Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(s3-notifications): unable to delete the existing S3 event notifications (under feature flag) #30527

Closed
wants to merge 28 commits into from

Conversation

sarangarav
Copy link
Contributor

@sarangarav sarangarav commented Jun 11, 2024

Issue # (if applicable)

Closes #28915

Reason for this change

Fix to address the issues deleting the existing S3 event notifications and adding new event notifications on top of existing notifications.

Description of changes

We fixed the hashing logic used to identify old vs external S3 event notifications

Description of how you validated changes

Manually tested the changes

Yes

Checklist


By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@github-actions github-actions bot added bug This issue is a bug. effort/medium Medium work item – several days of effort p1 beginning-contributor [Pilot] contributed between 0-2 PRs to the CDK labels Jun 11, 2024
@aws-cdk-automation aws-cdk-automation requested a review from a team June 11, 2024 23:25
Copy link
Collaborator

@aws-cdk-automation aws-cdk-automation left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The pull request linter has failed. See the aws-cdk-automation comment below for failure reasons. If you believe this pull request should receive an exemption, please comment and provide a justification.

A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed add Clarification Request to a comment.

@sarangarav sarangarav changed the title fix(s3-notifications): unable to delete the existing S3 event notifications (under feature falg) fix(s3-notifications): unable to delete the existing S3 event notifications (under feature flag) Jun 12, 2024
@aws-cdk-automation aws-cdk-automation dismissed their stale review June 13, 2024 16:12

✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.

@sarangarav
Copy link
Contributor Author

The pull request linter has failed. See the aws-cdk-automation comment below for failure reasons. If you believe this pull request should receive an exemption, please comment and provide a justification.

A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed add Clarification Request to a comment.

Exemption Request

@aws-cdk-automation aws-cdk-automation added pr/reviewer-clarification-requested The contributor has requested clarification on feedback, a failing build, or a failing PR Linter run pr-linter/exemption-requested The contributor has requested an exemption to the PR Linter feedback. labels Jun 13, 2024
Copy link
Contributor

@GavinZZ GavinZZ left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The exemption request cannot be accepted unfortunately. The reason being is that you modified the custom resource handler files which a number of integ tests use. You'll need to build your changes and re-run all failed integ tests to generate the up-to-date handler files.

@@ -133,6 +133,7 @@ export class BucketNotifications extends Construct {
BucketName: this.bucket.bucketName,
NotificationConfiguration: cdk.Lazy.any({ produce: () => this.renderNotificationConfiguration() }),
Managed: managed,
S3NotificationsDeleteFeatureFlagEnabled: true
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not a feature flag if you hardcode it to true. Please follow this documentation to create the feature flag appropriately https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md#feature-flags.

Alternatively if you can expose this property to users and make the default to be false and allow users to opt-in, that's also viable.

@aws-cdk-automation
Copy link
Collaborator

This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state.

AWS CDK Team and others added 13 commits June 21, 2024 00:10
… executionType in the ProcessorConfig (aws#30301)

### Issue # (if applicable)

Closes aws#30194 

### Reason for this change
In aws#27913, the ItemProcessor was introduced for use with the Map Class. With the executionType in the ProcessorConfig, it was possible to specify the executionType for the Map.
On the other hand, in aws#28821, the DistributedMap Class was introduced. The mapExecutionType of the DistributedMap class always overwrites the executionType of the ProcessorConfig.
Therefore, when using the DistributedMap class, the implementation ignores the executionType of the ProcessorConfig. However, this behavior cannot be inferred from the documentation.

### Description of changes
* Added to the docs that when using the DistributedMap Class, the executionType in the ProcessorConfig is ignored.
* Also added a warning.


### Description of how you validated changes
Add unit tests and integ tests



### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable)

Closes #<issue number here>.

### Reason for this change

Updating the roadmap to reflect the team's latest updates

### Description of changes

Updating the roadmap to reflect the team's latest updates

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
… Construct (aws#30228)

