-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(ecs): empty placement constraints not allowed #28431
fix(ecs): empty placement constraints not allowed #28431
Commits on Dec 19, 2023
-
Configuration menu - View commit details
-
Copy full SHA for d2bb6a9 - Browse repository at this point
Copy the full SHA d2bb6a9View commit details
Commits on Dec 20, 2023
-
Configuration menu - View commit details
-
Copy full SHA for bc50f91 - Browse repository at this point
Copy the full SHA bc50f91View commit details
Commits on Jan 5, 2024
-
docs(apigatewayv2): revive README.md (aws#28435)
The readme for apigatewayv2 is currently [removed](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_apigatewayv2-readme.html), and this PR gets it back. I got the original README.md from this commit (just before it got removed): https://github.com/aws/aws-cdk/blob/187f67b3430dca7ea96a94c66b18694bce213f03/packages/%40aws-cdk/aws-apigatewayv2-alpha/README.md I confirmed other two modules (integration and authorizers) have correct READMEs already. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for 243e42a - Browse repository at this point
Copy the full SHA 243e42aView commit details -
chore(roadmap): add GC to the roadmap (aws#28413)
Adding CDK GC to the roadmap. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for 24cd6ec - Browse repository at this point
Copy the full SHA 24cd6ecView commit details -
fix(integ-tests): apply correct IAM policy to waiterProvider (aws#28424)
### Description The following issue describes a bug where the IAM Policy is not correctly set to the calling Lambda when using `invokeFunction` and `waitForAssertions`. Normally, when the `waitForAssertions` method is invoked, the necessary Policy is granted to the `waiterProvider` using the `adPolicyStatementFromSdkCall` method. https://github.com/aws/aws-cdk/blob/52a5579aa52c88bb289a7a9677c35385763c8fff/packages/%40aws-cdk/integ-tests-alpha/lib/assertions/sdk.ts#L136 In the case of a Lambda function call, the API name and the Action name of the Policy are different (invoke => invokeFunction), so the `addPolicyStatementFromSdkCall` method cannot grant the correct Policy. The `LambdaInvokeFunction` is doing the correct Policy assignment to deal with this in the constructor. https://github.com/aws/aws-cdk/blob/52a5579aa52c88bb289a7a9677c35385763c8fff/packages/%40aws-cdk/integ-tests-alpha/lib/assertions/sdk.ts#L247 However, this is not done for the `waiterProvider`, resulting in an access denied error. This PR has been modified so that the correct Policy is granted to `waiterProvider`. fixes aws#27865 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for c02cc02 - Browse repository at this point
Copy the full SHA c02cc02View commit details -
feat(ec2): support creating key pairs (aws#28138)
This adds support for creating `AWS::EC2::KeyPair` resources. These are added as a property to `Instance`, `LaunchTemplate`, and `NatInstance` and the older `keyName` prop is deprecated in favor of the new `keyPair: IKeyPair` property. A getter is added to retrieve the SSM parameter that hold the private key for non-imported keys and checks are added to make sure that ED25519 keys are not used with a Windows instance. Closes aws#5252. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for 21953b6 - Browse repository at this point
Copy the full SHA 21953b6View commit details -
fix(custom-resources): cannot set logging for state machine generated…
Configuration menu - View commit details
-
Copy full SHA for 9bde761 - Browse repository at this point
Copy the full SHA 9bde761View commit details -
chore(roadmap): Add EKSv2 to the ROADMAP.md (aws#28439)
Adding EKSv2 L2 construct to the roadmap. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for 2f230e1 - Browse repository at this point
Copy the full SHA 2f230e1View commit details -
feat(ecr): tag pattern list for lifecycle policy (aws#28432)
This PR supports `tagPatternList` for the lifecycle policy. According to the doc, the lifecycle policy has following evaluation rules: > A lifecycle policy rule may specify either tagPatternList or tagPrefixList, but not both. > The tagPatternList or tagPrefixList parameters may only used if the tagStatus is tagged. > There is a maximum limit of four wildcards (\*) per string. For example, ["\*test\*1\*2\*3", "test\*1\*2\*3\*"] is valid but ["test\*1\*2\*3\*4\*5\*6"] is invalid. https://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html#lp_tag_pattern_list ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for aaf781e - Browse repository at this point
Copy the full SHA aaf781eView commit details -
chore: make the service-spec update more user friendly (aws#28441)
The current wording made it hard for beginners to understand what the PRs actually do. This should improve discoverability of L1 changes. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for 34e8c14 - Browse repository at this point
Copy the full SHA 34e8c14View commit details -
chore: add evgenyka to mergify and githubmerit badger (aws#28440)
---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* Co-authored-by: Sumu Pitchayan <35242245+sumupitchayan@users.noreply.github.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for f493ddb - Browse repository at this point
Copy the full SHA f493ddbView commit details -
fix(secretsmanager): hosted rotation with fromSecretNameV2() does not…
… create correct iam policy (aws#28379) In the case for a hosted rotation with a master secret by `fromSecretNameV2()`, IAM policy for lambda is not correct. The secret by the method has a partial ARN, so a generated IAM policy should use an ARN with `'-??????'`, but it will not use the ARN. Closes aws#28308. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for 1bf5fb1 - Browse repository at this point
Copy the full SHA 1bf5fb1View commit details -
feat(stepfunctions-tasks): EMR createCluster command support OnDemand…
Configuration menu - View commit details
-
Copy full SHA for ed4589f - Browse repository at this point
Copy the full SHA ed4589fView commit details -
fix(iam): importedRoleStackSafeDefaultPolicyName feature flag results…
… in excessively long IAM policy names (aws#27548) When the importedRoleStackSafeDefaultPolicyName feature flag is enabled, the method to calculate the IAM Policy Name within `aws_iam.ImportedRole.addToPrincipalPolicy()` changes. Specifically, if the generated IAM Policy Name exceeds the maximum allowed length of 128 characters, it will be truncated using `Names.uniqueResourceName()`. Previously, the `Names.UniqueId()` method was used to generate the Policy Name. This method does not allow you to set a maximum length, so if the name exceeded the limit, it would be overwritten using `Names.uniqueResourceName()`—a function that allows for length specification. I considered replacing `Names.UniqueId()` entirely with `Names.uniqueResourceName()`. However, this is on hold due to concerns that existing Policy Names could be affected. If a complete replacement poses no issues, your guidance is appreciated, as I'm not fully versed in the logic behind these methods. Closes aws#27409 , aws#24441 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for 22e0659 - Browse repository at this point
Copy the full SHA 22e0659View commit details -
feat(sns): delivery status logging configuration (aws#28433)
Recently Amazon SNS supports configuring delivery status logging with AWS CloudFormation. https://aws.amazon.com/about-aws/whats-new/2023/12/amazon-sns-configuring-delivery-status-logging-aws-cloudformation/?nc1=h_ls This is also configurable via L1 CfnTopic construct. https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_sns.CfnTopic.html This PR introduces the feature to add delivery status logging configuration via L2 Topic construct. Closes aws#21971 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for 15e2ae9 - Browse repository at this point
Copy the full SHA 15e2ae9View commit details -
fix(events-targets): imported sqs queue cannot be used as a rule dlq (a…
…ws#28165) (aws#28285) This PR fixes the bug where imported SQS queue cannot be used as Rule DeadLetterQueue, since fromQueueArn can resolve region and account from v2.109.0 Closes aws#28165 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for 6792ffd - Browse repository at this point
Copy the full SHA 6792ffdView commit details -
chore(integ-tests): add waiterProvider to IApiCall (aws#27844)
This PR changes to add the `waiterProvider` property to an `IApiCall` for `awsApiCall` in integ-tests-alpha. By default `awsApiCall` in integ tests, the AwsApiCall construct will automatically add the correct IAM policies to allow the Lambda function to make the API call. It does this based on the service and api that is provided. In the following example the service is SQS and the api is receiveMessage so it will create a policy with Action: 'sqs:ReceiveMessage'. ```ts const integ = new IntegTest(app, 'Integ', { testCases: [stack], }); integ.assertions.awsApiCall('SQS', 'receiveMessage', { QueueUrl: 'url', }); ``` There are some cases where the permissions do not exactly match the service/api call, for example the S3 listObjectsV2 api. In these cases it is possible to add the correct policy by accessing the `provider` object. ```ts const apiCall = integ.assertions.awsApiCall('S3', 'listObjectsV2', { Bucket: 'mybucket', }); apiCall.provider.addToRolePolicy({ Effect: 'Allow', Action: ['s3:GetObject', 's3:ListBucket'], Resource: ['*'], }); ``` On the other hand, there is the case to use `waitForAssertions` when using `awsApiCall` in integ tests. This causes `apiCall` to have a `waiterProvider` property in addition to `provider`. ```ts const apiCall = integ.assertions.awsApiCall('S3', 'listObjectsV2', { Bucket: 'mybucket', }).expect(ExpectedResult.objectLike({ KeyCount: 1, })).waitForAssertions({ interval: cdk.Duration.seconds(30), totalTimeout: cdk.Duration.minutes(10), }); ``` In the case, `waiterProvider` actually calls to the service/api, so it should have the proper policies. However a type of a return value of `apiCall` is `IApiCall` interface so that the interface has a `provider` property, `waiterProvider` is not in `IApiCall` but in `AwsApiCall`. Then it cannot take the policies without casting the following. (`apiCall instanceof AwsApiCall`) ```ts if (apiCall instanceof AwsApiCall) { apiCall.waiterProvider?.addToRolePolicy({ Effect: 'Allow', Action: ['s3:GetObject', 's3:ListBucket'], Resource: ['*'], }); } ``` So I add `waiterProvider` to `IApiCall`, so that it can take the policies without casting: ```ts // if (apiCall instanceof AwsApiCall) { apiCall.waiterProvider?.addToRolePolicy({ Effect: 'Allow', Action: ['s3:GetObject', 's3:ListBucket'], Resource: ['*'], }); //} ``` In my opinion, I see no negative impact from this. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for 116c0ba - Browse repository at this point
Copy the full SHA 116c0baView commit details -
chore(integ-tests): revert add waiterProvider to IApiCall (aws#28457)
Reverts aws#27844. This change broke the pipeline, pacmak fails with: ``` #STDOUT> /tmp/npm-packu6YRYj/Amazon.CDK.IntegTests.Alpha/Amazon/CDK/IntegTests/Alpha/ApiCallBase.cs(231,77): error CS0115: 'ApiCallBase._Proxy.WaiterProvider': no suitable method found to override [/tmp/npm-packu6YRYj/Amazon.CDK.IntegTests.Alpha/Amazon.CDK.IntegTests.Alpha.csproj] ```
Configuration menu - View commit details
-
Copy full SHA for cbfd427 - Browse repository at this point
Copy the full SHA cbfd427View commit details -
Configuration menu - View commit details
-
Copy full SHA for 093d9d0 - Browse repository at this point
Copy the full SHA 093d9d0View commit details -
fix(core): core constructs fail with `Error: Cannot find module '../d…
…ist/core/<file>.generated'` (aws#28467) aws#28251 added new files to `aws-cdk-lib/core/lib/dist/core` but this path was excluded from the npm package, causing the above error. This fix includes the generated file into the package. Closes aws#28465 Manually tested with a locally build package that includes the fix. <img width="1449" alt="image" src="https://github.com/aws/aws-cdk/assets/379814/11714c41-edea-403e-9b64-454ba9768c08"> ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for 1788975 - Browse repository at this point
Copy the full SHA 1788975View commit details -
Configuration menu - View commit details
-
Copy full SHA for ef2bb82 - Browse repository at this point
Copy the full SHA ef2bb82View commit details -
fix(lambda-python-alpha): use function architecture (aws#18696) (aws#…
Configuration menu - View commit details
-
Copy full SHA for e5bd427 - Browse repository at this point
Copy the full SHA e5bd427View commit details -
feat(globalaccelerator): add support for ip addresses and type (aws#2…
Configuration menu - View commit details
-
Copy full SHA for 684a27c - Browse repository at this point
Copy the full SHA 684a27cView commit details -
feat(api-gateway-v2): Add method to generate flexible execute-api ARN (…
…aws#28400) This PR adds the arnForExecuteApi method, previously available only for REST API constructs, to both WebSocket and HTTP API constructs. Closes aws#23301 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for 44d26a2 - Browse repository at this point
Copy the full SHA 44d26a2View commit details -
feat(ecs): Implement method in ECS cluster to retrieve task ARN (aws#…
…28381) This pull request introduces a new method within the Cluster class, designed to retrieve the Amazon Resource Names (ARNs) of tasks that are part of a given ECS cluster. Example of how to get task ARN ```ts declare cluster: Cluster; // arn:aws:ecs:{region}:{regionId}:task/{clusterName}/* const taskArnPattern = cluster.arnForTasks("*"); ``` Closes aws#26232 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for 4c7ab41 - Browse repository at this point
