chore(release): 2.221.0 #35826
Merged
chore(release): 2.221.0 #35826
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…814 (#35728) ### Reason for this change Initial setup of RFC 814 mixins functionality as a private preview package for development and testing. ### Description of changes Added a new private package `@aws-cdk/mixins-preview` with stub implementation for the mixins pattern described in RFC 814. This establishes the package structure and allows for iterative development of the mixins functionality before public release. ### Describe any new or updated permissions being added No new IAM permissions required. ### Description of how you validated changes Package structure follows CDK conventions and builds successfully. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) ### Reason for this change ISO-B partition needed to use Node18 as no newer version was available. Lambda team updated their runtimes and now they support Node22 ### Description of changes Enabling Node22 in ISO-B as the latest node version available in that partition ### Describe any new or updated permissions being added NA ### Description of how you validated changes Unit and integration tests updated ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ternetFacing or loadBalancerName (under feature flag) (#35508) fix(ecs-patterns): resolve target group conflict when switching ALB public/private Fixes #33253 ### Issue # (if applicable) Closes #33253. ### Reason for this change When switching ApplicationLoadBalancedFargateService from public to private (or vice versa), CloudFormation fails with "target group cannot be associated with more than one load balancer" error. This happens because both old and new load balancers try to use the same target group during replacement. Updating the `loadBalancerName` of ApplicationLoadBalancedFargateService can also trigger the same issue. ### Description of changes Modified target group naming in `ApplicationLoadBalancedServiceBase` to include the load balancer type and name. e.g: - Public load balancer: target group named "ECS" - Private load balancer: target group named "ECSPrivate" - Private load balancer with name "Foo": target group named "ECSFooPrivate" This ensures each load balancer gets its own target group, preventing conflicts during CloudFormation updates. ##⚠️ Destructive Changes This PR contains intentional destructive changes to fix the target group conflict issue: - **Target Group Names Changed**, e.g: - Public ALB: `ECS` (unchanged) - Private ALB: `ECSPrivate` (new) - **Impact**: When switching from public to private ALB (or vice versa), CloudFormation will: 1. Create new target group with different name 2. Delete old target group 3. This prevents the "target group cannot be associated with more than one load balancer" error - **Justification**: This is the intended fix for issue #33253. The destructive change is necessary to resolve the CloudFormation conflict. **Breaking Change**: ❌ No - This only affects the internal target group naming, not user-facing APIs. ### Describe any new or updated permissions being added No new IAM permissions required. ### Description of how you validated changes - Added unit tests verifying target group names for both public and private configurations - Created integration test `integ.alb-fargate-service-public-private-switch.ts` that deploys both public and private ALB services - Verified CloudFormation templates generate different target group names ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)
### Issue # (if applicable) Related to #30054 ### Description of changes Ref: https://docs.aws.amazon.com/general/latest/gr/s3.html#s3_region ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Reason for this change - Previously, the script was executing the script under the cwd of the script package, when it should be at the head branch folder. - PATH was not passed on to integration test spawn command, leading to a ENOENT error as the integration test command could not find yarn. - Workflow trigger on label is misconfigured. ### Description of changes - We'll use node explicitly to run the script without changing the cwd. - PATH env variable is now passed to integration test command. - Workflow trigger on label is fixed. ### Describe any new or updated permissions being added No new permissions were added. ### Description of how you validated changes Tested on my fork here: https://github.com/Abogical/aws-cdk/actions/runs/18465794651/job/52607352315?pr=15 ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Reason for this change Upgrade JSII dependencies to the latest version 1.116.0 to benefit from bug fixes and improvements. ### Description of changes - Upgraded jsii-diff from 1.113.0 to 1.116.0 - Upgraded jsii-pacmak from 1.113.0/1.115.0 to 1.116.0 - Upgraded jsii-reflect from 1.113.0/1.115.0 to 1.116.0 - Upgraded @jsii/spec from 1.113.0 to 1.116.0 - Upgraded jsii from ~5.9.6 to ~5.9.8 - Upgraded jsii-rosetta from ~5.9.7 to ~5.9.9 - Updated yarn.lock with new dependency versions ### Describe any new or updated permissions being added No new permissions required. ### Description of how you validated changes Dependency upgrade only - no functional changes expected. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…35760) ### Reason for this change JSII is emitting deprecated Node.js version warnings during PR builds, which creates noise in the build logs and may cause confusion. Suppressing the warnings is okay. We will deal with this upgrade as part of our SOP to deprecate Node 18 support later in the year. ### Description of changes Added `JSII_SILENCE_WARNING_DEPRECATED_NODE_VERSION: true` environment variable to both PR build workflows: - `.github/workflows/codebuild-pr-build.yml` - `.github/workflows/pr-build.yml` This suppresses the deprecated Node.js version warnings from JSII without affecting functionality. ### Describe any new or updated permissions being added No new permissions required. ### Description of how you validated changes This change only adds an environment variable to silence warnings and doesn't affect build functionality. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…tion (under feature flag) (#32139) ### Issue #29925 Closes #29925, #30749. ### Reason for this change The `apiEndpoint` prop currently only works when it's a string (ie. `TaskInput.fromText('some/text')`), with the task failing when passed as a reference (ie. `TaskInput.fromText(JsonPath.format('some/text/{}', '123')`). This is needed to allow for dynamic parts in the path. ### Description of changes - Change the `ApiEndpoint` task parameter to use the `JsonPath.format` intrinsic function to combine the `apiRoot` and `apiEndpoint` props, instead of basic string concatenation. - Update README entry with more complex example. ### Description of how you validated changes - A unit test was added to cover passing formatted input. - An integration test was added using `fromJsonPathAt` for the endpoint. - A test stack was deployed with an API Gateway endpoint with basic auth Connection and was successfully invoked with dynamic payload: ``` const httpInvokeTask = new HttpInvoke(this, 'HttpInvoke', { apiRoot: api.url, apiEndpoint: TaskInput.fromJsonPathAt('$.endpointName'), method: TaskInput.fromText('GET'), connection, outputPath: '$.ResponseBody', }) ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…35414) Bumps the pip group with 2 updates in the /packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-poetry directory: [requests](https://github.com/psf/requests) and [urllib3](https://github.com/urllib3/urllib3). Bumps the pip group with 1 update in the /packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-project/shared directory: [urllib3](https://github.com/urllib3/urllib3). Bumps the pip group with 1 update in the /packages/aws-cdk-lib/aws-lambda/test/python-lambda-handler directory: [requests](https://github.com/psf/requests). Updates `requests` from 2.32.3 to 2.32.4 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/releases">requests's releases</a>.</em></p> <blockquote> <h2>v2.32.4</h2> <h2>2.32.4 (2025-06-10)</h2> <p><strong>Security</strong></p> <ul> <li>CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. (<a href="https://redirect.github.com/psf/requests/issues/6965">#6965</a>)</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Numerous documentation improvements</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Added support for pypy 3.11 for Linux and macOS. (<a href="https://redirect.github.com/psf/requests/issues/6926">#6926</a>)</li> <li>Dropped support for pypy 3.9 following its end of support. (<a href="https://redirect.github.com/psf/requests/issues/6926">#6926</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's changelog</a>.</em></p> <blockquote> <h2>2.32.4 (2025-06-10)</h2> <p><strong>Security</strong></p> <ul> <li>CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Numerous documentation improvements</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Added support for pypy 3.11 for Linux and macOS.</li> <li>Dropped support for pypy 3.9 following its end of support.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/psf/requests/commit/021dc729f0b71a3030cefdbec7fb57a0e80a6cfd"><code>021dc72</code></a> Polish up release tooling for last manual release</li> <li><a href="https://github.com/psf/requests/commit/821770e822a20a21b207b3907ea83878bda1d396"><code>821770e</code></a> Bump version and add release notes for v2.32.4</li> <li><a href="https://github.com/psf/requests/commit/59f8aa2adf1d3d06bcbf7ce6b13743a1639a5401"><code>59f8aa2</code></a> Add netrc file search information to authentication documentation (<a href="https://redirect.github.com/psf/requests/issues/6876">#6876</a>)</li> <li><a href="https://github.com/psf/requests/commit/5b4b64c3467fd7a3c03f91ee641aaa348b6bed3b"><code>5b4b64c</code></a> Add more tests to prevent regression of CVE 2024 47081</li> <li><a href="https://github.com/psf/requests/commit/7bc45877a86192af77645e156eb3744f95b47dae"><code>7bc4587</code></a> Add new test to check netrc auth leak (<a href="https://redirect.github.com/psf/requests/issues/6962">#6962</a>)</li> <li><a href="https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef"><code>96ba401</code></a> Only use hostname to do netrc lookup instead of netloc</li> <li><a href="https://github.com/psf/requests/commit/7341690e842a23cf18ded0abd9229765fa88c4e2"><code>7341690</code></a> Merge pull request <a href="https://redirect.github.com/psf/requests/issues/6951">#6951</a> from tswast/patch-1</li> <li><a href="https://github.com/psf/requests/commit/6716d7c9f29df636643fa2489f98890216525cb0"><code>6716d7c</code></a> remove links</li> <li><a href="https://github.com/psf/requests/commit/a7e1c745dc23c18e836febd672416ed0c5d8d8ae"><code>a7e1c74</code></a> Update docs/conf.py</li> <li><a href="https://github.com/psf/requests/commit/c799b8167a13416833ad3b4f3298261a477e826f"><code>c799b81</code></a> docs: fix dead links to kenreitz.org</li> <li>Additional commits viewable in <a href="https://github.com/psf/requests/compare/v2.32.3...v2.32.4">compare view</a></li> </ul> </details> <br /> Updates `urllib3` from 2.3.0 to 2.5.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p> <blockquote> <h2>2.5.0</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h1>Security issues</h1> <p>urllib3 2.5.0 fixes two moderate security issues:</p> <ul> <li>Pool managers now properly control redirects when <code>retries</code> is passed — CVE-2025-50181 reported by <a href="https://github.com/sandumjacob"><code>@sandumjacob</code></a> (5.3 Medium, GHSA-pq67-6m6q-mj2v)</li> <li>Redirects are now controlled by urllib3 in the Node.js runtime — CVE-2025-50182 (5.3 Medium, GHSA-48p4-8xcf-vxj5)</li> </ul> <h1>Features</h1> <ul> <li>Added support for the <code>compression.zstd</code> module that is new in Python 3.14. See <a href="https://peps.python.org/pep-0784/">PEP 784</a> for more information. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3610">#3610</a>)</li> <li>Added support for version 0.5 of <code>hatch-vcs</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/3612">#3612</a>)</li> </ul> <h1>Bugfixes</h1> <ul> <li>Raised exception for <code>HTTPResponse.shutdown</code> on a connection already released to the pool. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3581">#3581</a>)</li> <li>Fixed incorrect <code>CONNECT</code> statement when using an IPv6 proxy with <code>connection_from_host</code>. Previously would not be wrapped in <code>[]</code>. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3615">#3615</a>)</li> </ul> <h2>2.4.0</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h1>Features</h1> <ul> <li>Applied PEP 639 by specifying the license fields in pyproject.toml. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3522">#3522</a>)</li> <li>Updated exceptions to save and restore more properties during the pickle/serialization process. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3567">#3567</a>)</li> <li>Added <code>verify_flags</code> option to <code>create_urllib3_context</code> with a default of <code>VERIFY_X509_PARTIAL_CHAIN</code> and <code>VERIFY_X509_STRICT</code> for Python 3.13+. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3571">#3571</a>)</li> </ul> <h1>Bugfixes</h1> <ul> <li>Fixed a bug with partial reads of streaming data in Emscripten. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3555">#3555</a>)</li> </ul> <h1>Misc</h1> <ul> <li>Switched to uv for installing development dependecies. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3550">#3550</a>)</li> <li>Removed the <code>multiple.intoto.jsonl</code> asset from GitHub releases. Attestation of release files since v2.3.0 can be found on PyPI. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3566">#3566</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's changelog</a>.</em></p> <blockquote> <h1>2.5.0 (2025-06-18)</h1> <h2>Features</h2> <ul> <li>Added support for the <code>compression.zstd</code> module that is new in Python 3.14. See <code>PEP 784 <https://peps.python.org/pep-0784/></code>_ for more information. (<code>[#3610](urllib3/urllib3#3610) <https://github.com/urllib3/urllib3/issues/3610></code>__)</li> <li>Added support for version 0.5 of <code>hatch-vcs</code> (<code>[#3612](urllib3/urllib3#3612) <https://github.com/urllib3/urllib3/issues/3612></code>__)</li> </ul> <h2>Bugfixes</h2> <ul> <li>Fixed a security issue where restricting the maximum number of followed redirects at the <code>urllib3.PoolManager</code> level via the <code>retries</code> parameter did not work.</li> <li>Made the Node.js runtime respect redirect parameters such as <code>retries</code> and <code>redirects</code>.</li> <li>Raised exception for <code>HTTPResponse.shutdown</code> on a connection already released to the pool. (<code>[#3581](urllib3/urllib3#3581) <https://github.com/urllib3/urllib3/issues/3581></code>__)</li> <li>Fixed incorrect <code>CONNECT</code> statement when using an IPv6 proxy with <code>connection_from_host</code>. Previously would not be wrapped in <code>[]</code>. (<code>[#3615](urllib3/urllib3#3615) <https://github.com/urllib3/urllib3/issues/3615></code>__)</li> </ul> <h1>2.4.0 (2025-04-10)</h1> <h2>Features</h2> <ul> <li>Applied PEP 639 by specifying the license fields in pyproject.toml. (<code>[#3522](urllib3/urllib3#3522) <https://github.com/urllib3/urllib3/issues/3522></code>__)</li> <li>Updated exceptions to save and restore more properties during the pickle/serialization process. (<code>[#3567](urllib3/urllib3#3567) <https://github.com/urllib3/urllib3/issues/3567></code>__)</li> <li>Added <code>verify_flags</code> option to <code>create_urllib3_context</code> with a default of <code>VERIFY_X509_PARTIAL_CHAIN</code> and <code>VERIFY_X509_STRICT</code> for Python 3.13+. (<code>[#3571](urllib3/urllib3#3571) <https://github.com/urllib3/urllib3/issues/3571></code>__)</li> </ul> <h2>Bugfixes</h2> <ul> <li>Fixed a bug with partial reads of streaming data in Emscripten. (<code>[#3555](urllib3/urllib3#3555) <https://github.com/urllib3/urllib3/issues/3555></code>__)</li> </ul> <h2>Misc</h2> <ul> <li>Switched to uv for installing development dependecies. (<code>[#3550](urllib3/urllib3#3550) <https://github.com/urllib3/urllib3/issues/3550></code>__)</li> <li>Removed the <code>multiple.intoto.jsonl</code> asset from GitHub releases. Attestation of release files since v2.3.0 can be found on PyPI. (<code>[#3566](urllib3/urllib3#3566) <https://github.com/urllib3/urllib3/issues/3566></code>__)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/urllib3/urllib3/commit/aaab4eccc10c965897540b21e15f11859d0b62e7"><code>aaab4ec</code></a> Release 2.5.0</li> <li><a href="https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f"><code>7eb4a2a</code></a> Merge commit from fork</li> <li><a href="https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857"><code>f05b132</code></a> Merge commit from fork</li> <li><a href="https://github.com/urllib3/urllib3/commit/d03fe327a71d09728512217149f269763671f296"><code>d03fe32</code></a> Fix HTTP tunneling with IPv6 in older Python versions</li> <li><a href="https://github.com/urllib3/urllib3/commit/11661e9bb4278e43d081f47a516e287a928c2206"><code>11661e9</code></a> Bump github/codeql-action from 3.28.0 to 3.29.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3624">#3624</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/6a0ecc6b16fe30f721021b44a81d19615098c71e"><code>6a0ecc6</code></a> Update v2 migration guide to 2.4.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3621">#3621</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/8e32e60d9024c05bc6f7adda08bdf6c539d0b0d4"><code>8e32e60</code></a> Raise exception for shutdown on a connection already released to the pool (<a href="https://redirect.github.com/urllib3/urllib3/issues/3">#3</a>...</li> <li><a href="https://github.com/urllib3/urllib3/commit/9996e0fbf90b77083ad3c73737a6c6395703faa9"><code>9996e0f</code></a> Fix emscripten CI for Chrome 137+ (<a href="https://redirect.github.com/urllib3/urllib3/issues/3599">#3599</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/4fd1a99a59725faf0efc946ce3b6bc9a194420af"><code>4fd1a99</code></a> Bump RECENT_DATE (<a href="https://redirect.github.com/urllib3/urllib3/issues/3617">#3617</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/c4b5917e911a90c8bf279448df8952a682294135"><code>c4b5917</code></a> Add support for the new <code>compression.zstd</code> module in Python 3.14 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3611">#3611</a>)</li> <li>Additional commits viewable in <a href="https://github.com/urllib3/urllib3/compare/2.3.0...2.5.0">compare view</a></li> </ul> </details> <br /> Updates `urllib3` from 1.26.19 to 2.5.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p> <blockquote> <h2>2.5.0</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h1>Security issues</h1> <p>urllib3 2.5.0 fixes two moderate security issues:</p> <ul> <li>Pool managers now properly control redirects when <code>retries</code> is passed — CVE-2025-50181 reported by <a href="https://github.com/sandumjacob"><code>@sandumjacob</code></a> (5.3 Medium, GHSA-pq67-6m6q-mj2v)</li> <li>Redirects are now controlled by urllib3 in the Node.js runtime — CVE-2025-50182 (5.3 Medium, GHSA-48p4-8xcf-vxj5)</li> </ul> <h1>Features</h1> <ul> <li>Added support for the <code>compression.zstd</code> module that is new in Python 3.14. See <a href="https://peps.python.org/pep-0784/">PEP 784</a> for more information. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3610">#3610</a>)</li> <li>Added support for version 0.5 of <code>hatch-vcs</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/3612">#3612</a>)</li> </ul> <h1>Bugfixes</h1> <ul> <li>Raised exception for <code>HTTPResponse.shutdown</code> on a connection already released to the pool. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3581">#3581</a>)</li> <li>Fixed incorrect <code>CONNECT</code> statement when using an IPv6 proxy with <code>connection_from_host</code>. Previously would not be wrapped in <code>[]</code>. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3615">#3615</a>)</li> </ul> <h2>2.4.0</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h1>Features</h1> <ul> <li>Applied PEP 639 by specifying the license fields in pyproject.toml. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3522">#3522</a>)</li> <li>Updated exceptions to save and restore more properties during the pickle/serialization process. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3567">#3567</a>)</li> <li>Added <code>verify_flags</code> option to <code>create_urllib3_context</code> with a default of <code>VERIFY_X509_PARTIAL_CHAIN</code> and <code>VERIFY_X509_STRICT</code> for Python 3.13+. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3571">#3571</a>)</li> </ul> <h1>Bugfixes</h1> <ul> <li>Fixed a bug with partial reads of streaming data in Emscripten. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3555">#3555</a>)</li> </ul> <h1>Misc</h1> <ul> <li>Switched to uv for installing development dependecies. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3550">#3550</a>)</li> <li>Removed the <code>multiple.intoto.jsonl</code> asset from GitHub releases. Attestation of release files since v2.3.0 can be found on PyPI. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3566">#3566</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's changelog</a>.</em></p> <blockquote> <h1>2.5.0 (2025-06-18)</h1> <h2>Features</h2> <ul> <li>Added support for the <code>compression.zstd</code> module that is new in Python 3.14. See <code>PEP 784 <https://peps.python.org/pep-0784/></code>_ for more information. (<code>[#3610](urllib3/urllib3#3610) <https://github.com/urllib3/urllib3/issues/3610></code>__)</li> <li>Added support for version 0.5 of <code>hatch-vcs</code> (<code>[#3612](urllib3/urllib3#3612) <https://github.com/urllib3/urllib3/issues/3612></code>__)</li> </ul> <h2>Bugfixes</h2> <ul> <li>Fixed a security issue where restricting the maximum number of followed redirects at the <code>urllib3.PoolManager</code> level via the <code>retries</code> parameter did not work.</li> <li>Made the Node.js runtime respect redirect parameters such as <code>retries</code> and <code>redirects</code>.