chore(release): 2.176.0 #32955

aws-cdk-automation · 2025-01-15T19:39:33Z

This PR does not currently change CLI functionality. The function `convertToCliArgs` is not used in the CLI yet which is why this PR is not fixing a regression. It will eventually be used to strongly-type cli arguments. Previously, aliased commands, like `cdk ack` instead of `cdk acknowledge` would fall through the cracks of the generated convert function. The switch statement was only switching on command names so we would not store any options associated with an aliased command. Specifically, `cdk synth --exclusively` would _not_ store the `exclusively` flag in the ensuing `CliArguments` object because `synth` is an alias. Now we do. This is an additional step forward to being able to use `CliArguments` in `cli.ts` ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

This PR does not change the functionality of the CLI (yet) It does however articulate a schema for what `cdk.json` should look like in the future. I'm aware that we honor a slightly different set of rules in `cdk.json` that _is not documented anywhere_, and we will have to honor those rules ad-hoc. However, this will hopefully move us towards a strongly-typed future where `cdk.json` contents mirror CLI argument options. - global options are specified at the base level of `cdk.json` - command specific options will be prefixed by their command name. NOTE: some options are honored at the base level today. I will have to, in a separate PR, find each of these instances and take care of them but ensuring we still map them to the correct place in `CliArguments`. ```json { "app": "npx ts-node -P tsconfig.json --prefer-ts-exts src/main.ts", "output": "cdk.out", "build": "npx projen bundle", "watch": { "exclude": [ "README.md", "cdk*.json", "**/*.d.ts", "**/*.js", "tsconfig.json", "package*.json", "yarn.lock", "node_modules" ] } ``` This will turn into the following `CliArgument` object: ```ts { globalOptions: { app: 'npx ts-node -P tsconfig.json --prefer-ts-exts src/main.ts', output: 'cdk.out', build: 'npx projen bundle', watch: { exclude: [ "README.md", "cdk*.json", "**/*.d.ts", "**/*.js", "tsconfig.json", "package*.json", "yarn.lock", "node_modules", ], }, }; ``` ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --------- Co-authored-by: Momo Kornher <[email protected]>

### Issue # (if applicable) None ### Reason for this change AWS AppConfig environment supports [deletion protection](https://docs.aws.amazon.com/appconfig/latest/userguide/deletion-protection.html) and this feature is not configurable from AWS CDK. ### Description of changes - Add `DeletionProtectionCheck` enum - Add `deletionProtectionCheck` prop to `EnvironmentOption` There are two entities, `EnvironmentOptions` and `EnvironmentProps`, where `EnvironmentProps` is designed as an extension of `EnvironmentOptions` with the addition of an `application` prop. ```ts export interface EnvironmentProps extends EnvironmentOptions { /** * The application to be associated with the environment. */ readonly application: IApplication; } abstract class ApplicationBase extends cdk.Resource implements IApplication, IExtensible { public addEnvironment(id: string, options: EnvironmentOptions = {}): IEnvironment { return new Environment(this, id, { application: this, ...options, }); } ``` Therefore, the current argument addition has also been made to `EnvironmentOptions`. ### Describe any new or updated permissions being added None ### Description of how you validated changes Add both unit and integ test. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/merge-back/2.175.0/CHANGELOG.md)

… does not allow IPv6 inbound traffic (under feature flag) (#32765) ### Issue # (if applicable) Closes #32197 . ### Reason for this change Default generated security group ingress rules for open, dual-stack-without-public-ipv4 ALB does not allow IPv6 traffic. Only a rule for IPv4 ingress traffic is added to the security group rules currently. ### Description of changes Introduced a new feature flag which is enabled by default so that default generated security group ingress rules now have an additional rule that allows IPv6 ingress from anywhere. ### Describe any new or updated permissions being added No new IAM permissions. Added IPv6 security group ingress rules for open, internet-facing ALBs if IP address type is `dual-stack-without-public-ipv4` and feature flag is set to `true` (default). ### Description of how you validated changes Added unit test which checks the security group rules for both cases where feature flag is enabled/disabled. Updated integration test snapshot. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- Co-authored-by: Clare Liguori <[email protected]> *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

This PR does not change CLI functionality because we are not using `CliArguments` yet. This PR includes the following related changes: - `CliArguments` are renamed `UserInput` to reflect what the schema represents -- they are options available to be specified via CLI options or `cdk.json`. - the tool previously known as `cli-arg-gen` is now named `user-input-gen` to reflect this change. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…32823) As a product we have standardized on `cdk synth`. This change reflects that while not changing behavior of the CDK CLI at all. It will however matter for the behavior of a future feature where we allow defaults specified in a schematic way in `cdk.json`. The payoff is that instead of requiring `synthesize: { ... }` we instead will require `synth: { ... }`. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

This does not change CLI functionality because `UserInput` is not in use yet. Since we have full control over `UserInput`, i.e. we control the input functions from the CLI or `cdk.json`, we can rename properties however we like. `_` is a relic of `yargs`, we do not need to maintain that convention. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Issue #32210 Closes #32210 ### Reason for this change Incorrect grammar in a SnapStart warning that appears during cdk deployment. ### Description of changes Corrected the line: `SnapStart only support published Lambda versions. Ignore if function already have published versions` to: `SnapStart only supports published Lambda versions. Ignore if function already has published versions.` ### Describe any new or updated permissions being added No permissions changes. ### Description of how you validated changes No testing needed, only changed text in a warning. ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…terScalabilityType (#32825) ### Issue #32415 Closes #32415 . ### Reason for this change Misspelling of the `ClusterScalabilityType` type, enum, and prop. ### Description of changes Deprecated misspellings of **ClusterScailabilityType**/**clusterScailabilityType** and aliased the misspelling for backwards compatibility. The misspelled name will be removed in the next MV release. ### Describe any new or updated permissions being added No permissions changes. ### Description of how you validated changes Added unit tests for the new spelling (ClusterScalabilityType/clusterScalabilityType), and kept unit tests that tested the misspelling. ```zsh # in packages/aws-cdk-lib yarn test aws-rds ``` <img width="822" alt="Screenshot 2025-01-09 at 16 10 04" src="https://github.com/user-attachments/assets/9626a0c1-0a5f-45fb-a052-1b1697a5fbdd" /> Ran the relevant integration test. ```zsh # in packages/@aws-cdk-testing/framework-integ yarn integ test/aws-rds/test/integ.cluster-limitless.js ``` <img width="916" alt="Screenshot 2025-01-09 at 17 03 44" src="https://github.com/user-attachments/assets/0ed33a38-f6d8-44ee-a210-81e37af5439f" /> Ran Rosetta to verify README changes. ```zsh ./scripts/run-rosetta.sh ``` No complications from README changes in these commits. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Issue # (if applicable) N/A ### Reason for this change Fixed typos in the README.md ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Reverts #32636 It leads to a problem in case of applications where there are no top-level stacks, but only stacks in nested stages: #32836. Closes #32836.