Copy the full SHA 4c7ab41View commit details -
feat(ses): synth-time naming validation for dedicatedIpPoolName (aws#…
…28466) This Pull Request introduces a new validation feature to the DedicatedIpPoolProps. It ensures that the dedicatedIpPoolName adheres to the specified naming conventions, enhancing data integrity and preventing runtime errors due to invalid names. Closes aws#28451 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for e608a19 - Browse repository at this point
Copy the full SHA e608a19View commit details -
feat(ecs-patterns): support disabling CPU-based scaling and custom ta…
…rget utilization (aws#28315) Added an optional parameter that defaults to false over the CPU-based scaling policy that conflicts with the queue visible message-based policy. When disabled this will stop the race condition issue mentioned in aws#20706 by only allowing the scaling of the number of messages on the queue similar to the SQS-Lambda pattern. Note: If this parameter is enabled then this bug will crop up again and the user has to handle the container termination manually. Updated integration tests and unit tests are working. Closes aws#20706 . ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for 278446d - Browse repository at this point
Copy the full SHA 278446dView commit details -
feat(autoscaling): instance maintenance policy for AutoScalingGroup (a…
…ws#28092) This PR supports for configuring AutoScalingGroup's instance maintenance policy. - https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-instancemaintenancepolicy.html - https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-instance-maintenance-policy.html - https://docs.aws.amazon.com/autoscaling/ec2/userguide/instance-maintenance-policy-overview-and-considerations.html Closes aws#28042. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for 9722df9 - Browse repository at this point
Copy the full SHA 9722df9View commit details -
feat(codebuild): Lambda compute for codebuild projects (aws#27934)
CodeBuild has added support for Lambda compute. CloudFormation can be deployed as follows. ```yaml Resources: CodeBuildProject: Type: AWS::CodeBuild::Project Properties: Artifacts: Type: NO_ARTIFACTS ServiceRole: !GetAtt CodeBuildRole.Arn Source: # Environment: Type: LINUX_LAMBDA_CONTAINER ComputeType: BUILD_LAMBDA_1GB Image: aws/codebuild/amazonlinux-x86_64-lambda-standard:go1.21 CodeBuildRole: Type: AWS::IAM::Role Properties: # ``` https://aws.amazon.com/about-aws/whats-new/2023/11/aws-codebuild-lambda-compute This PR implements Lambda ComputeType by adding Classes (`LinuxArmLambdaBuildImage`, `LinuxLambdaBuildImage`) that extend the IBuildImage interface. Supported Docker Images and ComputeTypes are listed below. https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-available.html https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-compute-types.html#environment.types Also, Lambda compute has some limitations and I have added validation for them. https://docs.aws.amazon.com/codebuild/latest/userguide/lambda.html#lambda.limitations closes aws#28418 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for 7993edd - Browse repository at this point
Copy the full SHA 7993eddView commit details -
chore(migrate): only allow migrate on healthy stacks (aws#28452)
If the stack is not in a healthy state, we should not allow cdk migrate to be run on it. Closes #<issue number here>. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for f7d2756 - Browse repository at this point
Copy the full SHA f7d2756View commit details -
feat(ec2): trn1 instance type (aws#28477)
adding support of trn1 instance type they were introduced [here](https://aws.amazon.com/ec2/instance-types/trn1/) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for 9a63406 - Browse repository at this point
Copy the full SHA 9a63406View commit details -
feat(elasticloadbalancingv2): FIPS compliant SSL policy to ALB (aws#2…
…8479) This Pull Request introduces a set of new FIPS-compliant SSL policies for the Application Load Balancer (ALB) in AWS Elastic Load Balancing (ELB). These policies enhance the security of ALB by providing options that are compliant with the Federal Information Processing Standards (FIPS). Closes aws#28455 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for 0512554 - Browse repository at this point
Copy the full SHA 0512554View commit details -
chore(ecs-patterns): fix the integration tests of queue processing fa…
…rgate service (aws#28463) 1. Fixed the docker image to use Python 3.11 to stop the python3.6 out of date warning/error 2. Fixed the lambda container's entry point handler, causing the integration tests to go into an infinite loop. 3. Fixed/changed the public integration test to a health check test as the queue processing fargate service doesn't have a public-facing feature. Closes aws#28383. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for d4b1a29 - Browse repository at this point
Copy the full SHA d4b1a29View commit details -
feat(core): option to disable cache for docker build (aws#27944)
Closes aws#27916. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for cd1c1ed - Browse repository at this point
Copy the full SHA cd1c1edView commit details -
fix(lambda-python-alpha): bundling hash logic includes auth tokens in…
… PIP urls, causing an unnecessary rebuild (aws#27903) Update the bundler hash logic to ignore the secret token that is included in the URL when fetching packages from Code Artifact. This token changes constantly, and prevents the results of a previous build from being reused, along with causing lambdas to be unnecessarily redeployed anytime the CDK is built, even if no code is changed. This implementation strips the token from the hash, but does not change anything else about the hash. Open question Currently this logic will error if an invalid URL string is passed for PIP_INDEX_URL or PIP_EXTRA_INDEX_URL. The build would fail later anyway when those URLs are being used, but I'm happy to try/catch this logic block to be more robust if that is preferred. Closes aws#27331. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for be04a8f - Browse repository at this point
Copy the full SHA be04a8fView commit details -
feat(elasticloadbalancingv2): dualstack NetworkLoadBalancer (aws#27546)
Adds support for dual-stack NetworkLoadBalancer via the [`ipAddressType`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-loadbalancer.html#cfn-elasticloadbalancingv2-loadbalancer-ipaddresstype) property. Example: ``` const lb = new elbv2.NetworkLoadBalancer(this, 'LB', { vpc, internetFacing: true ipAddressType: elbv2.IpAddressType.DUAL_STACK, }); ``` Also, added validation to enforce that UDP or TCP_UDP listeners cannot be added to a dualstack NLB. Closes aws#27538. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for 88028ba - Browse repository at this point
Copy the full SHA 88028baView commit details -
chore(deps): Bump tj-actions/changed-files from 40.2.2 to 41.0.1 (aws…
…#28487) Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 40.2.2 to 41.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tj-actions/changed-files/releases">tj-actions/changed-files's releases</a>.</em></p> <blockquote> <h2>v41.0.1</h2> <h2>What's Changed</h2> <ul> <li>Upgraded to v41 by <a href="https://github.com/tj-actions-bot"><code>@tj-actions-bot</code></a> in <a href="https://github.com/tj-actions/changed-files/pull/1811">tj-actions/changed-files#1811</a></li> <li>chore(deps): update dependency eslint-plugin-prettier to v5.1.2 by <a href="https://github.com/renovate"><code>@renovate</code></a> in <a href="https://github.com/tj-actions/changed-files/pull/1813">tj-actions/changed-files#1813</a></li> <li>fix: update characters escaped by safe output by <a href="https://github.com/jackton1"><code>@jackton1</code></a> in <a href="https://github.com/tj-actions/changed-files/pull/1815">tj-actions/changed-files#1815</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/tj-actions/changed-files/compare/v41...v41.0.1">https://github.com/tj-actions/changed-files/compare/v41...v41.0.1</a></p> <h2>v41.0.0</h2> <h2>🔥 🔥 BREAKING CHANGE 🔥 🔥</h2> <p>A new <code>safe_output</code> input is now available to prevent outputting unsafe filename characters (Enabled by default). This would escape characters in the filename that could be used for command injection.</p> <blockquote> <p>[!NOTE] This can be disabled by setting the <code>safe_output</code> to false this comes with a recommendation to store all outputs generated in an environment variable first before using them.</p> </blockquote> <h4>Example</h4> <pre lang="yaml"><code>... - name: Get changed files id: changed-files uses: tj-actions/changed-files@v40 with: safe_output: false # set to false because we are using an environment variable to store the output and avoid command injection. <pre><code>- name: List all added files env: ADDED_FILES: ${{ steps.changed-files.outputs.added_files }} run: | for file in &quot;$ADDED_FILES&quot;; do echo &quot;$file was added&quot; done </code></pre> <p>... </code></pre></p> <h2>What's Changed</h2> <ul> <li>chore(deps): update typescript-eslint monorepo to v6.15.0 by <a href="https://github.com/renovate"><code>@renovate</code></a> in <a href="https://github.com/tj-actions/changed-files/pull/1801">tj-actions/changed-files#1801</a></li> <li>Upgraded to v40.2.3 by <a href="https://github.com/tj-actions-bot"><code>@tj-actions-bot</code></a> in <a href="https://github.com/tj-actions/changed-files/pull/1800">tj-actions/changed-files#1800</a></li> <li>chore(deps): update dependency eslint-plugin-prettier to v5.1.0 by <a href="https://github.com/renovate"><code>@renovate</code></a> in <a href="https://github.com/tj-actions/changed-files/pull/1802">tj-actions/changed-files#1802</a></li> <li>chore(deps): lock file maintenance by <a href="https://github.com/renovate"><code>@renovate</code></a> in <a href="https://github.com/tj-actions/changed-files/pull/1803">tj-actions/changed-files#1803</a></li> <li>chore(deps): update dependency eslint-plugin-prettier to v5.1.1 by <a href="https://github.com/renovate"><code>@renovate</code></a> in <a href="https://github.com/tj-actions/changed-files/pull/1804">tj-actions/changed-files#1804</a></li> <li>fix: update safe output regex and the docs by <a href="https://github.com/tj-actions-bot"><code>@tj-actions-bot</code></a> in <a href="https://github.com/tj-actions/changed-files/pull/1805">tj-actions/changed-files#1805</a></li> <li>Revert "chore(deps): update actions/download-artifact action to v4" by <a href="https://github.com/jackton1"><code>@jackton1</code></a> in <a href="https://github.com/tj-actions/changed-files/pull/1806">tj-actions/changed-files#1806</a></li> <li>Update README.md by <a href="https://github.com/jackton1"><code>@jackton1</code></a> in <a href="https://github.com/tj-actions/changed-files/pull/1808">tj-actions/changed-files#1808</a></li> <li>chore(deps): lock file maintenance by <a href="https://github.com/renovate"><code>@renovate</code></a> in <a href="https://github.com/tj-actions/changed-files/pull/1809">tj-actions/changed-files#1809</a></li> <li>Updated README.md by <a href="https://github.com/tj-actions-bot"><code>@tj-actions-bot</code></a> in <a href="https://github.com/tj-actions/changed-files/pull/1810">tj-actions/changed-files#1810</a></li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tj-actions/changed-files/blob/main/HISTORY.md">tj-actions/changed-files's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h1><a href="https://github.com/tj-actions/changed-files/compare/v41.0.0...v41.0.1">41.0.1</a> - (2023-12-24)</h1> <h2>🐛 Bug Fixes</h2> <ul> <li>Update characters escaped by safe output (<a href="https://github.com/tj-actions/changed-files/issues/1815">#1815</a>) (<a href="https://github.com/tj-actions/changed-files/commit/716b1e13042866565e00e85fd4ec490e186c4a2f">716b1e1</a>) - (Tonye Jack)</li> </ul> <h2>⚙️ Miscellaneous Tasks</h2> <ul> <li><strong>deps:</strong> Update dependency eslint-plugin-prettier to v5.1.2 (<a href="https://github.com/tj-actions/changed-files/commit/7aaf10d9eef19e8a2432a967b88124171152caaf">7aaf10d</a>) - (renovate[bot])</li> </ul> <h2>⬆️ Upgrades</h2> <ul> <li>Upgraded to v41 (<a href="https://github.com/tj-actions/changed-files/issues/1811">#1811</a>)</li> </ul> <p>Co-authored-by: jackton1 <a href="mailto:jackton1@users.noreply.github.com">jackton1@users.noreply.github.com</a> (<a href="https://github.com/tj-actions/changed-files/commit/cc08e170f4447237bcaf8acaacfa615b9cb86612">cc08e17</a>) - (tj-actions[bot])</p> <h1><a href="https://github.com/tj-actions/changed-files/compare/v40.2.3...v41.0.0">41.0.0</a> - (2023-12-23)</h1> <h2>🐛 Bug Fixes</h2> <ul> <li>Update safe output regex and the docs (<a href="https://github.com/tj-actions/changed-files/issues/1805">#1805</a>) (<a href="https://github.com/tj-actions/changed-files/commit/ff2f6e6b91913a7be42be1b5917330fe442f2ede">ff2f6e6</a>) - (tj-actions[bot])</li> </ul> <h2>⏪ Reverts</h2> <ul> <li>Revert "chore(deps): update actions/download-artifact action to v4" (<a href="https://github.com/tj-actions/changed-files/issues/1806">#1806</a>)</li> </ul> <p>(<a href="https://github.com/tj-actions/changed-files/commit/4f573fed06c9abb5da4c72f75c1c320718114ff7">4f573fe</a>) - (Tonye Jack)</p> <h2>🔄 Update</h2> <ul> <li>Update README.md (<a href="https://github.com/tj-actions/changed-files/commit/6e79d6e3dbe48946636c2939c80ff5c84ff7f9fe">6e79d6e</a>) - (Tonye Jack)</li> <li>Update README.md (<a href="https://github.com/tj-actions/changed-files/commit/d13ac1942fb3c1d7d32017915bb082cebe8a272a">d13ac19</a>) - (Tonye Jack)</li> <li>Update README.md (<a href="https://github.com/tj-actions/changed-files/commit/bb89f97963be96b39e1a303e64d5b91a1af4c340">bb89f97</a>) - (Tonye