chore(release): 2.174.0 #32591

aws-cdk-automation · 2024-12-19T14:09:24Z

### Issue # (if applicable) N/A ### Reason for this change Glue supported ver 5.0. Ref: [Introducing AWS Glue 5.0](https://aws.amazon.com/about-aws/whats-new/2024/12/aws-glue-5-0/) ### Description of changes Add Enum. ### Description of how you validated changes Update an unit test and an integ test. ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…ool domain target (under feature flag) (#31403) ### Reason for this change The [PR](#31402) created a new method to get CloudFront DNS name in Cognito user pool domain. A custom resource is created in the old method, but is not in the new method. However, the `UserPoolDomainTarget` in the `route53-targets` module continues to use the old method. So we should change to use the new method. ### Description of changes The `bind` method in the `UserPoolDomainTarget` implements `IAliasRecordTarget` interface, so a new method instead of the `bind` cannot be created. Therefore, I take it using a feature flag. ### Description of how you validated changes Both unit and integ tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…nstructs (#32490) ### Issue # (if applicable) Not Applicable ### Reason for this change Missing feature for AppConfig Extension Action Point ### Description of changes Added feature and unit tests. Updated Integration tests. ### Description of how you validated changes Unit tests and integ tests ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

This periodically blocks PRs on CodeCov if the locking logic nondeterminstically happens to have taken another path. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…#32476) The `bin/cdk` binary relies on the fact that `bin/cdk.ts` undergoes an in-source compilation, producing `bin/cdk.js` which is then required. This fails in a different setup where we only compile the `lib/` directory and nothing else. So skip one level of indirection: just put the code that loads the actual CLI entry point directly in the bash wrapper. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

) An integration test of `cli-lib-alpha` expects a test compilation `app.ts` -> `app.js` to have happened. In new projen-based repos, this isn't going to work, since we don't compile the test directories at all and run them through `ts-node` instead. Configure the test to use `ts-node` as well. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…32179) ### Reason for this change Fixing bug in hotswap for `AppSync.function` where `ConcurrentModificationException` error continues to appear when attempting hotswap on a large collection of resources. ### Description of changes Switches the retry mechanism for hotswapping AppSync.function from a simple retry where hotswap of AppSync.function is retried 5 times at 1 second intervals if a Concurrent Modification Exception occurs to an exponential back off retry, where the retry interval doubles with each failure. Exponential backoff will try 6 times (which through my testing should cover all reasonable cases) to resolve AppSync.function hotswap. ### Description of how you validated changes No integration or unit tests added. Passes all current unit tests. Tested locally on an Amplify project to ensure that cases that previously experienced `ConcurrentModificationException` errors no longer experienced them. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/merge-back/2.173.0/CHANGELOG.md)

In a slightly different testing setup, the `jest.spyOn` calls fail with the error: ``` Cannot redefine property: spawnSync ``` This has to do with how the object representing the `fs` module is defined. We can override the module and return a plain object with all the functions, so that the elements can be mocked later on. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Bumps [nanoid](https://github.com/ai/nanoid) from 3.3.7 to 3.3.8. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ai/nanoid/blob/main/CHANGELOG.md">nanoid's changelog</a>.</em></p> <blockquote> <h2>3.3.8</h2> <ul> <li>Fixed a way to break Nano ID by passing non-integer size (by <a href="https://github.com/myndzi"><code>@myndzi</code></a>).</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ai/nanoid/commit/3044cd5e73f4cf31795f61f6e6b961c8c0a5c744"><code>3044cd5</code></a> Release 3.3.8 version</li> <li><a href="https://github.com/ai/nanoid/commit/4fe34959c34e5b3573889ed4f24fe91d1d3e7231"><code>4fe3495</code></a> Update size limit</li> <li><a href="https://github.com/ai/nanoid/commit/d643045f40d6dc8afa000a644d857da1436ed08c"><code>d643045</code></a> Fix pool pollution, infinite loop (<a href="https://redirect.github.com/ai/nanoid/issues/510">#510</a>)</li> <li>See full diff in <a href="https://github.com/ai/nanoid/compare/3.3.7...3.3.8">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=nanoid&package-manager=npm_and_yarn&previous-version=3.3.7&new-version=3.3.8)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/aws/aws-cdk/network/alerts). </details>

…#32452) ### Issue # (if applicable) Closes - #31817 - #29231 ### Reason for this change This regression was introduced in PR#24308, which added support for executing the `ALT TABLE` SQL statement when the table name is changed in the CDK construct. The root cause is in the modification of the physical ID of the custom resource Lambda function. Previously, this Lambda function was returning the `tableName` after table is created. However, the physical ID was updated to a combined ID in the format `clusterId:databaseName:tableNamePrefix:stackIdSuffix`. This change breaks the logic that depends on the return value being used as the `tableName`. For example, in the reported issue, the integration test relies on this value to grant permissions to specific users. The new combined ID format causes SQL statement errors, as described in the issue. ### Description of changes The fix involves adding logic to detect whether the resource's physical ID is in the new format. If it is, the logic reconstructs the `tableName` from the combined ID. This ensures that Lambda functions referencing the `tableName` receive the correct value. ### Description of how you validated changes - rerun unit test cases - deployed integration test cases ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Issue # (if applicable) Could not find any in the backlog ### Reason for this change Update the CDK listed Bedrock foundation models to match the current availability, as well as add missing deprecated versions ### Description of changes * Added new models * Marked existing models as deprecated ### Description of how you validated changes I compared the current CDK models to live SDK data, using the `bedrock:ListFoundationModels` API results. Deprecated versions were established using the `modelLifecycle.status` field ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Issue `cdk deploy -R` should be the same as `cdk deploy --no-rollback` or `cdk deploy --rollback=false`, but has no effect ### Reason for this change PR #31850 introduced this bug by accidentally flipping the order of arguments passed to the `yargsNegativeAlias` helper. This caused the helper to have no effect. ### Description of changes - Changed the codegen to fully generate negative aliases for the user - Fixed the generate code to use the correct argument order again for `yargsNegativeAlias` - Renamed the parameters to make it easier to understand. - Made `nargs: 1` and `requiresArg: true` implied for all array options. Some options did miss one or both of these. This was an oversight. ### Description of how you validated changes Added an explicit test case for `-R`. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Issue # (if applicable) Closes #<issue number here>. ### Reason for this change Updated according to [this document](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtimes-deprecated). ### Description of changes ### Description of how you validated changes ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

