chore(release): 2.205.0 #34978
Closed
chore(release): 2.205.0 #34978
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…#34849) ### Issue # (if applicable) Closes #34848 . ### Reason for this change Implement a lookup function for RDS DatabaseCluster similar to the existing DatabaseInstance.fromLookup functionality. #33258 This allows users to fetch an Aurora RDS cluster reference by identifier rather than having to manually provide all connection details. ### Description of changes Add `fromLookup` method to `DatabaseCluster`. ### Describe any new or updated permissions being added N/A ### Description of how you validated changes Add unit tests and an integ test. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…34899) This is an integ test that would have caught the priority reversal problem introduced in #32333. This integration test tests the case of a customer setting a permissions boundary using a custom aspect, then trying to override at a more specific level using the PermissionsBoundary.of() API. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) None ### Reason for this change https://aws.amazon.com/about-aws/whats-new/2025/06/amazon-ec2-c8gn-instance/ ### Description of changes EC2 add c8gn instance class ### Describe any new or updated permissions being added ### Description of how you validated changes ```console $ aws ec2 describe-instance-types | grep -e c8gn "InstanceType": "c8gn.4xlarge", "InstanceType": "c8gn.16xlarge", "InstanceType": "c8gn.8xlarge", "InstanceType": "c8gn.12xlarge", "InstanceType": "c8gn.xlarge", "InstanceType": "c8gn.48xlarge", "InstanceType": "c8gn.2xlarge", "InstanceType": "c8gn.metal-24xl", "InstanceType": "c8gn.large", "InstanceType": "c8gn.medium", "InstanceType": "c8gn.24xlarge", "InstanceType": "c8gn.metal-48xl", ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…34547) ### Issue # (if applicable) Closes #34482 ### Reason for this change CloudWatch [recently added support for using multiple query languages to query logs](https://aws.amazon.com/blogs/aws/new-amazon-cloudwatch-and-amazon-opensearch-service-launch-an-integrated-analytics-experience/). Currently, CDK is missing the functionality to specify a query language when creating a Log Query Widget inside a CloudWatch Dashboard. ### Description of changes Applied [suggested implementation](#34482 (comment)) by @ykethan and added tests. ### Describe any new or updated permissions being added N/A ### Description of how you validated changes Added unit test and updated integ test. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…4914) ### Reason for this change There is no scope parameter in copyDirectory This was an artifact from #34810 when the feature flag was initially introduced. The feature flag was removed, but this documentation should've been removed as well. ### Description of changes Remove doc on non-existing parameter scope of copyDirectory ### Describe any new or updated permissions being added No new permissions. ### Description of how you validated changes N/A ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…s on canary runs (#34541) ### Issue # (if applicable) Closes #34511. ### Reason for this change Adds support for configuring automatic retries of Canary runs. ### Description of changes This adds a `maxRetries` property on the top-level of the CanaryProps interface. It uses this to configure the `retryConfig` structure on the `schedule` structure. This works similarly to how the `timeToLive` property configures the `durationInSeconds` field on the `schedule` structure. ### Describe any new or updated permissions being added N/A ### Description of how you validated changes I have updated the unit and integ tests, and have deployed manually, and verified the changes in the AWS console. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Issue # (if applicable) Closes #34896 ### Reason for this change Add missing Aurora Postgres Engine Version v17.5 ### Description of changes Added the new Engine Version ### Describe any new or updated permissions being added NA ### Description of how you validated changes NA ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) N/A ### Reason for this change Re-rolling changes again after previous re-roll was overwritten by a patch release. For the Feature Flag CLI tool feature. ### Description of changes Populated a Feature Flag report that had individual Feature Flag objects with the recommended value, user value, and description. Stored the report into the Cloud Assembly. ### Describe any new or updated permissions being added N/A ### Description of how you validated changes Added unit tests. ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…#34807) ### Issue # (if applicable) N/A ### Reason for this change Miss leading lower bound description ### Description of changes Lower bound is greater than or equal this value. ### Describe any new or updated permissions being added N/A ### Description of how you validated changes N/A ### Checklist N/A ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This PR updates the CDK enum mapping file.
### Issue # (if applicable) Closes #34692 ### Reason for this change ### Description of changes - Modify `integ.elastic-beanstalk-hostedzoneid` to use standalone `@aws-cdk/region-info`. We still have `integ.elastic-beanstalk-environment-target` using monolithic one - Remove duplicate exports https://github.com/aws/aws-cdk/blob/1ae14635cbbc8ba0f2dab8cbeb72c4af0fddce7a/packages/aws-cdk-lib/package.json#L507-L511 ### Describe any new or updated permissions being added ### Description of how you validated changes Reproducing: 1. Change integ to use standalone `@aws-cdk/region-info` 2. Build integ 3. Remove export in `packages/aws-cdk-lib/package.json` 4. Build aws-cdk-lib 5. Run integ > error ```console $ yarn integ test/aws-route53-targets/test/integ.elastic-beanstalk-hostedzoneid.js yarn run v1.22.22 $ integ-runner --language javascript test/aws-route53-targets/test/integ.elastic-beanstalk-hostedzoneid.js Verifying integration test snapshots... node:internal/modules/cjs/loader:641 throw e; ^ Error [ERR_PACKAGE_PATH_NOT_EXPORTED]: Package subpath './core/lib/errors' is not defined by "exports" in /workspaces/aws-cdk/node_modules/aws-cdk-lib/package.json at exportsNotFound (node:internal/modules/esm/resolve:322:10) at packageExportsResolve (node:internal/modules/esm/resolve:670:9) at resolveExports (node:internal/modules/cjs/loader:634:36) at Module._findPath (node:internal/modules/cjs/loader:724:31) at Module._resolveFilename (node:internal/modules/cjs/loader:1211:27) at Module._load (node:internal/modules/cjs/loader:1051:27) at Module.require (node:internal/modules/cjs/loader:1311:19) at require (node:internal/modules/helpers:179:18) at Object.<anonymous> (/workspaces/aws-cdk/packages/@aws-cdk/region-info/lib/fact.js:8:18) at Module._compile (node:internal/modules/cjs/loader:1469:14) { code: 'ERR_PACKAGE_PATH_NOT_EXPORTED' } Node.js v20.18.3 ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…#34926) ### Issue # (if applicable) N/A ### Reason for this change Update issue-label-assign.yml to add aws-applicationsignals-alpha, aws-s3tables-alpha, aws-pipes-enrichments-alpha, aws-pipes-sources-alpha, and aws-pipes-targets-alpha. ### Description of changes Update issue-label-assign.yml to add aws-applicationsignals-alpha, aws-s3tables-alpha, aws-pipes-enrichments-alpha, aws-pipes-sources-alpha, and aws-pipes-targets-alpha. ### Describe any new or updated permissions being added ### Description of how you validated changes ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) ### Reason for this change New Code samples are needed for SaaS APIs. ### Description of changes Updated README with code samples for SaaS APIs. ### Describe any new or updated permissions being added None ### Description of how you validated changes README change only, but code samples were tested by deploying in an AWS dev account. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ionStage (#34722) ### Issue # (if applicable) Closes #34521 ### Reason for this change I think it makes sense as we already have `secretsmanager:PutSecretValue, secretsmanager:UpdateSecret` ### Description of changes grantWrite add `secretsmanager:UpdateSecretVersionStage` ### Describe any new or updated permissions being added grantWrite add `secretsmanager:UpdateSecretVersionStage` ### Description of how you validated changes Unit test ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…nstead of deprecated S3Origin (#34525) ### Issue # (if applicable) Closes #34469. ### Reason for this change The [Distribution](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cloudfront.Distribution.html#example) documentation still uses the deprecate [origins.S3Origin](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cloudfront_origins.S3Origin.html) api. ### Description of changes Use [S3BucketOrigin.withOriginAccessControl(bucket, props?)](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cloudfront_origins.S3BucketOrigin.html#static-withwbroriginwbraccesswbrcontrolbucket-props) instead of [origins.S3Origin](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cloudfront_origins.S3Origin.html). ### Describe any new or updated permissions being added None ### Description of how you validated changes This is an example code in documentation. No tests are required. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
) ### Reason for this change Fixing codecov report uploads Previous attempts : #34845, #34814 ### Description of changes Checkout the github repo before doing an upload - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
) ### Reason for this change Stops pr-builds on aws/aws-cdk repository ### Description of changes Workflow disabled using an if condition in the workflow yaml - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This reverts commit d0c640a.