Jack)</li> <li>Updated README.md (<a href="https://github.com/tj-actions/changed-files/issues/1810">#1810</a>)</li> </ul> <p>Co-authored-by: renovate[bot] (<a href="https://github.com/tj-actions/changed-files/commit/1864078d0afadf68ba489e671ecc09fefe8b70ab">1864078</a>) - (tj-actions[bot])</p> <ul> <li>Update README.md (<a href="https://github.com/tj-actions/changed-files/issues/1808">#1808</a>)</li> </ul> <p>(<a href="https://github.com/tj-actions/changed-files/commit/47371c50e97c089212d9eb92ca26c8453224e78e">47371c5</a>) - (Tonye Jack)</p> <h2>📝 Other</h2> <ul> <li>Merge pull request from GHSA-mcph-m25j-8j63</li> </ul> <ul> <li> <p>feat: add <code>safe_output</code> input enabled by default</p> </li> <li> <p>fix: migrate README to safe uses of interpolation</p> </li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tj-actions/changed-files/commit/716b1e13042866565e00e85fd4ec490e186c4a2f"><code>716b1e1</code></a> fix: update characters escaped by safe output (<a href="https://github.com/tj-actions/changed-files/issues/1815">#1815</a>)</li> <li><a href="https://github.com/tj-actions/changed-files/commit/7aaf10d9eef19e8a2432a967b88124171152caaf"><code>7aaf10d</code></a> chore(deps): update dependency eslint-plugin-prettier to v5.1.2</li> <li><a href="https://github.com/tj-actions/changed-files/commit/cc08e170f4447237bcaf8acaacfa615b9cb86612"><code>cc08e17</code></a> Upgraded to v41 (<a href="https://github.com/tj-actions/changed-files/issues/1811">#1811</a>)</li> <li><a href="https://github.com/tj-actions/changed-files/commit/6e79d6e3dbe48946636c2939c80ff5c84ff7f9fe"><code>6e79d6e</code></a> Update README.md</li> <li><a href="https://github.com/tj-actions/changed-files/commit/d13ac1942fb3c1d7d32017915bb082cebe8a272a"><code>d13ac19</code></a> Update README.md</li> <li><a href="https://github.com/tj-actions/changed-files/commit/bb89f97963be96b39e1a303e64d5b91a1af4c340"><code>bb89f97</code></a> Update README.md</li> <li><a href="https://github.com/tj-actions/changed-files/commit/1864078d0afadf68ba489e671ecc09fefe8b70ab"><code>1864078</code></a> Updated README.md (<a href="https://github.com/tj-actions/changed-files/issues/1810">#1810</a>)</li> <li><a href="https://github.com/tj-actions/changed-files/commit/f495a0321d3fffa62da2573adf70b77d5eb2f57a"><code>f495a03</code></a> chore(deps): lock file maintenance</li> <li><a href="https://github.com/tj-actions/changed-files/commit/47371c50e97c089212d9eb92ca26c8453224e78e"><code>47371c5</code></a> Update README.md (<a href="https://github.com/tj-actions/changed-files/issues/1808">#1808</a>)</li> <li><a href="https://github.com/tj-actions/changed-files/commit/4f573fed06c9abb5da4c72f75c1c320718114ff7"><code>4f573fe</code></a> Revert "chore(deps): update actions/download-artifact action to v4" (<a href="https://github.com/tj-actions/changed-files/issues/1806">#1806</a>)</li> <li>Additional commits viewable in <a href="https://github.com/tj-actions/changed-files/compare/94549999469dbfa032becf298d95c87a14c34394...716b1e13042866565e00e85fd4ec490e186c4a2f">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tj-actions/changed-files&package-manager=github_actions&previous-version=40.2.2&new-version=41.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
Configuration menu - View commit details
-
Copy full SHA for 1e1498b - Browse repository at this point
Copy the full SHA 1e1498bView commit details -
feat: update L1 CloudFormation resource definitions (aws#28489)
Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec` **L1 CloudFormation resource definition changes:** ``` ├[~] service aws-appstream │ └ resources │ └[~] resource AWS::AppStream::Stack │ └ types │ └[~] type UserSetting │ └ properties │ └ MaximumLength: (documentation changed) ├[~] service aws-appsync │ └ resources │ └[~] resource AWS::AppSync::GraphQLApi │ ├ properties │ │ ├[+] IntrospectionConfig: string │ │ ├[+] QueryDepthLimit: integer │ │ └[+] ResolverCountLimit: integer │ └ attributes │ └ GraphQLEndpointArn: (documentation changed) ├[~] service aws-b2bi │ └ resources │ ├[~] resource AWS::B2BI::Capability │ │ ├ - documentation: Definition of AWS::B2BI::Capability Resource Type │ │ │ + documentation: Instantiates a capability based on the specified parameters. A trading capability contains the information required to transform incoming EDI documents into JSON or XML outputs. │ │ ├ properties │ │ │ ├ Configuration: (documentation changed) │ │ │ ├ InstructionsDocuments: (documentation changed) │ │ │ ├ Name: (documentation changed) │ │ │ ├ Tags: (documentation changed) │ │ │ └ Type: (documentation changed) │ │ ├ attributes │ │ │ ├ CapabilityArn: (documentation changed) │ │ │ ├ CapabilityId: (documentation changed) │ │ │ ├ CreatedAt: (documentation changed) │ │ │ └ ModifiedAt: (documentation changed) │ │ └ types │ │ ├[~] type CapabilityConfiguration │ │ │ ├ - documentation: undefined │ │ │ │ + documentation: A capability object. Currently, only EDI (electronic data interchange) capabilities are supported. A trading capability contains the information required to transform incoming EDI documents into JSON or XML outputs. │ │ │ └ properties │ │ │ └ Edi: (documentation changed) │ │ ├[~] type EdiConfiguration │ │ │ ├ - documentation: undefined │ │ │ │ + documentation: Specifies the details for the EDI (electronic data interchange) transformation. │ │ │ └ properties │ │ │ ├ InputLocation: (documentation changed) │ │ │ ├ OutputLocation: (documentation changed) │ │ │ ├ TransformerId: (documentation changed) │ │ │ └ Type: (documentation changed) │ │ ├[~] type EdiType │ │ │ ├ - documentation: undefined │ │ │ │ + documentation: Specifies the details for the EDI standard that is being used for the transformer. Currently, only X12 is supported. X12 is a set of standards and corresponding messages that define specific business documents. │ │ │ └ properties │ │ │ └ X12Details: (documentation changed) │ │ ├[~] type S3Location │ │ │ ├ - documentation: undefined │ │ │ │ + documentation: Specifies the details for the Amazon S3 file location that is being used with AWS B2BI Data Interchange. File locations in Amazon S3 are identified using a combination of the bucket and key. │ │ │ └ properties │ │ │ ├ BucketName: (documentation changed) │ │ │ └ Key: (documentation changed) │ │ └[~] type X12Details │ │ └ properties │ │ ├ TransactionSet: (documentation changed) │ │ └ Version: (documentation changed) │ ├[~] resource AWS::B2BI::Partnership │ │ ├ - documentation: Definition of AWS::B2BI::Partnership Resource Type │ │ │ + documentation: Creates a partnership between a customer and a trading partner, based on the supplied parameters. A partnership represents the connection between you and your trading partner. It ties together a profile and one or more trading capabilities. │ │ ├ properties │ │ │ ├ Capabilities: (documentation changed) │ │ │ ├ Name: (documentation changed) │ │ │ ├ ProfileId: (documentation changed) │ │ │ └ Tags: (documentation changed) │ │ └ attributes │ │ ├ CreatedAt: (documentation changed) │ │ ├ ModifiedAt: (documentation changed) │ │ ├ PartnershipArn: (documentation changed) │ │ ├ PartnershipId: (documentation changed) │ │ └ TradingPartnerId: (documentation changed) │ ├[~] resource AWS::B2BI::Profile │ │ ├ - documentation: Definition of AWS::B2BI::Profile Resource Type │ │ │ + documentation: Creates a customer profile. You can have up to five customer profiles, each representing a distinct private network. A profile is the mechanism used to create the concept of a private network. │ │ ├ properties │ │ │ ├ BusinessName: (documentation changed) │ │ │ ├ Logging: (documentation changed) │ │ │ ├ Name: (documentation changed) │ │ │ └ Tags: (documentation changed) │ │ └ attributes │ │ ├ CreatedAt: (documentation changed) │ │ ├ LogGroupName: (documentation changed) │ │ ├ ModifiedAt: (documentation changed) │ │ └ ProfileArn: (documentation changed) │ └[~] resource AWS::B2BI::Transformer │ ├ - documentation: Definition of AWS::B2BI::Transformer Resource Type │ │ + documentation: Creates a transformer. A transformer describes how to process the incoming EDI documents and extract the necessary information to the output file. │ ├ properties │ │ ├ EdiType: (documentation changed) │ │ ├ FileFormat: (documentation changed) │ │ ├ MappingTemplate: (documentation changed) │ │ ├ ModifiedAt: (documentation changed) │ │ ├ Name: (documentation changed) │ │ ├ SampleDocument: (documentation changed) │ │ ├ Status: (documentation changed) │ │ └ Tags: (documentation changed) │ ├ attributes │ │ ├ CreatedAt: (documentation changed) │ │ ├ TransformerArn: (documentation changed) │ │ └ TransformerId: (documentation changed) │ └ types │ ├[~] type EdiType │ │ ├ - documentation: undefined │ │ │ + documentation: Specifies the details for the EDI standard that is being used for the transformer. Currently, only X12 is supported. X12 is a set of standards and corresponding messages that define specific business documents. │ │ └ properties │ │ └ X12Details: (documentation changed) │ └[~] type X12Details │ ├ - documentation: undefined │ │ + documentation: A structure that contains the X12 transaction set and version. The X12 structure is used when the system transforms an EDI (electronic data interchange) file. │ │ > If an EDI input file contains more than one transaction, each transaction must have the same transaction set and version, for example 214/4010. If not, the transformer cannot parse the file. │ └ properties │ ├ TransactionSet: (documentation changed) │ └ Version: (documentation changed) ├[~] service aws-batch │ └ resources │ └[~] resource AWS::Batch::JobDefinition │ ├ properties │ │ ├ ContainerProperties: - ContainerProperties │ │ │ + ContainerProperties (immutable) │ │ ├ EksProperties: - EksProperties │ │ │ + EksProperties (immutable) │ │ ├ NodeProperties: - NodeProperties │ │ │ + NodeProperties (immutable) │ │ ├ Parameters: - json │ │ │ + Map<string, string> ⇐ json (immutable) │ │ ├ PlatformCapabilities: - Array<string> │ │ │ + Array<string> (immutable) │ │ ├ PropagateTags: - boolean │ │ │ + boolean (immutable) │ │ ├ RetryStrategy: - RetryStrategy │ │ │ + RetryStrategy (immutable) │ │ ├ SchedulingPriority: - integer │ │ │ + integer (immutable) │ │ ├ Tags: - json (immutable) │ │ │ + Map<string, string> ⇐ json (immutable) │ │ ├ Timeout: - Timeout │ │ │ + JobTimeout ⇐ Timeout (immutable) │ │ └ Type: - string (required) │ │ + string (required, immutable) │ ├ attributes │ │ ├[+] ContainerOrchestrationType: string │ │ ├[-] Id: string │ │ ├[+] JobDefinitionArn: string │ │ ├[+] Revision: integer │ │ └[+] Status: string │ └ types │ ├[~] type AuthorizationConfig │ │ ├ - documentation: The authorization configuration details for the Amazon EFS file system. │ │ │ + documentation: undefined │ │ └ properties │ │ ├ AccessPointId: (documentation changed) │ │ └ Iam: (documentation changed) │ ├[~] type ContainerProperties │ │ └ properties │ │ ├ MountPoints: - Array<MountPoints> │ │ │ + Array<MountPoint> ⇐ Array<MountPoints> │ │ └ Volumes: - Array<Volumes> │ │ + Array<Volume> ⇐ Array<Volumes> │ ├[+] type EFSAuthorizationConfig │ │ ├ documentation: The authorization configuration details for the Amazon EFS file system. │ │ │ name: EFSAuthorizationConfig │ │ └ properties │ │ ├AccessPointId: string │ │ └Iam: string │ ├[~] type EfsVolumeConfiguration │ │ ├ - documentation: This is used when you're using an Amazon Elastic File System file system for job storage. For more information, see [Amazon EFS Volumes](https://docs.aws.amazon.com/batch/latest/userguide/efs-volumes.html) in the *AWS Batch User Guide* . │ │ │ + documentation: undefined │ │ └ properties │ │ ├ AuthorizationConfig: (documentation changed) │ │ ├ FileSystemId: (documentation changed) │ │ ├ RootDirectory: (documentation changed) │ │ ├ TransitEncryption: (documentation changed) │ │ └ TransitEncryptionPort: (documentation changed) │ ├[+] type EFSVolumeConfiguration │ │ ├ documentation: This is used when you're using an Amazon Elastic File System file system for job storage. For more information, see [Amazon EFS Volumes](https://docs.aws.amazon.com/batch/latest/userguide/efs-volumes.html) in the *AWS Batch User Guide* . │ │ │ name: EFSVolumeConfiguration │ │ └ properties │ │ ├FileSystemId: string (required) │ │ ├RootDirectory: string │ │ ├TransitEncryption: string │ │ ├TransitEncryptionPort: integer │ │ └AuthorizationConfig: EFSAuthorizationConfig │ ├[+] type EksMetadata │ │ ├ documentation: Describes and uniquely identifies Kubernetes resources. For example, the compute environment that a pod runs in or the `jobID` for a job running in the pod. For more information, see [Understanding Kubernetes Objects](https://docs.aws.amazon.com/https://kubernetes.io/docs/concepts/overview/working-with-objects/kubernetes-objects/) in the *Kubernetes documentation* . │ │ │ name: EksMetadata │ │ └ properties │ │ └Labels: Map<string, string> │ ├[+] type EksPodProperties │ │ ├ documentation: The properties for the pod. │ │ │ name: EksPodProperties │ │ └ properties │ │ ├ServiceAccountName: string │ │ ├HostNetwork: boolean │ │ ├DnsPolicy: string │ │ ├Containers: Array<EksContainer> │ │ ├Volumes: Array<EksVolume> │ │ └Metadata: EksMetadata │ ├[~] type EksProperties │ │ └ properties │ │ └ PodProperties: - PodProperties │ │ + EksPodProperties ⇐ PodProperties │ ├[+] type Host │ │ ├ documentation: Determine whether your data volume persists on the host container instance and where it's stored. If this parameter is empty, then the Docker daemon assigns a host path for your data volume. However, the data isn't guaranteed to persist after the containers that are associated with it stop running. │ │ │ name: Host │ │ └ properties │ │ └SourcePath: string │ ├[+] type JobTimeout │ │ ├ documentation: An object that represents a job