… the profile (#32520) We were reading the region from the config file and passing it to the credential providers. However, in the case of SSO, this makes the credential provider use that region to do the SSO flow, which is incorrect. The region that should be used for that is the one set in the `sso_session` section of the config file. The long term solution is for all the logic for handling regions in the SDK itself, without forcing consumers to know all the intricacies of all the use cases. As a mitigation for now, we are using the non-public `parentClientConfig` while we wait for an SDK update. Fixes #32510. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…32537) This will make it easier to run the build on node 16. Adjacent changes: pkglint had a bug that made it fail for packages with a `.` in their name. Instead now allow to pass the json path directly as an array. Move inline function extraction completely into config and not part of yargs-gen. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec` **L1 CloudFormation resource definition changes:** ``` ├[~] service aws-apigateway │ └ resources │ └[~] resource AWS::ApiGateway::DomainNameV2 │ └ properties │ └[-] ManagementPolicy: json | string ├[~] service aws-applicationautoscaling │ └ resources │ └[~] resource AWS::ApplicationAutoScaling::ScalingPolicy │ └ types │ ├[~] type PredictiveScalingCustomizedLoadMetric │ │ └ properties │ │ └ MetricDataQueries: (documentation changed) │ ├[~] type PredictiveScalingCustomizedScalingMetric │ │ └ - documentation: undefined │ │ + documentation: One or more metric data queries to provide data points for a metric specification. │ └[~] type PredictiveScalingPolicyConfiguration │ └ - documentation: Represents a predictive scaling policy configuration. │ + documentation: Represents a predictive scaling policy configuration. Predictive scaling is supported on Amazon ECS services. ├[~] service aws-batch │ └ resources │ └[~] resource AWS::Batch::JobDefinition │ ├ properties │ │ ├ Parameters: - json │ │ │ + Map<string, string> ⇐ json │ │ ├ Tags: - json (immutable) │ │ │ + Map<string, string> ⇐ json (immutable) │ │ └ Timeout: - Timeout │ │ + JobTimeout ⇐ Timeout │ └ types │ ├[~] type ContainerProperties │ │ └ properties │ │ ├ MountPoints: - Array<MountPoints> │ │ │ + Array<MountPoint> ⇐ Array<MountPoints> │ │ └ Volumes: - Array<Volumes> │ │ + Array<Volume> ⇐ Array<Volumes> │ ├[~] type EcsTaskProperties │ │ └ properties │ │ └ Volumes: - Array<Volumes> │ │ + Array<Volume> ⇐ Array<Volumes> │ ├[+] type EFSAuthorizationConfig │ │ ├ name: EFSAuthorizationConfig │ │ └ properties │ │ ├Iam: string │ │ └AccessPointId: string │ ├[+] type EFSVolumeConfiguration │ │ ├ name: EFSVolumeConfiguration │ │ └ properties │ │ ├TransitEncryption: string │ │ ├AuthorizationConfig: EFSAuthorizationConfig │ │ ├FileSystemId: string (required) │ │ ├RootDirectory: string │ │ └TransitEncryptionPort: integer │ ├[+] type EksMetadata │ │ ├ name: EksMetadata │ │ └ properties │ │ └Labels: Map<string, string> │ ├[+] type EksPodProperties │ │ ├ name: EksPodProperties │ │ └ properties │ │ ├InitContainers: Array<EksContainer> │ │ ├Volumes: Array<EksVolume> │ │ ├DnsPolicy: string │ │ ├Containers: Array<EksContainer> │ │ ├Metadata: EksMetadata │ │ ├ServiceAccountName: string │ │ ├ImagePullSecrets: Array<ImagePullSecret> │ │ ├HostNetwork: boolean │ │ └ShareProcessNamespace: boolean │ ├[~] type EksProperties │ │ └ properties │ │ └ PodProperties: - PodProperties │ │ + EksPodProperties ⇐ PodProperties │ ├[+] type Host │ │ ├ name: Host │ │ └ properties │ │ └SourcePath: string │ ├[~] type ImagePullSecret │ │ └ properties │ │ └ Name: - string (required) │ │ + string │ ├[+] type JobTimeout │ │ ├ name: JobTimeout │ │ └ properties │ │ └AttemptDurationSeconds: integer │ ├[~] type LogConfiguration │ │ └ properties │ │ └ Options: - json │ │ + Map<string, string> ⇐ json │ ├[+] type MountPoint │ │ ├ name: MountPoint │ │ └ properties │ │ ├ReadOnly: boolean │ │ ├SourceVolume: string │ │ └ContainerPath: string │ ├[+] type MultiNodeContainerProperties │ │ ├ name: MultiNodeContainerProperties │ │ └ properties │ │ ├RepositoryCredentials: RepositoryCredentials │ │ ├User: string │ │ ├Secrets: Array<Secret> │ │ ├Memory: integer │ │ ├Privileged: boolean │ │ ├LinuxParameters: LinuxParameters │ │ ├JobRoleArn: string │ │ ├ReadonlyRootFilesystem: boolean │ │ ├Vcpus: integer │ │ ├Image: string (required) │ │ ├ResourceRequirements: Array<ResourceRequirement> │ │ ├LogConfiguration: LogConfiguration │ │ ├MountPoints: Array<MountPoint> │ │ ├ExecutionRoleArn: string │ │ ├RuntimePlatform: RuntimePlatform │ │ ├Volumes: Array<Volume> │ │ ├Command: Array<string> │ │ ├Environment: Array<Environment> │ │ ├Ulimits: Array<Ulimit> │ │ ├InstanceType: string │ │ └EphemeralStorage: EphemeralStorage │ ├[+] type MultiNodeEcsProperties │ │ ├ name: MultiNodeEcsProperties │ │ └ properties │ │ └TaskProperties: Array<MultiNodeEcsTaskProperties> (required) │ ├[+] type MultiNodeEcsTaskProperties │ │ ├ name: MultiNodeEcsTaskProperties │ │ └ properties │ │ ├ExecutionRoleArn: string │ │ ├TaskRoleArn: string │ │ ├IpcMode: string │ │ ├Volumes: Array<Volume> │ │ ├Containers: Array<TaskContainerProperties> │ │ └PidMode: string │ ├[~] type NodeRangeProperty │ │ └ properties │ │ ├ Container: - ContainerProperties │ │ │ + MultiNodeContainerProperties ⇐ ContainerProperties │ │ └ EcsProperties: - EcsProperties │ │ + MultiNodeEcsProperties ⇐ EcsProperties │ ├[~] type Resources │ │ └ properties │ │ ├ Limits: - json │ │ │ + Map<string, string> ⇐ json │ │ └ Requests: - json │ │ + Map<string, string> ⇐ json │ ├[~] type TaskContainerProperties │ │ └ properties │ │ └ MountPoints: - Array<MountPoints> │ │ + Array<MountPoint> ⇐ Array<MountPoints> │ └[+] type Volume │ ├ name: Volume │ └ properties │ ├Host: Host │ ├EfsVolumeConfiguration: EFSVolumeConfiguration │ └Name: string ├[~] service aws-bedrock │ └ resources │ ├[~] resource AWS::Bedrock::DataSource │ │ └ types │ │ ├[~] type BedrockFoundationModelConfiguration │ │ │ └ properties │ │ │ └ ModelArn: (documentation changed) │ │ ├[~] type ParsingConfiguration │ │ │ ├ - documentation: Settings for parsing document contents. By default, the service converts the contents of each document into text before splitting it into chunks. To improve processing of PDF files with tables and images, you can configure the data source to convert the pages of text into images and use a model to describe the contents of each page. │ │ │ │ To use a model to parse PDF documents, set the parsing strategy to `BEDROCK_FOUNDATION_MODEL` and specify the model or [inference profile](https://docs.aws.amazon.com/bedrock/latest/userguide/cross-region-inference.html) to use by ARN. You can also override the default parsing prompt with instructions for how to interpret images and tables in your documents. The following models are supported. │ │ │ │ - Anthropic Claude 3 Sonnet - `anthropic.claude-3-sonnet-20240229-v1:0` │ │ │ │ - Anthropic Claude 3 Haiku - `anthropic.claude-3-haiku-20240307-v1:0` │ │ │ │ You can get the ARN of a model with the [ListFoundationModels](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_ListFoundationModels.html) action. Standard model usage charges apply for the foundation model parsing strategy. │ │ │ │ + documentation: Settings for parsing document contents. If you exclude this field, the default parser converts the contents of each document into text before splitting it into chunks. Specify the parsing strategy to use in the `parsingStrategy` field and include the relevant configuration, or omit it to use the Amazon Bedrock default parser. For more information, see [Parsing options for your data source](https://docs.aws.amazon.com/bedrock/latest/userguide/kb-advanced-parsing.html) . │ │ │ │ > If you specify `BEDROCK_DATA_AUTOMATION` or `BEDROCK_FOUNDATION_MODEL` and it fails to parse a file, the Amazon Bedrock default parser will be used instead. │ │ │ └ properties │ │ │ └ BedrockFoundationModelConfiguration: (documentation changed) │ │ ├[~] type S3Location │ │ │ ├ - documentation: An Amazon S3 location. │ │ │ │ + documentation: A storage location in an S3 bucket. │ │ │ └ properties │ │ │ └ URI: (documentation changed) │ │ └[~] type VectorIngestionConfiguration │ │ └ properties │ │ └ ParsingConfiguration: (documentation changed) │ └[~] resource AWS::Bedrock::Guardrail │ └ types │ └[~] type PiiEntityConfig │ └ properties │ └ Type: (documentation changed) ├[~] service aws-cleanrooms │ └ resources │ └[~] resource AWS::CleanRooms::ConfiguredTable │ └ types │ ├[+] type AthenaTableReference │ │ ├ documentation: A reference to a table within Athena. │ │ │ name: AthenaTableReference │ │ └ properties │ │ ├WorkGroup: string (required) │ │ ├OutputLocation: string │ │ ├DatabaseName: string (required) │ │ └TableName: string (required) │ ├[+] type SnowflakeTableReference │ │ ├ documentation: A reference to a table within Snowflake. │ │ │ name: SnowflakeTableReference │ │ └ properties │ │ ├SecretArn: string (required) │ │ ├AccountIdentifier: string (required) │ │ ├DatabaseName: string (required) │ │ ├TableName: string (required) │ │ ├SchemaName: string (required) │ │ └TableSchema: SnowflakeTableSchema (required) │ ├[+] type SnowflakeTableSchema │ │ ├ documentation: The schema of a Snowflake table. │ │ │ name: SnowflakeTableSchema │ │ └ properties │ │ └V1: Array<SnowflakeTableSchemaV1> (required) │ ├[+] type SnowflakeTableSchemaV1 │ │ ├ documentation: The Snowflake table schema. │ │ │ name: SnowflakeTableSchemaV1 │ │ └ properties │ │ ├ColumnName: string (required) │ │ └ColumnType: string (required) │ └[~] type TableReference │ └ properties │ ├[+] Athena: AthenaTableReference │ ├ Glue: - GlueTableReference (required, immutable) │ │ + GlueTableReference (immutable) │ └[+] Snowflake: SnowflakeTableReference ├[~] service aws-cloudformation │ └ resources │ ├[~] resource AWS::CloudFormation::CustomResource │ │ └ - documentation: In a CloudFormation template, you use the `AWS::CloudFormation::CustomResource` or `Custom:: *String*` resource type to specify custom resources. │ │ Custom resources provide a way for you to write custom provisioning logic in CloudFormation template and have CloudFormation run it during a stack operation, such as when you create, update or delete a stack. For more information, see [Custom resources](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-custom-resources.html) . │ │ > If you use the [VPC endpoints](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints.html) feature, custom resources in the VPC must have access to CloudFormation -specific Amazon Simple Storage Service ( Amazon S3 ) buckets. Custom resources must send responses to a presigned Amazon S3 URL. If they can't send responses to Amazon S3 , CloudFormation won't receive a response and the stack operation fails. For more information, see [Setting up VPC endpoints for AWS CloudFormation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-vpce-bucketnames.html) . │ │ + documentation: The `AWS::CloudFormation::CustomResource` resource creates a custom resource. Custom resources provide a way for you to write custom provisioning logic into your CloudFormation templates and have CloudFormation run it anytime you create, update (if you changed the custom resource), or delete a stack. │ │ For more information, see [Create custom provisioning logic with custom resources](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-custom-resources.html) in the *AWS CloudFormation User Guide* . │ │ > If you use AWS PrivateLink , custom resources in the VPC must have access to CloudFormation -specific Amazon S3 buckets. Custom resources must send responses to a presigned Amazon S3 URL. If they can't send responses to Amazon S3 , CloudFormation won't receive a response and the stack operation fails. For more information, see [Access CloudFormation using an interface endpoint ( AWS PrivateLink )](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/vpc-interface-endpoints.html) in the *AWS CloudFormation User Guide* . │ ├[~] resource AWS::CloudFormation::GuardHook │ │ ├ - documentation: The `AWS::CloudFormation::GuardHook` resource creates a Guard Hook with the specified attributes within your CloudFormation template. Using the Guard domain specific language (DSL), you can author Hooks to evaluate your resources before allowing stack creation, modification, or deletion. For more information, see [Guard Hooks](https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/guard-hooks.html) in the *AWS CloudFormation Hooks User Guide* . │ │ │ + documentation: The `AWS::CloudFormation::GuardHook` resource creates a Guard Hook. Using the Guard domain specific language (DSL), you can author Guard Hooks to evaluate your resources before allowing stack operations. │ │ │ For more information, see [Guard Hooks](https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/guard-hooks.html) in the *AWS CloudFormation Hooks User Guide* . │ │ └ types │ │ └[~] type TargetFilters │ │ └ - documentation: The `TargetFilters` property type specifies the target filters for the Hook. │ │ For more information, see [AWS CloudFormation Hook target filters](https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/specify-hook-configuration-targetfilters.html) . │ │ + documentation: The `TargetFilters` property type specifies the target filters for the Hook. │ │ For more information, see [AWS CloudFormation Hook target filters](https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/hooks-target-filtering.html) . │ ├[~] resource AWS::CloudFormation::HookDefaultVersion │ │ ├ - documentation: The `HookDefaultVersion` resource specifies the default version of the Hook. The default version of the Hook is used in CloudFormation operations for this AWS account and AWS Region . │ │ │ + documentation: The `AWS::CloudFormation::HookDefaultVersion` resource specifies the default version of a Hook. The default version of the Hook is used in CloudFormation operations for this AWS account and AWS Region . │ │ │ For information about the CloudFormation registry, see [Managing extensions with the CloudFormation registry](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry.html) in the *AWS CloudFormation User Guide* . │ │ │ This resource type is not compatible with Guard and Lambda Hooks. │ │ └ attributes │ │ └ Arn: (documentation changed) │ ├[~] resource AWS::CloudFormation::HookTypeConfig │ │ ├ - documentation: The `HookTypeConfig` resource specifies the configuration of a Hook. │ │ │ + documentation: The `AWS::CloudFormation::HookTypeConfig` resource specifies the configuration of an activated Hook. │ │ │ For information about the CloudFormation registry, see [Managing extensions with the CloudFormation registry](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry.html) in the *AWS CloudFormation User Guide* . │ │ └ properties │ │ └ ConfigurationAlias: (documentation changed) │ ├[~] resource AWS::CloudFormation::HookVersion │ │ ├ - documentation: The `HookVersion` resource publishes new or first Hook version to the AWS CloudFormation registry. │ │ │ + documentation: The `AWS::CloudFormation::HookVersion` resource publishes new or first version of a Hook to the CloudFormation registry. │ │ │ For information about the CloudFormation registry, see [Managing extensions with the CloudFormation registry](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry.html) in the *AWS CloudFormation User Guide* . │ │ │ This resource type is not compatible with Guard and Lambda Hooks. │ │ ├ properties │ │ │ └ SchemaHandlerPackage: (documentation changed) │ │ └ attributes │ │ └ Visibility: (documentation changed) │ ├[~] resource AWS::CloudFormation::LambdaHook │ │ ├ - documentation: The `AWS::CloudFormation::LambdaHook` resource creates a Lambda Hook with the specified attributes within your CloudFormation template. You can use a Lambda Hook to evaluate your resources before allowing stack creation, modification, or deletion. This resource forwards requests for resource evaluation to a Lambda function. For more information, see [Lambda Hooks](https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/lambda-hooks.html) in the *AWS CloudFormation Hooks User Guide* . │ │ │ + documentation: The `AWS::CloudFormation::LambdaHook` resource creates a Lambda Hook. You can use a Lambda Hook to evaluate your resources before allowing stack operations. This resource forwards requests for resource evaluation to a Lambda function. │ │ │ For more information, see [Lambda Hooks](https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/lambda-hooks.html) in the *AWS CloudFormation Hooks User Guide* . │ │ └ types │ │ └[~] type TargetFilters │ │ └ - documentation: The `TargetFilters` property type specifies the target filters for the Hook. │ │ For more information, see [AWS CloudFormation Hook target filters](https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/specify-hook-configuration-targetfilters.html) . │ │ + documentation: The `TargetFilters` property type specifies the target filters for the Hook. │ │ For more information, see [AWS CloudFormation Hook target filters](https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/hooks-target-filtering.html) . │ ├[~] resource AWS::CloudFormation::Macro │ │ ├ - documentation: The `AWS::CloudFormation::Macro` resource is a CloudFormation resource type that creates a CloudFormation macro to perform custom processing on CloudFormation templates. For more information, see [Using AWS CloudFormation macros to perform custom processing on templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-macros.html) . │ │ │ + documentation: The `AWS::CloudFormation::Macro` resource is a CloudFormation resource type that creates a CloudFormation macro to perform custom processing on CloudFormation templates. │ │ │ For more information, see [Perform custom processing on CloudFormation templates with template macros](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-macros.html) in the *AWS CloudFormation User Guide* . │ │ └ properties │ │ ├ FunctionName: (documentation changed) │ │ ├ LogGroupName: (documentation changed) │ │ └ LogRoleARN: (documentation changed) │ ├[~] resource AWS::CloudFormation::ModuleDefaultVersion │ │ └ - documentation: Specifies the default version of a module. The default version of the module will be used in CloudFormation operations for this account and Region. │ │ To register a module version, use the `[`AWS::CloudFormation::ModuleVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-moduleversion.html)` resource. │ │ For more information using modules, see [Using modules to encapsulate and reuse resource configurations](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/modules.html) and [Registering extensions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry.html#registry-register) in the *AWS CloudFormation User Guide* . For information on developing modules, see [Developing modules](https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/modules.html) in the *AWS CloudFormation CLI User Guide* . │ │ + documentation: Specifies the default version of a module. The default version of the module will be used in CloudFormation operations for this account and Region. │ │ For more information, see [Create reusable resource configurations that can be included across templates with CloudFormation modules](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/modules.html) in the *AWS CloudFormation User Guide* . │ │ For information about the CloudFormation registry, see [Managing extensions with the CloudFormation registry](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry.html) in the *AWS CloudFormation User Guide* . │ ├[~] resource AWS::CloudFormation::ModuleVersion │ │ ├ - documentation: Registers the specified