chore(release): 2.117.0 #28496
Merged
chore(release): 2.117.0 #28496
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
With this change, architecture when bundling is inferred from the target architecture of the Lambda function. Closes #18696. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ist/core/<file>.generated'` (#28467) #28251 added new files to `aws-cdk-lib/core/lib/dist/core` but this path was excluded from the npm package, causing the above error. This fix includes the generated file into the package. Closes #28465 Manually tested with a locally build package that includes the fix. <img width="1449" alt="image" src="https://github.com/aws/aws-cdk/assets/379814/11714c41-edea-403e-9b64-454ba9768c08"> ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This pull request introduces a new method within the Cluster class, designed to retrieve the Amazon Resource Names (ARNs) of tasks that are part of a given ECS cluster.
Example of how to get task ARN
```ts
declare cluster: Cluster;
// arn:aws:ecs:{region}:{regionId}:task/{clusterName}/*
const taskArnPattern = cluster.arnForTasks("*");
```
Closes #26232
----
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This Pull Request introduces a new validation feature to the DedicatedIpPoolProps. It ensures that the dedicatedIpPoolName adheres to the specified naming conventions, enhancing data integrity and preventing runtime errors due to invalid names. Closes #28451 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…rget utilization (#28315) Added an optional parameter that defaults to false over the CPU-based scaling policy that conflicts with the queue visible message-based policy. When disabled this will stop the race condition issue mentioned in #20706 by only allowing the scaling of the number of messages on the queue similar to the SQS-Lambda pattern. Note: If this parameter is enabled then this bug will crop up again and the user has to handle the container termination manually. Updated integration tests and unit tests are working. Closes #20706 . ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…28092) This PR supports for configuring AutoScalingGroup's instance maintenance policy. - https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-instancemaintenancepolicy.html - https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-instance-maintenance-policy.html - https://docs.aws.amazon.com/autoscaling/ec2/userguide/instance-maintenance-policy-overview-and-considerations.html Closes #28042. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
CodeBuild has added support for Lambda compute.
CloudFormation can be deployed as follows.
```yaml
Resources:
CodeBuildProject:
Type: AWS::CodeBuild::Project
Properties:
Artifacts:
Type: NO_ARTIFACTS
ServiceRole: !GetAtt CodeBuildRole.Arn
Source:
#
Environment:
Type: LINUX_LAMBDA_CONTAINER
ComputeType: BUILD_LAMBDA_1GB
Image: aws/codebuild/amazonlinux-x86_64-lambda-standard:go1.21
CodeBuildRole:
Type: AWS::IAM::Role
Properties:
#
```
https://aws.amazon.com/about-aws/whats-new/2023/11/aws-codebuild-lambda-compute
This PR implements Lambda ComputeType by adding Classes (`LinuxArmLambdaBuildImage`, `LinuxLambdaBuildImage`) that extend the IBuildImage interface.
Supported Docker Images and ComputeTypes are listed below.
https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-available.html
https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-compute-types.html#environment.types
Also, Lambda compute has some limitations and I have added validation for them.
https://docs.aws.amazon.com/codebuild/latest/userguide/lambda.html#lambda.limitations
closes #28418
----
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
If the stack is not in a healthy state, we should not allow cdk migrate to be run on it. Closes #<issue number here>. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
adding support of trn1 instance type they were introduced [here](https://aws.amazon.com/ec2/instance-types/trn1/) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This Pull Request introduces a set of new FIPS-compliant SSL policies for the Application Load Balancer (ALB) in AWS Elastic Load Balancing (ELB). These policies enhance the security of ALB by providing options that are compliant with the Federal Information Processing Standards (FIPS). Closes #28455 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…rgate service (#28463) 1. Fixed the docker image to use Python 3.11 to stop the python3.6 out of date warning/error 2. Fixed the lambda container's entry point handler, causing the integration tests to go into an infinite loop. 3. Fixed/changed the public integration test to a health check test as the queue processing fargate service doesn't have a public-facing feature. Closes #28383. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Closes #27916. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