### Issue # (if applicable)
N/A

### Reason for this change
MIssing property in the L2 Construct


### Description of changes
Add nitroEnclaveEnabled and hibernationConfigured property.



### Description of how you validated changes
Added unit tests and integ tests.



### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec`

**L1 CloudFormation resource definition changes:**
```
├[~] service aws-appconfig
│ └ resources
│    └[~] resource AWS::AppConfig::HostedConfigurationVersion
│      └ properties
│         └ Content: (documentation changed)
├[+] service aws-applicationsignals
│ ├  capitalized: ApplicationSignals
│ │  cloudFormationNamespace: AWS::ApplicationSignals
│ │  name: aws-applicationsignals
│ │  shortName: applicationsignals
│ └ resources
│    └resource AWS::ApplicationSignals::ServiceLevelObjective
│     ├  name: ServiceLevelObjective
│     │  cloudFormationType: AWS::ApplicationSignals::ServiceLevelObjective
│     │  documentation: Resource Type definition for AWS::ApplicationSignals::ServiceLevelObjective
│     │  tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│     ├ properties
│     │  ├Name: string (required, immutable)
│     │  ├Description: string (default="No description")
│     │  ├Sli: Sli (required)
│     │  ├Goal: Goal
│     │  └Tags: Array<tag>
│     ├ attributes
│     │  ├Arn: string
│     │  ├CreatedTime: integer
│     │  └LastUpdatedTime: integer
│     └ types
│        ├type Sli
│        │├  documentation: This structure contains information about the performance metric that an SLO monitors.
│        ││  name: Sli
│        │└ properties
│        │   ├SliMetric: SliMetric (required)
│        │   ├MetricThreshold: number (required)
│        │   └ComparisonOperator: string (required)
│        ├type SliMetric
│        │├  documentation: A structure that contains information about the metric that the SLO monitors.
│        ││  name: SliMetric
│        │└ properties
│        │   ├KeyAttributes: Map<string, string>
│        │   ├OperationName: string
│        │   ├MetricType: string
│        │   ├Statistic: string
│        │   ├PeriodSeconds: integer
│        │   └MetricDataQueries: Array<MetricDataQuery>
│        ├type MetricDataQuery
│        │├  documentation: Use this structure to define a metric or metric math expression that you want to use as for a service level objective.
│        ││  Each `MetricDataQuery` in the `MetricDataQueries` array specifies either a metric to retrieve, or a metric math expression to be performed on retrieved metrics. A single `MetricDataQueries` array can include as many as 20 `MetricDataQuery` structures in the array. The 20 structures can include as many as 10 structures that contain a `MetricStat` parameter to retrieve a metric, and as many as 10 structures that contain the `Expression` parameter to perform a math expression. Of those Expression structures, exactly one must have true as the value for `ReturnData`. The result of this expression used for the SLO.
│        ││  name: MetricDataQuery
│        │└ properties
│        │   ├MetricStat: MetricStat
│        │   ├Id: string (required)
│        │   ├ReturnData: boolean
│        │   ├Expression: string
│        │   └AccountId: string
│        ├type MetricStat
│        │├  documentation: A metric to be used directly for the SLO, or to be used in the math expression that will be used for the SLO. Within one MetricDataQuery object, you must specify either Expression or MetricStat but not both.
│        ││  name: MetricStat
│        │└ properties
│        │   ├Period: integer (required)
│        │   ├Metric: Metric (required)
│        │   ├Stat: string (required)
│        │   └Unit: string
│        ├type Metric
│        │├  documentation: This structure defines the metric used for a service level indicator, including the metric name, namespace, and dimensions.
│        ││  name: Metric
│        │└ properties
│        │   ├MetricName: string
│        │   ├Dimensions: Array<Dimension>
│        │   └Namespace: string
│        ├type Dimension
│        │├  documentation: A dimension is a name/value pair that is part of the identity of a metric. Because dimensions are part of the unique identifier for a metric, whenever you add a unique name/value pair to one of your metrics, you are creating a new variation of that metric. For example, many Amazon EC2 metrics publish `InstanceId` as a dimension name, and the actual instance ID as the value for that dimension. You can assign up to 30 dimensions to a metric.
│        ││  name: Dimension
│        │└ properties
│        │   ├Value: string (required)
│        │   └Name: string (required)
│        ├type Goal
│        │├  documentation: A structure that contains the attributes that determine the goal of the SLO. This includes the time period for evaluation and the attainment threshold.
│        ││  name: Goal
│        │└ properties
│        │   ├Interval: Interval
│        │   ├AttainmentGoal: number
│        │   └WarningThreshold: number
│        ├type Interval
│        │├  documentation: The time period used to evaluate the SLO. It can be either a calendar interval or rolling interval.
│        ││  If you omit this parameter, a rolling interval of 7 days is used.
│        ││  name: Interval
│        │└ properties
│        │   ├RollingInterval: RollingInterval
│        │   └CalendarInterval: CalendarInterval
│        ├type RollingInterval
│        │├  documentation: If the interval is a calendar interval, this structure contains the interval specifications.
│        ││  name: RollingInterval
│        │└ properties
│        │   ├DurationUnit: string (required)
│        │   └Duration: integer (required)
│        └type CalendarInterval
│         ├  documentation: If the interval for this service level objective is a calendar interval, this structure contains the interval specifications.
│         │  name: CalendarInterval
│         └ properties
│            ├StartTime: integer (required)
│            ├DurationUnit: string (required)
│            └Duration: integer (required)
├[~] service aws-auditmanager
│ └ resources
│    └[~] resource AWS::AuditManager::Assessment
│      └ types
│         └[~] type Scope
│           └ properties
│              └ AwsServices: (documentation changed)
├[~] service aws-autoscaling
│ └ resources
│    └[~] resource AWS::AutoScaling::ScalingPolicy
│      └ types
│         ├[~] type CustomizedMetricSpecification
│         │ └ properties
│         │    └ Metrics: (documentation changed)
│         ├[~] type TargetTrackingMetricDataQuery
│         │ ├  - documentation: undefined
│         │ │  + documentation: The metric data to return. Also defines whether this call is returning data for one metric only, or whether it is performing a math expression on the values of returned metric statistics to create a new time series. A time series is a series of data points, each of which is associated with a timestamp.
│         │ │  `TargetTrackingMetricDataQuery` is used with the [AWS::AutoScaling::ScalingPolicy CustomizedMetricSpecification](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-scalingpolicy-customizedmetricspecification.html) property type.
│         │ │  You can call for a single metric or perform math expressions on multiple metrics. Any expressions used in a metric specification must eventually return a single time series.
│         │ │  For more information, see the [Create a target tracking scaling policy for Amazon EC2 Auto Scaling using metric math](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-target-tracking-metric-math.html) in the *Amazon EC2 Auto Scaling User Guide* .
│         │ └ properties
│         │    ├ Expression: (documentation changed)
│         │    ├ Id: (documentation changed)
│         │    ├ Label: (documentation changed)
│         │    ├ MetricStat: (documentation changed)
│         │    └ ReturnData: (documentation changed)
│         └[~] type TargetTrackingMetricStat
│           ├  - documentation: undefined
│           │  + documentation: `TargetTrackingMetricStat` is a property of the [AWS::AutoScaling::ScalingPolicy TargetTrackingMetricDataQuery](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-scalingpolicy-targettrackingmetricdataquery.html) property type.
│           │  This structure defines the CloudWatch metric to return, along with the statistic and unit.
│           │  For more information about the CloudWatch terminology below, see [Amazon CloudWatch concepts](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html) in the *Amazon CloudWatch User Guide* .
│           └ properties
│              ├ Metric: (documentation changed)
│              ├ Stat: (documentation changed)
│              └ Unit: (documentation changed)
├[~] service aws-batch
│ └ resources
│    └[~] resource AWS::Batch::JobDefinition
│      └ types
│         └[~] type NodeRangeProperty
│           └ properties
│              └[+] EksProperties: EksProperties
├[~] service aws-bedrock
│ └ resources
│    ├[~] resource AWS::Bedrock::Agent
│    │ └ types
│    │    ├[~] type InferenceConfiguration
│    │    │ ├  - documentation: Specifications about the inference parameters that were provided alongside the prompt. These are specified in the [PromptOverrideConfiguration](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_PromptOverrideConfiguration.html) object that was set when the agent was created or updated. For more information, see [Inference parameters for foundation models](https://docs.aws.amazon.com/bedrock/latest/userguide/model-parameters.html) .
│    │    │ │  + documentation: Base inference parameters to pass to a model in a call to [Converse](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_runtime_Converse.html) or [ConverseStream](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_runtime_ConverseStream.html) . For more information, see [Inference parameters for foundation models](https://docs.aws.amazon.com/bedrock/latest/userguide/model-parameters.html) .
│    │    │ │  If you need to pass additional parameters that the model supports, use the `additionalModelRequestFields` request field in the call to `Converse` or `ConverseStream` . For more information, see [Model parameters](https://docs.aws.amazon.com/bedrock/latest/userguide/model-parameters.html) .
│    │    │ └ properties
│    │    │    ├ Temperature: (documentation changed)
│    │    │    └ TopP: (documentation changed)
│    │    ├[~] type PromptConfiguration
│    │    │ └ properties
│    │    │    └ BasePromptTemplate: (documentation changed)
│    │    └[~] type PromptOverrideConfiguration
│    │      └ properties
│    │         └ OverrideLambda: (documentation changed)
│    ├[~] resource AWS::Bedrock::Guardrail
│    │ ├  - documentation: Creates a guardrail to block topics and to implement safeguards for your generative AI applications. You can configure denied topics to disallow undesirable topics and content filters to block harmful content in model inputs and responses. For more information, see [Guardrails for Amazon Bedrock](https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails.html) in the *Amazon Bedrock User Guide*
│    │ │  + documentation: Creates a guardrail to block topics and to implement safeguards for your generative AI applications.
│    │ │  You can configure the following policies in a guardrail to avoid undesirable and harmful content, filter out denied topics and words, and remove sensitive information for privacy protection.
│    │ │  - *Content filters* - Adjust filter strengths to block input prompts or model responses containing harmful content.
│    │ │  - *Denied topics* - Define a set of topics that are undesirable in the context of your application. These topics will be blocked if detected in user queries or model responses.
│    │ │  - *Word filters* - Configure filters to block undesirable words, phrases, and profanity. Such words can include offensive terms, competitor names etc.
│    │ │  - *Sensitive information filters* - Block or mask sensitive information such as personally identifiable information (PII) or custom regex in user inputs and model responses.
│    │ │  In addition to the above policies, you can also configure the messages to be returned to the user if a user input or model response is in violation of the policies defined in the guardrail.
│    │ │  For more information, see [Guardrails for Amazon Bedrock](https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails.html) in the *Amazon Bedrock User Guide* .
│    │ ├ properties
│    │ │  ├ ContentPolicyConfig: (documentation changed)
│    │ │  ├ KmsKeyArn: (documentation changed)
│    │ │  ├ SensitiveInformationPolicyConfig: (documentation changed)
│    │ │  ├ Tags: (documentation changed)
│    │ │  ├ TopicPolicyConfig: (documentation changed)
│    │ │  └ WordPolicyConfig: (documentation changed)
│    │ ├ attributes
│    │ │  ├ FailureRecommendations: (documentation changed)
│    │ │  ├ GuardrailArn: (documentation changed)
│    │ │  ├ Status: (documentation changed)
│    │ │  ├ StatusReasons: (documentation changed)
│    │ │  └ Version: (documentation changed)
│    │ └ types
│    │    ├[~] type ContentFilterConfig
│    │    │ ├  - documentation: Content filter config in content policy.
│    │    │ │  + documentation: Contains filter strengths for harmful content. Guardrails support the following content filters to detect and filter harmful user inputs and FM-generated outputs.
