chore(release): 2.135.0 #29682

aws-cdk-automation · 2024-04-01T21:19:51Z

…r AL2023 AMIs (#29505) ### Issue # (if applicable) Closes #29546 ### Reason for this change After #29335, `@aws-eks` should receive AL2023 support, despites the [GPU types are not yet supported](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-amitype) it should at least allow user to customize instance type. However, missing support for `NodegroupAmiType[]` causing validation error emit, so that user can only create [default instance types](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes) ( `t3.medium` or `t4g.medium` ). ``` $ cat ./lib/cluster.ts ... cluster.addNodegroupCapacity("mng-al2023", { amiType: eks.NodegroupAmiType.AL2023_X86_64_STANDARD, instanceTypes: [new ec2.InstanceType("t3.medium")], ... }); ... ``` ``` $ npx cdk version 2.133.0 (build dcc1e75) ``` ``` $ npx cdk synth ... ^ Error: The specified AMI does not match the instance types architecture, either specify one of AL2_X86_64, BOTTLEROCKET_X86_64, WINDOWS_CORE_2019_X86_64, WINDOWS_CORE_2022_X86_64, WINDOWS_FULL_2019_X86_64, WINDOWS_FULL_2022_X86_64 or don't specify any at new Nodegroup (.../node_modules/aws-cdk-lib/aws-eks/lib/managed-nodegroup.js:1:3921) at Cluster.addNodegroupCapacity (.../node_modules/aws-cdk-lib/aws-eks/lib/cluster.js:1:19807) at EksCluster.createManagedNodeGroups (.../lib/cluster.ts:85:13) at new EksCluster (.../lib/cluster.ts:30:10) at Object.<anonymous> (.../bin/eks-basic.ts:10:1) at Module._compile (node:internal/modules/cjs/loader:1376:14) at Module.m._compile (.../node_modules/ts-node/src/index.ts:1618:23) at Module._extensions..js (node:internal/modules/cjs/loader:1435:10) at Object.require.extensions.<computed> [as .ts] (.../node_modules/ts-node/src/index.ts:1621:12) at Module.load (node:internal/modules/cjs/loader:1207:32) Subprocess exited with error 1 ``` ### Description of changes Add `eks.NodegroupAmiType.AL2023_X86_64_STANDARD` and `eks.NodegroupAmiType.AL2023_ARM_64_STANDARD` support for node group module. ### Description of how you validated changes ``` $ npx jest aws-eks/test/cluster.test.ts PASS aws-eks/test/cluster.test.ts (37.298 s) ... =============================== Coverage summary =============================== Statements : 48.86% ( 10077/20621 ) Branches : 27.88% ( 2388/8565 ) Functions : 33.03% ( 1509/4568 ) Lines : 49.71% ( 9905/19923 ) ================================================================================ Jest: "global" coverage threshold for statements (55%) not met: 48.86% Jest: "global" coverage threshold for branches (35%) not met: 27.88% Test Suites: 1 passed, 1 total Tests: 119 passed, 119 total Snapshots: 0 total Time: 41.064 s ``` ``` $ npx jest aws-eks/test/nodegroup.test.ts RUNS aws-eks/test/nodegroup.test.ts ... =============================== Coverage summary =============================== Statements : 43.94% ( 9062/20621 ) Branches : 22.08% ( 1892/8565 ) Functions : 27.16% ( 1241/4568 ) Lines : 44.8% ( 8927/19923 ) ================================================================================ Jest: "global" coverage threshold for statements (55%) not met: 43.94% Jest: "global" coverage threshold for branches (35%) not met: 22.08% Test Suites: 1 passed, 1 total Tests: 59 passed, 59 total Snapshots: 0 total Time: 23.334 s ``` ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…re (#28448) Reraising #27943 as it was incorrectly closed as stale. See original PR for details. Closes #27882. See linked issue for further details. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/merge-back/2.134.0/CHANGELOG.md)

#29382) ### Issue # (if applicable) Closes #22031. ### Reason for this change Adds a validation with correct error indicating ALB Access log bucket does not support KMS encryption ### Description of changes Currently access logs bucket encryption with KMS is not supported in case of ALB but while deploying it throws an error indicating the failure with bucket permissions. This validation introduces an upfront check to throw an error if `bucket.encryptionKey `is defined. Documentation: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/enable-access-logging.html ### Description of how you validated changes Added unit tests for validation. ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