… PIP urls, causing an unnecessary rebuild (#27903) Update the bundler hash logic to ignore the secret token that is included in the URL when fetching packages from Code Artifact. This token changes constantly, and prevents the results of a previous build from being reused, along with causing lambdas to be unnecessarily redeployed anytime the CDK is built, even if no code is changed. This implementation strips the token from the hash, but does not change anything else about the hash. Open question Currently this logic will error if an invalid URL string is passed for PIP_INDEX_URL or PIP_EXTRA_INDEX_URL. The build would fail later anyway when those URLs are being used, but I'm happy to try/catch this logic block to be more robust if that is preferred. Closes #27331. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Adds support for dual-stack NetworkLoadBalancer via the [`ipAddressType`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-loadbalancer.html#cfn-elasticloadbalancingv2-loadbalancer-ipaddresstype) property. Example: ``` const lb = new elbv2.NetworkLoadBalancer(this, 'LB', { vpc, internetFacing: true ipAddressType: elbv2.IpAddressType.DUAL_STACK, }); ``` Also, added validation to enforce that UDP or TCP_UDP listeners cannot be added to a dualstack NLB. Closes #27538. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
) Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 40.2.2 to 41.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tj-actions/changed-files/releases">tj-actions/changed-files's releases</a>.</em></p> <blockquote> <h2>v41.0.1</h2> <h2>What's Changed</h2> <ul> <li>Upgraded to v41 by <a href="https://github.com/tj-actions-bot"><code>@tj-actions-bot</code></a> in <a href="https://redirect.github.com/tj-actions/changed-files/pull/1811">tj-actions/changed-files#1811</a></li> <li>chore(deps): update dependency eslint-plugin-prettier to v5.1.2 by <a href="https://github.com/renovate"><code>@renovate</code></a> in <a href="https://redirect.github.com/tj-actions/changed-files/pull/1813">tj-actions/changed-files#1813</a></li> <li>fix: update characters escaped by safe output by <a href="https://github.com/jackton1"><code>@jackton1</code></a> in <a href="https://redirect.github.com/tj-actions/changed-files/pull/1815">tj-actions/changed-files#1815</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/tj-actions/changed-files/compare/v41...v41.0.1">https://github.com/tj-actions/changed-files/compare/v41...v41.0.1</a></p> <h2>v41.0.0</h2> <h2>🔥 🔥 BREAKING CHANGE 🔥 🔥</h2> <p>A new <code>safe_output</code> input is now available to prevent outputting unsafe filename characters (Enabled by default). This would escape characters in the filename that could be used for command injection.</p> <blockquote> <p>[!NOTE] This can be disabled by setting the <code>safe_output</code> to false this comes with a recommendation to store all outputs generated in an environment variable first before using them.</p> </blockquote> <h4>Example</h4> <pre lang="yaml"><code>... - name: Get changed files id: changed-files uses: tj-actions/changed-files@v40 with: safe_output: false # set to false because we are using an environment variable to store the output and avoid command injection. <pre><code>- name: List all added files env: ADDED_FILES: ${{ steps.changed-files.outputs.added_files }} run: | for file in &quot;$ADDED_FILES&quot;; do echo &quot;$file was added&quot; done </code></pre> <p>... </code></pre></p> <h2>What's Changed</h2> <ul> <li>chore(deps): update typescript-eslint monorepo to v6.15.0 by <a href="https://github.com/renovate"><code>@renovate</code></a> in <a href="https://redirect.github.com/tj-actions/changed-files/pull/1801">tj-actions/changed-files#1801</a></li> <li>Upgraded to v40.2.3 by <a href="https://github.com/tj-actions-bot"><code>@tj-actions-bot</code></a> in <a href="https://redirect.github.com/tj-actions/changed-files/pull/1800">tj-actions/changed-files#1800</a></li> <li>chore(deps): update dependency eslint-plugin-prettier to v5.1.0 by <a href="https://github.com/renovate"><code>@renovate</code></a> in <a href="https://redirect.github.com/tj-actions/changed-files/pull/1802">tj-actions/changed-files#1802</a></li> <li>chore(deps): lock file maintenance by <a href="https://github.com/renovate"><code>@renovate</code></a> in <a href="https://redirect.github.com/tj-actions/changed-files/pull/1803">tj-actions/changed-files#1803</a></li> <li>chore(deps): update dependency eslint-plugin-prettier to v5.1.1 by <a href="https://github.com/renovate"><code>@renovate</code></a> in <a href="https://redirect.github.com/tj-actions/changed-files/pull/1804">tj-actions/changed-files#1804</a></li> <li>fix: update safe output regex and the docs by <a href="https://github.com/tj-actions-bot"><code>@tj-actions-bot</code></a> in <a href="https://redirect.github.com/tj-actions/changed-files/pull/1805">tj-actions/changed-files#1805</a></li> <li>Revert "chore(deps): update actions/download-artifact action to v4" by <a href="https://github.com/jackton1"><code>@jackton1</code></a> in <a href="https://redirect.github.com/tj-actions/changed-files/pull/1806">tj-actions/changed-files#1806</a></li> <li>Update README.md by <a href="https://github.com/jackton1"><code>@jackton1</code></a> in <a href="https://redirect.github.com/tj-actions/changed-files/pull/1808">tj-actions/changed-files#1808</a></li> <li>chore(deps): lock file maintenance by <a href="https://github.com/renovate"><code>@renovate</code></a> in <a href="https://redirect.github.com/tj-actions/changed-files/pull/1809">tj-actions/changed-files#1809</a></li> <li>Updated README.md by <a href="https://github.com/tj-actions-bot"><code>@tj-actions-bot</code></a> in <a href="https://redirect.github.com/tj-actions/changed-files/pull/1810">tj-actions/changed-files#1810</a></li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tj-actions/changed-files/blob/main/HISTORY.md">tj-actions/changed-files's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h1><a href="https://github.com/tj-actions/changed-files/compare/v41.0.0...v41.0.1">41.0.1</a> - (2023-12-24)</h1> <h2>🐛 Bug Fixes</h2> <ul> <li>Update characters escaped by safe output (<a href="https://redirect.github.com/tj-actions/changed-files/issues/1815">#1815</a>) (<a href="https://github.com/tj-actions/changed-files/commit/716b1e13042866565e00e85fd4ec490e186c4a2f">716b1e1</a>) - (Tonye Jack)</li> </ul> <h2>⚙️ Miscellaneous Tasks</h2> <ul> <li><strong>deps:</strong> Update dependency eslint-plugin-prettier to v5.1.2 (<a href="https://github.com/tj-actions/changed-files/commit/7aaf10d9eef19e8a2432a967b88124171152caaf">7aaf10d</a>) - (renovate[bot])</li> </ul> <h2>⬆️ Upgrades</h2> <ul> <li>Upgraded to v41 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/1811">#1811</a>)</li> </ul> <p>Co-authored-by: jackton1 <a href="mailto:jackton1@users.noreply.github.com">jackton1@users.noreply.github.com</a> (<a href="https://github.com/tj-actions/changed-files/commit/cc08e170f4447237bcaf8acaacfa615b9cb86612">cc08e17</a>) - (tj-actions[bot])</p> <h1><a href="https://github.com/tj-actions/changed-files/compare/v40.2.3...v41.0.0">41.0.0</a> - (2023-12-23)</h1> <h2>🐛 Bug Fixes</h2> <ul> <li>Update safe output regex and the docs (<a href="https://redirect.github.com/tj-actions/changed-files/issues/1805">#1805</a>) (<a href="https://github.com/tj-actions/changed-files/commit/ff2f6e6b91913a7be42be1b5917330fe442f2ede">ff2f6e6</a>) - (tj-actions[bot])</li> </ul> <h2>⏪ Reverts</h2> <ul> <li>Revert "chore(deps): update actions/download-artifact action to v4" (<a href="https://redirect.github.com/tj-actions/changed-files/issues/1806">#1806</a>)</li> </ul> <p>(<a href="https://github.com/tj-actions/changed-files/commit/4f573fed06c9abb5da4c72f75c1c320718114ff7">4f573fe</a>) - (Tonye Jack)</p> <h2>🔄 Update</h2> <ul> <li>Update README.md (<a href="https://github.com/tj-actions/changed-files/commit/6e79d6e3dbe48946636c2939c80ff5c84ff7f9fe">6e79d6e</a>) - (Tonye Jack)</li> <li>Update README.md (<a href="https://github.com/tj-actions/changed-files/commit/d13ac1942fb3c1d7d32017915bb082cebe8a272a">d13ac19</a>) - (Tonye Jack)</li> <li>Update README.md (<a href="https://github.com/tj-actions/changed-files/commit/bb89f97963be96b39e1a303e64d5b91a1af4c340">bb89f97</a>) - (Tonye Jack)</li> <li>Updated README.md (<a href="https://redirect.github.com/tj-actions/changed-files/issues/1810">#1810</a>)</li> </ul> <p>Co-authored-by: renovate[bot] (<a href="https://github.com/tj-actions/changed-files/commit/1864078d0afadf68ba489e671ecc09fefe8b70ab">1864078</a>) - (tj-actions[bot])</p> <ul> <li>Update README.md (<a href="https://redirect.github.com/tj-actions/changed-files/issues/1808">#1808</a>)</li> </ul> <p>(<a href="https://github.com/tj-actions/changed-files/commit/47371c50e97c089212d9eb92ca26c8453224e78e">47371c5</a>) - (Tonye Jack)</p> <h2>📝 Other</h2> <ul> <li>Merge pull request from GHSA-mcph-m25j-8j63</li> </ul> <ul> <li> <p>feat: add <code>safe_output</code> input enabled by default</p> </li> <li> <p>fix: migrate README to safe uses of interpolation</p> </li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tj-actions/changed-files/commit/716b1e13042866565e00e85fd4ec490e186c4a2f"><code>716b1e1</code></a> fix: update characters escaped by safe output (<a href="https://redirect.github.com/tj-actions/changed-files/issues/1815">#1815</a>)</li> <li><a href="https://github.com/tj-actions/changed-files/commit/7aaf10d9eef19e8a2432a967b88124171152caaf"><code>7aaf10d</code></a> chore(deps): update dependency eslint-plugin-prettier to v5.1.2</li> <li><a href="https://github.com/tj-actions/changed-files/commit/cc08e170f4447237bcaf8acaacfa615b9cb86612"><code>cc08e17</code></a> Upgraded to v41 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/1811">#1811</a>)</li> <li><a