From 5b36eed4c960455fbab1cf35367fcae9cc9d4d4c Mon Sep 17 00:00:00 2001 From: Momo Kornher Date: Mon, 18 Dec 2023 10:30:47 +0000 Subject: [PATCH 1/4] chore(cdk-testing): fix integ test case using unrestricted principal for role (#28403) This test case is flagged up by automated security tooling. There is no actual risk since this is a test stack that is only short-lived and the permissions for the role only allow consuming messages from a queue that doesn't hold any data. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../cli-integ/resources/cdk-apps/simple-app/app.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk-testing/cli-integ/resources/cdk-apps/simple-app/app.js b/packages/@aws-cdk-testing/cli-integ/resources/cdk-apps/simple-app/app.js index e1c644cdbd4c3..f709fbbb44e47 100755 --- a/packages/@aws-cdk-testing/cli-integ/resources/cdk-apps/simple-app/app.js +++ b/packages/@aws-cdk-testing/cli-integ/resources/cdk-apps/simple-app/app.js @@ -14,7 +14,7 @@ class SimpleStack extends cdk.Stack { visibilityTimeout: cdk.Duration.seconds(300), }); const role = new iam.Role(this, 'role', { - assumedBy: new iam.AnyPrincipal(), + assumedBy: new iam.AccountRootPrincipal(), }); queue.grantConsumeMessages(role); } From f741ce62de93f35c3ea43d636f6600fff4d2cbf9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Dec 2023 11:15:15 +0000 Subject: [PATCH 2/4] chore(deps): Bump actions/download-artifact from 3 to 4 (#28405) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 3 to 4.
Release notes

Sourced from actions/download-artifact's releases.

v4.0.0

What's Changed

The release of upload-artifact@v4 and download-artifact@v4 are major changes to the backend architecture of Artifacts. They have numerous performance and behavioral improvements.

For more information, see the @​actions/artifact documentation.

New Contributors

Full Changelog: https://github.com/actions/download-artifact/compare/v3...v4.0.0

v3.0.2

  • Bump @actions/artifact to v1.1.1 - actions/download-artifact#195
  • Fixed a bug in Node16 where if an HTTP download finished too quickly (<1ms, e.g. when it's mocked) we attempt to delete a temp file that has not been created yet actions/toolkit#1278

v3.0.1

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/download-artifact&package-manager=github_actions&previous-version=3&new-version=4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
--- .github/workflows/spec-update.yml | 8 ++++---- .github/workflows/update-metadata-regions.yml | 2 +- .github/workflows/yarn-upgrade.yml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/spec-update.yml b/.github/workflows/spec-update.yml index 61a242b9c654b..be42f8394b191 100644 --- a/.github/workflows/spec-update.yml +++ b/.github/workflows/spec-update.yml @@ -85,12 +85,12 @@ jobs: CI: "true" steps: - name: Download base database - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: db.base.json.gz path: base - name: Download head database - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: db.head.json.gz path: head @@ -128,7 +128,7 @@ jobs: uses: actions/checkout@v4 - name: Download patch - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: update-spec.patch path: ${{ runner.temp }} @@ -137,7 +137,7 @@ jobs: run: '[ -s ${{ runner.temp }}/update-spec.patch ] && git apply ${{ runner.temp }}/update-spec.patch || echo "Empty patch. Skipping."' - name: Download PR body file - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: PR.md path: ${{ runner.temp }} diff --git a/.github/workflows/update-metadata-regions.yml b/.github/workflows/update-metadata-regions.yml index aa0a9228acc6f..72bcf929d5a01 100644 --- a/.github/workflows/update-metadata-regions.yml +++ b/.github/workflows/update-metadata-regions.yml @@ -50,7 +50,7 @@ jobs: uses: actions/checkout@v4 - name: Download patch - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: update-spec.patch path: ${{ runner.temp }} diff --git a/.github/workflows/yarn-upgrade.yml b/.github/workflows/yarn-upgrade.yml index fe632c449db7e..7cad8a52abbbe 100644 --- a/.github/workflows/yarn-upgrade.yml +++ b/.github/workflows/yarn-upgrade.yml @@ -106,7 +106,7 @@ jobs: uses: actions/checkout@v4 - name: Download patch - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: upgrade.patch path: ${{ runner.temp }} From c4cbfad2659e701c53391f74a5579d4d33fccf56 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Dec 2023 11:41:19 +0000 Subject: [PATCH 3/4] chore(deps): Bump actions/upload-artifact from 3 to 4 (#28404) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3 to 4.
Release notes

Sourced from actions/upload-artifact's releases.

v4.0.0

What's Changed

The release of upload-artifact@v4 and download-artifact@v4 are major changes to the backend architecture of Artifacts. They have numerous performance and behavioral improvements.

For more information, see the @​actions/artifact documentation.

New Contributors

Full Changelog: https://github.com/actions/upload-artifact/compare/v3...v4.0.0

v3.1.3

What's Changed

Full Changelog: https://github.com/actions/upload-artifact/compare/v3...v3.1.3

v3.1.2

  • Update all @actions/* NPM packages to their latest versions- #374
  • Update all dev dependencies to their most recent versions - #375

v3.1.1

  • Update actions/core package to latest version to remove set-output deprecation warning #351

