chore(release): 2.220.0 #35735
Merged
chore(release): 2.220.0 #35735
+227,635
−63,274
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec`
**L1 CloudFormation resource definition changes:**
```
├[~] service aws-amazonmq
│ └ resources
│ └[~] resource AWS::AmazonMQ::Broker
│ ├ properties
│ │ └ Users: - Array<User> (required)
│ │ + Array<User>
│ ├ attributes
│ │ ├ ConfigurationRevision: - integer
│ │ │ + string ⇐ integer
│ │ └[+] EngineVersionCurrent: string
│ └ types
│ └[~] type LdapServerMetadata
│ └ properties
│ └ ServiceAccountPassword: - string (required)
│ + string
├[~] service aws-apigateway
│ └ resources
│ ├[~] resource AWS::ApiGateway::Account
│ │ └ - arnTemplate: arn:${Partition}:apigateway:${Region}::/account/${ApiGatewayAccountId}
│ │ + arnTemplate: arn:${Partition}:apigateway:${Region}::/account
│ ├[~] resource AWS::ApiGateway::DomainNameV2
│ │ └ - arnTemplate: arn:${Partition}:apigateway:${Region}::/domainnames/${DomainName}
│ │ + arnTemplate: arn:${Partition}:apigateway:${Region}::/domainnames
│ └[~] resource AWS::ApiGateway::RestApi
│ └ properties
│ └[+] SecurityPolicy: string
├[~] service aws-bcmdataexports
│ └ resources
│ └[~] resource AWS::BCMDataExports::Export
│ └ attributes
│ └[+] Export.ExportArn: string
├[~] service aws-bedrockagentcore
│ └ resources
│ ├[~] resource AWS::BedrockAgentCore::BrowserCustom
│ │ └ - arnTemplate: undefined
│ │ + arnTemplate: arn:${Partition}:bedrock-agentcore:${Region}:${Account}:browser-custom/${BrowserId}
│ ├[~] resource AWS::BedrockAgentCore::CodeInterpreterCustom
│ │ └ - arnTemplate: undefined
│ │ + arnTemplate: arn:${Partition}:bedrock-agentcore:${Region}:${Account}:code-interpreter-custom/${CodeInterpreterId}
│ ├[~] resource AWS::BedrockAgentCore::Runtime
│ │ └ - arnTemplate: undefined
│ │ + arnTemplate: arn:${Partition}:bedrock-agentcore:${Region}:${Account}:runtime/${RuntimeId}
│ └[~] resource AWS::BedrockAgentCore::RuntimeEndpoint
│ └ - arnTemplate: undefined
│ + arnTemplate: arn:${Partition}:bedrock-agentcore:${Region}:${Account}:runtime/${RuntimeId}/runtime-endpoint/${Name}
├[~] service aws-cloud9
│ └ resources
│ └[~] resource AWS::Cloud9::EnvironmentEC2
│ └ - arnTemplate: undefined
│ + arnTemplate: arn:${Partition}:cloud9:${Region}:${Account}:environment:${ResourceId}
├[~] service aws-datasync
│ └ resources
│ ├[~] resource AWS::DataSync::LocationHDFS
│ │ └ - arnTemplate: arn:${Partition}:datasync:${Region}:${AccountId}:location/${LocationId}
│ │ + arnTemplate: undefined
│ └[~] resource AWS::DataSync::LocationS3
│ └ - arnTemplate: undefined
│ + arnTemplate: arn:${Partition}:datasync:${Region}:${AccountId}:location/${LocationId}
├[~] service aws-devicefarm
│ └ resources
│ ├[~] resource AWS::DeviceFarm::DevicePool
│ │ └ - arnTemplate: arn:${Partition}:devicefarm:${Region}:${Account}:devicepool:${ProjectId}/${DevicePoolId}
│ │ + arnTemplate: arn:${Partition}:devicefarm:${Region}:${Account}:devicepool:${ResourceId}
│ └[~] resource AWS::DeviceFarm::NetworkProfile
│ └ - arnTemplate: arn:${Partition}:devicefarm:${Region}:${Account}:networkprofile:${ResourceId}
│ + arnTemplate: arn:${Partition}:devicefarm:${Region}:${Account}:networkprofile:${ProjectId}/${NetworkProfileId}
├[~] service aws-directoryservice
│ └ resources
│ ├[~] resource AWS::DirectoryService::MicrosoftAD
│ │ └ - arnTemplate: arn:${Partition}:ds:${Region}:${Account}:${DirectoryId}
│ │ + arnTemplate: arn:${Partition}:ds:${Region}:${Account}:directory/${DirectoryId}
│ └[~] resource AWS::DirectoryService::SimpleAD
│ └ - arnTemplate: arn:${Partition}:ds:${Region}:${Account}:directory/${DirectoryId}
│ + arnTemplate: undefined
├[~] service aws-docdb
│ └ resources
│ ├[~] resource AWS::DocDB::DBInstance
│ │ └ - arnTemplate: undefined
│ │ + arnTemplate: arn:${Partition}:rds:${Region}:${Account}:db:${DbInstanceName}
│ └[~] resource AWS::DocDB::DBSubnetGroup
│ └ - arnTemplate: undefined
│ + arnTemplate: arn:${Partition}:rds:${Region}:${Account}:subgrp:${SubnetGroupName}
├[~] service aws-ec2
│ └ resources
│ ├[~] resource AWS::EC2::TransitGatewayPeeringAttachment
│ │ └ - arnTemplate: arn:${Partition}:ec2:${Region}:${Account}:transit-gateway-attachment/${TransitGatewayAttachmentId}
│ │ + arnTemplate: undefined
│ └[~] resource AWS::EC2::TransitGatewayVpcAttachment
│ └ - arnTemplate: undefined
│ + arnTemplate: arn:${Partition}:ec2:${Region}:${Account}:transit-gateway-attachment/${TransitGatewayAttachmentId}
├[~] service aws-elasticloadbalancingv2
│ └ resources
│ ├[~] resource AWS::ElasticLoadBalancingV2::ListenerRule
│ │ └ - arnTemplate: arn:${Partition}:elasticloadbalancing:${Region}:${Account}:listener-rule/net/${LoadBalancerName}/${LoadBalancerId}/${ListenerId}/${ListenerRuleId}
│ │ + arnTemplate: arn:${Partition}:elasticloadbalancing:${Region}:${Account}:listener-rule/${LoadBalancerType}/${LoadBalancerName}/${LoadBalancerId}/${ListenerId}/${ListenerRuleId}
│ └[~] resource AWS::ElasticLoadBalancingV2::LoadBalancer
│ └ - arnTemplate: arn:${Partition}:elasticloadbalancing:${Region}:${Account}:listener/gwy/${LoadBalancerName}/${LoadBalancerId}/${ListenerId}
│ + arnTemplate: arn:${Partition}:elasticloadbalancing:${Region}:${Account}:loadbalancer/app/${LoadBalancerName}/${LoadBalancerId}
├[~] service aws-entityresolution
│ └ resources
│ └[~] resource AWS::EntityResolution::IdMappingWorkflow
│ └ types
│ └[~] type IdMappingTechniques
│ └ properties
│ └[+] NormalizationVersion: string
├[~] service aws-events
│ └ resources
│ └[~] resource AWS::Events::Rule
│ └ - arnTemplate: arn:${Partition}:events:${Region}:${Account}:rule/${RuleName}
│ + arnTemplate: arn:${Partition}:events:${Region}:${Account}:rule/[${EventBusName}/]${RuleName}
├[~] service aws-greengrassv2
│ └ resources
│ └[~] resource AWS::GreengrassV2::Deployment
│ └ - arnTemplate: arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/groups/${GroupId}/deployments/${DeploymentId}
│ + arnTemplate: arn:${Partition}:greengrass:${Region}:${Account}:deployments:${DeploymentId}
├[~] service aws-iam
│ └ resources
│ └[~] resource AWS::IAM::Policy
│ └ - arnTemplate: undefined
│ + arnTemplate: arn:${Partition}:iam::${Account}:policy/${PolicyNameWithPath}
├[~] service aws-iot
│ └ resources
│ └[~] resource AWS::IoT::DomainConfiguration
│ └ - arnTemplate: arn:${Partition}:iot:${Region}:${Account}:domainconfiguration/${DomainConfigurationName}
