### Reason for this change https://aws.amazon.com/about-aws/whats-new/2025/05/amazon-rds-mysql-new-minor-versions/ https://aws.amazon.com/about-aws/whats-new/2025/05/amazon-aurora-postgresql-major-version-17/ ### Description of changes Instance engine add MySQL 8.0.42 and 8.4.5 Cluster engine add Postgres 17.4 and deprecate 16.5, 17.1, 17.2 ### Description of how you validated changes ```console $ aws rds describe-db-engine-versions --engine aurora-postgresql --output table --query 'DBEngineVersions[*].{Engine:Engine,EngineVersion:EngineVersion}' | aurora-postgresql | 16.1 | | aurora-postgresql | 16.2 | | aurora-postgresql | 16.3 | | aurora-postgresql | 16.4 | | aurora-postgresql | 16.4-limitless | | aurora-postgresql | 16.6 | | aurora-postgresql | 16.6-limitless | | aurora-postgresql | 16.8 | | aurora-postgresql | 17.4 | ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) None ### Reason for this change https://aws.amazon.com/about-aws/whats-new/2025/04/amazon-ec2-c8gd-m8gd-r8gd-instances/ ### Description of how you validated changes ```console $ aws ec2 describe-instance-types | grep -e c8gd -e m8gd -e r8gd "InstanceType": "m8gd.metal-48xl", "InstanceType": "r8gd.xlarge", "InstanceType": "c8gd.48xlarge", "InstanceType": "c8gd.4xlarge", "InstanceType": "r8gd.8xlarge", "InstanceType": "c8gd.xlarge", "InstanceType": "c8gd.2xlarge", "InstanceType": "r8gd.medium", "InstanceType": "m8gd.8xlarge", "InstanceType": "c8gd.metal-48xl", "InstanceType": "c8gd.24xlarge", "InstanceType": "r8gd.16xlarge", "InstanceType": "m8gd.2xlarge", "InstanceType": "r8gd.4xlarge", "InstanceType": "c8gd.metal-24xl", "InstanceType": "r8gd.metal-24xl", "InstanceType": "m8gd.12xlarge", "InstanceType": "c8gd.medium", "InstanceType": "r8gd.large", "InstanceType": "m8gd.24xlarge", "InstanceType": "c8gd.8xlarge", "InstanceType": "m8gd.large", "InstanceType": "r8gd.24xlarge", "InstanceType": "m8gd.48xlarge", "InstanceType": "c8gd.12xlarge", "InstanceType": "m8gd.medium", "InstanceType": "r8gd.metal-48xl", "InstanceType": "m8gd.16xlarge", "InstanceType": "m8gd.xlarge", "InstanceType": "c8gd.16xlarge", "InstanceType": "c8gd.large", "InstanceType": "r8gd.12xlarge", "InstanceType": "m8gd.metal-24xl", "InstanceType": "r8gd.2xlarge", "InstanceType": "m8gd.4xlarge", "InstanceType": "r8gd.48xlarge", ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…34310) ### Description of changes 1. Add README for enum-updater. 2. Fix exclusion mechanism where values were not matching because they were not being normalized prior to matching. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) N/A ### Reason for this change OpenSearch version 2.19 is available. https://aws.amazon.com/about-aws/whats-new/2025/04/amazon-opensearch-service-opensearch-version-2-19/ ### Description of changes Added an enum `EngineVersion.OPENSEARCH_2_19` ### Describe any new or updated permissions being added N/A ### Description of how you validated changes Added the enum to unit tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…k 17B, and Amazon Nova Premier (#34291) Ref * [Writer’s Palmyra X5 and X4 models are now available in Amazon Bedrock ](https://aws.amazon.com/about-aws/whats-new/2025/04/writers-palmyra-x5-x4-models-amazon-bedrock/) * [Meta’s Llama 4 now available fully managed in Amazon Bedrock](https://aws.amazon.com/about-aws/whats-new/2025/04/metas-llama-4-managed-amazon-bedrock/) * [Amazon Nova Premier: Our most capable model for complex tasks and teacher for model distillation ](https://aws.amazon.com/blogs/aws/amazon-nova-premier-our-most-capable-model-for-complex-tasks-and-teacher-for-model-distillation/) * https://docs.aws.amazon.com/bedrock/latest/userguide/models-supported.html ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…34353) Closes #34351 ### Reason for this change User reported an issue with the example code in the README. ### Description of changes Fix the example. ### Describe any new or updated permissions being added None ### Description of how you validated changes No code changes. Existing rossetta test are sufficient. ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) This Implements the Property Injectors RFC. https://github.com/aws/aws-cdk-rfcs/blob/main/text/0693-property-injection.md ### Reason for this change Implement the Property Injectors feature so orgs can set up default Construct props values. ### Description of changes Key changes: * propertyInjectionDecorator to make a Construct Property Injectable. * applyInjectors is called from Construct's constructor to inject property defaults. * IPropertyInjector defines an Property Injector. * PropertyInjectors class that stores the map of Constructs to Injectors. * App, Stage, and Stack now has a new propertyInjectors property. ### Describe any new or updated permissions being added None ### Description of how you validated changes * Unit test in core/test/prop-injectors.test.ts * Use `yarn package --target js` to create a library and write Injectors for Constructs. ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) None ### Reason for this change AWS APIGW (REST API) now supports for configuring endpoint IP address type. https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-ip-address-type.html ### Description of changes - Define `IpAddressType` - Add `ipAddressType` to `EndpointConfiguration` ### Describe any new or updated permissions being added None ### Description of how you validated changes Add both unit and integ tests ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ntegration tests (#34266) ### Issue # (if applicable) #34218 (comment) ### Reason for this change Currently, EKS integration tests use v1.24 as default version which is no longer supported. https://github.com/aws/aws-cdk/blob/58c2631de585b300cf8573ab423dcc75791cc3d2/packages/%40aws-cdk-testing/framework-integ/test/aws-eks/test/integ-tests-kubernetes-version.ts#L22-L23 ### Description of changes Update default Kubernetes version from v1.24 to v1.32 in integration tests ### Describe any new or updated permissions being added None ### Description of how you validated changes Pass integration tests ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) ### Reason for this change CDK Lib and CDK CLI have diverged ### Description of changes updates the template fields to capture both AWS CDK Library and AWS CDK CLI versions in separate fields. minor change to existing fields ### Describe any new or updated permissions being added ### Description of how you validated changes ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…34267) ### Issue # (if applicable) Closes #34253 ### Reason for this change Validation too strict ### Description of changes - Allow both `pullRequestFilter` and `pushFilter` - Refactor integ for readability ### Description of how you validated changes Unit + Integ ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) Closes #30684. ### Reason for this change To support Amazon Location API Key. ### Description of changes Add `ApiKey` construct. ### Describe any new or updated permissions being added API key includes allowed actions for AWS managed resources. ### Description of how you validated changes Add unit tests and an integ test. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
) ### Issue # (if applicable) This is a followup to #33887. DO NOT merge this PR until after 33887 is merged. ### Reason for this change In the original Property Injection PR, we enabled 122 Constructs for Property Injections, but we want to make this feature available for all L2 Constructs. ### Description of changes Add logic to Constructs ConstructsUpdater to if a Construct already have PROPERTY_INJECTION_ID property. If not, it will: - Add PROPERTY_INJECTION_ID with value that is calculated from path and class name - Import aws-cdk-lib/core/lib/prop-injectable - Add class decorator @propertyInjectable ### Describe any new or updated permissions being added No permission change. ### Description of how you validated changes - Added unit tests and ran `npm test` - Ran `./bin/update-construct-metadata` locally and manually verified a few random files. ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This turns on Go publishing for the `@aws-cdk/app-staging-synthesizer-alpha` package. This PR *should* be all that is necessary, given that all other alpha packages are publishing into the same GitHub repo as this one and it already exists. We will monitor during the next release. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This change is motivated by the tree metadata containing a `parent` pointer that used to be stripped before writing it to disk in `tree.json`. I removed the `parent` pointer because shouldn't be in this data structure at all.
