Skip to content

Commit 47a3ee3

Browse files
aws-cdk-automationaws-cdk-automation
authored
feat: update L1 CloudFormation resource definitions (#34730)
Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec` **L1 CloudFormation resource definition changes:** ``` ├[~] service aws-athena │ └ resources │ └[~] resource AWS::Athena::WorkGroup │ └ types │ ├[~] type ManagedQueryResultsConfiguration │ │ ├ - documentation: The configuration for the managed query results and encryption option. ResultConfiguration and ManagedQueryResultsConfiguration cannot be set at the same time │ │ │ + documentation: The configuration for storing results in Athena owned storage, which includes whether this feature is enabled; whether encryption configuration, if any, is used for encrypting query results. │ │ └ properties │ │ ├ Enabled: (documentation changed) │ │ └ EncryptionConfiguration: (documentation changed) │ └[~] type WorkGroupConfiguration │ └ properties │ └ ManagedQueryResultsConfiguration: (documentation changed) ├[~] service aws-customerprofiles │ └ resources │ ├[~] resource AWS::CustomerProfiles::CalculatedAttributeDefinition │ │ ├ properties │ │ │ └ UseHistoricalData: (documentation changed) │ │ └ attributes │ │ └ Status: (documentation changed) │ └[~] resource AWS::CustomerProfiles::ObjectType │ ├ properties │ │ └ MaxProfileObjectCount: (documentation changed) │ └ attributes │ └ MaxAvailableProfileObjectCount: (documentation changed) ├[~] service aws-ec2 │ └ resources │ ├[~] resource AWS::EC2::EgressOnlyInternetGateway │ │ ├ - tagInformation: undefined │ │ │ + tagInformation: {"tagPropertyName":"Tags","variant":"standard"} │ │ └ properties │ │ └[+] Tags: Array<tag> │ └[~] resource AWS::EC2::Subnet │ ├ attributes │ │ └[+] BlockPublicAccessStates: BlockPublicAccessStates │ └ types │ └[+] type BlockPublicAccessStates │ ├ name: BlockPublicAccessStates │ └ properties │ └ InternetGatewayBlockMode: string ├[~] service aws-efs │ └ resources │ └[~] resource AWS::EFS::MountTarget │ └ properties │ ├ IpAddressType: (documentation changed) │ └ Ipv6Address: (documentation changed) ├[~] service aws-eks │ └ resources │ ├[~] resource AWS::EKS::Addon │ │ ├ properties │ │ │ └ PodIdentityAssociations: (documentation changed) │ │ └ types │ │ └[~] type PodIdentityAssociation │ │ └ properties │ │ └ RoleArn: (documentation changed) │ ├[~] resource AWS::EKS::Cluster │ │ ├ properties │ │ │ └ BootstrapSelfManagedAddons: (documentation changed) │ │ └ types │ │ ├[~] type RemoteNetworkConfig │ │ │ └ properties │ │ │ ├ RemoteNodeNetworks: (documentation changed) │ │ │ └ RemotePodNetworks: (documentation changed) │ │ ├[~] type RemoteNodeNetwork │ │ │ ├ - documentation: A network CIDR that can contain hybrid nodes. │ │ │ │ These CIDR blocks define the expected IP address range of the hybrid nodes that join the cluster. These blocks are typically determined by your network administrator. │ │ │ │ Enter one or more IPv4 CIDR blocks in decimal dotted-quad notation (for example, `10.2.0.0/16` ). │ │ │ │ It must satisfy the following requirements: │ │ │ │ - Each block must be within an `IPv4` RFC-1918 network range. Minimum allowed size is /24, maximum allowed size is /8. Publicly-routable addresses aren't supported. │ │ │ │ - Each block cannot overlap with the range of the VPC CIDR blocks for your EKS resources, or the block of the Kubernetes service IP range. │ │ │ │ - Each block must have a route to the VPC that uses the VPC CIDR blocks, not public IPs or Elastic IPs. There are many options including AWS Transit Gateway , AWS Site-to-Site VPN , or AWS Direct Connect . │ │ │ │ - Each host must allow outbound connection to the EKS cluster control plane on TCP ports `443` and `10250` . │ │ │ │ - Each host must allow inbound connection from the EKS cluster control plane on TCP port 10250 for logs, exec and port-forward operations. │ │ │ │ - Each host must allow TCP and UDP network connectivity to and from other hosts that are running `CoreDNS` on UDP port `53` for service and pod DNS names. │ │ │ │ + documentation: A network CIDR that can contain hybrid nodes. │ │ │ │ These CIDR blocks define the expected IP address range of the hybrid nodes that join the cluster. These blocks are typically determined by your network administrator. │ │ │ │ Enter one or more IPv4 CIDR blocks in decimal dotted-quad notation (for example, `10.2.0.0/16` ). │ │ │ │ It must satisfy the following requirements: │ │ │ │ - Each block must be within an `IPv4` RFC-1918 network range. Minimum allowed size is /32, maximum allowed size is /8. Publicly-routable addresses aren't supported. │ │ │ │ - Each block cannot overlap with the range of the VPC CIDR blocks for your EKS resources, or the block of the Kubernetes service IP range. │ │ │ │ - Each block must have a route to the VPC that uses the VPC CIDR blocks, not public IPs or Elastic IPs. There are many options including AWS Transit Gateway , AWS Site-to-Site VPN , or AWS Direct Connect . │ │ │ │ - Each host must allow outbound connection to the EKS cluster control plane on TCP ports `443` and `10250` . │ │ │ │ - Each host must allow inbound connection from the EKS cluster control plane on TCP port 10250 for logs, exec and port-forward operations. │ │ │ │ - Each host must allow TCP and UDP network connectivity to and from other