…ns are published separately (#34790) ### Issue Closes #31070 ### Reason for this change Assets are missing to be published in CDK pipelines when stacks with different synthesizers are used for the same account and region. When assets have identical content hashes but need to be published to different destinations (different publishing role ARNs), they were being incorrectly grouped together, causing assets to only be published to one destination instead of all required destinations. ### Description of changes • Modified publishAsset() method in packages/aws-cdk-lib/pipelines/lib/helpers-internal/pipeline-graph.ts • Changed asset tracking key from using only stackAsset.assetId to a composite key: `${stackAsset.assetId}:${stackAsset.assetPublishingRoleArn || 'default'}` • This ensures assets with the same content hash, but different destinations are treated as separate publishing jobs ### Describe any new or updated permissions being added NA ### Description of how you validated changes Checked with the code in #31070 and made sure there are 2 asset stages, locally ran the asset commands and verified that they are being deployed to right buckets: ``` muralikl@b0be83688a18 cdk.out % cdk-assets --path "assembly-pipeline-asset-stack-Staging/pipelineassetstackStagingdevlambdastackEC748226.assets.json" --verbose publish "a26bd817a0dac44954b5caf83f5880a96f831e43b56157224e073b49f236eb4e:current_account-us-east-1" verbose: Loaded manifest from assembly-pipeline-asset-stack-Staging/pipelineassetstackStagingdevlambdastackEC748226.assets.json: 2 assets found verbose: Applied selection: 1 assets selected. info : [0%] start: Publishing LambdaFN/Code (current_account-us-east-1) verbose: [0%] check: Check s3://cdk-dev-assets-123456789012-us-east-1/a26bd817a0dac44954b5caf83f5880a96f831e43b56157224e073b49f236eb4e.zip verbose: [0%] build: Zip /Users/muralikl/Downloads/aws-cdk/packages/@aws-cdk-testing/framework-integ/cdk.out/asset.a26bd817a0dac44954b5caf83f5880a96f831e43b56157224e073b49f236eb4e -> assembly-pipeline-asset-stack-Staging/.cache/a26bd817a0dac44954b5caf83f5880a96f831e43b56157224e073b49f236eb4e.zip verbose: [0%] upload: Upload s3://cdk-dev-assets-123456789012-us-east-1/a26bd817a0dac44954b5caf83f5880a96f831e43b56157224e073b49f236eb4e.zip info : [100%] success: Published LambdaFN/Code (current_account-us-east-1) muralikl@b0be83688a18 cdk.out % cdk-assets --path "assembly-pipeline-asset-stack-Production/pipelineassetstackProductionprdlambdastack4E5ABBC0.assets.json" --verbose publish "a26bd817a0dac44954b5caf83f5880a96f831e43b56157224e073b49f236eb4e:current_account-us-west-2" verbose: Loaded manifest from assembly-pipeline-asset-stack-Production/pipelineassetstackProductionprdlambdastack4E5ABBC0.assets.json: 2 assets found verbose: Applied selection: 1 assets selected. info : [0%] start: Publishing LambdaFN/Code (current_account-us-west-2) verbose: [0%] check: Check s3://cdk-hnb659fds-assets-123456789012-us-west-2/a26bd817a0dac44954b5caf83f5880a96f831e43b56157224e073b49f236eb4e.zip verbose: [0%] build: Zip /Users/muralikl/Downloads/aws-cdk/packages/@aws-cdk-testing/framework-integ/cdk.out/asset.a26bd817a0dac44954b5caf83f5880a96f831e43b56157224e073b49f236eb4e -> assembly-pipeline-asset-stack-Production/.cache/a26bd817a0dac44954b5caf83f5880a96f831e43b56157224e073b49f236eb4e.zip verbose: [0%] upload: Upload s3://cdk-hnb659fds-assets-123456789012-us-west-2/a26bd817a0dac44954b5caf83f5880a96f831e43b56157224e073b49f236eb4e.zip info : [100%] success: Published LambdaFN/Code (current_account-us-west-2) ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) None ### Reason for this change L1 construct has `arnForPolicy` attribute but L2 construct does not support this. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-apidestination.html#aws-resource-events-apidestination-return-values#aws-resource-events-apidestination-return-values-fn--getatt ### Description of changes - Add `apiDestinationArnForPolicy` to `ApiDestinationAttributes ` and attribute of `IApiDestination` ### Describe any new or updated permissions being added None ### Description of how you validated changes Add both unit and integ tests ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) Closes #23897. ### Reason for this change The documentation for `RemovalPolicy.DESTROY` incorrectly states that it is the default removal policy, when in fact `RETAIN` is the actual default for most resources in the AWS CDK. This creates confusion for users who expect different behavior based on the documentation, potentially leading to unexpected costs or resource retention issues. ### Description of changes Updated the JSDoc comment for `RemovalPolicy.DESTROY` in `removal-policy.ts` to remove the incorrect statement that it is the default removal policy. The comment now accurately describes that this policy will physically destroy resources when applied, without claiming it's the default behavior. **Changes made:** - Modified the JSDoc comment for `DESTROY` enum value to clarify it is not the default removal policy - Ensured consistency with other CDK documentation that correctly states `RETAIN` is the default **Alternatives considered:** - Could have updated all related documentation simultaneously, but this focused change addresses the core issue in the source code - Considered adding explicit mention of what the actual default is, but kept the change minimal to avoid over-documentation **Design decisions:** - Kept the change simple and focused on removing the incorrect information rather than adding extensive explanations - Maintained consistency with existing comment style and format ### Describe any new or updated permissions being added No new or updated IAM permissions are needed for this documentation change. ### Description of how you validated changes - Verified the comment change accurately reflects the actual CDK behavior - Confirmed the change aligns with existing CDK documentation that correctly states `RETAIN` is the default - Reviewed related code in bucket.ts and other resources to ensure consistency - Built and tested locally to ensure no compilation issues ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
… about to merge (#34946) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) Closes #34894. ### Reason for this change When createNewPoliciesWithAddToRolePolicy flag is false, addToRolePolicy() fails with CloudFormation intrinsic functions due to token resolution issues. More details in the issue itself. ### Description of changes This fix detects complex tokens and forces separate inline policies to prevent the error while maintaining backward compatibility. ### Describe any new or updated permissions being added No new permissions being added ### Description of how you validated changes Tested the new changes in the broken cdk app that was able to reproduce the issue (used reproduction steps from the original issue). The app can be synth now, and deployed. Verifying the lambda role manually in the console also showed that a single role is preserved but the role policies are now split in 2: one from the string literal and one from the token. Both are correctly resolved. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…34830) ### Issue # (if applicable) Closes #34811 Related: aws-cloudformation/cloudformation-coverage-roadmap#1101 ### Reason for this change Support for tag propagation to underlying resources (Lambda) for AWS Synthetics. ### Description of changes Add support for `ResourcesToReplicateTags` property (like [CF](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-resource-synthetics-canary.html)) ### Describe any new or updated permissions being added / ### Description of how you validated changes - Added unit test - Added integration test ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec`
**L1 CloudFormation resource definition changes:**
```
├[~] service aws-b2bi
│ └ resources
│ └[~] resource AWS::B2BI::Partnership
│ ├ properties
│ │ ├ Email: (documentation changed)
│ │ └ Phone: (documentation changed)
│ └ types
│ ├[~] type CapabilityOptions
│ │ └ properties
│ │ └ InboundEdi: (documentation changed)
│ ├[~] type InboundEdiOptions
│ │ ├ - documentation: undefined
│ │ │ + documentation: Contains options for processing inbound EDI files. These options allow for customizing how incoming EDI documents are processed.
│ │ └ properties
│ │ └ X12: (documentation changed)
│ ├[~] type X12InboundEdiOptions
│ │ ├ - documentation: undefined
│ │ │ + documentation: Contains options specific to processing inbound X12 EDI files.