│    │    │ │  - *Hate* – Describes language or a statement that discriminates, criticizes, insults, denounces, or dehumanizes a person or group on the basis of an identity (such as race, ethnicity, gender, religion, sexual orientation, ability, and national origin).
│    │    │ │  - *Insults* – Describes language or a statement that includes demeaning, humiliating, mocking, insulting, or belittling language. This type of language is also labeled as bullying.
│    │    │ │  - *Sexual* – Describes language or a statement that indicates sexual interest, activity, or arousal using direct or indirect references to body parts, physical traits, or sex.
│    │    │ │  - *Violence* – Describes language or a statement that includes glorification of or threats to inflict physical pain, hurt, or injury toward a person, group or thing.
│    │    │ │  Content filtering depends on the confidence classification of user inputs and FM responses across each of the four harmful categories. All input and output statements are classified into one of four confidence levels (NONE, LOW, MEDIUM, HIGH) for each harmful category. For example, if a statement is classified as *Hate* with HIGH confidence, the likelihood of the statement representing hateful content is high. A single statement can be classified across multiple categories with varying confidence levels. For example, a single statement can be classified as *Hate* with HIGH confidence, *Insults* with LOW confidence, *Sexual* with NONE confidence, and *Violence* with MEDIUM confidence.
│    │    │ │  For more information, see [Guardrails content filters](https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-filters.html) .
│    │    │ └ properties
│    │    │    ├ InputStrength: (documentation changed)
│    │    │    ├ OutputStrength: (documentation changed)
│    │    │    └ Type: (documentation changed)
│    │    ├[~] type ContentPolicyConfig
│    │    │ ├  - documentation: Content policy config for a guardrail.
│    │    │ │  + documentation: Contains details about how to handle harmful content.
│    │    │ └ properties
│    │    │    └ FiltersConfig: (documentation changed)
│    │    ├[~] type ManagedWordsConfig
│    │    │ ├  - documentation: A managed words config.
│    │    │ │  + documentation: The managed word list to configure for the guardrail.
│    │    │ └ properties
│    │    │    └ Type: (documentation changed)
│    │    ├[~] type PiiEntityConfig
│    │    │ ├  - documentation: Pii entity configuration.
│    │    │ │  + documentation: The PII entity to configure for the guardrail.
│    │    │ └ properties
│    │    │    ├ Action: (documentation changed)
│    │    │    └ Type: (documentation changed)
│    │    ├[~] type RegexConfig
│    │    │ ├  - documentation: A regex configuration.
│    │    │ │  + documentation: The regular expression to configure for the guardrail.
│    │    │ └ properties
│    │    │    ├ Action: (documentation changed)
│    │    │    ├ Description: (documentation changed)
│    │    │    ├ Name: (documentation changed)
│    │    │    └ Pattern: (documentation changed)
│    │    ├[~] type SensitiveInformationPolicyConfig
│    │    │ ├  - documentation: Sensitive information policy config for a guardrail.
│    │    │ │  + documentation: Contains details about PII entities and regular expressions to configure for the guardrail.
│    │    │ └ properties
│    │    │    ├ PiiEntitiesConfig: (documentation changed)
│    │    │    └ RegexesConfig: (documentation changed)
│    │    ├[~] type TopicConfig
│    │    │ ├  - documentation: Topic config in topic policy.
│    │    │ │  + documentation: Details about topics for the guardrail to identify and deny.
│    │    │ └ properties
│    │    │    ├ Definition: (documentation changed)
│    │    │    ├ Examples: (documentation changed)
│    │    │    ├ Name: (documentation changed)
│    │    │    └ Type: (documentation changed)
│    │    ├[~] type TopicPolicyConfig
│    │    │ ├  - documentation: Topic policy config for a guardrail.
│    │    │ │  + documentation: Contains details about topics that the guardrail should identify and deny.
│    │    │ └ properties
│    │    │    └ TopicsConfig: (documentation changed)
│    │    ├[~] type WordConfig
│    │    │ ├  - documentation: A custom word config.
│    │    │ │  + documentation: A word to configure for the guardrail.
│    │    │ └ properties
│    │    │    └ Text: (documentation changed)
│    │    └[~] type WordPolicyConfig
│    │      ├  - documentation: Word policy config for a guardrail.
│    │      │  + documentation: Contains details about the word policy to configured for the guardrail.
│    │      └ properties
│    │         ├ ManagedWordListsConfig: (documentation changed)
│    │         └ WordsConfig: (documentation changed)
│    └[~] resource AWS::Bedrock::GuardrailVersion
│      ├ properties
│      │  └ GuardrailIdentifier: (documentation changed)
│      └ attributes
│         └ GuardrailArn: (documentation changed)
├[~] service aws-chatbot
│ └ resources
│    ├[~] resource AWS::Chatbot::MicrosoftTeamsChannelConfiguration
│    │ └ properties
│    │    └ Tags: (documentation changed)
│    └[~] resource AWS::Chatbot::SlackChannelConfiguration
│      └ properties
│         └ Tags: (documentation changed)
├[~] service aws-cloudformation
│ └ resources
│    └[~] resource AWS::CloudFormation::CustomResource
│      └ properties
│         └ ServiceToken: (documentation changed)
├[~] service aws-cloudfront
│ └ resources
│    ├[~] resource AWS::CloudFront::Distribution
│    │ └ types
│    │    └[~] type DistributionConfig
│    │      └ properties
│    │         ├ OriginGroups: (documentation changed)
│    │         └ Origins: (documentation changed)
│    └[~] resource AWS::CloudFront::KeyValueStore
│      └ attributes
│         └ Status: (documentation changed)
├[~] service aws-cloudtrail
│ └ resources
│    ├[~] resource AWS::CloudTrail::EventDataStore
│    │ └ types
│    │    └[~] type AdvancedFieldSelector
│    │      └ properties
│    │         └ Field: (documentation changed)
│    └[~] resource AWS::CloudTrail::Trail
│      └ types
│         └[~] type AdvancedFieldSelector
│           └ properties
│              └ Field: (documentation changed)
├[~] service aws-codebuild
│ └ resources
│    ├[~] resource AWS::CodeBuild::Fleet
│    │ ├ properties
│    │ │  ├ FleetServiceRole: (documentation changed)
│    │ │  ├ FleetVpcConfig: (documentation changed)
│    │ │  └ OverflowBehavior: (documentation changed)
│    │ └ types
│    │    └[~] type VpcConfig
│    │      ├  - documentation: undefined
│    │      │  + documentation: Information about the VPC configuration that AWS CodeBuild accesses.
│    │      └ properties
│    │         ├ SecurityGroupIds: (documentation changed)
│    │         ├ Subnets: (documentation changed)
│    │         └ VpcId: (documentation changed)
│    ├[~] resource AWS::CodeBuild::Project
│    │ ├ properties
│    │ │  ├ SourceVersion: (documentation changed)
│    │ │  └ TimeoutInMinutes: (documentation changed)
│    │ └ types
│    │    ├[~] type ProjectSourceVersion
│    │    │ └ properties
│    │    │    └ SourceVersion: (documentation changed)
│    │    └[~] type WebhookFilter
│    │      └ properties
│    │         └ Type: (documentation changed)
│    └[~] resource AWS::CodeBuild::SourceCredential
│      └ properties
│         └ Token: (documentation changed)
├[~] service aws-codepipeline
│ └ resources
│    └[~] resource AWS::CodePipeline::Pipeline
│      └ types
│         ├[~] type FailureConditions
│         │ ├  - documentation: undefined
│         │ │  + documentation: The configuration that specifies the result, such as rollback, to occur upon stage failure.
│         │ └ properties
│         │    └ Result: (documentation changed)
│         └[~] type StageDeclaration
│           └ properties
│              └ OnFailure: (documentation changed)
├[~] service aws-datazone
│ └ resources
│    ├[~] resource AWS::DataZone::GroupProfile
│    │ ├  - documentation: Group profiles represent groups of Amazon DataZone users. Groups can be manually created, or mapped to Active Directory groups of enterprise customers. In Amazon DataZone, groups serve two purposes. First, a group can map to a team of users in the organizational chart, and thus reduce the administrative work of a Amazon DataZone project owner when there are new employees joining or leaving a team. Second, corporate administrators use Active Directory groups to manage and update user statuses and so Amazon DataZone domain administrators can use these group memberships to implement Amazon DataZone domain policies.
│    │ │  + documentation: The details of a group profile in Amazon DataZone.
│    │ ├ properties
│    │ │  ├ DomainIdentifier: (documentation changed)
│    │ │  ├ GroupIdentifier: (documentation changed)
│    │ │  └ Status: (documentation changed)
│    │ └ attributes
│    │    ├ DomainId: (documentation changed)
│    │    ├ GroupName: (documentation changed)
│    │    └ Id: (documentation changed)
│    ├[~] resource AWS::DataZone::ProjectMembership
│    │ ├  - documentation: Definition of AWS::DataZone::ProjectMembership Resource Type
│    │ │  + documentation: The `AWS::DataZone::ProjectMembership` resource adds a member to an Amazon DataZone project. Project members consume assets from the Amazon DataZone catalog and produce new assets using one or more analytical workflows.
│    │ ├ properties
│    │ │  ├ Designation: (documentation changed)
│    │ │  ├ DomainIdentifier: (documentation changed)
│    │ │  ├ Member: (documentation changed)
│    │ │  └ ProjectIdentifier: (documentation changed)
│    │ └ types
│    │    └[~] type Member
│    │      ├  - documentation: undefined
│    │      │  + documentation: The details about a project member.
│    │      │  Important - this data type is a UNION, so only one of the following members can be specified when used or returned.
│    │      └ properties
│    │         ├ GroupIdentifier: (documentation changed)
│    │         └ UserIdentifier: (documentation changed)
│    └[~] resource AWS::DataZone::UserProfile
│      ├  - documentation: A user profile represents Amazon DataZone users. Amazon DataZone supports both IAM roles and SSO identities to interact with the Amazon DataZone Management Console and the data portal for different purposes. Domain administrators use IAM roles to perform the initial administrative domain-related work in the Amazon DataZone Management Console, including creating new Amazon DataZone domains, configuring metadata form types, and implementing policies. Data workers use their SSO corporate identities via Identity Center to log into the Amazon DataZone Data Portal and access projects where they have memberships.
│      │  + documentation: The user type of the user for which the user profile is created.
│      ├ properties
│      │  ├ DomainIdentifier: (documentation changed)
│      │  ├ UserIdentifier: (documentation changed)
│      │  └ UserType: (documentation changed)
│      ├ attributes
│      │  ├ DomainId: (documentation changed)
│      │  └ Id: (documentation changed)
│      └ types
│         ├[~] type IamUserProfileDetails
│         │ ├  - documentation: The details of the IAM User Profile.
│         │ │  + documentation: The details of an IAM user profile in Amazon DataZone.
│         │ └ properties
│         │    └ Arn: (documentation changed)
│         ├[~] type SsoUserProfileDetails
│         │ ├  - documentation: The details of the SSO User Profile.
│         │ │  + documentation: The single sign-on details of the user profile.
│         │ └ properties
│         │    ├ FirstName: (documentation changed)
│         │    ├ LastName: (documentation changed)
│         │    └ Username: (documentation changed)
│         └[~] type UserProfileDetails
│           ├  - documentation: undefined
│           │  + documentation: The details of the user profile in Amazon DataZone.
│           └ properties
│              ├ Iam: (documentation changed)
│              └ Sso: (documentation changed)
├[~] service aws-deadline
│ └ resources
│    ├[~] resource AWS::Deadline::Farm
│    │ ├  - tagInformation: undefined
│    │ │  + tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│    │ └ properties
│    │    └[+] Tags: Array<tag>
│    ├[~] resource AWS::Deadline::Fleet
│    │ ├  - tagInformation: undefined
│    │ │  + tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│    │ └ properties
│    │    └[+] Tags: Array<tag>
│    ├[~] resource AWS::Deadline::LicenseEndpoint
│    │ ├  - tagInformation: undefined
│    │ │  + tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│    │ └ properties
│    │    └[+] Tags: Array<tag>
│    ├[+] resource AWS::Deadline::Monitor
│    │ ├  name: Monitor
│    │ │  cloudFormationType: AWS::Deadline::Monitor
│    │ │  documentation: Creates an AWS Deadline Cloud monitor that you can use to view your farms, queues, and fleets. After you submit a job, you can track the progress of the tasks and steps that make up the job, and then download the job's results.
│    │ ├ properties
│    │ │  ├DisplayName: string (required)
│    │ │  ├IdentityCenterInstanceArn: string (required, immutable)
│    │ │  ├RoleArn: string (required)
│    │ │  └Subdomain: string (required)
│    │ └ attributes
│    │    ├IdentityCenterApplicationArn: string
│    │    ├MonitorId: string
│    │    ├Url: string
│    │    └Arn: string
│    ├[~] resource AWS::Deadline::Queue
│    │ ├  - tagInformation: undefined
│    │ │  + tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│    │ └ properties
│    │    └[+] Tags: Array<tag>
│    └[~] resource AWS::Deadline::QueueEnvironment