hosts that are running `CoreDNS` on UDP port `53` for service and pod DNS names. │ │ │ └ properties │ │ │ └ Cidrs: (documentation changed) │ │ └[~] type RemotePodNetwork │ │ ├ - documentation: A network CIDR that can contain pods that run Kubernetes webhooks on hybrid nodes. │ │ │ These CIDR blocks are determined by configuring your Container Network Interface (CNI) plugin. We recommend the Calico CNI or Cilium CNI. Note that the Amazon VPC CNI plugin for Kubernetes isn't available for on-premises and edge locations. │ │ │ Enter one or more IPv4 CIDR blocks in decimal dotted-quad notation (for example, `10.2.0.0/16` ). │ │ │ It must satisfy the following requirements: │ │ │ - Each block must be within an `IPv4` RFC-1918 network range. Minimum allowed size is /24, maximum allowed size is /8. Publicly-routable addresses aren't supported. │ │ │ - Each block cannot overlap with the range of the VPC CIDR blocks for your EKS resources, or the block of the Kubernetes service IP range. │ │ │ + documentation: A network CIDR that can contain pods that run Kubernetes webhooks on hybrid nodes. │ │ │ These CIDR blocks are determined by configuring your Container Network Interface (CNI) plugin. We recommend the Calico CNI or Cilium CNI. Note that the Amazon VPC CNI plugin for Kubernetes isn't available for on-premises and edge locations. │ │ │ Enter one or more IPv4 CIDR blocks in decimal dotted-quad notation (for example, `10.2.0.0/16` ). │ │ │ It must satisfy the following requirements: │ │ │ - Each block must be within an `IPv4` RFC-1918 network range. Minimum allowed size is /32, maximum allowed size is /8. Publicly-routable addresses aren't supported. │ │ │ - Each block cannot overlap with the range of the VPC CIDR blocks for your EKS resources, or the block of the Kubernetes service IP range. │ │ └ properties │ │ └ Cidrs: (documentation changed) │ └[~] resource AWS::EKS::PodIdentityAssociation │ ├ properties │ │ ├ DisableSessionTags: (documentation changed) │ │ ├ Namespace: (documentation changed) │ │ ├ RoleArn: (documentation changed) │ │ └ TargetRoleArn: (documentation changed) │ └ attributes │ └ ExternalId: (documentation changed) ├[~] service aws-lambda │ └ resources │ ├[~] resource AWS::Lambda::EventInvokeConfig │ │ └ types │ │ ├[~] type DestinationConfig │ │ │ └ - documentation: A configuration object that specifies the destination of an event after Lambda processes it. │ │ │ + documentation: A configuration object that specifies the destination of an event after Lambda processes it. For more information, see [Adding a destination](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async-retain-records.html#invocation-async-destinations) . │ │ ├[~] type OnFailure │ │ │ └ - documentation: A destination for events that failed processing. See [Capturing records of Lambda asynchronous invocations](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async-retain-records.html) for more information. │ │ │ + documentation: A destination for events that failed processing. For more information, see [Adding a destination](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async-retain-records.html#invocation-async-destinations) . │ │ └[~] type OnSuccess │ │ └ - documentation: A destination for events that were processed successfully. │ │ To retain records of successful [asynchronous invocations](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-destinations) , you can configure an Amazon SNS topic, Amazon SQS queue, Lambda function, or Amazon EventBridge event bus as the destination. │ │ + documentation: A destination for events that were processed successfully. │ │ To retain records of successful [asynchronous invocations](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-destinations) , you can configure an Amazon SNS topic, Amazon SQS queue, Lambda function, or Amazon EventBridge event bus as the destination. │ │ > `OnSuccess` is not supported in `CreateEventSourceMapping` or `UpdateEventSourceMapping` requests. │ └[~] resource AWS::Lambda::EventSourceMapping │ └ types │ ├[~] type DestinationConfig │ │ └ - documentation: A configuration object that specifies the destination of an event after Lambda processes it. │ │ + documentation: A configuration object that specifies the destination of an event after Lambda processes it. For more information, see [Adding a destination](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async-retain-records.html#invocation-async-destinations) . │ └[~] type OnFailure │ └ - documentation: A destination for events that failed processing. See [Capturing records of Lambda asynchronous invocations](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async-retain-records.html) for more information. │ + documentation: A destination for events that failed processing. For more information, see [Adding a destination](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async-retain-records.html#invocation-async-destinations) . ├[~] service aws-msk │ └ resources │ └[~] resource AWS::MSK::Cluster │ └ types │ └[~] type BrokerNodeGroupInfo │ └ properties │ └ InstanceType: (documentation changed) ├[~] service aws-mwaa │ └ resources │ └[~] resource AWS::MWAA::Environment │ └ properties │ └[+] WorkerReplacementStrategy: string ├[~] service aws-rds │ └ resources │ └[~] resource