v3.1.0

What's Changed

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/upload-artifact&package-manager=github_actions&previous-version=3&new-version=4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
--- .github/workflows/pr-linter-trigger.yml | 2 +- .github/workflows/spec-update.yml | 8 ++++---- .github/workflows/update-metadata-regions.yml | 2 +- .github/workflows/yarn-upgrade.yml | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/pr-linter-trigger.yml b/.github/workflows/pr-linter-trigger.yml index a2a8784182109..fb13df957a1c9 100644 --- a/.github/workflows/pr-linter-trigger.yml +++ b/.github/workflows/pr-linter-trigger.yml @@ -17,7 +17,7 @@ jobs: mkdir -p ./pr echo $PR_NUMBER > ./pr/pr_number echo $PR_SHA > ./pr/pr_sha - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@v4 with: name: pr_info path: pr/ diff --git a/.github/workflows/spec-update.yml b/.github/workflows/spec-update.yml index be42f8394b191..c97e13581cdf6 100644 --- a/.github/workflows/spec-update.yml +++ b/.github/workflows/spec-update.yml @@ -31,7 +31,7 @@ jobs: # Upload the current db to be used later - name: Upload base database - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: db.base.json.gz path: node_modules/@aws-cdk/aws-service-spec/db.json.gz @@ -49,7 +49,7 @@ jobs: # Now that we have updated the database, upload the new candidate db - name: Upload head database - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: db.head.json.gz path: node_modules/@aws-cdk/aws-service-spec/db.json.gz @@ -69,7 +69,7 @@ jobs: git add . git diff --patch --staged > ${{ runner.temp }}/update-spec.patch - name: Upload Patch - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: update-spec.patch path: ${{ runner.temp }}/update-spec.patch @@ -110,7 +110,7 @@ jobs: cat DIFF >> PR.md echo '```' >> PR.md - name: Upload PR body file - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: PR.md path: PR.md diff --git a/.github/workflows/update-metadata-regions.yml b/.github/workflows/update-metadata-regions.yml index 72bcf929d5a01..b41918930b5d1 100644 --- a/.github/workflows/update-metadata-regions.yml +++ b/.github/workflows/update-metadata-regions.yml @@ -33,7 +33,7 @@ jobs: git add . git diff --patch --staged > ${{ runner.temp }}/update-spec.patch - name: Upload Patch - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: update-spec.patch path: ${{ runner.temp }}/update-spec.patch diff --git a/.github/workflows/yarn-upgrade.yml b/.github/workflows/yarn-upgrade.yml index 7cad8a52abbbe..f7775852fbf9c 100644 --- a/.github/workflows/yarn-upgrade.yml +++ b/.github/workflows/yarn-upgrade.yml @@ -89,7 +89,7 @@ jobs: git add . git diff --patch --staged > ${{ runner.temp }}/upgrade.patch - name: Upload Patch - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: upgrade.patch path: ${{ runner.temp }}/upgrade.patch From fcb701ceb7288be5307a0f9c12826a13d97251b7 Mon Sep 17 00:00:00 2001 From: AWS CDK Automation <43080478+aws-cdk-automation@users.noreply.github.com> Date: Mon, 18 Dec 2023 06:07:57 -0800 Subject: [PATCH 4/4] feat: update AWS Service Spec (#28407) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Update AWS Service Spec packages to latest versions **@aws-cdk/aws-service-spec changes:** ``` ├[~] service aws-applicationautoscaling │ └ resources │ └[~] resource AWS::ApplicationAutoScaling::ScalingPolicy │ ├ attributes │ │ └ Arn: (documentation changed) │ └ types │ ├[~] type TargetTrackingMetric │ │ ├ - documentation: Represents a specific metric. │ │ │ + documentation: Represents a specific metric for a target tracking scaling policy for Application Auto Scaling. │ │ │ Metric is a property of the [AWS::ApplicationAutoScaling::ScalingPolicy TargetTrackingMetricStat](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-applicationautoscaling-scalingpolicy-targettrackingmetricstat.html) property type. │ │ └ properties │ │ ├ Dimensions: (documentation changed) │ │ └ Namespace: (documentation changed) │ ├[~] type TargetTrackingMetricDataQuery │ │ ├ - documentation: The metric data to return. Also defines whether this call is returning data for one metric only, or whether it is performing a math expression on the values of returned metric statistics to create a new time series. A time series is a series of data points, each of which is associated with a timestamp. │ │ │ + documentation: The metric data to return. Also defines whether this call is returning data for one metric only, or whether it is performing a math expression on the values of returned metric statistics to create a new time series. A time series is a series of data points, each of which is associated with a timestamp. │ │ │ You can call for a single metric or perform math expressions on multiple metrics. Any expressions used in a metric specification must eventually return a single time series. │ │ │ For more information and examples, see [Create a target tracking scaling policy for Application Auto Scaling using metric math](https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-target-tracking-metric-math.html) in the *Application Auto Scaling User Guide* . │ │ │ `TargetTrackingMetricDataQuery` is a property of the [AWS::ApplicationAutoScaling::ScalingPolicy CustomizedMetricSpecification](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-applicationautoscaling-scalingpolicy-customizedmetricspecification.html) property type. │ │ └ properties │ │ ├ Expression: (documentation changed) │ │ ├ Id: (documentation changed) │ │ ├ MetricStat: (documentation changed) │ │ └ ReturnData: (documentation changed) │ ├[~] type TargetTrackingMetricDimension │ │ └ - documentation: Describes the dimension of a metric. │ │ + documentation: `TargetTrackingMetricDimension` specifies a name/value pair that is part of the identity of a CloudWatch metric for the `Dimensions` property of the [AWS::ApplicationAutoScaling::ScalingPolicy TargetTrackingMetric](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-applicationautoscaling-scalingpolicy-targettrackingmetric.html) property type. Duplicate dimensions are not allowed. │ └[~] type TargetTrackingMetricStat │ ├ - documentation: This structure defines the CloudWatch metric to return, along with the statistic, period, and unit. │ │ + documentation: This structure defines the CloudWatch metric to return, along with the statistic, period, and unit. │ │ `TargetTrackingMetricStat` is a property of the [AWS::ApplicationAutoScaling::ScalingPolicy TargetTrackingMetricDataQuery](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-applicationautoscaling-scalingpolicy-targettrackingmetricdataquery.html) property type. │ │ For more information about the CloudWatch terminology below, see [Amazon CloudWatch concepts](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html) in the *Amazon CloudWatch User Guide* . │ └ properties │ ├ Metric: (documentation changed) │ ├ Stat: (documentation changed) │ └ Unit: (documentation changed) ├[~] service aws-appsync │ └ resources │ ├[~] resource AWS::AppSync::DataSource │ │ └ attributes │ │ └ Id: (documentation changed) │ ├[~] resource AWS::AppSync::GraphQLApi │ │ └ attributes │ │ ├[+] GraphQLEndpointArn: string │ │ └ Id: (documentation changed) │ └[~] resource AWS::AppSync::GraphQLSchema │ └ attributes │ └ Id: (documentation changed) ├[+] service aws-b2bi │ ├ capitalized: B2BI │ │ cloudFormationNamespace: AWS::B2BI │ │ name: aws-b2bi │ │ shortName: b2bi │ └ resources │ ├resource AWS::B2BI::Capability │ │├ name: Capability │ ││ cloudFormationType: AWS::B2BI::Capability │ ││ documentation: Definition of AWS::B2BI::Capability Resource Type │ ││ tagInformation: {"tagPropertyName":"Tags","variant":"standard"} │ │├ properties │ ││ ├Configuration: CapabilityConfiguration (required) │ ││ ├InstructionsDocuments: Array │ ││ ├Name: string (required) │ ││ ├Tags: Array │ ││ └Type: string (required, immutable) │ │├ attributes │ ││ ├CapabilityArn: string │ ││ ├CapabilityId: string │ ││ ├CreatedAt: string │ ││ └ModifiedAt: string │ │└ types │ │ ├type CapabilityConfiguration │ │ │├ name: CapabilityConfiguration │ │ │└ properties │ │ │ └Edi: EdiConfiguration (required) │ │ ├type EdiConfiguration │ │ │├ name: EdiConfiguration │ │ │└ properties │ │ │ ├Type: EdiType (required) │ │ │ ├InputLocation: S3Location (required) │ │ │ ├OutputLocation: S3Location (required) │ │ │ └TransformerId: string (required) │ │ ├type EdiType │ │ │├ name: EdiType │ │ │└ properties │ │ │ └X12Details: X12Details (required) │ │ ├type X12Details │ │ │├ name: X12Details │ │ │└ properties │ │ │ ├TransactionSet: string │ │ │ └Version: string │ │ └type S3Location │ │ ├ name: S3Location │ │ └ properties │ │ ├BucketName: string │ │ └Key: string │ ├resource AWS::B2BI::Partnership │ │├ name: Partnership │ ││ cloudFormationType: AWS::B2BI::Partnership │ ││ documentation: Definition of AWS::B2BI::Partnership Resource Type │ ││ tagInformation: {"tagPropertyName":"Tags","variant":"standard"} │ │├ properties │ ││ ├Capabilities: Array │ ││ ├Email: string (required, immutable) │ ││ ├Name: string (required) │ ││ ├Phone: string (immutable) │ ││ ├ProfileId: string (required, immutable) │ ││ └Tags: Array │ │└ attributes │ │ ├CreatedAt: string │ │ ├ModifiedAt: string │ │ ├PartnershipArn: string │ │ ├PartnershipId: string │ │ └TradingPartnerId: string │ ├resource AWS::B2BI::Profile │ │├ name: Profile │ ││ cloudFormationType: AWS::B2BI::Profile │ ││ documentation: Definition of AWS::B2BI::Profile Resource Type │ ││ tagInformation: {"tagPropertyName":"Tags","variant":"standard"} │ │├ properties │ ││ ├BusinessName: string (required) │ ││ ├Email: string │ ││ ├Logging: string (required, immutable) │ ││ ├Name: string (required) │ ││ ├Phone: string (required) │ ││ └Tags: Array │ │└ attributes │ │ ├CreatedAt: string │ │ ├LogGroupName: string │ │ ├ModifiedAt: string │ │ ├ProfileArn: string │ │ └ProfileId: string │ └resource AWS::B2BI::Transformer │ ├ name: Transformer │ │ cloudFormationType: AWS::B2BI::Transformer │ │ documentation: Definition of AWS::B2BI::Transformer Resource Type │ │ tagInformation: {"tagPropertyName":"Tags","variant":"standard"} │ ├ properties │ │ ├EdiType: EdiType (required) │ │ ├FileFormat: string (required) │ │ ├MappingTemplate: string (required) │ │ ├ModifiedAt: string │ │ ├Name: string (required) │ │ ├SampleDocument: string │ │ ├Status: string (required) │ │ └Tags: Array │ ├ attributes │ │ ├CreatedAt: string │ │ ├TransformerArn: string │ │ └TransformerId: string │ └ types │ ├type EdiType │ │├ name: EdiType │ │└ properties │ │ └X12Details: X12Details (required) │ └type X12Details │ ├ name: X12Details │ └ properties │ ├TransactionSet: string │ └Version: string ├[~] service aws-cloud9 │ └ resources │ └[~] resource AWS::Cloud9::EnvironmentEC2 │ └ properties │ └ ImageId: - string (immutable) │ + string (required, immutable) ├[~] service aws-cloudfront │ └ resources │ └[+] resource AWS::CloudFront::KeyValueStore │ ├ name: KeyValueStore │ │ cloudFormationType: AWS::CloudFront::KeyValueStore │ │ documentation: The Key Value Store. Use this to separate data from function code, allowing you to update data without having to publish a new version of a function. The Key Value Store holds keys and their corresponding values. │ ├ properties │ │ ├Name: string (required, immutable) │ │ ├Comment: string │ │ └ImportSource: ImportSource │ ├ attributes │ │ ├Arn: string │ │ ├Id: string │ │ └Status: string │ └ types │ └type ImportSource │ ├ documentation: The import source for the Key Value Store. │ │ name: ImportSource │ └ properties │ ├SourceType: string (required) │ └SourceArn: string (required) ├[~] service aws-cloudtrail │ └ resources │ ├[~] resource AWS::CloudTrail::EventDataStore │ │ ├ properties │ │ │ ├ FederationEnabled: (documentation changed) │ │ │ └ FederationRoleArn: (documentation changed) │ │ └ types │ │ └[~] type AdvancedFieldSelector │ │ └ properties │ │ └ Field: (documentation changed) │ └[~] resource AWS::CloudTrail::Trail │ └ types │ ├[~] type AdvancedFieldSelector │ │ └ properties │ │ └ Field: (documentation changed) │ └[~] type DataResource │ └ properties │ └ Type: (documentation changed) ├[~] service aws-cloudwatch │ └ resources │ └[~] resource AWS::CloudWatch::MetricStream │ └ properties │ ├ OutputFormat: (documentation changed) │ └ StatisticsConfigurations: (documentation changed) ├[~] service aws-codedeploy │ └ resources │ ├[~] resource AWS::CodeDeploy::DeploymentConfig │ │ ├ properties │ │ │ └ ZonalConfig: (documentation changed) │ │ └ types │ │ ├[~] type MinimumHealthyHostsPerZone │ │ │ ├ - documentation: undefined │ │ │ │ + documentation: Information about the minimum number of healthy instances per Availability Zone. │ │ │ └ properties │ │ │ ├ Type: (documentation changed) │ │ │ └ Value: (documentation changed) │ │ └[~] type ZonalConfig │ │ ├ - documentation: undefined │ │ │ + documentation: Configure the `ZonalConfig` object if you want AWS CodeDeploy to deploy your application to one [Availability Zone](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-availability-zones) at a time, within an AWS Region. By deploying to one Availability Zone at a time, you can expose your deployment to a progressively larger audience as confidence in the deployment's performance and viability grows. If you don't configure the `ZonalConfig` object, CodeDeploy deploys your application to a random selection of hosts across a Region. │ │ │ For more information about the zonal configuration feature, see [zonal configuration](https://docs.aws.amazon.com/codedeploy/latest/userguide/deployment-configurations-create.html#zonal-config) in the *CodeDeploy User Guide* . │ │ └ properties │ │ ├ FirstZoneMonitorDurationInSeconds: (documentation changed) │ │ ├ MinimumHealthyHostsPerZone: (documentation changed) │ │ └ MonitorDurationInSeconds: (documentation changed) │ └[~] resource AWS::CodeDeploy::DeploymentGroup │ └ properties │ └[+] TerminationHookEnabled: boolean ├[~] service aws-codepipeline │ └ resources │ └[~] resource AWS::CodePipeline::Pipeline │ ├ properties │ │ ├[+] PipelineType: string │ │ ├[+] Triggers: Array │ │ └[+] Variables: Array │ └ types │ ├[+] type GitConfiguration │ │ ├ documentation: A type of trigger configuration for Git-based source actions. │ │ │ > You can specify the Git configuration trigger type for all third-party Git-based source actions that are supported by the `CodeStarSourceConnection` action type. │ │ │ name: GitConfiguration │ │ └ properties │ │ ├Push: Array │ │ └SourceActionName: string (required) │ ├[+] type GitPushFilter │ │ ├ documentation: The event criteria that specify when a specified repository event will start the pipeline for the specified trigger configuration, such as the lists of Git tags to include and exclude. │ │ │ name: GitPushFilter │ │ └ properties │ │ └Tags: GitTagFilterCriteria │ ├[+] type GitTagFilterCriteria │ │ ├ documentation: The Git tags specified as filter criteria for whether a Git tag repository event will start the pipeline. │ │ │ name: GitTagFilterCriteria │ │ └ properties │ │ ├Includes: Array │ │ └Excludes: Array │ ├[+] type PipelineTriggerDeclaration │ │ ├ documentation: Represents information about the specified trigger configuration, such as the filter criteria and the source stage for the action that contains the trigger. │ │ │ > This is only supported for the `CodeStarSourceConnection` action type. > When a trigger configuration is specified, default change detection for repository and branch commits is disabled. │ │ │ name: PipelineTriggerDeclaration │ │ └ properties │ │ ├GitConfiguration: GitConfiguration │ │ └ProviderType: string (required) │ └[+] type VariableDeclaration │ ├ documentation: A variable declared at the pipeline level. │ │ name: VariableDeclaration │ └ properties │ ├DefaultValue: string │ ├Description: string │ └Name: string (required) ├[~] service aws-cognito │ └ resources │ ├[~] resource AWS::Cognito::UserPool │ │ └ attributes │ │ └ UserPoolId: (documentation changed) │ ├[~] resource AWS::Cognito::UserPoolClient │ │ └ properties │ │ └ AllowedOAuthFlows: (documentation changed) │ ├[~] resource AWS::Cognito::UserPoolGroup │ │ └ - documentation: Specifies a new group in the identified user pool. │ │ Calling this action requires developer credentials. │ │ > If you don't specify a value for a parameter, Amazon Cognito sets it to a default value. │ │ + documentation: A