│ │ └ properties
│ │ └ AcknowledgmentOptions: (documentation changed)
│ └[~] type X12OutboundEdiHeaders
│ └ properties
│ └ ControlNumbers: (documentation changed)
├[~] service aws-bedrock
│ └ resources
│ ├[~] resource AWS::Bedrock::DataSource
│ │ └ types
│ │ └[~] type S3DataSourceConfiguration
│ │ └ properties
│ │ └ InclusionPrefixes: (documentation changed)
│ └[~] resource AWS::Bedrock::Guardrail
│ └ types
│ ├[+] type ContentFiltersTierConfig
│ │ ├ documentation: Guardrail tier config for content policy
│ │ │ name: ContentFiltersTierConfig
│ │ └ properties
│ │ └ TierName: string (required)
│ ├[~] type ContentPolicyConfig
│ │ └ properties
│ │ └[+] ContentFiltersTierConfig: ContentFiltersTierConfig
│ ├[~] type TopicPolicyConfig
│ │ └ properties
│ │ └[+] TopicsTierConfig: TopicsTierConfig
│ └[+] type TopicsTierConfig
│ ├ documentation: Guardrail tier config for topic policy
│ │ name: TopicsTierConfig
│ └ properties
│ └ TierName: string (required)
├[+] service aws-billing
│ ├ capitalized: Billing
│ │ cloudFormationNamespace: AWS::Billing
│ │ name: aws-billing
│ │ shortName: billing
│ └ resources
│ └ resource AWS::Billing::BillingView
│ ├ name: BillingView
│ │ cloudFormationType: AWS::Billing::BillingView
│ │ documentation: A billing view is a container of cost & usage metadata.
│ │ tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│ ├ properties
│ │ ├ DataFilterExpression: DataFilterExpression
│ │ ├ Description: string (immutable)
│ │ ├ Name: string (required, immutable)
│ │ ├ Tags: Array<tag>
│ │ └ SourceViews: Array<string> (required, immutable)
│ ├ attributes
│ │ ├ Arn: string
│ │ ├ CreatedAt: number
│ │ ├ UpdatedAt: number
│ │ ├ OwnerAccountId: string
│ │ └ BillingViewType: string
│ └ types
│ ├ type DataFilterExpression
│ │ ├ name: DataFilterExpression
│ │ └ properties
│ │ ├ Dimensions: Dimensions
│ │ └ Tags: Tags
│ ├ type Dimensions
│ │ ├ name: Dimensions
│ │ └ properties
│ │ ├ Key: string
│ │ └ Values: Array<string>
│ └ type Tags
│ ├ name: Tags
│ └ properties
│ ├ Key: string
│ └ Values: Array<string>
├[~] service aws-cassandra
│ └ resources
│ └[~] resource AWS::Cassandra::Table
│ ├ properties
│ │ └[+] CdcSpecification: CdcSpecification
│ └ types
│ └[+] type CdcSpecification
│ ├ documentation: Represents the CDC configuration for the table
│ │ name: CdcSpecification
│ └ properties
│ ├ Status: string (required)
│ └ ViewType: string (default="NEW_AND_OLD_IMAGES")
├[~] service aws-cloudformation
│ └ resources
│ └[~] resource AWS::CloudFormation::StackSet
│ └ types
│ └[~] type OperationPreferences
│ └ properties
│ ├ FailureToleranceCount: (documentation changed)
│ └ FailureTolerancePercentage: (documentation changed)
├[~] service aws-cloudfront
│ └ resources
│ └[~] resource AWS::CloudFront::Distribution
│ └ types
│ ├[~] type CacheBehavior
│ │ └ properties
│ │ ├ DefaultTTL: (documentation changed)
│ │ ├ MaxTTL: (documentation changed)
│ │ ├ MinTTL: (documentation changed)
│ │ ├ SmoothStreaming: (documentation changed)
│ │ └ TrustedSigners: (documentation changed)
│ ├[~] type CustomOriginConfig
│ │ └ properties
│ │ ├ OriginKeepaliveTimeout: (documentation changed)
│ │ └ OriginReadTimeout: (documentation changed)
│ ├[~] type DefaultCacheBehavior
│ │ └ properties
│ │ ├ DefaultTTL: (documentation changed)
│ │ ├ MaxTTL: (documentation changed)
│ │ ├ MinTTL: (documentation changed)
│ │ ├ SmoothStreaming: (documentation changed)
│ │ └ TrustedSigners: (documentation changed)
│ ├[~] type DistributionConfig
│ │ └ properties
│ │ ├ Aliases: (documentation changed)
│ │ ├ AnycastIpListId: (documentation changed)
│ │ ├ ContinuousDeploymentPolicyId: (documentation changed)
│ │ ├ IPV6Enabled: (documentation changed)
│ │ ├ PriceClass: (documentation changed)
│ │ ├ Staging: (documentation changed)
│ │ └ TenantConfig: (documentation changed)
│ ├[~] type ForwardedValues
│ │ └ - documentation: This field is deprecated. We recommend that you use a cache policy or an origin request policy instead of this field.
│ │ If you want to include values in the cache key, use a cache policy. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) in the *Amazon CloudFront Developer Guide* .
│ │ If you want to send values to the origin but not include them in the cache key, use an origin request policy. For more information, see [Creating origin request policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html#origin-request-create-origin-request-policy) in the *Amazon CloudFront Developer Guide* .
│ │ A complex type that specifies how CloudFront handles query strings, cookies, and HTTP headers.
│ │ + documentation: > This field only supports standard distributions. You can't specify this field for multi-tenant distributions. For more information, see [Unsupported features for SaaS Manager for Amazon CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-config-options.html#unsupported-saas) in the *Amazon CloudFront Developer Guide* .
│ │ This field is deprecated. We recommend that you use a cache policy or an origin request policy instead of this field.
│ │ If you want to include values in the cache key, use a cache policy. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) in the *Amazon CloudFront Developer Guide* .
│ │ If you want to send values to the origin but not include them in the cache key, use an origin request policy. For more information, see [Creating origin request policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html#origin-request-create-origin-request-policy) in the *Amazon CloudFront Developer Guide* .
│ │ A complex type that specifies how CloudFront handles query strings, cookies, and HTTP headers.
│ ├[~] type TenantConfig
│ │ └ - documentation: The configuration for a distribution tenant.
│ │ + documentation: > This field only supports multi-tenant distributions. You can't specify this field for standard distributions. For more information, see [Unsupported features for SaaS Manager for Amazon CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-config-options.html#unsupported-saas) in the *Amazon CloudFront Developer Guide* .
│ │ The configuration for a distribution tenant.
│ ├[~] type ViewerCertificate
│ │ └ properties
│ │ └ IamCertificateId: (documentation changed)
│ └[~] type VpcOriginConfig
│ └ properties
│ ├ OriginKeepaliveTimeout: (documentation changed)
│ └ OriginReadTimeout: (documentation changed)
├[~] service aws-docdb
│ └ resources
│ └[~] resource AWS::DocDB::DBCluster
│ └ properties
│ ├[+] GlobalClusterIdentifier: string (immutable)
│ └[+] NetworkType: string
├[~] service aws-dynamodb
│ └ resources
│ ├[~] resource AWS::DynamoDB::GlobalTable
│ │ ├ - documentation: The `AWS::DynamoDB::GlobalTable` resource enables you to create and manage a Version 2019.11.21 global table. This resource cannot be used to create or manage a Version 2017.11.29 global table. For more information, see [Global tables](https://docs.aws.amazon.com//amazondynamodb/latest/developerguide/GlobalTables.html) .
│ │ │ > You cannot convert a resource of type `AWS::DynamoDB::Table` into a resource of type `AWS::DynamoDB::GlobalTable` by changing its type in your template. *Doing so might result in the deletion of your DynamoDB table.*
│ │ │ >
│ │ │ > You can instead use the GlobalTable resource to create a new table in a single Region. This will be billed the same as a single Region table. If you later update the stack to add other Regions then Global Tables pricing will apply.
│ │ │ You should be aware of the following behaviors when working with DynamoDB global tables.
│ │ │ - The IAM Principal executing the stack operation must have the permissions listed below in all regions where you plan to have a global table replica. The IAM Principal's permissions should not have restrictions based on IP source address. Some global tables operations (for example, adding a replica) are asynchronous, and require that the IAM Principal is valid until they complete. You should not delete the Principal (user or IAM role) until CloudFormation has finished updating your stack.
