chore(release): 2.198.0 #34533
Merged
chore(release): 2.198.0 #34533
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This PR updates the enum values for cloudfront. --------- Co-authored-by: aws-cdk-automation <aws-cdk-automation@users.noreply.github.com> Co-authored-by: Matyas Boros <matboros@amazon.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
### Issue #29811 ### Reason for this change Restricts the SES to come through the SourceAccount in question. This will change does not affect bucket policy and ses rule action race condition, reported in #30143 and introduced in #29833 and reverted in #30375. That PR introduced the rule set name into the bucket policy, which added a dependency to the policy to the rule set(while the rule set requires that the policy is created first). Doing this change made a circular dependency between the two resources. ### Description of changes Simply use SourceAccount instead of Referer. ### Describe any new or updated permissions being added n/a ### Description of how you validated changes n/a ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Reason for this change
MariaDB 10.4 and minor versions have been removed from available MaraiDB engine versions.
### Description of changes
Deprecate MariaDB engine versions: 10.4 and 10.4.x
### Describe any new or updated permissions being added
N/A
### Description of how you validated changes
``` console
$ aws --region us-east-1 rds describe-db-engine-versions --engine mariadb --query 'DBEngineVersions[].EngineVersion'
[
"10.5.20",
"10.5.21",
"10.5.22",
"10.5.23",
"10.5.24",
"10.5.25",
"10.5.26",
"10.5.27",
"10.5.28",
"10.5.29",
"10.6.13",
"10.6.14",
"10.6.15",
"10.6.16",
"10.6.17",
"10.6.18",
"10.6.19",
"10.6.20",
"10.6.21",
"10.6.22",
"10.11.4",
"10.11.5",
"10.11.6",
"10.11.7",
"10.11.8",
"10.11.9",
"10.11.10",
"10.11.11",
"11.4.3",
"11.4.4",
"11.4.5"
]
```
### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)
----
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…e target port (#34515) ### Issue # (if applicable) None ### Reason for this change clarify that redirectHTTP uses listenerPort as the target port and not always 443. ### Description of changes Updated the js doc to reflect the current behavior ### Describe any new or updated permissions being added None ### Description of how you validated changes No validation needed ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) None ### Reason for this change https://aws.amazon.com/about-aws/whats-new/2025/04/amazon-ec2-i7i-high-performance-storage-optimized-instances/ ### Description of changes EC2 add i7i instance class ### Description of how you validated changes ```console $ aws ec2 describe-instance-types | grep -e i7i "InstanceType": "i7ie.18xlarge", "InstanceType": "i7ie.24xlarge", "InstanceType": "i7i.12xlarge", "InstanceType": "i7i.2xlarge", ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ol type Route53 health check (#34272) ### Issue # (if applicable) Closes #34262 ### Reason for this change Unnecessary properties are set for Route53 health checks for Recovery Control type. ### Description of changes If HealthCheck type is Recovery Control, return `undefined` as default value for three properties (`FailureThreshold`, `RequestInterval`, and `MeasureLatency`). ### Describe any new or updated permissions being added N/A ### Description of how you validated changes Used `Match.absent()` to validate that the above three properties are not explicitly specified in existing unit tests. And added test cases to the integration tests ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This PR updates the enum values for apprunner-alpha.
### Issue # (if applicable) Closes #33882 . ### Reason for this change To support compute role for SSR app. ### Description of changes * Add `computeRole` property. * Changed to automatically create compute role when SSR App is created. ### Describe any new or updated permissions being added N/A ### Description of how you validated changes Add unit tests and an integ test. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) BREAKING CHANGE: A compute role is created when `platform` is `Platform.WEB_COMPUTE` or `Platform.WEB_DYNAMIC`. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…er in ApplicationLoadBalancedFargateService (#34510) ### Issue # (if applicable) Closes #34235 ### Reason for this change Fixes an issue with Cloudformation throwing `A listener already exists on this port for this load balancer` during deployments when switching from `redirectHTTP: false` to `redirectHTTP: true` on the `ApplicationLoadBalancedFargateService` construct. ### Description of changes There are 3 cases to handle: - For the default listener created by the construct and described in the reproduction stack in this issue. The bug is that when using the default listener port [here](https://github.com/aws/aws-cdk/blob/2bdc07e45f836a710bc049d43a2462806af1c75d/packages/aws-cdk-lib/aws-ecs-patterns/lib/base/application-load-balanced-service-base.ts#L508), we don’t wait for it to update to 443 before adding the redirect listener from 80 -> 443, causing a race condition that sometimes tries to add 2 listeners on the same port (80). Fixed by adding an explicit dependency. - The second case would be a user having the port 80 listener added via `loadBalancer.addListener` or expliclity via the `props.listenerPort`. We let the CFN error pass through. ### Describe any new or updated permissions being added None ### Description of how you validated changes Added unit tests and updated integ tests. I'm still trying to deploy the integ tests to my account but the issue is that I need to first have a route53 domain. ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Ran npm-check-updates and yarn upgrade for the following dependencies: ``` @aws-cdk/asset-awscli-v1 ``` Checkout this branch and run integration tests locally to update snapshots. ``` (cd packages/@aws-cdk-testing/framework-integ && yarn integ --update-on-failed) ``` See https://www.npmjs.com/package/@aws-cdk/integ-runner for more integ runner options.