</li> <li>Raised exception for <code>HTTPResponse.shutdown</code> on a connection already released to the pool. (<code>[#3581](urllib3/urllib3#3581) <https://github.com/urllib3/urllib3/issues/3581></code>__)</li> <li>Fixed incorrect <code>CONNECT</code> statement when using an IPv6 proxy with <code>connection_from_host</code>. Previously would not be wrapped in <code>[]</code>. (<code>[#3615](urllib3/urllib3#3615) <https://github.com/urllib3/urllib3/issues/3615></code>__)</li> </ul> <h1>2.4.0 (2025-04-10)</h1> <h2>Features</h2> <ul> <li>Applied PEP 639 by specifying the license fields in pyproject.toml. (<code>[#3522](urllib3/urllib3#3522) <https://github.com/urllib3/urllib3/issues/3522></code>__)</li> <li>Updated exceptions to save and restore more properties during the pickle/serialization process. (<code>[#3567](urllib3/urllib3#3567) <https://github.com/urllib3/urllib3/issues/3567></code>__)</li> <li>Added <code>verify_flags</code> option to <code>create_urllib3_context</code> with a default of <code>VERIFY_X509_PARTIAL_CHAIN</code> and <code>VERIFY_X509_STRICT</code> for Python 3.13+. (<code>[#3571](urllib3/urllib3#3571) <https://github.com/urllib3/urllib3/issues/3571></code>__)</li> </ul> <h2>Bugfixes</h2> <ul> <li>Fixed a bug with partial reads of streaming data in Emscripten. (<code>[#3555](urllib3/urllib3#3555) <https://github.com/urllib3/urllib3/issues/3555></code>__)</li> </ul> <h2>Misc</h2> <ul> <li>Switched to uv for installing development dependecies. (<code>[#3550](urllib3/urllib3#3550) <https://github.com/urllib3/urllib3/issues/3550></code>__)</li> <li>Removed the <code>multiple.intoto.jsonl</code> asset from GitHub releases. Attestation of release files since v2.3.0 can be found on PyPI. (<code>[#3566](urllib3/urllib3#3566) <https://github.com/urllib3/urllib3/issues/3566></code>__)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/urllib3/urllib3/commit/aaab4eccc10c965897540b21e15f11859d0b62e7"><code>aaab4ec</code></a> Release 2.5.0</li> <li><a href="https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f"><code>7eb4a2a</code></a> Merge commit from fork</li> <li><a href="https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857"><code>f05b132</code></a> Merge commit from fork</li> <li><a href="https://github.com/urllib3/urllib3/commit/d03fe327a71d09728512217149f269763671f296"><code>d03fe32</code></a> Fix HTTP tunneling with IPv6 in older Python versions</li> <li><a href="https://github.com/urllib3/urllib3/commit/11661e9bb4278e43d081f47a516e287a928c2206"><code>11661e9</code></a> Bump github/codeql-action from 3.28.0 to 3.29.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3624">#3624</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/6a0ecc6b16fe30f721021b44a81d19615098c71e"><code>6a0ecc6</code></a> Update v2 migration guide to 2.4.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3621">#3621</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/8e32e60d9024c05bc6f7adda08bdf6c539d0b0d4"><code>8e32e60</code></a> Raise exception for shutdown on a connection already released to the pool (<a href="https://redirect.github.com/urllib3/urllib3/issues/3">#3</a>...</li> <li><a href="https://github.com/urllib3/urllib3/commit/9996e0fbf90b77083ad3c73737a6c6395703faa9"><code>9996e0f</code></a> Fix emscripten CI for Chrome 137+ (<a href="https://redirect.github.com/urllib3/urllib3/issues/3599">#3599</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/4fd1a99a59725faf0efc946ce3b6bc9a194420af"><code>4fd1a99</code></a> Bump RECENT_DATE (<a href="https://redirect.github.com/urllib3/urllib3/issues/3617">#3617</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/c4b5917e911a90c8bf279448df8952a682294135"><code>c4b5917</code></a> Add support for the new <code>compression.zstd</code> module in Python 3.14 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3611">#3611</a>)</li> <li>Additional commits viewable in <a href="https://github.com/urllib3/urllib3/compare/2.3.0...2.5.0">compare view</a></li> </ul> </details> <br /> Updates `requests` from 2.32.0 to 2.32.4 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/releases">requests's releases</a>.</em></p> <blockquote> <h2>v2.32.4</h2> <h2>2.32.4 (2025-06-10)</h2> <p><strong>Security</strong></p> <ul> <li>CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. (<a href="https://redirect.github.com/psf/requests/issues/6965">#6965</a>)</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Numerous documentation improvements</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Added support for pypy 3.11 for Linux and macOS. (<a href="https://redirect.github.com/psf/requests/issues/6926">#6926</a>)</li> <li>Dropped support for pypy 3.9 following its end of support. (<a href="https://redirect.github.com/psf/requests/issues/6926">#6926</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's changelog</a>.</em></p> <blockquote> <h2>2.32.4 (2025-06-10)</h2> <p><strong>Security</strong></p> <ul> <li>CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Numerous documentation improvements</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Added support for pypy 3.11 for Linux and macOS.</li> <li>Dropped support for pypy 3.9 following its end of support.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/psf/requests/commit/021dc729f0b71a3030cefdbec7fb57a0e80a6cfd"><code>021dc72</code></a> Polish up release tooling for last manual release</li> <li><a href="https://github.com/psf/requests/commit/821770e822a20a21b207b3907ea83878bda1d396"><code>821770e</code></a> Bump version and add release notes for v2.32.4</li> <li><a href="https://github.com/psf/requests/commit/59f8aa2adf1d3d06bcbf7ce6b13743a1639a5401"><code>59f8aa2</code></a> Add netrc file search information to authentication documentation (<a href="https://redirect.github.com/psf/requests/issues/6876">#6876</a>)</li> <li><a href="https://github.com/psf/requests/commit/5b4b64c3467fd7a3c03f91ee641aaa348b6bed3b"><code>5b4b64c</code></a> Add more tests to prevent regression of CVE 2024 47081</li> <li><a href="https://github.com/psf/requests/commit/7bc45877a86192af77645e156eb3744f95b47dae"><code>7bc4587</code></a> Add new test to check netrc auth leak (<a href="https://redirect.github.com/psf/requests/issues/6962">#6962</a>)</li> <li><a href="https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef"><code>96ba401</code></a> Only use hostname to do netrc lookup instead of netloc</li> <li><a href="https://github.com/psf/requests/commit/7341690e842a23cf18ded0abd9229765fa88c4e2"><code>7341690</code></a> Merge pull request <a href="https://redirect.github.com/psf/requests/issues/6951">#6951</a> from tswast/patch-1</li> <li><a href="https://github.com/psf/requests/commit/6716d7c9f29df636643fa2489f98890216525cb0"><code>6716d7c</code></a> remove links</li> <li><a href="https://github.com/psf/requests/commit/a7e1c745dc23c18e836febd672416ed0c5d8d8ae"><code>a7e1c74</code></a> Update docs/conf.py</li> <li><a href="https://github.com/psf/requests/commit/c799b8167a13416833ad3b4f3298261a477e826f"><code>c799b81</code></a> docs: fix dead links to kenreitz.org</li> <li>Additional commits viewable in <a href="https://github.com/psf/requests/compare/v2.32.3...v2.32.4">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/aws/aws-cdk/network/alerts). </details>
### Reason for this change OIDC is not setup in prod, and it isn't needed as we already can use the role in Codebuild to assume the Atmosphere role. ### Description of changes Use AssumeRole instead of OIDC. This is done by using AWS CLI STS directly. No new permissions added. A workflow has been run successfully with this configuration here: https://github.com/Abogical/aws-cdk/actions/runs/18465794651/job/52607352315?pr=15 ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) Related to aws/aws-cdk-rfcs#785 ### Reason for this change Adding a new alpha package for Amazon Bedrock AgentCore and add support for 1p tools (Browser, Code Interpreter). ### Description of changes - Create a new alpha package - Add L2 constructs for browser, code interpreter - Add documentation - Add tests ### Describe any new or updated permissions being added Using permissions for agent core defined in https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonbedrockagentcore.html ### Description of how you validated changes Unit tests, integration tests, manual tests ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…est (#35753) ### Issue # (if applicable) None ### Reason for this change There is the unused `otherStack` variable in `functio-url-origin.test.ts`. ``` let otherStack: Stack; beforeEach(() => { otherStack = new Stack(): }); ``` ### Description of changes Remove `otherStack` definition ### Describe any new or updated permissions being added None ### Description of how you validated changes Existing unit test ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) N/A ### Reason for this change To support new Kafka version. [Amazon MSK adds support for Apache Kafka version 4.1 ](https://aws.amazon.com/about-aws/whats-new/2025/10/amazon-msk-apache-kafka-version-4-1/) ### Description of changes Added ver 4.1 enum. ### Describe any new or updated permissions being added N/A ### Description of how you validated changes Add a unit test and an integ test. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…,16.00.4215.2.v1 (#35750) ### Reason for this change https://aws.amazon.com/about-aws/whats-new/2025/10/amazon-rds-supports-latest-cu-gdr-updates-for-microsoft-sql-server/ ### Description of changes SqlServer add versions 13.00.6470.1.v1, 14.00.3505.1.v1, 15.00.4445.1.v1, 16.00.4215.2.v1 ### Description of how you validated changes ```console $ aws rds describe-db-engine-versions --engine sqlserver-ee --output table --query 'DBEngineVersions[*].{Engine:Engine,EngineVersion:EngineVersion}' -------------------------------------- | DescribeDBEngineVersions | +---------------+--------------------+ | Engine | EngineVersion | +---------------+--------------------+ ... | sqlserver-ee | 13.00.6470.1.v1 | ... | sqlserver-ee | 14.00.3505.1.v1 | ... | sqlserver-ee | 15.00.4445.1.v1 | ... | sqlserver-ee | 16.00.4215.2.v1 | +---------------+--------------------+ ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec`
**L1 CloudFormation resource definition changes:**
```
├[~] service aws-acmpca
│ └ resources
│ ├[~] resource AWS::ACMPCA::Certificate
│ │ └ properties
│ │ ├ CertificateAuthorityArn: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::ACMPCA::CertificateAuthority.Arn]
│ │ ├ CertificateSigningRequest: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::ACMPCA::CertificateAuthority.CertificateSigningRequest]
│ │ └ TemplateArn: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::ACMPCA::CertificateAuthority.Arn]
│ ├[~] resource AWS::ACMPCA::CertificateAuthority
│ │ └ types
│ │ └[~] type CrlConfiguration
│ │ └ properties
│ │ └ S3BucketName: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::S3::Bucket.BucketName]
│ ├[~] resource AWS::ACMPCA::CertificateAuthorityActivation
│ │ └ properties
│ │ └ CertificateAuthorityArn: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::ACMPCA::CertificateAuthority.Arn]
│ └[~] resource AWS::ACMPCA::Permission
│ └ properties
│ └ CertificateAuthorityArn: - relationshipRefs: undefined
│ + relationshipRefs: [AWS::ACMPCA::CertificateAuthority.Arn]
├[~] service aws-amazonmq
│ └ resources
│ └[~] resource AWS::AmazonMQ::Broker
│ └ - arnTemplate: arn:${Partition}:mq:${Region}:${Account}:broker:${BrokerName}:${BrokerId}
│ + arnTemplate: undefined
├[~] service aws-amplify
│ └ resources
│ ├[~] resource AWS::Amplify::App
│ │ └ properties
│ │ └ IAMServiceRole: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::IAM::Role.Arn]
│ ├[~] resource AWS::Amplify::Branch
│ │ ├ - arnTemplate: arn:${Partition}:amplify:${Region}:${Account}:apps/${AppId}/branches/${BranchName}
│ │ │ + arnTemplate: undefined
│ │ └ properties
│ │ └ AppId: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::Amplify::App.AppId]
│ └[~] resource AWS::Amplify::Domain
│ ├ - arnTemplate: arn:${Partition}:amplify:${Region}:${Account}:apps/${AppId}/domains/${DomainName}
│ │ + arnTemplate: undefined
│ ├ properties
│ │ ├ AppId: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::Amplify::App.AppId]
│ │ └ AutoSubDomainIAMRole: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::IAM::Role.Arn]
│ └ types
│ └[~] type SubDomainSetting
│ └ properties
│ └ BranchName: - relationshipRefs: undefined
│ + relationshipRefs: [AWS::Amplify::Branch.BranchName]
├[~] service aws-amplifyuibuilder
│ └ resources
│ ├[~] resource AWS::AmplifyUIBuilder::Component
│ │ └ - arnTemplate: arn:${Partition}:amplifyuibuilder:${Region}:${Account}:app/${AppId}/environment/${EnvironmentName}/components/${Id}
│ │ + arnTemplate: undefined
│ ├[~] resource AWS::AmplifyUIBuilder::Form
│ │ └ - arnTemplate: arn:${Partition}:amplifyuibuilder:${Region}:${Account}:app/${AppId}/environment/${EnvironmentName}/forms/${Id}
│ │ + arnTemplate: undefined
│ └[~] resource AWS::AmplifyUIBuilder::Theme