href="https://github.com/tj-actions/changed-files/commit/6e79d6e3dbe48946636c2939c80ff5c84ff7f9fe"><code>6e79d6e</code></a> Update README.md</li> <li><a href="https://github.com/tj-actions/changed-files/commit/d13ac1942fb3c1d7d32017915bb082cebe8a272a"><code>d13ac19</code></a> Update README.md</li> <li><a href="https://github.com/tj-actions/changed-files/commit/bb89f97963be96b39e1a303e64d5b91a1af4c340"><code>bb89f97</code></a> Update README.md</li> <li><a href="https://github.com/tj-actions/changed-files/commit/1864078d0afadf68ba489e671ecc09fefe8b70ab"><code>1864078</code></a> Updated README.md (<a href="https://redirect.github.com/tj-actions/changed-files/issues/1810">#1810</a>)</li> <li><a href="https://github.com/tj-actions/changed-files/commit/f495a0321d3fffa62da2573adf70b77d5eb2f57a"><code>f495a03</code></a> chore(deps): lock file maintenance</li> <li><a href="https://github.com/tj-actions/changed-files/commit/47371c50e97c089212d9eb92ca26c8453224e78e"><code>47371c5</code></a> Update README.md (<a href="https://redirect.github.com/tj-actions/changed-files/issues/1808">#1808</a>)</li> <li><a href="https://github.com/tj-actions/changed-files/commit/4f573fed06c9abb5da4c72f75c1c320718114ff7"><code>4f573fe</code></a> Revert "chore(deps): update actions/download-artifact action to v4" (<a href="https://redirect.github.com/tj-actions/changed-files/issues/1806">#1806</a>)</li> <li>Additional commits viewable in <a href="https://github.com/tj-actions/changed-files/compare/94549999469dbfa032becf298d95c87a14c34394...716b1e13042866565e00e85fd4ec490e186c4a2f">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec`
**L1 CloudFormation resource definition changes:**
```
├[~] service aws-appstream
│ └ resources
│ └[~] resource AWS::AppStream::Stack
│ └ types
│ └[~] type UserSetting
│ └ properties
│ └ MaximumLength: (documentation changed)
├[~] service aws-appsync
│ └ resources
│ └[~] resource AWS::AppSync::GraphQLApi
│ ├ properties
│ │ ├[+] IntrospectionConfig: string
│ │ ├[+] QueryDepthLimit: integer
│ │ └[+] ResolverCountLimit: integer
│ └ attributes
│ └ GraphQLEndpointArn: (documentation changed)
├[~] service aws-b2bi
│ └ resources
│ ├[~] resource AWS::B2BI::Capability
│ │ ├ - documentation: Definition of AWS::B2BI::Capability Resource Type
│ │ │ + documentation: Instantiates a capability based on the specified parameters. A trading capability contains the information required to transform incoming EDI documents into JSON or XML outputs.
│ │ ├ properties
│ │ │ ├ Configuration: (documentation changed)
│ │ │ ├ InstructionsDocuments: (documentation changed)
│ │ │ ├ Name: (documentation changed)
│ │ │ ├ Tags: (documentation changed)
│ │ │ └ Type: (documentation changed)
│ │ ├ attributes
│ │ │ ├ CapabilityArn: (documentation changed)
│ │ │ ├ CapabilityId: (documentation changed)
│ │ │ ├ CreatedAt: (documentation changed)
│ │ │ └ ModifiedAt: (documentation changed)
│ │ └ types
│ │ ├[~] type CapabilityConfiguration
│ │ │ ├ - documentation: undefined
│ │ │ │ + documentation: A capability object. Currently, only EDI (electronic data interchange) capabilities are supported. A trading capability contains the information required to transform incoming EDI documents into JSON or XML outputs.
│ │ │ └ properties
│ │ │ └ Edi: (documentation changed)
│ │ ├[~] type EdiConfiguration
│ │ │ ├ - documentation: undefined
│ │ │ │ + documentation: Specifies the details for the EDI (electronic data interchange) transformation.
│ │ │ └ properties
│ │ │ ├ InputLocation: (documentation changed)
│ │ │ ├ OutputLocation: (documentation changed)
│ │ │ ├ TransformerId: (documentation changed)
│ │ │ └ Type: (documentation changed)
│ │ ├[~] type EdiType
│ │ │ ├ - documentation: undefined
│ │ │ │ + documentation: Specifies the details for the EDI standard that is being used for the transformer. Currently, only X12 is supported. X12 is a set of standards and corresponding messages that define specific business documents.
│ │ │ └ properties
│ │ │ └ X12Details: (documentation changed)
│ │ ├[~] type S3Location
│ │ │ ├ - documentation: undefined
│ │ │ │ + documentation: Specifies the details for the Amazon S3 file location that is being used with AWS B2BI Data Interchange. File locations in Amazon S3 are identified using a combination of the bucket and key.
│ │ │ └ properties
│ │ │ ├ BucketName: (documentation changed)
│ │ │ └ Key: (documentation changed)
│ │ └[~] type X12Details
│ │ └ properties
│ │ ├ TransactionSet: (documentation changed)
│ │ └ Version: (documentation changed)
│ ├[~] resource AWS::B2BI::Partnership
│ │ ├ - documentation: Definition of AWS::B2BI::Partnership Resource Type
│ │ │ + documentation: Creates a partnership between a customer and a trading partner, based on the supplied parameters. A partnership represents the connection between you and your trading partner. It ties together a profile and one or more trading capabilities.