user pool group that you can add a user to. │ └[~] resource AWS::Cognito::UserPoolUser │ └ properties │ └ UserAttributes: (documentation changed) ├[~] service aws-config │ └ resources │ └[~] resource AWS::Config::ConfigurationRecorder │ ├ properties │ │ └[+] RecordingMode: RecordingMode │ └ types │ ├[+] type RecordingMode │ │ ├ documentation: Specifies the default recording frequency that AWS Config uses to record configuration changes. AWS Config supports *Continuous recording* and *Daily recording* . │ │ │ - Continuous recording allows you to record configuration changes continuously whenever a change occurs. │ │ │ - Daily recording allows you to receive a configuration item (CI) representing the most recent state of your resources over the last 24-hour period, only if it’s different from the previous CI recorded. │ │ │ > AWS Firewall Manager depends on continuous recording to monitor your resources. If you are using Firewall Manager, it is recommended that you set the recording frequency to Continuous. │ │ │ You can also override the recording frequency for specific resource types. │ │ │ name: RecordingMode │ │ └ properties │ │ ├RecordingModeOverrides: Array │ │ └RecordingFrequency: string (required) │ └[+] type RecordingModeOverride │ ├ documentation: An object for you to specify your overrides for the recording mode. │ │ name: RecordingModeOverride │ └ properties │ ├ResourceTypes: Array (required) │ ├RecordingFrequency: string (required) │ └Description: string ├[~] service aws-connect │ └ resources │ ├[~] resource AWS::Connect::Instance │ │ └ properties │ │ └ Tags: (documentation changed) │ ├[~] resource AWS::Connect::InstanceStorageConfig │ │ └ types │ │ └[~] type KinesisVideoStreamConfig │ │ └ properties │ │ └ EncryptionConfig: - EncryptionConfig │ │ + EncryptionConfig (required) │ └[~] resource AWS::Connect::Rule │ └ types │ ├[~] type Actions │ │ └ properties │ │ ├[+] CreateCaseActions: Array │ │ ├[+] EndAssociatedTaskActions: Array │ │ └[+] UpdateCaseActions: Array │ ├[+] type CreateCaseAction │ │ ├ documentation: The definition for create case action. │ │ │ name: CreateCaseAction │ │ └ properties │ │ ├Fields: Array (required) │ │ └TemplateId: string (required) │ ├[+] type Field │ │ ├ documentation: The field of the case. │ │ │ name: Field │ │ └ properties │ │ ├Id: string (required) │ │ └Value: FieldValue (required) │ ├[+] type FieldValue │ │ ├ documentation: The value of the field. │ │ │ name: FieldValue │ │ └ properties │ │ ├StringValue: string │ │ ├BooleanValue: boolean │ │ ├DoubleValue: number │ │ └EmptyValue: json │ └[+] type UpdateCaseAction │ ├ documentation: The definition for update case action. │ │ name: UpdateCaseAction │ └ properties │ └Fields: Array (required) ├[~] service aws-controltower │ └ resources │ └[~] resource AWS::ControlTower::LandingZone │ └ properties │ └ Manifest: (documentation changed) ├[~] service aws-datasync │ └ resources │ └[~] resource AWS::DataSync::Task │ └ types │ └[~] type Options │ └ properties │ └ OverwriteMode: (documentation changed) ├[~] service aws-dms │ └ resources │ ├[~] resource AWS::DMS::DataProvider │ │ ├ - documentation: Resource schema for AWS::DMS::DataProvider │ │ │ + documentation: Provides information that defines a data provider. │ │ ├ properties │ │ │ ├ DataProviderIdentifier: (documentation changed) │ │ │ ├ DataProviderName: (documentation changed) │ │ │ ├ Description: (documentation changed) │ │ │ ├ Engine: (documentation changed) │ │ │ └ Settings: (documentation changed) │ │ ├ attributes │ │ │ ├ DataProviderArn: (documentation changed) │ │ │ └ DataProviderCreationTime: (documentation changed) │ │ └ types │ │ └[~] type PostgreSqlSettings │ │ ├ - documentation: undefined │ │ │ + documentation: Provides information that defines a PostgreSQL endpoint. │ │ └ properties │ │ ├ DatabaseName: (documentation changed) │ │ ├ Port: (documentation changed) │ │ └ ServerName: (documentation changed) │ ├[~] resource AWS::DMS::Endpoint │ │ └ types │ │ └[~] type IbmDb2Settings │ │ └ properties │ │ ├[+] KeepCsvFiles: boolean │ │ ├[+] LoadTimeout: integer │ │ ├[+] MaxFileSize: integer │ │ └[+] WriteBufferSize: integer │ ├[~] resource AWS::DMS::InstanceProfile │ │ ├ - documentation: Resource schema for AWS::DMS::InstanceProfile. │ │ │ + documentation: Provides information that defines an instance profile. │ │ ├ properties │ │ │ ├ AvailabilityZone: (documentation changed) │ │ │ ├ Description: (documentation changed) │ │ │ ├ InstanceProfileIdentifier: (documentation changed) │ │ │ ├ InstanceProfileName: (documentation changed) │ │ │ ├ KmsKeyArn: (documentation changed) │ │ │ ├ NetworkType: (documentation changed) │ │ │ ├ PubliclyAccessible: (documentation changed) │ │ │ ├ SubnetGroupIdentifier: (documentation changed) │ │ │ └ VpcSecurityGroups: (documentation changed) │ │ └ attributes │ │ ├ InstanceProfileArn: (documentation changed) │ │ └ InstanceProfileCreationTime: (documentation changed) │ └[~] resource AWS::DMS::MigrationProject │ ├ - documentation: Resource schema for AWS::DMS::MigrationProject │ │ + documentation: Provides information that defines a migration project. │ ├ properties │ │ ├ Description: (documentation changed) │ │ ├ InstanceProfileArn: (documentation changed) │ │ ├ InstanceProfileIdentifier: (documentation changed) │ │ ├ InstanceProfileName: (documentation changed) │ │ ├ MigrationProjectIdentifier: (documentation changed) │ │ ├ MigrationProjectName: (documentation changed) │ │ ├ SchemaConversionApplicationAttributes: (documentation changed) │ │ ├ SourceDataProviderDescriptors: (documentation changed) │ │ ├ TargetDataProviderDescriptors: (documentation changed) │ │ └ TransformationRules: (documentation changed) │ ├ attributes │ │ └ MigrationProjectArn: (documentation changed) │ └ types │ └[~] type DataProviderDescriptor │ ├ - documentation: It is an object that describes Source and Target DataProviders and credentials for connecting to databases that are used in MigrationProject │ │ + documentation: Information about a data provider. │ └ properties │ ├ DataProviderArn: (documentation changed) │ ├ DataProviderName: (documentation changed) │ ├ SecretsManagerAccessRoleArn: (documentation changed) │ └ SecretsManagerSecretId: (documentation changed) ├[~] service aws-ec2 │ └ resources │ ├[~] resource AWS::EC2::EC2Fleet │ │ └ types │ │ └[~] type TargetCapacitySpecificationRequest │ │ └ properties │ │ ├ DefaultTargetCapacityType: (documentation changed) │ │ ├ TargetCapacityUnitType: (documentation changed) │ │ └ TotalTargetCapacity: (documentation changed) │ ├[~] resource AWS::EC2::Instance │ │ ├ properties │ │ │ ├ SsmAssociations: (documentation changed) │ │ │ └ UserData: (documentation changed) │ │ ├ attributes │ │ │ └[+] InstanceId: string │ │ └ types │ │ └[~] type NetworkInterface │ │ └ properties │ │ └ AssociatePublicIpAddress: (documentation changed) │ ├[~] resource AWS::EC2::LaunchTemplate │ │ └ types │ │ ├[~] type MetadataOptions │ │ │ └ properties │ │ │ └ HttpTokens: (documentation changed) │ │ └[~] type NetworkInterface │ │ └ properties │ │ └ AssociatePublicIpAddress: (documentation changed) │ ├[~] resource AWS::EC2::Route │ │ └ properties │ │ └[+] CoreNetworkArn: string │ ├[~] resource AWS::EC2::SecurityGroupEgress │ │ └ attributes │ │ └ Id: (documentation changed) │ ├[+] resource AWS::EC2::SnapshotBlockPublicAccess │ │ ├ name: SnapshotBlockPublicAccess │ │ │ cloudFormationType: AWS::EC2::SnapshotBlockPublicAccess │ │ │ documentation: Specifies the state of the *block public access for snapshots* setting for the Region. For more information, see [Block public access for snapshots](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-public-access-snapshots.html) . │ │ ├ properties │ │ │ └State: string (required) │ │ └ attributes │ │ └AccountId: string │ ├[~] resource AWS::EC2::SpotFleet │ │ └ types │ │ ├[~] type InstanceNetworkInterfaceSpecification │ │ │ └ properties │ │ │ └ AssociatePublicIpAddress: (documentation changed) │ │ └[~] type SpotFleetRequestConfigData │ │ └ properties │ │ └ TargetCapacityUnitType: (documentation changed) │ └[~] resource AWS::EC2::Subnet │ └ properties │ └ MapPublicIpOnLaunch: (documentation