│ + arnTemplate: arn:${Partition}:iot:${Region}:${Account}:domainconfiguration/${DomainConfigurationName}/${Id}
├[~] service aws-iotwireless
│ └ resources
│ └[~] resource AWS::IoTWireless::WirelessDeviceImportTask
│ └ - arnTemplate: undefined
│ + arnTemplate: arn:${Partition}:iotwireless:${Region}:${Account}:WirelessDeviceImportTask/${WirelessDeviceImportTaskId}
├[~] service aws-mediapackagev2
│ └ resources
│ └[~] resource AWS::MediaPackageV2::Channel
│ └ - arnTemplate: undefined
│ + arnTemplate: arn:${Partition}:mediapackagev2:${Region}:${Account}:channelGroup/${ChannelGroupName}/channel/${ChannelName}
├[~] service aws-msk
│ └ resources
│ └[~] resource AWS::MSK::Cluster
│ └ - arnTemplate: undefined
│ + arnTemplate: arn:${Partition}:kafka:${Region}:${Account}:cluster/${ClusterName}/${RandomId}
├[~] service aws-neptune
│ └ resources
│ ├[~] resource AWS::Neptune::DBClusterParameterGroup
│ │ └ - arnTemplate: undefined
│ │ + arnTemplate: arn:aws:rds:${Region}:${Account}:cluster-pg:${ClusterPGName}
│ └[~] resource AWS::Neptune::DBInstance
│ └ - arnTemplate: undefined
│ + arnTemplate: arn:${Partition}:rds:${Region}:${Account}:db:${DbInstanceName}
├[~] service aws-networkfirewall
│ └ resources
│ └[~] resource AWS::NetworkFirewall::RuleGroup
│ └ - arnTemplate: arn:${Partition}:network-firewall:${Region}:${Account}:stateless-rulegroup/${Name}
│ + arnTemplate: arn:${Partition}:network-firewall:${Region}:${Account}:stateful-rulegroup/${Name}
├[~] service aws-networkmanager
│ └ resources
│ ├[~] resource AWS::NetworkManager::ConnectAttachment
│ │ └ - arnTemplate: undefined
│ │ + arnTemplate: arn:${Partition}:networkmanager::${Account}:attachment/${AttachmentId}
│ └[~] resource AWS::NetworkManager::VpcAttachment
│ └ - arnTemplate: arn:${Partition}:networkmanager::${Account}:attachment/${AttachmentId}
│ + arnTemplate: undefined
├[~] service aws-notifications
│ └ resources
│ └[~] resource AWS::Notifications::NotificationConfiguration
│ └ - arnTemplate: undefined
│ + arnTemplate: arn:${Partition}:notifications::${Account}:configuration/${NotificationConfigurationId}
├[~] service aws-odb
│ └ resources
│ └[~] resource AWS::ODB::OdbPeeringConnection
│ └ - arnTemplate: undefined
│ + arnTemplate: arn:${Partition}:odb:${Region}:${Account}:odb-peering-connection/${OdbPeeringConnectionId}
├[~] service aws-opensearchservice
│ └ resources
│ └[~] resource AWS::OpenSearchService::Domain
│ └ - arnTemplate: undefined
│ + arnTemplate: arn:${Partition}:es:${Region}:${Account}:domain/${DomainName}
├[~] service aws-opsworkscm
│ └ resources
│ └[~] resource AWS::OpsWorksCM::Server
│ └ - arnTemplate: arn:${Partition}:opsworks-cm::${Account}:server/${ServerName}/${UniqueId}
│ + arnTemplate: undefined
├[~] service aws-quicksight
│ └ resources
│ └[~] resource AWS::QuickSight::CustomPermissions
│ └ types
│ └[~] type Capabilities
│ └ properties
│ ├[+] Analysis: string
│ └[+] Dashboard: string
├[~] service aws-rds
│ └ resources
│ └[~] resource AWS::RDS::DBClusterParameterGroup
│ └ - arnTemplate: arn:aws:rds:${Region}:${Account}:cluster-pg:${ClusterPGName}
│ + arnTemplate: arn:${Partition}:rds:${Region}:${Account}:cluster-pg:${ClusterParameterGroupName}
├[~] service aws-redshift
│ └ resources
│ ├[~] resource AWS::Redshift::ClusterSecurityGroup
│ │ └ - arnTemplate: arn:${Partition}:redshift:${Region}:${Account}:securitygroup:${SecurityGroupName}/ec2securitygroup/${Owner}/${Ec2SecurityGroupId}
│ │ + arnTemplate: arn:${Partition}:redshift:${Region}:${Account}:securitygroup:${SecurityGroupName}
│ └[~] resource AWS::Redshift::ClusterSecurityGroupIngress
│ └ - arnTemplate: arn:${Partition}:redshift:${Region}:${Account}:securitygroupingress:${SecurityGroupName}/cidrip/${IpRange}
│ + arnTemplate: arn:${Partition}:redshift:${Region}:${Account}:securitygroupingress:${SecurityGroupName}/ec2securitygroup/${Owner}/${Ece2SecuritygroupId}
├[~] service aws-servicecatalog
│ └ resources
│ └[~] resource AWS::ServiceCatalog::PortfolioProductAssociation
│ └ attributes
│ └[-] Id: string
├[~] service aws-ses
│ └ resources
│ ├[~] resource AWS::SES::DedicatedIpPool
│ │ └ - arnTemplate: undefined
│ │ + arnTemplate: arn:${Partition}:ses:${Region}:${Account}:dedicated-ip-pool/${DedicatedIPPool}
│ └[~] resource AWS::SES::ReceiptRuleSet
│ └ - arnTemplate: arn:${Partition}:ses:${Region}:${Account}:receipt-rule-set/${ReceiptRuleSetName}
│ + arnTemplate: arn:${Partition}:ses:${Region}:${Account}:receipt-rule-set/${ReceiptRuleSetName}:receipt-rule/${ReceiptRuleName}
├[~] service aws-smsvoice
│ └ resources
│ ├[~] resource AWS::SMSVOICE::ConfigurationSet
│ │ └ - arnTemplate: undefined
│ │ + arnTemplate: arn:${Partition}:sms-voice:${Region}:${Account}:configuration-set/${ConfigurationSetName}
│ ├[~] resource AWS::SMSVOICE::OptOutList
│ │ └ - arnTemplate: undefined
│ │ + arnTemplate: arn:${Partition}:sms-voice:${Region}:${Account}:opt-out-list/${OptOutListName}
│ ├[~] resource AWS::SMSVOICE::PhoneNumber
│ │ └ - arnTemplate: undefined
│ │ + arnTemplate: arn:${Partition}:sms-voice:${Region}:${Account}:phone-number/${PhoneNumberId}
│ ├[~] resource AWS::SMSVOICE::Pool
│ │ └ - arnTemplate: undefined
│ │ + arnTemplate: arn:${Partition}:sms-voice:${Region}:${Account}:pool/${PoolId}
│ ├[~] resource AWS::SMSVOICE::ProtectConfiguration
│ │ └ - arnTemplate: undefined
│ │ + arnTemplate: arn:${Partition}:sms-voice:${Region}:${Account}:protect-configuration/${ProtectConfigurationId}
│ └[~] resource AWS::SMSVOICE::SenderId
│ └ - arnTemplate: undefined
│ + arnTemplate: arn:${Partition}:sms-voice:${Region}:${Account}:sender-id/${SenderId}/${IsoCountryCode}
└[~] service aws-stepfunctions
└ resources
├[~] resource AWS::StepFunctions::StateMachine
│ └ - arnTemplate: undefined
│ + arnTemplate: arn:${Partition}:states:${Region}:${Account}:stateMachine:${StateMachineName}
└[~] resource AWS::StepFunctions::StateMachineAlias
└ - arnTemplate: arn:${Partition}:states:${Region}:${Account}:stateMachine:${StateMachineName}:${StateMachineVersionId}
+ arnTemplate: arn:${Partition}:states:${Region}:${Account}:stateMachine:${StateMachineName}:${StateMachineAliasName}
```
**CHANGES TO L1 RESOURCES:** L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed:
aws-servicecatalog: AWS::ServiceCatalog::PortfolioProductAssociation: Id attribute removed.