│ │ ├ properties
│ │ │ ├ Capabilities: (documentation changed)
│ │ │ ├ Name: (documentation changed)
│ │ │ ├ ProfileId: (documentation changed)
│ │ │ └ Tags: (documentation changed)
│ │ └ attributes
│ │ ├ CreatedAt: (documentation changed)
│ │ ├ ModifiedAt: (documentation changed)
│ │ ├ PartnershipArn: (documentation changed)
│ │ ├ PartnershipId: (documentation changed)
│ │ └ TradingPartnerId: (documentation changed)
│ ├[~] resource AWS::B2BI::Profile
│ │ ├ - documentation: Definition of AWS::B2BI::Profile Resource Type
│ │ │ + documentation: Creates a customer profile. You can have up to five customer profiles, each representing a distinct private network. A profile is the mechanism used to create the concept of a private network.
│ │ ├ properties
│ │ │ ├ BusinessName: (documentation changed)
│ │ │ ├ Logging: (documentation changed)
│ │ │ ├ Name: (documentation changed)
│ │ │ └ Tags: (documentation changed)
│ │ └ attributes
│ │ ├ CreatedAt: (documentation changed)
│ │ ├ LogGroupName: (documentation changed)
│ │ ├ ModifiedAt: (documentation changed)
│ │ └ ProfileArn: (documentation changed)
│ └[~] resource AWS::B2BI::Transformer
│ ├ - documentation: Definition of AWS::B2BI::Transformer Resource Type
│ │ + documentation: Creates a transformer. A transformer describes how to process the incoming EDI documents and extract the necessary information to the output file.
│ ├ properties
│ │ ├ EdiType: (documentation changed)
│ │ ├ FileFormat: (documentation changed)
│ │ ├ MappingTemplate: (documentation changed)
│ │ ├ ModifiedAt: (documentation changed)
│ │ ├ Name: (documentation changed)
│ │ ├ SampleDocument: (documentation changed)
│ │ ├ Status: (documentation changed)
│ │ └ Tags: (documentation changed)
│ ├ attributes
│ │ ├ CreatedAt: (documentation changed)
│ │ ├ TransformerArn: (documentation changed)
│ │ └ TransformerId: (documentation changed)
│ └ types
│ ├[~] type EdiType
│ │ ├ - documentation: undefined
│ │ │ + documentation: Specifies the details for the EDI standard that is being used for the transformer. Currently, only X12 is supported. X12 is a set of standards and corresponding messages that define specific business documents.
│ │ └ properties
│ │ └ X12Details: (documentation changed)
│ └[~] type X12Details
│ ├ - documentation: undefined
│ │ + documentation: A structure that contains the X12 transaction set and version. The X12 structure is used when the system transforms an EDI (electronic data interchange) file.
│ │ > If an EDI input file contains more than one transaction, each transaction must have the same transaction set and version, for example 214/4010. If not, the transformer cannot parse the file.
│ └ properties
│ ├ TransactionSet: (documentation changed)
│ └ Version: (documentation changed)
├[~] service aws-batch
│ └ resources
│ └[~] resource AWS::Batch::JobDefinition
│ ├ properties
│ │ ├ ContainerProperties: - ContainerProperties
│ │ │ + ContainerProperties (immutable)
│ │ ├ EksProperties: - EksProperties
│ │ │ + EksProperties (immutable)
│ │ ├ NodeProperties: - NodeProperties
│ │ │ + NodeProperties (immutable)
│ │ ├ Parameters: - json
│ │ │ + Map<string, string> ⇐ json (immutable)
│ │ ├ PlatformCapabilities: - Array<string>
│ │ │ + Array<string> (immutable)
│ │ ├ PropagateTags: - boolean
│ │ │ + boolean (immutable)
│ │ ├ RetryStrategy: - RetryStrategy
│ │ │ + RetryStrategy (immutable)
│ │ ├ SchedulingPriority: - integer
│ │ │ + integer (immutable)
│ │ ├ Tags: - json (immutable)
│ │ │ + Map<string, string> ⇐ json (immutable)
│ │ ├ Timeout: - Timeout
│ │ │ + JobTimeout ⇐ Timeout (immutable)
│ │ └ Type: - string (required)
│ │ + string (required, immutable)
│ ├ attributes
│ │ ├[+] ContainerOrchestrationType: string
│ │ ├[-] Id: string
│ │ ├[+] JobDefinitionArn: string
│ │ ├[+] Revision: integer
│ │ └[+] Status: string
│ └ types
│ ├[~] type AuthorizationConfig
│ │ ├ - documentation: The authorization configuration details for the Amazon EFS file system.
│ │ │ + documentation: undefined
│ │ └ properties
│ │ ├ AccessPointId: (documentation changed)
│ │ └ Iam: (documentation changed)
│ ├[~] type ContainerProperties
│ │ └ properties
│ │ ├ MountPoints: - Array<MountPoints>
│ │ │ + Array<MountPoint> ⇐ Array<MountPoints>
│ │ └ Volumes: - Array<Volumes>
│ │ + Array<Volume> ⇐ Array<Volumes>
│ ├[+] type EFSAuthorizationConfig
│ │ ├ documentation: The authorization configuration details for the Amazon EFS file system.
│ │ │ name: EFSAuthorizationConfig
│ │ └ properties
│ │ ├AccessPointId: string
│ │ └Iam: string
│ ├[~] type EfsVolumeConfiguration
│ │ ├ - documentation: This is used when you're using an Amazon Elastic File System file system for job storage. For more information, see [Amazon EFS Volumes](https://docs.aws.amazon.com/batch/latest/userguide/efs-volumes.html) in the *AWS Batch User Guide* .