changed) ├[~] service aws-elasticache │ └ resources │ └[~] resource AWS::ElastiCache::ServerlessCache │ ├ properties │ │ ├[+] Endpoint: Endpoint │ │ └[+] ReaderEndpoint: Endpoint │ └ attributes │ ├[-] Endpoint: Endpoint │ ├[+] Endpoint.Address: string │ ├[+] Endpoint.Port: integer │ ├[-] ReaderEndpoint: Endpoint │ ├[+] ReaderEndpoint.Address: string │ └[+] ReaderEndpoint.Port: integer ├[~] service aws-emr │ └ resources │ ├[~] resource AWS::EMR::Cluster │ │ ├ properties │ │ │ ├[+] EbsRootVolumeIops: integer (immutable) │ │ │ ├[+] EbsRootVolumeThroughput: integer (immutable) │ │ │ └[+] PlacementGroupConfigs: Array (immutable) │ │ └ types │ │ └[+] type PlacementGroupConfig │ │ ├ name: PlacementGroupConfig │ │ └ properties │ │ ├InstanceRole: string (required) │ │ └PlacementStrategy: string │ └[~] resource AWS::EMR::Studio │ └ properties │ ├ EncryptionKeyArn: (documentation changed) │ ├ IdcInstanceArn: (documentation changed) │ ├ IdcUserAssignment: (documentation changed) │ └ TrustedIdentityPropagationEnabled: (documentation changed) ├[~] service aws-eventschemas │ └ resources │ ├[~] resource AWS::EventSchemas::Registry │ │ └ attributes │ │ └[-] Id: string │ └[~] resource AWS::EventSchemas::Schema │ └ attributes │ ├[-] Id: string │ ├[+] LastModified: string │ └[+] VersionCreatedDate: string ├[~] service aws-fis │ └ resources │ ├[~] resource AWS::FIS::ExperimentTemplate │ │ ├ - documentation: Describes an experiment template. │ │ │ + documentation: Specifies an experiment template. │ │ │ An experiment template includes the following components: │ │ │ - *Targets* : A target can be a specific resource in your AWS environment, or one or more resources that match criteria that you specify, for example, resources that have specific tags. │ │ │ - *Actions* : The actions to carry out on the target. You can specify multiple actions, the duration of each action, and when to start each action during an experiment. │ │ │ - *Stop conditions* : If a stop condition is triggered while an experiment is running, the experiment is automatically stopped. You can define a stop condition as a CloudWatch alarm. │ │ │ For more information, see [Experiment templates](https://docs.aws.amazon.com/fis/latest/userguide/experiment-templates.html) in the *AWS Fault Injection Service User Guide* . │ │ └ types │ │ ├[~] type ExperimentTemplateAction │ │ │ └ - documentation: Describes an action for an experiment template. │ │ │ + documentation: Specifies an action for an experiment template. │ │ │ For more information, see [Actions](https://docs.aws.amazon.com/fis/latest/userguide/actions.html) in the *AWS Fault Injection Service User Guide* . │ │ ├[~] type ExperimentTemplateLogConfiguration │ │ │ ├ - documentation: Describes the configuration for experiment logging. │ │ │ │ + documentation: Specifies the configuration for experiment logging. │ │ │ │ For more information, see [Experiment logging](https://docs.aws.amazon.com/fis/latest/userguide/monitoring-logging.html) in the *AWS Fault Injection Service User Guide* . │ │ │ └ properties │ │ │ ├ CloudWatchLogsConfiguration: (documentation changed) │ │ │ └ S3Configuration: (documentation changed) │ │ ├[~] type ExperimentTemplateStopCondition │ │ │ └ - documentation: Describes a stop condition for an experiment template. │ │ │ + documentation: Specifies a stop condition for an experiment template. │ │ │ For more information, see [Stop conditions](https://docs.aws.amazon.com/fis/latest/userguide/stop-conditions.html) in the *AWS Fault Injection Service User Guide* . │ │ ├[~] type ExperimentTemplateTarget │ │ │ ├ - documentation: Describes a target for an experiment template. │ │ │ │ + documentation: Specifies a target for an experiment. You must specify at least one Amazon Resource Name (ARN) or at least one resource tag. You cannot specify both ARNs and tags. │ │ │ │ For more information, see [Targets](https://docs.aws.amazon.com/fis/latest/userguide/targets.html) in the *AWS Fault Injection Service User Guide* . │ │ │ └ properties │ │ │ └ Parameters: (documentation changed) │ │ └[~] type ExperimentTemplateTargetFilter │ │ └ - documentation: Describes a filter used for the target resources in an experiment template. │ │ + documentation: Specifies a filter used for the target resource input in an experiment template. │ │ For more information, see [Resource filters](https://docs.aws.amazon.com/fis/latest/userguide/targets.html#target-filters) in the *AWS Fault Injection Service User Guide* . │ └[~] resource AWS::FIS::TargetAccountConfiguration │ └ - documentation: Creates a target account configuration for the experiment template. A target account configuration is required when `accountTargeting` of `experimentOptions` is set to `multi-account` . For more information, see [experiment options](https://docs.aws.amazon.com/fis/latest/userguide/experiment-options.html) in the *AWS Fault Injection Simulator User Guide* . │ + documentation: Creates a target account configuration for the experiment template. A target account configuration is required when `accountTargeting` of `experimentOptions` is set to `multi-account` . For more information, see [experiment options](https://docs.aws.amazon.com/fis/latest/userguide/experiment-options.html) in the *AWS Fault Injection Service User Guide* . ├[~] service aws-gamelift │ └ resources │ └[~] resource AWS::GameLift::Fleet │ └ properties │ └[+] ApplyCapacity: string (immutable) ├[~] service aws-identitystore │ └ resources │ └[~] resource AWS::IdentityStore::GroupMembership │ └ properties │ ├ GroupId: - string (required) │ │ + string (required, immutable) │ └ MemberId: - MemberId (required) │ + MemberId (required, immutable) ├[~] service aws-imagebuilder │ └ resources │ ├[~] resource AWS::ImageBuilder::Component │ │ └ properties │ │ └ ChangeDescription: (documentation changed) │ ├[~] resource AWS::ImageBuilder::ImagePipeline │ │ ├ properties │ │ │ ├[+] ExecutionRole: string │ │ │ └[+] Workflows: Array │ │ └ types │ │ ├[~] type Schedule │ │ │ └ - documentation: A schedule configures how often and when a pipeline will automatically create a new image. │ │ │ + documentation: A schedule configures when and how often a pipeline will automatically create a new image. │ │ ├[+] type WorkflowConfiguration │ │ │ ├ documentation: The workflow configuration of the image │ │ │ │ name: WorkflowConfiguration │ │ │ └ properties │ │ │ ├WorkflowArn: string │ │ │ ├Parameters: Array │ │ │ ├ParallelGroup: string │ │ │ └OnFailure: string │ │ └[+] type WorkflowParameter │ │ ├ documentation: A parameter associated with the workflow │ │ │ name: WorkflowParameter │ │ └ properties │ │ ├Name: string │ │ └Value: Array │ ├[~] resource AWS::ImageBuilder::LifecyclePolicy │ │ └ properties │ │ └ ExecutionRole: (documentation changed) │ └[+] resource AWS::ImageBuilder::Workflow │ ├ name: Workflow │ │ cloudFormationType: AWS::ImageBuilder::Workflow │ │ documentation: Resource schema for AWS::ImageBuilder::Workflow │ ├ properties │ │ ├Name: string (required, immutable) │ │ ├Version: string (required, immutable) │ │ ├Description: string (immutable) │ │ ├ChangeDescription: string (immutable) │ │ ├Type: string (required, immutable) │ │ ├Data: string (immutable) │ │ ├Uri: string (immutable) │ │ ├KmsKeyId: string (immutable) │ │ └Tags: Map (immutable) │ └ attributes │ └Arn: string ├[~] service aws-internetmonitor │ └ resources │ └[~] resource AWS::InternetMonitor::Monitor │ └ types │ ├[~] type InternetMeasurementsLogDelivery │ │ └ properties │ │ └ S3Config: (documentation changed) │ └[~] type S3Config │ ├ - documentation: The configuration for publishing Amazon CloudWatch Internet Monitor internet measurements to Amazon S3. The configuration includes the bucket name and (optionally) prefix for the S3 bucket to store the measurements, and the delivery status. The delivery status is `ENABLED` or `DISABLED` , depending on whether you choose to deliver internet measurements to S3 logs. │ │ + documentation: The configuration for publishing Amazon CloudWatch Internet Monitor internet measurements to Amazon S3. The configuration includes the bucket name and (optionally) bucket prefix for the S3 bucket to store the