version of the module with the CloudFormation service. Registering a module makes it available for use in CloudFormation templates in your AWS account and Region. │ │ │ To specify a module version as the default version, use the `[`AWS::CloudFormation::ModuleDefaultVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-moduledefaultversion.html)` resource. │ │ │ For more information using modules, see [Using modules to encapsulate and reuse resource configurations](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/modules.html) and [Registering extensions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry.html#registry-register) in the *CloudFormation User Guide* . For information on developing modules, see [Developing modules](https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/modules.html) in the *CloudFormation CLI User Guide* . │ │ │ + documentation: The `AWS::CloudFormation::ModuleVersion` resource registers the specified version of the module with the CloudFormation registry. Registering a module makes it available for use in CloudFormation templates in your AWS account and Region. │ │ │ For more information, see [Create reusable resource configurations that can be included across templates with CloudFormation modules](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/modules.html) in the *CloudFormation User Guide* . │ │ │ For information about the CloudFormation registry, see [Managing extensions with the CloudFormation registry](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry.html) in the *AWS CloudFormation User Guide* . │ │ ├ properties │ │ │ └ ModulePackage: (documentation changed) │ │ └ attributes │ │ ├ Arn: (documentation changed) │ │ ├ Description: (documentation changed) │ │ ├ IsDefaultVersion: (documentation changed) │ │ ├ Schema: (documentation changed) │ │ ├ TimeCreated: (documentation changed) │ │ └ Visibility: (documentation changed) │ ├[~] resource AWS::CloudFormation::PublicTypeVersion │ │ ├ - documentation: Tests and publishes a registered extension as a public, third-party extension. │ │ │ CloudFormation first tests the extension to make sure it meets all necessary requirements for being published in the CloudFormation registry. If it does, CloudFormation then publishes it to the registry as a public third-party extension in this Region. Public extensions are available for use by all CloudFormation users. │ │ │ - For resource types, testing includes passing all contracts tests defined for the type. │ │ │ - For modules, testing includes determining if the module's model meets all necessary requirements. │ │ │ For more information, see [Testing your public extension prior to publishing](https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html#publish-extension-testing) in the *CloudFormation CLI User Guide* . │ │ │ If you don't specify a version, CloudFormation uses the default version of the extension in your account and Region for testing. │ │ │ To perform testing, CloudFormation assumes the execution role specified when the type was registered. │ │ │ An extension must have a test status of `PASSED` before it can be published. For more information, see [Publishing extensions to make them available for public use](https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-type-publish.html) in the *CloudFormation CLI User Guide* . │ │ │ + documentation: The `AWS::CloudFormation::PublicTypeVersion` resource tests and publishes a registered extension as a public, third-party extension. │ │ │ CloudFormation first tests the extension to make sure it meets all necessary requirements for being published in the CloudFormation registry. If it does, CloudFormation then publishes it to the registry as a public third-party extension in this Region. Public extensions are available for use by all CloudFormation users. │ │ │ - For resource types, testing includes passing all contracts tests defined for the type. │ │ │ - For modules, testing includes determining if the module's model meets all necessary requirements. │ │ │ For more information, see [Testing your public extension prior to publishing](https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html#publish-extension-testing) in the *AWS CloudFormation Command Line Interface (CLI) User Guide* . │ │ │ If you don't specify a version, CloudFormation uses the default version of the extension in your account and Region for testing. │ │ │ To perform testing, CloudFormation assumes the execution role specified when the type was registered. │ │ │ An extension must have a test status of `PASSED` before it can be published. For more information, see [Publishing extensions to make them available for public use](https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html) in the *AWS CloudFormation Command Line Interface (CLI) User Guide* . │ │ └ properties │ │ └ LogDeliveryBucket: (documentation changed) │ ├[~] resource AWS::CloudFormation::Publisher │ │ └ - documentation: Registers your account as a publisher of public extensions in the CloudFormation registry. Public extensions are available for use by all CloudFormation users. │ │ For information on requirements for registering as a public extension publisher, see [Registering your account to publish CloudFormation extensions](https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html#publish-extension-prereqs) in the *CloudFormation CLI User Guide* . │ │ + documentation: The `AWS::CloudFormation::Publisher` resource registers your account as a publisher of public extensions in the CloudFormation registry. Public extensions are available for use by all CloudFormation users. │ │ For information on requirements for registering as a public extension publisher, see [Publishing extensions to make them available for public use](https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.htm) in the *AWS CloudFormation Command Line Interface (CLI) User Guide* . │ ├[~] resource AWS::CloudFormation::ResourceDefaultVersion │ │ └ - documentation: Specifies the default version of a resource. The default version of a resource will be used in CloudFormation operations. │ │ + documentation: The `AWS::CloudFormation::ResourceDefaultVersion` resource specifies the default version of a resource. The default version of a resource will be used in CloudFormation operations. │ │ For information about the CloudFormation registry, see [Managing extensions with the CloudFormation registry](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry.html) in the *AWS CloudFormation User Guide* . │ ├[~] resource AWS::CloudFormation::ResourceVersion │ │ ├ - documentation: Registers a resource version with the CloudFormation service. Registering a resource version makes it available for use in CloudFormation templates in your AWS account , and includes: │ │ │ - Validating the resource schema. │ │ │ - Determining which handlers, if any, have been specified for the resource. │ │ │ - Making the resource available for use in your account. │ │ │ For more information on how to develop resources and ready them for registration, see [Creating Resource Providers](https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-types.html) in the *CloudFormation CLI User Guide* . │ │ │ You can have a maximum of 50 resource versions registered at a time. This maximum is per account and per Region. │ │ │ + documentation: The `AWS::CloudFormation::ResourceVersion` resource registers a resource version with the CloudFormation registry. Registering a resource version makes it available for use in CloudFormation templates in your AWS account , and includes: │ │ │ - Validating the resource schema. │ │ │ - Determining which handlers, if any, have been specified for the resource. │ │ │ - Making the resource available for use in your account. │ │ │ For information about the CloudFormation registry, see [Managing extensions with the CloudFormation registry](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry.html) in the *AWS CloudFormation User Guide* . │ │ │ You can have a maximum of 50 resource versions registered at a time. This maximum is per account and per Region. │ │ ├ properties │ │ │ ├ ExecutionRoleArn: (documentation changed) │ │ │ └ SchemaHandlerPackage: (documentation changed) │ │ └ attributes │ │ ├ Arn: (documentation changed) │ │ ├ IsDefaultVersion: (documentation changed) │ │ ├ TypeArn: (documentation changed) │ │ ├ VersionId: (documentation changed) │ │ └ Visibility: (documentation changed) │ ├[~] resource AWS::CloudFormation::Stack │ │ ├ - documentation: The `AWS::CloudFormation::Stack` resource nests a stack as a resource in a top-level template. │ │ │ You can add output values from a nested stack within the containing template. You use the [GetAtt](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-getatt.html) function with the nested stack's logical name and the name of the output value in the nested stack in the format `Outputs. *NestedStackOutputName*` . │ │ │ > We strongly recommend that updates to nested stacks are run from the parent stack. │ │ │ When you apply template changes to update a top-level stack, CloudFormation updates the top-level stack and initiates an update to its nested stacks. CloudFormation updates the resources of modified nested stacks, but doesn't update the resources of unmodified nested stacks. For more information, see [CloudFormation stack updates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks.html) . │ │ │ > You must acknowledge IAM capabilities for nested stacks that contain IAM resources. Also, verify that you have cancel update stack permissions, which is required if an update rolls back. For more information about IAM and CloudFormation , see [Controlling access with AWS Identity and Access Management](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html) . > A subset of `AWS::CloudFormation::Stack` resource type properties listed below are available to customers using AWS CloudFormation , AWS CDK , and AWS Cloud Control API to configure. │ │ │ > │ │ │ > - `NotificationARNs` │ │ │ > - `Parameters` │ │ │ > - `Tags` │ │ │ > - `TemplateURL` │ │ │ > - `TimeoutInMinutes` │ │ │ > │ │ │ > These properties can be configured only when using AWS Cloud Control API . This is because the below properties are set by the parent stack, and thus cannot be configured using AWS CloudFormation or AWS CDK but only AWS Cloud Control API . │ │ │ > │ │ │ > - `Capabilities` │ │ │ > - `Description` │ │ │ > - `DisableRollback` │ │ │ > - `EnableTerminationProtection` │ │ │ > - `RoleARN` │ │ │ > - `StackName` │ │ │ > - `StackPolicyBody` │ │ │ > - `StackPolicyURL` │ │ │ > - `StackStatusReason` │ │ │ > - `TemplateBody` │ │ │ > │ │ │ > Customers that configure `AWS::CloudFormation::Stack` using AWS CloudFormation and AWS CDK can do so for nesting a CloudFormation stack as a resource in their top-level template. │ │ │ > │ │ │ > These read-only properties can be accessed only when using AWS Cloud Control API . │ │ │ > │ │ │ > - `ChangeSetId` │ │ │ > - `CreationTime` │ │ │ > - `LastUpdateTime` │ │ │ > - `Outputs` │ │ │ > - `ParentId` │ │ │ > - `RootId` │ │ │ > - `StackId` │ │ │ > - `StackStatus` │ │ │ + documentation: The `AWS::CloudFormation::Stack` resource nests a stack as a resource in a top-level template. │ │ │ For more information, see [Embed stacks within other stacks using nested stacks](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-nested-stacks.html) in the *AWS CloudFormation User Guide* . │ │ │ You can add output values from a nested stack within the containing template. You use the [GetAtt](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-getatt.html) function with the nested stack's logical name and the name of the output value in the nested stack in the format `Outputs. *NestedStackOutputName*` . │ │ │ We strongly recommend that updates to nested stacks are run from the parent stack. │ │ │ When you apply template changes to update a top-level stack, CloudFormation updates the top-level stack and initiates an update to its nested stacks. CloudFormation updates the resources of modified nested stacks, but doesn't update the resources of unmodified nested stacks. │ │ │ You must acknowledge IAM capabilities for nested stacks that contain IAM resources. Also, verify that you have cancel update stack permissions, which is required if an update rolls back. For more information about IAM and CloudFormation , see [Controlling access with AWS Identity and Access Management](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/control-access-with-iam.html) in the *AWS CloudFormation User Guide* . │ │ │ > A subset of `AWS::CloudFormation::Stack` resource type properties listed below are available to customers using CloudFormation , AWS CDK , and AWS Cloud Control API to configure. │ │ │ > │ │ │ > - `NotificationARNs` │ │ │ > - `Parameters` │ │ │ > - `Tags` │ │ │ > - `TemplateURL` │ │ │ > - `TimeoutInMinutes` │ │ │ > │ │ │ > These properties can be configured only when using AWS Cloud Control API . This is because the below properties are set by the parent stack, and thus cannot be configured using CloudFormation or AWS CDK but only AWS Cloud Control API . │ │ │ > │ │ │ > - `Capabilities` │ │ │ > - `Description` │ │ │ > - `DisableRollback` │ │ │ > - `EnableTerminationProtection` │ │ │ > - `RoleARN` │ │ │ > - `StackName` │ │ │ > - `StackPolicyBody` │ │ │ > - `StackPolicyURL` │ │ │ > - `StackStatusReason` │ │ │ > - `TemplateBody` │ │ │ > │ │ │ > Customers that configure `AWS::CloudFormation::Stack` using CloudFormation and AWS CDK can do so for nesting a CloudFormation stack as a resource in their top-level template. │ │ │ > │ │ │ > These read-only properties can be accessed only when using AWS Cloud Control API . │ │ │ > │ │ │ > - `ChangeSetId` │ │ │ > - `CreationTime` │ │ │ > - `LastUpdateTime` │ │ │ > - `Outputs` │ │ │ > - `ParentId` │ │ │ > - `RootId` │ │ │ > - `StackId` │ │ │ > - `StackStatus` │ │ ├ properties │ │ │ └ TemplateURL: (documentation changed) │ │ └ attributes │ │ ├ ParentId: (documentation changed) │ │ └ RootId: (documentation changed) │ ├[~] resource AWS::CloudFormation::StackSet │ │ ├ - documentation: The `AWS::CloudFormation::StackSet` enables you to provision stacks into AWS accounts and across Regions by using a single CloudFormation template. In the stack set, you specify the template to use, in addition to any parameters and capabilities that the template requires. │ │ │ > Run deployments to nested StackSets from the parent stack, not directly through the StackSet API. │ │ │ + documentation: The `AWS::CloudFormation::StackSet` resource enables you to provision stacks into AWS accounts and across Regions by using a single CloudFormation template. In the stack set, you specify the template to use, in addition to any parameters and capabilities that the template requires. │ │ │ > Run deployments to nested StackSets from the parent stack, not directly through the StackSet API. │ │ ├ properties │ │ │ ├ AdministrationRoleARN: (documentation changed) │ │ │ ├ Capabilities: (documentation changed) │ │ │ ├ ExecutionRoleName: (documentation changed) │ │ │ ├ OperationPreferences: (documentation changed) │ │ │ ├ PermissionModel: (documentation changed) │ │ │ └ TemplateURL: (documentation changed) │ │ └ types │ │ ├[~] type OperationPreferences │ │ │ ├ - documentation: The user-specified preferences for how AWS CloudFormation performs a stack set operation. For more information on maximum concurrent accounts and failure tolerance, see [Stack set operation options](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-concepts.html#stackset-ops-options) . │ │ │ │ + documentation: The user-specified preferences for how CloudFormation performs a stack set operation. For more information on maximum concurrent accounts and failure tolerance, see [Stack set operation options](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-concepts.html#stackset-ops-options) in the *AWS CloudFormation User Guide* . │ │ │ └ properties │ │ │ ├ FailureToleranceCount: (documentation changed) │ │ │ ├ FailureTolerancePercentage: (documentation changed) │ │ │ └ MaxConcurrentPercentage: (documentation changed) │ │ └[~] type Parameter │ │ └ properties │ │ └ ParameterKey: (documentation changed) │ ├[~] resource AWS::CloudFormation::TypeActivation │ │ ├ - documentation: Activates a public third-party extension, making it available for use in stack templates. Once you have activated a public third-party extension in your account and Region, use [SetTypeConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_SetTypeConfiguration.html) to specify configuration properties for the extension. For more information, see [Using public extensions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-public.html) in the *AWS CloudFormation User Guide* . │ │ │ + documentation: The `AWS::CloudFormation::TypeActivation` resource activates a public third-party extension, making it available for use in stack templates. │ │ │ For information about the CloudFormation registry, see [Managing extensions with the CloudFormation registry](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry.html) in the *AWS CloudFormation User Guide* . │ │ └ properties │ │ ├ ExecutionRoleArn: - string (immutable) │ │ │ + string │ │ ├ PublicTypeArn: - string (immutable) │ │ │ + string │ │ ├ PublisherId: - string (immutable) │ │ │ + string │ │ ├ Type: - string (immutable) │ │ │ + string │ │ ├ TypeName: - string (immutable) │ │ │ + string │ │ └ TypeNameAlias: - string (immutable) │ │ + string │ ├[~] resource AWS::CloudFormation::WaitCondition │ │ ├ - documentation: > For Amazon EC2 and Auto Scaling resources, we recommend that you use a `CreationPolicy` attribute instead of wait conditions. Add a CreationPolicy attribute to those resources, and use the cfn-signal helper script to signal when an instance creation process has completed successfully. │ │ │ You can use a wait condition for situations like the following: │ │ │ - To coordinate stack resource creation with configuration actions that are external to the stack creation. │ │ │ - To track the status of a configuration process. │ │ │ For these situations, we recommend that you associate a [CreationPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-creationpolicy.html) attribute with the wait condition so that you don't have to use a wait condition handle. For more information and an example, see [Creating wait conditions in a template](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-waitcondition.html) . If you use a CreationPolicy with a wait condition, don't specify any of the wait condition's properties. │ │ │ > If you use the [VPC endpoints](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints.html) feature, resources in the VPC that respond to wait conditions must have access to CloudFormation , specific Amazon Simple Storage Service ( Amazon S3 ) buckets. Resources must send wait condition responses to a presigned Amazon S3 URL. If they can't send responses to Amazon S3 , CloudFormation won't receive a response and the stack operation fails. For more information, see [Setting up VPC endpoints for AWS CloudFormation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-vpce-bucketnames.html) . │ │ │ + documentation: The `AWS::CloudFormation::WaitCondition` resource provides a way to coordinate stack resource creation with configuration actions that are external to the stack creation or to track the status of a configuration process. In these situations, we recommend that you associate a `CreationPolicy` attribute with the wait condition instead of using a wait condition handle. For more information and an example, see [CreationPolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-creationpolicy.html) in the *AWS CloudFormation User Guide* . If you