… stream logs to the terminal (#29451) ### Issue Closes #29448 ### Reason for this change After the release of Advanced Logging Controls for Lambda (see https://aws.amazon.com/blogs/compute/introducing-advanced-logging-controls-for-aws-lambda-functions/) I've decided to move all the logs of my multi-stack deployment to a single unified Log Group per deployed tenant. It goes likes this: The main stack creates the LogGroup like `/aws/lambda/{tenant}`; The secondary stacks refers to the LogGroup using `LogGroup.fromLogGroupArn(...)`; Then I discovered that running cdk watch on the main stack I can see the cloudwatch logs on my terminal while on the secondary stacks it does not; I found at that the cloudwatch log group resolver for the logs basically just assumes the log group is `/aws/lambda/{physicalId}` https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk/lib/api/logs/find-cloudwatch-logs.ts#L114 ### Description of changes Use the Template JSON to resolve the `LoggingConfig.LogGroupName` of the Lambda Function; ### Description of how you validated changes I've replace the node_modules/aws-cdk of my project with the one built from this PR and I was able to see the logs of my lambda that has custom LogConfig, as you can see it is grabbing the logs of `/aws/lambda/dev` cloudwatch logs ![2024-03-13T10-46-48](https://github.com/aws/aws-cdk/assets/980905/d12113f6-67b6-4a54-96cf-66df6138d7f7) ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

…ps (#29582) ### Issue # (if applicable) Closes #27321 ### Reason for this change Our customer found `maxRecordAge` can't be set to `-1` Due to limitation of `cdk.Duration`. However, it's not obvious in the docstring that the [default value](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-maximumrecordageinseconds) of `maxRecordAge` is already -1. Our customer can simply leave this prop empty to set it to -1. So, This PR improves the docstring to make default value more apparent. See more discussion in the ticket. ### Description of changes Improve docstring of `maxRecordAge` and `retryAttempts` in `KinesisEventSourceProps` in `aws-lambda-event-source` ### Description of how you validated changes ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…29591) Closes #29590 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…cumentation (#29599) ### Issue # (if applicable) Closes #<issue number here>. ### Reason for this change The links to the example files at https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.custom_resources-readme.html#provider-framework-examples are no longer valid since the repository underwent restructuring. ### Description of changes Replaces the URLs to the S3File and S3Assert example files with valid GitHub links ### Description of how you validated changes Visited the updated links ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Ran npm-check-updates and yarn upgrade to keep the `yarn.lock` file up-to-date.