measurements, and the delivery status. The delivery status is `ENABLED` if you choose to deliver internet measurements to S3 logs, and `DISABLED` otherwise. │ │ The measurements are also published to Amazon CloudWatch Logs. │ └ properties │ ├ BucketName: (documentation changed) │ ├ BucketPrefix: (documentation changed) │ └ LogDeliveryStatus: (documentation changed) ├[~] service aws-iot │ └ resources │ ├[~] resource AWS::IoT::SoftwarePackage │ │ └ properties │ │ ├ Description: (documentation changed) │ │ ├ PackageName: (documentation changed) │ │ └ Tags: (documentation changed) │ └[~] resource AWS::IoT::SoftwarePackageVersion │ └ properties │ ├ Attributes: (documentation changed) │ ├ Description: (documentation changed) │ ├ PackageName: (documentation changed) │ ├ Tags: (documentation changed) │ └ VersionName: (documentation changed) ├[~] service aws-iottwinmaker │ └ resources │ ├[~] resource AWS::IoTTwinMaker::ComponentType │ │ ├ properties │ │ │ └ CompositeComponentTypes: (documentation changed) │ │ └ types │ │ ├[~] type CompositeComponentType │ │ │ ├ - documentation: An object that sets information about a composite component type. │ │ │ │ + documentation: Specifies the ID of the composite component type. │ │ │ └ properties │ │ │ └ ComponentTypeId: (documentation changed) │ │ └[~] type PropertyDefinition │ │ └ properties │ │ └ IsExternalId: (documentation changed) │ └[~] resource AWS::IoTTwinMaker::Entity │ ├ properties │ │ ├ CompositeComponents: (documentation changed) │ │ └ WorkspaceId: (documentation changed) │ └ types │ └[~] type CompositeComponent │ ├ - documentation: undefined │ │ + documentation: Information about a composite component. │ └ properties │ ├ ComponentPath: (documentation changed) │ ├ ComponentTypeId: (documentation changed) │ ├ Description: (documentation changed) │ ├ Properties: (documentation changed) │ ├ PropertyGroups: (documentation changed) │ └ Status: (documentation changed) ├[~] service aws-lambda │ └ resources │ └[~] resource AWS::Lambda::EventInvokeConfig │ └ attributes │ └[-] Id: string ├[~] service aws-logs │ └ resources │ ├[~] resource AWS::Logs::DeliveryDestination │ │ └ - documentation: This structure contains information about one *delivery destination* in your account. A delivery destination is an AWS resource that represents an AWS service that logs can be sent to. CloudWatch Logs, Amazon S3, are supported as Kinesis Data Firehose delivery destinations. │ │ To configure logs delivery between a supported AWS service and a destination, you must do the following: │ │ - Create a delivery source, which is a logical object that represents the resource that is actually sending the logs. For more information, see [PutDeliverySource](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliverySource.html) . │ │ - Create a *delivery destination* , which is a logical object that represents the actual delivery destination. │ │ - If you are delivering logs cross-account, you must use [PutDeliveryDestinationPolicy](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestinationolicy.html) in the destination account to assign an IAM policy to the destination. This policy allows delivery to that destination. │ │ - Create a *delivery* by pairing exactly one delivery source and one delivery destination. For more information, see [CreateDelivery](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateDelivery.html) . │ │ You can configure a single delivery source to send logs to multiple destinations by creating multiple deliveries. You can also create multiple deliveries to configure multiple delivery sources to send logs to the same delivery destination. │ │ + documentation: This structure contains information about one *delivery destination* in your account. A delivery destination is an AWS resource that represents an AWS service that logs can be sent to. CloudWatch Logs, Amazon S3, are supported as Kinesis Data Firehose delivery destinations. │ │ To configure logs delivery between a supported AWS service and a destination, you must do the following: │ │ - Create a delivery source, which is a logical object that represents the resource that is actually sending the logs. For more information, see [PutDeliverySource](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliverySource.html) . │ │ - Create a *delivery destination* , which is a logical object that represents the actual delivery destination. │ │ - If you are delivering logs cross-account, you must use [PutDeliveryDestinationPolicy](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestinationPolicy.html) in the destination account to assign an IAM policy to the destination. This policy allows delivery to that destination. │ │ - Create a *delivery* by pairing exactly one delivery source and one delivery destination. For more information, see [CreateDelivery](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateDelivery.html) . │ │ You can configure a single delivery source to send logs to multiple destinations by creating multiple deliveries. You can also create multiple deliveries to configure multiple delivery sources to send logs to the same delivery destination. │ └[~] resource AWS::Logs::DeliverySource │ ├ - documentation: This structure contains information about one *delivery source* in your account. A delivery source is an AWS resource that sends logs to an AWS destination. The destination can be CloudWatch Logs, Amazon S3, or Kinesis Data Firehose. │ │ Only some AWS services support being configured as a delivery source. These services are listed as *Supported [V2 Permissions]* in the table at [Enabling logging from AWS services.](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html) │ │ To configure logs delivery between a supported AWS service and a destination, you must do the following: │ │ - Create a delivery source, which is a logical object that represents the resource that is actually sending the logs. For more information, see [PutDeliverySource](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliverySource.html) . │ │ - Create a *delivery destination* , which is a logical object that represents the actual delivery destination. For more information, see [PutDeliveryDestination](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestination.html) . │ │ - If you are delivering logs cross-account, you must use [PutDeliveryDestinationPolicy](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestinationolicy.html) in the destination account to assign an IAM policy to the destination. This policy allows delivery to that destination. │ │ - Create a *delivery* by pairing exactly one delivery source and one delivery destination. For more information, see [CreateDelivery](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateDelivery.html) . │ │ You can configure a single delivery source to send logs to multiple destinations by creating multiple deliveries. You can also create multiple deliveries to configure multiple delivery sources to send logs to the same delivery destination. │ │ + documentation: This structure contains information about one *delivery source* in your account. A delivery source is an AWS resource that sends logs to an AWS destination. The destination can be CloudWatch Logs, Amazon S3, or Kinesis Data Firehose. │ │ Only some AWS services support being configured as a delivery source. These services are listed as *Supported [V2 Permissions]* in the table at [Enabling logging from AWS services.](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html) │ │ To configure logs delivery between a supported AWS service and a destination, you must do the following: │ │ - Create a delivery source, which is a logical object that represents the resource that is actually sending the logs. For more information, see [PutDeliverySource](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliverySource.html) . │ │ - Create a *delivery destination* , which is a logical object that represents the actual delivery destination. For more information, see [PutDeliveryDestination](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestination.html) . │ │ - If you are delivering logs cross-account, you