In large applications with a lot of constructs, `tree.json` can grow to exceed 512MB, which means it can't be serialized anymore. In this PR, introduce the concept of a "subtree reference". Once a construct tree grows to exceed a fixed number of nodes we write subtrees to individual other files, and put a reference to those files into the original tree. The number of nodes can be configured with the context value `@aws-cdk/core.TreeMetadata:maxNodes`, and defaults to 500,000 (that assumes an average size of 1kB per node, which is an overestimate for safety. If we find that this number is too high in practice we may still lower it in the future). Fixes #27261. For unupdated consumers, there is graceful degradation here: the parts of the tree they will be able to see are cut off at certain tree depths, but only very large applications would be affected by this. Tree data consumers can be updated gradually to deal with these references. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec` **L1 CloudFormation resource definition changes:** ``` ├[~] service aws-applicationautoscaling │ └ resources │ └[~] resource AWS::ApplicationAutoScaling::ScalingPolicy │ └ types │ ├[~] type PredictiveScalingPredefinedLoadMetric │ │ └ - documentation: Describes a load metric for a predictive scaling policy. │ │ When returned in the output of `DescribePolicies` , it indicates that a predictive scaling policy uses individually specified load and scaling metrics instead of a metric pair. │ │ + documentation: Describes a load metric for a predictive scaling policy. │ │ When returned in the output of `DescribePolicies` , it indicates that a predictive scaling policy uses individually specified load and scaling metrics instead of a metric pair. │ │ The following predefined metrics are available for predictive scaling: │ │ - `ECSServiceAverageCPUUtilization` │ │ - `ECSServiceAverageMemoryUtilization` │ │ - `ECSServiceCPUUtilization` │ │ - `ECSServiceMemoryUtilization` │ │ - `ECSServiceTotalCPUUtilization` │ │ - `ECSServiceTotalMemoryUtilization` │ │ - `ALBRequestCount` │ │ - `ALBRequestCountPerTarget` │ │ - `TotalALBRequestCount` │ ├[~] type PredictiveScalingPredefinedMetricPair │ │ └ - documentation: Represents a metric pair for a predictive scaling policy. │ │ + documentation: Represents a metric pair for a predictive scaling policy. │ │ The following predefined metrics are available for predictive scaling: │ │ - `ECSServiceAverageCPUUtilization` │ │ - `ECSServiceAverageMemoryUtilization` │ │ - `ECSServiceCPUUtilization` │ │ - `ECSServiceMemoryUtilization` │ │ - `ECSServiceTotalCPUUtilization` │ │ - `ECSServiceTotalMemoryUtilization` │ │ - `ALBRequestCount` │ │ - `ALBRequestCountPerTarget` │ │ - `TotalALBRequestCount` │ └[~] type PredictiveScalingPredefinedScalingMetric │ └ - documentation: Describes a scaling metric for a predictive scaling policy. │ When returned in the output of `DescribePolicies` , it indicates that a predictive scaling policy uses individually specified load and scaling metrics instead of a metric pair. │ + documentation: Describes a scaling metric for a predictive scaling policy. │ When returned in the output of `DescribePolicies` , it indicates that a predictive scaling policy uses individually specified load and scaling metrics instead of a metric pair. │ The following predefined metrics are available for predictive scaling: │ - `ECSServiceAverageCPUUtilization` │ - `ECSServiceAverageMemoryUtilization` │ - `ECSServiceCPUUtilization` │ - `ECSServiceMemoryUtilization` │ - `ECSServiceTotalCPUUtilization` │ - `ECSServiceTotalMemoryUtilization` │ - `ALBRequestCount` │ - `ALBRequestCountPerTarget` │ - `TotalALBRequestCount` ├[~] service aws-appsync │ └ resources │ └[~] resource AWS::AppSync::ChannelNamespace │ ├ properties │ │ └ HandlerConfigs: (documentation changed) │ └ types │ ├[~] type HandlerConfig │ │ ├ - documentation: undefined │ │ │ + documentation: The `HandlerConfig` property type specifies the configuration for the handler. │ │ └ properties │ │ ├ Behavior: (documentation changed) │ │ └ Integration: (documentation changed) │ ├[~] type HandlerConfigs │ │ ├ - documentation: undefined │ │ │ + documentation: The `HandlerConfigs` property type specifies the configuration for the `OnPublish` and `OnSubscribe` handlers. │ │ └ properties │ │ ├ OnPublish: (documentation changed) │ │ └ OnSubscribe: (documentation changed) │ ├[~] type Integration │ │ ├ - documentation: undefined │ │ │ + documentation: The `Integration` property type specifies the integration data source configuration for the handler. │ │ └ properties │ │ ├ DataSourceName: (documentation changed) │ │ └ LambdaConfig: (documentation changed) │ └[~] type LambdaConfig │ ├ - documentation: undefined │ │ + documentation: The `LambdaConfig` property type specifies the integration configuration for a Lambda data source. │ └ properties │ └ InvokeType: (documentation changed) ├[~] service aws-autoscaling │ └ resources │ └[~] resource AWS::AutoScaling::AutoScalingGroup │ └ attributes │ └ AutoScalingGroupARN: (documentation changed) ├[~] service aws-codepipeline │ └ resources │ └[~] resource AWS::CodePipeline::Pipeline │ └ types │ └[~] type EnvironmentVariable │ └ properties │ └ Type: (documentation changed) ├[~] service aws-datasync │ └ resources │ ├[~] resource AWS::DataSync::LocationAzureBlob │ │ ├ properties │ │ │ ├ AgentArns: - Array<string> (required) │ │ │ │ + Array<string> │ │ │ ├[+] CmkSecretConfig: CmkSecretConfig │ │ │ └[+] CustomSecretConfig: CustomSecretConfig │ │ ├ attributes │ │ │ ├[+] CmkSecretConfig.SecretArn: string │ │ │ └[+] ManagedSecretConfig: ManagedSecretConfig │ │ └ types │ │ ├[+] type CmkSecretConfig │ │ │ ├ documentation: Specifies configuration information for a DataSync-managed secret, such as an authentication token or set of credentials that DataSync uses to access a specific transfer location, and a customer-managed AWS KMS key. │ │ │ │ name: CmkSecretConfig │ │ │ └ properties │ │ │ ├ SecretArn: string │ │ │ └ KmsKeyArn: string │ │ ├[+] type CustomSecretConfig │ │ │ ├ documentation: Specifies configuration information for a customer-managed secret, such as an authentication token or set of credentials that DataSync uses to access a specific transfer location, and an IAM role that DataSync can assume and access the customer-managed secret. │ │ │ │ name: CustomSecretConfig │ │ │ └ properties │ │ │ ├ SecretArn: string (required) │ │ │ └ SecretAccessRoleArn: string (required) │ │ └[+] type ManagedSecretConfig │ │ ├ documentation: Specifies configuration information for a DataSync-managed secret, such as an authentication token or set of credentials that DataSync uses to access a specific transfer location. DataSync uses the default AWS-managed KMS key to encrypt this secret in AWS Secrets Manager. │ │ │ name: ManagedSecretConfig │ │ └ properties │ │ └ SecretArn: string (required) │ ├[~] resource AWS::DataSync::LocationObjectStorage │ │ ├ properties │ │ │ ├ AgentArns: - Array<string> (required) │ │ │ │ + Array<string> │ │ │ ├[+] CmkSecretConfig: CmkSecretConfig │ │ │ └[+] CustomSecretConfig: CustomSecretConfig │ │ ├ attributes │ │ │ ├[+] CmkSecretConfig.SecretArn: string │ │ │ └[+] ManagedSecretConfig: ManagedSecretConfig │ │ └ types │ │ ├[+] type CmkSecretConfig │ │ │ ├ documentation: Specifies configuration information for a DataSync-managed secret, such as an authentication token or set of credentials that DataSync uses to access a specific transfer location, and a customer-managed AWS KMS key. │ │ │ │ name: CmkSecretConfig │ │ │ └ properties │ │ │ ├ SecretArn: string │ │ │ └ KmsKeyArn: string │ │ ├[+] type CustomSecretConfig │ │ │ ├ documentation: Specifies configuration information for a customer-managed secret, such as an authentication token or set of