│      └ properties
│         └ Template: (documentation changed)
├[~] service aws-ec2
│ └ resources
│    ├[~] resource AWS::EC2::CapacityReservationFleet
│    │ ├ properties
│    │ │  ├ AllocationStrategy: (documentation changed)
│    │ │  └ TotalTargetCapacity: (documentation changed)
│    │ └ types
│    │    └[~] type InstanceTypeSpecification
│    │      └ properties
│    │         └ Priority: (documentation changed)
│    ├[~] resource AWS::EC2::ClientVpnEndpoint
│    │ └ types
│    │    └[~] type TagSpecification
│    │      ├  - documentation: The tags to apply to a resource when the resource is being created. When you specify a tag, you must specify the resource type to tag, otherwise the request will fail.
│    │      │  > The `Valid Values` lists all the resource types that can be tagged. However, the action you're using might not support tagging all of these resource types. If you try to tag a resource type that is unsupported for the action you're using, you'll get an error.
│    │      │  + documentation: Specifies the tags to apply to the Client VPN endpoint.
│    │      └ properties
│    │         └ ResourceType: (documentation changed)
│    ├[~] resource AWS::EC2::CustomerGateway
│    │ └ properties
│    │    ├ BgpAsn: (documentation changed)
│    │    ├ BgpAsnExtended: (documentation changed)
│    │    └ IpAddress: (documentation changed)
│    ├[~] resource AWS::EC2::EC2Fleet
│    │ └ types
│    │    ├[~] type OnDemandOptionsRequest
│    │    │ └ properties
│    │    │    ├ MaxTotalPrice: (documentation changed)
│    │    │    └ MinTargetCapacity: (documentation changed)
│    │    └[~] type SpotOptionsRequest
│    │      └ properties
│    │         ├ MaxTotalPrice: (documentation changed)
│    │         └ MinTargetCapacity: (documentation changed)
│    ├[~] resource AWS::EC2::FlowLog
│    │ └ properties
│    │    └ MaxAggregationInterval: (documentation changed)
│    ├[~] resource AWS::EC2::Host
│    │ └ properties
│    │    └ AutoPlacement: (documentation changed)
│    ├[~] resource AWS::EC2::Instance
│    │ ├ properties
│    │ │  └ HibernationOptions: (documentation changed)
│    │ └ types
│    │    └[~] type ElasticGpuSpecification
│    │      └ properties
│    │         └ Type: (documentation changed)
│    ├[~] resource AWS::EC2::LaunchTemplate
│    │ └ types
│    │    ├[~] type ConnectionTrackingSpecification
│    │    │ └  - documentation: A security group connection tracking specification that enables you to set the idle timeout for connection tracking on an Elastic network interface. For more information, see [Connection tracking timeouts](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-connection-tracking.html#connection-tracking-timeouts) in the *Amazon Elastic Compute Cloud User Guide* .
│    │    │    + documentation: A security group connection tracking specification that enables you to set the idle timeout for connection tracking on an Elastic network interface. For more information, see [Connection tracking timeouts](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-connection-tracking.html#connection-tracking-timeouts) in the *Amazon EC2 User Guide* .
│    │    ├[~] type ElasticGpuSpecification
│    │    │ └ properties
│    │    │    └ Type: (documentation changed)
│    │    ├[~] type Ipv4PrefixSpecification
│    │    │ └ properties
│    │    │    └ Ipv4Prefix: (documentation changed)
│    │    ├[~] type LaunchTemplateData
│    │    │ └ properties
│    │    │    ├ CpuOptions: (documentation changed)
│    │    │    ├ DisableApiStop: (documentation changed)
│    │    │    ├ HibernationOptions: (documentation changed)
│    │    │    ├ InstanceType: (documentation changed)
│    │    │    ├ MetadataOptions: (documentation changed)
│    │    │    ├ RamDiskId: (documentation changed)
│    │    │    └ UserData: (documentation changed)
│    │    └[~] type NetworkInterface
│    │      └ properties
│    │         └ InterfaceType: (documentation changed)
│    ├[~] resource AWS::EC2::NetworkInterface
│    │ └ types
│    │    └[~] type Ipv4PrefixSpecification
│    │      └ properties
│    │         └ Ipv4Prefix: (documentation changed)
│    ├[~] resource AWS::EC2::SpotFleet
│    │ └ types
│    │    ├[~] type SpotCapacityRebalance
│    │    │ └  - documentation: The Spot Instance replacement strategy to use when Amazon EC2 emits a signal that your Spot Instance is at an elevated risk of being interrupted. For more information, see [Capacity rebalancing](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-capacity-rebalance.html) in the *Amazon EC2 User Guide for Linux Instances* .
│    │    │    + documentation: The Spot Instance replacement strategy to use when Amazon EC2 emits a signal that your Spot Instance is at an elevated risk of being interrupted. For more information, see [Capacity rebalancing](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-capacity-rebalance.html) in the *Amazon EC2 User Guide* .
│    │    ├[~] type SpotFleetRequestConfigData
│    │    │ └ properties
│    │    │    ├ OnDemandMaxTotalPrice: (documentation changed)
│    │    │    └ SpotMaxTotalPrice: (documentation changed)
│    │    └[~] type SpotMaintenanceStrategies
│    │      └ properties
│    │         └ CapacityRebalance: (documentation changed)
│    ├[~] resource AWS::EC2::TrafficMirrorSession
│    │ └ properties
│    │    └ VirtualNetworkId: (documentation changed)
│    ├[~] resource AWS::EC2::TransitGatewayRoute
│    │ └ attributes
│    │    └[-] Id: string
│    └[~] resource AWS::EC2::Volume
│      └ properties
│         └ Iops: (documentation changed)
├[~] service aws-ecs
│ └ resources
│    ├[~] resource AWS::ECS::Cluster
│    │ ├ properties
│    │ │  └ Configuration: (documentation changed)
│    │ └ types
│    │    ├[~] type ClusterConfiguration
│    │    │ ├  - documentation: The execute command configuration for the cluster.
│    │    │ │  + documentation: The execute command and managed storage configuration for the cluster.
│    │    │ └ properties
│    │    │    └ ManagedStorageConfiguration: (documentation changed)
│    │    └[~] type ManagedStorageConfiguration
│    │      ├  - documentation: undefined
│    │      │  + documentation: The managed storage configuration for the cluster.
│    │      └ properties
│    │         ├ FargateEphemeralStorageKmsKeyId: (documentation changed)
│    │         └ KmsKeyId: (documentation changed)
│    └[~] resource AWS::ECS::TaskDefinition
│      └ types
│         └[~] type ResourceRequirement
│           └ properties
│              ├ Type: (documentation changed)
│              └ Value: (documentation changed)
├[~] service aws-eks
│ └ resources
│    └[~] resource AWS::EKS::Addon
│      ├ properties
│      │  └ PodIdentityAssociations: (documentation changed)
│      └ types
│         └[~] type PodIdentityAssociation
│           ├  - documentation: A pod identity to associate with an add-on.
│           │  + documentation: Amazon EKS Pod Identity associations provide the ability to manage credentials for your applications, similar to the way that Amazon EC2 instance profiles provide credentials to Amazon EC2 instances.
│           └ properties
│              ├ RoleArn: (documentation changed)
│              └ ServiceAccount: (documentation changed)
├[~] service aws-elasticloadbalancingv2
│ └ resources
│    └[~] resource AWS::ElasticLoadBalancingV2::LoadBalancer
│      └ properties
│         └ IpAddressType: (documentation changed)
├[~] service aws-emrserverless
│ └ resources
│    └[~] resource AWS::EMRServerless::Application
│      └ types
│         ├[~] type CloudWatchLoggingConfiguration
│         │ ├  - documentation: The Amazon CloudWatch configuration for monitoring logs. You can configure your jobs to send log information to CloudWatch .
│         │ │  + documentation: The Amazon CloudWatch configuration for monitoring logs. You can configure your jobs to send log information to CloudWatch.
│         │ └ properties
│         │    └ EncryptionKeyArn: (documentation changed)
│         └[~] type MonitoringConfiguration
│           └ properties
│              └ CloudWatchLoggingConfiguration: (documentation changed)
├[~] service aws-events
│ └ resources
│    ├[~] resource AWS::Events::EventBus
│    │ ├ properties
│    │ │  ├ DeadLetterConfig: (documentation changed)
│    │ │  ├ Description: (documentation changed)
│    │ │  └ KmsKeyIdentifier: (documentation changed)
│    │ └ types
│    │    └[~] type DeadLetterConfig
│    │      ├  - documentation: Dead Letter Queue for the event bus.
│    │      │  + documentation: Configuration details of the Amazon SQS queue for EventBridge to use as a dead-letter queue (DLQ).
│    │      │  For more information, see [Using dead-letter queues to process undelivered events](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-rule-event-delivery.html#eb-rule-dlq) in the *EventBridge User Guide* .
│    │      └ properties
│    │         └ Arn: (documentation changed)
│    └[~] resource AWS::Events::Rule
│      └ types
│         └[~] type DeadLetterConfig
│           └  - documentation: Configuration details of the Amazon SQS queue for EventBridge to use as a dead-letter queue (DLQ).
│              For more information, see [Event retry policy and using dead-letter queues](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-rule-dlq.html) in the *EventBridge User Guide* .
│              + documentation: Configuration details of the Amazon SQS queue for EventBridge to use as a dead-letter queue (DLQ).
│              For more information, see [Using dead-letter queues to process undelivered events](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-rule-event-delivery.html#eb-rule-dlq) in the *EventBridge User Guide* .
├[~] service aws-fsx
│ └ resources
│    ├[~] resource AWS::FSx::FileSystem
│    │ ├ properties
│    │ │  └ FileSystemTypeVersion: (documentation changed)
│    │ └ types
│    │    ├[~] type LustreConfiguration
│    │    │ └ properties
│    │    │    ├ DeploymentType: (documentation changed)
│    │    │    └[+] MetadataConfiguration: MetadataConfiguration
│    │    ├[+] type MetadataConfiguration
│    │    │ ├  name: MetadataConfiguration
│    │    │ └ properties
│    │    │    ├Mode: string
│    │    │    └Iops: integer
│    │    └[~] type OntapConfiguration
│    │      └ properties
│    │         └ HAPairs: (documentation changed)
│    └[~] resource AWS::FSx::Volume
│      └ types
│         └[~] type OntapConfiguration
│           └ properties
│              ├ OntapVolumeType: (documentation changed)
│              ├ SecurityStyle: (documentation changed)
│              └ VolumeStyle: (documentation changed)
├[~] service aws-glue
│ └ resources
│    └[~] resource AWS::Glue::Crawler
│      └ types
│         └[~] type JdbcTarget
│           └ properties
│              └[+] EnableAdditionalMetadata: Array<string>
├[~] service aws-grafana
│ └ resources
│    └[~] resource AWS::Grafana::Workspace
│      └ properties
│         └ OrganizationRoleName: (documentation changed)
├[~] service aws-groundstation
│ └ resources
│    ├[~] resource AWS::GroundStation::Config
│    │ └ types
│    │    ├[~] type DecodeConfig
│    │    │ └ properties
│    │    │    └ UnvalidatedJSON: (documentation changed)
│    │    └[~] type DemodulationConfig
│    │      └ properties
│    │         └ UnvalidatedJSON: (documentation changed)
│    ├[~] resource AWS::GroundStation::DataflowEndpointGroup
│    │ └ types
│    │    ├[~] type ConnectionDetails
│    │    │ ├  - documentation: undefined
│    │    │ │  + documentation: Egress address of AgentEndpoint with an optional mtu.
│    │    │ └ properties
│    │    │    ├ Mtu: (documentation changed)
│    │    │    └ SocketAddress: (documentation changed)
│    │    ├[~] type DataflowEndpoint
│    │    │ └ properties
│    │    │    └ Mtu: (documentation changed)
│    │    ├[~] type EndpointDetails
│    │    │ └ properties
│    │    │    └ AwsGroundStationAgentEndpoint: (documentation changed)
│    │    ├[~] type IntegerRange
│    │    │ ├  - documentation: undefined
│    │    │ │  + documentation: An integer range that has a minimum and maximum value.
│    │    │ └ properties
│    │    │    ├ Maximum: (documentation changed)
│    │    │    └ Minimum: (documentation changed)
│    │    ├[~] type RangedConnectionDetails
│    │    │ ├  - documentation: undefined
│    │    │ │  + documentation: Ingress address of AgentEndpoint with a port range and an optional mtu.
│    │    │ └ properties
│    │    │    ├ Mtu: (documentation changed)
│    │    │    └ SocketAddress: (documentation changed)
│    │    └[~] type RangedSocketAddress
│    │      ├  - documentation: undefined
│    │      │  + documentation: A socket address with a port range.
│    │      └ properties
│    │         ├ Name: (documentation changed)
│    │         └ PortRange: (documentation changed)
│    └[~] resource AWS::GroundStation::MissionProfile
│      └ properties
│         ├ StreamsKmsKey: (documentation changed)
│         └ StreamsKmsRole: (documentation changed)
├[~] service aws-guardduty
│ └ resources
│    └[+] resource AWS::GuardDuty::MalwareProtectionPlan
│      ├  name: MalwareProtectionPlan
│      │  cloudFormationType: AWS::GuardDuty::MalwareProtectionPlan
│      │  documentation: Resource Type definition for AWS::GuardDuty::MalwareProtectionPlan
│      │  tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│      ├ properties
│      │  ├Role: string (required)
│      │  ├ProtectedResource: CFNProtectedResource (required)
│      │  ├Actions: CFNActions