### Issue # (if applicable) ### Reason for this change There's a duplicate entry in Feature flag markdown file. ### Description of changes Remove duplicate entry ### Description of how you validated changes N/A ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Removing the aws-iot1click package for the shut down service https://docs.aws.amazon.com/iot/latest/developerguide/iot-legacy-services.html This PR is required to fix the Spec update PR cdklabs/awscdk-service-spec#1559 I updated the Spec2Cdk tool to accept extra parameter to maintain the list of services we want to skip generating them. ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec` **L1 CloudFormation resource definition changes:** ``` ├[~] service aws-appconfig │ └ resources │ └[~] resource AWS::AppConfig::Deployment │ ├ attributes │ │ └[-] Id: string │ └ types │ └[~] type Tags │ ├ - documentation: Metadata to assign to the deployment strategy. Tags help organize and categorize your AWS AppConfig resources. Each tag consists of a key and an optional value, both of which you define. │ │ + documentation: undefined │ └ properties │ ├ Key: (documentation changed) │ └ Value: (documentation changed) ├[~] service aws-appsync │ └ resources │ └[~] resource AWS::AppSync::DataSource │ └ properties │ └ ServiceRoleArn: (documentation changed) ├[~] service aws-backup │ └ resources │ └[~] resource AWS::Backup::LogicallyAirGappedBackupVault │ ├ properties │ │ ├[-] VaultState: string │ │ └[-] VaultType: string │ └ attributes │ ├[+] VaultState: string │ └[+] VaultType: string ├[~] service aws-cleanrooms │ └ resources │ ├[~] resource AWS::CleanRooms::Collaboration │ │ ├ properties │ │ │ └ CreatorMLMemberAbilities: (documentation changed) │ │ └ types │ │ ├[~] type MemberSpecification │ │ │ └ properties │ │ │ └ MLMemberAbilities: (documentation changed) │ │ ├[~] type MLMemberAbilities │ │ │ ├ - documentation: undefined │ │ │ │ + documentation: The ML member abilities for a collaboration member. │ │ │ └ properties │ │ │ └ CustomMLMemberAbilities: (documentation changed) │ │ ├[~] type MLPaymentConfig │ │ │ ├ - documentation: undefined │ │ │ │ + documentation: An object representing the collaboration member's machine learning payment responsibilities set by the collaboration creator. │ │ │ └ properties │ │ │ ├ ModelInference: (documentation changed) │ │ │ └ ModelTraining: (documentation changed) │ │ ├[~] type ModelInferencePaymentConfig │ │ │ ├ - documentation: undefined │ │ │ │ + documentation: An object representing the collaboration member's model inference payment responsibilities set by the collaboration creator. │ │ │ └ properties │ │ │ └ IsResponsible: (documentation changed) │ │ ├[~] type ModelTrainingPaymentConfig │ │ │ ├ - documentation: undefined │ │ │ │ + documentation: An object representing the collaboration member's model training payment responsibilities set by the collaboration creator. │ │ │ └ properties │ │ │ └ IsResponsible: (documentation changed) │ │ └[~] type PaymentConfiguration │ │ └ properties │ │ └ MachineLearning: (documentation changed) │ └[~] resource AWS::CleanRooms::Membership │ └ types │ ├[~] type MembershipMLPaymentConfig │ │ ├ - documentation: undefined │ │ │ + documentation: An object representing the collaboration member's machine learning payment responsibilities set by the collaboration creator. │ │ └ properties │ │ ├ ModelInference: (documentation changed) │ │ └ ModelTraining: (documentation changed) │ ├[~] type MembershipModelInferencePaymentConfig │ │ ├ - documentation: undefined │ │ │ + documentation: An object representing the collaboration member's model inference payment responsibilities set by the collaboration creator. │ │ └ properties │ │ └ IsResponsible: (documentation changed) │ ├[~] type MembershipModelTrainingPaymentConfig │ │ ├ - documentation: undefined │ │ │ + documentation: An object representing the collaboration member's model training payment responsibilities set by the collaboration creator. │ │ └ properties │ │ └ IsResponsible: (documentation changed) │ └[~] type MembershipPaymentConfiguration │ └ properties │ └ MachineLearning: (documentation changed) ├[~] service aws-cloudformation │ └ resources │ └[~] resource AWS::CloudFormation::Macro │ └ properties │ └ LogGroupName: (documentation changed) ├[~] service aws-cloudwatch │ └ resources │ ├[~] resource AWS::CloudWatch::Alarm │ │ ├ properties │ │ │ └ Period: (documentation changed) │ │ └ types │ │ ├[~] type MetricDataQuery │ │ │ └ properties │ │ │ └ Period: (documentation changed) │ │ └[~] type MetricStat │ │ └ properties │ │ └ Period: (documentation changed) │ └[~] resource AWS::CloudWatch::AnomalyDetector │ └ types │ ├[~] type MetricDataQuery │ │ └ properties │ │ └ Period: (documentation changed) │ └[~] type MetricStat │ └ properties │ └ Period: (documentation changed) ├[~] service aws-cognito │ └ resources │ ├[~] resource AWS::Cognito::LogDeliveryConfiguration │ │ ├ - documentation: Sets up or modifies the logging configuration of a user pool. User pools can export user notification logs and advanced security features user activity logs. │ │ │ + documentation: Sets up or modifies the logging configuration of a user pool. User pools can export user notification logs and, when threat protection is active, user-activity logs. For more information, see [Exporting user pool logs](https://docs.aws.amazon.com/cognito/latest/developerguide/exporting-quotas-and-usage.html) . │ │ └ types │ │ ├[~] type FirehoseConfiguration │ │ │ ├ - documentation: Configuration for the Amazon Data Firehose stream destination of user activity log export with advanced security features. │ │ │ │ + documentation: Configuration for the Amazon Data Firehose stream destination of user activity log export with threat protection. │ │ │ └ properties │ │ │ └ StreamArn: (documentation changed) │ │ ├[~] type LogConfiguration │ │ │ ├ - documentation: The configuration of user event logs to an external AWS service like Amazon Data Firehose, Amazon S3, or Amazon CloudWatch Logs. │ │ │ │ This data type is a request parameter of [SetLogDeliveryConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetLogDeliveryConfiguration.html) and a response parameter of [GetLogDeliveryConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetLogDeliveryConfiguration.html) . │ │ │ │ + documentation: The configuration of user event logs to an external AWS service like Amazon Data Firehose, Amazon S3, or Amazon CloudWatch Logs. │ │ │ │ This data type is a request parameter of `API_SetLogDeliveryConfiguration` and a response parameter of `API_GetLogDeliveryConfiguration` . │ │ │ └ properties │ │ │ ├ CloudWatchLogsConfiguration: (documentation changed) │ │ │ ├ FirehoseConfiguration: (documentation changed) │ │ │ └ S3Configuration: (documentation changed) │ │ └[~] type S3Configuration │ │ ├ - documentation: Configuration for the Amazon S3 bucket destination of user activity log export with advanced security features. │ │ │ + documentation: Configuration for the Amazon S3 bucket destination of user activity log export with threat protection. │ │ └ properties │ │ └ BucketArn: (documentation changed) │ ├[~] resource AWS::Cognito::ManagedLoginBranding │ │ └ types │ │ └[~] type AssetType │ │ └ - documentation: An image file from a managed login branding style in a user pool. │ │ This data type is a request parameter of [CreateManagedLoginBranding](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateManagedLoginBranding.html) and [UpdateManagedLoginBranding](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateManagedLoginBranding.html) , and a response parameter of [DescribeManagedLoginBranding](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeManagedLoginBranding.html) . │ │ + documentation: An image file from a managed login branding style in a user pool. │ │ This data type is a request parameter of `API_CreateManagedLoginBranding` and `API_UpdateManagedLoginBranding` , and a response parameter of `API_DescribeManagedLoginBranding` . │ ├[~] resource AWS::Cognito::UserPool │ │ ├ properties │ │ │ ├ AdminCreateUserConfig: (documentation changed) │ │ │ ├ AliasAttributes: (documentation changed) │ │ │ ├ AutoVerifiedAttributes: (documentation changed) │ │ │ ├ MfaConfiguration: (documentation changed) │ │ │ ├ Policies: (documentation changed) │ │ │ ├ SmsConfiguration: (documentation changed) │ │ │ ├ UserPoolAddOns: (documentation changed) │ │ │ └ UserPoolName: (documentation changed) │ │ └ types │ │ ├[~] type AdminCreateUserConfig │ │ │ ├ - documentation: The settings for administrator creation of users in a user pool. Contains settings for allowing user sign-up, customizing invitation messages to new users, and the amount of time before temporary passwords expire. │ │ │ │ This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . │ │ │ │ + documentation: The settings for administrator creation of users in a user pool. Contains settings for allowing user sign-up, customizing invitation messages to new users, and the amount of time before temporary passwords expire. │ │ │ │ This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . │ │ │ └ properties │ │ │ ├ AllowAdminCreateUserOnly: (documentation changed) │ │ │ └ UnusedAccountValidityDays: (documentation changed) │ │ ├[~] type AdvancedSecurityAdditionalFlows │ │ │ ├ - documentation: Advanced security configuration options for additional authentication types in your user pool, including custom authentication. │ │ │ │ + documentation: Threat protection configuration options for additional authentication types in your user pool, including custom authentication. │ │ │ └ properties │ │ │ └ CustomAuthMode: (documentation changed) │ │ ├[~] type DeviceConfiguration │ │ │ ├ - documentation: The device-remembering configuration for a user pool. A [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) request returns a null value for this object when the user pool isn't configured to remember devices. When device remembering is active, you can remember a user's device with a [ConfirmDevice](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmDevice.html) API request. Additionally. when the property `DeviceOnlyRememberedOnUserPrompt` is `true` , you must follow `ConfirmDevice` with an [UpdateDeviceStatus](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateDeviceStatus.html) API request that sets the user's device to `remembered` or `not_remembered` . │ │ │ │ To sign in with a remembered device, include `DEVICE_KEY` in the authentication parameters in your user's [InitiateAuth](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html) request. If your app doesn't include a `DEVICE_KEY` parameter, the [response](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html#API_InitiateAuth_ResponseSyntax) from Amazon Cognito includes newly-generated `DEVICE_KEY` and `DEVICE_GROUP_KEY` values under `NewDeviceMetadata` . Store these values to use in future device-authentication requests. │ │ │ │ > When you provide a value for any property of `DeviceConfiguration` , you activate the device remembering for the user pool. │ │ │ │ > │ │ │ │ > This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . │ │ │ │ + documentation: The device-remembering configuration for a user pool. │ │ │ │ A `API_DescribeUserPool` request returns a null value for this object when the user pool isn't configured to remember devices. When device remembering is active, you can remember a user's device with a `API_ConfirmDevice` API request. Additionally. when the property `DeviceOnlyRememberedOnUserPrompt` is `true` , you must follow `ConfirmDevice` with an `API_UpdateDeviceStatus` API request that sets the user's device to `remembered` or `not_remembered` . │ │ │ │ To sign in with a remembered device, include `DEVICE_KEY` in the authentication parameters in your user's `API_InitiateAuth` request. If your app doesn't include a `DEVICE_KEY` parameter, the `API_InitiateAuth` from Amazon Cognito includes newly-generated `DEVICE_KEY` and `DEVICE_GROUP_KEY` values under `NewDeviceMetadata` . Store these values to use in future device-authentication requests. │ │ │ │ > When you provide a value for any property of `DeviceConfiguration` , you activate the device remembering for the user pool. │ │ │ │ > │ │ │ │ > This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . │ │ │ └ properties │ │ │ └ DeviceOnlyRememberedOnUserPrompt: (documentation changed) │ │ ├[~] type LambdaConfig │ │ │ └ - documentation: A collection of user pool Lambda triggers. Amazon Cognito invokes triggers at several possible stages of user pool operations. Triggers can modify the outcome of the operations that invoked them. │ │ │ This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . │ │ │ + documentation: A collection of user pool Lambda triggers. Amazon