### Reason for this change typo ### Description of changes only fixed the typo in `aws-cdk-lib/readme.md` ### Describe any new or updated permissions being added `N/A` ### Description of how you validated changes Unit and integration tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) None ### Reason for this change AWS cloudformation supports for configuring overflow behavior for a fleet. ### Description of changes - define `FleetOverflowBehavior` - add `overflowBehavior` prop to `fleetProps` ### Describe any new or updated permissions being added None ### Description of how you validated changes Add both unit and integ tests ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) ### Reason for this change Mergify is failing to merge with the following message: > The branch protection setting Require branches to be up to date before merging is not compatible with draft PR checks. To keep this branch protection enabled, update your Mergify configuration to enable in-place checks: set merge_queue.max_parallel_checks: 1, set every queue rule batch_size: 1, and avoid two-step CI (make merge_conditions identical to queue_conditions). Otherwise, disable this branch protection. See: https://github.com/aws/aws-cdk/pull/35616/checks?check_run_id=51597461858 for example This is due to not properly configuring in place merges, which requires batch size 1 for all queue rules ### Description of changes added `batch_size: 1` to all queue rules ### Describe any new or updated permissions being added None ### Description of how you validated changes No real way unless we try it out ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* Signed-off-by: null <null>
### Reason for this change Similar to #34531, this PR adds Claude Sonnet 4.5 support for Amazon Bedrock. https://aws.amazon.com/about-aws/whats-new/2025/09/anthropics-claude-sonnet-4-5-amazon-bedrock/ ```sh aws bedrock list-foundation-models --region us-east-1 --query "modelSummaries[?contains(modelName, 'Claude Sonnet 4.5')].modelId" --output text anthropic.claude-sonnet-4-5-20250929-v1:0 ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Updates the L1 CloudFormation resource definitions with the latest
changes from `@aws-cdk/aws-service-spec`
**L1 CloudFormation resource definition changes:**
```
├[~] service aws-apigateway
│ └ resources
│ └[~] resource AWS::ApiGateway::DomainNameV2
│ └ - arnTemplate: arn:${Partition}:apigateway:${Region}::/domainnames
│ + arnTemplate: arn:${Partition}:apigateway:${Region}::/domainnames/${DomainName}
├[~] service aws-bedrock
│ └ resources
│ └[~] resource AWS::Bedrock::DataAutomationProject
│ └ types
│ ├[~] type AudioExtractionCategory
│ │ └ properties
│ │ └[+] TypeConfiguration: AudioExtractionCategoryTypeConfiguration
│ ├[+] type AudioExtractionCategoryTypeConfiguration
│ │ ├ name: AudioExtractionCategoryTypeConfiguration
│ │ └ properties
│ │ └ Transcript: TranscriptConfiguration
│ ├[+] type ChannelLabelingConfiguration
│ │ ├ name: ChannelLabelingConfiguration
│ │ └ properties
│ │ └ State: string (required)
│ ├[+] type SpeakerLabelingConfiguration
│ │ ├ name: SpeakerLabelingConfiguration
│ │ └ properties
│ │ └ State: string (required)
│ └[+] type TranscriptConfiguration
│ ├ name: TranscriptConfiguration
│ └ properties
│ ├ SpeakerLabeling: SpeakerLabelingConfiguration
│ └ ChannelLabeling: ChannelLabelingConfiguration
├[~] service aws-bedrockagentcore
│ └ resources
│ ├[~] resource AWS::BedrockAgentCore::BrowserCustom
│ │ ├ - documentation: Resource definition for AWS::BedrockAgentCore::BrowserCustom
│ │ │ + documentation: > Amazon Bedrock AgentCore is in preview release and is subject to change.
│ │ │ AgentCore Browser tool provides a fast, secure, cloud-based browser runtime to enable AI agents to interact with websites at scale.
│ │ │ For more information about using the custom browser, see [Interact with web applications using Amazon Bedrock AgentCore Browser](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/browser-tool.html) .
│ │ │ See the *Properties* section below for descriptions of both the required and optional properties.
│ │ ├ properties
│ │ │ ├ Description: (documentation changed)
│ │ │ ├ ExecutionRoleArn: (documentation changed)
│ │ │ ├ Name: (documentation changed)
│ │ │ ├ NetworkConfiguration: (documentation changed)
│ │ │ ├ RecordingConfig: (documentation changed)
│ │ │ └ Tags: (documentation changed)
│ │ ├ attributes
│ │ │ ├ BrowserArn: (documentation changed)
│ │ │ ├ BrowserId: (documentation changed)
│ │ │ ├ CreatedAt: (documentation changed)
│ │ │ ├ LastUpdatedAt: (documentation changed)
│ │ │ └ Status: (documentation changed)
│ │ └ types
│ │ ├[~] type BrowserNetworkConfiguration
│ │ │ ├ - documentation: Network configuration for browser
│ │ │ │ + documentation: The network configuration.
│ │ │ └ properties
│ │ │ └ NetworkMode: (documentation changed)
│ │ ├[~] type RecordingConfig
│ │ │ ├ - documentation: Recording configuration for browser
│ │ │ │ + documentation: The recording configuration.
│ │ │ └ properties
│ │ │ ├ Enabled: (documentation changed)
│ │ │ └ S3Location: (documentation changed)
│ │ └[~] type S3Location
│ │ ├ - documentation: S3 Location Configuration
│ │ │ + documentation: The S3 location.
│ │ └ properties
│ │ ├ Bucket: (documentation changed)
│ │ └ Prefix: (documentation changed)
│ ├[~] resource AWS::BedrockAgentCore::CodeInterpreterCustom
│ │ ├ - documentation: Resource definition for AWS::BedrockAgentCore::CodeInterpreterCustom
│ │ │ + documentation: > Amazon Bedrock AgentCore is in preview release and is subject to change.
│ │ │ The AgentCore Code Interpreter tool enables agents to securely execute code in isolated sandbox environments. It offers advanced configuration support and seamless integration with popular frameworks.
│ │ │ For more information about using the custom code interpreter, see [Execute code and analyze data using Amazon Bedrock AgentCore Code Interpreter](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/code-interpreter-tool.html) .
│ │ │ See the *Properties* section below for descriptions of both the required and optional properties.