### Issue # (if applicable) Closes #29556 . ### Reason for this change When creating an ARecord object in Route53 with props.weight set to 0 an Error is thrown. ### Description of changes Change checks for `weight` to use `weight === undefined` instead of `!weight` ### Description of how you validated changes - Added a unit test with `weight: 0` - Updated integ tests to include a record with `weight: 0` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Issue # (if applicable) Could not find any in the backlog ### Reason for this change Update the CDK EC2 listed Windows versions to match the current availability ### Description of changes * Added new Windows images * Marked as deprecated old Windows images ### Description of how you validated changes Once again, I'm comparing the CDK enumeration to live SDK data, this time using the `ec2:DescribeImages` API command, with the following parameters: ```ts { Owners: ["amazon"], Filters: [{ Name: "name", Values: ["Windows_Server*"] }], } ``` Images that are no longer listed by this command are marked as `@deprecated`, and new images are added to the enum ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…#29633) ### Issue # (if applicable) Closes #29610 Related to #28898 ### Reason for this change Previously the AWS partition was hardcoded so it would not work for other special partitions. ### Description of changes Replace hardcoded `aws` partition to be dynamically added with `this.cluster.stack.partition`. ### Description of how you validated changes Ran integ tests suite, no changes. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…iAzWithStandbyEnabled` (#29634) ### Reason for this change Default value of the `multiAzWithStandbyEnabled` parameter will be set to true if the feature flag `multiAzWithStandbyEnabled` is enabled now. However, the current description for the default value does not yet reflect that. ### Description of changes Change the description for the default value with the feature flag. ### Description of how you validated changes Nothing. It is just to change the description. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…with standby feature (#29607) ### Issue # (if applicable) Related with #26026 ### Reason for this change #26082 enabled Multi-AZ with Standby by default, but deployment fails if we use t3 instance type, because it does not support the feature. To fail fast, this PR adds validation on synth time. > Multi-AZ with Standby only works with the m5, c5, r5, r6g, c6g, m6g, r6gd and i3 instance types. > https://docs.aws.amazon.com/opensearch-service/latest/developerguide/managedomains-multiaz.html > You can use T3 instance types only if your domain is provisioned without standby. > https://docs.aws.amazon.com/opensearch-service/latest/developerguide/supported-instance-types.html#latest-gen ### Description of changes If the instance type of data node or master node is t3, throws an error. I also considered to automatically set `multiAzWithStandbyEnabled: false` if we detect any t3 instance type, but it would introduce unwanted behavior e.g. in the below case: ```ts // Initial state // multiAzWithStandbyEnabled: true as there's no t3 instance type new Domain(stack, 'Domain', { version: engineVersion, capacity: { dataNodeInstanceType: 'r5.large.search', }, }) // Update domain to add master nodes with t3 instance type new Domain(stack, 'Domain', { version: engineVersion, capacity: { dataNodeInstanceType: 'r5.large.search', masterNodeInstanceType: 't3.medium.search', masterNodes: 3, }, }) // multiAzWithStandbyEnabled suddenly become false! ``` so we just throw an error. ### Description of how you validated changes Added some unit tests. I also confirmed that it results in deployment error if we try to deploy with t3 instance type & `multiAzWithStandbyEnabled : true` for both data node and master node. ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…ccount zone delegation (#29466) ### Issue # (if applicable) n/a ### Reason for this change In certain circumstances, the default STS region resolution logic will not properly select a region due to the hardcoded mapping between region prefixes and STS regions. ### Description of changes This change allows callers to specify a region in which STS will be called. ### Description of how you validated changes Unit tests were added to aws-cdk-lib. Integ tests were updated and pass on my personal accounts, but I'm not sure how to check if they'll pass in CI. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Closes #29539. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Issue # (if applicable) Closes #29560. ### Reason for this change The service name generated by the CDK for global VPC endpoints was incorrect, as it contained the stack's region: ```sh $ aws ec2 describe-vpc-endpoint-services --region=us-east-1 --service-names=com.amazonaws.s3-global.accesspoint | jq '.ServiceDetails[] | .ServiceName' "com.amazonaws.s3-global.accesspoint" ``` ```ts new CfnOutput(this, "endpoint", { value: ec2.InterfaceVpcEndpointAwsService.S3_MULTI_REGION_ACCESS_POINTS.name, }); // TestDeployStack.endpoint = com.amazonaws.eu-west-1.s3-global.accesspoint ``` In addition, another global endpoint was missing from `InterfaceVpcEndpointAwsService`. ### Description of changes * The `InterfaceVpcEndpointAwsService` constructor was modified to * I would have preferred to switch to a single object for the optional constructor properties (`prefix`, `port`, and now `global`), but couldn't make a breaking change to a publicly accessible constructor * `InterfaceVpcEndpointAwsService.S3_MULTI_REGION_ACCESS_POINTS` was changed to be a global VPC endpoint * `InterfaceVpcEndpointAwsService.CODECATALYST` was added ### Description of how you validated changes I've added a unit test to check that the global endpoints' name were set correctly. I also added an integration test for `InterfaceVpcEndpointAwsService.S3_MULTI_REGION_ACCESS_POINTS`. To test it, I created a publicly accessible EC2 instance on the VPC, connected to it and ran `nslookup accesspoint.s3-global.amazonaws.com` to make sure it was resolvable (see [Configuring a Multi-Region Access Point for use with AWS PrivateLink](https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiRegionAccessPointsPrivateLink.html)): Without the `InterfaceVpcEndpointAwsService.S3_MULTI_REGION_ACCESS_POINTS` interface endpoint: ```sh $ nslookup accesspoint.s3-global.amazonaws.com Server: 10.0.0.2 Address: 10.0.0.2#53 Non-authoritative answer: *** Can't find accesspoint.s3-global.amazonaws.com: No answer ``` With the `InterfaceVpcEndpointAwsService.S3_MULTI_REGION_ACCESS_POINTS` interface endpoint: ```sh $ nslookup accesspoint.s3-global.amazonaws.com Server: 10.0.0.2 Address: 10.0.0.2#53 Non-authoritative answer: Name: accesspoint.s3-global.amazonaws.com Address: 10.0.156.75 Name: accesspoint.s3-global.amazonaws.com Address: 10.0.246.83 ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Automated changes by [create-pull-request](https://github.com/peter-evans/create-pull-request) GitHub action

Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec` **L1 CloudFormation resource definition changes:** ``` ├[~] service aws-appintegrations │ └ resources │ └[~] resource AWS::AppIntegrations::Application │ ├ - documentation: Resource Type definition for AWS:AppIntegrations::Application │ │ + documentation: Creates and persists an Application resource. │ ├ properties │ │ ├ ApplicationSourceConfig: (documentation changed) │ │ ├ Description: (documentation changed) │ │ └ Tags: (documentation changed) │ └ types │ ├[~] type ApplicationSourceConfig │ │ ├ - documentation: Application source config │ │ │ + documentation: The configuration for where the application should be loaded from. │ │ └ properties │ │ └ ExternalUrlConfig: (documentation changed) │ └[~] type ExternalUrlConfig │ ├ - documentation: undefined │ │ + documentation: The external URL source for the application. │ └ properties │ ├ AccessUrl: (documentation changed) │ └ ApprovedOrigins: (documentation changed) ├[~] service aws-applicationautoscaling │ └ resources │ └[~] resource AWS::ApplicationAutoScaling::ScalingPolicy │ └ types │ └[~] type TargetTrackingMetricStat │ └ - documentation: This structure defines the CloudWatch metric to return, along with the statistic, period, and unit. │ `TargetTrackingMetricStat` is a property of the [AWS::ApplicationAutoScaling::ScalingPolicy TargetTrackingMetricDataQuery](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-applicationautoscaling-scalingpolicy-targettrackingmetricdataquery.html) property type. │ For more information about the CloudWatch terminology below, see [Amazon CloudWatch concepts](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html) in the *Amazon CloudWatch User Guide* . │ + documentation: This structure defines the CloudWatch metric to return, along with the statistic and unit. │ `TargetTrackingMetricStat` is a property of the [AWS::ApplicationAutoScaling::ScalingPolicy TargetTrackingMetricDataQuery](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-applicationautoscaling-scalingpolicy-targettrackingmetricdataquery.html) property type. │ For more information about the CloudWatch terminology below, see [Amazon CloudWatch concepts](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html) in the *Amazon CloudWatch User Guide* . ├[~] service aws-appmesh │ └ resources │ └[~] resource AWS::AppMesh::VirtualNode │ └ - documentation: Creates a virtual node within a service mesh. │ A virtual node acts as a logical pointer to a particular task group, such as an Amazon ECS service or a Kubernetes deployment. When you create a virtual node, you can specify the service discovery information for your task group, and whether the proxy running in a task group will communicate with other proxies using Transport Layer Security (TLS). │ You define a `listener` for any inbound traffic that your virtual node expects. Any virtual service that your virtual node expects to communicate to is specified as a `backend` . │ The response metadata for your new virtual node contains the `arn` that is associated with the virtual node. Set this value to the full ARN; for example, `arn:aws:appmesh:us-west-2:123456789012:myMesh/default/virtualNode/myApp` ) as the `APPMESH_RESOURCE_ARN` environment variable for your task group's Envoy proxy container in your task definition or pod spec. This is then mapped to the `node.id` and `node.cluster` Envoy parameters. │ > By default, App Mesh uses the name of the resource you specified in `APPMESH_RESOURCE_ARN` when Envoy is referring to itself in metrics and traces. You can override this behavior by setting the `APPMESH_RESOURCE_CLUSTER` environment variable with your own name. │ For more information about virtual nodes, see [Virtual nodes](https://docs.aws.amazon.com/app-mesh/latest/userguide/virtual_nodes.html) . You must be using `1.15.0` or later of the Envoy image when setting these variables. For more information about App Mesh Envoy variables, see [Envoy image](https://docs.aws.amazon.com/app-mesh/latest/userguide/envoy.html) in the AWS App Mesh User Guide. │ + documentation: Creates a virtual node within a service mesh. │ A virtual node acts as a logical pointer to a particular task group, such as an Amazon ECS service or a Kubernetes deployment. When you create a virtual node, you can specify the service discovery information for your task group, and whether the proxy running in a task group will communicate with other proxies using Transport Layer Security (TLS). │ You define a `listener` for any inbound traffic that your virtual node expects. Any virtual service that your virtual node expects to communicate to is specified as a `backend` . │ The response metadata for your new virtual node contains the `arn` that is associated with the virtual node. Set this value to the full ARN; for example, `arn:aws:appmesh:us-west-2:123456789012:myMesh/default/virtualNode/myApp` ) as the `APPMESH_RESOURCE_ARN` environment variable for your task group's Envoy proxy container in your task definition or pod spec. This is then mapped to the `node.id` and `node.cluster` Envoy parameters. │ > By default, App Mesh uses the name of the resource you specified in `APPMESH_RESOURCE_ARN` when Envoy is referring to itself in metrics and traces. You can override this behavior by setting the `APPMESH_RESOURCE_CLUSTER` environment variable with your own name. │ For more information about