Cognito invokes triggers at several possible stages of user pool operations. Triggers can modify the outcome of the operations that invoked them. │ │ │ This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . │ │ ├[~] type NumberAttributeConstraints │ │ │ └ - documentation: The minimum and maximum values of an attribute that is of the number type, for example `custom:age` . │ │ │ This data type is part of [SchemaAttributeType](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SchemaAttributeType.html) . It defines the length constraints on number-type attributes that you configure in [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and displays the length constraints of all number-type attributes in the response to [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) │ │ │ + documentation: The minimum and maximum values of an attribute that is of the number type, for example `custom:age` . │ │ │ This data type is part of `API_SchemaAttributeType` . It defines the length constraints on number-type attributes that you configure in `API_CreateUserPool` and `API_UpdateUserPool` , and displays the length constraints of all number-type attributes in the response to `API_DescribeUserPool` │ │ ├[~] type PasswordPolicy │ │ │ ├ - documentation: The password policy settings for a user pool, including complexity, history, and length requirements. │ │ │ │ This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . │ │ │ │ + documentation: The password policy settings for a user pool, including complexity, history, and length requirements. │ │ │ │ This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . │ │ │ └ properties │ │ │ └ PasswordHistorySize: (documentation changed) │ │ ├[~] type Policies │ │ │ ├ - documentation: A list of user pool policies. Contains the policy that sets password-complexity requirements. │ │ │ │ This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . │ │ │ │ + documentation: A list of user pool policies. Contains the policy that sets password-complexity requirements. │ │ │ │ This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . │ │ │ └ properties │ │ │ └ SignInPolicy: (documentation changed) │ │ ├[~] type PreTokenGenerationConfig │ │ │ └ - documentation: The properties of a pre token generation Lambda trigger. │ │ │ This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . │ │ │ + documentation: The properties of a pre token generation Lambda trigger. │ │ │ This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . │ │ ├[~] type RecoveryOption │ │ │ └ - documentation: A recovery option for a user. The `AccountRecoverySettingType` data type is an array of this object. Each `RecoveryOptionType` has a priority property that determines whether it is a primary or secondary option. │ │ │ For example, if `verified_email` has a priority of `1` and `verified_phone_number` has a priority of `2` , your user pool sends account-recovery messages to a verified email address but falls back to an SMS message if the user has a verified phone number. The `admin_only` option prevents self-service account recovery. │ │ │ This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . │ │ │ + documentation: A recovery option for a user. The `AccountRecoverySettingType` data type is an array of this object. Each `RecoveryOptionType` has a priority property that determines whether it is a primary or secondary option. │ │ │ For example, if `verified_email` has a priority of `1` and `verified_phone_number` has a priority of `2` , your user pool sends account-recovery messages to a verified email address but falls back to an SMS message if the user has a verified phone number. The `admin_only` option prevents self-service account recovery. │ │ │ This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . │ │ ├[~] type SchemaAttribute │ │ │ └ - documentation: A list of the user attributes and their properties in your user pool. The attribute schema contains standard attributes, custom attributes with a `custom:` prefix, and developer attributes with a `dev:` prefix. For more information, see [User pool attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html) . │ │ │ Developer-only `dev:` attributes are a legacy feature of user pools, and are read-only to all app clients. You can create and update developer-only attributes only with IAM-authenticated API operations. Use app client read/write permissions instead. │ │ │ This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . │ │ │ + documentation: A list of the user attributes and their properties in your user pool. The attribute schema contains standard attributes, custom attributes with a `custom:` prefix, and developer attributes with a `dev:` prefix. For more information, see [User pool attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html) . │ │ │ Developer-only `dev:` attributes are a legacy feature of user pools, and are read-only to all app clients. You can create and update developer-only attributes only with IAM-authenticated API operations. Use app client read/write permissions instead. │ │ │ This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . │ │ ├[~] type SignInPolicy │ │ │ └ - documentation: The policy for allowed types of authentication in a user pool. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher. │ │ │ This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . │ │ │ + documentation: The policy for allowed types of authentication in a user pool. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher. │ │ │ This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . │ │ ├[~] type SmsConfiguration │ │ │ └ - documentation: User pool configuration for delivery of SMS messages with Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account . │ │ │ This data type is a request parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) , [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and [SetUserPoolMfaConfig](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserPoolMfaConfig.html) , and a response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) , [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and [GetUserPoolMfaConfig](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUserPoolMfaConfig.html) . │ │ │ + documentation: User pool configuration for delivery of SMS messages with Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account . │ │ │ This data type is a request parameter of `API_CreateUserPool` , `API_UpdateUserPool` , and `API_SetUserPoolMfaConfig` , and a response parameter of `API_CreateUserPool` , `API_UpdateUserPool` , and `API_GetUserPoolMfaConfig` . │ │ ├[~] type StringAttributeConstraints │ │ │ └ - documentation: The minimum and maximum length values of an attribute that is of the string type, for example `custom:department` . │ │ │ This data type is part of [SchemaAttributeType](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SchemaAttributeType.html) . It defines the length constraints on string-type attributes that you configure in [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and displays the length constraints of all string-type attributes in the response to [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) │ │ │ + documentation: The minimum and maximum length values of an attribute that is of the string type, for example `custom:department` . │ │ │ This data type is part of `API_SchemaAttributeType` . It defines the length constraints on string-type attributes that you configure in `API_CreateUserPool` and `API_UpdateUserPool` , and displays the length constraints of all string-type attributes in the response to `API_DescribeUserPool` │ │ ├[~] type UserAttributeUpdateSettings │ │ │ └ properties │ │ │ └ AttributesRequireVerificationBeforeUpdate: (documentation changed) │ │ ├[~] type UsernameConfiguration │ │ │ └ - documentation: Case sensitivity of the username input for the selected sign-in option. When case sensitivity is set to `False` (case insensitive), users can sign in with any combination of capital and lowercase letters. For example, `username` , `USERNAME` , or `UserName` , or for email, `[email protected]` or `[email protected]` . For most use cases, set case sensitivity to `False` (case insensitive) as a best practice. When usernames and email addresses are case insensitive, Amazon Cognito treats any variation in case as the same user, and prevents a case variation from being assigned to the same attribute for a different user. │ │ │ This configuration is immutable after you set it. For more information, see [UsernameConfigurationType](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UsernameConfigurationType.html) . │ │ │ + documentation: Case sensitivity of the username input for the selected sign-in option. When case sensitivity is set to `False` (case insensitive), users can sign in with any combination of capital and lowercase letters. For example, `username` , `USERNAME` , or `UserName` , or for email, `[email protected]` or `[email protected]` . For most use cases, set case sensitivity to `False` (case insensitive) as a best practice. When usernames and email addresses are case insensitive, Amazon Cognito treats any variation in case as the same user, and prevents a case variation from being assigned to the same attribute for a different user. │ │ │ This configuration is immutable after you set it. For more information, see `API_UsernameConfigurationType` . │ │ ├[~] type UserPoolAddOns │ │ │ ├ - documentation: User pool add-ons. Contains settings for activation of threat protection. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to risky traffic to your user pool, set to `ENFORCED` . │ │ │ │ For more information, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html) . To activate this setting, your user pool must be on the [Plus tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-plus.html) . │ │ │ │ This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . │ │ │ │ + documentation: Contains settings for activation of threat protection, including the operating mode and additional authentication types. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to potentially unwanted traffic to your user pool, set to `ENFORCED` . │ │ │ │ For more information, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html) . To activate this setting, your user pool must be on the [Plus tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-plus.html) . │ │ │ │ This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . │ │ │ └ properties │ │ │ ├ AdvancedSecurityAdditionalFlows: (documentation changed) │ │ │ └ AdvancedSecurityMode: (documentation changed) │ │ └[~] type VerificationMessageTemplate │ │ └ - documentation: The template for the verification message that your user pool delivers to users who set an email address or phone number attribute. │ │ This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . │ │ + documentation: The template for the verification message that your user pool delivers to users who set an email address or phone number attribute. │ │ This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . │ ├[~] resource AWS::Cognito::UserPoolClient │ │ ├ properties │ │ │ ├ AllowedOAuthFlows: (documentation changed) │ │ │ ├ AllowedOAuthFlowsUserPoolClient: (documentation changed) │ │ │ ├ AllowedOAuthScopes: (documentation changed) │ │ │ ├ CallbackURLs: (documentation changed) │ │ │ ├ EnablePropagateAdditionalUserContextData: (documentation changed) │ │ │ ├ EnableTokenRevocation: (documentation changed) │ │ │ ├ ExplicitAuthFlows: (documentation changed) │ │ │ ├ GenerateSecret: (documentation changed) │ │ │ ├ LogoutURLs: (documentation changed) │ │ │ ├ ReadAttributes: (documentation changed) │ │ │ ├ SupportedIdentityProviders: (documentation changed) │ │ │ └ WriteAttributes: (documentation changed) │ │ └ types │ │ ├[~] type AnalyticsConfiguration │ │ │ └ - documentation: The settings for Amazon Pinpoint analytics configuration. With an analytics configuration, your application can collect user-activity metrics for user notifications with a Amazon Pinpoint campaign. │ │ │ Amazon Pinpoint isn't available in all AWS Regions. For a list of available Regions, see [Amazon Cognito and Amazon Pinpoint Region availability](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-pinpoint-integration.html#cognito-user-pools-find-region-mappings) . │ │ │ This data type is a request parameter of [CreateUserPoolClient](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPoolClient.html) and [UpdateUserPoolClient](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPoolClient.html) , and a response parameter of [DescribeUserPoolClient](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPoolClient.html) . │ │ │ + documentation: The settings for Amazon Pinpoint