│ └ - arnTemplate: arn:${Partition}:amplifyuibuilder:${Region}:${Account}:app/${AppId}/environment/${EnvironmentName}/themes/${Id}
│ + arnTemplate: undefined
├[~] service aws-apigateway
│ └ resources
│ ├[~] resource AWS::ApiGateway::Account
│ │ ├ - arnTemplate: arn:${Partition}:apigateway:${Region}::/account
│ │ │ + arnTemplate: arn:${Partition}:apigateway:${Region}::/account/${ApiGatewayAccountId}
│ │ └ properties
│ │ └ CloudWatchRoleArn: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::IAM::Role.Arn]
│ ├[~] resource AWS::ApiGateway::ApiKey
│ │ └ types
│ │ └[~] type StageKey
│ │ └ properties
│ │ ├ RestApiId: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::ApiGateway::RestApi.RestApiId]
│ │ └ StageName: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::ApiGateway::Stage.StageName]
│ ├[~] resource AWS::ApiGateway::Authorizer
│ │ ├ - arnTemplate: arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/authorizers/${AuthorizerId}
│ │ │ + arnTemplate: undefined
│ │ └ properties
│ │ ├ AuthorizerCredentials: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::IAM::Role.Arn]
│ │ ├ ProviderARNs: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::Cognito::UserPool.Arn]
│ │ └ RestApiId: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::ApiGateway::RestApi.RestApiId]
│ ├[~] resource AWS::ApiGateway::BasePathMapping
│ │ ├ - arnTemplate: arn:${Partition}:apigateway:${Region}::/domainnames/${DomainName}/basepathmappings/${BasePath}
│ │ │ + arnTemplate: undefined
│ │ └ properties
│ │ ├ DomainName: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::ApiGateway::DomainName.DomainName]
│ │ ├ RestApiId: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::ApiGateway::RestApi.RestApiId]
│ │ └ Stage: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::ApiGateway::Stage.StageName]
│ ├[~] resource AWS::ApiGateway::Deployment
│ │ ├ - arnTemplate: arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/deployments/${DeploymentId}
│ │ │ + arnTemplate: undefined
│ │ └ properties
│ │ └ RestApiId: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::ApiGateway::RestApi.RestApiId]
│ ├[~] resource AWS::ApiGateway::DocumentationPart
│ │ ├ - arnTemplate: arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/documentation/parts/${DocumentationPartId}
│ │ │ + arnTemplate: undefined
│ │ └ properties
│ │ └ RestApiId: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::ApiGateway::RestApi.RestApiId]
│ ├[~] resource AWS::ApiGateway::DocumentationVersion
│ │ ├ - arnTemplate: arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/documentation/versions/${DocumentationVersionId}
│ │ │ + arnTemplate: undefined
│ │ └ properties
│ │ └ RestApiId: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::ApiGateway::RestApi.RestApiId]
│ ├[~] resource AWS::ApiGateway::DomainNameAccessAssociation
│ │ └ - arnTemplate: arn:${Partition}:apigateway:${Region}:${Account}:/domainnameaccessassociations
│ │ + arnTemplate: undefined
│ ├[~] resource AWS::ApiGateway::GatewayResponse
│ │ ├ - arnTemplate: arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/gatewayresponses/${ResponseType}
│ │ │ + arnTemplate: undefined
│ │ └ properties
│ │ └ RestApiId: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::ApiGateway::RestApi.RestApiId]
│ ├[~] resource AWS::ApiGateway::Method
│ │ ├ - arnTemplate: arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/resources/${ResourceId}/methods/${HttpMethodType}
│ │ │ + arnTemplate: undefined
│ │ ├ properties
│ │ │ ├ AuthorizerId: - relationshipRefs: undefined
│ │ │ │ + relationshipRefs: [AWS::ApiGateway::Authorizer.AuthorizerId]
│ │ │ ├ RequestValidatorId: - relationshipRefs: undefined
│ │ │ │ + relationshipRefs: [AWS::ApiGateway::RequestValidator.RequestValidatorId]
│ │ │ ├ ResourceId: - relationshipRefs: undefined
│ │ │ │ + relationshipRefs: [AWS::ApiGateway::Resource.ResourceId]
│ │ │ └ RestApiId: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::ApiGateway::RestApi.RestApiId]
│ │ └ types
│ │ └[~] type Integration
│ │ └ properties
│ │ ├ ConnectionId: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::ApiGateway::VpcLink.VpcLinkId]
│ │ ├ Credentials: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::IAM::Role.Arn]
│ │ └ Uri: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::Lambda::Function.Arn]
│ ├[~] resource AWS::ApiGateway::Model
│ │ ├ - arnTemplate: arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/models/${ModelName}
│ │ │ + arnTemplate: undefined
│ │ └ properties
│ │ └ RestApiId: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::ApiGateway::RestApi.RestApiId]
│ ├[~] resource AWS::ApiGateway::RequestValidator
│ │ ├ - arnTemplate: arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/requestvalidators/${RequestValidatorId}
│ │ │ + arnTemplate: undefined
│ │ └ properties
│ │ └ RestApiId: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::ApiGateway::RestApi.RestApiId]
│ ├[~] resource AWS::ApiGateway::Resource
│ │ ├ - arnTemplate: arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/resources/${ResourceId}
│ │ │ + arnTemplate: undefined
│ │ └ properties
│ │ ├ ParentId: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::ApiGateway::Resource.ResourceId]
│ │ └ RestApiId: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::ApiGateway::RestApi.RestApiId]
│ ├[~] resource AWS::ApiGateway::RestApi
│ │ ├ properties
│ │ │ └ CloneFrom: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::ApiGateway::RestApi.RestApiId]
│ │ └ types
│ │ ├[~] type EndpointConfiguration
│ │ │ └ properties
│ │ │ └ VpcEndpointIds: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::EC2::VPCEndpoint.Id]
│ │ └[~] type S3Location
│ │ └ properties
│ │ └ Bucket: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::S3::Bucket.BucketName]
│ ├[~] resource AWS::ApiGateway::Stage
│ │ ├ - arnTemplate: arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/stages/${StageName}
│ │ │ + arnTemplate: undefined
│ │ ├ properties
│ │ │ ├ ClientCertificateId: - relationshipRefs: undefined
│ │ │ │ + relationshipRefs: [AWS::ApiGateway::ClientCertificate.ClientCertificateId]
│ │ │ ├ DeploymentId: - relationshipRefs: undefined
│ │ │ │ + relationshipRefs: [AWS::ApiGateway::Deployment.DeploymentId]
│ │ │ └ RestApiId: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::ApiGateway::RestApi.RestApiId]
│ │ └ types
│ │ ├[~] type AccessLogSetting
│ │ │ └ properties
│ │ │ └ DestinationArn: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::Logs::LogGroup.Arn]
│ │ └[~] type CanarySetting
│ │ └ properties
│ │ └ DeploymentId: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::ApiGateway::Deployment.DeploymentId]
│ ├[~] resource AWS::ApiGateway::UsagePlan
│ │ └ types
│ │ └[~] type ApiStage
│ │ └ properties
│ │ ├ ApiId: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::ApiGateway::RestApi.RestApiId]
│ │ └ Stage: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::ApiGateway::Stage.StageName]
│ ├[~] resource AWS::ApiGateway::UsagePlanKey
│ │ ├ - arnTemplate: arn:${Partition}:apigateway:${Region}::/usageplans/${UsagePlanId}/keys/${Id}
│ │ │ + arnTemplate: undefined
│ │ └ properties
│ │ ├ KeyId: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::ApiGateway::ApiKey.APIKeyId]
│ │ └ UsagePlanId: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::ApiGateway::UsagePlan.Id]
│ └[~] resource AWS::ApiGateway::VpcLink
│ └ properties
│ └ TargetArns: - relationshipRefs: undefined
│ + relationshipRefs: [AWS::ElasticLoadBalancingV2::LoadBalancer.LoadBalancerArn]
├[~] service aws-apigatewayv2
│ └ resources
│ ├[~] resource AWS::ApiGatewayV2::Api
│ │ └ properties
│ │ └ Target: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::Lambda::Function.Arn]
│ ├[~] resource AWS::ApiGatewayV2::ApiMapping
│ │ ├ - arnTemplate: arn:${Partition}:apigateway:${Region}::/domainnames/${DomainName}/apimappings/${ApiMappingId}
│ │ │ + arnTemplate: undefined
│ │ └ properties
│ │ ├ ApiId: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::ApiGatewayV2::Api.ApiId, AWS::ApiGateway::RestApi.RestApiId]
│ │ └ DomainName: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::ApiGatewayV2::DomainName.DomainName, AWS::ApiGateway::DomainName.DomainName]
│ ├[~] resource AWS::ApiGatewayV2::Authorizer
│ │ ├ - arnTemplate: arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/authorizers/${AuthorizerId}
│ │ │ + arnTemplate: undefined
│ │ └ properties
│ │ └ ApiId: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::ApiGatewayV2::Api.ApiId]
│ ├[~] resource AWS::ApiGatewayV2::Deployment
│ │ ├ - arnTemplate: arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/deployments/${DeploymentId}
│ │ │ + arnTemplate: undefined
│ │ └ properties
│ │ └ ApiId: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::ApiGatewayV2::Api.ApiId]
│ ├[~] resource AWS::ApiGatewayV2::Integration
│ │ ├ - arnTemplate: arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/integrations/${IntegrationId}
│ │ │ + arnTemplate: undefined
│ │ └ properties
│ │ ├ ApiId: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::ApiGatewayV2::Api.ApiId]
│ │ └ IntegrationUri: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::Lambda::Function.Arn]
│ ├[~] resource AWS::ApiGatewayV2::IntegrationResponse
│ │ ├ - arnTemplate: arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/integrations/${IntegrationId}/integrationresponses/${IntegrationResponseId}
│ │ │ + arnTemplate: undefined
│ │ └ properties
│ │ ├ ApiId: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::ApiGatewayV2::Api.ApiId]
│ │ └ IntegrationId: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::ApiGatewayV2::Integration.IntegrationId]
│ ├[~] resource AWS::ApiGatewayV2::Model
│ │ ├ - arnTemplate: arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/models/${ModelId}
│ │ │ + arnTemplate: undefined
│ │ └ properties
│ │ └ ApiId: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::ApiGatewayV2::Api.ApiId]
│ ├[~] resource AWS::ApiGatewayV2::Route
│ │ ├ - arnTemplate: arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/routes/${RouteId}
│ │ │ + arnTemplate: undefined
│ │ └ properties
│ │ ├ ApiId: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::ApiGatewayV2::Api.ApiId]
│ │ ├ AuthorizerId: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::ApiGatewayV2::Authorizer.AuthorizerId]
│ │ └ Target: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::ApiGatewayV2::Integration.IntegrationId]
│ ├[~] resource AWS::ApiGatewayV2::RouteResponse
│ │ ├ - arnTemplate: arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/routes/${RouteId}/routeresponses/${RouteResponseId}
│ │ │ + arnTemplate: undefined
│ │ └ properties
│ │ ├ ApiId: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::ApiGatewayV2::Api.ApiId]
│ │ └ RouteId: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::ApiGatewayV2::Route.RouteId]
│ ├[~] resource AWS::ApiGatewayV2::RoutingRule
│ │ └ - arnTemplate: arn:${Partition}:apigateway:${Region}:${Account}:/domainnames/${DomainName}/routingrules/${RoutingRuleId}
│ │ + arnTemplate: undefined
│ ├[~] resource AWS::ApiGatewayV2::Stage
│ │ └ - arnTemplate: arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/stages/${StageName}
│ │ + arnTemplate: undefined
│ └[~] resource AWS::ApiGatewayV2::VpcLink
│ └ properties
│ ├ SecurityGroupIds: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::EC2::SecurityGroup.Id]
│ └ SubnetIds: - relationshipRefs: undefined
│ + relationshipRefs: [AWS::EC2::Subnet.SubnetId]
├[~] service aws-appconfig
│ └ resources
│ ├[~] resource AWS::AppConfig::ConfigurationProfile
│ │ ├ - arnTemplate: arn:${Partition}:appconfig:${Region}:${Account}:application/${ApplicationId}/configurationprofile/${ConfigurationProfileId}
│ │ │ + arnTemplate: undefined
│ │ ├ properties
│ │ │ ├ ApplicationId: - relationshipRefs: undefined
│ │ │ │ + relationshipRefs: [AWS::AppConfig::Application.ApplicationId]