│ │ │ - `dynamodb:CreateTable`
│ │ │ - `dynamodb:UpdateTable`
│ │ │ - `dynamodb:DeleteTable`
│ │ │ - `dynamodb:DescribeContinuousBackups`
│ │ │ - `dynamodb:DescribeContributorInsights`
│ │ │ - `dynamodb:DescribeTable`
│ │ │ - `dynamodb:DescribeTableReplicaAutoScaling`
│ │ │ - `dynamodb:DescribeTimeToLive`
│ │ │ - `dynamodb:ListTables`
│ │ │ - `dynamodb:UpdateTimeToLive`
│ │ │ - `dynamodb:UpdateContributorInsights`
│ │ │ - `dynamodb:UpdateContinuousBackups`
│ │ │ - `dynamodb:ListTagsOfResource`
│ │ │ - `dynamodb:TagResource`
│ │ │ - `dynamodb:UntagResource`
│ │ │ - `dynamodb:BatchWriteItem`
│ │ │ - `dynamodb:CreateTableReplica`
│ │ │ - `dynamodb:DeleteItem`
│ │ │ - `dynamodb:DeleteTableReplica`
│ │ │ - `dynamodb:DisableKinesisStreamingDestination`
│ │ │ - `dynamodb:EnableKinesisStreamingDestination`
│ │ │ - `dynamodb:GetItem`
│ │ │ - `dynamodb:PutItem`
│ │ │ - `dynamodb:Query`
│ │ │ - `dynamodb:Scan`
│ │ │ - `dynamodb:UpdateItem`
│ │ │ - `dynamodb:DescribeTableReplicaAutoScaling`
│ │ │ - `dynamodb:UpdateTableReplicaAutoScaling`
│ │ │ - `iam:CreateServiceLinkedRole`
│ │ │ - `kms:CreateGrant`
│ │ │ - `kms:DescribeKey`
│ │ │ - `application-autoscaling:DeleteScalingPolicy`
│ │ │ - `application-autoscaling:DeleteScheduledAction`
│ │ │ - `application-autoscaling:DeregisterScalableTarget`
│ │ │ - `application-autoscaling:DescribeScalingPolicies`
│ │ │ - `application-autoscaling:DescribeScalableTargets`
│ │ │ - `application-autoscaling:PutScalingPolicy`
│ │ │ - `application-autoscaling:PutScheduledAction`
│ │ │ - `application-autoscaling:RegisterScalableTarget`
│ │ │ - When using provisioned billing mode, CloudFormation will create an auto scaling policy on each of your replicas to control their write capacities. You must configure this policy using the `WriteProvisionedThroughputSettings` property. CloudFormation will ensure that all replicas have the same write capacity auto scaling property. You cannot directly specify a value for write capacity for a global table.
│ │ │ - If your table uses provisioned capacity, you must configure auto scaling directly in the `AWS::DynamoDB::GlobalTable` resource. You should not configure additional auto scaling policies on any of the table replicas or global secondary indexes, either via API or via `AWS::ApplicationAutoScaling::ScalableTarget` or `AWS::ApplicationAutoScaling::ScalingPolicy` . Doing so might result in unexpected behavior and is unsupported.
│ │ │ - In AWS CloudFormation , each global table is controlled by a single stack, in a single region, regardless of the number of replicas. When you deploy your template, CloudFormation will create/update all replicas as part of a single stack operation. You should not deploy the same `AWS::DynamoDB::GlobalTable` resource in multiple regions. Doing so will result in errors, and is unsupported. If you deploy your application template in multiple regions, you can use conditions to only create the resource in a single region. Alternatively, you can choose to define your `AWS::DynamoDB::GlobalTable` resources in a stack separate from your application stack, and make sure it is only deployed to a single region.
│ │ │ + documentation: The `AWS::DynamoDB::GlobalTable` resource enables you to create and manage a Version 2019.11.21 global table. This resource cannot be used to create or manage a Version 2017.11.29 global table. For more information, see [Global tables](https://docs.aws.amazon.com//amazondynamodb/latest/developerguide/GlobalTables.html) .
│ │ │ > You cannot convert a resource of type `AWS::DynamoDB::Table` into a resource of type `AWS::DynamoDB::GlobalTable` by changing its type in your template. *Doing so might result in the deletion of your DynamoDB table.*
│ │ │ >
│ │ │ > You can instead use the GlobalTable resource to create a new table in a single Region. This will be billed the same as a single Region table. If you later update the stack to add other Regions then Global Tables pricing will apply.
│ │ │ You should be aware of the following behaviors when working with DynamoDB global tables.
│ │ │ - The IAM Principal executing the stack operation must have the permissions listed below in all regions where you plan to have a global table replica. The IAM Principal's permissions should not have restrictions based on IP source address. Some global tables operations (for example, adding a replica) are asynchronous, and require that the IAM Principal is valid until they complete. You should not delete the Principal (user or IAM role) until CloudFormation has finished updating your stack.
│ │ │ - `application-autoscaling:DeleteScalingPolicy`
│ │ │ - `application-autoscaling:DeleteScheduledAction`
│ │ │ - `application-autoscaling:DeregisterScalableTarget`
│ │ │ - `application-autoscaling:DescribeScalableTargets`
│ │ │ - `application-autoscaling:DescribeScalingPolicies`
│ │ │ - `application-autoscaling:PutScalingPolicy`
│ │ │ - `application-autoscaling:PutScheduledAction`
│ │ │ - `application-autoscaling:RegisterScalableTarget`
│ │ │ - `dynamodb:BatchWriteItem`
│ │ │ - `dynamodb:CreateGlobalTableWitness`
│ │ │ - `dynamodb:CreateTable`
│ │ │ - `dynamodb:CreateTableReplica`
│ │ │ - `dynamodb:DeleteGlobalTableWitness`
│ │ │ - `dynamodb:DeleteItem`
│ │ │ - `dynamodb:DeleteTable`
│ │ │ - `dynamodb:DeleteTableReplica`
│ │ │ - `dynamodb:DescribeContinuousBackups`
│ │ │ - `dynamodb:DescribeContributorInsights`
│ │ │ - `dynamodb:DescribeTable`
│ │ │ - `dynamodb:DescribeTableReplicaAutoScaling`
│ │ │ - `dynamodb:DescribeTimeToLive`
│ │ │ - `dynamodb:DisableKinesisStreamingDestination`
│ │ │ - `dynamodb:EnableKinesisStreamingDestination`
│ │ │ - `dynamodb:GetItem`
│ │ │ - `dynamodb:ListTables`
│ │ │ - `dynamodb:ListTagsOfResource`
│ │ │ - `dynamodb:PutItem`
│ │ │ - `dynamodb:Query`
│ │ │ - `dynamodb:Scan`
│ │ │ - `dynamodb:TagResource`
│ │ │ - `dynamodb:UntagResource`
│ │ │ - `dynamodb:UpdateContinuousBackups`
│ │ │ - `dynamodb:UpdateContributorInsights`
│ │ │ - `dynamodb:UpdateItem`
│ │ │ - `dynamodb:UpdateTable`
│ │ │ - `dynamodb:UpdateTableReplicaAutoScaling`
│ │ │ - `dynamodb:UpdateTimeToLive`
│ │ │ - `iam:CreateServiceLinkedRole`
│ │ │ - `kms:CreateGrant`
│ │ │ - `kms:DescribeKey`
│ │ │ - When using provisioned billing mode, CloudFormation will create an auto scaling policy on each of your replicas to control their write capacities. You must configure this policy using the `WriteProvisionedThroughputSettings` property. CloudFormation will ensure that all replicas have the same write capacity auto scaling property. You cannot directly specify a value for write capacity for a global table.
│ │ │ - If your table uses provisioned capacity, you must configure auto scaling directly in the `AWS::DynamoDB::GlobalTable` resource. You should not configure additional auto scaling policies on any of the table replicas or global secondary indexes, either via API or via `AWS::ApplicationAutoScaling::ScalableTarget` or `AWS::ApplicationAutoScaling::ScalingPolicy` . Doing so might result in unexpected behavior and is unsupported.
│ │ │ - In AWS CloudFormation , each global table is controlled by a single stack, in a single region, regardless of the number of replicas. When you deploy your template, CloudFormation will create/update all replicas as part of a single stack operation. You should not deploy the same `AWS::DynamoDB::GlobalTable` resource in multiple regions. Doing so will result in errors, and is unsupported. If you deploy your application template in multiple regions, you can use conditions to only create the resource in a single region. Alternatively, you can choose to define your `AWS::DynamoDB::GlobalTable` resources in a stack separate from your application stack, and make sure it is only deployed to a single region.
│ │ ├ properties
│ │ │ ├[+] GlobalTableWitnesses: Array<GlobalTableWitness>
│ │ │ ├[+] MultiRegionConsistency: string
│ │ │ ├ Replicas: (documentation changed)
│ │ │ └ StreamSpecification: (documentation changed)
│ │ └ types
│ │ ├[+] type GlobalTableWitness
│ │ │ ├ documentation: The witness Region for the MRSC global table. A MRSC global table can be configured with either three replicas, or with two replicas and one witness.