use a `CreationPolicy` with a wait condition, don't specify any of the wait condition's properties. │ │ │ > If you use AWS PrivateLink , resources in the VPC that respond to wait conditions must have access to CloudFormation , specific Amazon S3 buckets. Resources must send wait condition responses to a presigned Amazon S3 URL. If they can't send responses to Amazon S3 , CloudFormation won't receive a response and the stack operation fails. For more information, see [Access CloudFormation using an interface endpoint ( AWS PrivateLink )](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/vpc-interface-endpoints.html) in the *AWS CloudFormation User Guide* . > For Amazon EC2 and Auto Scaling resources, we recommend that you use a `CreationPolicy` attribute instead of wait conditions. Add a `CreationPolicy` attribute to those resources, and use the `cfn-signal` helper script to signal when an instance creation process has completed successfully. │ │ └ properties │ │ └ Handle: (documentation changed) │ └[~] resource AWS::CloudFormation::WaitConditionHandle │ └ - documentation: > For Amazon EC2 and Auto Scaling resources, we recommend that you use a `CreationPolicy` attribute instead of wait conditions. Add a `CreationPolicy` attribute to those resources, and use the cfn-signal helper script to signal when an instance creation process has completed successfully. │ > │ > For more information, see [Deploying applications on Amazon EC2 with AWS CloudFormation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/deploying.applications.html) . │ The `AWS::CloudFormation::WaitConditionHandle` type has no properties. When you reference the `WaitConditionHandle` resource by using the `Ref` function, AWS CloudFormation returns a presigned URL. You pass this URL to applications or scripts that are running on your Amazon EC2 instances to send signals to that URL. An associated `AWS::CloudFormation::WaitCondition` resource checks the URL for the required number of success signals or for a failure signal. │ > Anytime you add a `WaitCondition` resource during a stack update or update a resource with a wait condition, you must associate the wait condition with a new `WaitConditionHandle` resource. Don't reuse an old wait condition handle that has already been defined in the template. If you reuse a wait condition handle, the wait condition might evaluate old signals from a previous create or update stack command. > Updates aren't supported for this resource. │ + documentation: The `AWS::CloudFormation::WaitConditionHandle` type has no properties. When you reference the `WaitConditionHandle` resource by using the `Ref` function, CloudFormation returns a presigned URL. You pass this URL to applications or scripts that are running on your Amazon EC2 instances to send signals to that URL. An associated `AWS::CloudFormation::WaitCondition` resource checks the URL for the required number of success signals or for a failure signal. │ For more information, see [Create wait conditions in a CloudFormation template](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-waitcondition.html) in the *AWS CloudFormation User Guide* . │ Anytime you add a `WaitCondition` resource during a stack update or update a resource with a wait condition, you must associate the wait condition with a new `WaitConditionHandle` resource. Don't reuse an old wait condition handle that has already been defined in the template. If you reuse a wait condition handle, the wait condition might evaluate old signals from a previous create or update stack command. │ Updates aren't supported for this resource. ├[~] service aws-cloudfront │ └ resources │ └[~] resource AWS::CloudFront::Distribution │ └ types │ ├[~] type CacheBehavior │ │ └ properties │ │ └[+] GrpcConfig: GrpcConfig │ ├[~] type DefaultCacheBehavior │ │ └ properties │ │ └[+] GrpcConfig: GrpcConfig │ ├[+] type GrpcConfig │ │ ├ name: GrpcConfig │ │ └ properties │ │ └Enabled: boolean (required) │ ├[~] type Logging │ │ └ properties │ │ └ Bucket: - string (required) │ │ + string │ └[~] type OriginGroup │ └ properties │ └[+] SelectionCriteria: string ├[~] service aws-codepipeline │ └ resources │ └[~] resource AWS::CodePipeline::Pipeline │ └ types │ └[~] type ActionTypeId │ └ properties │ └ Category: (documentation changed) ├[~] service aws-cognito │ └ resources │ ├[~] resource AWS::Cognito::ManagedLoginBranding │ │ ├ - documentation: Creates a new set of branding settings for a user pool style and associates it with an app client. This operation is the programmatic option for the creation of a new style in the branding designer. │ │ │ Provides values for UI customization in a `Settings` JSON object and image files in an `Assets` array. To send the JSON object `Document` type parameter in `Settings` , you might need to update to the most recent version of your AWS SDK. │ │ │ This operation has a 2-megabyte request-size limit and include the CSS settings and image assets for your app client. Your branding settings might exceed 2MB in size. Amazon Cognito doesn't require that you pass all parameters in one request and preserves existing style settings that you don't specify. If your request is larger than 2MB, separate it into multiple requests, each with a size smaller than the limit. │ │ │ As a best practice, modify the output of [DescribeManagedLoginBrandingByClient](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeManagedLoginBrandingByClient.html) into the request parameters for this operation. To get all settings, set `ReturnMergedResources` to `true` . For more information, see [API and SDK operations for managed login branding](https://docs.aws.amazon.com/cognito/latest/developerguide/managed-login-brandingdesigner.html#branding-designer-api) │ │ │ > Amazon Cognito evaluates AWS Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. │ │ │ > │ │ │ > **Learn more** - [Signing AWS API Requests](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html) │ │ │ > - [Using the Amazon Cognito user pools API and user pool endpoints](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html) │ │ │ + documentation: Creates a new set of branding settings for a user pool style and associates it with an app client. This operation is the programmatic option for the creation of a new style in the branding designer. │ │ │ Provides values for UI customization in a `Settings` JSON object and image files in an `Assets` array. To send the JSON object `Document` type parameter in `Settings` , you might need to update to the most recent version of your AWS SDK. │ │ │ This operation has a 2-megabyte request-size limit and include the CSS settings and image assets for your app client. Your branding settings might exceed 2MB in size. Amazon Cognito doesn't require that you pass all parameters in one request and preserves existing style settings that you don't specify. If your request is larger than 2MB, separate it into multiple requests, each with a size smaller than the limit. │ │ │ As a best practice, modify the output of [DescribeManagedLoginBrandingByClient](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeManagedLoginBrandingByClient.html) into the request parameters for this operation. To get all settings, set `ReturnMergedResources` to `true` . For more information, see [API and SDK operations for managed login branding](https://docs.aws.amazon.com/cognito/latest/developerguide/managed-login-brandingdesigner.html#branding-designer-api) │ │ └ properties │ │ ├ ClientId: (documentation changed) │ │ ├ ReturnMergedResources: (documentation changed) │ │ └ UseCognitoProvidedValues: (documentation changed) │ ├[~] resource AWS::Cognito::UserPool │ │ ├ properties │ │ │ ├ AliasAttributes: (documentation changed) │ │ │ ├ AutoVerifiedAttributes: (documentation changed) │ │ │ ├ DeviceConfiguration: (documentation changed) │ │ │ ├ Schema: (documentation changed) │ │ │ ├ SmsConfiguration: (documentation changed) │ │ │ ├ UsernameConfiguration: (documentation changed) │ │ │ ├ UserPoolName: (documentation changed) │ │ │ ├ WebAuthnRelyingPartyID: (documentation changed) │ │ │ └ WebAuthnUserVerification: (documentation changed) │ │ └ types │ │ ├[~] type AdvancedSecurityAdditionalFlows │ │ │ ├ - documentation: undefined │ │ │ │ + documentation: Advanced security configuration options for additional authentication types in your user pool, including custom authentication. │ │ │ └ properties │ │ │ └ CustomAuthMode: (documentation changed) │ │ ├[~] type Policies │ │ │ └ properties │ │ │ └ SignInPolicy: (documentation changed) │ │ ├[~] type SignInPolicy │ │ │ ├ - documentation: undefined │ │ │ │ + documentation: The policy for allowed types of authentication in a user pool. │ │ │ │ This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . │ │ │ └ properties │ │ │ └ AllowedFirstAuthFactors: (documentation changed) │ │ └[~] type UserPoolAddOns │ │ └ properties │ │ └ AdvancedSecurityAdditionalFlows: (documentation changed) │ ├[~] resource AWS::Cognito::UserPoolClient │ │ └ properties │ │ ├ AllowedOAuthScopes: (documentation changed) │ │ ├ AnalyticsConfiguration: (documentation changed) │ │ ├ CallbackURLs: (documentation changed) │ │ ├ ClientName: (documentation changed) │ │ ├ DefaultRedirectURI: (documentation changed) │ │ ├ GenerateSecret: (documentation changed) │ │ ├ LogoutURLs: (documentation changed) │ │ ├ SupportedIdentityProviders: (documentation changed) │ │ ├ TokenValidityUnits: (documentation changed) │ │ └ UserPoolId: (documentation changed) │ ├[~] resource AWS::Cognito::UserPoolGroup │ │ └ properties │ │ ├ Description: (documentation changed) │ │ ├ GroupName: (documentation changed) │ │ ├ RoleArn: (documentation changed) │ │ └ UserPoolId: (documentation changed) │ ├[~] resource AWS::Cognito::UserPoolIdentityProvider │ │ └ properties │ │ ├ AttributeMapping: (documentation changed) │ │ ├ IdpIdentifiers: (documentation changed) │ │ ├ ProviderName: (documentation changed) │ │ ├ ProviderType: (documentation changed) │ │ └ UserPoolId: (documentation changed) │ ├[~] resource AWS::Cognito::UserPoolResourceServer │ │ └ properties │ │ └ UserPoolId: (documentation changed) │ ├[~] resource AWS::Cognito::UserPoolUICustomizationAttachment │ │ └ properties │ │ └ UserPoolId: (documentation changed) │ ├[~] resource AWS::Cognito::UserPoolUser │ │ └ properties │ │ ├ ClientMetadata: (documentation changed) │ │ ├ DesiredDeliveryMediums: (documentation changed) │ │ ├ ForceAliasCreation: (documentation changed) │ │ ├ MessageAction: (documentation changed) │ │ └ UserPoolId: (documentation changed) │ └[~] resource AWS::Cognito::UserPoolUserToGroupAttachment │ └ properties │ └ UserPoolId: (documentation changed) ├[~] service aws-connect │ └ resources │ ├[~] resource AWS::Connect::Queue │ │ ├ properties │ │ │ └[+] OutboundEmailConfig: OutboundEmailConfig │ │ └ types │ │ └[+] type OutboundEmailConfig │ │ ├ documentation: The outbound email address Id. │ │ │ name: OutboundEmailConfig │ │ └ properties │ │ └OutboundEmailAddressId: string │ ├[~] resource AWS::Connect::Rule │ │ └ types │ │ ├[~] type CreateCaseAction │ │ │ ├ - documentation: The definition for create case action. │ │ │ │ + documentation: undefined │ │ │ └ properties │ │ │ └ TemplateId: (documentation changed) │ │ ├[~] type Field │ │ │ ├ - documentation: The field of the case. │ │ │ │ + documentation: undefined │ │ │ └ properties │ │ │ ├ Id: (documentation changed) │ │ │ └ Value: (documentation changed) │ │ ├[~] type FieldValue │ │ │ └ properties │ │ │ ├ BooleanValue: (documentation changed) │ │ │ ├ DoubleValue: (documentation changed) │ │ │ ├ EmptyValue: (documentation changed) │ │ │ └ StringValue: (documentation changed) │ │ ├[~] type SubmitAutoEvaluationAction │ │ │ ├ - documentation: The definition of submit auto evaluation action. │ │ │ │ + documentation: undefined │ │ │ └ properties │ │ │ └ EvaluationFormArn: (documentation changed) │ │ └[~] type UpdateCaseAction │ │ └ - documentation: The definition for update case action. │ │ + documentation: undefined │ ├[~] resource AWS::Connect::TaskTemplate │ │ └ properties │ │ └[+] SelfAssignContactFlowArn: string │ └[~] resource AWS::Connect::User │ └ types │ └[~] type UserIdentityInfo │ └ properties │ ├ FirstName: (documentation changed) │ └ LastName: (documentation changed) ├[~] service aws-connectcampaignsv2 │ └ resources │ └[~] resource AWS::ConnectCampaignsV2::Campaign │ └ types │ ├[+] type EventTrigger │ │ ├ documentation: The event trigger of the campaign │ │ │ name: EventTrigger │ │ └ properties │ │ └CustomerProfilesDomainArn: string │ └[~] type Source │ └ properties │ ├ CustomerProfilesSegmentArn: - string (required) │ │ + string │ └[+] EventTrigger: EventTrigger ├[~] service aws-ec2 │ └ resources │ ├[~] resource AWS::EC2::Instance │ │ └ properties │ │ └ PropagateTagsToVolumeOnCreation: (documentation changed) │ ├[~] resource AWS::EC2::LaunchTemplate │ │ └ types │ │ ├[-] type BaselinePerformanceFactors │ │ │ ├ documentation: The baseline performance to consider, using an instance family as a baseline reference. The instance family establishes the lowest acceptable level of performance. Amazon EC2 uses this baseline to guide instance type selection, but there is no guarantee that the selected instance types will always exceed the baseline for every application. │ │ │ │ Currently, this parameter only supports CPU performance as a baseline performance factor. For example, specifying `c6i` would use the CPU performance of the `c6i` family as the baseline reference. │ │ │ │ name: BaselinePerformanceFactors │ │ │ └ properties │ │ │ └Cpu: Cpu │ │ ├[-] type ConnectionTrackingSpecification │ │ │ ├ documentation: A security group connection tracking specification that enables you to set the idle timeout for connection tracking on an Elastic network interface. For more information, see [Connection tracking timeouts](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-connection-tracking.html#connection-tracking-timeouts) in the *Amazon EC2 User Guide* . │ │ │ │ name: ConnectionTrackingSpecification │ │ │ └ properties │ │ │ ├UdpTimeout: integer │ │ │ ├TcpEstablishedTimeout: integer │ │ │ └UdpStreamTimeout: integer │ │ ├[-] type Cpu │ │ │ ├ name: Cpu │ │ │ └ properties │ │ │ └References: Array<Reference> │ │ ├[-] type EnaSrdSpecification │ │ │ ├ documentation: ENA Express uses AWS Scalable Reliable Datagram (SRD) technology to increase the maximum bandwidth used per stream and minimize tail latency of network traffic between EC2 instances. With ENA Express, you can communicate between two EC2 instances in the same subnet within the same account, or in different accounts. Both sending and receiving instances must have ENA Express enabled. │ │ │ │ To improve the reliability of network packet delivery, ENA Express reorders network packets on the receiving end by default. However, some UDP-based applications are designed to handle network packets that are out of order to reduce the overhead for packet delivery at the network layer. When ENA Express is enabled, you can specify whether UDP network traffic uses it. │ │ │ │ name: EnaSrdSpecification │ │ │ └ properties │ │ │ ├EnaSrdEnabled: boolean │ │ │ └EnaSrdUdpSpecification: EnaSrdUdpSpecification │ │ ├[-] type EnaSrdUdpSpecification │ │ │ ├ documentation: ENA Express is compatible with both TCP and UDP transport protocols. When it's enabled, TCP traffic automatically uses it. However, some UDP-based applications are designed to handle network packets that are out of order, without a need for retransmission, such as live video broadcasting or other near-real-time applications. For UDP traffic, you can specify whether to use ENA Express, based on your application environment needs. │ │ │ │ name: EnaSrdUdpSpecification │ │ │ └ properties │ │ │ └EnaSrdUdpEnabled: boolean │ │ ├[~] type InstanceRequirements │ │ │ └ properties │ │ │ ├[-] BaselinePerformanceFactors: BaselinePerformanceFactors │ │ │ └[-] MaxSpotPriceAsPercentageOfOptimalOnDemandPrice: integer │ │ ├[~] type NetworkInterface │ │ │ └ properties │ │ │ ├[-] ConnectionTrackingSpecification: ConnectionTrackingSpecification │ │ │ └[-] EnaSrdSpecification: EnaSrdSpecification │ │ └[-] type Reference │ │ ├ name: Reference │ │ └ properties │ │ └InstanceFamily: string │ ├[~] resource AWS::EC2::SecurityGroupIngress │ │ └ properties │ │ └ GroupName: (documentation changed) │ └[~] resource AWS::EC2::SpotFleet │ └ types │ └[~] type InstanceNetworkInterfaceSpecification │ └ properties │ └ SecondaryPrivateIpAddressCount: (documentation changed) ├[~] service aws-ecs │ └ resources │ ├[~] resource AWS::ECS::Service │ │ ├ properties │ │ │ └ CapacityProviderStrategy: (documentation changed) │ │ └ types │ │ └[~] type DeploymentConfiguration │ │ └ properties │ │ ├ MaximumPercent: (documentation changed) │ │ └ MinimumHealthyPercent: (documentation changed) │ ├[~] resource AWS::ECS::TaskDefinition │ │ └ properties │ │ └[+] EnableFaultInjection: boolean (immutable) │ └[~] resource AWS::ECS::TaskSet │ └ types │ └[~] type CapacityProviderStrategyItem │ └ - documentation: The details of a capacity provider strategy. A capacity provider strategy can be set when using the [RunTask](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_RunTask.html) or [CreateCluster](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_CreateCluster.html) APIs or as the default capacity provider strategy for a cluster with the `CreateCluster` API. │ Only capacity providers that are already associated with a cluster and have an `ACTIVE` or `UPDATING` status can be used in a capacity provider strategy. The [PutClusterCapacityProviders](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_PutClusterCapacityProviders.html) API is used to associate a capacity provider with a cluster. │ If specifying a capacity provider that uses an Auto Scaling group, the capacity provider must already be created. New Auto Scaling group capacity providers can be created with the [CreateClusterCapacityProvider](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_CreateClusterCapacityProvider.html) API operation. │ To use a AWS Fargate capacity provider, specify either the `FARGATE` or `FARGATE_SPOT` capacity providers. The AWS Fargate capacity providers are available to all accounts and only need to be associated with a cluster to be used in a capacity provider strategy. │ With `FARGATE_SPOT` , you can run interruption tolerant tasks at a rate that's discounted compared to the `FARGATE` price. `FARGATE_SPOT` runs tasks on spare compute capacity. When AWS needs the capacity back, your tasks are interrupted with a two-minute warning. `FARGATE_SPOT` supports Linux tasks with the X86_64 architecture on platform version 1.3.0 or later. `FARGATE_SPOT` supports Linux tasks with the ARM64 architecture on platform version 1.4.0 or later. │ A capacity provider strategy may contain a maximum of 6 capacity providers. │ + documentation: The details of a capacity provider strategy. A capacity provider strategy can be set when using the [RunTask](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_RunTask.html) or [CreateCluster](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_CreateCluster.html) APIs or as the default capacity provider strategy for a cluster with the `CreateCluster` API. │ Only capacity providers that are already associated with a cluster and have an `ACTIVE` or `UPDATING` status can be used in a capacity provider strategy. The [PutClusterCapacityProviders](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_PutClusterCapacityProviders.html) API is used to associate a capacity provider with a cluster. │ If specifying a capacity provider that uses an Auto Scaling group, the capacity provider must already be created. New Auto Scaling group capacity providers can be created with the [CreateClusterCapacityProvider](https:…

