chore(release): 2.194.0 #34335
Merged
chore(release): 2.194.0 #34335
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
) ### Issue # (if applicable) Relates to #32569 ### Reason for this change Untyped Errors are not recommended. ### Description of changes `ValidationErrors` everywhere ### Describe any new or updated permissions being added None ### Description of how you validated changes Existing tests. Exemptions granted as this is a refactor of existing code. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
The event notification filtering documentation links were outdated. This PR updates the links to event notification filtering in the relevant methods docstrings. Closes #34277 ### Reason for this change The event notification filtering documentation links were outdated. ### Description of changes Changes only to the URL in docstrings. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Automated changes by [create-pull-request](https://github.com/peter-evans/create-pull-request) GitHub action
Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec` **L1 CloudFormation resource definition changes:** ``` ├[~] service aws-apigateway │ └ resources │ ├[~] resource AWS::ApiGateway::Account │ │ └ - documentation: The `AWS::ApiGateway::Account` resource specifies the IAM role that Amazon API Gateway uses to write API logs to Amazon CloudWatch Logs. To avoid overwriting other roles, you should only have one `AWS::ApiGateway::Account` resource per region per account. │ │ + documentation: The `AWS::ApiGateway::Account` resource specifies the IAM role that Amazon API Gateway uses to write API logs to Amazon CloudWatch Logs. To avoid overwriting other roles, you should only have one `AWS::ApiGateway::Account` resource per region per account. │ │ When you delete a stack containing this resource, API Gateway can still assume the provided IAM role to write API logs to CloudWatch Logs. To deny API Gateway access to write API logs to CloudWatch logs, update the permissions policies or change the IAM role to deny access. │ └[~] resource AWS::ApiGateway::GatewayResponse │ └ - documentation: The `AWS::ApiGateway::GatewayResponse` resource creates a gateway response for your API. For more information, see [API Gateway Responses](https://docs.aws.amazon.com/apigateway/latest/developerguide/customize-gateway-responses.html#api-gateway-gatewayResponse-definition) in the *API Gateway Developer Guide* . │ + documentation: The `AWS::ApiGateway::GatewayResponse` resource creates a gateway response for your API. When you delete a stack containing this resource, your custom gateway responses are reset. For more information, see [API Gateway Responses](https://docs.aws.amazon.com/apigateway/latest/developerguide/customize-gateway-responses.html#api-gateway-gatewayResponse-definition) in the *API Gateway Developer Guide* . ├[~] service aws-appsync │ └ resources │ └[~] resource AWS::AppSync::ChannelNamespace │ ├ properties │ │ └[+] HandlerConfigs: HandlerConfigs │ └ types │ ├[+] type HandlerConfig │ │ ├ name: HandlerConfig │ │ └ properties │ │ ├ Behavior: string (required) │ │ └ Integration: Integration (required) │ ├[+] type HandlerConfigs │ │ ├ name: HandlerConfigs │ │ └ properties │ │ ├ OnPublish: HandlerConfig │ │ └ OnSubscribe: HandlerConfig │ ├[+] type Integration │ │ ├ name: Integration │ │ └ properties │ │ ├ DataSourceName: string (required) │ │ └ LambdaConfig: LambdaConfig │ └[+] type LambdaConfig │ ├ name: LambdaConfig │ └ properties │ └ InvokeType: string (required) ├[~] service aws-aps │ └ resources │ └[~] resource AWS::APS::Workspace │ ├ properties │ │ └ WorkspaceConfiguration: (documentation changed) │ └ types │ ├[~] type Label │ │ ├ - documentation: Series label │ │ │ + documentation: A label is a name:value pair used to add context to ingested metrics. This structure defines the name and value for one label that is used in a label set. You can set ingestion limits on time series that match defined label sets, to help prevent a workspace from being overwhelmed with unexpected spikes in time series ingestion. │ │ └ properties │ │ ├ Name: (documentation changed) │ │ └ Value: (documentation changed) │ ├[~] type LimitsPerLabelSet │ │ ├ - documentation: Label set and its associated limits │ │ │ + documentation: This defines a label set for the workspace, and defines the ingestion limit for active time series that match that label set. Each label name in a label set must be unique. │ │ └ properties │ │ ├ LabelSet: (documentation changed) │ │ └ Limits: (documentation changed) │ ├[~] type LimitsPerLabelSetEntry │ │ ├ - documentation: Limits that can be applied to a label set │ │ │ + documentation: This structure contains the limits that apply to time series that match one label set. │ │ └ properties │ │ └ MaxSeries: (documentation changed) │ └[~] type WorkspaceConfiguration │ ├ - documentation: Workspace configuration │ │ + documentation: Use this structure to define label sets and the ingestion limits for time series that match label sets, and to specify the retention period of the workspace. │ └ properties │ ├ LimitsPerLabelSets: (documentation changed) │ └ RetentionPeriodInDays: (documentation changed) ├[~] service aws-autoscaling │ └ resources │ └[~] resource AWS::AutoScaling::AutoScalingGroup │ └ attributes │ └[+] AutoScalingGroupARN: string ├[~] service aws-batch │ └ resources │ └[~] resource AWS::Batch::ComputeEnvironment │ └ types │ └[~] type UpdatePolicy │ └ properties │ └ TerminateJobsOnUpdate: (documentation changed) ├[~] service aws-bedrock │ └ resources │ └[~] resource AWS::Bedrock::KnowledgeBase │ └ types │ ├[~] type MongoDbAtlasConfiguration │ │ └ properties │ │ └ TextIndexName: (documentation changed) │ └[~] type RdsFieldMapping │ └ properties │ └ CustomMetadataField: (documentation changed) ├[~] service aws-ce │ └ resources │ ├[~] resource AWS::CE::AnomalyMonitor │ │ └ - tagInformation: undefined │ │ + tagInformation: {"tagPropertyName":"ResourceTags","variant":"standard"} │ └[~] resource AWS::CE::AnomalySubscription │ └ - tagInformation: undefined │ + tagInformation: {"tagPropertyName":"ResourceTags","variant":"standard"} ├[~] service aws-cloudfront │ └ resources │ ├[+] resource AWS::CloudFront::ConnectionGroup │ │ ├ name: ConnectionGroup │ │ │ cloudFormationType: AWS::CloudFront::ConnectionGroup │ │ │ documentation: Resource Type definition for AWS::CloudFront::ConnectionGroup │ │ │ tagInformation: {"tagPropertyName":"Tags","variant":"standard"} │ │ ├ properties │ │ │ ├ Name: string (required, immutable) │ │ │ ├ Tags: Array<tag> │ │ │ ├ Ipv6Enabled: boolean │ │ │ ├ AnycastIpListId: string │ │ │ └ Enabled: boolean │ │ └ attributes │ │ ├ Id: string │ │ ├ Arn: string │ │ ├ CreatedTime: string │ │ ├ LastModifiedTime: string │ │ ├ RoutingEndpoint: string │ │ ├ Status: string │ │ ├ IsDefault: boolean │ │ └ ETag: string │ ├[~] resource AWS::CloudFront::Distribution │ │ ├ - tagInformation: undefined │ │ │ + tagInformation: {"tagPropertyName":"Tags","variant":"standard"} │ │ └ types │ │ ├[+] type Definition │ │ │ ├ name: Definition │ │ │ └ properties │ │ │ └ StringSchema: StringSchema │ │ ├[~] type DistributionConfig │ │ │ └ properties │ │ │ ├[+] ConnectionMode: string │ │ │ └[+] TenantConfig: TenantConfig │ │ ├[+] type ParameterDefinition │ │ │ ├ name: ParameterDefinition │ │ │ └ properties │ │ │ ├ Name: string (required) │ │ │ └ Definition: Definition (required) │ │ ├[+] type StringSchema │ │ │ ├ name: StringSchema │ │ │ └ properties │ │ │ ├ Comment: string │ │ │ ├ DefaultValue: string │ │ │ └ Required: boolean (required) │ │ └[+] type TenantConfig │ │ ├ name: TenantConfig │ │ └ properties │ │ └ ParameterDefinitions: Array<ParameterDefinition> │ └[+] resource AWS::CloudFront::DistributionTenant │ ├ name: DistributionTenant │ │ cloudFormationType: AWS::CloudFront::DistributionTenant │ │ documentation: Resource Type definition for AWS::CloudFront::DistributionTenant │ │ tagInformation: {"tagPropertyName":"Tags","variant":"standard"} │ ├ properties │ │ ├ DistributionId: string (required) │ │ ├ Name: string (required, immutable) │ │ ├ Tags: Array<tag> │ │ ├ Customizations: Customizations │ │ ├ Parameters: Array<Parameter> │ │ ├ ConnectionGroupId: string │ │ ├ Enabled: boolean │ │ ├ Domains: Array<string> (required) │ │ └ ManagedCertificateRequest: ManagedCertificateRequest (immutable) │ ├ attributes │ │ ├ Id: string │ │ ├ Arn: string │ │ ├ DomainResults: Array<DomainResult> │ │ ├ ETag: string │ │ ├ Status: string │ │ ├ CreatedTime: string │ │ └ LastModifiedTime: string │ └ types │ ├ type Certificate │ │ ├ name: Certificate │ │ └ properties │ │ └ Arn: string │ ├ type Customizations │ │ ├ name: Customizations │ │ └ properties │ │ ├ WebAcl: WebAclCustomization │ │ ├ Certificate: Certificate │ │ └ GeoRestrictions: GeoRestrictionCustomization │ ├ type DomainResult │ │ ├ name: DomainResult │ │ └ properties │ │ ├ Domain: string │ │ ├ Status: string │ │ └ Reason: string │ ├ type GeoRestrictionCustomization │ │ ├ name: GeoRestrictionCustomization │ │ └ properties │ │ ├ RestrictionType: string │ │ └ Locations: Array<string> │ ├ type ManagedCertificateRequest │ │ ├ name: ManagedCertificateRequest │ │ └ properties │ │ ├ ValidationTokenHost: string │ │ ├ PrimaryDomainName: string │ │ └ CertificateTransparencyLoggingPreference: string │ ├ type Parameter │ │ ├ name: Parameter │ │ └ properties │ │ ├ Name: string │ │ └ Value: string │ └ type WebAclCustomization │ ├ name: WebAclCustomization │ └ properties │ ├ Action: string │ └ Arn: string ├[~] service aws-codebuild │ └ resources │ ├[~] resource AWS::CodeBuild::Fleet │ │ ├ properties │ │ │ └ ComputeConfiguration: (documentation changed) │ │ └ types │ │ └[~] type ComputeConfiguration │ │ └ - documentation: Contains compute attributes. These attributes only need be specified when your project's or fleet's `computeType` is set to `ATTRIBUTE_BASED_COMPUTE` . │ │ + documentation: Contains compute attributes. These attributes only need be specified when your project's or fleet's `computeType` is set to `ATTRIBUTE_BASED_COMPUTE` or `CUSTOM_INSTANCE_TYPE` . │ └[~] resource AWS::CodeBuild::Project │ └ types │ ├[~] type ProjectCache │ │ └ properties │ │ └ CacheNamespace: (documentation changed) │ └[~] type ScopeConfiguration │ └ properties │ ├ Domain: (documentation changed) │ └ Scope: (documentation changed) ├[~] service aws-dlm │ └ resources │ └[~] resource AWS::DLM::LifecyclePolicy │ └ types │ └[~] type CreateRule │ └ properties │ └ CronExpression: (documentation changed) ├[~] service aws-ec2 │ └ resources │ ├[~] resource AWS::EC2::EC2Fleet │ │ └ types │ │ └[~] type InstanceRequirementsRequest │ │ └ properties │ │ └ AcceleratorTypes: (documentation changed) │ ├[~] resource AWS::EC2::LaunchTemplate │ │ └ types │ │ └[~] type InstanceRequirements │ │ └ properties │ │ └ AcceleratorTypes: (documentation changed) │ └[~] resource AWS::EC2::SpotFleet │ └ types │ └[~] type InstanceRequirementsRequest │ └ properties │ └ AcceleratorTypes: (documentation changed) ├[~] service aws-ecr │ └ resources │ └[+] resource AWS::ECR::RegistryScanningConfiguration │ ├ name: RegistryScanningConfiguration │ │ cloudFormationType: AWS::ECR::RegistryScanningConfiguration │ │ documentation: The AWS::ECR::RegistryScanningConfiguration controls the scanning configuration for an Amazon Elastic Container Registry (Amazon Private ECR). For more information, see https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-scanning.html │ ├ properties │ │ ├ Rules: Array<ScanningRule> (required) │ │ └ ScanType: string (required) │ ├ attributes │ │ └ RegistryId: string │ └ types │ ├ type RepositoryFilter │ │ ├ documentation: The details of a scanning repository filter. │ │ │ name: RepositoryFilter │ │ └ properties │ │ ├ Filter: string (required) │ │ └ FilterType: string (required) │ └ type ScanningRule │ ├ documentation: A rule representing the details of a scanning configuration. │ │ name: ScanningRule │ └ properties │ ├ RepositoryFilters: Array<RepositoryFilter> (required) │ └ ScanFrequency: string (required) ├[~] service aws-ecs │ └ resources │ ├[~] resource AWS::ECS::Service │ │ └ types │ │ └[~] type LogConfiguration │ │ └ properties │ │ └ Options: (documentation changed) │ └[~] resource AWS::ECS::TaskDefinition │ └ types │ └[~] type LogConfiguration │ └ properties │ └ Options: (documentation changed) ├[~] service aws-entityresolution │ └ resources │ └[~] resource AWS::EntityResolution::SchemaMapping │ └ types │ └[~] type SchemaInputAttribute │ ├ - documentation: A configuration object for defining input data fields in AWS Entity Resolution . The SchemaInputAttribute specifies how individual fields in your input data should be processed and matched. │ │ + documentation: A configuration object for defining input data fields in AWS Entity Resolution . The `SchemaInputAttribute` specifies how individual fields in your input data should be processed and matched. │ └ properties │ └ Type: (documentation changed) ├[~] service aws-events │ └ resources │ ├[~] resource AWS::Events::ApiDestination │ │ └ attributes │ │ └ ArnForPolicy: (documentation changed) │ ├[~] resource AWS::Events::Archive │ │ └ properties │ │ └ KmsKeyIdentifier: (documentation changed) │ └[~] resource AWS::Events::Connection │ ├ properties │ │ └ KmsKeyIdentifier: (documentation changed) │ └ attributes │ └ ArnForPolicy: (documentation changed) ├[~] service aws-lambda │ └ resources │ └[~] resource AWS::Lambda::Function │ └ types │ └[~] type DeadLetterConfig │ └ - documentation: The [dead-letter queue](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#dlq) for failed asynchronous invocations. │ + documentation: The [dead-letter queue](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async-retain-records.html#invocation-dlq) for failed asynchronous invocations. ├[~] service aws-mediapackagev2 │ └ resources │ └[~] resource AWS::MediaPackageV2::OriginEndpoint │ └ types │ ├[~] type HlsManifestConfiguration │ │ └ properties │ │ └[+] UrlEncodeChildManifest: boolean │ └[~] type LowLatencyHlsManifestConfiguration │ └ properties │ └[+] UrlEncodeChildManifest: boolean ├[~] service aws-memorydb │ └ resources │ ├[~] resource AWS::MemoryDB::Cluster │ │ └ properties │ │ ├ IpDiscovery: (documentation changed) │ │ └ NetworkType: (documentation changed) │ ├[~] resource AWS::MemoryDB::MultiRegionCluster │ │ └ properties │ │ └ NumShards: (documentation changed) │ └[~] resource AWS::MemoryDB::SubnetGroup │ └ attributes │ └ SupportedNetworkTypes: (documentation changed) ├[~] service aws-omics │ └ resources │ └[~] resource AWS::Omics::Workflow │ ├ - documentation: Creates a private workflow.Private workflows depend on a variety of resources that you create and configure before creating the workflow: │ │ - *Input data* : Input data for the workflow, stored in an S3 bucket or a AWS HealthOmics sequence store. │ │ - *Workflow definition files* : Define your workflow in one or more workflow definition files, written in WDL, Nextflow, or CWL. The workflow definition specifies the inputs and outputs for runs that use the workflow. It also includes specifications for the runs and run tasks for your workflow, including compute and memory requirements. │ │ - *Parameter template files* : Define run parameters using a parameter template file (written in JSON). │ │ - *ECR container images* : Create one or more container images for the workflow. Store the images in a private ECR repository. │ │ - (Optional) *Sentieon licenses* : Request a Sentieon license if you plan to use Sentieon software in a private workflow. │ │ For more information, see [Creating private workflows in AWS HealthOmics](https://docs.aws.amazon.com/omics/latest/dev/workflows-setup.html) in the AWS HealthOmics User Guide. │ │ + documentation: Creates a private workflow.Private workflows depend on a variety of resources that you create and configure before creating the workflow: │ │ - *Input data* : Input data for the workflow, stored in an S3 bucket or a AWS HealthOmics sequence store. │ │ - *Workflow definition files* : Define your workflow in one or more workflow definition files, written in WDL, Nextflow, or CWL. The workflow definition specifies the inputs and outputs for runs that use the workflow. It also includes specifications for the runs and run tasks for your workflow, including compute and memory requirements. │ │ - *Parameter template files* : Define run parameters using a parameter template file (written in JSON). │ │ - *ECR container images* : Create one or more container images for the workflow. Store the images in a private