│ │ │ │ The witness must be in a different Region than the replicas and within the same Region set:
│ │ │ │ - US Region set: US East (N. Virginia), US East (Ohio), US West (Oregon)
│ │ │ │ - EU Region set: Europe (Ireland), Europe (London), Europe (Paris), Europe (Frankfurt)
│ │ │ │ - AP Region set: Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Osaka)
│ │ │ │ name: GlobalTableWitness
│ │ │ └ properties
│ │ │ └ Region: string
│ │ └[~] type StreamSpecification
│ │ └ - documentation: Represents the DynamoDB Streams configuration for a table in DynamoDB.
│ │ You can only modify this value if your `AWS::DynamoDB::GlobalTable` contains only one entry in `Replicas` . You must specify a value for this property if your `AWS::DynamoDB::GlobalTable` contains more than one replica.
│ │ + documentation: Represents the DynamoDB Streams configuration for a table in DynamoDB .
│ │ You can only modify this value for a `AWS::DynamoDB::GlobalTable` resource configured for multi-Region eventual consistency (MREC, the default) if that resource contains only one entry in `Replicas` . You must specify a value for this property for a `AWS::DynamoDB::GlobalTable` resource configured for MREC with more than one entry in `Replicas` . For Multi-Region Strong Consistency (MRSC), Streams are not required and can be changed for existing tables.
│ └[~] resource AWS::DynamoDB::Table
│ └ properties
│ └ ResourcePolicy: (documentation changed)
├[~] service aws-ec2
│ └ resources
│ ├[~] resource AWS::EC2::CapacityReservationFleet
│ │ └ - tagInformation: undefined
│ │ + tagInformation: {"tagPropertyName":"TagSpecifications","variant":"standard"}
│ └[~] resource AWS::EC2::TrafficMirrorFilterRule
│ └ attributes
│ ├[-] Id: string
│ └ TrafficMirrorFilterRuleId: (documentation changed)
├[~] service aws-ecs
│ └ resources
│ ├[~] resource AWS::ECS::Service
│ │ └ attributes
│ │ └ ServiceArn: (documentation changed)
│ └[~] resource AWS::ECS::TaskDefinition
│ ├ properties
│ │ └ InferenceAccelerators: (documentation changed)
│ └ types
│ └[~] type InferenceAccelerator
│ ├ - documentation: Details on an Elastic Inference accelerator. For more information, see [Working with Amazon Elastic Inference on Amazon ECS](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-inference.html) in the *Amazon Elastic Container Service Developer Guide* .
│ │ + documentation: Details on an Elastic Inference accelerator. For more information, see [Working with Amazon Elastic Inference on Amazon ECS](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-inference.html) in the *Amazon Elastic Container Service Developer Guide*.
│ └ properties
│ └ DeviceName: (documentation changed)
├[~] service aws-emrserverless
│ └ resources
│ └[~] resource AWS::EMRServerless::Application
│ └ properties
│ └ IdentityCenterConfiguration: (documentation changed)
├[~] service aws-evs
│ └ resources
│ └[~] resource AWS::EVS::Environment
│ ├ properties
│ │ └ LicenseInfo: (documentation changed)
│ └ types
│ └[~] type LicenseInfo
│ └ properties
│ ├ SolutionKey: (documentation changed)
│ └ VsanKey: (documentation changed)
├[~] service aws-fsx
│ └ resources
│ └[~] resource AWS::FSx::S3AccessPointAttachment
│ ├ - documentation: Resource type definition for AWS::FSx::S3AccessPointAttachment
│ │ + documentation: An S3 access point attached to an Amazon FSx volume.
│ ├ properties
│ │ ├ Name: (documentation changed)
│ │ ├ OpenZFSConfiguration: (documentation changed)
│ │ ├ S3AccessPoint: (documentation changed)
│ │ └ Type: (documentation changed)
│ ├ attributes
│ │ ├ S3AccessPoint.Alias: (documentation changed)
│ │ └ S3AccessPoint.ResourceARN: (documentation changed)
│ └ types
│ ├[~] type FileSystemGID
│ │ ├ - documentation: undefined
│ │ │ + documentation: The GID of the file system user.
│ │ └ properties
│ │ └ Gid: (documentation changed)
│ ├[~] type OpenZFSFileSystemIdentity
│ │ ├ - documentation: undefined
│ │ │ + documentation: Specifies the file system user identity that will be used for authorizing all file access requests that are made using the S3 access point.
│ │ └ properties
│ │ ├ PosixUser: (documentation changed)
│ │ └ Type: (documentation changed)
│ ├[~] type OpenZFSPosixFileSystemUser
│ │ ├ - documentation: undefined
│ │ │ + documentation: The FSx for OpenZFS file system user that is used for authorizing all file access requests that are made using the S3 access point.
│ │ └ properties
│ │ ├ Gid: (documentation changed)
│ │ ├ SecondaryGids: (documentation changed)
│ │ └ Uid: (documentation changed)
│ ├[~] type S3AccessPoint
│ │ ├ - documentation: undefined
│ │ │ + documentation: Describes the S3 access point configuration of the S3 access point attachment.
│ │ └ properties
│ │ ├ Alias: (documentation changed)
│ │ ├ Policy: (documentation changed)
│ │ ├ ResourceARN: (documentation changed)
│ │ └ VpcConfiguration: (documentation changed)
│ ├[~] type S3AccessPointOpenZFSConfiguration
│ │ ├ - documentation: undefined
│ │ │ + documentation: Describes the FSx for OpenZFS attachment configuration of an S3 access point attachment.
│ │ └ properties
│ │ ├ FileSystemIdentity: (documentation changed)
│ │ └ VolumeId: (documentation changed)
│ └[~] type S3AccessPointVpcConfiguration
│ ├ - documentation: undefined
│ │ + documentation: If included, Amazon S3 restricts access to this access point to requests from the specified virtual private cloud (VPC).
│ └ properties
│ └ VpcId: (documentation changed)
├[~] service aws-gamelift
│ └ resources
│ ├[~] resource AWS::GameLift::ContainerFleet
│ │ └ types
│ │ └[~] type LogConfiguration
│ │ └ properties
│ │ └[+] LogGroupArn: string
│ └[~] resource AWS::GameLift::Fleet
│ └ properties
│ └ ApplyCapacity: - string (immutable)
│ + string
├[~] service aws-iot
│ └ resources
│ └[~] resource AWS::IoT::Logging
│ └ - documentation: Configure logging.
│ > If you already set the log function of AWS IoT Core , you can't deploy the AWS Cloud Development Kit (AWS CDK) to change the logging settings. You can change the logging settings by either:
│ >
│ > - Importing the existing logging resource into your AWS CloudFormation stack, such as with the [infrastructure as code generator (IaC generator)](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/generate-IaC.html) .
│ > - Calling `aws iot set-v2-logging-options --disable-all-logs` before creating a new CloudFormation stack. This command disables all AWS IoT logging. As a result, no AWS IoT logs will be delivered to Amazon CloudWatch until you re-enable logging.
│ + documentation: Configure logging.
│ > If you already set the log function of AWS IoT Core , you can't deploy the Cloud Development Kit to change the logging settings. You can change the logging settings by either:
│ >
│ > - Importing the existing logging resource into your AWS CloudFormation stack, such as with the [infrastructure as code generator (IaC generator)](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/generate-IaC.html) .
│ > - Calling `aws iot set-v2-logging-options --disable-all-logs` before creating a new CloudFormation stack. This command disables all AWS IoT logging. As a result, no AWS IoT logs will be delivered to Amazon CloudWatch until you re-enable logging.
├[~] service aws-kinesis
│ └ resources
│ └[~] resource AWS::Kinesis::StreamConsumer
│ ├ - tagInformation: undefined
│ │ + tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│ └ properties
│ └[+] Tags: Array<tag> (immutable)
├[~] service aws-lex
│ └ resources
│ └[~] resource AWS::Lex::Bot
│ └ types
│ ├[~] type BuildtimeSettings
│ │ └ - documentation: undefined
│ │ + documentation: Contains specifications about the Amazon Lex build time generative AI capabilities from Amazon Bedrock that you can turn on for your bot.
│ ├[~] type DescriptiveBotBuilderSpecification
│ │ ├ - documentation: undefined
│ │ │ + documentation: Contains specifications for the descriptive bot building feature.