The TreeMetadata `parent` pointer was being used to build a `ConstructTrace` for the purposes of reporting template validation errors, so that code had to be refactored as well. It was doing a complicated dance that I honestly didn't quite understand going up and down the construct tree trace and holding cached copies of various data structures in memory.
I removed the dependency of the trace reporting on `TreeMetadata` and replaced it with a path traversal from the root of the construct tree, and progressively building the `ConstructTrace` from the constructs we find along the way: first building a chain of `ConstructTrace` objects without `child` and `location` information, and then adding it on later.
One note on what's left here:
- As far as I can tell we are peeling apart a stack trace from the lowest-level `CfnResource` into a different single frames, to be reported in the `ConstructTrace`. I *think* I did a faithful conversion, but what I have only works if child constructs are always created in constructors. Our counting of stack frames will be off by one for every method call involved (in other words, if more than 1 stack frame separates 2 levels in the construct tree).
I'm not fixing this right now because that's not what I want to focus on, but this could/should probably be a backlog item?
------
As an example of the latter, let's say this construct tree:
```
StaticWebsite
|
+-- Bucket
|
+--- CfnResource <-- stack trace only available here
```
The way we will do this is we'll take the stack trace from `CfnResource`, and use it as follows:
- `stackTrace[0]` -> that must be where CfnResource is created
- `stackTrace[1]` -> that must be where Bucket is created
- `stackTrace[2]` -> that must be where StaticWebsite is created
The above assumptions hold for the following code:
```ts
// static-website.ts
class StaticWebsite {
constructor() {
new Bucket(this, 'Bucket');
}
}
// app.ts
new StaticWebsite();
```
But *don't* hold for the following code:
```ts
// static-website.ts
class StaticWebsite {
constructor()
this.createStaticHtmlBucket();
}
private createStaticHtmlBucket() {
new Bucket(this, 'Bucket');
}
}
// app.ts
new StaticWebsite();
```
Because the initialization of `StaticWebsite` now comprises 2 stack frames instead of 1.
----
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…pport token endpoint with default value derived from stack region or endpointUrl (#34122) ### Issue # (if applicable) Closes #31843 ### Reason for this change - Support Beanstalk environment endpoint as token ### Description of changes - Allow user to specify Beanstalk `hostedZoneId` - Default value if not specified derived from stack region or Beanstalk environment endpoint ### Description of how you validated changes Unit + Integ ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This PR updates the CDK enum mapping file.
### Issue # (if applicable) None ### Reason for this change AWS IoT now supports for new audit configuration about device certificate age check. https://docs.aws.amazon.com/iot-device-defender/latest/devguide/device-certificate-age-check.html ### Description of changes - Add `deviceCertificateAgeCheck` to `CheckConfiguration` - To enable audit configuraiton - Add `deviceCertificateAgeCheckDuration` to `CheckConfiguration` - To configure threshold duration in days ### Describe any new or updated permissions being added None ### Description of how you validated changes Add both unit and integ tests ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) BREAKING CHANGE: By default, `deviceDertificateAgeCheck` is automatically enabled. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Reverts #33887 Co-authored-by: Grace Luo <[email protected]>
… to an SNS topic encrypted with a KMS key (under feature flag) (#33858) ### Issue # (if applicable) Closes #16271. ### Reason for this change To create S3 subscriptions for CMK encrypted SNS topic, we have to configure key policy to trust S3. https://docs.aws.amazon.com/AmazonS3/latest/userguide/grant-destinations-permissions-to-s3.html#key-policy-sns-sqs AWS CDK doesn't automatically configure CMK resource policy to receive s3 messages for CMK encrypted SNS subscriptions. Therefore, we have to configure it by ourselves. ### Description of changes - Add feature flag `S3_TRUST_KEY_POLICY_FOR_SNS_SUBSCRIPTIONS` - Add key policy for encrypted subscription ```ts const statement = new iam.PolicyStatement({ principals: [new iam.ServicePrincipal('s3.amazonaws.com')], actions: ['kms:GenerateDataKey', 'kms:Decrypt'], resources: ['*'], }); const addResult = this.topic.masterKey.addToResourcePolicy(statement, true); ``` ### Describe any new or updated permissions being added - Add S3 trust policy to KMS key policy ### Description of how you validated changes Add both unit and integ tests ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Reason for this change Adding new team member's GitHub account ### Description of changes Added my github username (aemada-aws) ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec` **L1 CloudFormation resource definition changes:** ``` ├[~] service aws-bedrock │ └ resources │ ├[~] resource AWS::Bedrock::DataAutomationProject │ │ └ types │ │ ├[+] type AudioOverrideConfiguration │ │ │ ├ documentation: Sets whether your project will process audio or not. │ │ │ │ name: AudioOverrideConfiguration │ │ │ └ properties │ │ │ └ ModalityProcessing: ModalityProcessingConfiguration │ │ ├[~] type DocumentOverrideConfiguration │ │ │ └ properties │ │ │ └[+] ModalityProcessing: ModalityProcessingConfiguration │ │ ├[+] type ImageOverrideConfiguration │ │ │ ├ documentation: Sets whether your project will process images or not. │ │ │ │ name: ImageOverrideConfiguration │ │ │ └ properties │ │ │ └ ModalityProcessing: ModalityProcessingConfiguration │ │ ├[+] type ModalityProcessingConfiguration │ │ │ ├ documentation: This element is used to determine if the modality it is associated with is enabled or disabled. All modalities are enabled by default. │ │ │ │ name: ModalityProcessingConfiguration │ │ │ └ properties │ │ │ └ State: string │ │ ├[+] type ModalityRoutingConfiguration │ │ │ ├ documentation: This element allows you to set up where JPEG, PNG, MOV, and MP4 files get routed to for processing. JPEG routing applies to both "JPEG" and "JPG" file extensions. │ │ │ │ name: ModalityRoutingConfiguration │ │ │ └ properties │ │ │ ├ jpeg: string │ │ │ ├ png: string │ │ │ ├ mp4: string │ │ │ └ mov: string │ │ ├[~] type OverrideConfiguration │ │ │ └ properties │ │ │ ├[+] Audio: AudioOverrideConfiguration │ │ │ ├[+] Image: ImageOverrideConfiguration │ │ │ ├[+] ModalityRouting: ModalityRoutingConfiguration │ │ │ └[+] Video: VideoOverrideConfiguration │ │ └[+] type VideoOverrideConfiguration │ │ ├ documentation: Sets whether your project will process videos or not. │ │ │ name: VideoOverrideConfiguration │ │ └ properties │ │ └ ModalityProcessing: ModalityProcessingConfiguration │ ├[~] resource AWS::Bedrock::DataSource │ │ └ types │ │ └[~] type S3Location │ │ └ - documentation: A storage location in an S3 bucket. │ │ + documentation: A storage location in an Amazon S3 bucket. │ └[~] resource AWS::Bedrock::KnowledgeBase │ └ types │ └[~] type S3Location │ └ - documentation: A storage location in an S3 bucket. │ + documentation: A storage location in an Amazon S3 bucket. ├[~] service aws-cloudfront │ └ resources │ ├[~] resource AWS::CloudFront::ConnectionGroup │ │ ├ - documentation: Resource Type definition for AWS::CloudFront::ConnectionGroup │ │ │ + documentation: The connection group for your distribution tenants. When you first create a distribution tenant and you don't specify a connection group, CloudFront will automatically create a default connection group for you. When you create a new distribution tenant and don't specify a connection group, the default one will be associated