timeout configuration. │ │ │ name: JobTimeout │ │ └ properties │ │ └AttemptDurationSeconds: integer │ ├[~] type LogConfiguration │ │ └ properties │ │ └ Options: - json │ │ + Map<string, string> ⇐ json │ ├[+] type MountPoint │ │ ├ documentation: Details for a Docker volume mount point that's used in a job's container properties. This parameter maps to `Volumes` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.43/#tag/Container/operation/ContainerCreate) section of the *Docker Remote API* and the `--volume` option to docker run. │ │ │ name: MountPoint │ │ └ properties │ │ ├ContainerPath: string │ │ ├ReadOnly: boolean │ │ └SourceVolume: string │ ├[~] type MountPoints │ │ ├ - documentation: Details for a Docker volume mount point that's used in a job's container properties. This parameter maps to `Volumes` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.43/#tag/Container/operation/ContainerCreate) section of the *Docker Remote API* and the `--volume` option to docker run. │ │ │ + documentation: undefined │ │ └ properties │ │ ├ ContainerPath: (documentation changed) │ │ ├ ReadOnly: (documentation changed) │ │ └ SourceVolume: (documentation changed) │ ├[~] type PodProperties │ │ ├ - documentation: The properties for the pod. │ │ │ + documentation: undefined │ │ └ properties │ │ ├ Containers: (documentation changed) │ │ ├ DnsPolicy: (documentation changed) │ │ ├ HostNetwork: (documentation changed) │ │ ├ ServiceAccountName: (documentation changed) │ │ └ Volumes: (documentation changed) │ ├[~] type Resources │ │ └ properties │ │ ├ Limits: - json │ │ │ + Map<string, string> ⇐ json │ │ └ Requests: - json │ │ + Map<string, string> ⇐ json │ ├[~] type Timeout │ │ ├ - documentation: An object that represents a job timeout configuration. │ │ │ + documentation: undefined │ │ └ properties │ │ └ AttemptDurationSeconds: (documentation changed) │ ├[+] type Volume │ │ ├ documentation: A data volume that's used in a job's container properties. │ │ │ name: Volume │ │ └ properties │ │ ├Host: Host │ │ ├EfsVolumeConfiguration: EFSVolumeConfiguration │ │ └Name: string │ ├[~] type Volumes │ │ ├ - documentation: A list of volumes that are associated with the job. │ │ │ + documentation: undefined │ │ └ properties │ │ ├ EfsVolumeConfiguration: (documentation changed) │ │ ├ Host: (documentation changed) │ │ └ Name: (documentation changed) │ └[~] type VolumesHost │ ├ - documentation: Determine whether your data volume persists on the host container instance and where it's stored. If this parameter is empty, then the Docker daemon assigns a host path for your data volume. However, the data isn't guaranteed to persist after the containers that are associated with it stop running. │ │ + documentation: undefined │ └ properties │ └ SourcePath: (documentation changed) ├[~] service aws-cloud9 │ └ resources │ └[~] resource AWS::Cloud9::EnvironmentEC2 │ └ properties │ └ ImageId: (documentation changed) ├[~] service aws-cloudtrail │ └ resources │ ├[~] resource AWS::CloudTrail::EventDataStore │ │ └ types │ │ └[~] type AdvancedFieldSelector │ │ └ properties │ │ └ Field: (documentation changed) │ └[~] resource AWS::CloudTrail::Trail │ ├ properties │ │ └ CloudWatchLogsLogGroupArn: (documentation changed) │ └ types │ ├[~] type AdvancedFieldSelector │ │ └ properties │ │ └ Field: (documentation changed) │ └[~] type DataResource │ └ properties │ └ Type: (documentation changed) ├[~] service aws-codecommit │ └ resources │ └[~] resource AWS::CodeCommit::Repository │ └ properties │ └[+] KmsKeyId: string ├[~] service aws-codedeploy │ └ resources │ └[~] resource AWS::CodeDeploy::DeploymentGroup │ └ properties │ └ TerminationHookEnabled: (documentation changed) ├[~] service aws-cognito │ └ resources │ └[~] resource AWS::Cognito::UserPool │ └ types │ └[~] type LambdaConfig │ └ properties │ └ PreTokenGeneration: (documentation changed) ├[~] service aws-connect │ └ resources │ ├[~] resource AWS::Connect::HoursOfOperation │ │ └ properties │ │ └ Tags: (documentation changed) │ ├[~] resource AWS::Connect::Queue │ │ └ properties │ │ └ Tags: (documentation changed) │ ├[~] resource AWS::Connect::QuickConnect │ │ ├ properties │ │ │ └ Tags: (documentation changed) │ │ └ attributes │ │ └ QuickConnectArn: (documentation changed) │ ├[~] resource AWS::Connect::RoutingProfile │ │ └ properties │ │ └ Tags: (documentation changed) │ └[~] resource AWS::Connect::SecurityProfile │ └ properties │ └ Tags: (documentation changed) ├[~] service aws-datasync │ └ resources │ ├[~] resource AWS::DataSync::LocationAzureBlob │ │ └ - documentation: Creates an endpoint for a Microsoft Azure Blob Storage container that AWS DataSync can use as a transfer source or destination. │ │ Before you begin, make sure you know [how DataSync accesses Azure Blob Storage](https://docs.aws.amazon.com/datasync/latest/userguide/creating-azure-blob-location.html#azure-blob-access) and works with [access tiers](https://docs.aws.amazon.com/datasync/latest/userguide/creating-azure-blob-location.html#azure-blob-access-tiers) and [blob types](https://docs.aws.amazon.com/datasync/latest/userguide/creating-azure-blob-location.html#blob-types) . You also need a [DataSync agent](https://docs.aws.amazon.com/datasync/latest/userguide/creating-azure-blob-location.html#azure-blob-creating-agent) that can connect to your container. │ │ + documentation: Creates a transfer *location* for a Microsoft Azure Blob Storage container. AWS DataSync can use this location as a transfer source or destination. │ │ Before you begin, make sure you know [how DataSync accesses Azure Blob Storage](https://docs.aws.amazon.com/datasync/latest/userguide/creating-azure-blob-location.html#azure-blob-access) and works with [access tiers](https://docs.aws.amazon.com/datasync/latest/userguide/creating-azure-blob-location.html#azure-blob-access-tiers) and [blob types](https://docs.aws.amazon.com/datasync/latest/userguide/creating-azure-blob-location.html#blob-types) . You also need a [DataSync agent](https://docs.aws.amazon.com/datasync/latest/userguide/creating-azure-blob-location.html#azure-blob-creating-agent) that can connect to your container. │ ├[~] resource AWS::DataSync::LocationFSxONTAP │ │ └ types │ │ └[~] type SMB │ │ └ properties │ │ └ Domain: (documentation changed) │ ├[~] resource AWS::DataSync::LocationFSxWindows │ │ └ properties │ │ ├ Domain: (documentation changed) │ │ └ Password: (documentation changed) │ ├[~] resource AWS::DataSync::LocationS3 │ │ └ types │ │ └[~] type S3Config │ │ └ - documentation: The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role used to access an Amazon S3 bucket. │ │ For detailed information about using such a role, see [Creating a Location for Amazon S3](https://docs.aws.amazon.com/datasync/latest/userguide/working-with-locations.html#create-s3-location) in the *AWS DataSync User Guide* . │ │ + documentation: The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role used to access an Amazon S3 bucket. │ │ For detailed information about using such a role, see [Creating a Location for Amazon S3](https://docs.aws.amazon.com/datasync/latest/userguide/create-s3-location.html) in the *AWS DataSync User Guide* . │ ├[~] resource AWS::DataSync::LocationSMB │ │ └ properties │ │ └ Domain: (documentation changed) │ └[~] resource AWS::DataSync::Task │ └ types │ └[~] type Options │ └ properties │ ├ LogLevel: (documentation changed) │ └ ObjectTags: (documentation changed) ├[~] service aws-ec2 │ └ resources │ ├[~] resource AWS::EC2::Instance │ │ └ attributes │ │ └[-] InstanceId: string │ ├[~] resource AWS::EC2::Subnet │ │ ├ properties │ │ │ ├[-] Ipv4NetmaskLength: integer │ │ │ ├[+] Ipv6CidrBlocks: Array<string> │ │ │ └[-] Ipv6NetmaskLength: integer │ │ └ attributes │ │ └ Ipv6CidrBlocks: (documentation changed) │ └[~] resource AWS::EC2::Volume │ └ - documentation: Specifies an Amazon Elastic Block Store (Amazon EBS) volume. You can attach the volume to an instance in the same Availability Zone using [AWS::EC2::VolumeAttachment](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-ebs-volumeattachment.html) . │ When you use AWS CloudFormation to update an Amazon EBS volume that modifies `Iops` , `Size` , or `VolumeType` , there is a cooldown period before another operation can occur. This can cause your stack to report being in `UPDATE_IN_PROGRESS` or `UPDATE_ROLLBACK_IN_PROGRESS` for long periods of time. │ Amazon EBS does not support sizing down an Amazon EBS volume. AWS CloudFormation does not attempt to modify an Amazon EBS volume to a smaller size on rollback. │ Some common scenarios when you might encounter a cooldown period for Amazon EBS include: │ - You successfully update an Amazon EBS volume and the update succeeds. When you attempt another update within the cooldown window, that update will be subject to a cooldown period. │ - You successfully update an Amazon EBS volume and the update succeeds but another change in your `update-stack` call fails. The rollback will be subject to a cooldown period. │ For more information on the cooldown period, see [Requirements when modifying volumes](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/modify-volume-requirements.html) . │ *DeletionPolicy attribute* │ To control how AWS CloudFormation handles the volume when the stack is deleted, set a deletion policy for your volume. You can choose to retain the volume, to delete the volume, or to create a snapshot of the volume. For more information, see [DeletionPolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html) . │ > If you set a deletion policy that creates a snapshot, all tags on the volume are included in the snapshot. │ + documentation: Specifies an Amazon Elastic Block Store (Amazon EBS) volume. │ When you use AWS CloudFormation to update an Amazon EBS volume that modifies `Iops` , `Size` , or `VolumeType` , there is a cooldown period before another operation can occur. This can cause your stack to report being in `UPDATE_IN_PROGRESS` or `UPDATE_ROLLBACK_IN_PROGRESS` for long periods of time. │ Amazon EBS does not support sizing down an Amazon EBS volume. AWS CloudFormation does not attempt to modify an Amazon EBS volume to a smaller size on rollback. │ Some common scenarios when you might encounter a cooldown period for Amazon EBS include: │ - You successfully update an Amazon EBS volume and the update succeeds. When you attempt another update within the cooldown window, that update will be subject to a cooldown period. │ - You successfully update an Amazon EBS volume and the update succeeds but another change in your `update-stack` call fails. The rollback will be subject to a cooldown period. │ For more information on the cooldown period, see [Requirements when modifying volumes](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/modify-volume-requirements.html) . │ *DeletionPolicy attribute* │ To control how AWS CloudFormation handles the volume when the stack is deleted, set a deletion policy for your volume. You can choose to retain the volume, to delete the volume, or to create a snapshot of the volume. For more information, see [DeletionPolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html) . │ > If you set a deletion policy that creates a snapshot, all tags on the volume are included in the snapshot. ├[~] service aws-ecs │ └ resources │ └[~] resource AWS::ECS::Service │ ├ properties │ │ └[+] VolumeConfigurations: Array<ServiceVolumeConfiguration> │ └ types │ ├[+] type EBSTagSpecification │ │ ├ name: EBSTagSpecification │ │ └ properties │ │ ├ResourceType: string (required) │ │ ├Tags: Array<tag> │ │ └PropagateTags: string │ ├[+] type ServiceManagedEBSVolumeConfiguration │ │ ├ name: ServiceManagedEBSVolumeConfiguration │ │ └ properties │ │ ├Encrypted: boolean │ │ ├KmsKeyId: string │ │ ├VolumeType: string │ │ ├SizeInGiB: integer │ │ ├SnapshotId: string │ │ ├Iops: integer │ │ ├Throughput: integer │ │ ├TagSpecifications: Array<EBSTagSpecification> │ │ ├RoleArn: string (required) │ │ └FilesystemType: string │ └[+] type ServiceVolumeConfiguration │ ├ name: ServiceVolumeConfiguration │ └ properties │ ├Name: string (required) │ └ManagedEBSVolume: ServiceManagedEBSVolumeConfiguration ├[~] service aws-efs │ └ resources │ └[~] resource AWS::EFS::FileSystem │ ├ properties │ │ ├ AvailabilityZoneName: (documentation changed) │ │ └ LifecyclePolicies: (documentation changed) │ └ types │ ├[~] type FileSystemProtection │ │ ├ - documentation: undefined │ │ │ + documentation: Describes the protection on the file system. │ │ └ properties │ │ └ ReplicationOverwriteProtection: (documentation changed) │ ├[~] type LifecyclePolicy │ │ ├ - documentation: Describes a policy used by EFS lifecycle management and EFS Intelligent-Tiering that specifies when to transition files into and out of the file system's Infrequent Access (IA) storage class. For more information, see [EFS Intelligent‐Tiering and EFS Lifecycle Management](https://docs.aws.amazon.com/efs/latest/ug/lifecycle-management-efs.html) . │ │ │ > - Each `LifecyclePolicy` object can have only a single transition. This means that in a request body, `LifecyclePolicies` must be structured as an array of `LifecyclePolicy` objects, one object for each transition, `TransitionToIA` , `TransitionToPrimaryStorageClass` . │ │ │ > - See the AWS::EFS::FileSystem examples for the correct `LifecyclePolicy` structure. Do not use the syntax shown on this page. │ │ │ + documentation: Describes a policy used by Lifecycle management that specifies when to transition files into and out of the EFS storage classes. For more information, see [Managing file system storage](https://docs.aws.amazon.com/efs/latest/ug/lifecycle-management-efs.html) . │ │ │ > - Each `LifecyclePolicy` object can have only a single transition. This means that in a request body, `LifecyclePolicies` must be structured as an array of `LifecyclePolicy` objects, one object for each transition, `TransitionToIA` , `TransitionToArchive` , `TransitionToPrimaryStorageClass` . │ │ │ > - See the AWS::EFS::FileSystem examples for the correct `LifecyclePolicy` structure. Do not use the syntax shown on this page. │ │ └ properties │ │ └ TransitionToArchive: (documentation changed) │ └[~] type ReplicationDestination │ └ properties │ ├ AvailabilityZoneName: (documentation changed) │ └ Region: (documentation changed) ├[~] service aws-eks │ └ resources │ ├[+] resource AWS::EKS::AccessEntry │ │ ├ name: AccessEntry │ │ │ cloudFormationType: AWS::EKS::AccessEntry │ │ │ documentation: Creates an access entry. │ │ │ An access entry allows an IAM principal to access your cluster. Access entries can replace the need to maintain entries in the `aws-auth` `ConfigMap` for authentication. You have the following options for authorizing an IAM principal to access Kubernetes objects on your cluster: Kubernetes role-based access control (RBAC), Amazon EKS, or both. Kubernetes RBAC authorization requires you to create and manage Kubernetes `Role` , `ClusterRole` , `RoleBinding` , and `ClusterRoleBinding` objects, in addition to managing access entries. If you use Amazon EKS authorization exclusively, you don't need to create and manage Kubernetes `Role` , `ClusterRole` , `RoleBinding` , and `ClusterRoleBinding` objects. │ │ │ For more information about access entries, see [Access entries](https://docs.aws.amazon.com/eks/latest/userguide/access-entries.html) in the *Amazon EKS User Guide* . │ │ │ tagInformation: {"tagPropertyName":"Tags","variant":"standard"} │ │ ├ properties │ │ │ ├ClusterName: string (required, immutable) │ │ │ ├PrincipalArn: string (required, immutable) │ │ │ ├Username: string │ │ │ ├Tags: Array<tag> │ │ │ ├KubernetesGroups: Array<string> │ │ │ ├AccessPolicies: Array<AccessPolicy> │ │ │ └Type: string (immutable) │ │ ├ attributes │ │ │ └AccessEntryArn: string │ │ └ types │ │ ├type AccessPolicy │ │ │├ documentation: An access policy includes permissions that allow Amazon EKS to authorize an IAM principal to work with Kubernetes objects on your cluster. The policies are managed by Amazon EKS, but they're not IAM policies. You can't view the permissions in the policies using the API. The permissions for many of the policies are similar to the Kubernetes `cluster-admin` , `admin` , `edit` , and `view` cluster roles. For more information about these cluster roles, see [User-facing roles](https://docs.aws.amazon.com/https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles) in the Kubernetes documentation. To view the contents of the policies, see [Access policy permissions](https://docs.aws.amazon.com/eks/latest/userguide/access-policies.html#access-policy-permissions) in the *Amazon EKS User Guide* . │ │ ││ name: AccessPolicy │ │ │└ properties │ │ │ ├PolicyArn: string (required) │ │ │ └AccessScope: AccessScope (required) │ │ └type AccessScope │ │ ├ documentation: The scope of an `AccessPolicy` that's associated to an `AccessEntry` . │ │ │ name: AccessScope │ │ └ properties │ │ ├Type: string (required) │ │ └Namespaces: Array<string> │ ├[~] resource AWS::EKS::Addon │ │ └ properties │ │ └ ClusterName: (documentation changed) │ ├[~] resource AWS::EKS::Cluster │ │ ├ properties │ │ │ ├[+] AccessConfig: AccessConfig │ │ │ └ ResourcesVpcConfig: (documentation changed) │ │ └ types │ │ ├[+] type AccessConfig │ │ │ ├ documentation: The access configuration for the cluster. │ │ │ │ name: AccessConfig │ │ │ └ properties │ │ │ ├BootstrapClusterCreatorAdminPermissions: boolean (immutable) │ │ │ └AuthenticationMode: string │ │ ├[~] type ControlPlanePlacement │ │ │ └ properties │ │ │ └ GroupName: (documentation changed) │ │ ├[~] type EncryptionConfig │ │ │ └ properties │ │ │ └ Resources: (documentation changed) │ │ ├[~] type KubernetesNetworkConfig │ │ │ └ properties │ │ │ └ ServiceIpv4Cidr: (documentation changed) │ │ └[~] type ResourcesVpcConfig │ │ └ properties │ │ └ PublicAccessCidrs: (documentation changed) │ ├[~] resource AWS::EKS::FargateProfile │ │ ├ - documentation: Creates an AWS Fargate profile for your Amazon EKS cluster. You must have at least one Fargate profile in a cluster to be able to run pods on Fargate. │ │ │ The Fargate profile allows an administrator to declare which pods run on Fargate and specify which pods run on which Fargate profile. This declaration is done through the profile’s selectors. Each profile can have up to five selectors that contain a namespace and labels. A namespace is required for every selector. The label field consists of multiple optional key-value pairs. Pods that match the selectors are scheduled on Fargate. If a to-be-scheduled pod matches any of the selectors in the Fargate profile, then that pod is run on Fargate. │ │ │ When you create a Fargate profile, you must specify a pod execution role to use with the pods that are scheduled with the profile. This role is added to the cluster's Kubernetes [Role Based Access Control](https://docs.aws.amazon.com/https://kubernetes.io/docs/reference/access-authn-authz/rbac/) (RBAC) for authorization so that the `kubelet` that is running on the Fargate infrastructure can register with your Amazon EKS cluster so that it can appear in your cluster as a node. The pod execution role also provides IAM permissions to the Fargate infrastructure to allow read access to Amazon ECR image repositories. For more information, see [Pod Execution Role](https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html) in the *Amazon EKS User Guide* . │ │ │ Fargate profiles are immutable. However, you can create a new updated profile to replace an existing profile and then delete the original after the updated profile has finished creating. │ │ │ If any Fargate profiles in a cluster are in the `DELETING` status, you must wait for that Fargate profile to finish deleting before you can create any other profiles in that cluster. │ │ │ For more information, see [AWS Fargate Profile](https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html) in the *Amazon EKS User Guide* . │ │ │ + documentation: Creates an AWS Fargate profile for your Amazon EKS cluster. You must have at least one Fargate profile in a cluster to be able to run pods on Fargate. │ │ │ The Fargate profile allows an administrator to declare which pods run on Fargate and specify which pods run on which Fargate profile. This declaration is done through the profile’s selectors. Each profile can have up to five selectors that contain a namespace and labels. A namespace is required for every selector. The label field consists of multiple optional key-value pairs. Pods that match the selectors are scheduled on Fargate. If a to-be-scheduled pod matches any of the selectors in the Fargate profile, then that pod is run on Fargate. │ │ │ When you create a Fargate profile, you must specify a pod execution role to use with the pods that are scheduled with the profile. This role is added to the cluster's Kubernetes [Role Based Access Control](https://docs.aws.amazon.com/https://kubernetes.io/docs/reference/access-authn-authz/rbac/) (RBAC) for authorization so that the `kubelet` that is running on the Fargate infrastructure can register with your Amazon EKS cluster so that it can appear in your cluster as a node. The pod execution role also provides IAM permissions to the Fargate infrastructure to allow read access to Amazon ECR image repositories. For more information, see [Pod Execution Role](https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html) in the *Amazon EKS User Guide* . │ │ │ Fargate profiles are immutable. However, you can create a new updated profile to replace an existing profile and then delete the original after the updated profile has finished creating. │ │ │ If any Fargate profiles in a cluster are in the `DELETING` status, you must wait for that Fargate profile to finish deleting before you can create any other profiles in that cluster. │ │ │ For more information, see [AWS Fargate profile](https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html) in the *Amazon EKS User Guide* . │ │ ├ properties │ │ │ ├ ClusterName: (documentation changed) │ │ │ ├ PodExecutionRoleArn: (documentation changed) │ │ │ ├ Selectors: (documentation changed) │ │ │ ├ Subnets: (documentation changed) │ │ │ └ Tags: (documentation changed) │ │ └ types │ │ └[~] type Selector │ │ └ properties │ │ └ Namespace: (documentation changed) │ ├[~] resource AWS::EKS::IdentityProviderConfig │ │ ├ - documentation: Associate an identity provider configuration to a cluster. │ │ │ If you want to authenticate identities using an identity provider, you can create an identity provider configuration and associate it to your cluster. After configuring authentication to your cluster you can create Kubernetes `roles` and `clusterroles` to assign permissions to the roles, and then bind the roles to the identities using Kubernetes `rolebindings` and `clusterrolebindings` . For more information see [Using RBAC Authorization](https://docs.aws.amazon.com/https://kubernetes.io/docs/reference/access-authn-authz/rbac/) in the Kubernetes documentation. │ │ │ + documentation: Associates an identity provider configuration to a cluster. │ │ │ If you want to authenticate identities using an identity provider, you can create an identity provider configuration and associate it to your cluster. After configuring authentication to your cluster you can create Kubernetes `Role` and `ClusterRole` objects, assign permissions to them, and then bind them to the identities using Kubernetes `RoleBinding` and `ClusterRoleBinding` objects. For more information see [Using RBAC Authorization](https://docs.aws.amazon.com/https://kubernetes.io/docs/reference/access-authn-authz/rbac/) in the Kubernetes documentation. │ │ └ properties │ │ ├ ClusterName: (documentation changed) │ │ └ Tags: (documentation changed) │ ├[~] resource AWS::EKS::Nodegroup │ │ ├ - documentation: Creates a managed node group for an Amazon EKS cluster. You can only create a node group for your cluster that is equal to the current Kubernetes version for the cluster. │ │ │ An Amazon EKS managed node group is an Amazon EC2 Auto Scaling group and associated Amazon EC2 instances that are managed by AWS for an Amazon EKS cluster. For more information, see [Managed node groups](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html) in the *Amazon EKS User Guide* . │ │ │ > Windows AMI types are only supported for commercial Regions that support Windows Amazon EKS. │ │ │ + documentation: Creates a managed node group for an Amazon EKS cluster. │ │ │ You can only create a node group for your cluster that is equal to the current Kubernetes version for the cluster. All node groups are created with the latest AMI release version for the respective minor Kubernetes version of the cluster, unless you deploy a custom AMI using a launch template. For more information about using launch templates, see [Launch template support](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) . │ │ │ An Amazon EKS managed node group is an Amazon EC2 Auto Scaling group and associated Amazon EC2 instances that are managed by AWS for an Amazon EKS cluster. For more information, see [Managed node groups](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html) in the *Amazon EKS User Guide* . │ │ │ > Windows AMI types are only supported for commercial AWS Regions that support Windows on Amazon EKS. │ │ ├ properties │ │ │ ├ ClusterName: (documentation changed) │ │ │ ├ ForceUpdateEnabled: (documentation changed) │ │ │ ├ Labels: (documentation changed) │ │ │ ├ NodeRole: (documentation changed) │ │ │ ├ Subnets: (documentation changed) │ │ │ └ Tags: (documentation changed) │ │ ├ attributes │ │ │ └ ClusterName: (documentation changed) │ │ └ types │ │ ├[~] type ScalingConfig │ │ │ └ properties │ │ │ └ DesiredSize: (documentation changed) │ │ ├[~] type Taint │ │ │ └ - documentation: A property that allows a node to repel a set of pods. For more information, see [Node taints on managed node groups](https://docs.aws.amazon.com/eks/latest/userguide/node-taints-managed-node-groups.html) . │ │ │ + documentation: A property that allows a node to repel a `Pod` . For more information, see [Node taints on managed node groups](https://docs.aws.amazon.com/eks/latest/userguide/node-taints-managed-node-groups.html) in the *Amazon EKS User Guide* . │ │ └[~] type UpdateConfig │ │ └ properties │ │ ├ MaxUnavailable: (documentation changed) │ │ └ MaxUnavailablePercentage: (documentation changed) │ └[~] resource AWS::EKS::PodIdentityAssociation │ └ properties │ └ Tags: (documentation changed) ├[~] service aws-emr │ └ resources │ └[~] resource AWS::EMR::Cluster │ ├ properties │ │ ├ EbsRootVolumeIops: (documentation changed) │ │ └ EbsRootVolumeThroughput: (documentation changed) │ └ types │ └[~] type PlacementGroupConfig │ ├ - documentation: undefined │ │ + documentation: Placement group configuration for an Amazon EMR cluster. The configuration specifies the placement strategy that can be applied to instance roles during cluster creation. │ │ To use this configuration, consider attaching managed policy AmazonElasticMapReducePlacementGroupPolicy to the Amazon EMR role. │ └ properties │ ├ InstanceRole: (documentation changed) │ └ PlacementStrategy: (documentation changed) ├[~] service aws-emrserverless │ └ resources │ └[~] resource AWS::EMRServerless::Application │ └ types │ ├[+] type CloudWatchLoggingConfiguration │ │ ├ name: CloudWatchLoggingConfiguration │ │ └ properties │ │ ├Enabled: boolean (default=false) │ │ ├LogGroupName: string │ │ ├LogStreamNamePrefix: string │ │ ├EncryptionKeyArn: string │ │ └LogTypeMap: Array<LogTypeMapKeyValuePair> │ ├[+] type LogTypeMapKeyValuePair │ │ ├ name: LogTypeMapKeyValuePair │ │ └ properties │ │ ├Key: string (required) │ │ └Value: Array<string> (required) │ └[~] type MonitoringConfiguration │ └ properties │ └[+] CloudWatchLoggingConfiguration: CloudWatchLoggingConfiguration ├[~] service aws-eventschemas │ └ resources │ └[~] resource AWS::EventSchemas::Schema │ └ attributes │ └ LastModified: (documentation changed) ├[~] service aws-gamelift │ └ resources │ └[~] resource AWS::GameLift::MatchmakingConfiguration │ └ types │ └[~] type GameProperty │ └ - documentation: Set of key-value pairs that contain information about a game session. When included in a game session request, these properties communicate details to be used when setting up the new game session. For example, a game property might specify a game mode, level, or map. Game properties are passed to the game server process when initiating a new game session. For more information, see the [Amazon GameLift Developer Guide](https://docs.aws.amazon.com/gamelift/latest/developerguide/gamelift-sdk-client-api.html#gamelift-sdk-client-api-create) . │ + documentation: This key-value pair can store custom data about a game session. For example, you might use a `GameProperty` to track a game session's map, level of difficulty, or remaining time. The difficulty level could be specified like this: `{"Key": "difficulty", "Value":"Novice"}` . │ You can set game properties when creating a game session. You can also modify game properties of an active game session. When searching for game sessions, you can filter on game property keys and values. You can't delete game properties from a game session. │ For examples of working with game properties, see [Create a game session with properties](https://docs.aws.amazon.com/gamelift/latest/developerguide/gamelift-sdk-client-api.html#game-properties) . ├[~] service aws-greengrass │ └ resources │ ├[~] resource AWS::Greengrass::ConnectorDefinition │ │ ├ properties │ │ │ └ Tags: (documentation changed) │ │ └ types │ │ └[~] type Connector │ │ ├ - documentation: Connectors are modules that provide built-in integration with local infrastructure, device protocols, AWS , and other cloud services. For more information, see [Integrate with Services and Protocols Using Greengrass Connectors](https://docs.aws.amazon.com/greengrass/latest/developerguide/connectors.html) in the *Developer Guide* . │ │ │ In an AWS CloudFormation template, the `Connectors` property of the [`ConnectorDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-connectordefinition-connectordefinitionversion.html) property type contains a list of `Connector` property types. │ │ │ + documentation: Connectors are modules that provide built-in integration with local infrastructure, device protocols, AWS , and other cloud services. For more information, see [Integrate with Services and Protocols Using Greengrass Connectors](https://docs.aws.amazon.com/greengrass/v1/developerguide/connectors.html) in the *Developer Guide* . │ │ │ In an AWS CloudFormation template, the `Connectors` property of the [`ConnectorDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-connectordefinition-connectordefinitionversion.html) property type contains a list of `Connector` property types. │ │ └ properties │ │ ├ ConnectorArn: (documentation changed) │ │ └ Parameters: (documentation changed) │ ├[~] resource AWS::Greengrass::ConnectorDefinitionVersion │ │ └ types │ │ └[~] type Connector │ │ ├ - documentation: Connectors are modules that provide built-in integration with local infrastructure, device protocols, AWS , and other cloud services. For more information, see [Integrate with Services and Protocols Using Greengrass Connectors](https://docs.aws.amazon.com/greengrass/latest/developerguide/connectors.html) in the *Developer Guide* . │ │ │ In an AWS CloudFormation template, the `Connectors` property of the [`AWS::Greengrass::ConnectorDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-greengrass-connectordefinitionversion.html) resource contains a list of `Connector` property types. │ │ │ + documentation: Connectors are modules that provide built-in integration with local infrastructure, device protocols, AWS , and other cloud services. For more information, see [Integrate with Services and Protocols Using Greengrass Connectors](https://docs.aws.amazon.com/greengrass/v1/developerguide/connectors.html) in the *Developer Guide* . │ │ │ In an AWS CloudFormation template, the `Connectors` property of the [`AWS::Greengrass::ConnectorDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-greengrass-connectordefinitionversion.html) resource contains a list of `Connector` property types. │ │ └ properties │ │ ├ ConnectorArn: (documentation changed) │ │ └ Parameters: (documentation changed) │ ├[~] resource AWS::Greengrass::CoreDefinition │ │ ├ properties │ │ │ └ Tags: (documentation changed) │ │ └ types │ │ └[~] type Core │ │ └ - documentation: A core is an AWS IoT device that runs the AWS IoT Greengrass core software and manages local processes for a Greengrass group. For more information, see [What Is AWS IoT Greengrass ?](https://docs.aws.amazon.com/greengrass/latest/developerguide/what-is-gg.html) in the *Developer Guide* . │ │ In an AWS CloudFormation template, the `Cores` property of the [`CoreDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-coredefinition-coredefinitionversion.html) property type contains a list of `Core` property types. Currently, the list can contain only one core. │ │ + documentation: A core is an AWS IoT device that runs the AWS IoT Greengrass core software and manages local processes for a Greengrass group. For more information, see [What Is AWS IoT Greengrass ?](https://docs.aws.amazon.com/greengrass/v1/developerguide/what-is-gg.html) in the *Developer Guide* . │ │ In an AWS CloudFormation template, the `Cores` property of the [`CoreDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-coredefinition-coredefinitionversion.html) property type contains a list of `Core` property types. Currently, the list can contain only one core. │ ├[~] resource AWS::Greengrass::CoreDefinitionVersion │ │ └ types │ │ └[~] type Core │ │ └ - documentation: A core is an AWS IoT device that runs the AWS IoT Greengrass core software and manages local processes for a Greengrass group. For more information, see [What Is AWS IoT Greengrass ?](https://docs.aws.amazon.com/greengrass/latest/developerguide/what-is-gg.html) in the *Developer Guide* . │ │ In an AWS CloudFormation template, the `Cores` property of the [`AWS::Greengrass::CoreDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-greengrass-coredefinitionversion.html) resource contains a list of `Core` property types. Currently, the list can contain only one core. │ │ + documentation: A core is an AWS IoT device that runs the AWS IoT Greengrass core software and manages local processes for a Greengrass group. For more information, see [What Is AWS IoT Greengrass ?](https://docs.aws.amazon.com/greengrass/v1/developerguide/what-is-gg.html) in the *Developer Guide* . │ │ In an AWS CloudFormation template, the `Cores` property of the [`AWS::Greengrass::CoreDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-greengrass-coredefinitionversion.html) resource contains a list of `Core` property types. Currently, the list can contain only one core. │ ├[~] resource AWS::Greengrass::DeviceDefinition │ │ ├ properties │ │ │ └ Tags: (documentation changed) │ │ └ types │ │ └[~] type Device │ │ └ - documentation: A device is an AWS IoT device (thing) that's added to a Greengrass group. Greengrass devices can communicate with the Greengrass core in the same group. For more information, see [What Is AWS IoT Greengrass ?](https://docs.aws.amazon.com/greengrass/latest/developerguide/what-is-gg.html) in the *Developer Guide* . │ │ In an AWS CloudFormation template, the `Devices` property of the [`DeviceDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-devicedefinition-devicedefinitionversion.html) property type contains a list of `Device` property types. │ │ + documentation: A device is an AWS IoT device (thing) that's added to a Greengrass group. Greengrass devices can communicate with the Greengrass core in the same group. For more information, see [What Is AWS IoT Greengrass ?](https://docs.aws.amazon.com/greengrass/v1/developerguide/what-is-gg.html) in the *Developer Guide* . │ │ In an AWS CloudFormation template, the `Devices` property of the [`DeviceDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-devicedefinition-devicedefinitionversion.html) property type contains a list of `Device` property types. │ ├[~] resource AWS::Greengrass::DeviceDefinitionVersion │ │ └ types │ │ └[~] type Device │ │ └ - documentation: A device is an AWS IoT device (thing) that's added to a Greengrass group. Greengrass devices can communicate with the Greengrass core in the same group. For more information, see [What Is AWS IoT Greengrass ?](https://docs.aws.amazon.com/greengrass/latest/developerguide/what-is-gg.html) in the *Developer Guide* . │ │ In an AWS CloudFormation template, the `Devices` property of the [`AWS::Greengrass::DeviceDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-greengrass-devicedefinitionversion.html) resource contains a list of `Device` property types. │ │ + documentation: A device is an AWS IoT device (thing) that's added to a Greengrass group. Greengrass devices can communicate with the Greengrass core in the same group. For more information, see [What Is AWS IoT Greengrass ?](https://docs.aws.amazon.com/greengrass/v1/developerguide/what-is-gg.html) in the *Developer Guide* . │ │ In an AWS CloudFormation template, the `Devices` property of the [`AWS::Greengrass::DeviceDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-greengrass-devicedefinitionversion.html) resource contains a list of `Device` property types. │ ├[~] resource AWS::Greengrass::FunctionDefinition │ │ ├ properties │ │ │ └ Tags: (documentation changed) │ │ └ types │ │ ├[~] type Execution │ │ │ └ properties │ │ │ ├ IsolationMode: (documentation changed) │ │ │ └ RunAs: (documentation changed) │ │ ├[~] type Function │ │ │ └ - documentation: A function is a Lambda function that's referenced from an AWS IoT Greengrass group. The function is deployed to a Greengrass core where it runs locally. For more information, see [Run Lambda Functions on the AWS IoT Greengrass Core](https://docs.aws.amazon.com/greengrass/latest/developerguide/lambda-functions.html) in the *Developer Guide* . │ │ │ In an AWS CloudFormation template, the `Functions` property of the [`FunctionDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-functiondefinition-functiondefinitionversion.html) property type contains a list of `Function` property types. │ │ │ + documentation: A function is a Lambda function that's referenced from an AWS IoT Greengrass group. The function is deployed to a Greengrass core where it runs locally. For more information, see [Run Lambda Functions on the AWS IoT Greengrass Core](https://docs.aws.amazon.com/greengrass/v1/developerguide/lambda-functions.html) in the *Developer Guide* . │ │ │ In an AWS CloudFormation template, the `Functions` property of the [`FunctionDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-functiondefinition-functiondefinitionversion.html) property type contains a list of `Function` property types. │ │ ├[~] type FunctionConfiguration │ │ │ └ - documentation: The group-specific configuration settings for a Lambda function. These settings configure the function's behavior in the Greengrass group. For more information, see [Controlling Execution of Greengrass Lambda Functions by Using Group-Specific Configuration](https://docs.aws.amazon.com/greengrass/latest/developerguide/lambda-group-config.html) in the *Developer Guide* . │ │ │ In an AWS CloudFormation template, `FunctionConfiguration` is a property of the [`Function`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-functiondefinition-function.html) property type. │ │ │ + documentation: The group-specific configuration settings for a Lambda function. These settings configure the function's behavior in the Greengrass group. For more information, see [Controlling Execution of Greengrass Lambda Functions by Using Group-Specific Configuration](https://docs.aws.amazon.com/greengrass/v1/developerguide/lambda-group-config.html) in the *Developer Guide* . │ │ │ In an AWS CloudFormation template, `FunctionConfiguration` is a property of the [`Function`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-functiondefinition-function.html) property type. │ │ └[~] type RunAs │ │ └ - documentation: The access identity whose permissions are used to run the Lambda function. This setting overrides the default access identity that's specified for the group (by default, ggc_user and ggc_group). You can override the user, group, or both. For more information, see [Run as](https://docs.aws.amazon.com/greengrass/latest/developerguide/lambda-group-config.html#lambda-access-identity.html) in the *Developer Guide* . │ │ > Running as the root user increases risks to your data and device. Do not run as root (UID/GID=0) unless your business case requires it. For more information and requirements, see [Running a Lambda Function as Root](https://docs.aws.amazon.com/greengrass/latest/developerguide/lambda-group-config.html#lambda-running-as-root) . │ │ In an AWS CloudFormation template, `RunAs` is a property of the [`Execution`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-functiondefinition-execution.html) property type. │ │ + documentation: The access identity whose permissions are used to run the Lambda function. This setting overrides the default access identity that's specified for the group (by default, ggc_user and ggc_group). You can override the user, group, or both. For more information, see [Run