virtual nodes, see [Virtual nodes](https://docs.aws.amazon.com/app-mesh/latest/userguide/virtual_nodes.html) . You must be using `1.15.0` or later of the Envoy image when setting these variables. For more information aboutApp Mesh Envoy variables, see [Envoy image](https://docs.aws.amazon.com/app-mesh/latest/userguide/envoy.html) in the AWS App Mesh User Guide. ├[~] service aws-aps │ └ resources │ ├[~] resource AWS::APS::RuleGroupsNamespace │ │ └ - documentation: The definition of a rule groups namespace in an Amazon Managed Service for Prometheus workspace. A rule groups namespace is associated with exactly one rules file. A workspace can have multiple rule groups namespaces. For more information about rules files, seee [Creating a rules file](https://docs.aws.amazon.com/prometheus/latest/userguide/AMP-ruler-rulesfile.html) , in the *Amazon Managed Service for Prometheus User Guide* . │ │ + documentation: The definition of a rule groups namespace in an Amazon Managed Service for Prometheus workspace. A rule groups namespace is associated with exactly one rules file. A workspace can have multiple rule groups namespaces. For more information about rules files, see [Creating a rules file](https://docs.aws.amazon.com/prometheus/latest/userguide/AMP-ruler-rulesfile.html) , in the *Amazon Managed Service for Prometheus User Guide* . │ └[+] resource AWS::APS::Scraper │ ├ name: Scraper │ │ cloudFormationType: AWS::APS::Scraper │ │ documentation: Resource Type definition for AWS::APS::Scraper │ │ tagInformation: {"tagPropertyName":"Tags","variant":"standard"} │ ├ properties │ │ ├Alias: string (immutable) │ │ ├ScrapeConfiguration: ScrapeConfiguration (required, immutable) │ │ ├Source: Source (required, immutable) │ │ ├Destination: Destination (required, immutable) │ │ └Tags: Array<tag> │ ├ attributes │ │ ├ScraperId: string │ │ ├Arn: string │ │ └RoleArn: string │ └ types │ ├type ScrapeConfiguration │ │├ documentation: Scraper configuration │ ││ name: ScrapeConfiguration │ │└ properties │ │ └ConfigurationBlob: string (required) │ ├type Source │ │├ documentation: Scraper metrics source │ ││ name: Source │ │└ properties │ │ └EksConfiguration: EksConfiguration (required) │ ├type EksConfiguration │ │├ documentation: Configuration for EKS metrics source │ ││ name: EksConfiguration │ │└ properties │ │ ├ClusterArn: string (required) │ │ ├SecurityGroupIds: Array<string> │ │ └SubnetIds: Array<string> (required) │ ├type Destination │ │├ documentation: Scraper metrics destination │ ││ name: Destination │ │└ properties │ │ └AmpConfiguration: AmpConfiguration (required) │ └type AmpConfiguration │ ├ documentation: Configuration for Amazon Managed Prometheus metrics destination │ │ name: AmpConfiguration │ └ properties │ └WorkspaceArn: string (required) ├[~] service aws-cleanrooms │ └ resources │ └[~] resource AWS::CleanRooms::ConfiguredTable │ └ types │ ├[~] type AnalysisRuleCustom │ │ └ properties │ │ └[+] DifferentialPrivacy: DifferentialPrivacy │ ├[+] type DifferentialPrivacy │ │ ├ name: DifferentialPrivacy │ │ └ properties │ │ └Columns: Array<DifferentialPrivacyColumn> (required) │ └[+] type DifferentialPrivacyColumn │ ├ documentation: Specifies the name of the column that contains the unique identifier of your users, whose privacy you want to protect. │ │ name: DifferentialPrivacyColumn │ └ properties │ └Name: string (required) ├[~] service aws-codebuild │ └ resources │ ├[~] resource AWS::CodeBuild::Project │ │ └ types │ │ ├[~] type ProjectSourceVersion │ │ │ └ properties │ │ │ └ SourceVersion: (documentation changed) │ │ └[~] type Source │ │ └ properties │ │ ├ Location: (documentation changed) │ │ └ Type: (documentation changed) │ └[~] resource AWS::CodeBuild::SourceCredential │ └ properties │ ├ AuthType: (documentation changed) │ └ ServerType: (documentation changed) ├[~] service aws-codestarconnections │ └ resources │ └[~] resource AWS::CodeStarConnections::SyncConfiguration │ └ properties │ ├[+] PublishDeploymentStatus: string │ └[+] TriggerResourceUpdateOn: string ├[~] service aws-connect │ └ resources │ └[~] resource AWS::Connect::PredefinedAttribute │ └ attributes │ ├[+] LastModifiedRegion: string │ └[+] LastModifiedTime: number ├[~] service aws-dms │ └ resources │ └[~] resource AWS::DMS::Endpoint │ └ types │ └[~] type PostgreSqlSettings │ └ properties │ ├ CaptureDdls: (documentation changed) │ ├ DdlArtifactsSchema: (documentation changed) │ ├ FailTasksOnLobTruncation: (documentation changed) │ ├ HeartbeatEnable: (documentation changed) │ ├ HeartbeatFrequency: (documentation changed) │ ├ HeartbeatSchema: (documentation changed) │ ├ MapBooleanAsBoolean: (documentation changed) │ ├ MaxFileSize: (documentation changed) │ └ PluginName: (documentation changed) ├[~] service aws-docdbelastic │ └ resources │ └[~] resource AWS::DocDBElastic::Cluster │ └ properties │ ├ BackupRetentionPeriod: (documentation changed) │ ├ PreferredBackupWindow: (documentation changed) │ └ ShardInstanceCount: (documentation changed) ├[~] service aws-ec2 │ └ resources │ ├[~] resource AWS::EC2::Subnet │ │ └ properties │ │ └[+] EnableLniAtDeviceIndex: integer │ └[~] resource AWS::EC2::TransitGatewayRouteTableAssociation ├[~] service aws-ecs │ └ resources │ └[~] resource AWS::ECS::TaskSet │ └ - documentation: Create a task set in the specified cluster and service. This is used when a service uses the `EXTERNAL` deployment controller type. For more