│ │ ├ properties
│ │ │ ├ Description: (documentation changed)
│ │ │ ├ ExecutionRoleArn: (documentation changed)
│ │ │ ├ Name: (documentation changed)
│ │ │ ├ NetworkConfiguration: (documentation changed)
│ │ │ └ Tags: (documentation changed)
│ │ ├ attributes
│ │ │ ├ CodeInterpreterArn: (documentation changed)
│ │ │ ├ CodeInterpreterId: (documentation changed)
│ │ │ ├ CreatedAt: (documentation changed)
│ │ │ ├ LastUpdatedAt: (documentation changed)
│ │ │ └ Status: (documentation changed)
│ │ └ types
│ │ └[~] type CodeInterpreterNetworkConfiguration
│ │ ├ - documentation: Network configuration for code interpreter
│ │ │ + documentation: The network configuration.
│ │ └ properties
│ │ └ NetworkMode: (documentation changed)
│ ├[~] resource AWS::BedrockAgentCore::Runtime
│ │ ├ - documentation: Resource Type definition for AWS::BedrockAgentCore::Runtime
│ │ │ + documentation: > Amazon Bedrock AgentCore is in preview release and is subject to change.
│ │ │ Contains information about an agent runtime. An agent runtime is the execution environment for a Amazon Bedrock Agent.
│ │ │ AgentCore Runtime is a secure, serverless runtime purpose-built for deploying and scaling dynamic AI agents and tools using any open-source framework including LangGraph, CrewAI, and Strands Agents, any protocol, and any model.
│ │ │ For more information about using agent runtime in Amazon Bedrock AgentCore, see [Host agent or tools with Amazon Bedrock AgentCore Runtime](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/agents-tools-runtime.html) .
│ │ │ See the *Properties* section below for descriptions of both the required and optional properties.
│ │ ├ properties
│ │ │ ├ AgentRuntimeArtifact: (documentation changed)
│ │ │ ├ AgentRuntimeName: (documentation changed)
│ │ │ ├ AuthorizerConfiguration: (documentation changed)
│ │ │ ├ Description: (documentation changed)
│ │ │ ├ EnvironmentVariables: (documentation changed)
│ │ │ ├ NetworkConfiguration: (documentation changed)
│ │ │ ├ ProtocolConfiguration: (documentation changed)
│ │ │ ├ RoleArn: (documentation changed)
│ │ │ └ Tags: (documentation changed)
│ │ ├ attributes
│ │ │ ├ AgentRuntimeArn: (documentation changed)
│ │ │ ├ AgentRuntimeId: (documentation changed)
│ │ │ ├ AgentRuntimeVersion: (documentation changed)
│ │ │ ├ CreatedAt: (documentation changed)
│ │ │ ├ LastUpdatedAt: (documentation changed)
│ │ │ └ Status: (documentation changed)
│ │ └ types
│ │ ├[~] type AgentRuntimeArtifact
│ │ │ ├ - documentation: undefined
│ │ │ │ + documentation: The artifact of the agent.
│ │ │ └ properties
│ │ │ └ ContainerConfiguration: (documentation changed)
│ │ ├[~] type AuthorizerConfiguration
│ │ │ ├ - documentation: Configuration for the authorizer
│ │ │ │ + documentation: The authorizer configuration.
│ │ │ └ properties
│ │ │ └ CustomJWTAuthorizer: (documentation changed)
│ │ ├[~] type ContainerConfiguration
│ │ │ ├ - documentation: undefined
│ │ │ │ + documentation: The container configuration.
│ │ │ └ properties
│ │ │ └ ContainerUri: (documentation changed)
│ │ ├[~] type CustomJWTAuthorizerConfiguration
│ │ │ └ properties
│ │ │ ├ AllowedAudience: (documentation changed)
│ │ │ ├ AllowedClients: (documentation changed)
│ │ │ └ DiscoveryUrl: (documentation changed)
│ │ ├[~] type NetworkConfiguration
│ │ │ ├ - documentation: undefined
│ │ │ │ + documentation: The network configuration for the agent.
│ │ │ └ properties
│ │ │ └ NetworkMode: (documentation changed)
│ │ └[~] type WorkloadIdentityDetails
│ │ ├ - documentation: Configuration for workload identity
│ │ │ + documentation: The workload identity details for the agent.
│ │ └ properties
│ │ └ WorkloadIdentityArn: (documentation changed)
│ └[~] resource AWS::BedrockAgentCore::RuntimeEndpoint
│ ├ - documentation: Resource definition for AWS::BedrockAgentCore::RuntimeEndpoint
│ │ + documentation: > Amazon Bedrock AgentCore is in preview release and is subject to change.
│ │ AgentCore Runtime is a secure, serverless runtime purpose-built for deploying and scaling dynamic AI agents and tools using any open-source framework including LangGraph, CrewAI, and Strands Agents, any protocol, and any model.
│ │ For more information about using agent runtime endpoints in Amazon Bedrock AgentCore, see [AgentCore Runtime versioning and endpoints](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/agent-runtime-versioning.html) .
│ │ See the *Properties* section below for descriptions of both the required and optional properties.
│ ├ properties
│ │ ├ AgentRuntimeId: (documentation changed)
│ │ ├ AgentRuntimeVersion: (documentation changed)
│ │ ├ Description: (documentation changed)
│ │ ├ Name: (documentation changed)
│ │ └ Tags: (documentation changed)
│ └ attributes
│ ├ AgentRuntimeArn: (documentation changed)
│ ├ AgentRuntimeEndpointArn: (documentation changed)
│ ├ CreatedAt: (documentation changed)
│ ├ FailureReason: (documentation changed)
│ ├ Id: (documentation changed)
│ ├ LastUpdatedAt: (documentation changed)
│ ├ LiveVersion: (documentation changed)
│ ├ Status: (documentation changed)
│ └ TargetVersion: (documentation changed)
├[~] service aws-connect
│ └ resources
│ ├[~] resource AWS::Connect::RoutingProfile
│ │ ├ properties
│ │ │ └ ManualAssignmentQueueConfigs: (documentation changed)
│ │ └ types
│ │ └[~] type RoutingProfileManualAssignmentQueueConfig
│ │ ├ - documentation: Contains information about the manual assignment queue and channel
│ │ │ + documentation: Contains information about the queue and channel for manual assignment behaviour can be enabled.
│ │ └ properties
│ │ └ QueueReference: (documentation changed)
│ └[~] resource AWS::Connect::User
│ └ types
│ └[~] type UserPhoneConfig
│ └ properties
│ └ PersistentConnection: (documentation changed)
├[~] service aws-cur
│ └ resources
│ └[~] resource AWS::CUR::ReportDefinition
│ └ properties
│ └ Tags: (documentation changed)
├[~] service aws-datasync
│ └ resources
│ ├[~] resource AWS::DataSync::LocationEFS
│ │ └ - arnTemplate: undefined
│ │ + arnTemplate: arn:${Partition}:datasync:${Region}:${AccountId}:location/${LocationId}
│ ├[~] resource AWS::DataSync::LocationS3
│ │ └ - arnTemplate: arn:${Partition}:datasync:${Region}:${AccountId}:location/${LocationId}
│ │ + arnTemplate: undefined
│ └[~] resource AWS::DataSync::LocationSMB
│ ├ properties
│ │ ├ CmkSecretConfig: (documentation changed)
│ │ └ CustomSecretConfig: (documentation changed)
│ ├ attributes
│ │ └ CmkSecretConfig.SecretArn: (documentation changed)
│ └ types
│ ├[~] type CmkSecretConfig
│ │ ├ - documentation: Specifies configuration information for a DataSync-managed secret, such as a password or set of credentials that DataSync uses to access a specific transfer location, and a customer-managed AWS KMS key.