as](https://docs.aws.amazon.com/greengrass/v1/developerguide/lambda-group-config.html#lambda-access-identity.html) in the *Developer Guide* . │ │ > Running as the root user increases risks to your data and device. Do not run as root (UID/GID=0) unless your business case requires it. For more information and requirements, see [Running a Lambda Function as Root](https://docs.aws.amazon.com/greengrass/v1/developerguide/lambda-group-config.html#lambda-running-as-root) . │ │ In an AWS CloudFormation template, `RunAs` is a property of the [`Execution`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-functiondefinition-execution.html) property type. │ ├[~] resource AWS::Greengrass::FunctionDefinitionVersion │ │ └ types │ │ ├[~] type Execution │ │ │ └ properties │ │ │ ├ IsolationMode: (documentation changed) │ │ │ └ RunAs: (documentation changed) │ │ ├[~] type Function │ │ │ └ - documentation: A function is a Lambda function that's referenced from an AWS IoT Greengrass group. The function is deployed to a Greengrass core where it runs locally. For more information, see [Run Lambda Functions on the AWS IoT Greengrass Core](https://docs.aws.amazon.com/greengrass/latest/developerguide/lambda-functions.html) in the *Developer Guide* . │ │ │ In an AWS CloudFormation template, the `Functions` property of the [`AWS::Greengrass::FunctionDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-greengrass-functiondefinitionversion.html) resource contains a list of `Function` property types. │ │ │ + documentation: A function is a Lambda function that's referenced from an AWS IoT Greengrass group. The function is deployed to a Greengrass core where it runs locally. For more information, see [Run Lambda Functions on the AWS IoT Greengrass Core](https://docs.aws.amazon.com/greengrass/v1/developerguide/lambda-functions.html) in the *Developer Guide* . │ │ │ In an AWS CloudFormation template, the `Functions` property of the [`AWS::Greengrass::FunctionDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-greengrass-functiondefinitionversion.html) resource contains a list of `Function` property types. │ │ ├[~] type FunctionConfiguration │ │ │ └ - documentation: The group-specific configuration settings for a Lambda function. These settings configure the function's behavior in the Greengrass group. For more information, see [Controlling Execution of Greengrass Lambda Functions by Using Group-Specific Configuration](https://docs.aws.amazon.com/greengrass/latest/developerguide/lambda-group-config.html) in the *Developer Guide* . │ │ │ In an AWS CloudFormation template, `FunctionConfiguration` is a property of the [`Function`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-functiondefinitionversion-function.html) property type. │ │ │ + documentation: The group-specific configuration settings for a Lambda function. These settings configure the function's behavior in the Greengrass group. For more information, see [Controlling Execution of Greengrass Lambda Functions by Using Group-Specific Configuration](https://docs.aws.amazon.com/greengrass/v1/developerguide/lambda-group-config.html) in the *Developer Guide* . │ │ │ In an AWS CloudFormation template, `FunctionConfiguration` is a property of the [`Function`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-functiondefinitionversion-function.html) property type. │ │ └[~] type RunAs │ │ └ - documentation: The user and group permissions used to run the Lambda function. This setting overrides the default access identity that's specified for the group (by default, ggc_user and ggc_group). You can override the user, group, or both. For more information, see [Run as](https://docs.aws.amazon.com/greengrass/latest/developerguide/lambda-group-config.html#lambda-access-identity.html) in the *Developer Guide* . │ │ > Running as the root user increases risks to your data and device. Do not run as root (UID/GID=0) unless your business case requires it. For more information and requirements, see [Running a Lambda Function as Root](https://docs.aws.amazon.com/greengrass/latest/developerguide/lambda-group-config.html#lambda-running-as-root) . │ │ In an AWS CloudFormation template, `RunAs` is a property of the [`Execution`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-functiondefinitionversion-execution.html) property type. │ │ + documentation: The user and group permissions used to run the Lambda function. This setting overrides the default access identity that's specified for the group (by default, ggc_user and ggc_group). You can override the user, group, or both. For more information, see [Run as](https://docs.aws.amazon.com/greengrass/v1/developerguide/lambda-group-config.html#lambda-access-identity.html) in the *Developer Guide* . │ │ > Running as the root user increases risks to your data and device. Do not run as root (UID/GID=0) unless your business case requires it. For more information and requirements, see [Running a Lambda Function as Root](https://docs.aws.amazon.com/greengrass/v1/developerguide/lambda-group-config.html#lambda-running-as-root) . │ │ In an AWS CloudFormation template, `RunAs` is a property of the [`Execution`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-functiondefinitionversion-execution.html) property type. │ ├[~] resource AWS::Greengrass::Group │ │ ├ - documentation: AWS IoT Greengrass seamlessly extends AWS to edge devices so they can act locally on the data they generate, while still using the cloud for management, analytics, and durable storage. With AWS IoT Greengrass , connected devices can run AWS Lambda functions, execute predictions based on machine learning models, keep device data in sync, and communicate with other devices securely – even when not connected to the internet. For more information, see the [Developer Guide](https://docs.aws.amazon.com/greengrass/latest/developerguide/what-is-gg.html) . │ │ │ > For AWS Region support, see [AWS CloudFormation Support for AWS IoT Greengrass](https://docs.aws.amazon.com/greengrass/latest/developerguide/cloudformation-support.html) in the *Developer Guide* . │ │ │ The `AWS::Greengrass::Group` resource represents a group in AWS IoT Greengrass . In the AWS IoT Greengrass API, groups are used to organize your group versions. │ │ │ Groups can reference multiple group versions. All group versions must be associated with a group. A group version references a device definition version, subscription definition version, and other version types that contain the components you want to deploy to a Greengrass core device. │ │ │ To deploy a group version, the group version must reference a core definition version that contains one core. Other version types are optionally included, depending on your business need. │ │ │ > When you create a group, you can optionally include an initial group version. To associate a group version later, create a [`AWS::Greengrass::GroupVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-greengrass-groupversion.html) resource and specify the ID of this group. │ │ │ > │ │ │ > To change group components (such as…
Configuration menu - View commit details
-
Copy full SHA for ad1114a - Browse repository at this point
Copy the full SHA ad1114aView commit details -
chore: refuse to close PRs that are awaiting maintainer review (aws#2…
…8481) Because of PRs that require cli integ tests run, some PRs have the automated review failing while awaiting review (and integ tests run). We shouldn't auto-close these as stale ever, since the ball is in our court. See aws#27882, where we were bad. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for 1e6090d - Browse repository at this point
Copy the full SHA 1e6090dView commit details -
fix(ecs-patterns):
ApplicationMultipleTargetGroupsEc2Service
ignore…Configuration menu - View commit details
-
Copy full SHA for 6e5e7d1 - Browse repository at this point
Copy the full SHA 6e5e7d1View commit details -
Configuration menu - View commit details
-
Copy full SHA for fcc711e - Browse repository at this point
Copy the full SHA fcc711eView commit details -
feat(ecs): enable cluster to grant task protection API permissions to…
… IAM entities (aws#28486) Added a `grantTaskProtection` method to the ECS (Elastic Container Service) Cluster. This method grants ECS tasks the necessary permissions to interact with the task protection API. Closes aws#26233 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for b7800ce - Browse repository at this point
Copy the full SHA b7800ceView commit details -
feat(ecs): nvidia support to BottlerocketEcsVariant enum for gpu-acce…
…lerated tasks (aws#28488) This pull request introduces a new variant, AWS_ECS_1_NVIDIA, to the BottlerocketEcsVariant enum. This addition caters to the increasing demand for GPU-accelerated computing in containerized environments, particularly for tasks that require intensive computing power, such as machine learning and 3D rendering. Closes aws#25980 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for 6c92a00 - Browse repository at this point
Copy the full SHA 6c92a00View commit details -
feat(glue-alpha): add
cfn-glue-table-tableinput-parameters
to Glue ……table construct (aws#27643) Add [cfn-glue-table-tableinput-parameters](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-glue-table-tableinput.html#cfn-glue-table-tableinput-parameters) to Glue Table construct as optional props User can specify additional table parameter when creating Glue Table. Any key/value can be set depending on each user's requirement like table's additional metadata or statistics. Some parameter can be used when AWS services / 3rd party tools read table like `skip.header.line.count`. Closes aws#14159. --- All Submissions: - [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) Adding new Unconventional Dependencies: - [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) New Features - [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? - [x] Did you use yarn integ to deploy the infrastructure and generate the snapshot (i.e. yarn integ without --dry-run)? --- By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license --------- Co-authored-by: Vinayak Kukreja <78971045+vinayak-kukreja@users.noreply.github.com> Co-authored-by: Sumu Pitchayan <35242245+sumupitchayan@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for df745ca - Browse repository at this point
Copy the full SHA df745caView commit details -
feat(opensearchservice): ip address type for domain (aws#28497)
This PR adds a `ipAddressType` property for `Domain`. Closes aws#28436. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for 26290ea - Browse repository at this point
Copy the full SHA 26290eaView commit details -
feat(appsync): IntrospectionConfig property (aws#28500)
Add support for [IntrospectionConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-graphqlapi.html#cfn-appsync-graphqlapi-introspectionconfig) Closes aws#28429. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for 118728a - Browse repository at this point
Copy the full SHA 118728aView commit details -
fix(rds): circular dependencies when creating multiple DatabaseProxies (
aws#28471) ### Description The related issue reports that deployment fails due to circular dependencies when multiple RDSProxy are created. The `DatabaseProxy` uses the `node.addDependency` method to ensure that the `CfnDBProxyTargetGroup` is created after the `DBCluster` and `DBInstance` are created (aws#12237). This works well for a single `DatabaseProxy`, but does not work well when multiple `DatabaseProxy` are created with `DatabaseCluster.addProxy`. When creating a `DatabaseProxy` with the `DatabaseCluster.addProxy` method, it is created as a child of the `DatabaseCluster`. https://github.com/aws/aws-cdk/blob/cd54c4239ec29182e30fd91634505df560d6e5f8/packages/aws-cdk-lib/aws-rds/lib/cluster.ts#L446 The `node.addDependency` method recursively sets dependencies on child Constructs, so if multiple `DatabaseProxy` are created as a child of a `DatabaseCluster` in the construct tree, multiple `DatabaseProxy` dependencies on each other. If the `addProxy` method is not used, the user initializes the `DatabaseProxy` directly and it does not become a child of `DatabaseCluster`. For example, ```ts new DatabaseProxy(stack, 'DBProxy', { proxyTarget: rds.ProxyTarget.fromCluster(cluster), vpc, }); ``` I believe this is the cause of the `these resources have a dependency cycle` error reported in the related issue. To correct this error, this PR uses `CfnResource.addDependency` instead of `node.addDependency` to avoid recurrent dependencies. Closes aws#25633 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for 7ab33e0 - Browse repository at this point
Copy the full SHA 7ab33e0View commit details -
chore(prlint): fix broken link to get trusted members (aws#28505)
The link to the Wiki page on `TrustedMember` has changed, and prlint is now failing, so I fixed the broken link in this PR. ![スクリーンショット 2023-12-28 14 34 01](https://github.com/aws/aws-cdk/assets/58683719/f776ce9c-fc42-419f-b13e-798c36789125) https://github.com/aws/aws-cdk/wiki/_compare/17dd5d3103a6cd3350441f20371915d0cd0c1465...4863a52be6383e221667a9c7b9f982f37cac852c For Example, https://github.com/aws/aws-cdk/actions/runs/7344487786/job/19996393076?pr=28495 ![スクリーンショット 2023-12-28 14 37 10](https://github.com/aws/aws-cdk/assets/58683719/bb3a39a5-7c68-406f-ac9a-0e6e9998961e) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for 87ab133 - Browse repository at this point
Copy the full SHA 87ab133View commit details -
chore(lambda): formatting of enums (aws#28504)
---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for de255b4 - Browse repository at this point
Copy the full SHA de255b4View commit details -
feat(autoscaling): add support for
InstanceRequirements