with your distribution tenant. │ │ ├ properties │ │ │ ├ Enabled: (documentation changed) │ │ │ ├ Ipv6Enabled: (documentation changed) │ │ │ └ Name: (documentation changed) │ │ └ attributes │ │ ├ Arn: (documentation changed) │ │ ├ CreatedTime: (documentation changed) │ │ ├ ETag: (documentation changed) │ │ ├ Id: (documentation changed) │ │ ├ IsDefault: (documentation changed) │ │ ├ LastModifiedTime: (documentation changed) │ │ ├ RoutingEndpoint: (documentation changed) │ │ └ Status: (documentation changed) │ ├[~] resource AWS::CloudFront::Distribution │ │ └ types │ │ ├[~] type DistributionConfig │ │ │ └ properties │ │ │ ├ ConnectionMode: (documentation changed) │ │ │ └ TenantConfig: (documentation changed) │ │ ├[~] type ParameterDefinition │ │ │ ├ - documentation: undefined │ │ │ │ + documentation: A list of parameter values to add to the resource. A parameter is specified as a key-value pair. A valid parameter value must exist for any parameter that is marked as required in the multi-tenant distribution. │ │ │ └ properties │ │ │ ├ Definition: (documentation changed) │ │ │ └ Name: (documentation changed) │ │ └[~] type TenantConfig │ │ ├ - documentation: undefined │ │ │ + documentation: The configuration for a distribution tenant. │ │ └ properties │ │ └ ParameterDefinitions: (documentation changed) │ ├[~] resource AWS::CloudFront::DistributionTenant │ │ ├ - documentation: Resource Type definition for AWS::CloudFront::DistributionTenant │ │ │ + documentation: The distribution tenant. │ │ ├ properties │ │ │ ├ ConnectionGroupId: (documentation changed) │ │ │ ├ Customizations: (documentation changed) │ │ │ ├ DistributionId: (documentation changed) │ │ │ ├ Domains: (documentation changed) │ │ │ ├ Enabled: (documentation changed) │ │ │ ├ ManagedCertificateRequest: (documentation changed) │ │ │ ├ Name: (documentation changed) │ │ │ └ Parameters: (documentation changed) │ │ ├ attributes │ │ │ ├ Arn: (documentation changed) │ │ │ ├ CreatedTime: (documentation changed) │ │ │ ├ ETag: (documentation changed) │ │ │ ├ Id: (documentation changed) │ │ │ ├ LastModifiedTime: (documentation changed) │ │ │ └ Status: (documentation changed) │ │ └ types │ │ ├[~] type Certificate │ │ │ ├ - documentation: undefined │ │ │ │ + documentation: The AWS Certificate Manager (ACM) certificate associated with your distribution. │ │ │ └ properties │ │ │ └ Arn: (documentation changed) │ │ ├[~] type Customizations │ │ │ ├ - documentation: undefined │ │ │ │ + documentation: Customizations for the distribution tenant. For each distribution tenant, you can specify the geographic restrictions, and the Amazon Resource Names (ARNs) for the ACM certificate and AWS WAF web ACL. These are specific values that you can override or disable from the multi-tenant distribution that was used to create the distribution tenant. │ │ │ └ properties │ │ │ ├ Certificate: (documentation changed) │ │ │ ├ GeoRestrictions: (documentation changed) │ │ │ └ WebAcl: (documentation changed) │ │ ├[~] type DomainResult │ │ │ ├ - documentation: undefined │ │ │ │ + documentation: The details about the domain result. │ │ │ └ properties │ │ │ ├ Domain: (documentation changed) │ │ │ ├[-] Reason: string │ │ │ └ Status: (documentation changed) │ │ ├[~] type GeoRestrictionCustomization │ │ │ ├ - documentation: undefined │ │ │ │ + documentation: The customizations that you specified for the distribution tenant for geographic restrictions. │ │ │ └ properties │ │ │ ├ Locations: (documentation changed) │ │ │ └ RestrictionType: (documentation changed) │ │ ├[~] type ManagedCertificateRequest │ │ │ ├ - documentation: undefined │ │ │ │ + documentation: An object that represents the request for the Amazon CloudFront managed ACM certificate. │ │ │ └ properties │ │ │ ├ CertificateTransparencyLoggingPreference: (documentation changed) │ │ │ ├ PrimaryDomainName: (documentation changed) │ │ │ └ ValidationTokenHost: (documentation changed) │ │ ├[~] type