analytics configuration. With an analytics configuration, your application can collect user-activity metrics for user notifications with a Amazon Pinpoint campaign. │ │ │ Amazon Pinpoint isn't available in all AWS Regions. For a list of available Regions, see [Amazon Cognito and Amazon Pinpoint Region availability](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-pinpoint-integration.html#cognito-user-pools-find-region-mappings) . │ │ │ This data type is a request parameter of `API_CreateUserPoolClient` and `API_UpdateUserPoolClient` , and a response parameter of `API_DescribeUserPoolClient` . │ │ └[~] type TokenValidityUnits │ │ └ - documentation: The time units you use when you set the duration of ID, access, and refresh tokens. The default unit for RefreshToken is days, and the default for ID and access tokens is hours. │ │ + documentation: The units that validity times are represented in. The default unit for refresh tokens is days, and the default for ID and access tokens are hours. │ ├[~] resource AWS::Cognito::UserPoolDomain │ │ ├ properties │ │ │ ├ CustomDomainConfig: (documentation changed) │ │ │ ├ Domain: (documentation changed) │ │ │ └ UserPoolId: (documentation changed) │ │ └ types │ │ └[~] type CustomDomainConfigType │ │ └ - documentation: The configuration for a hosted UI custom domain. │ │ This data type is a request parameter of [CreateUserPoolDomain](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPoolDomain.html) and [UpdateUserPoolDomain](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPoolDomain.html) . │ │ + documentation: The configuration for a hosted UI custom domain. │ │ This data type is a request parameter of `API_CreateUserPoolDomain` and `API_UpdateUserPoolDomain` . │ ├[~] resource AWS::Cognito::UserPoolGroup │ │ └ - documentation: A user pool group. Contains details about the group and the way that it contributes to IAM role decisions with identity pools. Identity pools can make decisions about the IAM role to assign based on groups: users get credentials for the role associated with their highest-priority group. │ │ This data type is a response parameter of [AdminListGroupsForUser](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminListGroupsForUser.html) , [CreateGroup](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateGroup.html) , [GetGroup](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetGroup.html) , [ListGroups](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListGroups.html) , and [UpdateGroup](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateGroup.html) . │ │ + documentation: A user pool group. Contains details about the group and the way that it contributes to IAM role decisions with identity pools. Identity pools can make decisions about the IAM role to assign based on groups: users get credentials for the role associated with their highest-priority group. │ │ This data type is a response parameter of `API_AdminListGroupsForUser` , `API_CreateGroup` , `API_GetGroup` , `API_ListGroups` , and `API_UpdateGroup` . │ ├[~] resource AWS::Cognito::UserPoolResourceServer │ │ └ types │ │ └[~] type ResourceServerScopeType │ │ └ - documentation: One custom scope associated with a user pool resource server. This data type is a member of `ResourceServerScopeType` . For more information, see [Scopes, M2M, and API authorization with resource servers](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-define-resource-servers.html) . │ │ This data type is a request parameter of [CreateResourceServer](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateResourceServer.html) and a response parameter of [DescribeResourceServer](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeResourceServer.html) . │ │ + documentation: One custom scope associated with a user pool resource server. This data type is a member of `ResourceServerScopeType` . For more information, see [Scopes, M2M, and API authorization with resource servers](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-define-resource-servers.html) . │ │ This data type is a request parameter of `API_CreateResourceServer` and a response parameter of `API_DescribeResourceServer` . │ ├[~] resource AWS::Cognito::UserPoolRiskConfigurationAttachment │ │ ├ properties │ │ │ ├ AccountTakeoverRiskConfiguration: (documentation changed) │ │ │ └ CompromisedCredentialsRiskConfiguration: (documentation changed) │ │ └ types │ │ ├[~] type AccountTakeoverActionsType │ │ │ ├ - documentation: A list of account-takeover actions for each level of risk that Amazon Cognito might assess with advanced security features. │ │ │ │ This data type is a request parameter of [SetRiskConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetRiskConfiguration.html) and a response parameter of [DescribeRiskConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeRiskConfiguration.html) . │ │ │ │ + documentation: A list of account-takeover actions for each level of risk that Amazon Cognito might assess with threat protection features. │ │ │ │ This data type is a request parameter of `API_SetRiskConfiguration` and a response parameter of `API_DescribeRiskConfiguration` . │ │ │ └ properties │ │ │ ├ HighAction: (documentation changed) │ │ │ ├ LowAction: (documentation changed) │ │ │ └ MediumAction: (documentation changed) │ │ ├[~] type AccountTakeoverActionType │ │ │ └ - documentation: The automated response to a risk level for adaptive authentication in full-function, or `ENFORCED` , mode. You can assign an action to each risk level that advanced security features evaluates. │ │ │ This data type is a request parameter of [SetRiskConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetRiskConfiguration.html) and a response parameter of [DescribeRiskConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeRiskConfiguration.html) . │ │ │ + documentation: The automated response to a risk level for adaptive authentication in full-function, or `ENFORCED` , mode. You can assign an action to each risk level that threat protection evaluates. │ │ │ This data type is a request parameter of `API_SetRiskConfiguration` and a response parameter of `API_DescribeRiskConfiguration` . │ │ ├[~] type AccountTakeoverRiskConfigurationType │ │ │ ├ - documentation: The settings for automated responses and notification templates for adaptive authentication with advanced security features. │ │ │ │ This data type is a request parameter of [SetRiskConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetRiskConfiguration.html) and a response parameter of [DescribeRiskConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeRiskConfiguration.html) . │ │ │ │ + documentation: The settings for automated responses and notification templates for adaptive authentication with threat protection features. │ │ │ │ This data type is a request parameter of `API_SetRiskConfiguration` and a response parameter of `API_DescribeRiskConfiguration` . │ │ │ └ properties │ │ │ ├ Actions: (documentation changed) │ │ │ └ NotifyConfiguration: (documentation changed) │ │ ├[~] type CompromisedCredentialsActionsType │ │ │ └ - documentation: Settings for user pool actions when Amazon Cognito detects compromised credentials with advanced security features in full-function `ENFORCED` mode. │ │ │ This data type is a request parameter of [SetRiskConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetRiskConfiguration.html) and a response parameter of [DescribeRiskConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeRiskConfiguration.html) . │ │ │ + documentation: Settings for user pool actions when Amazon Cognito detects compromised credentials with threat protection in full-function `ENFORCED` mode. │ │ │ This data type is a request parameter of `API_SetRiskConfiguration` and a response parameter of `API_DescribeRiskConfiguration` . │ │ ├[~] type CompromisedCredentialsRiskConfigurationType │ │ │ └ - documentation: Settings for compromised-credentials actions and authentication-event sources with advanced security features in full-function `ENFORCED` mode. │ │ │ This data type is a request parameter of [SetRiskConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetRiskConfiguration.html) and a response parameter of [DescribeRiskConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeRiskConfiguration.html) . │ │ │ + documentation: Settings for compromised-credentials actions and authentication-event sources with threat protection in full-function `ENFORCED` mode. │ │ │ This data type is a request parameter of `API_SetRiskConfiguration` and a response parameter of `API_DescribeRiskConfiguration` . │ │ ├[~] type NotifyConfigurationType │ │ │ └ - documentation: The configuration for Amazon SES email messages that advanced security features sends to a user when your adaptive authentication automated response has a *Notify* action. │ │ │ This data type is a request parameter of [SetRiskConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetRiskConfiguration.html) and a response parameter of [DescribeRiskConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeRiskConfiguration.html) . │ │ │ + documentation: The configuration for Amazon SES email messages that threat protection sends to a user when your adaptive authentication automated response has a *Notify* action. │ │ │ This data type is a request parameter of `API_SetRiskConfiguration` and a response parameter of `API_DescribeRiskConfiguration` . │ │ ├[~] type NotifyEmailType │ │ │ └ - documentation: The template for email messages that advanced security features sends to a user when your threat protection automated response has a *Notify* action. │ │ │ This data type is a request parameter of [SetRiskConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetRiskConfiguration.html) and a response parameter of [DescribeRiskConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeRiskConfiguration.html) . │ │ │ + documentation: The template for email messages that threat protection sends to a user when your threat protection automated response has a *Notify* action. │ │ │ This data type is a request parameter of `API_SetRiskConfiguration` and a response parameter of `API_DescribeRiskConfiguration` . │ │ └[~] type RiskExceptionConfigurationType │ │ └ - documentation: Exceptions to the risk evaluation configuration, including always-allow and always-block IP address ranges. │ │ This data type is a request parameter of [SetRiskConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetRiskConfiguration.html) and a response parameter of [DescribeRiskConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeRiskConfiguration.html) . │ │ + documentation: Exceptions to the risk evaluation configuration, including always-allow and always-block IP address ranges. │ │ This data type is a request parameter of `API_SetRiskConfiguration` and a response parameter of `API_DescribeRiskConfiguration` . │ ├[~] resource AWS::Cognito::UserPoolUICustomizationAttachment │ │ ├ - documentation: A container for the UI customization information for the hosted UI in a user pool. │ │ │ This data type is a response parameter of [GetUICustomization](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPoolClient.html) . │ │ │ + documentation: A container for the UI customization information for the hosted UI in a user pool. │ │ │ This data type is a response parameter of `API_DescribeUserPoolClient` . │ │ └ properties │ │ ├ CSS: (documentation changed) │ │ └ UserPoolId: (documentation changed) │ └[~] resource AWS::Cognito::UserPoolUser │ ├ properties │ │ ├ UserAttributes: (documentation changed) │ │ └ ValidationData: (documentation changed) │ └ types │ └[~] type AttributeType │ └ - documentation: The name and value of a user attribute. │ This data type is a request parameter of [AdminUpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) and [UpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserAttributes.html) . │ + documentation: The name and value of a user attribute. │ This data type is a request parameter of `API_AdminUpdateUserAttributes` and `API_UpdateUserAttributes` . ├[~] service aws-customerprofiles │ └ resources │ └[+] resource AWS::CustomerProfiles::EventTrigger │ ├ name: EventTrigger │ │ cloudFormationType: AWS::CustomerProfiles::EventTrigger │ │ documentation: An event trigger resource of Amazon Connect Customer Profiles │ │ tagInformation: {"tagPropertyName":"Tags","variant":"standard"} │ ├ properties │ │ ├ DomainName: string (required, immutable) │ │ ├ EventTriggerName: string (required, immutable) │ │ ├ ObjectTypeName: string (required) │ │ ├ Description: string │ │ ├ EventTriggerConditions: Array<EventTriggerCondition> (required) │ │ ├ EventTriggerLimits: EventTriggerLimits │ │ ├ SegmentFilter: string │ │ └ Tags: Array<tag> │ ├ attributes │ │ ├ CreatedAt: string │ │ └ LastUpdatedAt: string │ └ types │ ├ type EventTriggerCondition │ │ ├ documentation: Specifies the circumstances under which the event should trigger the destination. │ │ │ name: EventTriggerCondition │ │ └ properties │ │ ├ EventTriggerDimensions: Array<EventTriggerDimension> (required) │ │ └ LogicalOperator: string (required) │ ├ type EventTriggerDimension │ │ ├ documentation: A specific event dimension to be assessed. │ │ │ name: EventTriggerDimension │ │ └ properties │ │ └ ObjectAttributes: Array<ObjectAttribute> (required) │ ├ type EventTriggerLimits │ │ ├ documentation: Defines limits controlling whether an event triggers the destination, based on ingestion latency and the number of invocations per profile over specific time periods. │ │ │ name: EventTriggerLimits │ │ └ properties │ │ ├ EventExpiration: integer │ │ └ Periods: Array<Period> │ ├ type ObjectAttribute │ │ ├ documentation: The criteria that a specific object attribute must meet to trigger the destination. │ │ │ name: ObjectAttribute │ │ └ properties │ │ ├ Source: string │ │ ├ FieldName: string │ │ ├ ComparisonOperator: string (required) │ │ └ Values: Array<string> (required) │ └ type Period │ ├ documentation: Defines a limit and the time period during which it is enforced. │ │ name: Period │ └ properties │ ├ Unit: string (required) │ ├ Value: integer (required) │ ├ MaxInvocationsPerProfile: integer │ └ Unlimited: boolean ├[~] service aws-docdb │ └ resources │ └[~] resource AWS::DocDB::DBCluster │ └ properties │ ├ ManageMasterUserPassword: (documentation changed) │ ├ MasterUserSecretKmsKeyId: (documentation changed) │ └ RotateMasterUserPassword: (documentation changed) ├[~] service aws-dynamodb │ └ resources │ ├[~] resource AWS::DynamoDB::GlobalTable │ │ └ types │ │ └[~] type PointInTimeRecoverySpecification │ │ └ properties │ │ └[+] RecoveryPeriodInDays: integer │ └[~] resource AWS::DynamoDB::Table │ └ types │ └[~] type PointInTimeRecoverySpecification │ └ properties │ └ RecoveryPeriodInDays: (documentation changed) ├[~] service aws-ec2 │ └ resources │ ├[~] resource AWS::EC2::EC2Fleet │ │ └ types │ │ └[~] type InstanceRequirementsRequest │ │ └ properties │ │ └ AcceleratorTypes: (documentation changed) │ ├[~] resource AWS::EC2::LaunchTemplate │ │ └ types │ │ └[~] type InstanceRequirements │ │ └ properties │ │ └ AcceleratorTypes: (documentation changed) │ └[~] resource AWS::EC2::SpotFleet │ └ types │ └[~] type InstanceRequirementsRequest │ └ properties │ └ AcceleratorTypes: (documentation changed) ├[~] service aws-healthlake │ └ resources │ └[~] resource AWS::HealthLake::FHIRDatastore │ ├ properties │ │ ├ DatastoreName: (documentation changed) │ │ ├ DatastoreTypeVersion: (documentation changed) │ │ ├ IdentityProviderConfiguration: (documentation changed) │ │ ├ PreloadDataConfig: (documentation changed) │ │ └ SseConfiguration: (documentation changed) │ └ types │ ├[~] type IdentityProviderConfiguration │ │ ├ - documentation: The identity provider configuration that you gave when the data store was created. │ │ │ + documentation: The identity provider configuration selected when the data store was created. │ │ └ properties │ │ ├ AuthorizationStrategy: (documentation changed) │ │ ├ FineGrainedAuthorizationEnabled: (documentation changed) │ │ ├ IdpLambdaArn: (documentation changed) │ │ └ Metadata: (documentation changed) │ ├[~] type KmsEncryptionConfig │ │ └ properties │ │ └ KmsKeyId: (documentation changed) │ ├[~] type PreloadDataConfig │ │ └ - documentation: Optional parameter to preload data upon creation of the data store. Currently, the only supported preloaded data is synthetic data generated from Synthea. │ │ + documentation: An optional parameter to preload (import) open source Synthea FHIR data upon creation of the data store. │ └[~] type SseConfiguration │ ├ - documentation: The server-side encryption key configuration for a customer provided encryption key. │ │ + documentation: The server-side encryption key configuration for a customer-provided encryption key. │ └ properties │ └ KmsEncryptionConfig: (documentation changed) ├[-] service aws-iot1click │ ├ capitalized: IoT1Click │ │ cloudFormationNamespace: AWS::IoT1Click │ │ name: aws-iot1click │ │ shortName: iot1click │ └ resources │ ├ resource AWS::IoT1Click::Device │ │ ├ name: Device │ │ │ cloudFormationType: AWS::IoT1Click::Device │ │ │ documentation: > AWS IoT 1-Click was discontinued on Dec 16, 2024. For more information, see [AWS IoT 1-Click](https://docs.aws.amazon.com//iot/latest/developerguide/iot-legacy-services.html) . │ │ │ The `AWS::IoT1Click::Device` resource controls the enabled state of an AWS IoT 1-Click compatible device. For more information, see [Device](https://docs.aws.amazon.com/iot-1-click/1.0/devices-apireference/devices-deviceid.html) in the *AWS IoT 1-Click Devices API Reference* . │ │ ├ properties │ │ │ ├ DeviceId: string (required, immutable) │ │ │ └ Enabled: boolean (required) │ │ └ attributes │ │ ├ DeviceId: string │ │ ├ Enabled: boolean │ │ └ Arn: string │ ├ resource AWS::IoT1Click::Placement │ │ ├ name: Placement │ │ │ cloudFormationType: AWS::IoT1Click::Placement │ │ │ documentation: > AWS IoT 1-Click was discontinued on Dec 16, 2024. For more information, see [AWS IoT 1-Click](https://docs.aws.amazon.com//iot/latest/developerguide/iot-legacy-services.html) . │ │ │ The `AWS::IoT1Click::Placement` resource creates a placement to be associated with an AWS IoT 1-Click project. A placement is an instance of a device in a location. For more information, see [Projects, Templates, and Placements](https://docs.aws.amazon.com/iot-1-click/latest/developerguide/1click-PTP.html) in the *AWS IoT 1-Click Developer Guide* . │ │ ├ properties │ │ │ ├ PlacementName: string (immutable) │ │ │ ├ ProjectName: string (required, immutable) │ │ │ ├ AssociatedDevices: json (immutable) │ │ │ └ Attributes: json │ │ └ attributes │ │ ├ PlacementName: string │ │ ├ ProjectName: string │ │ └ Id: string │ └ resource AWS::IoT1Click::Project │ ├ name: Project │ │ cloudFormationType: AWS::IoT1Click::Project │ │ documentation: > AWS IoT 1-Click was discontinued on Dec 16, 2024. For more information, see [AWS IoT 1-Click](https://docs.aws.amazon.com//iot/latest/developerguide/iot-legacy-services.html) . │ │ The `AWS::IoT1Click::Project` resource creates an empty project with a placement template. A project contains zero or more placements that adhere to the placement template defined in the project. For more information, see [CreateProject](https://docs.aws.amazon.com/iot-1-click/latest/projects-apireference/API_CreateProject.html) in the *AWS IoT 1-Click Projects API Reference* . │ ├ properties │ │ ├ Description: string │ │ ├ PlacementTemplate: PlacementTemplate (required) │ │ └ ProjectName: string (immutable) │ ├ attributes │ │ ├ ProjectName: string │ │ ├ Arn: string │ │ └ Id: string │ └ types │ ├ type DeviceTemplate │ │ ├ name: DeviceTemplate │ │ └ properties │ │ ├ DeviceType: string │ │ └ CallbackOverrides: json │ └ type PlacementTemplate │ ├ documentation: > AWS IoT 1-Click was discontinued on Dec 16, 2024. For more information, see [AWS IoT 1-Click](https://docs.aws.amazon.com//iot/latest/developerguide/iot-legacy-services.html) . │ │ In AWS CloudFormation , use the `PlacementTemplate` property type to define the template for an AWS IoT 1-Click project. │ │ `PlacementTemplate` is a property of the `AWS::IoT1Click::Project` resource. │ │ name: PlacementTemplate │ └ properties │ ├ DeviceTemplates: Map<string, DeviceTemplate> (immutable) │ └ DefaultAttributes: json ├[~] service aws-lex │ └ resources │ └[~] resource AWS::Lex::Bot │ ├ properties │ │ └[+] Replication: Replication │ └ types │ └[+] type Replication │ ├ documentation: Parameter used to create a replication of the source bot in the secondary region. │ │ name: Replication │ └ properties │ └ ReplicaRegions: Array<string> (required) ├[~] service aws-mediaconvert │ └ resources │ └[~] resource AWS::MediaConvert::Queue │ └ properties │ └ ConcurrentJobs: (documentation changed) ├[~] service aws-organizations │ └ resources │ └[~] resource AWS::Organizations::Organization │ └ properties │ └ FeatureSet: (documentation changed) ├[~] service aws-resiliencehub │ └ resources │ └[~] resource AWS::ResilienceHub::App │ └ properties │ └[+] RegulatoryPolicyArn: string ├[~] service aws-rolesanywhere │ └ resources │ └[~] resource AWS::RolesAnywhere::Profile │ └ properties │ └ RequireInstanceProperties: - boolean │ + boolean (immutable) ├[~] service aws-s3 │ └ resources │ └[~] resource AWS::S3::Bucket │ └ types │ └[~] type Transition │ └ properties │ └ TransitionInDays: (documentation changed) ├[~] service aws-ses │ └ resources │ └[~] resource AWS::SES::ConfigurationSet │ └ types │ └[~] type TrackingOptions │ └ properties │ └[+] HttpsPolicy: string ├[~] service aws-ssm │ └ resources │ └[~] resource AWS::SSM::Parameter │ ├ - documentation: The `AWS::SSM::Parameter` resource creates an SSM parameter in AWS Systems Manager Parameter Store. │ │ > To create an SSM parameter, you must have the AWS Identity and Access Management ( IAM ) permissions `ssm:PutParameter` and `ssm:AddTagsToResource` . On stack creation, AWS CloudFormation adds the following three tags to the parameter: `aws:cloudformation:stack-name` , `aws:cloudformation:logical-id` , and `aws:cloudformation:stack-id` , in addition to any custom tags you specify. │ │ > │ │ > To add, update, or remove tags during stack update, you must have IAM permissions for both `ssm:AddTagsToResource` and `ssm:RemoveTagsFromResource` . For more information, see [Managing Access Using Policies](https://docs.aws.amazon.com/systems-manager/latest/userguide/security-iam.html#security_iam_access-manage) in the *AWS Systems Manager User Guide* . │ │ For information about valid values for parameters, see [About requirements and constraints for parameter names](https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-paramstore-su-create.html#sysman-parameter-name-constraints) in the *AWS Systems Manager User Guide* and [PutParameter](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_PutParameter.html) in the *AWS Systems Manager API Reference* . │ │ + documentation: The `AWS::SSM::Parameter` resource creates an SSM parameter in AWS Systems Manager Parameter Store. │ │ > To create an SSM parameter, you must have the AWS Identity and Access Management ( IAM ) permissions `ssm:PutParameter` and `ssm:AddTagsToResource` . On stack creation, AWS CloudFormation adds the following three tags to the parameter: `aws:cloudformation:stack-name` , `aws:cloudformation:logical-id` , and `aws:cloudformation:stack-id` , in addition to any custom tags you specify. │ │ > │ │ > To add, update, or remove tags during stack update, you must have IAM permissions for both `ssm:AddTagsToResource` and `ssm:RemoveTagsFromResource` . For more information, see [Managing Access Using Policies](https://docs.aws.amazon.com/systems-manager/latest/userguide/security-iam.html#security_iam_access-manage) in the *AWS Systems Manager User Guide* . │ │ For information about valid values for parameters, see [About requirements and constraints for parameter names](https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-paramstore-su-create.html#sysman-parameter-name-constraints) in the *AWS Systems Manager User Guide* and [PutParameter](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_PutParameter.html) in the *AWS Systems Manager API Reference* . │ │ > Parameters of type `SecureString` are not supported by AWS CloudFormation . │ └ properties │ └ Type: (documentation changed) ├[~] service aws-ssmquicksetup │ └ resources │ └[~] resource AWS::SSMQuickSetup::ConfigurationManager │ └ types │ └[~] type ConfigurationDefinition │ └ properties │ └ Parameters: (documentation changed) └[~] service aws-sso └ resources ├[~] resource AWS::SSO::Application │ └ - documentation: Creates an application in IAM Identity Center for the given application provider. │ + documentation: Creates an OAuth 2.0 customer managed application in IAM Identity Center for the given application provider. │ > This API does not support creating SAML 2.0 customer managed applications or AWS managed applications. To learn how to create an AWS managed application, see the application user guide. You can create a SAML 2.0 customer managed application in the AWS Management Console only. See [Setting up customer managed SAML 2.0 applications](https://docs.aws.amazon.com/singlesignon/latest/userguide/customermanagedapps-saml2-setup.html) . For more information on these application types, see [AWS managed applications](https://docs.aws.amazon.com/singlesignon/latest/userguide/awsapps.html) . └[~] resource AWS::SSO::PermissionSet └ properties └ ManagedPolicies: (documentation changed) ```