│ │ │ + documentation: undefined
│ │ └ properties
│ │ ├ AuthorizationConfig: (documentation changed)
│ │ ├ FileSystemId: (documentation changed)
│ │ ├ RootDirectory: (documentation changed)
│ │ ├ TransitEncryption: (documentation changed)
│ │ └ TransitEncryptionPort: (documentation changed)
│ ├[+] type EFSVolumeConfiguration
│ │ ├ documentation: This is used when you're using an Amazon Elastic File System file system for job storage. For more information, see [Amazon EFS Volumes](https://docs.aws.amazon.com/batch/latest/userguide/efs-volumes.html) in the *AWS Batch User Guide* .
│ │ │ name: EFSVolumeConfiguration
│ │ └ properties
│ │ ├FileSystemId: string (required)
│ │ ├RootDirectory: string
│ │ ├TransitEncryption: string
│ │ ├TransitEncryptionPort: integer
│ │ └AuthorizationConfig: EFSAuthorizationConfig
│ ├[+] type EksMetadata
│ │ ├ documentation: Describes and uniquely identifies Kubernetes resources. For example, the compute environment that a pod runs in or the `jobID` for a job running in the pod. For more information, see [Understanding Kubernetes Objects](https://docs.aws.amazon.com/https://kubernetes.io/docs/concepts/overview/working-with-objects/kubernetes-objects/) in the *Kubernetes documentation* .
│ │ │ name: EksMetadata
│ │ └ properties
│ │ └Labels: Map<string, string>
│ ├[+] type EksPodProperties
│ │ ├ documentation: The properties for the pod.
│ │ │ name: EksPodProperties
│ │ └ properties
│ │ ├ServiceAccountName: string
│ │ ├HostNetwork: boolean
│ │ ├DnsPolicy: string
│ │ ├Containers: Array<EksContainer>
│ │ ├Volumes: Array<EksVolume>
│ │ └Metadata: EksMetadata
│ ├[~] type EksProperties
│ │ └ properties
│ │ └ PodProperties: - PodProperties
│ │ + EksPodProperties ⇐ PodProperties
│ ├[+] type Host
│ │ ├ documentation: Determine whether your data volume persists on the host container instance and where it's stored. If this parameter is empty, then the Docker daemon assigns a host path for your data volume. However, the data isn't guaranteed to persist after the containers that are associated with it stop running.
│ │ │ name: Host
│ │ └ properties
│ │ └SourcePath: string
│ ├[+] type JobTimeout
│ │ ├ documentation: An object that represents a job timeout configuration.
│ │ │ name: JobTimeout
│ │ └ properties
│ │ └AttemptDurationSeconds: integer
│ ├[~] type LogConfiguration
│ │ └ properties
│ │ └ Options: - json
│ │ + Map<string, string> ⇐ json
│ ├[+] type MountPoint
│ │ ├ documentation: Details for a Docker volume mount point that's used in a job's container properties. This parameter maps to `Volumes` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.43/#tag/Container/operation/ContainerCreate) section of the *Docker Remote API* and the `--volume` option to docker run.
│ │ │ name: MountPoint
│ │ └ properties
│ │ ├ContainerPath: string
│ │ ├ReadOnly: boolean
│ │ └SourceVolume: string
│ ├[~] type MountPoints
│ │ ├ - documentation: Details for a Docker volume mount point that's used in a job's container properties. This parameter maps to `Volumes` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.43/#tag/Container/operation/ContainerCreate) section of the *Docker Remote API* and the `--volume` option to docker run.
│ │ │ + documentation: undefined
│ │ └ properties
│ │ ├ ContainerPath: (documentation changed)
│ │ ├ ReadOnly: (documentation changed)
│ │ └ SourceVolume: (documentation changed)
│ ├[~] type PodProperties
│ │ ├ - documentation: The properties for the pod.
│ │ │ + documentation: undefined
│ │ └ properties
│ │ ├ Containers: (documentation changed)
│ │ ├ DnsPolicy: (documentation changed)
│ │ ├ HostNetwork: (documentation changed)
│ │ ├ ServiceAccountName: (documentation changed)
│ │ └ Volumes: (documentation changed)
│ ├[~] type Resources
│ │ └ properties
│ │ ├ Limits: - json
│ │ │ + Map<string, string> ⇐ json
│ │ └ Requests: - json
│ │ + Map<string, string> ⇐ json
│ ├[~] type Timeout
│ │ ├ - documentation: An object that represents a job timeout configuration.
│ │ │ + documentation: undefined
│ │ └ properties
│ │ └ AttemptDurationSeconds: (documentation changed)
│ ├[+] type Volume
│ │ ├ documentation: A data volume that's used in a job's container properties.
│ │ │ name: Volume
│ │ └ properties
│ │ ├Host: Host
│ │ ├EfsVolumeConfiguration: EFSVolumeConfiguration
│ │ └Name: string
│ ├[~] type Volumes
│ │ ├ - documentation: A list of volumes that are associated with the job.