ECR repository. │ │ - (Optional) *Sentieon licenses* : Request a Sentieon license if you plan to use Sentieon software in a private workflow. │ │ For more information, see [Creating or updating a private workflow in AWS HealthOmics](https://docs.aws.amazon.com/omics/latest/dev/creating-private-workflows.html) in the AWS HealthOmics User Guide. │ └ properties │ └ StorageCapacity: (documentation changed) ├[~] service aws-qbusiness │ └ resources │ └[~] resource AWS::QBusiness::DataSource │ └ types │ └[~] type HookConfiguration │ └ properties │ └ LambdaArn: (documentation changed) ├[~] service aws-quicksight │ └ resources │ └[~] resource AWS::QuickSight::Dashboard │ └ types │ └[~] type ExportToCSVOption │ └ - documentation: Export to .csv option. │ + documentation: Enable/disable visual-level downloads option. ├[~] service aws-rds │ └ resources │ └[~] resource AWS::RDS::DBInstance │ ├ properties │ │ └[+] DatabaseInsightsMode: string │ └ attributes │ └ DatabaseInsightsMode: (documentation changed) ├[~] service aws-redshift │ └ resources │ ├[~] resource AWS::Redshift::ClusterSubnetGroup │ │ └ - tagInformation: {"tagPropertyName":"Tags","variant":"standard"} │ │ + tagInformation: undefined │ └[~] resource AWS::Redshift::EventSubscription │ └ - tagInformation: {"tagPropertyName":"Tags","variant":"standard"} │ + tagInformation: undefined ├[~] service aws-redshiftserverless │ └ resources │ └[~] resource AWS::RedshiftServerless::Workgroup │ └ attributes │ ├[+] Workgroup.BaseCapacity: integer │ └[+] Workgroup.MaxCapacity: integer ├[~] service aws-route53resolver │ └ resources │ └[~] resource AWS::Route53Resolver::ResolverRule │ └ properties │ └[+] DelegationRecord: string ├[~] service aws-s3 │ └ resources │ └[~] resource AWS::S3::Bucket │ └ properties │ └ MetadataTableConfiguration: (documentation changed) ├[~] service aws-sagemaker │ └ resources │ └[~] resource AWS::SageMaker::Cluster │ └ types │ └[~] type ClusterInstanceGroup │ └ properties │ └ OverrideVpcConfig: (documentation changed) ├[~] service aws-vpclattice │ └ resources │ ├[~] resource AWS::VpcLattice::Listener │ │ └ types │ │ └[~] type FixedResponse │ │ └ properties │ │ └ StatusCode: (documentation changed) │ └[~] resource AWS::VpcLattice::Rule │ └ types │ └[~] type FixedResponse │ └ properties │ └ StatusCode: (documentation changed) └[~] service aws-wisdom └ resources └[~] resource AWS::Wisdom::AIPrompt └ properties └ ModelId: (documentation changed) ```
…. Enables local run. (#34158) ### Issue # (if applicable) None Closes #<issue number here>. NA ### Reason for this change With this change, developers can locally run security guardian against committed files to detect changed .template.json and run the 2 part scanner 1. cfn-guard to detect inline 2. custom scanner to detect intrinsics Please note that this will detect templates where the developer has explicitly provided broadened scope permissions like new AccountPrincipal(); We will use this as an opportunity to review if that is really needed or can be scoped down. ```bash > cd tools/@aws-cdk/security-guardian >yarn security-guardian ``` ### Description of changes ### Describe any new or updated permissions being added ### Description of how you validated changes ### Checklist - [ x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) Closes #34224. ### Reason for this change Add new region ap-east-2 (Taipei) ### Description of changes Made changes according to the checklist for new region Partition for this new region is 'aws' ### Describe any new or updated permissions being added NA ### Description of how you validated changes ``` yarn build yarn test ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws-cdk-automation
added
auto-approve
pr/no-squash
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
shikha372
added
pr/do-not-merge
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be automatically updated and merged without squashing (do not update manually, and be sure to allow changes to be pushed to your fork). |
|
Comments on closed issues and PRs are hard for our team to see. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See CHANGELOG