credentials that DataSync uses to access a specific transfer location, and an IAM role that DataSync can assume and access the customer-managed secret. │ │ │ │ name: CustomSecretConfig │ │ │ └ properties │ │ │ ├ SecretArn: string (required) │ │ │ └ SecretAccessRoleArn: string (required) │ │ └[+] type ManagedSecretConfig │ │ ├ documentation: Specifies configuration information for a DataSync-managed secret, such as an authentication token or set of credentials that DataSync uses to access a specific transfer location. DataSync uses the default AWS-managed KMS key to encrypt this secret in AWS Secrets Manager. │ │ │ name: ManagedSecretConfig │ │ └ properties │ │ └ SecretArn: string (required) │ └[-] resource AWS::DataSync::StorageSystem │ ├ name: StorageSystem │ │ cloudFormationType: AWS::DataSync::StorageSystem │ │ documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-datasync-storagesystem.html │ │ tagInformation: {"tagPropertyName":"Tags","variant":"standard"} │ ├ properties │ │ ├ ServerCredentials: ServerCredentials │ │ ├ ServerConfiguration: ServerConfiguration (required) │ │ ├ CloudWatchLogGroupArn: string │ │ ├ SystemType: string (required) │ │ ├ AgentArns: Array<string> (required) │ │ ├ Tags: Array<tag> │ │ └ Name: string │ ├ attributes │ │ ├ ConnectivityStatus: string │ │ ├ StorageSystemArn: string │ │ ├ SecretsManagerArn: string │ │ └ Id: string │ └ types │ ├ type ServerConfiguration │ │ ├ name: ServerConfiguration │ │ └ properties │ │ ├ ServerHostname: string (required) │ │ └ ServerPort: integer │ └ type ServerCredentials │ ├ name: ServerCredentials │ └ properties │ ├ Username: string (required) │ └ Password: string (required) ├[~] service aws-deadline │ └ resources │ └[~] resource AWS::Deadline::Fleet │ └ types │ └[~] type CustomerManagedFleetConfiguration │ └ properties │ └[+] TagPropagationMode: string ├[~] service aws-ec2 │ └ resources │ ├[~] resource AWS::EC2::Host │ │ └ properties │ │ └ Tags: (documentation changed) │ └[~] resource AWS::EC2::Instance │ ├ properties │ │ └[+] MetadataOptions: MetadataOptions │ └ types │ └[+] type MetadataOptions │ ├ name: MetadataOptions │ └ properties │ ├ HttpPutResponseHopLimit: integer (default=1) │ ├ HttpProtocolIpv6: string │ ├ HttpTokens: string │ ├ InstanceMetadataTags: string │ └ HttpEndpoint: string ├[~] service aws-ecs │ └ resources │ ├[~] resource AWS::ECS::Service │ │ └ types │ │ └[~] type LogConfiguration │ │ └ properties │ │ └ Options: (documentation changed) │ └[~] resource AWS::ECS::TaskDefinition │ └ types │ └[~] type LogConfiguration │ └ properties │ └ Options: (documentation changed) ├[~] service aws-elasticloadbalancingv2 │ └ resources │ ├[~] resource AWS::ElasticLoadBalancingV2::Listener │ │ └ properties │ │ └ ListenerAttributes: (documentation changed) │ ├[~] resource AWS::ElasticLoadBalancingV2::ListenerRule │ │ └ types │ │ └[~] type HostHeaderConfig │ │ └ properties │ │ └ Values: (documentation changed) │ ├[~] resource AWS::ElasticLoadBalancingV2::LoadBalancer │ │ └ properties │ │ └ LoadBalancerAttributes: (documentation changed) │ └[~] resource AWS::ElasticLoadBalancingV2::TargetGroup │ └ properties │ └ TargetGroupAttributes: (documentation changed) ├[~] service aws-gamelift │ └ resources │ └[~] resource AWS::GameLift::Fleet │ ├ properties │ │ ├ DesiredEC2Instances: (documentation changed) │ │ ├ MaxSize: (documentation changed) │ │ └ MinSize: (documentation changed) │ └ attributes │ └ FleetArn: (documentation changed) ├[~] service aws-kendra │ └ resources │ └[~] resource AWS::Kendra::DataSource │ └ properties │ └ IndexId: - string (required) │ + string (required, immutable) ├[~] service aws-lex │ └ resources │ └[~] resource AWS::Lex::Bot │ └ types │ ├[~] type Slot │ │ └ properties │ │ └[+] SubSlotSetting: SubSlotSetting │ ├[+] type Specifications │ │ ├ name: Specifications │ │ └ properties │ │ ├ SlotTypeId: string (required) │ │ └ ValueElicitationSetting: SubSlotValueElicitationSetting (required) │ ├[+] type SubSlotSetting │ │ ├ name: SubSlotSetting │ │ └ properties │ │ ├ Expression: string │ │ └ SlotSpecifications: Map<string, Specifications> │ └[+] type SubSlotValueElicitationSetting │ ├ name: SubSlotValueElicitationSetting │ └ properties │ ├ PromptSpecification: PromptSpecification │ ├ DefaultValueSpecification: SlotDefaultValueSpecification │ ├ SampleUtterances: Array<SampleUtterance> │ └ WaitAndContinueSpecification: WaitAndContinueSpecification ├[~] service aws-mediapackagev2 │ └ resources │ ├[~] resource AWS::MediaPackageV2::Channel │ │ └ attributes │ │ └ CreatedAt: (documentation changed) │ ├[~] resource AWS::MediaPackageV2::ChannelGroup │ │ └ - documentation: Specifies the configuraiton for a MediaPackage V2 channel group. │ │ + documentation: Specifies the configuration for a MediaPackage V2 channel group. │ └[~] resource AWS::MediaPackageV2::OriginEndpoint │ ├ properties │ │ └ HlsManifests: (documentation changed) │ └ types │ ├[~] type DashManifestConfiguration │ │ └ - documentation: <p>Retrieve the DASH manifest configuration.</p> │ │ + documentation: The DASH manifest configuration associated with the origin endpoint. │ ├[~] type HlsManifestConfiguration │ │ └ - documentation: The HLS manfiest configuration associated with the origin endpoint. │ │ + documentation: The HLS manifest configuration associated with the origin endpoint. │ └[~] type LowLatencyHlsManifestConfiguration │ └ properties │ └ ManifestName: (documentation changed) ├[~] service aws-omics │ └ resources │ └[~] resource AWS::Omics::WorkflowVersion │ ├ - documentation: Definition of AWS::Omics::WorkflowVersion Resource Type. │ │ + documentation: Creates a new workflow version for the workflow that you specify with the `workflowId` parameter. │ │ When you create a new version of a workflow, you need to specify the configuration for the new version. It doesn't inherit any configuration values from the workflow. │ │ Provide a version name that is unique for this workflow. You cannot change the name after HealthOmics creates the version. │ │ > Don’t include any personally identifiable information (PII) in the version name. Version names appear in the workflow version ARN. │ │ For more information, see [Workflow versioning in AWS HealthOmics](https://docs.aws.amazon.com/omics/latest/dev/workflow-versions.html) in the AWS HealthOmics User Guide. │ ├ properties │ │ ├ Description: (documentation changed) │ │ ├ VersionName: (documentation changed) │ │ └ WorkflowId: (documentation changed) │ ├ attributes │ │ ├ Arn: (documentation changed) │ │ ├ CreationTime: (documentation changed) │ │ ├ Status: (documentation changed) │ │ └ Type: (documentation changed) │ └ types │ └[~] type WorkflowParameter │ ├ - documentation: undefined │ │ + documentation: A workflow parameter. │ └ properties │ ├ Description: (documentation changed) │ └ Optional: (documentation changed) ├[~] service aws-pcs │ └ resources │ └[~] resource AWS::PCS::Cluster │ └ types │ ├[+] type Accounting │ │ ├ documentation: The accounting configuration includes configurable settings for Slurm accounting. │ │ │ name: Accounting │ │ └ properties │ │ ├ DefaultPurgeTimeInDays: integer (default=-1) │ │ └ Mode: string (required, default="NONE") │ └[~] type SlurmConfiguration │ └ properties │ └[+] Accounting: Accounting ├[~] service aws-rds │ └ resources │ └[~] resource AWS::RDS::DBInstance │ └ attributes │ └[-] DatabaseInsightsMode: string ├[~] service aws-rolesanywhere │ └ resources │ └[~] resource AWS::RolesAnywhere::TrustAnchor │ └ types │ └[~] type Source │ └ properties │ ├ SourceData: - SourceData │ │ + SourceData (required) │ └ SourceType: - string │ + string (required) ├[~] service aws-sagemaker │ └ resources │ ├[~] resource AWS::SageMaker::App │ │ └ attributes │ │ └ BuiltInLifecycleConfigArn: (documentation changed) │ ├[~] resource AWS::SageMaker::Domain │ │ └ types │ │ ├[~] type CodeEditorAppSettings │ │ │ └ properties │ │ │ └ BuiltInLifecycleConfigArn: (documentation changed) │ │ ├[~] type HiddenSageMakerImage │ │ │ ├ - documentation: undefined │ │ │ │ + documentation: The SageMaker images that are hidden from the Studio user interface. You must specify the SageMaker image name and version aliases. │ │ │ └ properties │ │ │ └ VersionAliases: (documentation changed) │ │ ├[~] type JupyterLabAppSettings │ │ │ └ properties │ │ │ └ BuiltInLifecycleConfigArn: (documentation changed) │ │ └[~] type UserSettings │ │ └ properties │ │ └ AutoMountHomeEFS: (documentation changed) │ └[~] resource AWS::SageMaker::UserProfile │ └ types │ ├[~] type CodeEditorAppSettings │ │ └ properties │ │ └ BuiltInLifecycleConfigArn: (documentation changed) │ ├[~] type HiddenSageMakerImage │ │ ├ - documentation: undefined │ │ │ + documentation: The SageMaker images that are hidden from the Studio user interface. You must specify the SageMaker image name and version aliases. │ │ └ properties │ │ └ VersionAliases: (documentation changed) │ ├[~] type JupyterLabAppSettings │ │ └ properties │ │ └ BuiltInLifecycleConfigArn: (documentation changed) │ └[~] type UserSettings │ └ properties │ └ AutoMountHomeEFS: (documentation changed) ├[~] service aws-ses │ └ resources │ └[~] resource AWS::SES::MailManagerRuleSet │ └ types │ ├[~] type RuleAction │ │ └ properties │ │ └[+] PublishToSns: SnsAction │ └[+] type SnsAction │ ├ name: SnsAction │ └ properties │ ├ ActionFailurePolicy: string │ ├ TopicArn: string (required) │ ├ RoleArn: string (required) │ ├ Encoding: string │ └ PayloadType: string ├[~] service aws-ssmquicksetup │ └ resources │ └[~] resource AWS::SSMQuickSetup::ConfigurationManager │ └ types │ └[~] type ConfigurationDefinition │ └ properties │ ├ LocalDeploymentAdministrationRoleArn: (documentation changed) │ └ LocalDeploymentExecutionRoleName: (documentation changed) ├[~] service aws-synthetics │ └ resources │ └[~] resource AWS::Synthetics::Canary │ ├ properties │ │ └[+] DryRunAndUpdate: boolean │ └ types │ ├[+] type RetryConfig │ │ ├ name: RetryConfig │ │ └ properties │ │ └ MaxRetries: integer (required) │ └[~] type Schedule │ └ properties │ └[+] RetryConfig: RetryConfig ├[~] service aws-wafv2 │ └ resources │ ├[~] resource AWS::WAFv2::RuleGroup │ │ └ types │ │ └[~] type Headers │ │ └ properties │ │ └ OversizeHandling: (documentation changed) │ └[~] resource AWS::WAFv2::WebACL │ └ types │ └[~] type Headers │ └ properties │ └ OversizeHandling: (documentation changed) └[~] service aws-workspaces └ resources └[~] resource AWS::WorkSpaces::WorkspacesPool └ properties └ RunningMode: (documentation changed) ```
### Issue # (if applicable) ### Reason for this change There is no VPC endpoint for [AWS DynamoDB Streams endpoint](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/privatelink-streams.html) so I'm adding it. $ aws ec2 describe-vpc-endpoint-services --filters "Name=service-name,Values=*dynamodb-streams" --region us-east-1 --query "ServiceNames[]" [ "com.amazonaws.us-east-1.dynamodb-streams" ] ### Description of changes ### Describe any new or updated permissions being added ### Description of how you validated changes ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws-cdk-automation
added
auto-approve
pr/no-squash
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
Collaborator
Author
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
aws-cdk-automation
added
the
pr/needs-community-review
Contributor
|
Thank you for contributing! Your pull request will be automatically updated and merged without squashing (do not update manually, and be sure to allow changes to be pushed to your fork). |
Contributor
|
Comments on closed issues and PRs are hard for our team to see. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
10 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See CHANGELOG