information, see [Amazon ECS deployment types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-types.html) in the *Amazon Elastic Container Service Developer Guide* . │ For information about the maximum number of task sets and otther quotas, see [Amazon ECS service quotas](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-quotas.html) in the *Amazon Elastic Container Service Developer Guide* . │ + documentation: Create a task set in the specified cluster and service. This is used when a service uses the `EXTERNAL` deployment controller type. For more information, see [Amazon ECS deployment types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-types.html) in the *Amazon Elastic Container Service Developer Guide* . │ > On March 21, 2024, a change was made to resolve the task definition revision before authorization. When a task definition revision is not specified, authorization will occur using the latest revision of a task definition. │ For information about the maximum number of task sets and otther quotas, see [Amazon ECS service quotas](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-quotas.html) in the *Amazon Elastic Container Service Developer Guide* . ├[~] service aws-entityresolution │ └ resources │ └[~] resource AWS::EntityResolution::MatchingWorkflow │ └ types │ └[~] type ResolutionTechniques │ └ properties │ └ ResolutionType: (documentation changed) ├[~] service aws-globalaccelerator │ └ resources │ └[~] resource AWS::GlobalAccelerator::EndpointGroup │ └ types │ └[~] type EndpointConfiguration │ └ properties │ └ AttachmentArn: (documentation changed) ├[~] service aws-glue │ └ resources │ └[~] resource AWS::Glue::Crawler │ ├ properties │ │ └ LakeFormationConfiguration: (documentation changed) │ └ types │ └[~] type LakeFormationConfiguration │ ├ - documentation: undefined │ │ + documentation: Specifies AWS Lake Formation configuration settings for the crawler. │ └ properties │ ├ AccountId: (documentation changed) │ └ UseLakeFormationCredentials: (documentation changed) ├[~] service aws-iotsitewise │ └ resources │ └[~] resource AWS::IoTSiteWise::AssetModel │ └ types │ ├[~] type AssetModelCompositeModel │ │ └ properties │ │ ├ Description: (documentation changed) │ │ ├ ExternalId: (documentation changed) │ │ ├ ParentAssetModelCompositeModelExternalId: (documentation changed) │ │ └ Path: (documentation changed) │ ├[~] type AssetModelHierarchy │ │ └ properties │ │ ├ ExternalId: (documentation changed) │ │ └ LogicalId: (documentation changed) │ └[~] type AssetModelProperty │ └ properties │ ├ ExternalId: (documentation changed) │ └ LogicalId: (documentation changed) ├[~] service aws-kafkaconnect │ └ resources │ ├[~] resource AWS::KafkaConnect::CustomPlugin │ │ ├ - documentation: An example resource schema demonstrating some basic constructs and validation rules. │ │ │ + documentation: Creates a custom plugin using the specified properties. │ │ ├ properties │ │ │ ├ ContentType: (documentation changed) │ │ │ ├ Description: (documentation changed) │ │ │ └ Location: (documentation changed) │ │ ├ attributes │ │ │ └ CustomPluginArn: (documentation changed) │ │ └ types │ │ ├[~] type CustomPluginFileDescription │ │ │ └ - documentation: Details about the custom plugin file. │ │ │ + documentation: Details about a custom plugin file. │ │ └[~] type S3Location │ │ └ - documentation: The S3 bucket Amazon Resource Name (ARN), file key, and object version of the plugin file stored in Amazon S3. │ │ + documentation: The location of an object in Amazon S3. │ └[~] resource AWS::KafkaConnect::WorkerConfiguration │ ├ - documentation: The configuration of the workers, which are the processes that run the connector logic. │ │ + documentation: Creates a worker configuration using the specified properties. │ ├ properties │ │ ├ Description: (documentation changed) │ │ └ PropertiesFileContent: (documentation changed) │ └ attributes │ ├ Revision: (documentation changed) │ └ WorkerConfigurationArn: (documentation changed) ├[~] service aws-kendra │ └ resources │ └[~] resource AWS::Kendra::DataSource │ └ types │ ├[~] type ConnectionConfiguration │ │ └ properties │ │ └ SecretArn: (documentation changed) │ ├[~] type CustomDocumentEnrichmentConfiguration │ │ └ properties │ │ └ RoleArn: (documentation changed) │ ├[~] type HookConfiguration │ │ └ properties │ │ └ LambdaArn: (documentation changed) │ ├[~] type OneDriveUsers │ │ └ properties │ │ └ OneDriveUserList: (documentation changed) │ ├[~] type ProxyConfiguration │ │ └ properties │ │ └ Credentials: (documentation changed) │ └[~] type WebCrawlerBasicAuthentication │ └ properties │ └ Credentials: (documentation changed) ├[~] service aws-kinesisfirehose │ └ resources │ └[~] resource AWS::KinesisFirehose::DeliveryStream │ ├ properties │ │ └ Tags: (documentation changed) │ └ types │ └[~] type ParquetSerDe │ └ - documentation: A serializer to use for converting data to the Parquet format before storing it in Amazon S3. For more information, see [Apache Parquet](https://docs.aws.amazon.com/https://parquet.apache.org/documentation/latest/) . │ + documentation: A serializer to use for converting data to the Parquet format before storing it in Amazon S3. For more information, see [Apache Parquet](https://docs.aws.amazon.com/https://parquet.apache.org/docs/) . ├[~] service aws-managedblockchain │ └ resources │ └[~] resource AWS::ManagedBlockchain::Node │ └ properties │ └ NetworkId: (documentation changed) ├[~] service aws-oam │ └ resources │ └[~] resource AWS::Oam::Link │ └ properties │ └ ResourceTypes: (documentation changed) ├[~] service aws-rds │ └ resources │ ├[~] resource AWS::RDS::DBCluster │ │ ├ properties │ │ │ ├ ScalingConfiguration: (documentation changed) │ │ │ └ ServerlessV2ScalingConfiguration: (documentation changed) │ │ └ types │ │ ├[~] type ScalingConfiguration │ │ │ └ - documentation: The `ScalingConfiguration` property type specifies the scaling configuration of an Aurora Serverless DB cluster. │ │ │ For more information, see [Using Amazon Aurora Serverless](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.html) in the *Amazon Aurora User Guide* . │ │ │ This property is only supported for Aurora Serverless v1. For Aurora Serverless v2, Use the `ServerlessV2ScalingConfiguration` property. │ │ │ Valid for: Aurora DB clusters only │ │ │ + documentation: The `ScalingConfiguration` property type specifies the scaling configuration of an Aurora Serverless v1 DB cluster. │ │ │ For more information, see [Using Amazon Aurora Serverless](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.html) in the *Amazon Aurora User Guide* . │ │ │ This property is only supported for Aurora Serverless v1. For Aurora Serverless v2, Use the `ServerlessV2ScalingConfiguration` property. │ │ │ Valid for: Aurora Serverless v1 DB clusters only │ │ └[~] type ServerlessV2ScalingConfiguration │ │ └ - documentation: The `ServerlessV2ScalingConfiguration` property type specifies the scaling configuration of an Aurora Serverless V2 DB cluster. │ │ For more information, see [Using Amazon Aurora Serverless v2](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.html) in the *Amazon Aurora User Guide* . │ │ If you have an Aurora cluster, you must set the `ScalingConfigurationInfo` attribute before you add a DB instance that uses the `db.serverless` DB instance class. For more information, see [Clusters that use Aurora Serverless v2 must have a capacity range specified](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.requirements.html#aurora-serverless-v2.requirements.capacity-range) in the *Amazon Aurora User Guide* . │ │ This property is only supported for Aurora Serverless v2. For Aurora Serverless v1, Use the `ScalingConfiguration` property. │ │ + documentation: The `ServerlessV2ScalingConfiguration` property type specifies the scaling configuration of an Aurora Serverless V2 DB cluster. │ │ For more information, see [Using Amazon Aurora Serverless v2](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.html) in the *Amazon Aurora User Guide* . │ │ If you have an Aurora cluster, you must set the `ScalingConfigurationInfo` attribute before you add a DB instance that uses the `db.serverless` DB instance class. For more information, see [Clusters that use Aurora Serverless v2 must have a capacity range specified](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.requirements.html#aurora-serverless-v2.requirements.capacity-range) in the *Amazon Aurora User Guide* . │ │ This property is only supported for Aurora Serverless v2. For Aurora Serverless v1, use the `ScalingConfiguration` property. │ │ Valid for: Aurora Serverless v2 DB clusters │ └[~] resource AWS::RDS::Integration │ └ properties │ ├[+] DataFilter: string │ ├[+] Description: string │ └ IntegrationName: - string (immutable) │ + string ├[~] service aws-securityhub │ └ resources │ └[~] resource AWS::SecurityHub::AutomationRule │ └ types │ ├[~] type AutomationRulesFindingFilters │ │ └ properties │ │ ├ CreatedAt: (documentation changed) │ │ ├ FirstObservedAt: (documentation changed) │ │ ├ LastObservedAt: (documentation changed) │ │ ├ NoteUpdatedAt: (documentation changed) │ │ └ UpdatedAt: (documentation changed) │ └[~] type DateFilter │ └ properties │ ├ End: (documentation changed) │ └ Start: (documentation changed) └[+] service aws-securitylake ├ capitalized: SecurityLake │ cloudFormationNamespace: AWS::SecurityLake │ name: aws-securitylake │ shortName: securitylake └ resources └resource AWS::SecurityLake::DataLake ├ name: DataLake │ cloudFormationType: AWS::SecurityLake::DataLake │ documentation: Resource Type definition for AWS::SecurityLake::DataLake │ tagInformation: {"tagPropertyName":"Tags","variant":"standard"} ├ properties │ ├EncryptionConfiguration: EncryptionConfiguration │ ├LifecycleConfiguration: LifecycleConfiguration │ ├ReplicationConfiguration: ReplicationConfiguration │ ├MetaStoreManagerRoleArn: string (immutable) │ └Tags: Array<tag> ├ attributes │ ├Arn: string │ └S3BucketArn: string └ types ├type EncryptionConfiguration │├ documentation: Provides encryption details of Amazon Security Lake object. ││ name: EncryptionConfiguration │└ properties │ └KmsKeyId: string ├type LifecycleConfiguration │├ documentation: Provides lifecycle details of Amazon Security Lake object. ││ name: LifecycleConfiguration │└ properties │ ├Expiration: Expiration │ └Transitions: Array<Transitions> ├type Expiration │├ documentation: Provides data expiration details of Amazon Security Lake object. ││ name: Expiration │└ properties │ └Days: integer ├type Transitions │├ name: Transitions │└ properties │ ├Days: integer │ └StorageClass: string └type ReplicationConfiguration ├ documentation: Provides replication details of Amazon Security Lake object. │ name: ReplicationConfiguration └ properties ├Regions: Array<string> └RoleArn: string ```