│ │ └ properties
│ │ ├ BedrockModelSpecification: (documentation changed)
│ │ └ Enabled: (documentation changed)
│ ├[~] type GenerativeAISettings
│ │ └ - documentation: undefined
│ │ + documentation: Contains specifications about the generative AI capabilities from Amazon Bedrock that you can turn on for your bot.
│ ├[~] type NluImprovementSpecification
│ │ ├ - documentation: undefined
│ │ │ + documentation: Configures the Assisted Natural Language Understanding (NLU) feature for your bot. This specification determines whether enhanced intent recognition and utterance understanding capabilities are active.
│ │ └ properties
│ │ └ Enabled: (documentation changed)
│ ├[~] type RuntimeSettings
│ │ └ - documentation: undefined
│ │ + documentation: Contains specifications about the Amazon Lex runtime generative AI capabilities from Amazon Bedrock that you can turn on for your bot.
│ ├[~] type SampleUtteranceGenerationSpecification
│ │ ├ - documentation: undefined
│ │ │ + documentation: Contains specifications for the sample utterance generation feature.
│ │ └ properties
│ │ └ Enabled: (documentation changed)
│ └[~] type SlotResolutionImprovementSpecification
│ ├ - documentation: undefined
│ │ + documentation: Contains specifications for the assisted slot resolution feature.
│ └ properties
│ ├ BedrockModelSpecification: (documentation changed)
│ └ Enabled: (documentation changed)
├[~] service aws-neptune
│ └ resources
│ └[~] resource AWS::Neptune::DBInstance
│ ├ properties
│ │ └ DBSnapshotIdentifier: - string (immutable)
│ │ + string (deprecated=WARN, immutable)
│ │ (documentation changed)
│ └ attributes
│ └[-] Id: string
├[+] service aws-odb
│ ├ capitalized: ODB
│ │ cloudFormationNamespace: AWS::ODB
│ │ name: aws-odb
│ │ shortName: odb
│ └ resources
│ ├ resource AWS::ODB::CloudAutonomousVmCluster
│ │ ├ name: CloudAutonomousVmCluster
│ │ │ cloudFormationType: AWS::ODB::CloudAutonomousVmCluster
│ │ │ documentation: The AWS::ODB::CloudAutonomousVmCluster resource creates a Cloud Autonomous VM Cluster
│ │ │ tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│ │ ├ properties
│ │ │ ├ OdbNetworkId: string (immutable)
│ │ │ ├ DisplayName: string (immutable)
│ │ │ ├ CloudExadataInfrastructureId: string (immutable)
│ │ │ ├ AutonomousDataStorageSizeInTBs: number (immutable)
│ │ │ ├ CpuCoreCountPerNode: integer (immutable)
│ │ │ ├ DbServers: Array<string> (immutable)
│ │ │ ├ Description: string (immutable)
│ │ │ ├ IsMtlsEnabledVmCluster: boolean (immutable)
│ │ │ ├ LicenseModel: string (immutable)
│ │ │ ├ MaintenanceWindow: MaintenanceWindow (immutable)
│ │ │ ├ MemoryPerOracleComputeUnitInGBs: integer (immutable)
│ │ │ ├ ScanListenerPortNonTls: integer (immutable)
│ │ │ ├ ScanListenerPortTls: integer (immutable)
│ │ │ ├ Tags: Array<tag>
│ │ │ ├ TimeZone: string (immutable)
│ │ │ └ TotalContainerDatabases: integer (immutable)
│ │ ├ attributes
│ │ │ ├ CloudAutonomousVmClusterId: string
│ │ │ ├ CloudAutonomousVmClusterArn: string
│ │ │ ├ OciResourceAnchorName: string
│ │ │ ├ AutonomousDataStoragePercentage: number
│ │ │ ├ AvailableAutonomousDataStorageSizeInTBs: number
│ │ │ ├ AvailableContainerDatabases: integer
│ │ │ ├ AvailableCpus: number
│ │ │ ├ ComputeModel: string
│ │ │ ├ CpuCoreCount: integer
│ │ │ ├ CpuPercentage: number
│ │ │ ├ DataStorageSizeInGBs: number
│ │ │ ├ DataStorageSizeInTBs: number
│ │ │ ├ DbNodeStorageSizeInGBs: integer
│ │ │ ├ Domain: string
│ │ │ ├ ExadataStorageInTBsLowestScaledValue: number
│ │ │ ├ Hostname: string
│ │ │ ├ Ocid: string
│ │ │ ├ OciUrl: string
│ │ │ ├ MaxAcdsLowestScaledValue: integer
│ │ │ ├ MemorySizeInGBs: integer
│ │ │ ├ NodeCount: integer
│ │ │ ├ NonProvisionableAutonomousContainerDatabases: integer
│ │ │ ├ ProvisionableAutonomousContainerDatabases: integer
│ │ │ ├ ProvisionedAutonomousContainerDatabases: integer
│ │ │ ├ ProvisionedCpus: number
│ │ │ ├ ReclaimableCpus: number
│ │ │ ├ ReservedCpus: number
│ │ │ └ Shape: string
│ │ └ types
│ │ └ type MaintenanceWindow
│ │ ├ documentation: The scheduling details for the maintenance window. Patching and system updates take place during the maintenance window.
│ │ │ name: MaintenanceWindow
│ │ └ properties
│ │ ├ DaysOfWeek: Array<string>
│ │ ├ HoursOfDay: Array<integer>
│ │ ├ LeadTimeInWeeks: integer
│ │ ├ Months: Array<string>
│ │ ├ Preference: string
│ │ └ WeeksOfMonth: Array<integer>
│ ├ resource AWS::ODB::CloudExadataInfrastructure
│ │ ├ name: CloudExadataInfrastructure
│ │ │ cloudFormationType: AWS::ODB::CloudExadataInfrastructure
│ │ │ documentation: The AWS::ODB::CloudExadataInfrastructure resource creates an Exadata Infrastructure
│ │ │ tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│ │ ├ properties
│ │ │ ├ AvailabilityZone: string (immutable)
│ │ │ ├ AvailabilityZoneId: string (immutable)
│ │ │ ├ ComputeCount: integer (immutable)
│ │ │ ├ CustomerContactsToSendToOCI: Array<CustomerContact> (immutable)
│ │ │ ├ DatabaseServerType: string (immutable)
│ │ │ ├ DisplayName: string (immutable)
│ │ │ ├ Shape: string (immutable)
│ │ │ ├ StorageCount: integer (immutable)
│ │ │ ├ StorageServerType: string (immutable)
│ │ │ └ Tags: Array<tag>
│ │ ├ attributes
│ │ │ ├ ActivatedStorageCount: integer
│ │ │ ├ AdditionalStorageCount: integer
│ │ │ ├ AvailableStorageSizeInGBs: integer
│ │ │ ├ CloudExadataInfrastructureArn: string
│ │ │ ├ CloudExadataInfrastructureId: string
│ │ │ ├ ComputeModel: string
│ │ │ ├ CpuCount: integer
│ │ │ ├ DataStorageSizeInTBs: number
│ │ │ ├ DbNodeStorageSizeInGBs: integer
│ │ │ ├ DbServerVersion: string
│ │ │ ├ MaxCpuCount: integer
│ │ │ ├ MaxDataStorageInTBs: number
│ │ │ ├ MaxDbNodeStorageSizeInGBs: integer
│ │ │ ├ MaxMemoryInGBs: integer
│ │ │ ├ MemorySizeInGBs: integer
│ │ │ ├ OciResourceAnchorName: string
│ │ │ ├ OciUrl: string
│ │ │ ├ Ocid: string
│ │ │ ├ StorageServerVersion: string
│ │ │ ├ TotalStorageSizeInGBs: integer
│ │ │ └ DbServerIds: Array<string>
│ │ └ types
│ │ └ type CustomerContact
│ │ ├ documentation: A contact to receive notification from Oracle about maintenance updates for a specific Exadata infrastructure.