This PR is to fix the readme, and add back a header that got deleted by mistake in this PR https://github.com/aws/aws-cdk/pull/26329/files#diff-c70c65923cf81d0d8bdd04d2b6160ec67aa5556be569ac08f44359df53de8bb9 ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

This hack was used to support the previous integration test system for the monorepo. It was never publicly advertised and is not used in our setup anymore. We are removing the unused code to simplify toolkit code. ### Reason for this change Cleaning up unused code. ### Description of changes Removed the unused code block. ### Description of how you validated changes Searched our repo and public GitHub for any usage. Only comes up in forks of the AWS CDK. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…sting/framework-integ/test/aws-route53-targets/test/integ.elastic-beanstalk-environment-target.js.snapshot/asset.02e8c4fbaddae67c5789ab6e8ef26eb226f048244bda7fdeb2ecaf8bda19eb9a.elastic-beanstalk-environment-target-assets (#32487) Bumps [path-to-regexp](https://github.com/pillarjs/path-to-regexp) to 0.1.12 and updates ancestor dependency [express](https://github.com/expressjs/express). These dependencies need to be updated together. Updates `path-to-regexp` from 0.1.10 to 0.1.12 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pillarjs/path-to-regexp/releases">path-to-regexp's releases</a>.</em></p> <blockquote> <h2>Fix backtracking (again)</h2> <p><strong>Fixed</strong></p> <ul> <li>Improved backtracking protection for 0.1.x, will break some previously valid paths (see previous advisory: <a href="https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j">https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j</a>)</li> </ul> <p><a href="https://github.com/pillarjs/path-to-regexp/compare/v0.1.11...v0.1.12">https://github.com/pillarjs/path-to-regexp/compare/v0.1.11...v0.1.12</a></p> <h2>Error on bad input</h2> <p><strong>Changed</strong></p> <ul> <li>Add error on bad input values 8f09549</li> </ul> <p><a href="https://github.com/pillarjs/path-to-regexp/compare/v0.1.10...v0.1.11">https://github.com/pillarjs/path-to-regexp/compare/v0.1.10...v0.1.11</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pillarjs/path-to-regexp/commit/640e694c6fd971f78268439df9cf44040855e669"><code>640e694</code></a> 0.1.12</li> <li><a href="https://github.com/pillarjs/path-to-regexp/commit/f01c26a013b1889f0c217c643964513acf17f6a4"><code>f01c26a</code></a> Merge commit from fork</li> <li><a href="https://github.com/pillarjs/path-to-regexp/commit/0c7119248b7cb528a0aea3ba45ed4e2db007cba4"><code>0c71192</code></a> 0.1.11</li> <li><a href="https://github.com/pillarjs/path-to-regexp/commit/8f095497d678c2ec3495a99ab3928748731e73ee"><code>8f09549</code></a> Add error on bad input values</li> <li>See full diff in <a href="https://github.com/pillarjs/path-to-regexp/compare/v0.1.10...v0.1.12">compare view</a></li> </ul> </details> <br /> Updates `express` from 4.21.1 to 4.21.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/expressjs/express/releases">express's releases</a>.</em></p> <blockquote> <h2>4.21.2</h2> <h2>What's Changed</h2> <ul> <li>Add funding field (v4) by <a href="https://github.com/bjohansebas"><code>@bjohansebas</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6065">expressjs/express#6065</a></li> <li>deps: path-to-regexp@0.1.11 by <a href="https://github.com/blakeembrey"><code>@blakeembrey</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5956">expressjs/express#5956</a></li> <li>deps: bump path-to-regexp@0.1.12 by <a href="https://github.com/jonchurch"><code>@jonchurch</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6209">expressjs/express#6209</a></li> <li>Release: 4.21.2 by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6094">expressjs/express#6094</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/expressjs/express/compare/4.21.1...4.21.2">https://github.com/expressjs/express/compare/4.21.1...4.21.2</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/expressjs/express/blob/4.21.2/History.md">express's changelog</a>.</em></p> <blockquote> <h1>4.21.2 / 2024-11-06</h1> <ul> <li>deps: path-to-regexp@0.1.12 <ul> <li>Fix backtracking protection</li> </ul> </li> <li>deps: path-to-regexp@0.1.11 <ul> <li>Throws an error on invalid path values</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/expressjs/express/commit/1faf228935aa0a13111f92c28ee795be64ce3f0f"><code>1faf228</code></a> 4.21.2</li> <li><a href="https://github.com/expressjs/express/commit/2e0fb646d03184dd9a5285813460210c0e7ae654"><code>2e0fb64</code></a> deps: bump path-to-regexp@0.1.12 (<a href="https://redirect.github.com/expressjs/express/issues/6209">#6209</a>)</li> <li><a href="https://github.com/expressjs/express/commit/59fc27028ec5d212be653d35d7e3f73a2c3ac3c0"><code>59fc270</code></a> deps: path-to-regexp@0.1.11 (<a href="https://redirect.github.com/expressjs/express/issues/5956">#5956</a>)</li> <li><a href="https://github.com/expressjs/express/commit/51fc39ccf834eec44547b0f4fed8027e7c05a009"><code>51fc39c</code></a> docs: add funding (<a href="https://redirect.github.com/expressjs/express/issues/6065">#6065</a>)</li> <li>See full diff in <a href="https://github.com/expressjs/express/compare/4.21.1...4.21.2">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~jonchurch">jonchurch</a>, a new releaser for express since your current version.</p> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/aws/aws-cdk/network/alerts). </details>