│ │ │ + documentation: Specifies configuration information for a DataSync-managed secret, such as an authentication token or secret key that DataSync uses to access a specific storage location, with a customer-managed AWS KMS key .
│ │ │ > You can use either `CmkSecretConfig` or `CustomSecretConfig` to provide credentials for a `CreateLocation` request. Do not provide both parameters for the same request.
│ │ └ properties
│ │ ├ KmsKeyArn: (documentation changed)
│ │ └ SecretArn: (documentation changed)
│ ├[~] type CustomSecretConfig
│ │ ├ - documentation: Specifies configuration information for a customer-managed secret, such as a password or set of credentials that DataSync uses to access a specific transfer location, and an IAM role that DataSync can assume and access the customer-managed secret.
│ │ │ + documentation: Specifies configuration information for a customer-managed Secrets Manager secret where a storage location authentication token or secret key is stored in plain text. This configuration includes the secret ARN, and the ARN for an IAM role that provides access to the secret.
│ │ │ > You can use either `CmkSecretConfig` or `CustomSecretConfig` to provide credentials for a `CreateLocation` request. Do not provide both parameters for the same request.
│ │ └ properties
│ │ ├ SecretAccessRoleArn: (documentation changed)
│ │ └ SecretArn: (documentation changed)
│ └[~] type ManagedSecretConfig
│ └ - documentation: Specifies configuration information for a DataSync-managed secret, such as a password or set of credentials that DataSync uses to access a specific transfer location. DataSync uses the default AWS-managed KMS key to encrypt this secret in AWS Secrets Manager.
│ + documentation: Specifies configuration information for a DataSync-managed secret, such as an authentication token or set of credentials that DataSync uses to access a specific transfer location. DataSync uses the default AWS -managed KMS key to encrypt this secret in AWS Secrets Manager .
├[~] service aws-datazone
│ └ resources
│ ├[~] resource AWS::DataZone::FormType
│ │ ├ - documentation: Create and manage form types in Amazon Datazone
│ │ │ + documentation: The details of the metadata form type.
│ │ ├ properties
│ │ │ ├ Description: (documentation changed)
│ │ │ ├ DomainIdentifier: (documentation changed)
│ │ │ ├ Model: (documentation changed)
│ │ │ ├ Name: (documentation changed)
│ │ │ ├ OwningProjectIdentifier: (documentation changed)
│ │ │ └ Status: (documentation changed)
│ │ └ attributes
│ │ ├ CreatedAt: (documentation changed)
│ │ ├ CreatedBy: (documentation changed)
│ │ ├ DomainId: (documentation changed)
│ │ ├ FormTypeIdentifier: (documentation changed)
│ │ ├ OwningProjectId: (documentation changed)
│ │ └ Revision: (documentation changed)
│ └[~] resource AWS::DataZone::Owner
│ └ attributes
│ ├ OwnerIdentifier: (documentation changed)
│ └ OwnerType: (documentation changed)
├[~] service aws-directoryservice
│ └ resources
│ └[~] resource AWS::DirectoryService::MicrosoftAD
│ └ - arnTemplate: arn:${Partition}:ds:${Region}:${Account}:directory/${DirectoryId}
│ + arnTemplate: arn:${Partition}:ds:${Region}:${Account}:${DirectoryId}
├[~] service aws-dms
│ └ resources
│ └[~] resource AWS::DMS::InstanceProfile
│ └ properties
│ └ KmsKeyArn: (documentation changed)
├[~] service aws-ec2
│ └ resources
│ ├[~] resource AWS::EC2::EC2Fleet
│ │ └ types
│ │ └[~] type EbsBlockDevice
│ │ └ properties
│ │ ├ Iops: (documentation changed)
│ │ └ VolumeSize: (documentation changed)
│ ├[~] resource AWS::EC2::LaunchTemplate
│ │ └ types
│ │ └[~] type Ebs
│ │ └ properties
│ │ ├ Iops: (documentation changed)
│ │ ├ Throughput: (documentation changed)
│ │ └ VolumeSize: (documentation changed)
│ ├[+] resource AWS::EC2::LocalGatewayVirtualInterface
│ │ ├ name: LocalGatewayVirtualInterface
│ │ │ cloudFormationType: AWS::EC2::LocalGatewayVirtualInterface
│ │ │ documentation: Describes a local gateway virtual interface.
│ │ │ tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│ │ │ arnTemplate: arn:${Partition}:ec2:${Region}:${Account}:local-gateway-virtual-interface/${LocalGatewayVirtualInterfaceId}
│ │ ├ properties
│ │ │ ├ LocalGatewayVirtualInterfaceGroupId: string (required, immutable)
│ │ │ ├ OutpostLagId: string (required, immutable)
│ │ │ ├ Vlan: integer (required, immutable)
│ │ │ ├ LocalAddress: string (required, immutable)
│ │ │ ├ PeerAddress: string (required, immutable)
│ │ │ ├ PeerBgpAsn: integer (immutable)
│ │ │ ├ PeerBgpAsnExtended: integer (immutable)
│ │ │ └ Tags: Array<tag>
│ │ └ attributes
│ │ ├ LocalGatewayVirtualInterfaceId: string
│ │ ├ LocalGatewayId: string
│ │ ├ LocalBgpAsn: integer
│ │ ├ OwnerId: string
│ │ └ ConfigurationState: string
│ ├[+] resource AWS::EC2::LocalGatewayVirtualInterfaceGroup
│ │ ├ name: LocalGatewayVirtualInterfaceGroup
│ │ │ cloudFormationType: AWS::EC2::LocalGatewayVirtualInterfaceGroup
│ │ │ documentation: Describes a local gateway virtual interface group.