│ │ │ └ RetrievalRoleArn: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::IAM::Role.Arn]
│ │ └ types
│ │ └[~] type Validators
│ │ └ properties
│ │ └ Content: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::Lambda::Function.Arn, AWS::Lambda::Alias.Id]
│ ├[~] resource AWS::AppConfig::Deployment
│ │ └ - arnTemplate: arn:${Partition}:appconfig:${Region}:${Account}:application/${ApplicationId}/environment/${EnvironmentId}/deployment/${DeploymentNumber}
│ │ + arnTemplate: undefined
│ ├[~] resource AWS::AppConfig::Environment
│ │ ├ - arnTemplate: arn:${Partition}:appconfig:${Region}:${Account}:application/${ApplicationId}/environment/${EnvironmentId}
│ │ │ + arnTemplate: undefined
│ │ ├ properties
│ │ │ └ ApplicationId: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::AppConfig::Application.ApplicationId]
│ │ └ types
│ │ ├[~] type Monitor
│ │ │ └ properties
│ │ │ ├ AlarmArn: - relationshipRefs: undefined
│ │ │ │ + relationshipRefs: [AWS::CloudWatch::Alarm.Arn, AWS::CloudWatch::CompositeAlarm.Arn]
│ │ │ └ AlarmRoleArn: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::IAM::Role.Arn]
│ │ └[~] type Monitors
│ │ └ properties
│ │ ├ AlarmArn: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::CloudWatch::Alarm.Arn, AWS::CloudWatch::CompositeAlarm.Arn]
│ │ └ AlarmRoleArn: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::IAM::Role.Arn]
│ ├[~] resource AWS::AppConfig::Extension
│ │ └ - arnTemplate: arn:${Partition}:appconfig:${Region}:${Account}:extension/${ExtensionId}/${ExtensionVersionNumber}
│ │ + arnTemplate: undefined
│ └[~] resource AWS::AppConfig::HostedConfigurationVersion
│ ├ - arnTemplate: arn:${Partition}:appconfig:${Region}:${Account}:application/${ApplicationId}/configurationprofile/${ConfigurationProfileId}/hostedconfigurationversion/${VersionNumber}
│ │ + arnTemplate: undefined
│ └ properties
│ ├ ApplicationId: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::AppConfig::Application.ApplicationId]
│ └ ConfigurationProfileId: - relationshipRefs: undefined
│ + relationshipRefs: [AWS::AppConfig::ConfigurationProfile.ConfigurationProfileId]
├[~] service aws-appflow
│ └ resources
│ └[~] resource AWS::AppFlow::Flow
│ ├ properties
│ │ └ KMSArn: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::KMS::Key.Arn]
│ └ types
│ ├[~] type ErrorHandlingConfig
│ │ └ properties
│ │ └ BucketName: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::S3::Bucket.BucketName]
│ ├[~] type RedshiftDestinationProperties
│ │ └ properties
│ │ └ IntermediateBucketName: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::S3::Bucket.BucketName]
│ ├[~] type S3DestinationProperties
│ │ └ properties
│ │ └ BucketName: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::S3::Bucket.BucketName]
│ ├[~] type S3SourceProperties
│ │ └ properties
│ │ └ BucketName: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::S3::Bucket.BucketName]
│ ├[~] type SnowflakeDestinationProperties
│ │ └ properties
│ │ └ IntermediateBucketName: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::S3::Bucket.BucketName]
│ └[~] type SuccessResponseHandlingConfig
│ └ properties
│ └ BucketName: - relationshipRefs: undefined
│ + relationshipRefs: [AWS::S3::Bucket.BucketName]
├[~] service aws-applicationautoscaling
│ └ resources
│ ├[~] resource AWS::ApplicationAutoScaling::ScalableTarget
│ │ └ properties
│ │ ├ ResourceId: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::MSK::Cluster.Arn]
│ │ └ RoleARN: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::IAM::Role.Arn]
│ └[~] resource AWS::ApplicationAutoScaling::ScalingPolicy
│ └ properties
│ └ ScalingTargetId: - relationshipRefs: undefined
│ + relationshipRefs: [AWS::ApplicationAutoScaling::ScalableTarget.ResourceId]
├[~] service aws-applicationinsights
│ └ resources
│ └[~] resource AWS::ApplicationInsights::Application
│ └ - arnTemplate: arn:${Partition}:applicationinsights:${Region}:${AccountId}:application/resource-group/${ResourceGroupName}
│ + arnTemplate: undefined
├[~] service aws-appmesh
│ └ resources
│ ├[~] resource AWS::AppMesh::GatewayRoute
│ │ └ - arnTemplate: arn:${Partition}:appmesh:${Region}:${Account}:mesh/${MeshName}/virtualGateway/${VirtualGatewayName}/gatewayRoute/${GatewayRouteName}
│ │ + arnTemplate: undefined
│ ├[~] resource AWS::AppMesh::Route
│ │ └ - arnTemplate: arn:${Partition}:appmesh:${Region}:${Account}:mesh/${MeshName}/virtualRouter/${VirtualRouterName}/route/${RouteName}
│ │ + arnTemplate: undefined
│ ├[~] resource AWS::AppMesh::VirtualGateway
│ │ └ - arnTemplate: arn:${Partition}:appmesh:${Region}:${Account}:mesh/${MeshName}/virtualGateway/${VirtualGatewayName}
│ │ + arnTemplate: undefined
│ ├[~] resource AWS::AppMesh::VirtualNode
│ │ └ - arnTemplate: arn:${Partition}:appmesh:${Region}:${Account}:mesh/${MeshName}/virtualNode/${VirtualNodeName}
│ │ + arnTemplate: undefined
│ ├[~] resource AWS::AppMesh::VirtualRouter
│ │ └ - arnTemplate: arn:${Partition}:appmesh:${Region}:${Account}:mesh/${MeshName}/virtualRouter/${VirtualRouterName}
│ │ + arnTemplate: undefined
│ └[~] resource AWS::AppMesh::VirtualService
│ └ - arnTemplate: arn:${Partition}:appmesh:${Region}:${Account}:mesh/${MeshName}/virtualService/${VirtualServiceName}
│ + arnTemplate: undefined
├[~] service aws-apprunner
│ └ resources
│ ├[~] resource AWS::AppRunner::AutoScalingConfiguration
│ │ └ - arnTemplate: arn:${Partition}:apprunner:${Region}:${Account}:autoscalingconfiguration/${AutoscalingConfigurationName}/${AutoscalingConfigurationVersion}/${AutoscalingConfigurationId}
│ │ + arnTemplate: undefined
│ ├[~] resource AWS::AppRunner::ObservabilityConfiguration
│ │ └ - arnTemplate: arn:${Partition}:apprunner:${Region}:${Account}:observabilityconfiguration/${ObservabilityConfigurationName}/${ObservabilityConfigurationVersion}/${ObservabilityConfigurationId}
│ │ + arnTemplate: undefined
│ ├[~] resource AWS::AppRunner::Service
│ │ ├ - arnTemplate: arn:${Partition}:apprunner:${Region}:${Account}:service/${ServiceName}/${ServiceId}
│ │ │ + arnTemplate: undefined
│ │ └ types
│ │ ├[~] type AuthenticationConfiguration
│ │ │ └ properties
│ │ │ └ AccessRoleArn: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::IAM::Role.Arn]
│ │ ├[~] type EgressConfiguration
│ │ │ └ properties
│ │ │ └ VpcConnectorArn: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::AppRunner::VpcConnector.VpcConnectorArn]
│ │ └[~] type InstanceConfiguration
│ │ └ properties
│ │ └ InstanceRoleArn: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::IAM::Role.Arn]
│ ├[~] resource AWS::AppRunner::VpcConnector
│ │ ├ - arnTemplate: arn:${Partition}:apprunner:${Region}:${Account}:vpcconnector/${VpcConnectorName}/${VpcConnectorVersion}/${VpcConnectorId}
│ │ │ + arnTemplate: undefined
│ │ └ properties
│ │ └ SecurityGroups: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::EC2::SecurityGroup.Id]
│ └[~] resource AWS::AppRunner::VpcIngressConnection
│ └ - arnTemplate: arn:${Partition}:apprunner:${Region}:${Account}:vpcingressconnection/${VpcIngressConnectionName}/${VpcIngressConnectionId}
│ + arnTemplate: undefined
├[~] service aws-appsync
│ └ resources
│ ├[~] resource AWS::AppSync::ChannelNamespace
│ │ └ - arnTemplate: arn:${Partition}:appsync:${Region}:${Account}:apis/${ApiId}/channelNamespace/${ChannelNamespaceName}
│ │ + arnTemplate: undefined
│ ├[~] resource AWS::AppSync::DataSource
│ │ ├ - arnTemplate: arn:${Partition}:appsync:${Region}:${Account}:apis/${GraphQLAPIId}/datasources/${DatasourceName}
│ │ │ + arnTemplate: undefined
│ │ ├ properties
│ │ │ ├ ApiId: - relationshipRefs: undefined
│ │ │ │ + relationshipRefs: [AWS::AppSync::GraphQLApi.ApiId]
│ │ │ └ ServiceRoleArn: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::IAM::Role.Arn]
│ │ └ types
│ │ ├[~] type DynamoDBConfig
│ │ │ └ properties
│ │ │ └ TableName: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::DynamoDB::Table.TableName]
│ │ ├[~] type EventBridgeConfig
│ │ │ └ properties
│ │ │ └ EventBusArn: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::Events::EventBus.Arn]
│ │ ├[~] type HttpConfig
│ │ │ └ properties
│ │ │ └ Endpoint: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::S3::Bucket.BucketName]
│ │ ├[~] type LambdaConfig
│ │ │ └ properties
│ │ │ └ LambdaFunctionArn: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::Lambda::Function.Arn, AWS::Lambda::Alias.Id]
│ │ └[~] type RdsHttpEndpointConfig
│ │ └ properties
│ │ ├ AwsSecretStoreArn: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::SecretsManager::Secret.Id]
│ │ └ DbClusterIdentifier: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::RDS::DBCluster.Arn]
│ ├[~] resource AWS::AppSync::DomainNameApiAssociation
│ │ └ properties
│ │ ├ ApiId: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::AppSync::GraphQLApi.ApiId]
│ │ └ DomainName: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::AppSync::DomainName.DomainName]
│ ├[~] resource AWS::AppSync::FunctionConfiguration
│ │ ├ - arnTemplate: arn:${Partition}:appsync:${Region}:${Account}:apis/${GraphQLAPIId}/functions/${FunctionId}
│ │ │ + arnTemplate: undefined
│ │ └ properties
│ │ ├ ApiId: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::AppSync::GraphQLApi.ApiId]
│ │ └ DataSourceName: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::AppSync::DataSource.Name]
│ ├[~] resource AWS::AppSync::GraphQLApi
│ │ └ types
│ │ ├[~] type CognitoUserPoolConfig
│ │ │ └ properties
│ │ │ └ UserPoolId: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::Cognito::UserPool.UserPoolId]
│ │ ├[~] type LambdaAuthorizerConfig
│ │ │ └ properties
│ │ │ └ AuthorizerUri: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::Lambda::Function.Arn, AWS::Lambda::Alias.Arn, AWS::Lambda::Version.Arn]
│ │ ├[~] type LogConfig
│ │ │ └ properties
│ │ │ └ CloudWatchLogsRoleArn: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::IAM::Role.Arn]
│ │ └[~] type UserPoolConfig
│ │ └ properties
│ │ └ UserPoolId: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::Cognito::UserPool.UserPoolId]
│ ├[~] resource AWS::AppSync::Resolver
│ │ ├ properties
│ │ │ ├ ApiId: - relationshipRefs: undefined
│ │ │ │ + relationshipRefs: [AWS::AppSync::GraphQLApi.ApiId]
│ │ │ └ DataSourceName: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::AppSync::DataSource.Name]
│ │ └ types
│ │ └[~] type PipelineConfig
│ │ └ properties
│ │ └ Functions: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::AppSync::FunctionConfiguration.FunctionId]
│ └[~] resource AWS::AppSync::SourceApiAssociation
│ └ - arnTemplate: arn:${Partition}:appsync:${Region}:${Account}:apis/${MergedGraphQLAPIId}/sourceApiAssociations/${Associationid}
│ + arnTemplate: undefined
├[~] service aws-aps
│ └ resources
│ └[~] resource AWS::APS::RuleGroupsNamespace
│ └ - arnTemplate: arn:${Partition}:aps:${Region}:${Account}:rulegroupsnamespace/${WorkspaceId}/${Namespace}
│ + arnTemplate: undefined
├[~] service aws-athena
│ └ resources
│ ├[~] resource AWS::Athena::NamedQuery
│ │ └ properties
│ │ ├ Database: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::Glue::Database.Id]
│ │ └ WorkGroup: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::Athena::WorkGroup.Name]
│ ├[~] resource AWS::Athena::PreparedStatement
│ │ └ properties
│ │ └ WorkGroup: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::Athena::WorkGroup.Name]
│ └[~] resource AWS::Athena::WorkGroup
│ └ types
│ ├[~] type CustomerContentEncryptionConfiguration
│ │ └ properties
│ │ └ KmsKey: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::KMS::Key.Arn, AWS::KMS::Key.KeyId]
│ ├[~] type EncryptionConfiguration
│ │ └ properties
│ │ └ KmsKey: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::KMS::Key.Arn, AWS::KMS::Key.KeyId]
│ ├[~] type WorkGroupConfiguration
│ │ └ properties
│ │ └ ExecutionRole: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::IAM::Role.Arn]
│ └[~] type WorkGroupConfigurationUpdates