### Description of changes Update the PR template to ask contributor to list the changes to any IAM or Resource policies. ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Issue # (if applicable) Closes #32530 ### Reason for this change Give the user access to a distribution's ARN via the existing `distributionId` value. ### Description of changes Implemented by proxying the existing `formatDistributionArn` function via a getter method. ### Description of how you validated changes Unit tests were added for both created and imported distributions. Additionally, missing coverage for `Distribution.fromDistributionAttributes` was added, by copying the existing unit test for `CloudFrontWebDistribution.fromDistributionAttributes`. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Issue # (if applicable) N/A ### Reason for this change To support auto retry limit in CodeBuild project. https://aws.amazon.com/about-aws/whats-new/2024/10/aws-codebuild-retrying-builds-automatically/ **Note** This feature is already in CFn and L1 Constructs. aws-cloudformation/cloudformation-coverage-roadmap#2170 #32446 But not documented in CFn docs. ### Description of changes Add `autoRetryLimit` property. ### Description of how you validated changes Add an unit test and an integ test. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Issue # (if applicable) Closes #32496 Relate #32469 ### Reason for this change - Invalid user data on AL2023 ### Description of changes - ECS `machineImageType` support AL2023 ### Description of how you validated changes Unit + Integration test #### Instance can join cluster ![image](https://github.com/user-attachments/assets/aca9ffb3-b993-49f7-a432-eff0cd380952) #### iptables command success ![image](https://github.com/user-attachments/assets/78edaee1-edc2-4ef8-9a9d-5e67e624c594) ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Issue # (if applicable) Closes #31631 ### Reason for this change The Docker credentials helper (e.g. [docker-credential-ecr-login](https://github.com/awslabs/amazon-ecr-credential-helper)) expects a hostname in the configuration. ```json { "credHelpers": { "public.ecr.aws": "ecr-login", "<aws_account_id>.dkr.ecr.<region>.amazonaws.com": "ecr-login" } } ``` Docs: https://github.com/awslabs/amazon-ecr-credential-helper?tab=readme-ov-file#docker ### Description of changes - Expose registryUri ### Description of how you validated changes - Unit test ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