AWS::RDS::DBProxyTargetGroup │ └ types │ └[~] type ConnectionPoolConfigurationInfoFormat │ └ properties │ └ InitQuery: (documentation changed) ├[~] service aws-sagemaker │ └ resources │ └[~] resource AWS::SageMaker::Domain │ └ types │ ├[~] type DomainSettings │ │ └ properties │ │ └ UnifiedStudioSettings: (documentation changed) │ └[~] type UnifiedStudioSettings │ ├ - documentation: A collection of settings that apply to an Amazon SageMaker AI domain when you use it in Amazon SageMaker Unified Studio. │ │ + documentation: The settings that apply to an Amazon SageMaker AI domain when you use it in Amazon SageMaker Unified Studio. │ └ properties │ └ StudioWebPortalAccess: (documentation changed) └[~] service aws-wafv2 └ resources ├[~] resource AWS::WAFv2::RuleGroup │ └ types │ ├[+] type AsnMatchStatement │ │ ├ name: AsnMatchStatement │ │ └ properties │ │ ├ AsnList: Array<integer> │ │ └ ForwardedIPConfig: ForwardedIPConfiguration │ ├[~] type RateBasedStatementCustomKey │ │ └ properties │ │ └[+] ASN: json │ └[~] type Statement │ └ properties │ └[+] AsnMatchStatement: AsnMatchStatement └[~] resource AWS::WAFv2::WebACL ├ properties │ └ OnSourceDDoSProtectionConfig: - json │ + OnSourceDDoSProtectionConfig ⇐ json │ (documentation changed) └ types ├[+] type AsnMatchStatement │ ├ name: AsnMatchStatement │ └ properties │ ├ AsnList: Array<integer> │ └ ForwardedIPConfig: ForwardedIPConfiguration ├[~] type AWSManagedRulesACFPRuleSet │ └ - documentation: Details for your use of the account creation fraud prevention managed rule group, `AWSManagedRulesACFPRuleSet` . This configuration is used in `ManagedRuleGroupConfig` . │ + documentation: Details for your use of the account creation fraud prevention managed rule group, `AWSManagedRulesACFPRuleSet` . This configuration is used in `ManagedRuleGroupConfig` . │ For additional information about this and the other intelligent threat mitigation rule groups, see [Intelligent threat mitigation in AWS WAF](https://docs.aws.amazon.com/waf/latest/developerguide/waf-managed-protections) and [AWS Managed Rules rule groups list](https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list) in the *AWS WAF Developer Guide* . ├[+] type AWSManagedRulesAntiDDoSRuleSet │ ├ documentation: Configures how to use the AntiDDOS AWS managed rule group in the web ACL │ │ name: AWSManagedRulesAntiDDoSRuleSet │ └ properties │ ├ ClientSideActionConfig: ClientSideActionConfig (required) │ └ SensitivityToBlock: string ├[~] type AWSManagedRulesATPRuleSet │ └ - documentation: Details for your use of the account takeover prevention managed rule group, `AWSManagedRulesATPRuleSet` . This configuration is used in `ManagedRuleGroupConfig` . │ + documentation: Details for your use of the account takeover prevention managed rule group, `AWSManagedRulesATPRuleSet` . This configuration is used in `ManagedRuleGroupConfig` . │ For additional information about this and the other intelligent threat mitigation rule groups, see [Intelligent threat mitigation in AWS WAF](https://docs.aws.amazon.com/waf/latest/developerguide/waf-managed-protections) and [AWS Managed Rules rule groups list](https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list) in the *AWS WAF Developer Guide* . ├[~] type AWSManagedRulesBotControlRuleSet │ └ - documentation: Details for your use of the Bot Control managed rule group, `AWSManagedRulesBotControlRuleSet` . This configuration is used in `ManagedRuleGroupConfig` . │ + documentation: Details for your use of the Bot Control managed rule group, `AWSManagedRulesBotControlRuleSet` . This configuration is used in `ManagedRuleGroupConfig` . │ For additional information about this and the other intelligent threat mitigation rule groups, see [Intelligent threat mitigation in AWS WAF](https://docs.aws.amazon.com/waf/latest/developerguide/waf-managed-protections) and [AWS Managed Rules rule groups list](https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list) in the *AWS WAF Developer Guide* . ├[+] type ClientSideAction │ ├ documentation: Client side action config for AntiDDOS AMR. │ │ name: ClientSideAction │ └ properties │ ├ UsageOfAction: string (required) │ ├ Sensitivity: string │ └ ExemptUriRegularExpressions: Array<Regex> ├[+] type ClientSideActionConfig │ ├ documentation: Client side action config for AntiDDOS AMR. │ │ name: ClientSideActionConfig │ └ properties │ └ Challenge: ClientSideAction (required) ├[~] type ManagedRuleGroupConfig │ └ properties │ └[+] AWSManagedRulesAntiDDoSRuleSet: AWSManagedRulesAntiDDoSRuleSet ├[~] type ManagedRuleGroupStatement │ └ properties │ ├ ManagedRuleGroupConfigs: (documentation changed) │ └ RuleActionOverrides: (documentation changed) ├[+] type OnSourceDDoSProtectionConfig │ ├ documentation: Configures the options for on-source DDoS protection provided by supported resource type. │ │ name: OnSourceDDoSProtectionConfig │ └ properties │ └ ALBLowReputationMode: string (required) ├[~] type RateBasedStatementCustomKey │ └ properties │ └[+] ASN: json ├[+] type Regex │ ├ documentation: Regex │ │ name: Regex │ └ properties │ └ RegexString: string ├[~] type RuleGroupReferenceStatement │ └ properties │ └ RuleActionOverrides: (documentation changed) └[~] type Statement └ properties └[+] AsnMatchStatement: AsnMatchStatement ```
1 parent 3d0e68e commit 47a3ee3