│      │  └Tags: Array<TagItem>
│      ├ attributes
│      │  ├MalwareProtectionPlanId: string
│      │  ├Arn: string
│      │  ├CreatedAt: string
│      │  ├Status: string
│      │  └StatusReasons: Array<CFNStatusReasons>
│      └ types
│         ├type CFNProtectedResource
│         │├  name: CFNProtectedResource
│         │└ properties
│         │   └S3Bucket: S3Bucket (required)
│         ├type S3Bucket
│         │├  documentation: Information about the protected S3 bucket resource.
│         ││  name: S3Bucket
│         │└ properties
│         │   ├BucketName: string
│         │   └ObjectPrefixes: Array<string>
│         ├type CFNActions
│         │├  name: CFNActions
│         │└ properties
│         │   └Tagging: CFNTagging
│         ├type CFNTagging
│         │├  name: CFNTagging
│         │└ properties
│         │   └Status: string
│         ├type CFNStatusReasons
│         │├  name: CFNStatusReasons
│         │└ properties
│         │   ├Code: string
│         │   └Message: string
│         └type TagItem
│          ├  name: TagItem
│          └ properties
│             ├Key: string (required)
│             └Value: string (required)
├[~] service aws-iot
│ └ resources
│    └[~] resource AWS::IoT::TopicRule
│      └ properties
│         └ RuleName: (documentation changed)
├[~] service aws-lambda
│ └ resources
│    └[~] resource AWS::Lambda::Function
│      └ properties
│         └ Runtime: (documentation changed)
├[~] service aws-lightsail
│ └ resources
│    └[~] resource AWS::Lightsail::Instance
│      └ attributes
│         └ Ipv6Addresses: (documentation changed)
├[~] service aws-location
│ └ resources
│    └[~] resource AWS::Location::Map
│      └ types
│         └[~] type MapConfiguration
│           └ properties
│              └ Style: (documentation changed)
├[~] service aws-mediapackagev2
│ └ resources
│    └[~] resource AWS::MediaPackageV2::OriginEndpoint
│      ├ properties
│      │  └ DashManifests: (documentation changed)
│      └ types
│         ├[~] type DashUtcTiming
│         │ ├  - documentation: <p>Determines the type of UTC timing included in the DASH Media Presentation Description (MPD).</p>
│         │ │  + documentation: Determines the type of UTC timing included in the DASH Media Presentation Description (MPD).
│         │ └ properties
│         │    ├ TimingMode: (documentation changed)
│         │    └ TimingSource: (documentation changed)
│         ├[~] type FilterConfiguration
│         │ ├  - documentation: <p>Filter configuration includes settings for manifest filtering, start and end times, and time delay that apply to all of your egress requests for this manifest. </p>
│         │ │  + documentation: Filter configuration includes settings for manifest filtering, start and end times, and time delay that apply to all of your egress requests for this manifest.
│         │ └ properties
│         │    ├ End: (documentation changed)
│         │    ├ ManifestFilter: (documentation changed)
│         │    ├ Start: (documentation changed)
│         │    └ TimeDelaySeconds: (documentation changed)
│         └[~] type ScteDash
│           ├  - documentation: <p>The SCTE configuration.</p>
│           │  + documentation: The SCTE configuration.
│           └ properties
│              └ AdMarkerDash: (documentation changed)
├[~] service aws-mediatailor
│ └ resources
│    └[~] resource AWS::MediaTailor::PlaybackConfiguration
│      └ types
│         └[~] type AvailSuppression
│           └ properties
│              └ FillPolicy: (documentation changed)
├[~] service aws-msk
│ └ resources
│    └[~] resource AWS::MSK::Cluster
│      └ properties
│         └ ClientAuthentication: (documentation changed)
├[~] service aws-mwaa
│ └ resources
│    └[~] resource AWS::MWAA::Environment
│      └ properties
│         ├ MaxWebservers: (documentation changed)
│         └ MinWebservers: (documentation changed)
├[~] service aws-nimblestudio
│ └ resources
│    ├[~] resource AWS::NimbleStudio::LaunchProfile
│    │ └ properties
│    │    └ StudioId: (documentation changed)
│    ├[~] resource AWS::NimbleStudio::StreamingImage
│    │ └ properties
│    │    └ StudioId: (documentation changed)
│    └[~] resource AWS::NimbleStudio::StudioComponent
│      └ properties
│         └ StudioId: (documentation changed)
├[~] service aws-opensearchservice
│ └ resources
│    └[~] resource AWS::OpenSearchService::Domain
│      └ types
│         └[~] type DomainEndpointOptions
│           └ properties
│              └ TLSSecurityPolicy: (documentation changed)
├[~] service aws-opsworks
│ └ resources
│    └[~] resource AWS::OpsWorks::Layer
│      └ types
│         └[~] type VolumeConfiguration
│           └ properties
│              └ VolumeType: (documentation changed)
├[~] service aws-osis
│ └ resources
│    └[~] resource AWS::OSIS::Pipeline
│      ├ attributes
│      │  └[+] VpcEndpointService: string
│      └ types
│         └[~] type VpcOptions
│           └ properties
│              └[+] VpcEndpointManagement: string
├[~] service aws-pipes
│ └ resources
│    └[~] resource AWS::Pipes::Pipe
│      └ types
│         ├[~] type DimensionMapping
│         │ ├  - documentation: undefined
│         │ │  + documentation: Maps source data to a dimension in the target Timestream for LiveAnalytics table.
│         │ │  For more information, see [Amazon Timestream for LiveAnalytics concepts](https://docs.aws.amazon.com/timestream/latest/developerguide/concepts.html)
│         │ └ properties
│         │    ├ DimensionName: (documentation changed)
│         │    ├ DimensionValue: (documentation changed)
│         │    └ DimensionValueType: (documentation changed)
│         ├[~] type MultiMeasureAttributeMapping
│         │ ├  - documentation: undefined
│         │ │  + documentation: A mapping of a source event data field to a measure in a Timestream for LiveAnalytics record.
│         │ └ properties
│         │    ├ MeasureValue: (documentation changed)
│         │    ├ MeasureValueType: (documentation changed)
│         │    └ MultiMeasureAttributeName: (documentation changed)
│         ├[~] type MultiMeasureMapping
│         │ ├  - documentation: undefined
│         │ │  + documentation: Maps multiple measures from the source event to the same Timestream for LiveAnalytics record.
│         │ │  For more information, see [Amazon Timestream for LiveAnalytics concepts](https://docs.aws.amazon.com/timestream/latest/developerguide/concepts.html)
│         │ └ properties
│         │    ├ MultiMeasureAttributeMappings: (documentation changed)
│         │    └ MultiMeasureName: (documentation changed)
│         ├[~] type PipeTargetParameters
│         │ └ properties
│         │    └ TimestreamParameters: (documentation changed)
│         ├[~] type PipeTargetTimestreamParameters
│         │ ├  - documentation: undefined
│         │ │  + documentation: The parameters for using a Timestream for LiveAnalytics table as a target.
│         │ └ properties
│         │    ├ DimensionMappings: (documentation changed)
│         │    ├ EpochTimeUnit: (documentation changed)
│         │    ├ MultiMeasureMappings: (documentation changed)
│         │    ├ SingleMeasureMappings: (documentation changed)
│         │    ├ TimeFieldType: (documentation changed)
│         │    ├ TimestampFormat: (documentation changed)
│         │    ├ TimeValue: (documentation changed)
│         │    └ VersionValue: (documentation changed)
│         └[~] type SingleMeasureMapping
│           ├  - documentation: undefined
│           │  + documentation: Maps a single source data field to a single record in the specified Timestream for LiveAnalytics table.
│           │  For more information, see [Amazon Timestream for LiveAnalytics concepts](https://docs.aws.amazon.com/timestream/latest/developerguide/concepts.html)
│           └ properties
│              ├ MeasureName: (documentation changed)
│              ├ MeasureValue: (documentation changed)
│              └ MeasureValueType: (documentation changed)
├[~] service aws-quicksight
│ └ resources
│    └[~] resource AWS::QuickSight::DataSource
│      └ types
│         ├[~] type RedshiftIAMParameters
│         │ ├  - documentation: <p>A structure that grants Amazon QuickSight access to your cluster and make a call to the <code>redshift:GetClusterCredentials</code> API. For more information on the <code>redshift:GetClusterCredentials</code> API, see <a href="https://docs.aws.amazon.com/redshift/latest/APIReference/API_GetClusterCredentials.html">
│         │ │                 <code>GetClusterCredentials</code>
│         │ │              </a>.</p>
│         │ │  + documentation: A structure that grants Amazon QuickSight access to your cluster and make a call to the `redshift:GetClusterCredentials` API. For more information on the `redshift:GetClusterCredentials` API, see [`GetClusterCredentials`](https://docs.aws.amazon.com/redshift/latest/APIReference/API_GetClusterCredentials.html) .
│         │ └ properties
│         │    ├ AutoCreateDatabaseUser: (documentation changed)
│         │    ├ DatabaseGroups: (documentation changed)
│         │    ├ DatabaseUser: (documentation changed)
│         │    └ RoleArn: (documentation changed)
│         └[~] type RedshiftParameters
│           └ properties
│              └ IAMParameters: (documentation changed)
├[~] service aws-rds
│ └ resources
│    ├[~] resource AWS::RDS::DBCluster
│    │ └ types
│    │    └[~] type ServerlessV2ScalingConfiguration
│    │      ├  - documentation: The `ServerlessV2ScalingConfiguration` property type specifies the scaling configuration of an Aurora Serverless V2 DB cluster.
│    │      │  For more information, see [Using Amazon Aurora Serverless v2](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.html) in the *Amazon Aurora User Guide* .
│    │      │  If you have an Aurora cluster, you must set the `ScalingConfigurationInfo` attribute before you add a DB instance that uses the `db.serverless` DB instance class. For more information, see [Clusters that use Aurora Serverless v2 must have a capacity range specified](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.requirements.html#aurora-serverless-v2.requirements.capacity-range) in the *Amazon Aurora User Guide* .
│    │      │  This property is only supported for Aurora Serverless v2. For Aurora Serverless v1, use the `ScalingConfiguration` property.
│    │      │  Valid for: Aurora Serverless v2 DB clusters
│    │      │  + documentation: The `ServerlessV2ScalingConfiguration` property type specifies the scaling configuration of an Aurora Serverless V2 DB cluster. For more information, see [Using Amazon Aurora Serverless v2](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.html) in the *Amazon Aurora User Guide* .
│    │      │  If you have an Aurora cluster, you must set this attribute before you add a DB instance that uses the `db.serverless` DB instance class. For more information, see [Clusters that use Aurora Serverless v2 must have a capacity range specified](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.requirements.html#aurora-serverless-v2.requirements.capacity-range) in the *Amazon Aurora User Guide* .
│    │      │  This property is only supported for Aurora Serverless v2. For Aurora Serverless v1, use the `ScalingConfiguration` property.
│    │      │  Valid for: Aurora Serverless v2 DB clusters
│    │      └ properties
│    │         └ MaxCapacity: (documentation changed)
│    └[~] resource AWS::RDS::DBInstance
│      └ properties
│         ├ KmsKeyId: (documentation changed)
│         ├ SourceDBInstanceIdentifier: (documentation changed)
│         └ StorageEncrypted: (documentation changed)
├[~] service aws-refactorspaces
│ └ resources
│    └[~] resource AWS::RefactorSpaces::Application
│      ├  - documentation: Creates an AWS Migration Hub Refactor Spaces application. The account that owns the environment also owns the applications created inside the environment, regardless of the account that creates the application. Refactor Spaces provisions an Amazon API Gateway , API Gateway VPC link, and Network Load Balancer for the application proxy inside your account.
│      │  In environments created with a [CreateEnvironment:NetworkFabricType](https://docs.aws.amazon.com/migrationhub-refactor-spaces/latest/APIReference/API_CreateEnvironment.html#migrationhubrefactorspaces-CreateEnvironment-request-NetworkFabricType) of `NONE` you need to configure [VPC to VPC connectivity](https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/amazon-vpc-to-amazon-vpc-connectivity-options.html) between your service VPC and the application proxy VPC to route traffic through the application proxy to a service with a private URL endpoint. For more information, see [Create an application](https://docs.aws.amazon.com/migrationhub-refactor-spaces/latest/userguide/getting-started-create-application.html) in the *Refactor Spaces User Guide* .
│      │  + documentation: Creates an AWS Migration Hub Refactor Spaces application. The account that owns the environment also owns the applications created inside the environment, regardless of the account that creates the application. Refactor Spaces provisions an Amazon API Gateway, API Gateway VPC link, and Network Load Balancer for the application proxy inside your account.