│ │ │ + documentation: undefined
│ │ └ properties
│ │ ├ EfsVolumeConfiguration: (documentation changed)
│ │ ├ Host: (documentation changed)
│ │ └ Name: (documentation changed)
│ └[~] type VolumesHost
│ ├ - documentation: Determine whether your data volume persists on the host container instance and where it's stored. If this parameter is empty, then the Docker daemon assigns a host path for your data volume. However, the data isn't guaranteed to persist after the containers that are associated with it stop running.
│ │ + documentation: undefined
│ └ properties
│ └ SourcePath: (documentation changed)
├[~] service aws-cloud9
│ └ resources
│ └[~] resource AWS::Cloud9::EnvironmentEC2
│ └ properties
│ └ ImageId: (documentation changed)
├[~] service aws-cloudtrail
│ └ resources
│ ├[~] resource AWS::CloudTrail::EventDataStore
│ │ └ types
│ │ └[~] type AdvancedFieldSelector
│ │ └ properties
│ │ └ Field: (documentation changed)
│ └[~] resource AWS::CloudTrail::Trail
│ ├ properties
│ │ └ CloudWatchLogsLogGroupArn: (documentation changed)
│ └ types
│ ├[~] type AdvancedFieldSelector
│ │ └ properties
│ │ └ Field: (documentation changed)
│ └[~] type DataResource
│ └ properties
│ └ Type: (documentation changed)
├[~] service aws-codecommit
│ └ resources
│ └[~] resource AWS::CodeCommit::Repository
│ └ properties
│ └[+] KmsKeyId: string
├[~] service aws-codedeploy
│ └ resources
│ └[~] resource AWS::CodeDeploy::DeploymentGroup
│ └ properties
│ └ TerminationHookEnabled: (documentation changed)
├[~] service aws-cognito
│ └ resources
│ └[~] resource AWS::Cognito::UserPool
│ └ types
│ └[~] type LambdaConfig
│ └ properties
│ └ PreTokenGeneration: (documentation changed)
├[~] service aws-connect
│ └ resources
│ ├[~] resource AWS::Connect::HoursOfOperation
│ │ └ properties
│ │ └ Tags: (documentation changed)
│ ├[~] resource AWS::Connect::Queue
│ │ └ properties
│ │ └ Tags: (documentation changed)
│ ├[~] resource AWS::Connect::QuickConnect
│ │ ├ properties
│ │ │ └ Tags: (documentation changed)
│ │ └ attributes
│ │ └ QuickConnectArn: (documentation changed)
│ ├[~] resource AWS::Connect::RoutingProfile
│ │ └ properties
│ │ └ Tags: (documentation changed)
│ └[~] resource AWS::Connect::SecurityProfile
│ └ properties
│ └ Tags: (documentation changed)
├[~] service aws-datasync
│ └ resources
│ ├[~] resource AWS::DataSync::LocationAzureBlob
│ │ └ - documentation: Creates an endpoint for a Microsoft Azure Blob Storage container that AWS DataSync can use as a transfer source or destination.
│ │ Before you begin, make sure you know [how DataSync accesses Azure Blob Storage](https://docs.aws.amazon.com/datasync/latest/userguide/creating-azure-blob-location.html#azure-blob-access) and works with [access tiers](https://docs.aws.amazon.com/datasync/latest/userguide/creating-azure-blob-location.html#azure-blob-access-tiers) and [blob types](https://docs.aws.amazon.com/datasync/latest/userguide/creating-azure-blob-location.html#blob-types) . You also need a [DataSync agent](https://docs.aws.amazon.com/datasync/latest/userguide/creating-azure-blob-location.html#azure-blob-creating-agent) that can connect to your container.
│ │ + documentation: Creates a transfer *location* for a Microsoft Azure Blob Storage container. AWS DataSync can use this location as a transfer source or destination.
│ │ Before you begin, make sure you know [how DataSync accesses Azure Blob Storage](https://docs.aws.amazon.com/datasync/latest/userguide/creating-azure-blob-location.html#azure-blob-access) and works with [access tiers](https://docs.aws.amazon.com/datasync/latest/userguide/creating-azure-blob-location.html#azure-blob-access-tiers) and [blob types](https://docs.aws.amazon.com/datasync/latest/userguide/creating-azure-blob-location.html#blob-types) . You also need a [DataSync agent](https://docs.aws.amazon.com/datasync/latest/userguide/creating-azure-blob-location.html#azure-blob-creating-agent) that can connect to your container.
│ ├[~] resource AWS::DataSync::LocationFSxONTAP
│ │ └ types
│ │ └[~] type SMB
│ │ └ properties
│ │ └ Domain: (documentation changed)
│ ├[~] resource AWS::DataSync::LocationFSxWindows
│ │ └ properties
│ │ ├ Domain: (documentation changed)
│ │ └ Password: (documentation changed)
│ ├[~] resource AWS::DataSync::LocationS3
│ │ └ types
│ │ └[~] type S3Config
│ │ └ - documentation: The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role used to access an Amazon S3 bucket.