### Issue # (if applicable) None ### Reason for this change Fixed typos in code comments. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/merge-back/2.175.1/CHANGELOG.md)

### Issue # (if applicable) None ### Reason for this change Fixed typos in code comments. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Issue # (if applicable) N/A ### Reason for this change Fixed typos in error message. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

) The comment regarding IAM permissions was not properly commented out. So I've fixed. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Issue # (if applicable) N/A ### Reason for this change Fixed typos in README and code comments. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Issue # (if applicable) Closes #32618. ### Reason for this change Container Insights with enhanced observability was recently announced and released for ECS. Cloudformation and the L1 CFN construct support setting this at cluster level. This adds the Container Insights with enhanced observability as an option for the existing L2 Cluster construct. ### Description of changes ENHANCED was added to the ContainerInsights enum. A new containerInsightsV2 property was added to the Cluster construct with the type ContainerInsights. The existing containerInsights property was marked as deprecated. ### Description of how you validated changes Unit and Integration tests were added. ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Issue # (if applicable) N/A ### Reason for this change Fixed typos in code comments. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

#32674) Our current process for codecov statuses is that they block the merge of a PR if the are failing. This PR attempts to move this failure further forward in the PR process, so that the PRlinter fails and alerts the author. It also means that we can include an exemption label to merge a PR that we allow to be in breach of the codecov report. Currently, to do so we must change the branch protection rules. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Issue # (if applicable) None ### Reason for this change Fixed typos in code comments. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Issue # (if applicable) N/A ### Reason for this change The validation for clusterName is incorrect. There are two issues: 1. The AND (&&) operators should be OR (||) operators. Currently, the validation throws an error only when both the pattern check AND length check fail. However, it should throw an error when EITHER check fails. ```ts if ( !core.Token.isUnresolved(props.clusterName) && !/^[a-zA-Z0-9]+$/.test(props.clusterName) && props.clusterName.length > 64 ) ``` 2. The pattern check is too restrictive. The current validation only allows alphanumeric characters, but hyphens (-) should also be allowed. <img width="768" alt="image" src="https://github.com/user-attachments/assets/a53f240d-66f9-4ee1-890e-30f1fecd4a4a" /> Additionally, the error message in the AWS Management Console appears to be inconsistent with the actual validation requirements. <img width="802" alt="image" src="https://github.com/user-attachments/assets/8aacc3b4-b85e-45c6-9e95-5de70416e069" /> ### Description of changes Removed cluster name validation due to the following reasons: * The current validation is incorrect and not functioning as intended. * While the correct pattern is not documented in [CFn docs](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-msk-cluster.html#cfn-msk-cluster-clustername). So updating the validation might introduce regressions. * As suggested by maintainers' comments, there is an opinion that pattern validation should not be implemented in CDK. [Ref](#32505 (comment)) Since the correct pattern is not documented clearly, I think removing the validation would be the preferable approach. ### Describe any new or updated permissions being added Nothing. ### Description of how you validated changes Nothing because only remove validation. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Issue # (if applicable) None ### Reason for this change Fixed typos in code comments. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