│ │ │ tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│ │ │ arnTemplate: arn:${Partition}:ec2:${Region}:${Account}:local-gateway-virtual-interface-group/${LocalGatewayVirtualInterfaceGroupId}
│ │ ├ properties
│ │ │ ├ LocalGatewayId: string (required, immutable)
│ │ │ ├ LocalBgpAsn: integer (immutable)
│ │ │ ├ LocalBgpAsnExtended: integer (immutable)
│ │ │ └ Tags: Array<tag>
│ │ └ attributes
│ │ ├ LocalGatewayVirtualInterfaceGroupArn: string
│ │ ├ LocalGatewayVirtualInterfaceGroupId: string
│ │ ├ LocalGatewayVirtualInterfaceIds: Array<string>
│ │ ├ OwnerId: string
│ │ └ ConfigurationState: string
│ ├[~] resource AWS::EC2::SpotFleet
│ │ └ types
│ │ └[~] type EbsBlockDevice
│ │ └ properties
│ │ ├ Iops: (documentation changed)
│ │ └ VolumeSize: (documentation changed)
│ ├[~] resource AWS::EC2::TransitGatewayPeeringAttachment
│ │ └ - arnTemplate: undefined
│ │ + arnTemplate: arn:${Partition}:ec2:${Region}:${Account}:transit-gateway-attachment/${TransitGatewayAttachmentId}
│ ├[~] resource AWS::EC2::TransitGatewayVpcAttachment
│ │ └ - arnTemplate: arn:${Partition}:ec2:${Region}:${Account}:transit-gateway-attachment/${TransitGatewayAttachmentId}
│ │ + arnTemplate: undefined
│ ├[~] resource AWS::EC2::Volume
│ │ └ properties
│ │ ├ Iops: (documentation changed)
│ │ └ Size: (documentation changed)
│ └[~] resource AWS::EC2::VPCEndpoint
│ └ properties
│ └ PolicyDocument: (documentation changed)
├[~] service aws-ecs
│ └ resources
│ └[~] resource AWS::ECS::CapacityProvider
│ ├ properties
│ │ ├[+] ClusterName: string (immutable)
│ │ └[+] ManagedInstancesProvider: ManagedInstancesProvider
│ └ types
│ ├[+] type AcceleratorCountRequest
│ │ ├ name: AcceleratorCountRequest
│ │ └ properties
│ │ ├ Min: integer
│ │ └ Max: integer
│ ├[+] type AcceleratorTotalMemoryMiBRequest
│ │ ├ name: AcceleratorTotalMemoryMiBRequest
│ │ └ properties
│ │ ├ Min: integer
│ │ └ Max: integer
│ ├[+] type BaselineEbsBandwidthMbpsRequest
│ │ ├ name: BaselineEbsBandwidthMbpsRequest
│ │ └ properties
│ │ ├ Min: integer
│ │ └ Max: integer
│ ├[+] type InstanceLaunchTemplate
│ │ ├ name: InstanceLaunchTemplate
│ │ └ properties
│ │ ├ Ec2InstanceProfileArn: string (required)
│ │ ├ StorageConfiguration: ManagedInstancesStorageConfiguration
│ │ ├ NetworkConfiguration: ManagedInstancesNetworkConfiguration (required)
│ │ ├ InstanceRequirements: InstanceRequirementsRequest
│ │ └ Monitoring: string
│ ├[+] type InstanceRequirementsRequest
│ │ ├ name: InstanceRequirementsRequest
│ │ └ properties
│ │ ├ LocalStorageTypes: Array<string>
│ │ ├ InstanceGenerations: Array<string>
│ │ ├ NetworkInterfaceCount: NetworkInterfaceCountRequest
│ │ ├ MemoryGiBPerVCpu: MemoryGiBPerVCpuRequest
│ │ ├ AcceleratorTypes: Array<string>
│ │ ├ VCpuCount: VCpuCountRangeRequest (required)
│ │ ├ ExcludedInstanceTypes: Array<string>
│ │ ├ AcceleratorManufacturers: Array<string>
│ │ ├ AllowedInstanceTypes: Array<string>
│ │ ├ LocalStorage: string
│ │ ├ CpuManufacturers: Array<string>
│ │ ├ NetworkBandwidthGbps: NetworkBandwidthGbpsRequest
│ │ ├ AcceleratorCount: AcceleratorCountRequest
│ │ ├ BareMetal: string
│ │ ├ RequireHibernateSupport: boolean
│ │ ├ MaxSpotPriceAsPercentageOfOptimalOnDemandPrice: integer
│ │ ├ SpotMaxPricePercentageOverLowestPrice: integer
│ │ ├ BaselineEbsBandwidthMbps: BaselineEbsBandwidthMbpsRequest
│ │ ├ OnDemandMaxPricePercentageOverLowestPrice: integer
│ │ ├ AcceleratorNames: Array<string>
│ │ ├ AcceleratorTotalMemoryMiB: AcceleratorTotalMemoryMiBRequest
│ │ ├ BurstablePerformance: string
│ │ ├ MemoryMiB: MemoryMiBRequest (required)
│ │ └ TotalLocalStorageGB: TotalLocalStorageGBRequest
│ ├[+] type ManagedInstancesNetworkConfiguration
│ │ ├ name: ManagedInstancesNetworkConfiguration
│ │ └ properties
│ │ ├ SecurityGroups: Array<string>
│ │ └ Subnets: Array<string> (required)
│ ├[+] type ManagedInstancesProvider
│ │ ├ name: ManagedInstancesProvider
│ │ └ properties
│ │ ├ InfrastructureRoleArn: string (required)
│ │ ├ PropagateTags: string
│ │ └ InstanceLaunchTemplate: InstanceLaunchTemplate (required)
│ ├[+] type ManagedInstancesStorageConfiguration
│ │ ├ name: ManagedInstancesStorageConfiguration
│ │ └ properties
│ │ └ StorageSizeGiB: integer (required)
│ ├[+] type MemoryGiBPerVCpuRequest
│ │ ├ name: MemoryGiBPerVCpuRequest
│ │ └ properties
│ │ ├ Min: number
│ │ └ Max: number
│ ├[+] type MemoryMiBRequest
│ │ ├ name: MemoryMiBRequest
│ │ └ properties
│ │ ├ Min: integer (required)
│ │ └ Max: integer
│ ├[+] type NetworkBandwidthGbpsRequest
│ │ ├ name: NetworkBandwidthGbpsRequest
│ │ └ properties
│ │ ├ Min: number
│ │ └ Max: number
│ ├[+] type NetworkInterfaceCountRequest
│ │ ├ name: NetworkInterfaceCountRequest
│ │ └ properties
│ │ ├ Min: integer
│ │ └ Max: integer
│ ├[+] type TotalLocalStorageGBRequest
│ │ ├ name: TotalLocalStorageGBRequest
│ │ └ properties
│ │ ├ Min: number
│ │ └ Max: number
│ └[+] type VCpuCountRangeRequest
│ ├ name: VCpuCountRangeRequest
│ └ properties
│ ├ Min: integer (required)
│ └ Max: integer
├[~] service aws-elasticloadbalancingv2
│ └ resources
│ └[~] resource AWS::ElasticLoadBalancingV2::ListenerRule
│ └ - arnTemplate: arn:${Partition}:elasticloadbalancing:${Region}:${Account}:listener-rule/${LoadBalancerType}/${LoadBalancerName}/${LoadBalancerId}/${ListenerId}/${ListenerRuleId}
│ + arnTemplate: arn:${Partition}:elasticloadbalancing:${Region}:${Account}:listener-rule/net/${LoadBalancerName}/${LoadBalancerId}/${ListenerId}/${ListenerRuleId}
├[~] service aws-events
│ └ resources
│ └[~] resource AWS::Events::Rule
│ └ - arnTemplate: arn:${Partition}:events:${Region}:${Account}:rule/[${EventBusName}/]${RuleName}
│ + arnTemplate: arn:${Partition}:events:${Region}:${Account}:rule/${RuleName}
├[~] service aws-imagebuilder
│ └ resources
│ └[~] resource AWS::ImageBuilder::Image
│ └ - arnTemplate: arn:${Partition}:imagebuilder:${Region}:${Account}:image/${ImageName}/${ImageVersion}/${ImageBuildVersion}
│ + arnTemplate: arn:${Partition}:imagebuilder:${Region}:${Account}:image/${ImageName}/${ImageVersion}
├[~] service aws-iot
│ └ resources
│ └[~] resource AWS::IoT::DomainConfiguration
│ └ - arnTemplate: arn:${Partition}:iot:${Region}:${Account}:domainconfiguration/${DomainConfigurationName}/${Id}
│ + arnTemplate: arn:${Partition}:iot:${Region}:${Account}:domainconfiguration/${DomainConfigurationName}
├[~] service aws-iotwireless
│ └ resources
│ └[~] resource AWS::IoTWireless::WirelessDeviceImportTask
│ └ - arnTemplate: arn:${Partition}:iotwireless:${Region}:${Account}:WirelessDeviceImportTask/${WirelessDeviceImportTaskId}
│ + arnTemplate: arn:${Partition}:iotwireless:${Region}:${Account}:ImportTask/${ImportTaskId}
├[~] service aws-msk
│ └ resources
│ └[~] resource AWS::MSK::ClusterPolicy
│ └ properties
│ └ Policy: (documentation changed)
├[~] service aws-networkfirewall
│ └ resources
│ └[~] resource AWS::NetworkFirewall::RuleGroup
│ ├ - arnTemplate: arn:${Partition}:network-firewall:${Region}:${Account}:stateful-rulegroup/${Name}
│ │ + arnTemplate: arn:${Partition}:network-firewall:${Region}:${Account}:stateless-rulegroup/${Name}
│ └ types
│ └[~] type RulesSourceList
│ └ properties
│ └ GeneratedRulesType: (documentation changed)
├[~] service aws-pinpoint
│ └ resources
│ └[~] resource AWS::Pinpoint::InAppTemplate
│ └ - arnTemplate: undefined
│ + arnTemplate: arn:${Partition}:mobiletargeting:${Region}:${Account}:templates
├[~] service aws-quicksight
│ └ resources
│ └[~] resource AWS::QuickSight::CustomPermissions
│ └ types
│ └[~] type Capabilities
│ └ properties
│ ├ Analysis: (documentation changed)
│ └ Dashboard: (documentation changed)
├[~] service aws-rds
│ └ resources
│ ├[~] resource AWS::RDS::DBCluster
│ │ └ properties
│ │ └ MasterUserAuthenticationType: (documentation changed)
│ ├[~] resource AWS::RDS::DBInstance
│ │ └ properties
│ │ └ MasterUserAuthenticationType: (documentation changed)
│ ├[~] resource AWS::RDS::DBProxy
│ │ └ properties
│ │ ├ DefaultAuthScheme: (documentation changed)