property (a……ws#28464) Closes aws#28393 > Basically [LaunchTemplateOverrides](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_autoscaling.LaunchTemplateOverrides.html) for L2 construct is missing the [InstanceRequirements](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-launchtemplateoverrides.html#cfn-autoscaling-autoscalinggroup-launchtemplateoverrides-instancerequirements) attribute. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --------- Co-authored-by: Sumu Pitchayan <35242245+sumupitchayan@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for ffe1dcf - Browse repository at this point
Copy the full SHA ffe1dcfView commit details -
feat(cloudfront): Key Value Store L2 (aws#28473)
This adds an initial resource to support creating a Key Value Store and specifying an import source. Unfortunately, CloudFormation doesn't seem to support specifying the `KeyValueStoreAssociations` property of a function so there isn't a way to actually associate the store with a function. Closes aws#28377. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for 73575e6 - Browse repository at this point
Copy the full SHA 73575e6View commit details -
feat(cloudfront): CloudFront Function runtime property (aws#28099)
fixed aws#28163 This provides an option to change the runtime for CloudFront Functions. This makes it easier to access the CloudFront KeyValueStore. https://docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-function-functionconfig.html ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for 594f524 - Browse repository at this point
Copy the full SHA 594f524View commit details -
feat(rds): new Aurora Postgres engine versions (aws#28508)
Add new aurora engine versions: - 12.17 - 13.13 - 14.10 - 15.5 - 16.0 Release notes: - https://aws.amazon.com/about-aws/whats-new/2023/12/amazon-aurora-postgresql-15-5-14-10-13-13-12-17/ - https://aws.amazon.com/about-aws/whats-new/2023/11/amazon-aurora-postgresql-16-rds-database-preview/
Configuration menu - View commit details
-
Copy full SHA for b28f110 - Browse repository at this point
Copy the full SHA b28f110View commit details -
feat(stepfunctions-tasks): add validations for EmrCreateCluster (aws#…
…28529) This PR adds validations for `EmrCreateCluster`. ## timeoutDurationMinutes > Minimum value is 5 and maximum value is 1440. https://docs.aws.amazon.com/emr/latest/APIReference/API_SpotProvisioningSpecification.html ## bidPrice and bidPriceAsPercentageOfOnDemandPrice Both `bidPrice` and `bidPriceAsPercentageOfOnDemandPrice` are specified, the error occurs in Step Functions console. ``` Specify at most one of bidPrice or bidPriceAsPercentageOfOnDemandPrice value for the Spot Instance fleet : Master request. (Service: AmazonElasticMapReduce; Status Code: 400; Error Code: ValidationException; Request ID: xxxxxx; Proxy: null) ``` ## targetOnDemandCapacity and targetSpotCapacity > At least one of TargetSpotCapacity and TargetOnDemandCapacity should be greater than 0. For a master instance fleet, only one of TargetSpotCapacity and TargetOnDemandCapacity can be specified, and its value must be 1. https://docs.aws.amazon.com/emr/latest/APIReference/API_InstanceFleetConfig.html ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for cefa36a - Browse repository at this point
Copy the full SHA cefa36aView commit details -
feat(stepfunctions-tasks): additional allocation strategies for spot …
…instance fleets in EmrCreateCluster (aws#28525) This PR adds new allocation strategies for spot instance fleets in EmrCreateCluster. - price-capacity-optimized - recommended - lowest-price - diversified https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-emr-instancefleetconfig-spotprovisioningspecification.html https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-allocation-strategy.html ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for c050f6d - Browse repository at this point
Copy the full SHA c050f6dView commit details -
fix(iam): withConditions overrides Principal actions (aws#28510)
Calling `withConditions` after `withSessionTags` will override the existing `sts:TagSession` action for the statement. This implementation fixes the issue. Closes aws#28426. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for 454ce16 - Browse repository at this point
Copy the full SHA 454ce16View commit details -
feat(codepipeline-actions): more convenient methods to
CacheControl
(……aws#28491) This PR adds following convenient methods to `CacheControl`; same as aws#25477. | method | directive | RFC | |-|-|-| | `CacheControl.noStore()` | `no-store` | [RFC9111](https://www.rfc-editor.org/rfc/rfc9111.html), Section 5.2.2.4 | | `CacheControl.mustUnderstand()` | `must-understand` | RFC9111, Section 5.2.2.3 | | `CacheControl.immutable()` | `immutable` | [RFC8246](https://www.rfc-editor.org/rfc/rfc8246.html) | | `CacheControl.staleWhileRevalidate(duration)` | `stale-while-revalidate=<duration>` | [RFC5861](https://www.rfc-editor.org/rfc/rfc5861.html) | | `CacheControl.staleIfError(duration)` | `stale-if-error=<duration>` | RFC5861 | For more information about these Cache-Control directives, see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for 366a946 - Browse repository at this point
Copy the full SHA 366a946View commit details -
feat(glue): database description property (aws#27744)
Closes aws#27740. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for bdc1c26 - Browse repository at this point
Copy the full SHA bdc1c26View commit details -
chore(codebuild): deprecate images that are no longer actively mainta…
…ined (aws#28533) As per these documents, the following build image is not actively maintained, so I added @deprecated tag in this PR. - `standard` - `STANDARD_1_0` - `STANDARD_2_0` - `STANDARD_3_0` - `STANDARD_4_0` - `amazonlinux2-x86_64-standard` - `AMAZON_LINUX_2` - `AMAZON_LINUX_2_2` - `AMAZON_LINUX_2_3` - `amazonlinux2-aarch64-standard` - `AMAZON_LINUX_2_STANDARD_1_0` https://github.com/aws/aws-codebuild-docker-images?tab=readme-ov-file#image-maintenance https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-available.html relates: aws#23096 (comment), aws#16707 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for 1758030 - Browse repository at this point
Copy the full SHA 1758030View commit details -
chore: updated Copyright year range for 2024 (aws#28542)
Happy New Year! ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for 73d0fbe - Browse repository at this point
Copy the full SHA 73d0fbeView commit details -
chore: update Contributors File (aws#28541)
Automated changes by [create-pull-request](https://github.com/peter-evans/create-pull-request) GitHub action
Configuration menu - View commit details
-
Copy full SHA for 17ee5a3 - Browse repository at this point
Copy the full SHA 17ee5a3View commit details -
feat(stepfunctions-tasks): add
timeout
parameter for EmrCreateClust……er (aws#28532) This PR adds a new parameter `timeout` as Duration type instead of `timeoutDurationMinutes` because the `timeoutDurationMinutes` is a number type. Originally, `timeoutDurationMinutes` was a **required** parameter, but we have made it **optional** and also made the new parameter **optional** to avoid breaking change. Instead, added a validation to ensure that the value is specified. We discussed this in the following thread: aws#28529 (comment) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for f63d0a9 - Browse repository at this point
Copy the full SHA f63d0a9View commit details -
fix(events): event bus fails with duplicate policy resource (aws#28521)
aws#27340 introduced the ability to create multiple event bus policies on a single event bus. To facilitate this, the logical Id was changed from `"Policy"` to the statementId. This triggers a replacement, which fails in CloudFormation because the statement ID does not change. The idea behind this PR is simple -- we are updating the statement ID of the policy to trigger a change for anyone who updates to the new version. I think we are okay with this change because no one should be depending on the statementIds of their policies. And since the policy is not a stateful resource, updating the policy should not harm anyone. I have checked the feasibility of this PR on my own, hence the lack of an integ test. closes aws#28520 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for 724929d - Browse repository at this point
Copy the full SHA 724929dView commit details -
feat(ecs):
interactive
option inContainerDefinitionOptions
(aws#……28536) This pull request adds the `interactive` argument to `ContainerDefinitionOptions`. This argument is used when deploying containerized applications that require the allocation of standard input (stdin) or a terminal (tty). This parameter corresponds to `OpenStdin` in the "Create a container" section of the Docker Remote API and the `--interactive` option to `docker run`. Closes aws#24326. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for 9bcc523 - Browse repository at this point
Copy the full SHA 9bcc523View commit details -
feat(iam): validate roleName (aws#28509)
> Validates roleName Closes aws#28502 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for 0b63325 - Browse repository at this point
Copy the full SHA 0b63325View commit details -
chore(spec2cdk): remove temporary schema for AWS::Lambda::Function (a…
…ws#28557) This schema is now publicly available and needs to be cleaned up. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for 3010450 - Browse repository at this point
Copy the full SHA 3010450View commit details -
fix(cli): direct deploy method fails when there are no updates (aws#2…
…8523) This is correctly handled for empty change sets here: https://github.com/aws/aws-cdk/blob/9d8b06f6478a98e01e3aaa86c1dbf22d6e861f05/packages/aws-cdk/lib/api/util/cloudformation.ts#L290-L296 but not for direct updates. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for 638c73d - Browse repository at this point
Copy the full SHA 638c73dView commit details -
docs(core): update old recommendations in core README (aws#28535)
`splitArn` is the correct updated version of `parseArn`. It's now necessary to use `ArnFormat` not a literal string for the format of the ARN resource for `splitArn` and `formatArn`. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for 2e0c3bd - Browse repository at this point
Copy the full SHA 2e0c3bdView commit details -
feat(rds):
timeout
andtimeoutAction
properties to ServerlessClus……ter (aws#28534) This pull request introduces two new properties to the `ServerlessCluster` class in the AWS CDK RDS package: `secondsBeforeTimeout` and `timeoutAction`. The `secondsBeforeTimeout` property allows users to specify the amount of time that Aurora Serverless v1 will attempt to find a scaling point to perform seamless scaling before enforcing the timeout action. The default value is 300 seconds (5 minutes). The `timeoutAction` property allows users to specify the action to take when the timeout is reached. Users can choose between `ForceApplyCapacityChange`, which will force the capacity to the specified value as soon as possible, even without a scaling point, and `RollbackCapacityChange`, which will ignore the capacity change if a scaling point is not found. The default behavior is `RollbackCapacityChange`. These enhancements provide users with more control over the scaling behavior of their Aurora Serverless clusters. Closes aws#27183 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for 39c9101 - Browse repository at this point
Copy the full SHA 39c9101View commit details -
feat(rds): ClientPasswordAuthType property on DatabaseProxy (aws#28540)
Adds support for [`ClientPasswordAuthType`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbproxy-authformat.html#cfn-rds-dbproxy-authformat-clientpasswordauthtype) on `DatabaseProxy` construct. Closes aws#28415. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for afb3788 - Browse repository at this point
Copy the full SHA afb3788View commit details -
fix(lambda-go): path with space breaks go build (aws#28554)
Output path with space breaks go build Solution: quoting `go build` output path Closes aws#28555 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for 15048f7 - Browse repository at this point
Copy the full SHA 15048f7View commit details -
Configuration menu - View commit details
-
Copy full SHA for dff95e5 - Browse repository at this point
Copy the full SHA dff95e5View commit details -
fix(core): single-file bundling breaks due to left over temp dir (aws…
…#28566) This change fixes a bad behavior of the asset bundling if we use the SINGLE_FILE asset type with the OUTPUT hash type. Because only the created file is moved and the temporary bundle dir is left over, subsequent bundling runs fail and create empty asset files. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for f07e8cf - Browse repository at this point
Copy the full SHA f07e8cfView commit details -
fix(cli):
cdk diff
falsely reports resource replacements on trivial…… template changes (aws#28336) Adds a new flag to diff, `--change-set`, that creates a new changeset and uses it to determine resource replacement. This new flag is on by default. When the flag is set, the following happens: * Resource metadata changes are obscured * Resource changes that do not appear in the changeset are obscured from the diff When the flag is unset, yaml Fn::GetAtt short-form uses are considered equivalent to their long-form counterpart. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configuration menu - View commit details
-
Copy full SHA for ebf8463 - Browse repository at this point
Copy the full SHA ebf8463View commit details -
Configuration menu - View commit details
-
Copy full SHA for 648b8c5 - Browse repository at this point
Copy the full SHA 648b8c5View commit details