L1 Specs got updated (#32847), and the `iot1click` service got removed. So, there is no need to keep that service in the skipped services. ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Related to #32346 ### Reason for this change Capture all logs across the CLI as IoMessages so that when we allow customers to use the CDK Core functionality programmatically, these logs are delivered to the customers as messages and now just swallowed across the CLI. ### Description of changes Prevented access to `log()` and `formatLogMessage()`. Now the only ways to log something properly are either through the exported log functions (which is how everyone was doing it anyway), or through `CliIoHost.notify()` directly. CliIoHost is now exposed as a global singleton which is currently only directly exclusively used in `logging.ts` but is effectively used everywhere as all logging functions inevitably call `CliIoHost.notify()` All logging functions now optionally support the following input types ```ts error(`operation failed: ${e}`) // infers default error code `TOOLKIT_0000` error('operation failed: %s', e) // infers default error code `TOOLKIT_0000` error({ message: 'operation failed', code: 'SDK_0001' }) // specifies error code `SDK_0001` error({ message: 'operation failed: %s', code: 'SDK_0001' }, e) // specifies error code `SDK_0001` ``` and everything is now translated into an `IoMessage` and calls `CliIoHost.notify()` from these logging functions. Nothing currently specifies any message code so it's all the generic _0000, _1000, _2000 ### Description of how you validated changes added and updated unit tests ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --------- Co-authored-by: Kaizen Conroy <[email protected]> Co-authored-by: Momo Kornher <[email protected]>