… future (#32483) ### Reason for this change `kubectlLayer` property in EKS Cluster is currently optional. If not provided, it will use a very outdated version (1.20). This default outdated version adds a outdated dependency to CDK which should be removed. However, we can't simply update the version because it will be a breaking change. To avoid this issue happening again, we can send a warning first then we can do a one-time breaking change to make the property required. Another reason is the synth error (users have to provide the property) is better than we upgrading the version silently which may lead to some unexpected behavior. ### Description of changes Update warning to let customers know this property will become required in 2025 Jan. ### Description of how you validated changes ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Reverts #32509 as there's known issue with the flag usage `canContainersAccessInstanceRole`. We're deprecating this flag usage and should not introduce any new changes to this flag that will cause more users to use it.

…ials (#32552) Plugins that return V2 credentials objects, return credentials that are self-refreshing. Those credentials can start out empty, which is perfectly valid. We shouldn't reject them if they are. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Reason for this change Simplify the codegen for CLI config. Previously the generated function expected a number of arguments at call time. Instead we now require a single helpers object at build time. This holds typewriter references to any function called during config parsing. Additionally, some the helper functions for init and migrate are now just called at build time. This is fine because these values don't change dynamically unless a code change is made to the CLI. ### Description of changes - Moved all helper functions into a single file - Created a typewriter proxy class for that file - Use the module proxy instead passing arguments at runtime - This allows us to get rid of the `DynamicValue` stuff all-together and instead we can just check if a value is a typewriter expression. ### Description of how you validated changes Existing tests cover this. Run additional manual verification as well. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