│ │ │ name: CustomerContact
│ │ └ properties
│ │ └ Email: string
│ ├ resource AWS::ODB::CloudVmCluster
│ │ ├ name: CloudVmCluster
│ │ │ cloudFormationType: AWS::ODB::CloudVmCluster
│ │ │ documentation: The AWS::ODB::CloudVmCluster resource creates a Cloud VM Cluster
│ │ │ tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│ │ ├ properties
│ │ │ ├ CloudExadataInfrastructureId: string (immutable)
│ │ │ ├ ClusterName: string (immutable)
│ │ │ ├ CpuCoreCount: integer (immutable)
│ │ │ ├ DataCollectionOptions: DataCollectionOptions (immutable)
│ │ │ ├ DataStorageSizeInTBs: number (immutable)
│ │ │ ├ DbNodeStorageSizeInGBs: integer (immutable)
│ │ │ ├ DbServers: Array<string> (immutable)
│ │ │ ├ DisplayName: string (immutable)
│ │ │ ├ GiVersion: string (immutable)
│ │ │ ├ Hostname: string (immutable)
│ │ │ ├ IsLocalBackupEnabled: boolean (immutable)
│ │ │ ├ IsSparseDiskgroupEnabled: boolean (immutable)
│ │ │ ├ LicenseModel: string (immutable)
│ │ │ ├ MemorySizeInGBs: integer (immutable)
│ │ │ ├ OdbNetworkId: string (immutable)
│ │ │ ├ ScanListenerPortTcp: integer (immutable)
│ │ │ ├ SshPublicKeys: Array<string> (immutable)
│ │ │ ├ SystemVersion: string (immutable)
│ │ │ ├ Tags: Array<tag>
│ │ │ └ TimeZone: string (immutable)
│ │ ├ attributes
│ │ │ ├ CloudVmClusterArn: string
│ │ │ ├ CloudVmClusterId: string
│ │ │ ├ ComputeModel: string
│ │ │ ├ DiskRedundancy: string
│ │ │ ├ Domain: string
│ │ │ ├ ListenerPort: integer
│ │ │ ├ NodeCount: integer
│ │ │ ├ Ocid: string
│ │ │ ├ OciResourceAnchorName: string
│ │ │ ├ OciUrl: string
│ │ │ ├ ScanDnsName: string
│ │ │ ├ ScanIpIds: Array<string>
│ │ │ ├ Shape: string
│ │ │ ├ StorageSizeInGBs: integer
│ │ │ └ VipIds: Array<string>
│ │ └ types
│ │ └ type DataCollectionOptions
│ │ ├ documentation: Information about the data collection options enabled for a VM cluster.
│ │ │ name: DataCollectionOptions
│ │ └ properties
│ │ ├ IsDiagnosticsEventsEnabled: boolean
│ │ ├ IsHealthMonitoringEnabled: boolean
│ │ └ IsIncidentLogsEnabled: boolean
│ └ resource AWS::ODB::OdbNetwork
│ ├ name: OdbNetwork
│ │ cloudFormationType: AWS::ODB::OdbNetwork
│ │ documentation: The AWS::ODB::OdbNetwork resource creates an ODB Network
│ │ tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│ ├ properties
│ │ ├ AvailabilityZone: string (immutable)
│ │ ├ AvailabilityZoneId: string (immutable)
│ │ ├ BackupSubnetCidr: string (immutable)
│ │ ├ ClientSubnetCidr: string (immutable)
│ │ ├ DefaultDnsPrefix: string (immutable)
│ │ ├ DeleteAssociatedResources: boolean
│ │ ├ DisplayName: string (immutable)
│ │ └ Tags: Array<tag>
│ └ attributes
│ ├ OciNetworkAnchorId: string
│ ├ OciResourceAnchorName: string
│ ├ OciVcnUrl: string
│ ├ OdbNetworkArn: string
│ └ OdbNetworkId: string
├[~] service aws-omics
│ └ resources
│ └[~] resource AWS::Omics::Workflow
│ └ - documentation: Creates a private workflow.Private workflows depend on a variety of resources that you create and configure before creating the workflow:
│ - *Input data* : Input data for the workflow, stored in an S3 bucket or a AWS HealthOmics sequence store.
│ - *Workflow definition files* : Define your workflow in one or more workflow definition files, written in WDL, Nextflow, or CWL. The workflow definition specifies the inputs and outputs for runs that use the workflow. It also includes specifications for the runs and run tasks for your workflow, including compute and memory requirements.
│ - *Parameter template files* : Define run parameters using a parameter template file (written in JSON).
│ - *ECR container images* : Create one or more container images for the workflow. Store the images in a private ECR repository.
│ - (Optional) *Sentieon licenses* : Request a Sentieon license if you plan to use Sentieon software in a private workflow.
│ For more information, see [Creating or updating a private workflow in AWS HealthOmics](https://docs.aws.amazon.com/omics/latest/dev/creating-private-workflows.html) in the AWS HealthOmics User Guide.
│ + documentation: Creates a private workflow.Private workflows depend on a variety of resources that you create and configure before creating the workflow:
│ - *Input data* : Input data for the workflow, stored in an S3 bucket or a AWS HealthOmics sequence store.
│ - *Workflow definition files* : Define your workflow in one or more workflow definition files, written in WDL, Nextflow, or CWL. The workflow definition specifies the inputs and outputs for runs that use the workflow. It also includes specifications for the runs and run tasks for your workflow, including compute and memory requirements.
│ - (Optional) *Parameter template* - You can create a parameter template file that defines the run parameters, or AWS HealthOmics can generate the parameter template for you.
│ - *ECR container images* : Create one or more container images for the workflow. Store the images in a private ECR repository.
│ - (Optional) *Sentieon licenses* : Request a Sentieon license if you plan to use Sentieon software in a private workflow.
│ For more information, see [Creating or updating a private workflow in AWS HealthOmics](https://docs.aws.amazon.com/omics/latest/dev/creating-private-workflows.html) in the AWS HealthOmics User Guide.
├[~] service aws-qbusiness
│ └ resources
│ ├[~] resource AWS::QBusiness::DataAccessor
│ │ ├ properties
│ │ │ └[+] AuthenticationDetail: DataAccessorAuthenticationDetail
│ │ └ types
│ │ ├[+] type DataAccessorAuthenticationConfiguration
│ │ │ ├ documentation: A union type that contains the specific authentication configuration based on the authentication type selected.
│ │ │ │ name: DataAccessorAuthenticationConfiguration
│ │ │ └ properties
│ │ │ └ IdcTrustedTokenIssuerConfiguration: DataAccessorIdcTrustedTokenIssuerConfiguration (required)
│ │ ├[+] type DataAccessorAuthenticationDetail
│ │ │ ├ documentation: Contains the authentication configuration details for a data accessor. This structure defines how the ISV authenticates when accessing data through the data accessor.
│ │ │ │ name: DataAccessorAuthenticationDetail
│ │ │ └ properties
│ │ │ ├ AuthenticationType: string (required)
│ │ │ ├ AuthenticationConfiguration: DataAccessorAuthenticationConfiguration
│ │ │ └ ExternalIds: Array<string>
│ │ └[+] type DataAccessorIdcTrustedTokenIssuerConfiguration
│ │ ├ documentation: Configuration details for IAM Identity Center Trusted Token Issuer (TTI) authentication.
│ │ │ name: DataAccessorIdcTrustedTokenIssuerConfiguration
│ │ └ properties
│ │ └ IdcTrustedTokenIssuerArn: string (required)
│ ├[~] resource AWS::QBusiness::DataSource
│ │ └ types
│ │ └[~] type HookConfiguration
│ │ └ properties
│ │ └ LambdaArn: (documentation changed)
│ └[~] resource AWS::QBusiness::Permission
│ ├ properties
│ │ └[+] Conditions: Array<Condition> (immutable)
│ └ types
│ └[+] type Condition
│ ├ name: Condition
│ └ properties
│ ├ ConditionOperator: string (required)
│ ├ ConditionKey: string (required)
│ └ ConditionValues: Array<string> (required)
├[~] service aws-quicksight
│ └ resources
│ ├[~] resource AWS::QuickSight::CustomPermissions
│ │ └ types
│ │ └[~] type Capabilities
│ │ └ properties
│ │ ├ ExportToCsv: (documentation changed)
│ │ ├[+] ExportToCsvInScheduledReports: string
│ │ ├ ExportToExcel: (documentation changed)
│ │ ├[+] ExportToExcelInScheduledReports: string
│ │ ├[+] ExportToPdf: string
│ │ ├[+] ExportToPdfInScheduledReports: string
│ │ ├[+] IncludeContentInScheduledReportsEmail: string
│ │ └[+] PrintReports: string
│ ├[~] resource AWS::QuickSight::Dashboard
│ │ └ types
│ │ └[~] type ExportToCSVOption
│ │ └ - documentation: Enable/disable visual-level downloads option.
│ │ + documentation: Export to .csv option.