│ └ properties
│ └ ExecutionRole: - relationshipRefs: undefined
│ + relationshipRefs: [AWS::IAM::Role.Arn]
├[~] service aws-autoscaling
│ └ resources
│ ├[~] resource AWS::AutoScaling::AutoScalingGroup
│ │ ├ - arnTemplate: arn:${Partition}:autoscaling:${Region}:${Account}:autoScalingGroup:${GroupId}:autoScalingGroupName/${GroupFriendlyName}
│ │ │ + arnTemplate: undefined
│ │ ├ properties
│ │ │ ├ AutoScalingGroupName: - relationshipRefs: undefined
│ │ │ │ + relationshipRefs: [AWS::EC2::Instance.AutoScalingGroupName]
│ │ │ ├ LaunchConfigurationName: - relationshipRefs: undefined
│ │ │ │ + relationshipRefs: [AWS::AutoScaling::LaunchConfiguration.LaunchConfigurationName]
│ │ │ ├ LoadBalancerNames: - relationshipRefs: undefined
│ │ │ │ + relationshipRefs: [AWS::ElasticLoadBalancing::LoadBalancer.Id]
│ │ │ ├ ServiceLinkedRoleARN: - relationshipRefs: undefined
│ │ │ │ + relationshipRefs: [AWS::IAM::Role.Arn]
│ │ │ ├ TargetGroupARNs: - relationshipRefs: undefined
│ │ │ │ + relationshipRefs: [AWS::ElasticLoadBalancingV2::TargetGroup.TargetGroupArn]
│ │ │ └ VPCZoneIdentifier: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::EC2::Subnet.SubnetId]
│ │ └ types
│ │ ├[~] type LaunchTemplateSpecification
│ │ │ └ properties
│ │ │ └ LaunchTemplateId: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::EC2::LaunchTemplate.LaunchTemplateId]
│ │ ├[~] type LifecycleHookSpecification
│ │ │ └ properties
│ │ │ ├ NotificationTargetARN: - relationshipRefs: undefined
│ │ │ │ + relationshipRefs: [AWS::SNS::Topic.TopicArn, AWS::SQS::Queue.Arn]
│ │ │ └ RoleARN: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::IAM::Role.Arn]
│ │ └[~] type NotificationConfiguration
│ │ └ properties
│ │ └ TopicARN: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::SNS::Topic.TopicArn]
│ ├[~] resource AWS::AutoScaling::LaunchConfiguration
│ │ ├ - arnTemplate: arn:${Partition}:autoscaling:${Region}:${Account}:launchConfiguration:${Id}:launchConfigurationName/${LaunchConfigurationName}
│ │ │ + arnTemplate: undefined
│ │ └ properties
│ │ ├ IamInstanceProfile: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::IAM::InstanceProfile.InstanceProfileName]
│ │ └ SecurityGroups: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::EC2::SecurityGroup.Id]
│ ├[~] resource AWS::AutoScaling::LifecycleHook
│ │ └ properties
│ │ ├ AutoScalingGroupName: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::AutoScaling::AutoScalingGroup.AutoScalingGroupName]
│ │ ├ NotificationTargetARN: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::SNS::Topic.TopicArn, AWS::SQS::Queue.Arn]
│ │ └ RoleARN: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::IAM::Role.Arn]
│ ├[~] resource AWS::AutoScaling::ScalingPolicy
│ │ ├ properties
│ │ │ └ AutoScalingGroupName: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::AutoScaling::AutoScalingGroup.AutoScalingGroupName]
│ │ └ types
│ │ └[~] type MetricDimension
│ │ └ properties
│ │ └ Value: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::AutoScaling::AutoScalingGroup.AutoScalingGroupName, AWS::ECS::Cluster.ClusterName]
│ ├[~] resource AWS::AutoScaling::ScheduledAction
│ │ └ properties
│ │ └ AutoScalingGroupName: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::AutoScaling::AutoScalingGroup.AutoScalingGroupName]
│ └[~] resource AWS::AutoScaling::WarmPool
│ └ properties
│ └ AutoScalingGroupName: - relationshipRefs: undefined
│ + relationshipRefs: [AWS::AutoScaling::AutoScalingGroup.AutoScalingGroupName]
├[~] service aws-backup
│ └ resources
│ ├[~] resource AWS::Backup::BackupPlan
│ │ └ types
│ │ ├[~] type BackupRuleResourceType
│ │ │ └ properties
│ │ │ └ TargetBackupVault: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::Backup::BackupVault.BackupVaultName]
│ │ └[~] type CopyActionResourceType
│ │ └ properties
│ │ └ DestinationBackupVaultArn: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::Backup::BackupVault.BackupVaultArn]
│ ├[~] resource AWS::Backup::BackupSelection
│ │ ├ properties
│ │ │ └ BackupPlanId: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::Backup::BackupPlan.BackupPlanId]
│ │ └ types
│ │ └[~] type BackupSelectionResourceType
│ │ └ properties
│ │ ├ IamRoleArn: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::IAM::Role.Arn]
│ │ └ Resources: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::DynamoDB::Table.Arn, AWS::S3::Bucket.Arn]
│ ├[~] resource AWS::Backup::BackupVault
│ │ ├ properties
│ │ │ └ EncryptionKeyArn: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::KMS::Key.Arn]
│ │ └ types
│ │ └[~] type NotificationObjectType
│ │ └ properties
│ │ └ SNSTopicArn: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::SNS::Topic.TopicArn]
│ ├[~] resource AWS::Backup::Framework
│ │ └ - arnTemplate: arn:${Partition}:backup:${Region}:${Account}:framework:${FrameworkName}-${FrameworkId}
│ │ + arnTemplate: undefined
│ ├[~] resource AWS::Backup::ReportPlan
│ │ └ - arnTemplate: arn:${Partition}:backup:${Region}:${Account}:report-plan:${ReportPlanName}-${ReportPlanId}
│ │ + arnTemplate: undefined
│ └[~] resource AWS::Backup::RestoreTestingPlan
│ └ - arnTemplate: arn:${Partition}:backup:${Region}:${Account}:restore-testing-plan:${RestoreTestingPlanName}-${RestoreTestingPlanId}
│ + arnTemplate: undefined
├[~] service aws-batch
│ └ resources
│ ├[~] resource AWS::Batch::ComputeEnvironment
│ │ ├ properties
│ │ │ └ ServiceRole: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::IAM::Role.Arn, AWS::IAM::Role.RoleName]
│ │ └ types
│ │ ├[~] type ComputeResources
│ │ │ └ properties
│ │ │ ├ InstanceRole: - relationshipRefs: undefined
│ │ │ │ + relationshipRefs: [AWS::IAM::InstanceProfile.Arn, AWS::IAM::InstanceProfile.InstanceProfileName, AWS::IAM::Role.RoleName]
│ │ │ ├ PlacementGroup: - relationshipRefs: undefined
│ │ │ │ + relationshipRefs: [AWS::EC2::PlacementGroup.GroupName]
│ │ │ ├ SecurityGroupIds: - relationshipRefs: undefined
│ │ │ │ + relationshipRefs: [AWS::EC2::SecurityGroup.Id]
│ │ │ ├ SpotIamFleetRole: - relationshipRefs: undefined
│ │ │ │ + relationshipRefs: [AWS::IAM::Role.RoleName]
│ │ │ └ Subnets: - relationshipRefs: undefined
│ │ │ + relationshipRefs: [AWS::EC2::Subnet.SubnetId]
│ │ └[~] type LaunchTemplateSpecification
│ │ └ properties
│ │ └ LaunchTemplateId: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::EC2::LaunchTemplate.LaunchTemplateId]
│ └[~] resource AWS::Batch::JobQueue
│ ├ properties
│ │ └ SchedulingPolicyArn: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::Batch::SchedulingPolicy.Arn]
│ └ types
│ └[~] type ComputeEnvironmentOrder
│ └ properties
│ └ ComputeEnvironment: - relationshipRefs: undefined
│ + relationshipRefs: [AWS::Batch::ComputeEnvironment.ComputeEnvironmentArn]
├[~] service aws-bedrock
│ └ resources
│ ├[~] resource AWS::Bedrock::AgentAlias
│ │ └ - arnTemplate: arn:${Partition}:bedrock:${Region}:${Account}:agent-alias/${AgentId}/${AgentAliasId}
│ │ + arnTemplate: undefined
│ ├[~] resource AWS::Bedrock::AutomatedReasoningPolicyVersion
│ │ └ - arnTemplate: arn:${Partition}:bedrock:${Region}:${Account}:automated-reasoning-policy/${AutomatedReasoningPolicyId}:${AutomatedReasoningPolicyVersion}
│ │ + arnTemplate: undefined
│ ├[~] resource AWS::Bedrock::FlowAlias
│ │ └ - arnTemplate: arn:${Partition}:bedrock:${Region}:${Account}:flow/${FlowId}/alias/${FlowAliasId}
│ │ + arnTemplate: undefined
│ └[~] resource AWS::Bedrock::PromptVersion
│ └ - arnTemplate: arn:${Partition}:bedrock:${Region}:${Account}:prompt/${PromptId}:${PromptVersion}
│ + arnTemplate: undefined
├[~] service aws-bedrockagentcore
│ └ resources
│ ├[~] resource AWS::BedrockAgentCore::BrowserCustom
│ │ └ - documentation: > Amazon Bedrock AgentCore is in preview release and is subject to change.
│ │ AgentCore Browser tool provides a fast, secure, cloud-based browser runtime to enable AI agents to interact with websites at scale.
│ │ For more information about using the custom browser, see [Interact with web applications using Amazon Bedrock AgentCore Browser](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/browser-tool.html) .
│ │ See the *Properties* section below for descriptions of both the required and optional properties.
│ │ + documentation: AgentCore Browser tool provides a fast, secure, cloud-based browser runtime to enable AI agents to interact with websites at scale.
│ │ For more information about using the custom browser, see [Interact with web applications using Amazon Bedrock AgentCore Browser](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/browser-tool.html) .
│ │ See the *Properties* section below for descriptions of both the required and optional properties.
│ ├[~] resource AWS::BedrockAgentCore::CodeInterpreterCustom
│ │ └ - documentation: > Amazon Bedrock AgentCore is in preview release and is subject to change.
│ │ The AgentCore Code Interpreter tool enables agents to securely execute code in isolated sandbox environments. It offers advanced configuration support and seamless integration with popular frameworks.
│ │ For more information about using the custom code interpreter, see [Execute code and analyze data using Amazon Bedrock AgentCore Code Interpreter](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/code-interpreter-tool.html) .
│ │ See the *Properties* section below for descriptions of both the required and optional properties.
│ │ + documentation: The AgentCore Code Interpreter tool enables agents to securely execute code in isolated sandbox environments. It offers advanced configuration support and seamless integration with popular frameworks.
│ │ For more information about using the custom code interpreter, see [Execute code and analyze data using Amazon Bedrock AgentCore Code Interpreter](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/code-interpreter-tool.html) .
│ │ See the *Properties* section below for descriptions of both the required and optional properties.
│ ├[~] resource AWS::BedrockAgentCore::Gateway
│ │ └ - documentation: > Amazon Bedrock AgentCore is in preview release and is subject to change.
│ │ Amazon Bedrock AgentCore Gateway provides a unified connectivity layer between agents and the tools and resources they need to interact with.
│ │ For more information about creating a gateway, see [Set up an Amazon Bedrock AgentCore gateway](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/gateway-building.html) .
│ │ See the *Properties* section below for descriptions of both the required and optional properties.
│ │ + documentation: Amazon Bedrock AgentCore Gateway provides a unified connectivity layer between agents and the tools and resources they need to interact with.
│ │ For more information about creating a gateway, see [Set up an Amazon Bedrock AgentCore gateway](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/gateway-building.html) .
│ │ See the *Properties* section below for descriptions of both the required and optional properties.
│ ├[~] resource AWS::BedrockAgentCore::GatewayTarget
│ │ └ - documentation: > Amazon Bedrock AgentCore is in preview release and is subject to change.
│ │ After creating a gateway, you can add targets, which define the tools that your gateway will host.
│ │ For more information about adding gateway targets, see [Add targets to an existing gateway](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/gateway-building-adding-targets.html) .
│ │ See the *Properties* section below for descriptions of both the required and optional properties.
│ │ + documentation: After creating a gateway, you can add targets, which define the tools that your gateway will host.
│ │ For more information about adding gateway targets, see [Add targets to an existing gateway](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/gateway-building-adding-targets.html) .
│ │ See the *Properties* section below for descriptions of both the required and optional properties.