Parameter │ │ │ ├ - documentation: undefined │ │ │ │ + documentation: A list of parameter values to add to the resource. A parameter is specified as a key-value pair. A valid parameter value must exist for any parameter that is marked as required in the multi-tenant distribution. │ │ │ └ properties │ │ │ ├ Name: (documentation changed) │ │ │ └ Value: (documentation changed) │ │ └[~] type WebAclCustomization │ │ ├ - documentation: undefined │ │ │ + documentation: The AWS WAF web ACL customization specified for the distribution tenant. │ │ └ properties │ │ ├ Action: (documentation changed) │ │ └ Arn: (documentation changed) │ └[~] resource AWS::CloudFront::RealtimeLogConfig │ └ types │ └[~] type EndPoint │ ├ - documentation: Contains information about the Amazon Kinesis data stream where you are sending real-time log data in a real-time log configuration. │ │ + documentation: Contains information about the Amazon Kinesis data stream where you are sending real-time log data for this real-time log configuration. │ └ properties │ └ KinesisStreamConfig: (documentation changed) ├[~] service aws-codepipeline │ └ resources │ └[~] resource AWS::CodePipeline::Pipeline │ └ types │ ├[~] type ActionDeclaration │ │ └ properties │ │ └[+] EnvironmentVariables: Array<EnvironmentVariable> │ └[+] type EnvironmentVariable │ ├ documentation: The environment variables for the action. │ │ name: EnvironmentVariable │ └ properties │ ├ Name: string (required) │ └ Value: string (required) ├[~] service aws-cognito │ └ resources │ ├[~] resource AWS::Cognito::ManagedLoginBranding │ │ └ properties │ │ └ UseCognitoProvidedValues: (documentation changed) │ ├[~] resource AWS::Cognito::UserPoolClient │ │ ├ properties │ │ │ └[+] RefreshTokenRotation: RefreshTokenRotation │ │ └ types │ │ └[+] type RefreshTokenRotation │ │ ├ name: RefreshTokenRotation │ │ └ properties │ │ ├ Feature: string │ │ └ RetryGracePeriodSeconds: integer │ └[~] resource AWS::Cognito::UserPoolDomain │ └ properties │ └ ManagedLoginVersion: (documentation changed) ├[~] service aws-datazone │ └ resources │ └[+] resource AWS::DataZone::DomainUnit │ ├ name: DomainUnit │ │ cloudFormationType: AWS::DataZone::DomainUnit │ │ documentation: A domain unit enables you to easily organize your assets and other domain entities under specific business units and teams. │ ├ properties │ │ ├ DomainIdentifier: string (required, immutable) │ │ ├ Description: string │ │ ├ Name: string (required) │ │ └ ParentDomainUnitIdentifier: string (required, immutable) │ └ attributes │ ├ CreatedAt: string │ ├ DomainId: string │ ├ Id: string │ ├ Identifier: string │ ├ ParentDomainUnitId: string │ └ LastUpdatedAt: string ├[~] service aws-dsql │ └ resources │ └[~] resource AWS::DSQL::Cluster │ └ attributes │ └[+] VpcEndpointServiceName: string ├[~] service aws-dynamodb │ └ resources │ └[~] resource AWS::DynamoDB::Table │ └ types │ └[~] type GlobalSecondaryIndex │ └ properties │ ├ OnDemandThroughput: (documentation changed) │ └ ProvisionedThroughput: (documentation changed) ├[~] service aws-ec2 │ └ resources │ ├[~] resource AWS::EC2::ClientVpnEndpoint │ │ ├ properties │ │ │ └[+] ClientRouteEnforcementOptions: ClientRouteEnforcementOptions │ │ └ types │ │ └[+] type ClientRouteEnforcementOptions │ │ ├ name: ClientRouteEnforcementOptions │ │ └ properties │ │ └ Enforced: boolean │ └[~] resource AWS::EC2::TransitGatewayPeeringAttachment │ └ properties │ ├ PeerRegion: (documentation changed) │ └ PeerTransitGatewayId: (documentation changed) ├[~] service aws-ecr │ └ resources │ └[~] resource AWS::ECR::RegistryScanningConfiguration │ ├ - documentation: The AWS::ECR::RegistryScanningConfiguration controls the scanning configuration for an Amazon Elastic Container Registry (Amazon Private ECR). For more information, see https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-scanning.html │ │ + documentation: The scanning configuration for a private registry. │ ├ properties │ │ └ Rules: (documentation changed) │ ├ attributes │ │ └ RegistryId: (documentation changed) │ └ types │ ├[~] type RepositoryFilter │ │ └ - documentation: The details of a scanning repository filter. │ │ + documentation: The filter settings used with image replication. Specifying a repository filter to a replication rule provides a method for controlling which repositories in a private registry are replicated. If no filters are added, the contents of all repositories are replicated. │ └[~] type ScanningRule │ ├ - documentation: A rule representing the details of a scanning configuration. │ │ + documentation: The scanning rules associated with the registry. │ └ properties │ ├ RepositoryFilters: (documentation changed) │ └ ScanFrequency: (documentation changed) ├[~] service aws-ecs │ └ resources │ └[~] resource AWS::ECS::TaskDefinition │ └ properties │ └ Cpu: (documentation changed) ├[~] service aws-fsx │ └ resources │ └[~] resource AWS::FSx::FileSystem │ └ types │ └[~] type OpenZFSConfiguration │ └ properties │ └ ThroughputCapacity: (documentation changed) ├[~] service aws-imagebuilder │ └ resources │ ├[~] resource AWS::ImageBuilder::ContainerRecipe │ │ ├ properties │ │ │ └ ParentImage: (documentation changed) │ │ └ types │ │ └[~] type InstanceConfiguration │ │ └ properties │ │ └ Image: (documentation changed) │ └[~] resource AWS::ImageBuilder::DistributionConfiguration │ └ types │ ├[~] type Distribution │ │ └ properties │ │ └[+] SsmParameterConfigurations: Array<SsmParameterConfiguration> │ └[+] type SsmParameterConfiguration │ ├ documentation: Configuration for a single Parameter in the AWS Systems Manager (SSM) Parameter Store in a given Region. │ │ name: SsmParameterConfiguration │ └ properties │ ├ AmiAccountId: string │ ├ ParameterName: string (required) │ └ DataType: string ├[~] service aws-kinesisanalyticsv2 │ └ resources │ └[~] resource AWS::KinesisAnalyticsV2::Application │ └ properties │ └ RuntimeEnvironment: (documentation changed) ├[~] service aws-medialive │ └ resources │ └[~] resource AWS::MediaLive::Channel │ └ properties │ └ Name: (documentation changed) ├[~] service aws-mediatailor │ └ resources │ └[~] resource AWS::MediaTailor::PlaybackConfiguration │ ├ properties │ │ └[+] AdConditioningConfiguration: AdConditioningConfiguration │ └ types │ └[+] type AdConditioningConfiguration │ ├ documentation: The setting that indicates what conditioning MediaTailor will perform on ads that the ad decision server (ADS) returns. │ │ name: AdConditioningConfiguration │ └ properties │ └ StreamingMediaFileConditioning: string (required) ├[~] service aws-oam │ └ resources │ └[~] resource AWS::Oam::Link │ ├ properties │ │ ├ LabelTemplate: (documentation changed) │ │ └ ResourceTypes: (documentation changed) │ └ types │ ├[~] type LinkConfiguration │ │ └ properties │ │ └ LogGroupConfiguration: (documentation changed) │ └[~] type LinkFilter │ ├ - documentation: undefined │ │ + documentation: When used in `MetricConfiguration` this field specifies which metric namespaces are to be shared with the monitoring account │ │ When used in `LogGroupConfiguration` this field specifies which log groups are to share their log events with the monitoring account. Use the term `LogGroupName` and one or more of the following operands. │ └ properties │ └ Filter: (documentation changed) ├[~] service aws-qbusiness │ └ resources │ └[~] resource AWS::QBusiness::DataSource │ └ types │ └[~] type HookConfiguration │ └ properties │ └ LambdaArn: (documentation changed) ├[~] service aws-rds │ └ resources │ └[~] resource AWS::RDS::DBCluster │ └ properties │ └ AutoMinorVersionUpgrade: (documentation changed) ├[~] service aws-route53profiles │ └ resources │ └[~] resource AWS::Route53Profiles::ProfileResourceAssociation │ └ attributes │ └ ResourceType: (documentation changed) ├[~] service aws-sagemaker │ └ resources │ ├[~] resource AWS::SageMaker::App │ │ ├ properties │ │ │ └[+] RecoveryMode: boolean │ │ └ attributes │ │ └[+] BuiltInLifecycleConfigArn: string │ └[~] resource AWS::SageMaker::UserProfile │ └ types │ ├[~] type CodeEditorAppSettings │ │ └ properties │ │ └[+] BuiltInLifecycleConfigArn: string │ ├[+] type HiddenSageMakerImage │ │ ├ name: HiddenSageMakerImage │ │ └ properties │ │ ├ SageMakerImageName: string │ │ └ VersionAliases: Array<string> │ ├[~] type JupyterLabAppSettings │ │ └ properties │ │ └[+] BuiltInLifecycleConfigArn: string │ ├[~] type StudioWebPortalSettings │ │ └ properties │ │ ├[+] HiddenInstanceTypes: Array<string> │ │ └[+] HiddenSageMakerImageVersionAliases: Array<HiddenSageMakerImage> │ └[~] type UserSettings │ └ properties │ └[+] AutoMountHomeEFS: string └[+] service aws-ssmguiconnect ├ capitalized: SSMGuiConnect │ cloudFormationNamespace: AWS::SSMGuiConnect │ name: aws-ssmguiconnect │ shortName: ssmguiconnect └ resources └ resource AWS::SSMGuiConnect::Preferences ├ name: Preferences │ cloudFormationType: AWS::SSMGuiConnect::Preferences │ documentation: Definition of AWS::SSMGuiConnect::Preferences Resource Type ├ properties │ └ ConnectionRecordingPreferences: ConnectionRecordingPreferences ├ attributes │ └ AccountId: string └ types ├ type ConnectionRecordingPreferences │ ├ documentation: The set of preferences used for recording RDP connections in the requesting AWS account and AWS Region. This includes details such as which S3 bucket recordings are stored in. │ │ name: ConnectionRecordingPreferences │ └ properties │ ├ RecordingDestinations: RecordingDestinations (required) │ └ KMSKeyArn: string (required) ├ type RecordingDestinations │ ├ documentation: Determines where recordings of RDP connections are stored. │ │ name: RecordingDestinations │ └ properties │ └ S3Buckets: Array<S3Bucket> (required) └ type S3Bucket ├ documentation: The S3 bucket where RDP connection recordings are stored. │ name: S3Bucket └ properties ├ BucketOwner: string (required) └ BucketName: string (required) ```
### Issue # (if applicable) N/A ### Reason for this change This upgrade is supposed to be done as part of #34362. But the `@aws-cdk/cloud-assembly-schema` upgrade requires a manual update to the unit test so I am isolating this upgrade to this PR. `v41.2.0` introduced a new line in the manifest file (PR: aws/aws-cdk-cli#184), hence, the unit test was failing. ### Description of changes Upgraded `@aws-cdk/cloud-assembly-schema` to `v41.2.0` and updated unit test. ### Describe any new or updated permissions being added None ### Description of how you validated changes Ran the build locally and no longer see the unit test failing ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) N/A ### Reason for this change Adding new team member's GitHub account ### Description of changes Added my GitHub username ### Describe any new or updated permissions being added N/A ### Description of how you validated changes N/A ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) N/A ### Reason for this change Adding new team member's github account ### Description of changes Added my github username to - .mergify.yml - .github/workflows/github-merit-badger.yml ### Describe any new or updated permissions being added N/A ### Description of how you validated changes N/A ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) N/A ### Reason for this change Adding new team members' GitHub account ### Description of changes Added new Github accounts ### Describe any new or updated permissions being added N/A ### Description of how you validated changes N/A ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws-cdk-automation
added
auto-approve
pr/no-squash
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be automatically updated and merged without squashing (do not update manually, and be sure to allow changes to be pushed to your fork). |
|
Comments on closed issues and PRs are hard for our team to see. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See CHANGELOG