│ └[~] resource AWS::QuickSight::DataSource
│ └ types
│ ├[~] type OracleParameters
│ │ └ properties
│ │ └[+] UseServiceName: boolean (default=false)
│ └[~] type RedshiftParameters
│ └ properties
│ └ IdentityCenterConfiguration: - IdentityCenterConfiguration
│ + json ⇐ IdentityCenterConfiguration
├[~] service aws-rds
│ └ resources
│ └[~] resource AWS::RDS::DBInstance
│ └ properties
│ ├[+] BackupTarget: string (immutable)
│ └ MultiAZ: (documentation changed)
├[~] service aws-redshiftserverless
│ └ resources
│ └[~] resource AWS::RedshiftServerless::Snapshot
│ ├ - documentation: Resource Type definition for AWS::RedshiftServerless::Snapshot Resource Type.
│ │ + documentation: A snapshot object that contains databases.
│ ├ properties
│ │ ├ NamespaceName: (documentation changed)
│ │ ├ RetentionPeriod: (documentation changed)
│ │ └ Tags: (documentation changed)
│ ├ attributes
│ │ ├ OwnerAccount: (documentation changed)
│ │ ├ Snapshot.AdminUsername: (documentation changed)
│ │ ├ Snapshot.KmsKeyId: (documentation changed)
│ │ ├ Snapshot.NamespaceArn: (documentation changed)
│ │ ├ Snapshot.NamespaceName: (documentation changed)
│ │ ├ Snapshot.OwnerAccount: (documentation changed)
│ │ ├ Snapshot.RetentionPeriod: (documentation changed)
│ │ ├ Snapshot.SnapshotArn: (documentation changed)
│ │ ├ Snapshot.SnapshotCreateTime: (documentation changed)
│ │ ├ Snapshot.SnapshotName: (documentation changed)
│ │ └ Snapshot.Status: (documentation changed)
│ └ types
│ └[~] type Snapshot
│ ├ - documentation: undefined
│ │ + documentation: A snapshot object that contains databases.
│ └ properties
│ ├ AdminUsername: (documentation changed)
│ ├ KmsKeyId: (documentation changed)
│ ├ NamespaceArn: (documentation changed)
│ ├ NamespaceName: (documentation changed)
│ ├ OwnerAccount: (documentation changed)
│ ├ RetentionPeriod: (documentation changed)
│ ├ SnapshotArn: (documentation changed)
│ ├ SnapshotCreateTime: (documentation changed)
│ ├ SnapshotName: (documentation changed)
│ └ Status: (documentation changed)
├[~] service aws-s3tables
│ └ resources
│ └[+] resource AWS::S3Tables::Table
│ ├ name: Table
│ │ cloudFormationType: AWS::S3Tables::Table
│ │ documentation: Resource Type definition for AWS::S3Tables::Table
│ ├ properties
│ │ ├ WithoutMetadata: string (immutable)
│ │ ├ Compaction: Compaction
│ │ ├ Namespace: string (required)
│ │ ├ TableName: string (required)
│ │ ├ TableBucketARN: string (required, immutable)
│ │ ├ OpenTableFormat: string (required, immutable)
│ │ ├ IcebergMetadata: IcebergMetadata (immutable)
│ │ └ SnapshotManagement: SnapshotManagement
│ ├ attributes
│ │ ├ TableARN: string
│ │ ├ WarehouseLocation: string
│ │ └ VersionToken: string
│ └ types
│ ├ type Compaction
│ │ ├ documentation: Settings governing the Compaction maintenance action. Contains details about the compaction settings for an Iceberg table.
│ │ │ name: Compaction
│ │ └ properties
│ │ ├ Status: string
│ │ └ TargetFileSizeMB: integer
│ ├ type IcebergMetadata
│ │ ├ documentation: Contains details about the metadata for an Iceberg table.
│ │ │ name: IcebergMetadata
│ │ └ properties
│ │ └ IcebergSchema: IcebergSchema (required)
│ ├ type IcebergSchema
│ │ ├ documentation: Contains details about the schema for an Iceberg table
│ │ │ name: IcebergSchema
│ │ └ properties
│ │ └ SchemaFieldList: Array<SchemaField> (required)
│ ├ type SchemaField
│ │ ├ documentation: Contains details about the schema for an Iceberg table
│ │ │ name: SchemaField
│ │ └ properties
│ │ ├ Type: string (required)
│ │ ├ Required: boolean
│ │ └ Name: string (required)
│ └ type SnapshotManagement
│ ├ documentation: Contains details about the snapshot management settings for an Iceberg table. A snapshot is expired when it exceeds MinSnapshotsToKeep and MaxSnapshotAgeHours.
│ │ name: SnapshotManagement
│ └ properties
│ ├ Status: string
│ ├ MinSnapshotsToKeep: integer
│ └ MaxSnapshotAgeHours: integer
└[~] service aws-transfer
└ resources
└[~] resource AWS::Transfer::Server
└ types
└[~] type EndpointDetails
└ properties
└ AddressAllocationIds: (documentation changed)
```
…ck level (under feature flag) (#31443) Stacks are considered taggable, and so `Tags.of(this).add('key', 'value')` used to add tags to Stacks in scope. Usually this happens if `this` is an instance of `Stack`, which it commonly is in user code. Since `Tags.of(...)` walks the construct tree, it will add tags to the stack *and* to all the resources in the stack. Then, come deploy time, CloudFormation will also try and apply all the stack tags to the resources again. This is both unnecessary, as well as leads to loss of control: `excludeResourceTypes` appears to not work, since it will lead to resources not being tagged in the template (good) but then the resources will still be tagged by CloudFormation because the stack itself is tagged (bad). Also, if the tags applied this way contain intrinsics, they will contain nonsense because they are applied in a context where CloudFormation expressions don't work. ## In this change There is way to prevent Stacks from being tagged, by including `aws:cdk:stack` in the list of `excludeResourceTypes` (this is a fake resource type that Stack tags respect). Under a feature flag, `@aws-cdk/core:explicitStackTags`, this is now the default behavior. That resource type will be excluded by default, unless it is listed in the `includeResourceTypes` list. However, doing `includeResourceTypes` is still not desirable: stack tags should be applied directly on the `Stack` object if desired. This requires a user to make a conscious decision between resource-level and stack-level tagging: either apply tags to the stack, which will apply it to all resources but remove the ability to do `excludeResourceTypes`; or apply tags to (groups of) resources inside the template. Another benefit is that for tags applied at the stack level, this will resolve the following issue: #15947, as resources "becoming" taggable all of a sudden will not affect the template anymore. Closes #28017. Closes #33945. Closes #30055. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) Closes #34861. ### Reason for this change Creates CDK constructs for CloudWatch Logs Transformers. Transformers already have CFN constructs and this achieves functional parity. ### Description of changes Added a `Transformer` construct which is an abstraction over `cfnTransformer`. Created a factory class `ProcessorFactory` with static methods to create each of the 5 overarching types of processors described in https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation-Processors.html, namely: `ParserProcessor`, `VendedLogParser`, `StringMutatorProcessor`, `JsonMutatorProcessor` and `DataConverterProcessor`. These classes implement a `_bind()` method responsible for returning the props expected by CFN constructs for each processor of the respective types. These classes are further split into their processors defined by enums (`ParserProcessorType`, `VendedLogType`, `StringMutatorType`, `JsonMutatorType`, `DataConverterType`) and properties for each processor. A `Transformer` expects a `transformerConfig` which is a list of processors. Processors can be created using the static methods `createParserProcessor`, `createVendedLogParser`, `createStringMutatorProcessor`, `createJsonMutatorProcessor` and `createDataConverterProcessor` in the `ProcessorFactory`, by passing the type (from the enums defined above) and the relevant props for that processor. `ValidationError` is thrown if the expected/required props are not passed. Further validations are performed for limit breaches or positions of parsers being incorrect. ### Describe any new or updated permissions being added - ### Description of how you validated changes Added unit tests for each processor and each validation. Added integ test. ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws-cdk-automation
added
auto-approve
pr/no-squash
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
aws-cdk-automation
had a problem deploying
to
test-pipeline
GitHub Actions
Failure
leonmk-aws
had a problem deploying
to
test-pipeline
GitHub Actions
Failure
leonmk-aws
had a problem deploying
to
test-pipeline
GitHub Actions
Failure
leonmk-aws
had a problem deploying
to
test-pipeline
GitHub Actions
Failure
Collaborator
Author
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
aws-cdk-automation
added
the
pr/needs-maintainer-review
Contributor
|
Comments on closed issues and PRs are hard for our team to see. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
21 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See CHANGELOG