### Issue # (if applicable) Closes #29663 ### Reason for this change kms key created within integ test remains after integ test. ### Description of changes Added "pendingWindow" and "removalPolicy" to kms resource. ```ts const key = new Key(this, 'CustomKey', { pendingWindow: Duration.days(7), removalPolicy: RemovalPolicy.DESTROY, }); ``` ### Description of how you validated changes I confirmed with integ test that it works as expected. ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Adds `ruby 3.3` to the available [Lambda Runtimes constants](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_lambda.Runtime.html#initializer) *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

aws-cdk-automation · 2024-04-01T21:46:36Z

AWS CodeBuild CI Report

CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
Commit ID: ef05a4b
Result: SUCCEEDED
Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

mergify · 2024-04-01T21:46:59Z

Thank you for contributing! Your pull request will be automatically updated and merged without squashing (do not update manually, and be sure to allow changes to be pushed to your fork).

aws-cdk-automation · 2024-07-25T21:18:46Z

Comments on closed issues and PRs are hard for our team to see. If you need help, please open a new issue that references this one.

guessi and others added 25 commits March 26, 2024 18:48

Merge branch 'main' into merge-back/2.134.0

f3b1bf4

chore(merge-back): 2.134.0 (#29624)

9a34664

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/merge-back/2.134.0/CHANGELOG.md)

docs(sns): remove an unused variable declaration in Archive Policy (#…

3b64b12

…29591) Closes #29590 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

chore: npm-check-updates && yarn upgrade (#29630)

798ef67

Ran npm-check-updates and yarn upgrade to keep the `yarn.lock` file up-to-date.

feat(sns): add signature version prop (#29543)

dffedca

Closes #29539. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

chore: update Contributors File (#29666)

ac4b32a

Automated changes by [create-pull-request](https://github.com/peter-evans/create-pull-request) GitHub action

chore(release): 2.135.0

ef05a4b

aws-cdk-automation added auto-approve pr/no-squash This PR should be merged instead of squash-merging it labels Apr 1, 2024

github-actions bot added the p2 label Apr 1, 2024

aws-cdk-automation requested a review from a team April 1, 2024 21:20

github-actions bot approved these changes Apr 1, 2024

View reviewed changes

aws-cdk-automation had a problem deploying to test-pipeline April 1, 2024 21:20 — with GitHub Actions Failure

mergify bot merged commit d46c474 into v2-release Apr 1, 2024
28 of 29 checks passed

mergify bot deleted the bump/2.135.0 branch April 1, 2024 21:47

github-actions bot mentioned this pull request Apr 8, 2024

Weekly PR metrics report #29758

Closed

github-actions bot mentioned this pull request May 1, 2024

Monthly PR metrics report #30026

Closed

aws locked as resolved and limited conversation to collaborators Jul 25, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(release): 2.135.0 #29682

chore(release): 2.135.0 #29682

aws-cdk-automation commented Apr 1, 2024 •

edited

Loading

aws-cdk-automation commented Apr 1, 2024

mergify bot commented Apr 1, 2024

aws-cdk-automation commented Jul 25, 2024

chore(release): 2.135.0 #29682

chore(release): 2.135.0 #29682

Conversation

aws-cdk-automation commented Apr 1, 2024 • edited Loading

aws-cdk-automation commented Apr 1, 2024

AWS CodeBuild CI Report

mergify bot commented Apr 1, 2024

aws-cdk-automation commented Jul 25, 2024

aws-cdk-automation commented Apr 1, 2024 •

edited

Loading