│ ├[~] resource AWS::BedrockAgentCore::Memory
│ │ ├ - documentation: Resource Type definition for AWS::BedrockAgentCore::Memory
│ │ │ + documentation: Memory allows AI agents to maintain both immediate and long-term knowledge, enabling context-aware and personalized interactions.
│ │ │ For more information about using Memory in Amazon Bedrock AgentCore, see [Host agent or tools with Amazon Bedrock AgentCore Memory](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/memory-getting-started.html) .
│ │ │ See the *Properties* section below for descriptions of both the required and optional properties.
│ │ │ - arnTemplate: undefined
│ │ │ + arnTemplate: arn:${Partition}:bedrock-agentcore:${Region}:${Account}:memory/${MemoryId}
│ │ ├ properties
│ │ │ ├ EncryptionKeyArn: (documentation changed)
│ │ │ ├ EventExpiryDuration: (documentation changed)
│ │ │ ├ MemoryExecutionRoleArn: (documentation changed)
│ │ │ ├ MemoryStrategies: (documentation changed)
│ │ │ ├ Name: (documentation changed)
│ │ │ └ Tags: (documentation changed)
│ │ ├ attributes
│ │ │ ├ CreatedAt: (documentation changed)
│ │ │ ├ MemoryId: (documentation changed)
│ │ │ └ Status: (documentation changed)
│ │ └ types
│ │ ├[~] type CustomConfigurationInput
│ │ │ ├ - documentation: undefined
│ │ │ │ + documentation: The memory configuration input.
│ │ │ └ properties
│ │ │ ├[+] SelfManagedConfiguration: SelfManagedConfiguration
│ │ │ ├ SemanticOverride: (documentation changed)
│ │ │ ├ SummaryOverride: (documentation changed)
│ │ │ └ UserPreferenceOverride: (documentation changed)
│ │ ├[~] type CustomMemoryStrategy
│ │ │ ├ - documentation: undefined
│ │ │ │ + documentation: The memory strategy.
│ │ │ └ properties
│ │ │ ├ Configuration: (documentation changed)
│ │ │ ├ Description: (documentation changed)
│ │ │ ├ Name: (documentation changed)
│ │ │ ├ Namespaces: (documentation changed)
│ │ │ ├ Status: (documentation changed)
│ │ │ ├ StrategyId: (documentation changed)
│ │ │ ├ Type: (documentation changed)
│ │ │ └ UpdatedAt: (documentation changed)
│ │ ├[+] type InvocationConfigurationInput
│ │ │ ├ documentation: The memory invocation configuration input.
│ │ │ │ name: InvocationConfigurationInput
│ │ │ └ properties
│ │ │ ├ TopicArn: string
│ │ │ └ PayloadDeliveryBucketName: string
│ │ ├[~] type MemoryStrategy
│ │ │ ├ - documentation: undefined
│ │ │ │ + documentation: The memory strategy.
│ │ │ └ properties
│ │ │ ├ CustomMemoryStrategy: (documentation changed)
│ │ │ ├ SemanticMemoryStrategy: (documentation changed)
│ │ │ ├ SummaryMemoryStrategy: (documentation changed)
│ │ │ └ UserPreferenceMemoryStrategy: (documentation changed)
│ │ ├[+] type MessageBasedTriggerInput
│ │ │ ├ documentation: The message based trigger input.
│ │ │ │ name: MessageBasedTriggerInput
│ │ │ └ properties
│ │ │ └ MessageCount: integer
│ │ ├[+] type SelfManagedConfiguration
│ │ │ ├ documentation: The self managed configuration.
│ │ │ │ name: SelfManagedConfiguration
│ │ │ └ properties
│ │ │ ├ TriggerConditions: Array<TriggerConditionInput>
│ │ │ ├ InvocationConfiguration: InvocationConfigurationInput
│ │ │ └ HistoricalContextWindowSize: integer
│ │ ├[~] type SemanticMemoryStrategy
│ │ │ ├ - documentation: undefined
│ │ │ │ + documentation: The memory strategy.
│ │ │ └ properties
│ │ │ ├ Description: (documentation changed)
│ │ │ ├ Name: (documentation changed)
│ │ │ ├ Namespaces: (documentation changed)
│ │ │ ├ StrategyId: (documentation changed)
│ │ │ └ Type: (documentation changed)
│ │ ├[~] type SemanticOverride
│ │ │ ├ - documentation: undefined
│ │ │ │ + documentation: The memory override.
│ │ │ └ properties
│ │ │ ├ Consolidation: (documentation changed)
│ │ │ └ Extraction: (documentation changed)
│ │ ├[~] type SemanticOverrideConsolidationConfigurationInput
│ │ │ ├ - documentation: undefined
│ │ │ │ + documentation: The memory override configuration.
│ │ │ └ properties
│ │ │ ├ AppendToPrompt: (documentation changed)
│ │ │ └ ModelId: (documentation changed)
│ │ ├[~] type SemanticOverrideExtractionConfigurationInput
│ │ │ ├ - documentation: undefined
│ │ │ │ + documentation: The memory override configuration.
│ │ │ └ properties
│ │ │ ├ AppendToPrompt: (documentation changed)
│ │ │ └ ModelId: (documentation changed)
│ │ ├[~] type SummaryMemoryStrategy
│ │ │ ├ - documentation: undefined
│ │ │ │ + documentation: The memory strategy.
│ │ │ └ properties
│ │ │ ├ Description: (documentation changed)
│ │ │ ├ Name: (documentation changed)
│ │ │ ├ Namespaces: (documentation changed)
│ │ │ ├ Status: (documentation changed)
│ │ │ ├ StrategyId: (documentation changed)
│ │ │ ├ Type: (documentation changed)
│ │ │ └ UpdatedAt: (documentation changed)
│ │ ├[~] type SummaryOverride
│ │ │ ├ - documentation: undefined
│ │ │ │ + documentation: The memory summary override.
│ │ │ └ properties
│ │ │ └ Consolidation: (documentation changed)
│ │ ├[~] type SummaryOverrideConsolidationConfigurationInput
│ │ │ ├ - documentation: undefined
│ │ │ │ + documentation: The consolidation configuration.
│ │ │ └ properties
│ │ │ ├ AppendToPrompt: (documentation changed)
│ │ │ └ ModelId: (documentation changed)
│ │ ├[+] type TimeBasedTriggerInput
│ │ │ ├ documentation: The memory trigger condition input for the time based trigger.
│ │ │ │ name: TimeBasedTriggerInput
│ │ │ └ properties
│ │ │ └ IdleSessionTimeout: integer
│ │ ├[+] type TokenBasedTriggerInput
│ │ │ ├ documentation: The token based trigger input.
│ │ │ │ name: TokenBasedTriggerInput
│ │ │ └ properties
│ │ │ └ TokenCount: integer
│ │ ├[+] type TriggerConditionInput
│ │ │ ├ documentation: The memory trigger condition input.
│ │ │ │ name: TriggerConditionInput
│ │ │ └ properties
│ │ │ ├ MessageBasedTrigger: MessageBasedTriggerInput
│ │ │ ├ TokenBasedTrigger: TokenBasedTriggerInput
│ │ │ └ TimeBasedTrigger: TimeBasedTriggerInput
│ │ ├[~] type UserPreferenceMemoryStrategy
│ │ │ ├ - documentation: undefined
│ │ │ │ + documentation: The memory strategy.
│ │ │ └ properties
│ │ │ ├ Description: (documentation changed)
│ │ │ ├ Name: (documentation changed)
│ │ │ ├ Namespaces: (documentation changed)
│ │ │ ├ Status: (documentation changed)
│ │ │ ├ StrategyId: (documentation changed)
│ │ │ ├ Type: (documentation changed)
│ │ │ └ UpdatedAt: (documentation changed)
│ │ ├[~] type UserPreferenceOverride
│ │ │ ├ - documentation: undefined
│ │ │ │ + documentation: The memory user preference override.
│ │ │ └ properties
│ │ │ ├ Consolidation: (documentation changed)
│ │ │ └ Extraction: (documentation changed)
│ │ ├[~] type UserPreferenceOverrideConsolidationConfigurationInput
│ │ │ ├ - documentation: undefined
│ │ │ │ + documentation: The configuration input.
│ │ │ └ properties
│ │ │ ├ AppendToPrompt: (documentation changed)
│ │ │ └ ModelId: (documentation changed)
│ │ └[~] type UserPreferenceOverrideExtractionConfigurationInput
│ │ ├ - documentation: undefined
│ │ │ + documentation: The memory override configuration.
│ │ └ properties
│ │ ├ AppendToPrompt: (documentation changed)
│ │ └ ModelId: (documentation changed)
│ ├[~] resource AWS::BedrockAgentCore::Runtime
│ │ └ - documentation: > Amazon Bedrock AgentCore is in preview release and is subject to change.
│ │ Contains information about an agent runtime. An agent runtime is the execution environment for a Amazon Bedrock Agent.
│ │ AgentCore Runtime is a secure, serverless runtime purpose-built for deploying and scaling dynamic AI agents and tools using any open-source framework including LangGraph, CrewAI, and Strands Agents, any protocol, and any model.
│ │ For more information about using agent runtime in Amazon Bedrock AgentCore, see [Host agent or tools with Amazon Bedrock AgentCore Runtime](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/agents-tools-runtime.html) .
│ │ See the *Properties* section below for descriptions of both the required and optional properties.
│ │ + documentation: Contains information about an agent runtime. An agent runtime is the execution environment for a Amazon Bedrock Agent.
│ │ AgentCore Runtime is a secure, serverless runtime purpose-built for deploying and scaling dynamic AI agents and tools using any open-source framework including LangGraph, CrewAI, and Strands Agents, any protocol, and any model.
│ │ For more information about using agent runtime in Amazon Bedrock AgentCore, see [Host agent or tools with Amazon Bedrock AgentCore Runtime](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/agents-tools-runtime.html) .
│ │ See the *Properties* section below for descriptions of both the required and optional properties.
│ └[~] resource AWS::BedrockAgentCore::RuntimeEndpoint
│ └ - documentation: > Amazon Bedrock AgentCore is in preview release and is subject to change.
│ AgentCore Runtime is a secure, serverless runtime purpose-built for deploying and scaling dynamic AI agents and tools using any open-source framework including LangGraph, CrewAI, and Strands Agents, any protocol, and any model.
│ For more information about using agent runtime endpoints in Amazon Bedrock AgentCore, see [AgentCore Runtime versioning and endpoints](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/agent-runtime-versioning.html) .
│ See the *Properties* section below for descriptions of both the required and optional properties.
│ + documentation: AgentCore Runtime is a secure, serverless runtime purpose-built for deploying and scaling dynamic AI agents and tools using any open-source framework including LangGraph, CrewAI, and Strands Agents, any protocol, and any model.
│ For more information about using agent runtime endpoints in Amazon Bedrock AgentCore, see [AgentCore Runtime versioning and endpoints](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/agent-runtime-versioning.html) .
│ See the *Properties* section below for descriptions of both the required and optional properties.