### Issue #32804 Closes #32804 ### Reason for this change New projects in C# and F# are initialized using .NET6.0, which was designated EOL 12 NOV 2024. ### Description of changes Upgraded .NET from 6.0 (EOL) -> 8.0 (LTS) for new projects in C# and F#. ### Describe any new or updated permissions being added No permissions changes. ### Description of how you validated changes Changed unit tests to check for .NET8.0 instead of .NET6.0, and ran them successfully. <img width="768" alt="Screenshot 2025-01-13 at 12 53 25" src="https://github.com/user-attachments/assets/2992bd18-382a-43fc-826f-59c41214a8cb" /> ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Issue # (if applicable) None ### Reason for this change Fixed typos in code comments. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

The CLI tests are also quite noisy. Suppress logging for those as well by using the `jest-bufferedconsole` environment. Enhance the buffered-console environments by also capturing writes to `process.stdout` and `process.stderr`. Yes, the files are copy/pasted between the CLI and the library. I don't see an easy way around this, and the code is going to be lifted into a separate repo soon anyway. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Issue # (if applicable) None ### Reason for this change Fixed typos in code comments. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Issue # (if applicable) Closes #32933. ### Reason for this change The major version definition of MySQL 8.4.3 is incorrect. ### Description of changes Fixed the major version definition of MySQL 8.4.3. ### Describe any new or updated permissions being added ### Description of how you validated changes ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…0622) ### Issue # (if applicable) None ### Reason for this change Unlike the other integrations, `WebSocketMockIntegration` did not have a props interface, and was missing a few properties. This PR does not include integration responses, they are already being implemented in #29661 ### Description of changes * Added `requestTemplates` and `templateSelectionExpression` to the newly created `WebSocketMockIntegrationProps` ### Description of how you validated changes Unit and integration tests were updated ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Issue # (if applicable) None ### Reason for this change Fixed typos in code comments. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

aws-cdk-automation · 2025-01-15T20:09:56Z

AWS CodeBuild CI Report

CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
Commit ID: 1c4473a
Result: SUCCEEDED
Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

mergify · 2025-01-15T20:10:24Z

Thank you for contributing! Your pull request will be automatically updated and merged without squashing (do not update manually, and be sure to allow changes to be pushed to your fork).

github-actions · 2025-01-15T20:10:48Z

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

kaizencc and others added 30 commits January 9, 2025 17:04

Merge branch 'main' into merge-back/2.175.0

4766663

chore(merge-back): 2.175.0 (#32826)

f63ec29

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/merge-back/2.175.0/CHANGELOG.md)

fix(cli): "no stack found in the main cloud assembly" (#32839)

3c0acce

Reverts #32636 It leads to a problem in case of applications where there are no top-level stacks, but only stacks in nested stages: #32836. Closes #32836.

Merge branch 'main' into merge-back/2.175.1

5b157e6

Merge branch 'main' into merge-back/2.175.1

3727472

chore(merge-back): 2.175.1 (#32845)

0da7a51

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/merge-back/2.175.1/CHANGELOG.md)

andyu17 and others added 17 commits January 13, 2025 20:37

chore(release): 2.176.0

1c4473a

aws-cdk-automation requested a review from a team as a code owner January 15, 2025 19:39

aws-cdk-automation added auto-approve pr/no-squash This PR should be merged instead of squash-merging it labels Jan 15, 2025

github-actions bot added the p2 label Jan 15, 2025

aws-cdk-automation requested a review from a team January 15, 2025 19:39

github-actions bot approved these changes Jan 15, 2025

View reviewed changes

aws-cdk-automation requested a deployment to test-pipeline January 15, 2025 19:40 — with GitHub Actions Waiting

mergify bot merged commit 899965d into v2-release Jan 15, 2025
26 of 27 checks passed

mergify bot deleted the bump/2.176.0 branch January 15, 2025 20:10

github-actions bot locked as resolved and limited conversation to collaborators Jan 15, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(release): 2.176.0 #32955

chore(release): 2.176.0 #32955

aws-cdk-automation commented Jan 15, 2025 •

edited

Loading

aws-cdk-automation commented Jan 15, 2025

mergify bot commented Jan 15, 2025

github-actions bot commented Jan 15, 2025

chore(release): 2.176.0 #32955

chore(release): 2.176.0 #32955

Conversation

aws-cdk-automation commented Jan 15, 2025 • edited Loading

aws-cdk-automation commented Jan 15, 2025

AWS CodeBuild CI Report

mergify bot commented Jan 15, 2025

github-actions bot commented Jan 15, 2025

aws-cdk-automation commented Jan 15, 2025 •

edited

Loading