must use [PutDeliveryDestinationPolicy](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestinationPolicy.html) in the destination account to assign an IAM policy to the destination. This policy allows delivery to that destination. │ │ - Create a *delivery* by pairing exactly one delivery source and one delivery destination. For more information, see [CreateDelivery](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateDelivery.html) . │ │ You can configure a single delivery source to send logs to multiple destinations by creating multiple deliveries. You can also create multiple deliveries to configure multiple delivery sources to send logs to the same delivery destination. │ └ properties │ └ ResourceArn: (documentation changed) ├[~] service aws-opensearchservice │ └ resources │ └[~] resource AWS::OpenSearchService::Domain │ └ properties │ └ IPAddressType: (documentation changed) ├[~] service aws-organizations │ └ resources │ └[~] resource AWS::Organizations::Policy │ └ properties │ └ Content: (documentation changed) ├[~] service aws-osis │ └ resources │ └[~] resource AWS::OSIS::Pipeline │ ├ properties │ │ ├ BufferOptions: (documentation changed) │ │ └ EncryptionAtRestOptions: (documentation changed) │ └ types │ ├[~] type BufferOptions │ │ └ - documentation: Key-value pairs to configure buffering. │ │ + documentation: Options that specify the configuration of a persistent buffer. To configure how OpenSearch Ingestion encrypts this data, set the EncryptionAtRestOptions. │ └[~] type EncryptionAtRestOptions │ ├ - documentation: Key-value pairs to configure encryption at rest. │ │ + documentation: Options to control how OpenSearch encrypts all data-at-rest. │ └ properties │ └ KmsKeyArn: (documentation changed) ├[~] service aws-route53resolver │ └ resources │ └[~] resource AWS::Route53Resolver::ResolverConfig ├[~] service aws-s3 │ └ resources │ └[~] resource AWS::S3::Bucket │ └ types │ ├[~] type FilterRule │ │ └ - documentation: Specifies the Amazon S3 object key name to filter on and whether to filter on the suffix or prefix of the key name. │ │ + documentation: Specifies the Amazon S3 object key name to filter on. An object key name is the name assigned to an object in your Amazon S3 bucket. You can also specify whether to filter on the suffix or prefix of the object key name. A prefix is a specific string of characters at the beginning of an object key name, which you can use to organize objects. For example, you can start the key names of related objects with a prefix, such as `2023-` or `engineering/` . Then, you can use `FilterRule` to find objects in a bucket with key names that have the same prefix. A suffix is similar to a prefix, but it is at the end of the object key name instead of at the beginning. │ └[~] type ReplicationConfiguration │ └ - documentation: A container for replication rules. You can add up to 1,000 rules. The maximum size of a replication configuration is 2 MB. │ + documentation: A container for replication rules. You can add up to 1,000 rules. The maximum size of a replication configuration is 2 MB. The latest version of the replication configuration XML is V2. For more information about XML V2 replication configurations, see [Replication configuration](https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-add-config.html) in the *Amazon S3 User Guide* . ├[~] service aws-s3outposts │ └ resources │ ├[~] resource AWS::S3Outposts::Bucket │ │ └ properties │ │ └ OutpostId: (documentation changed) │ └[~] resource AWS::S3Outposts::Endpoint │ └ properties │ └ OutpostId: (documentation changed) ├[~] service aws-sagemaker │ └ resources │ ├[~] resource AWS::SageMaker::Domain │ │ ├ attributes │ │ │ └[+] SingleSignOnApplicationArn: string │ │ └ types │ │ └[~] type CodeEditorAppSettings │ │ └ properties │ │ └[-] CustomImages: Array │ ├[~] resource AWS::SageMaker::FeatureGroup │ │ └ types │ │ └[~] type OnlineStoreConfig │ │ └ properties │ │ └ StorageType: (documentation changed) │ └[~] resource AWS::SageMaker::UserProfile │ └ types │ └[~] type CodeEditorAppSettings │ └ properties │ └[-] CustomImages: Array ├[~] service aws-securityhub │ └ resources │ └[~] resource AWS::SecurityHub::Hub │ ├ properties │ │ └ Tags: - json │ │ + Map ⇐ json │ └ attributes │ ├[+] ARN: string │ └[+] SubscribedAt: string ├[~] service aws-servicecatalogappregistry │ └ resources │ └[~] resource AWS::ServiceCatalogAppRegistry::Application │ └ attributes │ ├[+] ApplicationName: string │ ├[+] ApplicationTagKey: string │ └[+] ApplicationTagValue: string ├[~] service aws-sns │ └ resources │ ├[~] resource AWS::SNS::Subscription │ │ └ properties │ │ └[+] ReplayPolicy: json │ └[~] resource AWS::SNS::Topic │ ├ properties │ │ └ DeliveryStatusLogging: (documentation changed) │ └ types │ └[~] type LoggingConfig │ ├ - documentation: undefined │ │ + documentation: The `LoggingConfig` property type specifies the `Delivery` status logging configuration for an [`AWS::SNS::Topic`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sns-topic.html) . │ └ properties │ ├ FailureFeedbackRoleArn: (documentation changed) │ ├ Protocol: (documentation changed) │ ├ SuccessFeedbackRoleArn: (documentation changed) │ └ SuccessFeedbackSampleRate: (documentation changed) ├[~] service aws-ssm │ └ resources │ └[~] resource AWS::SSM::Parameter │ └ properties │ └ Type: (documentation changed) └[~] service aws-transfer └ resources ├[~] resource AWS::Transfer::Server │ ├ properties │ │ └ S3StorageOptions: (documentation changed) │ └ types │ ├[~] type EndpointDetails │ │ └ properties │ │ └ AddressAllocationIds: (documentation changed) │ └[~] type S3StorageOptions │ ├ - documentation: undefined │ │ + documentation: The Amazon S3 storage options that are configured for your server. │ └ properties │ └ DirectoryListingOptimization: (documentation changed) └[~] resource AWS::Transfer::User └ types └[~] type HomeDirectoryMapEntry └ properties └ Type: (documentation changed) ``` --- .../@aws-cdk/cloudformation-diff/package.json | 4 +- packages/@aws-cdk/integ-runner/package.json | 2 +- packages/aws-cdk-lib/aws-b2bi/.jsiirc.json | 13 +++++++ packages/aws-cdk-lib/aws-b2bi/README.md | 39 +++++++++++++++++++ packages/aws-cdk-lib/aws-b2bi/index.ts | 1 + packages/aws-cdk-lib/aws-b2bi/lib/index.ts | 2 + packages/aws-cdk-lib/index.ts | 1 + packages/aws-cdk-lib/package.json | 3 +- packages/aws-cdk-lib/scripts/scope-map.json | 3 ++ tools/@aws-cdk/spec2cdk/package.json | 6 +-- yarn.lock | 28 ++++++------- 11 files changed, 81 insertions(+), 21 deletions(-) create mode 100644 packages/aws-cdk-lib/aws-b2bi/.jsiirc.json create mode 100644 packages/aws-cdk-lib/aws-b2bi/README.md create mode 100644 packages/aws-cdk-lib/aws-b2bi/index.ts create mode 100644 packages/aws-cdk-lib/aws-b2bi/lib/index.ts diff --git a/packages/@aws-cdk/cloudformation-diff/package.json b/packages/@aws-cdk/cloudformation-diff/package.json index f518ea5e7a149..15903e82e29c7 100644 --- a/packages/@aws-cdk/cloudformation-diff/package.json +++ b/packages/@aws-cdk/cloudformation-diff/package.json @@ -23,8 +23,8 @@ }, "license": "Apache-2.0", "dependencies": { - "@aws-cdk/aws-service-spec": "^0.0.35", - "@aws-cdk/service-spec-types": "^0.0.35", + "@aws-cdk/aws-service-spec": "^0.0.36", + "@aws-cdk/service-spec-types": "^0.0.36", "chalk": "^4", "diff": "^5.1.0", "fast-deep-equal": "^3.1.3", diff --git a/packages/@aws-cdk/integ-runner/package.json b/packages/@aws-cdk/integ-runner/package.json index 9e1cbfdab7c87..a58191f30158e 100644 --- a/packages/@aws-cdk/integ-runner/package.json +++ b/packages/@aws-cdk/integ-runner/package.json @@ -74,7 +74,7 @@ "@aws-cdk/cloud-assembly-schema": "0.0.0", "@aws-cdk/cloudformation-diff": "0.0.0", "@aws-cdk/cx-api": "0.0.0", - "@aws-cdk/aws-service-spec": "^0.0.35", + "@aws-cdk/aws-service-spec": "^0.0.36", "cdk-assets": "0.0.0", "@aws-cdk/cdk-cli-wrapper": "0.0.0", "aws-cdk": "0.0.0", diff --git a/packages/aws-cdk-lib/aws-b2bi/.jsiirc.json b/packages/aws-cdk-lib/aws-b2bi/.jsiirc.json new file mode 100644 index 0000000000000..44e228723d8b8 --- /dev/null +++ b/packages/aws-cdk-lib/aws-b2bi/.jsiirc.json @@ -0,0 +1,13 @@ +{ + "targets": { + "java": { + "package": "software.amazon.awscdk.services.b2bi" + }, + "dotnet": { + "package": "Amazon.CDK.AWS.B2BI" + }, + "python": { + "module": "aws_cdk.aws_b2bi" + } + } +} diff --git a/packages/aws-cdk-lib/aws-b2bi/README.md b/packages/aws-cdk-lib/aws-b2bi/README.md new file mode 100644 index 0000000000000..d5bafa0987be8 --- /dev/null +++ b/packages/aws-cdk-lib/aws-b2bi/README.md @@ -0,0 +1,39 @@ +# AWS::B2BI Construct Library + + +--- + +![cfn-resources: Stable](https://img.shields.io/badge/cfn--resources-stable-success.svg?style=for-the-badge) + +> All classes with the `Cfn` prefix in this module ([CFN Resources]) are always stable and safe to use. +> +> [CFN Resources]: https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib + +--- + + + +This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project. + +```ts nofixture +import * as b2bi from 'aws-cdk-lib/aws-b2bi'; +``` + + + +There are no official hand-written ([L2](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib)) constructs for this service yet. Here are some suggestions on how to proceed: + +- Search [Construct Hub for B2BI construct libraries](https://constructs.dev/search?q=b2bi) +- Use the automatically generated [L1](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_l1_using) constructs, in the same way you would use [the CloudFormation AWS::B2BI resources](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_B2BI.html) directly. + + + + +There are no hand-written ([L2](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib)) constructs for this service yet. +However, you can still use the automatically generated [L1](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_l1_using) constructs, and use this service exactly as you would using CloudFormation directly. + +For more information on the resources and properties available for this service, see the [CloudFormation documentation for AWS::B2BI](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_B2BI.html). + +(Read the [CDK Contributing Guide](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and submit an RFC if you are interested in contributing to this construct library.) + + diff --git a/packages/aws-cdk-lib/aws-b2bi/index.ts b/packages/aws-cdk-lib/aws-b2bi/index.ts new file mode 100644 index 0000000000000..f41a696fd204d --- /dev/null +++ b/packages/aws-cdk-lib/aws-b2bi/index.ts @@ -0,0 +1 @@ +export * from './lib'; diff --git a/packages/aws-cdk-lib/aws-b2bi/lib/index.ts b/packages/aws-cdk-lib/aws-b2bi/lib/index.ts new file mode 100644 index 0000000000000..6c5a1da584bbf --- /dev/null +++ b/packages/aws-cdk-lib/aws-b2bi/lib/index.ts @@ -0,0 +1,2 @@ +// AWS::B2BI Cloudformation Resources +export * from './b2bi.generated'; diff --git a/packages/aws-cdk-lib/index.ts b/packages/aws-cdk-lib/index.ts index 739ab80ae4644..5cf12a50313e7 100644 --- a/packages/aws-cdk-lib/index.ts +++ b/packages/aws-cdk-lib/index.ts @@ -27,6 +27,7 @@ export * as aws_autoscaling from './aws-autoscaling'; export * as aws_autoscaling_common from './aws-autoscaling-common'; export * as aws_autoscaling_hooktargets from './aws-autoscaling-hooktargets'; export * as aws_autoscalingplans from './aws-autoscalingplans'; +export * as aws_b2bi from './aws-b2bi'; export * as aws_backup from './aws-backup'; export * as aws_backupgateway from './aws-backupgateway'; export * as aws_batch from './aws-batch'; diff --git a/packages/aws-cdk-lib/package.json b/packages/aws-cdk-lib/package.json index f04834f3a54dd..c7047a5e80ec6 100644 --- a/packages/aws-cdk-lib/package.json +++ b/packages/aws-cdk-lib/package.json @@ -133,7 +133,7 @@ "yaml": "1.10.2" }, "devDependencies": { - "@aws-cdk/aws-service-spec": "^0.0.35", + "@aws-cdk/aws-service-spec": "^0.0.36", "@aws-cdk/cdk-build-tools": "0.0.0", "@aws-cdk/custom-resource-handlers": "0.0.0", "@aws-cdk/pkglint": "0.0.0", @@ -238,6 +238,7 @@ "./aws-autoscaling-common": "./aws-autoscaling-common/index.js", "./aws-autoscaling-hooktargets": "./aws-autoscaling-hooktargets/index.js", "./aws-autoscalingplans": "./aws-autoscalingplans/index.js", + "./aws-b2bi": "./aws-b2bi/index.js", "./aws-backup": "./aws-backup/index.js", "./aws-backupgateway": "./aws-backupgateway/index.js", "./aws-batch": "./aws-batch/index.js", diff --git a/packages/aws-cdk-lib/scripts/scope-map.json b/packages/aws-cdk-lib/scripts/scope-map.json index 12779a8922ae2..034085b533be6 100644 --- a/packages/aws-cdk-lib/scripts/scope-map.json +++ b/packages/aws-cdk-lib/scripts/scope-map.json @@ -68,6 +68,9 @@ "aws-autoscalingplans": [ "AWS::AutoScalingPlans" ], + "aws-b2bi": [ + "AWS::B2BI" + ], "aws-backup": [ "AWS::Backup" ], diff --git a/tools/@aws-cdk/spec2cdk/package.json b/tools/@aws-cdk/spec2cdk/package.json index a27c05f84c917..5e8a53f95470c 100644 --- a/tools/@aws-cdk/spec2cdk/package.json +++ b/tools/@aws-cdk/spec2cdk/package.json @@ -32,9 +32,9 @@ }, "license": "Apache-2.0", "dependencies": { - "@aws-cdk/aws-service-spec": "^0.0.35", - "@aws-cdk/service-spec-importers": "^0.0.11", - "@aws-cdk/service-spec-types": "^0.0.35", + "@aws-cdk/aws-service-spec": "^0.0.36", + "@aws-cdk/service-spec-importers": "^0.0.12", + "@aws-cdk/service-spec-types": "^0.0.36", "@cdklabs/tskb": "^0.0.3", "@cdklabs/typewriter": "^0.0.3", "camelcase": "^6", diff --git a/yarn.lock b/yarn.lock index 2b8f5b3e61795..5662e21dd348a 100644 --- a/yarn.lock +++ b/yarn.lock @@ -56,12 +56,12 @@ resolved "https://registry.npmjs.org/@aws-cdk/asset-node-proxy-agent-v6/-/asset-node-proxy-agent-v6-2.0.1.tgz#6dc9b7cdb22ff622a7176141197962360c33e9ac" integrity sha512-DDt4SLdLOwWCjGtltH4VCST7hpOI5DzieuhGZsBpZ+AgJdSI2GCjklCXm0GCTwJG/SolkL5dtQXyUKgg9luBDg== -"@aws-cdk/aws-service-spec@^0.0.35": - version "0.0.35" - resolved "https://registry.npmjs.org/@aws-cdk/aws-service-spec/-/aws-service-spec-0.0.35.tgz#d6a225a5a306a595c6d51a920141337dd39a0407" - integrity sha512-75rNt8JBVMIv7iE/OfaYli5uVNXhzO/S5ExfXa8IgcXXykyMiYvTgBm7xPN85/pcqWvPIXP0C7ttsmF0JZYEng== +"@aws-cdk/aws-service-spec@^0.0.36": + version "0.0.36" + resolved "https://registry.npmjs.org/@aws-cdk/aws-service-spec/-/aws-service-spec-0.0.36.tgz#ce62d242c0d7e4bc6527327d9849bae1f7df190c" + integrity sha512-hnhWZntWw/GYAYWdhJJSG+xiPQBcBTl8K9AFZSHzW0NvhJCRJIu/3NfFyPmRqZ1qEkHrLhmagVFbdeXucHnjWw== dependencies: - "@aws-cdk/service-spec-types" "^0.0.35" + "@aws-cdk/service-spec-types" "^0.0.36" "@cdklabs/tskb" "^0.0.3" "@aws-cdk/lambda-layer-kubectl-v24@^2.0.242": @@ -69,12 +69,12 @@ resolved "https://registry.npmjs.org/@aws-cdk/lambda-layer-kubectl-v24/-/lambda-layer-kubectl-v24-2.0.242.tgz#4273a5ad7714f933a7eba155eb9280823086db71" integrity sha512-7/wIOo685tmrEe4hh6zqDELhBZh5OQGf3Hd2FU2Vnwy2ZubW8qTmEw5gqJCsCrGKeYDoa1BcVhDRZ/nzjkaqyA== -"@aws-cdk/service-spec-importers@^0.0.11": - version "0.0.11" - resolved "https://registry.npmjs.org/@aws-cdk/service-spec-importers/-/service-spec-importers-0.0.11.tgz#f7e60063337934313036d573a96d1e67ed9922d9" - integrity sha512-EjEpNx7rZNVuUwpJcttwAfQOKhCUojbDOZvu5k/0AcMKs6E/y/zGRdyt5xXxW04979ciLKcdWwgcGf4CcX9CSg== +"@aws-cdk/service-spec-importers@^0.0.12": + version "0.0.12" + resolved "https://registry.npmjs.org/@aws-cdk/service-spec-importers/-/service-spec-importers-0.0.12.tgz#0af7f326eb5503ad8c65e195c37713956fc7fff5" + integrity sha512-Vhb7gPzN0vWV38HfI3h+pRIdaTxK7A77dbVOXKZa8z8Ge1PQq+Tn4xaMzOkhbnXxDnbP2EEUrc8whWYsPo7l1A== dependencies: - "@aws-cdk/service-spec-types" "^0.0.35" + "@aws-cdk/service-spec-types" "^0.0.36" "@cdklabs/tskb" "^0.0.3" ajv "^6" canonicalize "^2.0.0" @@ -85,10 +85,10 @@ glob "^8" sort-json "^2.0.1" -"@aws-cdk/service-spec-types@^0.0.35": - version "0.0.35" - resolved "https://registry.npmjs.org/@aws-cdk/service-spec-types/-/service-spec-types-0.0.35.tgz#0d599074f6f09e741eea8621aa06de29fe4a1653" - integrity sha512-+XqMpPxyH2Hot/ifSF0eWmHUEYBIpUGvjEs4yxCdOrVAxOTYyJv6Ch/MZokOBmNF3Y03gxmaS0lPBhf8isT9EA== +"@aws-cdk/service-spec-types@^0.0.36": + version "0.0.36" + resolved "https://registry.npmjs.org/@aws-cdk/service-spec-types/-/service-spec-types-0.0.36.tgz#d4e7c78b246ba6abdd262668c748f91c31c6075d" + integrity sha512-ILHIT+/7boUOJLe3H0doBxIm9k5+I2wNBg+WzJ6GC2IlPPT1R6qax9yZmvxSDfq87dWEpIuc3DDUZsPkWIA/qg== dependencies: "@cdklabs/tskb" "^0.0.3"