│      │  In environments created with a [CreateEnvironment:NetworkFabricType](https://docs.aws.amazon.com/migrationhub-refactor-spaces/latest/APIReference/API_CreateEnvironment.html#migrationhubrefactorspaces-CreateEnvironment-request-NetworkFabricType) of `NONE` you need to configure [VPC to VPC connectivity](https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/amazon-vpc-to-amazon-vpc-connectivity-options.html) between your service VPC and the application proxy VPC to route traffic through the application proxy to a service with a private URL endpoint. For more information, see [Create an application](https://docs.aws.amazon.com/migrationhub-refactor-spaces/latest/userguide/getting-started-create-application.html) in the *Refactor Spaces User Guide* .
│      └ types
│         └[~] type ApiGatewayProxyInput
│           └ properties
│              └ EndpointType: (documentation changed)
├[~] service aws-rolesanywhere
│ └ resources
│    ├[~] resource AWS::RolesAnywhere::Profile
│    │ ├ properties
│    │ │  └ AttributeMappings: (documentation changed)
│    │ └ types
│    │    ├[~] type AttributeMapping
│    │    │ ├  - documentation: undefined
│    │    │ │  + documentation: A mapping applied to the authenticating end-entity certificate.
│    │    │ └ properties
│    │    │    ├ CertificateField: (documentation changed)
│    │    │    └ MappingRules: (documentation changed)
│    │    └[~] type MappingRule
│    │      ├  - documentation: undefined
│    │      │  + documentation: A single mapping entry for each supported specifier or sub-field.
│    │      └ properties
│    │         └ Specifier: (documentation changed)
│    └[~] resource AWS::RolesAnywhere::TrustAnchor
│      └ types
│         └[~] type NotificationSetting
│           ├  - documentation: Customizable notification settings that will be applied to notification events. IAM Roles Anywhere consumes these settings while notifying across multiple channels - CloudWatch metrics, EventBridge , and AWS Health Dashboard .
│           │  + documentation: Customizable notification settings that will be applied to notification events. IAM Roles Anywhere consumes these settings while notifying across multiple channels - CloudWatch metrics, EventBridge, and AWS Health Dashboard .
│           └ properties
│              └ Channel: (documentation changed)
├[~] service aws-sagemaker
│ └ resources
│    └[~] resource AWS::SageMaker::Domain
│      └ types
│         └[~] type DefaultSpaceSettings
│           └ properties
│              └ CustomFileSystemConfigs: (documentation changed)
├[~] service aws-securityhub
│ └ resources
│    ├[~] resource AWS::SecurityHub::ConfigurationPolicy
│    │ ├  - documentation: The AWS::SecurityHub::ConfigurationPolicy resource represents the Central Configuration Policy in your account.
│    │ │  + documentation: The `AWS::SecurityHub::ConfigurationPolicy` resource creates a central configuration policy with the defined settings. Only the AWS Security Hub delegated administrator can create this resource in the home Region. For more information, see [Central configuration in Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/central-configuration-intro.html) in the *AWS Security Hub User Guide* .
│    │ ├ properties
│    │ │  ├ ConfigurationPolicy: (documentation changed)
│    │ │  ├ Name: (documentation changed)
│    │ │  └ Tags: (documentation changed)
│    │ ├ attributes
│    │ │  ├ Arn: (documentation changed)
│    │ │  ├ Id: (documentation changed)
│    │ │  └ UpdatedAt: (documentation changed)
│    │ └ types
│    │    ├[~] type ParameterConfiguration
│    │    │ └ properties
│    │    │    ├ Value: (documentation changed)
│    │    │    └ ValueType: (documentation changed)
│    │    ├[~] type Policy
│    │    │ ├  - documentation: An object that defines how Security Hub is configured.
│    │    │ │  + documentation: An object that defines how AWS Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).
│    │    │ └ properties
│    │    │    └ SecurityHub: (documentation changed)
│    │    ├[~] type SecurityControlCustomParameter
│    │    │ └  - documentation: An object of security control and control parameter value that are included in a configuration policy.
│    │    │    + documentation: A list of security controls and control parameter values that are included in a configuration policy.
│    │    ├[~] type SecurityControlsConfiguration
│    │    │ ├  - documentation: An object that defines which security controls are enabled in an AWS Security Hub configuration policy.
│    │    │ │  + documentation: An object that defines which security controls are enabled in an AWS Security Hub configuration policy. The enablement status of a control is aligned across all of the enabled standards in an account.
│    │    │ └ properties
│    │    │    ├ DisabledSecurityControlIdentifiers: (documentation changed)
│    │    │    └ EnabledSecurityControlIdentifiers: (documentation changed)
│    │    └[~] type SecurityHubPolicy
│    │      ├  - documentation: An object that defines how AWS Security Hub is configured.
│    │      │  + documentation: An object that defines how AWS Security Hub is configured. The configuration policy includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).
│    │      └ properties
│    │         └ SecurityControlsConfiguration: (documentation changed)
│    ├[~] resource AWS::SecurityHub::FindingAggregator
│    │ ├  - documentation: The AWS::SecurityHub::FindingAggregator resource represents the AWS Security Hub Finding Aggregator in your account. One finding aggregator resource is created for each account in non opt-in region in which you configure region linking mode.
│    │ │  + documentation: The `AWS::SecurityHub::FindingAggregator` resource enables cross-Region aggregation. When cross-Region aggregation is enabled, you can aggregate findings, finding updates, insights, control compliance statuses, and security scores from one or more linked Regions to a single aggregation Region. You can then view and manage all of this data from the aggregation Region. For more details about cross-Region aggregation, see [Cross-Region aggregation](https://docs.aws.amazon.com/securityhub/latest/userguide/finding-aggregation.html) in the *AWS Security Hub User Guide*
│    │ │  This resource must be created in the Region that you want to designate as your aggregation Region.
│    │ │  Cross-Region aggregation is also a prerequisite for using [central configuration](https://docs.aws.amazon.com/securityhub/latest/userguide/central-configuration-intro.html) in Security Hub .
│    │ ├ properties
│    │ │  ├ RegionLinkingMode: (documentation changed)
│    │ │  └ Regions: (documentation changed)
│    │ └ attributes
│    │    ├ FindingAggregationRegion: (documentation changed)
│    │    └ FindingAggregatorArn: (documentation changed)
│    ├[~] resource AWS::SecurityHub::OrganizationConfiguration
│    │ ├  - documentation: The AWS::SecurityHub::OrganizationConfiguration resource represents the configuration of your organization in Security Hub. Only the Security Hub administrator account can create Organization Configuration resource in each region and can opt-in to Central Configuration only in the aggregation region of FindingAggregator.
│    │ │  + documentation: The `AWS::SecurityHub::OrganizationConfiguration` resource specifies the way that your AWS organization is configured in AWS Security Hub . Specifically, you can use this resource to specify the configuration type for your organization and whether to automatically Security Hub and security standards in new member accounts. For more information, see [Managing administrator and member accounts](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-accounts.html) in the *AWS Security Hub User Guide* .
│    │ ├ properties
│    │ │  ├ AutoEnable: (documentation changed)
│    │ │  ├ AutoEnableStandards: (documentation changed)
│    │ │  └ ConfigurationType: (documentation changed)
│    │ └ attributes
│    │    ├ OrganizationConfigurationIdentifier: (documentation changed)
│    │    ├ Status: (documentation changed)
│    │    └ StatusMessage: (documentation changed)
│    ├[~] resource AWS::SecurityHub::PolicyAssociation
│    │ ├  - documentation: The AWS::SecurityHub::PolicyAssociation resource represents the AWS Security Hub Central Configuration Policy associations in your Target. Only the AWS Security Hub delegated administrator can create the resouce from the home region.
│    │ │  + documentation: The `AWS::SecurityHub::PolicyAssociation` resource specifies associations for a configuration policy or a self-managed configuration. You can associate a AWS Security Hub configuration policy or self-managed configuration with the organization root, organizational units (OUs), or AWS accounts . After a successful association, the configuration policy takes effect in the specified targets. For more information, see [Creating and associating Security Hub configuration policies](https://docs.aws.amazon.com/securityhub/latest/userguide/create-associate-policy.html) in the *AWS Security Hub User Guide* .
│    │ ├ properties
│    │ │  ├ ConfigurationPolicyId: (documentation changed)
│    │ │  ├ TargetId: (documentation changed)
│    │ │  └ TargetType: (documentation changed)
│    │ └ attributes
│    │    ├ AssociationIdentifier: (documentation changed)
│    │    ├ AssociationStatus: (documentation changed)
│    │    ├ AssociationStatusMessage: (documentation changed)
│    │    ├ AssociationType: (documentation changed)
│    │    └ UpdatedAt: (documentation changed)
│    └[~] resource AWS::SecurityHub::SecurityControl
│      ├  - documentation: A security control in Security Hub describes a security best practice related to a specific resource.
│      │  + documentation: The `AWS::SecurityHub::SecurityControl` resource specifies custom parameter values for an AWS Security Hub control. For a list of controls that support custom parameters, see [Security Hub controls reference](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-controls-reference.html) . You can also use this resource to specify the use of default parameter values for a control. For more information about custom parameters, see [Custom control parameters](https://docs.aws.amazon.com/securityhub/latest/userguide/custom-control-parameters.html) in t…
…provider lambda (aws#30394)

### Issue # (if applicable)

Closes aws#24815.

### Reason for this change

To allow log group customization on the custom resource lambda created for the `autoDeleteObjects` feature.

### Description of changes

At the highest level overview, a static method `setAutoDeleteObjectsLogGroup` is added to the `Bucket` class. When it is called, it will set the log group on the `AutoDeleteObjectsProvider` lambda (i.e. setting the [`LoggingConfig.LogGroup`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-loggingconfig.html#cfn-lambda-function-loggingconfig-loggroup).

In order to support the above change, 2 underlying changes had to be made:
1. `setAutoDeleteObjectsLogGroup(..)` needs to have a way to find the singleton `AutoDeleteObjectsProvider` lambda. This means a method needs to be added in the `AutoDeleteObjectsProvider` class that returns the singleton. Note that the `AutoDeleteObjectsProvider` class itself is code generated. So I have modified the code gen logic to generate the `getProvider(..)` method, which returns the singleton.
2. With a handle of the singleton of type `AutoDeleteObjectsProvider`, which wraps the actual `AWS::Lambda::Function`, we need a way to set the log group on the lambda. With `AutoDeleteObjectsProvider` extending the `CustomResourceProviderBase` type, a method is added to `CustomResourceProviderBase` class to set the log group.

### Description of how you validated changes

Updated the integ test and ran it against my own AWS account

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…jects (aws#30209)

Fixes aws#30573.

I recently had the mispleasure of trying to empty a bucket with ~600000 objects using CDK's `autoDeleteObjects` feature. What I observed was that each lambda invocation would get through a few tens of thousands of objects in relatively good time (a few minutes), then the lambda would grind to a halt doing very little until it reached its 15 minute timeout. This process then repeats with subsequent invocations of the lambda.  I had to empty the bucket in the web console to make real progress toward deleting the bucket.

I have proven that the low memory allocated to the lambda (the default 128mb) plus this recursion is to blame. There is no need to recurse, and doing so will put pressure on the stack, the heap, and (because this is an async function) the event loop.

Switch the recursion to iteration.

aws#30209 (comment)

- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable)

Closes aws#29701

### Reason for this change

Calling `overrideLogicalId` on a `Construct` with an invalid logical ID ([docs](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/resources-section-structure.html#resources-section-structure-logicalid)) would not throw an error at synthesis time. CloudFormation would 

### Description of changes

* Validate `overrideLogicalId` (must not be empty, must not be over 255 characters, must match `/^[A-Za-z0-9]+$/`
* Document exceptions with `@error` JSDoc tags

### Description of how you validated changes

I've added unit tests, integration tests should not be necessary

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable)

Closes aws#30041 .

### Reason for this change
As described in the issue.



### Description of changes
To allow VDM settings at the configuration set level, `vdmOptions` property has been added to the `ConfigurationSet` Construct.