│ │ ├ EndpointNetworkType: (documentation changed)
│ │ └ TargetConnectionNetworkType: (documentation changed)
│ └[~] resource AWS::RDS::DBProxyEndpoint
│ └ properties
│ └ EndpointNetworkType: (documentation changed)
├[~] service aws-redshift
│ └ resources
│ └[~] resource AWS::Redshift::ClusterSecurityGroupIngress
│ └ - arnTemplate: arn:${Partition}:redshift:${Region}:${Account}:securitygroupingress:${SecurityGroupName}/ec2securitygroup/${Owner}/${Ece2SecuritygroupId}
│ + arnTemplate: arn:${Partition}:redshift:${Region}:${Account}:securitygroupingress:${SecurityGroupName}/cidrip/${IpRange}
├[~] service aws-route53
│ └ resources
│ └[~] resource AWS::Route53::RecordSet
│ └ types
│ └[~] type AliasTarget
│ └ properties
│ └ EvaluateTargetHealth: (documentation changed)
├[~] service aws-servicecatalog
│ └ resources
│ └[~] resource AWS::ServiceCatalog::PortfolioPrincipalAssociation
│ └ properties
│ ├ PortfolioId: - string (immutable)
│ │ + string (required, immutable)
│ └ PrincipalARN: - string (immutable)
│ + string (required, immutable)
└[~] service aws-xray
└ resources
└[~] resource AWS::XRay::Group
└ - arnTemplate: arn:${Partition}:xray:${Region}:${AccountId}:group/${GroupName}/${Id}
+ arnTemplate: arn:${Partition}:xray:${Region}:${AccountId}:group/${GroupName}
```
**CHANGES TO L1 RESOURCES:** L1 resources are automatically generated
from public CloudFormation Resource Schemas. They are built to closely
reflect the real state of CloudFormation. Sometimes these updates can
contain changes that are incompatible with previous types, but more
accurately reflect reality. In this release we have changed:
aws-servicecatalog: AWS::ServiceCatalog::PortfolioPrincipalAssociation:
PortfolioId property is now required.
aws-servicecatalog: AWS::ServiceCatalog::PortfolioPrincipalAssociation:
PrincipalARN property is now required.
Co-authored-by: aws-cdk-automation <aws-cdk-automation@users.noreply.github.com>
### Description of changes <!-- What code changes did you make? Why do these changes address the issue? What alternatives did you consider and reject? What design decisions have you made? --> Forks do not have any codebuild setup, so this pr-build should only run for aws/aws-cdk. Currently, it creates noise and the action stays in pending, eventually timing out. https://github.com/aws/aws-cdk/actions/workflows/pr-build.yml action runs on forks to test PR Build ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…5648) ### Issue # (if applicable) Closes #<issue number here>. ### Reason for this change <!--What is the bug or use case behind this change?--> ECS is launching new Capacity Provider called Managed Instances similar to currently available [AutoScalingGroup Capacity Provider](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecs.AsgCapacityProvider.html) ### Description of changes <!-- What code changes did you make? Why do these changes address the issue? What alternatives did you consider and reject? What design decisions have you made? --> Created a new L2 construct for ManagedInstances Capacity Provider. AWS ECS Managed Instances is a new capability being launched, that allows customers to specify desired Amazon EC2 instance types for their serverless workloads. It enables them to run workloads that require specific compute capabilities, such as GPU, accelerated compute, CPU instruction sets, or large number of vCPUs, while retaining the serverless benefits of fully managed compute infrastructure and automatic security patching. AWS ECS Managed Instances leverages Amazon EC2 Managed Instances to deliver these compute capabilities, with seamless access to EC2 features like Reserved Instances (RIs) and On-Demand Capacity Reservations (ODCRs). Public API doc: [Documentation](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ManagedInstances.html) [AWS News Blog](https://aws.amazon.com/blogs/aws/announcing-amazon-ecs-managed-instances-for-containerized-applications/) [What’s New Post](https://aws.amazon.com/about-aws/whats-new/2025/09/amazon-ecs-managed-instances/) [Product Detail Page](https://aws.amazon.com/ecs/managed-instances/) [Pricing Page](https://aws.amazon.com/ecs/managed-instances/pricing/) [FAQs](https://aws.amazon.com/ecs/managed-instances/faqs/) ### Describe any new or updated permissions being added <!-- What new or updated IAM permissions are needed to support the changes being introduced? --> This feature introduced a new role called `infrastructureRole`. ### Description of how you validated changes <!-- Have you added any unit tests and/or integration tests? Did you test by hand? --> - Added an integration test - Added unit tests ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ecks (#35659) ### Issue # (if applicable) Closes #<issue number here>. ### Reason for this change The Mergify configuration currently uses the deprecated `conditions` key inside `queue_rules`. Mergify now interprets `conditions` as `merge_conditions`, which unintentionally makes the setup a two-step CI. This prevents in-place checks from working and causes conflicts with GitHub’s branch protection rule *“Require branches to be up to date before merging.”* Response from Mergify team: > You still have a conditions key in your queue rules, which translate to merge_conditions since the conditions attribute is deprecated. Having merge_conditions in your queue rules makes it a 2-step CI. You can see more details on inplace checks in our documentation: https://docs.mergify.com/merge-queue/parallel-checks/#inplace-checks-no-drafts ### Description of changes - Updated all `queue_rules` entries to use **`queue_conditions`** instead of `conditions`. ### Describe any new or updated permissions being added N/A — no IAM changes required. ### Description of how you validated changes - Only way to test is to merge it. - ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
#35633) ### Issue # (if applicable) Closes [#34322](#34322) ### Reason for this change Fixes synthesis error: 'Supplied properties not correct for CfnBucketPolicyProps: policyDocument: required but missing' ### Description of changes - Fix synthesis error where duplicate CfnBucketPolicy was created without policyDocument - Ensure PolicyDocument is properly passed from original CfnBucketPolicy to constructor - Maintains existing behavior while fixing synthesis bug ### Description of how you validated changes - Add test to verify synthesis works and duplicate resources are created as expected ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…on URL origins (#35458) ### Issue # (if applicable) #35450 ### Reason for this change Lambda Function URLs natively support dual-stack IPv4/IPv6 connectivity, but CDK's FunctionUrlOrigin class did not expose the `ipAddressType` property to configure IP protocol preferences. ### Description of changes - Added `OriginIpAddressType` enum with `IPV4`, `IPV6`, and `DUALSTACK` options - Added optional `ipAddressType` property to `FunctionUrlOriginProps` interface using the enum type - Default behavior follows CloudFormation default (IPv4 only) to avoid breaking changes - Updated both `FunctionUrlOrigin` and `FunctionUrlOriginWithOAC` classes to pass through the property - Added test coverage for default behavior, explicit value setting, and OAC integration - Updated README with usage examples and enum documentation ### Describe any new or updated permissions being added N/A ### Description of how you validated changes - Added unit tests covering default behavior when `ipAddressType` is not specified - Added unit tests for explicit enum value setting (`OriginIpAddressType.IPV4`, `OriginIpAddressType.IPV6`, `OriginIpAddressType.DUALSTACK`) - Added test with Origin Access Control (OAC) ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) N/A ### Reason for this change Amplify supports customizable build instances, but L2 Construct does not support it. https://aws.amazon.com/about-aws/whats-new/2025/05/aws-amplify-hosting-customizable-build-instances/ ### Description of changes Add `buildComputeType` property. ### Describe any new or updated permissions being added N/A ### Description of how you validated changes Add unit tests and an integ test. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…eHostedZone (#35552) ### Issue Closes #23268 . ### Reason for this change PrivateHostedZone does not have fromPrivateHostedZoneAttributes function, Although PublicHostedZone has fromPublicHostedZoneAttributes. this PR change allow us to reference the zoneName in CDK. ### Description of changes Added code for fromPrivateHostedZoneAttirbutes ### Describe any new or updated permissions being added No extra permissions needed ### Description of how you validated changes Added a unit test ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