│ - arnTemplate: arn:${Partition}:bedrock-agentcore:${Region}:${Account}:runtime/${RuntimeId}/runtime-endpoint/${Name}
│ + arnTemplate: undefined
├[~] service aws-budgets
│ └ resources
│ └[~] resource AWS::Budgets::BudgetsAction
│ └ - arnTemplate: arn:${Partition}:budgets::${Account}:budget/${BudgetName}/action/${ActionId}
│ + arnTemplate: undefined
├[~] service aws-cassandra
│ └ resources
│ └[~] resource AWS::Cassandra::Table
│ └ - arnTemplate: arn:${Partition}:cassandra:${Region}:${Account}:/keyspace/${KeyspaceName}/table/${TableName}
│ + arnTemplate: undefined
├[~] service aws-ce
│ └ resources
│ └[~] resource AWS::CE::AnomalySubscription
│ ├ properties
│ │ └ MonitorArnList: - relationshipRefs: undefined
│ │ + relationshipRefs: [AWS::CE::AnomalyMonitor.MonitorArn]
│ └ types
│ └[~] type Subscriber
│ └ properties
│ └ Address: - relationshipRefs: undefined
│ + relationshipRefs: [AWS::SNS::Topic.TopicArn]
├[~] service aws-chatbot
│ └ resources
│ ├[~] resource AWS::Chatbot::MicrosoftTeamsChannelConfiguration
│ │ └ - arnTemplate: arn:${Partition}:chatbot::${Account}:chat-configuration/${ConfigurationType}/${ChatbotConfigurationName}
│ │ + arnTemplate: undefined
│ └[~] resource AWS::Chatbot::SlackChannelConfiguration
│ ├ - arnTemplate: arn:${Partition}:c…
Support new model. https://aws.amazon.com/about-aws/whats-new/2025/10/claude-4-5-haiku-anthropic-amazon-bedrock/ ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) Closes #35666. ### Reason for this change Cannot create i8g data nodes without EBS due to validation logic. ### Description of changes Enable create i8g data nodes by adding i8g type to `unSupportEbsInstanceType` . ### Describe any new or updated permissions being added N/A ### Description of how you validated changes unit test ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Reason for this change https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Library_python_selenium.html#CloudWatch_Synthetics_runtimeversion-syn-python-selenium-7.0 ### Description of changes - Synthetics add selenium 7.0 runtime ### Description of how you validated changes Unit + Integ ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…n for S3 Bucket Destination (#35410) ### Issue \# Closes #15501. ### Reason for this change From the Kinesis Firehose RFC, the ability to define record format conversion is still missing https://github.com/aws/aws-cdk-rfcs/blob/main/text/0340-firehose-l2.md#record-format-conversion-using-aws-glue ### Description of changes See my comment in the issue thread #15501 (comment) for a few more details about the changes These changes add several classes and data models to support Firehose's [record format conversion](https://docs.aws.amazon.com/firehose/latest/dev/record-format-conversion.html) feature with the L2 `DeliveryStream` construct, as specified in the [RFC](https://github.com/aws/aws-cdk-rfcs/blob/main/text/0340-firehose-l2.md#record-format-conversion-using-aws-glue). The main focus for the design is to allow configurability of the underlying settings while still providing sane defaults for the 99% of users that won't touch the advanced settings. One note is that the RFC shows usage of the (as of now) alpha `glue.Table` construct. Since those constructs are not yet in stable release, we should support `glue.CfnTable` for now and provide a way to later use the L2 construct whenever that is released without any breaking changes. With these changes merged, users can specify record format conversion like so: ```ts import * as glue from '@aws-cdk/aws-glue'; import * as s3 from '@aws-cdk/aws-s3'; import * as destinations from '@aws-cdk/aws-kinesisfirehose-destinations'; declare const myGlueSchemaTable: glue.CfnTable; declare const bucket: s3.Bucket; new firehose.DeliveryStream(this, 'Delivery Stream', { destination: new destinations.S3Bucket(bucket, { dataFormatConversion: { schemaConfiguration: firehose.SchemaConfiguration.fromCfnTable(myGlueSchemaTable), inputFormat: firehose.InputFormat.OPENX_JSON, outputFormat: firehose.OuputFormat.PARQUET, }, }), }); ``` If you want to customize the parameters of the OPENX_JSON input format, specify it like so: ```ts const inputFormat = new OpenXJsonInputFormat({ lowercaseColumnNames: false, // default true columnToJsonKeyMappings: { 'columnA': 'path.to.key', 'columnB': 'path.to.key2', }, convertDotsInJsonKeysToUnderscores: true, // default false }); ``` If you want to customize the parameters of the HIVE_JSON input format, specify it like so: ```ts const inputFormat = new firehose.HiveJsonInputFormat({ timestampParsers: [firehose.TimestampParser.fromFormatSring('yyyy-MM-dd')], // in Joda Time pattern https://www.joda.org/joda-time/key_format.html }); ``` If you want to customize the parameters of the PARQUET output format, specify it like so: ```ts const outputFormat = new firehose.ParquetOutputFormat({ blockSize: core.Size.mebibytes(512), compression: firehose.ParquetCompression.UNCOMPRESSED, enableDictionaryCompression: true, maxPadding: core.Size.bytes(10), pageSize: core.Size.mebibytes(2), writerVersion: firehose.ParquetWriterVersion.V2, }); ``` If you want to customize the parameters of the ORC output format, specify it like so: ```ts const outputFormat = new firehose.OrcOutputFormat({ formatVersion: firehose.OrcFormatVersion.V0_11, blockSize: core.Size.mebibytes(256), compression: firehose.OrcCompression.NONE, bloomFilterColumns: ['columnA'], bloomFilterFalsePositiveProbability: 0.1, dictionaryKeyThreshold: 0.7, enablePadding: true, paddingTolerance: 0.2, rowIndexStride: 9000, stripeSize: core.Size.mebibytes(32), }); ``` Changelist: - Add support for record format conversion - Readme updates ### Describe any new or updated permissions being added The following permissions are added to the S3 Destination role when `dataFormatConversion` is set: ```json { "Effect": "Allow", "Action": [ "glue:GetTable", "glue:GetTableVersion", "glue:GetTableVersions" ], "Resource": [ "arn:aws:glue:region:account-id:catalog", "arn:aws:glue:region:account-id:database/databaseName", "arn:aws:glue:region:account-id:table/databaseName/tableName", ] } ``` ```json { "Effect": "Allow", "Action": "glue:GetSchemaVersion", "Resource": "*" } ``` The permissions are acquired from the aws docs https://docs.aws.amazon.com/firehose/latest/dev/controlling-access.html#using-iam-glue, though these docs are a bit misleading. It specifies `table-arn` as the resource, but you need to give permissions to the database and catalog as well. See https://docs.aws.amazon.com/glue/latest/dg/glue-specifying-resource-arns.html >Actions on a table, partition, or table version require permission on the table, database, and catalog. ### Description of how you validated changes Added unit test file and integration test. Unit tests: - Split across tests for Schema creation, Input format creation, output format creation. - Tests for policies added when creating a schema Integ test: - Creates several delivery streams with different configurations, and uploads the same JSON input. Successful outputs are written to a single S3 prefix; the assertions expect X number of files if there are X delivery streams. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Ref: [Engine releases for Amazon Neptune](https://docs.aws.amazon.com/neptune/latest/userguide/engine-releases.html) ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ucts-guide (#35792) ### Issue # (if applicable) N/A ### Closes N/A ### Reason for this change Fix obvious typos and minor grammar to improve clarity and reduce reader confusion. Docs-only change. ### Description of changes - docs/DESIGN_GUIDELINES.md: "in constrast to" → "in contrast to" (L2.5s paragraph) - docs/NEW_CONSTRUCTS_GUIDE.md: "help you setup your repository" → "help you set up your repository" - docs/NEW_CONSTRUCTS_GUIDE.md: "create a new pull requests" → "create a new pull request" No code changes; no API/behavior impact. ### Describe any new or updated permissions being added None. ### Description of how you validated changes Docs-only text edits. Verified rendered text reads correctly. No unit/integration tests applicable. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ityProvider (#35745) ### Issue # (if applicable) Call out from #35742 ManagedInstancesCapacityProvider should implement IConnectable to make managing the SGs for the provider easier. This was missed in the initial PR. ### Reason for this change Implement IConnectable for ManagedInstancesCapacityProvider. ManagedInstancesCapacityProvider makes use of EC2 security groups, so it should implement this interface. ### Description of changes Implement IConnectable for ManagedInstancesCapacityProvider ### Describe any new or updated permissions being added None ### Description of how you validated changes Modified and deployed integ test ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This replaces a real `IRole` instance with a type intersection (`IRoleRef & IGrantable`, which is good enough for 90% of cases). Just on StateMachine, to test it out. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) N/A ### Reason for this change The `ServerlessCache` class was missing the `CacheEngine.REDIS_7` case in the switch statement that determines the default port for imported caches. So importing a Redis 7 serverless cache causes an error: > ValidationError: Unsupported cache engine: redis_7 ### Description of changes * Added missing `CacheEngine.REDIS_7` case** in the `fromServerlessCacheAttributes` method's switch statement to ensure Redis 7 caches use the correct default port. * Add unit tests for all supported versions. ### Describe any new or updated permissions being added N/A ### Description of how you validated changes Add unit tests ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This PR updates the CDK enum mapping file.
### Issue # (if applicable) Related to aws/aws-cdk-rfcs#785 ### Reason for this change Adding bedrock agent core runtime and runtime endpoint ### Description of changes - Added a new L2 construct for runtime in aws -bedrock-agentcore-alpha package. - Added a new L2 construct for runtime endpoint - Added test cases - Added documentation ### Describe any new or updated permissions being added The runtime creates a role with permission to ecr repo, cloudwatch , xray . ### Description of how you validated changes Unit tests, integration tests, manual tests ### Checklist - [Yes] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) Closes #35454 ### Reason for this change AWS ECR now supports for image tag mutability exclusion filters but AWS CDK L2 construct does not support this feature yet. ### Description of changes - add `imageTagMutabilityExclusionFilters` prop to `RepositoryProps` - update `TagMutability` enum - define `ImageTagMutabilityExclusionFilter` class - While `ImageTagMutabilityExclusionFilterType` currently supports only `WILDCARD`, future additions are anticipated. Factory method-based instance creation has been implemented to ensure user convenience and future extensibility. - https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-properties-ecr-repository-imagetagmutabilityexclusionfilter.html#aws-properties-ecr-repository-imagetagmutabilityexclusionfilter-properties ### Describe any new or updated permissions being added None ### Description of how you validated changes Add both unit and integ tests ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This PR updates the enum values for cloudfront.
### Issue # (if applicable) Closes #21630. ### Reason for this change In the ESM module system, callsites returns filenames prefixed with 'file://'. This is not compatible with the NodeJS file utility functions such as fs.existsSync(). ### Description of changes Remove 'file://' prefix. ### Describe any new or updated permissions being added No new IAM permissions are added. ### Description of how you validated changes Unit tests. Integration test cannot be added as the integration test system uses CommonJS, it will be impossible to replicate the error which only happens under an ESM system. ### Credits This is mostly inspired by @okko for [his PR](#21802). He found the root cause and fix for this issue, but it didn't get merged due to a lack of integration tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws-cdk-automation
added
auto-approve
pr/no-squash
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
aws-cdk-automation
had a problem deploying
to
test-pipeline
GitHub Actions
Failure
aws-cdk-automation
had a problem deploying
to
test-pipeline
GitHub Actions
Failure
aws-cdk-automation
had a problem deploying
to
test-pipeline
GitHub Actions
Failure
abidhasan-aws
added
the
pr/do-not-merge
abidhasan-aws
added
pr/do-not-merge
abidhasan-aws
had a problem deploying
to
test-pipeline
GitHub Actions
Failure
abidhasan-aws
had a problem deploying
to
test-pipeline
GitHub Actions
Failure
abidhasan-aws
removed
the
pr/do-not-merge
abidhasan-aws
had a problem deploying
to
test-pipeline
GitHub Actions
Failure
abidhasan-aws
had a problem deploying
to
test-pipeline
GitHub Actions
Failure
Contributor
|
Thank you for contributing! Your pull request will be automatically updated and merged without squashing (do not update manually, and be sure to allow changes to be pushed to your fork). |
Contributor
|
This pull request has been removed from the queue for the following reason: Pull request #35826 has been dequeued. The pull request could not be merged. This could be related to an activated branch protection or ruleset rule that prevents us from merging. (details: Required status check "build" is failing.). You should look at the reason for the failure and decide if the pull request needs to be fixed or if you want to requeue it. |
aws-cdk-automation
added
the
pr/needs-maintainer-review
Contributor
|
Thank you for contributing! Your pull request will be automatically updated and merged without squashing (do not update manually, and be sure to allow changes to be pushed to your fork). |
aws-cdk-automation
had a problem deploying
to
test-pipeline
GitHub Actions
Failure
Contributor
|
Comments on closed issues and PRs are hard for our team to see. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
18 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See CHANGELOG