```ts
new ses.ConfigurationSet(this, 'ConfigurationSetWithVdmOptions', {
  vdmOptions: { // Add
    engagementMetrics: true,
    optimizedSharedDelivery: true,
  },
});
```



### Description of how you validated changes
I implemented unit tests and integration tests for the three cases.

1. Configuration set with both engagement metrics and optimized shared delivery enabled.
2. Configuration set with only engagement metrics enabled and optimized shared delivery not configured.
3. Configuration set with only optimized shared delivery enabled and engagement metrics not configured.

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ws#30579)

Add new MariaDB version for RDS.

[Amazon RDS for MariaDB supports minors 10.11.8, 10.6.18, 10.5.25, 10.4.34
](https://aws.amazon.com/about-aws/whats-new/2024/06/amazon-rds-mariadb-supports-new-minors/)

```sh
% aws rds describe-db-engine-versions --engine mariadb --query "DBEngineVersions[?EngineVersion=='10.11.8'||EngineVersion=='10.6.18'||EngineVersion=='10.5.25'||EngineVersion=='10.4.34'].[DBEngineVersionDescription,EngineVersion,DBParameterGroupFamily,MajorEngineVersion,Status]"

[
    [
        "MariaDB 10.4.34",
        "10.4.34",
        "mariadb10.4",
        "10.4",
        "available"
    ],
    [
        "MariaDB 10.5.25",
        "10.5.25",
        "mariadb10.5",
        "10.5",
        "available"
    ],
    [
        "MariaDB 10.6.18",
        "10.6.18",
        "mariadb10.6",
        "10.6",
        "available"
    ],
    [
        "MariaDB 10.11.8",
        "10.11.8",
        "mariadb10.11",
        "10.11",
        "available"
    ]
]
```

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws#30346)

…work loadbalancer

### Issue # (if applicable)

### Reason for this change

preserveClientIp was missing for GlobalAccelerator Endpoints when using a network loadbalancer.

### Description of changes

* add missing network load balancer endpoint prop.

### Description of how you validated changes

Added unit tests.

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)
### Issue # (if applicable)

Closes aws#30539.

### Reason for this change

AWS , see [announcement](https://aws.amazon.com/about-aws/whats-new/2024/06/amazon-api-gateway-integration-timeout-limit-29-seconds/) and [Amazon API Gateway quotas](https://docs.aws.amazon.com/apigateway/latest/developerguide/limits.html)

### Description of changes

* Updated exception of `apigateway` `Integration` to only check the `timeout` lower bound
* Added exception check of the `timeout` prop to `apigateway-v2` `WebSocketIntegration`, to match the `apigateway` v1 behavior
* Implemented the `timeout` property to `apigateway-v2` `HttpIntegration` and its sub-integrations (`HttpAlbIntegration`, `HttpLambdaIntegration`, etc.)
* Updated TSDoc

### Description of how you validated changes

Updated unit and integration tests

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
TheRealAmazonKendra and others added 12 commits June 21, 2024 00:25
…ction (aws#30580)

### Issue # (if applicable)

Per boto/botocore#2577 (comment) setting this to `regional` is still required and recommended for boto3.

Closes aws#30496


### Reason for this change



### Description of changes



### Description of how you validated changes

Added a new unit test and verified with debugger.

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

### Debugger