We weren't printing which Aspects were there at the start of the tree, vs which Aspects were added during the Aspect run. Print that info. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…32554) According to the type definitions, the `expiration` field of V3 AWS credentials must be `undefined` or `Date`, but we are running into situations in reality where the value is `null`, leading to the error: ``` TypeError: Cannot read properties of null (reading 'getTime') ``` Survive that specific case. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Issue #32145 Closes #32145. ### Reason for this change The rangesOverlap method was using string comparison to check if IP ranges overlapped. ### Description of changes The rangesOverlap method was updated to compare IP ranges using the ip-num library ### Description of how you validated changes Added two unit tests to verify correct behavior ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/merge-back/2.173.2/CHANGELOG.md)

Adding a missing test, for the scenario that caused #32312. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…2558) This is part of a larger effort to make sure that all command-level code does not use `configuraiton.settings` directly. If it needs a CLI setting, it should be passed in as a parameter to the command-level code. The idea is that the grab bag of `configuration.settings` stays in `cli.ts` and only the relevant information is passed along to each command. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Reason for this change timestamps were no longer being printed for debug and trace level logging messages, because as part of the logging changes, I incidentally removed the timestamps from the `debug()` and `trace()` functions. ### Description of changes Re-added timestamps for whenever those 2 methods are called i.e. ``` debug: "message" is now "[09:58:24] message" info: "message" is still "message" ``` which was the previous functionality ### Description of how you validated changes Modified relevant unit tests and also did manual testing by verifying outputs of cdk commands on different cdk versions ``` # running cdk synth from local build of bobertzh/logging-fix [15:08:06] CDK toolkit version: 0.0.0 (build 68b77e7) [15:08:06] Command line arguments: { ... Resources: CDKMetadata: ... ``` ``` # running cdk synth from live CDK toolkit version: 2.173.0 (build b5c2189) Command line arguments: { ... Resources: CDKMetadata: ... ``` ``` # running cdk synth from be000a2 (parent commit) [15:20:33] CDK toolkit version: 0.0.0 (build be000a2) [15:20:33] Command line arguments: { ... Resources: CDKMetadata: ... ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…32560) ### Description of changes Add assertions to firehose and firehose-destinations integ tests. No assertions were added to `integ.delivery-stream.ts` because the same case is being covered by the `integ.s3-bucket.lit.ts` and `integ.delviery-stream.source-stream.ts` tests. ### Description of how you validated changes integ tests ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Issue Closes #32568 ### Reason for this change Adding a private, empty package for the new programmatic toolkit. We will start adding preliminary types to this based on the [RFC](aws/aws-cdk-rfcs#654). ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

aws-cdk-automation · 2024-12-19T14:41:25Z

AWS CodeBuild CI Report

CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
Commit ID: 3358020
Result: SUCCEEDED
Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

mergify · 2024-12-19T14:41:50Z

Thank you for contributing! Your pull request will be automatically updated and merged without squashing (do not update manually, and be sure to allow changes to be pushed to your fork).

github-actions · 2024-12-19T14:42:10Z

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

mazyu36 and others added 30 commits December 11, 2024 21:53

Merge branch 'main' into merge-back/2.173.0

852cd19

Merge branch 'main' into merge-back/2.173.0

2e08c2c

chore(merge-back): 2.173.0 (#32499)

62a0638

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/merge-back/2.173.0/CHANGELOG.md)

revert(ecs): machineImageType support AL2023 (#32550)

e8d8237

Reverts #32509 as there's known issue with the flag usage `canContainersAccessInstanceRole`. We're deprecating this flag usage and should not introduce any new changes to this flag that will cause more users to use it.

rix0rrr and others added 13 commits December 17, 2024 10:35

Merge branch 'main' into merge-back/2.173.2

cc974e8

chore(merge-back): 2.173.2 (#32561)

e9b5026

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/merge-back/2.173.2/CHANGELOG.md)

chore(cli): new test for MFA + AWS_Profile (#32566)

c1d3130

Adding a missing test, for the scenario that caused #32312. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

chore(release): 2.174.0

3358020

aws-cdk-automation requested a review from a team as a code owner December 19, 2024 14:09

aws-cdk-automation added auto-approve pr/no-squash This PR should be merged instead of squash-merging it labels Dec 19, 2024

github-actions bot added the p2 label Dec 19, 2024

aws-cdk-automation requested a review from a team December 19, 2024 14:09

github-actions bot approved these changes Dec 19, 2024

View reviewed changes

aws-cdk-automation had a problem deploying to test-pipeline December 19, 2024 14:10 — with GitHub Actions Failure

mergify bot merged commit faa1db0 into v2-release Dec 19, 2024
26 of 28 checks passed

mergify bot deleted the bump/2.174.0 branch December 19, 2024 14:41

github-actions bot locked as resolved and limited conversation to collaborators Dec 19, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(release): 2.174.0 #32591

chore(release): 2.174.0 #32591

aws-cdk-automation commented Dec 19, 2024 •

edited

Loading

aws-cdk-automation commented Dec 19, 2024

mergify bot commented Dec 19, 2024

github-actions bot commented Dec 19, 2024

chore(release): 2.174.0 #32591

chore(release): 2.174.0 #32591

Conversation

aws-cdk-automation commented Dec 19, 2024 • edited Loading

aws-cdk-automation commented Dec 19, 2024

AWS CodeBuild CI Report

mergify bot commented Dec 19, 2024

github-actions bot commented Dec 19, 2024

aws-cdk-automation commented Dec 19, 2024 •

edited

Loading