File tree

75 files changed

+40594
-44624
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

75 files changed

+40594
-44624
lines changed

packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-dual-stack.js.snapshot/DualStackTestingDefaultTestDeployAssert8ACBFB2C.assets.json

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-dual-stack.js.snapshot/DualStackVpc.assets.json

Lines changed: 3 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-dual-stack.js.snapshot/DualStackVpc.template.json

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -864,6 +864,12 @@
864864
"DualStackProtocolVpcEIGW64BED696A": {
865865
"Type": "AWS::EC2::EgressOnlyInternetGateway",
866866
"Properties": {
867+
"Tags": [
868+
{
869+
"Key": "Name",
870+
"Value": "DualStackVpc/DualStackProtocolVpc"
871+
}
872+
],
867873
"VpcId": {
868874
"Ref": "DualStackProtocolVpc85768F2C"
869875
}

packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-dual-stack.js.snapshot/cdk.out

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-dual-stack.js.snapshot/integ.json

Lines changed: 2 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-dual-stack.js.snapshot/manifest.json

Lines changed: 3 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-dual-stack.js.snapshot/tree.json

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-egress-only-igw-feature-flag.js.snapshot/VpcEgressFeatureFlagTestDefaultTestDeployAssert9C3B9F44.assets.json

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-egress-only-igw-feature-flag.js.snapshot/VpcMigrationFeatureFlagDisabledStack.assets.json

Lines changed: 3 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-egress-only-igw-feature-flag.js.snapshot/VpcMigrationFeatureFlagDisabledStack.template.json

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -289,6 +289,12 @@
289289
"VpcDisabledEIGW6B9DA8E59": {
290290
"Type": "AWS::EC2::EgressOnlyInternetGateway",
291291
"Properties": {
292+
"Tags": [
293+
{
294+
"Key": "Name",
295+
"Value": "VpcMigrationFeatureFlagDisabledStack/VpcDisabled"
296+
}
297+
],
292298
"VpcId": {
293299
"Ref": "VpcDisabled51C226D6"
294300
}

0 commit comments

Comments
 (0)