```json
{
  "version": "0.2.0",
  "configurations": [
    {
      "type": "node",
      "request": "launch",
      "name": "Jest",
      "program": "${workspaceFolder}/node_modules/jest/bin/jest.js",
      "cwd": "${workspaceFolder}/packages/aws-cdk-lib",
      "args": [
        "--verbose",
        "-i",
        "--no-cache",
        "test/kubectl-provider.test.ts",
      ],
      "console": "integratedTerminal",
      "internalConsoleOptions": "neverOpen",
      "skipFiles": [
        "<node_internals>/**"
      ],
      "outFiles": [
        "${workspaceFolder}/**/*.(m|c|)js",
        "!**/node_modules/**"
      ],
    }
  ]
}
```
----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…s#30564)

Add new Lambda dotnet8 compute images for both aarch64 and x86_64 architectures:
- aws/codebuild/amazonlinux-aarch64-lambda-standard:dotnet8
- aws/codebuild/amazonlinux-x86_64-lambda-standard:dotnet8

**References**
- https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-available.html#lambda-compute-images
- aws#28630
- aws/aws-codebuild-docker-images#719

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…JobRun (aws#30534)

### Issue # (if applicable)

Closes aws#30533 

### Reason for this change
To support `FLEX` execution class for `GlusStartJobRun`.
By using `FLEX` class, you can reduce the cost of running Glue job.



### Description of changes
Add `execution class` to the `GlusStartJobRun` class.


### Description of how you validated changes
Add unit tests and integ tests.


### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Reason for this change

missing property

### Description of changes

https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_codebuild.CfnProjectProps.html#visibility

### Description of how you validated changes

done test and integ-test

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable)

N/A

### Reason for this change
The `defaulrRedirectUri` property missing in the current `UserPoolClient` class,

The DefaultRedirectURI setting is essential when using Amazon Cognito Hosted UI because it specifies the primary destination where users will be redirected after successful authentication, ensuring a seamless and secure OAuth 2.0 or OpenID Connect flow.


### Description of changes
Add missing property.


### Description of how you validated changes
Add unit tests and integ tests.


### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ws#30358)

### Issue # (if applicable)

Closes aws#30353 .

### Reason for this change
At the moment, L2 Construct does not support a custom auto scaling configuration for the AppRunner Service.


### Description of changes
* Add `AutoScalingConfiguration` Class
* Add `autoScalingConfiguration` property to the `Service` Class



### Description of how you validated changes
Add unit tests and integ tests.


### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
… from instanceType (aws#30558)

### Issue # (if applicable)
n/a

### Reason for this change

When configuring NAT instance v2, currently we have to set machineImage manually when we want to use a graviton instance.

Like this:

```ts
const vpc = new Vpc(this, 'Vpc', {
  natGatewayProvider: NatProvider.instanceV2({
    instanceType: InstanceType.of(InstanceClass.T4G, InstanceSize.NANO),
    // we should be able to omit this line!
    machineImage: MachineImage.latestAmazonLinux2023({ cpuType: AmazonLinuxCpuType.ARM_64 }),
  }),
});
```

This can be easily avoided if Nat instance v2 construct decides which cpu type to use for the given instance type.

### Description of changes

Use `instanceType.architecture` to choose cpu type of a machine image.

Now we can remove the redundant code:

```ts
const vpc = new Vpc(this, 'Vpc', {
  natGatewayProvider: NatProvider.instanceV2({
    instanceType: InstanceType.of(InstanceClass.T4G, InstanceSize.NANO),
  }),
});
```

### Description of how you validated changes

Added an integ test.
### Checklist
- [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…pes (aws#30495)

### Issue # (if applicable)

Closes aws#29385.

### Reason for this change
To use Step Functions state machine enrichment for eventbrige pipes

### Description of changes
Add `StepFunctionsEnrichment` class.

### Description of how you validated changes
Add unit test and integ tests.

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@mergify mergify bot dismissed GavinZZ’s stale review June 21, 2024 05:29

Pull request has been modified.

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
  • Commit ID: 1b43806
  • Result: FAILED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@paulhcsun
Copy link
Contributor

Closing this as a duplicate of #30610

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
beginning-contributor [Pilot] contributed between 0-2 PRs to the CDK bug This issue is a bug. effort/medium Medium work item – several days of effort p1 pr/reviewer-clarification-requested The contributor has requested clarification on feedback, a failing build, or a failing PR Linter run pr-linter/exemption-requested The contributor has requested an exemption to the PR Linter feedback.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

@aws-cdk/aws-s3: Unable to delete the existing S3 event notifications