<img width="1069" height="102" alt="image" src="https://github.com/user-attachments/assets/43224248-aa93-4ad8-ad4b-fdb1ffd06e6a" /> ### Reason for this change The find-latest-release script was querying the CLI package `aws-cdk` instead of `aws-cdk-lib` package for version information. ### Description of changes Updated the npm view command in `scripts/find-latest-release.js` to query `aws-cdk-lib` instead of `aws-cdk`. This ensures the script retrieves version information from the correct, actively maintained package. ### Describe any new or updated permissions being added No new permissions required. ### Description of how you validated changes Tested locally to confirm the script now queries the correct package. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…sion for s3tables:ListNamespaces (#35420) …ead access. ### Reason for this change When setting up a S3 Table through AWS CDK `@aws-cdk/aws-s3tables-alpha ` version 2.214.0-alpha.0 the granting of read access adds the action `s3tables:ListNamespace`. That action is invalid according to the AWS Console. ### Description of changes Switching the invalid action `s3tables:ListNamespace` to the correct one called `s3tables:ListNamespaces`. Documentation for the listing of namespaces: https://docs.aws.amazon.com/cli/latest/reference/s3tables/list-namespaces.html. ### Describe any new or updated permissions being added None. ### Description of how you validated changes Unit and integration tests passed. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) Closes #35471. ### Reason for this change AWS OpenSearch Service now supports OpenSearch 3.1, but the CDK does not have a constant for this version. Users need to be able to specify OpenSearch 3.1 when creating OpenSearch domains through CDK. ### Description of changes - Added `OPENSEARCH_3_1` constant to the `EngineVersion` class in `aws-opensearchservice` - Updated unit tests to include the new version in test arrays to ensure proper validation - Created integration test `integ.opensearch.v3-1.ts` to verify the new version works correctly - Generated integration test snapshots to validate CloudFormation template generation The changes follow the existing pattern for adding new OpenSearch versions and maintain backward compatibility. **Note:** The original issue referenced OpenSearch 3.0, but this version does not appear to exist in AWS OpenSearch Service. Only OpenSearch 3.1 has been implemented. ### Describe any new or updated permissions being added No new IAM permissions are required. This change only adds a new engine version constant that maps to existing AWS OpenSearch Service functionality. ### Description of how you validated changes - Added unit tests that verify the new version constant maps to the correct CloudFormation value (`OpenSearch_3.1`) - Created integration test that deploys an OpenSearch domain with version 3.1 - Generated and validated integration test snapshots using integ-runner - Verified all existing tests continue to pass ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This upgrades jsii to a version with support for type intersections. Changes around decorators: * Because this is switching to a newer version of jsii [that doesn't set `experimentalDecorators: true` anymore by default](aws/jsii-compiler#1828), we need to update the typing for the `@MethodMetadata` decorator ([ref](https://devblogs.microsoft.com/typescript/announcing-typescript-5-0/#decorators)). * Because the `framework-integ` package can see the source `.ts` files from `aws-cdk-lib`, it can see the presence of the decorators. The code must type check, so we must switch `experimentalDecorators` to the same value in that package (`false`). Some example code used a legacy decorator which had to be rewritten to be somewhat equivalent: the exact example cannot be recreated with modern decorators. * The emulation of modern decorators behaves slightly differently depending on the target (it either uses the `static { }` JS syntax if available in ES2022+, or tries to emulate that syntax). If the behavior is emulated, the `CONSTRUCT_INJECTION_ID` property can never be read from the class -- it always shows up as `undefined`. Upgrade to ES2022 across the board to generate the right polyfill code. This is supported by Node 16+. * Jsii forces ES2020 by default. To switch everything to ES2022, we need to eject from the jsii autogenerated config everywhere. I also bumped the Node type definitions, which led to a couple more eslint violations that needed to be fixed. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Reason for this change https://aws.amazon.com/about-aws/whats-new/2025/10/amazon-ec2-c8i-and-c8i-flex-instances-generally-available/ https://aws.amazon.com/about-aws/whats-new/2025/10/general-purpose-amazon-ec2-m8a-instances/ ### Description of changes EC2 add m8a,c8i,c8i-flex instance class ### Description of how you validated changes ```console $ aws ec2 describe-instance-types \ --filters "Name=instance-type,Values=c8i*" \ --query "InstanceTypes[].InstanceType" \ --output table ----------------------- |DescribeInstanceTypes| +---------------------+ | c8i-flex.8xlarge | | c8i.8xlarge | ... $ aws ec2 describe-instance-types \ --filters "Name=instance-type,Values=m8a.*" \ --query "InstanceTypes[].InstanceType" \ --output table ----------------------- |DescribeInstanceTypes| +---------------------+ | m8a.medium | | m8a.8xlarge | ... ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws-cdk-automation
added
auto-approve
pr/no-squash
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
Cleaned changelog to remove changes that have already been released
|
Thank you for contributing! Your pull request will be automatically updated and merged without squashing (do not update manually, and be sure to allow changes to be pushed to your fork). |
|
This pull request has been removed from the queue for the following reason: Pull request #35735 has been dequeued. The pull request could not be merged. This could be related to an activated branch protection or ruleset rule that prevents us from merging. (details: Required status check "validate-pr" is queued.). You should look at the reason for the failure and decide if the pull request needs to be fixed or if you want to requeue it. |
aws-cdk-automation
added
the
pr/needs-maintainer-review
|
Thank you for contributing! Your pull request will be automatically updated and merged without squashing (do not update manually, and be sure to allow changes to be pushed to your fork). |
kumvprat
approved these changes
Oct 14, 2025
|
@Mergifyio requeue |
✅ The queue state of this pull request has been cleaned. It can be re-embarked automatically |
|
Comments on closed issues and PRs are hard for our team to see. |
aws-cdk-automation
removed
the
pr/needs-maintainer-review
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
27 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See CHANGELOG