│ │ For detailed information about using such a role, see [Creating a Location for Amazon S3](https://docs.aws.amazon.com/datasync/latest/userguide/working-with-locations.html#create-s3-location) in the *AWS DataSync User Guide* .
│ │ + documentation: The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role used to access an Amazon S3 bucket.
│ │ For detailed information about using such a role, see [Creating a Location for Amazon S3](https://docs.aws.amazon.com/datasync/latest/userguide/create-s3-location.html) in the *AWS DataSync User Guide* .
│ ├[~] resource AWS::DataSync::LocationSMB
│ │ └ properties
│ │ └ Domain: (documentation changed)
│ └[~] resource AWS::DataSync::Task
│ └ types
│ └[~] type Options
│ └ properties
│ ├ LogLevel: (documentation changed)
│ └ ObjectTags: (documentation changed)
├[~] service aws-ec2
│ └ resources
│ ├[~] resource AWS::EC2::Instance
│ │ └ attributes
│ │ └[-] InstanceId: string
│ ├[~] resource AWS::EC2::Subnet
│ │ ├ properties
│ │ │ ├[-] Ipv4NetmaskLength: integer
│ │ │ ├[+] Ipv6CidrBlocks: Array<string>
│ │ │ └[-] Ipv6NetmaskLength: integer
│ │ └ attributes
│ │ └ Ipv6CidrBlocks: (documentation changed)
│ └[~] resource AWS::EC2::Volume
│ └ - documentation: Specifies an Amazon Elastic Block Store (Amazon EBS) volume. You can attach the volume to an instance in the same Availability Zone using [AWS::EC2::VolumeAttachment](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-ebs-volumeattachment.html) .
│ When you use AWS CloudFormation to update an Amazon EBS volume that modifies `Iops` , `Size` , or `VolumeType` , there is a cooldown period before another operation can occur. This can cause your stack to report being in `UPDATE_IN_PROGRESS` or `UPDATE_ROLLBACK_IN_PROGRESS` for long periods of time.
│ Amazon EBS does not support sizing down an Amazon EBS volume. AWS CloudFormation does not attempt to modify an Amazon EBS volume to a smaller size on rollback.
│ Some common scenarios when you might encounter a cooldown period for Amazon EBS include:
│ - You successfully update an Amazon EBS volume and the update succeeds. When you attempt another update within the cooldown window, that update will be subject to a cooldown period.
│ - You successfully update an Amazon EBS volume and the update succeeds but another change in your `update-stack` call fails. The rollback will be subject to a cooldown period.
│ For more information on the cooldown period, see [Requirements when modifying volumes](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/modify-volume-requirements.html) .
│ *DeletionPolicy attribute*
│ To control how AWS CloudFormation handles the volume when the stack is deleted, set a deletion policy for your volume. You can choose to retain the volume, to delete the volume, or to create a snapshot of the volume. For more information, see [DeletionPolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html) .
│ > If you set a deletion policy that creates a snapshot, all tags on the volume are included in the snapshot.
│ + documentation: Specifies an Amazon Elastic Block Store (Amazon EBS) volume.
│ When you use AWS CloudFormation to update an Amazon EBS volume that modifies `Iops` , `Size` , or `VolumeType` , there is a cooldown period before another operation can occur. This can cause your stack to report being in `UPDATE_IN_PROGRESS` or `UPDATE_ROLLBACK_IN_PROGRESS` for long periods of time.
│ Amazon EBS does not support sizing down an Amazon EBS volume. AWS CloudFormation does not attempt to modify an Amazon EBS volume to a smaller size on rollback.
│ Some common scenarios when you might encounter a cooldown period for Amazon EBS include:
│ - You successfully update an Amazon EBS volume and the update succeeds. When you attempt another update within the cooldown window, that update will be subject to a cooldown period.
│ - You successfully update an Amazon EBS volume and the update succeeds but another change in your `update-stack` call fails. The rollback will be subject to a cooldown period.
│ For more information on the cooldown period, see [Requirements when modifying volumes](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/modify-volume-requirements.html) .
│ *DeletionPolicy attribute*
│ To control how AWS CloudFormation handles the volume when the stack is deleted, set a deletion policy for your volume. You can choose to retain the volume, to delete the volume, or to create a snapshot of the volume. For more information, see [DeletionPolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html) .
│ > If you set a deletion policy that creates a snapshot, all tags on the volume are included in the snapshot.
├[~] service aws-ecs
│ └ resources
│ └[~] resource AWS::ECS::Service
│ ├ properties
│ │ └[+] VolumeConfigurations: Array<ServiceVolumeConfiguration>
│ └ types
│ ├[+] type EBSTagSpecification
│ │ ├ name: EBSTagSpecification
│ │ └ properties
│ │ ├ResourceType: string (required)
│ │ ├Tags: Array<tag>
│ │ └PropagateTags: string
│ ├[+] type ServiceManagedEBSVolumeConfiguration
│ │ ├ name: ServiceManagedEBSVolumeConfiguration
│ │ └ properties
│ │ ├Encrypted: boolean
│ │ ├KmsKeyId: string
│ │ ├VolumeType: string
│ │ ├SizeInGiB: integer
│ │ ├SnapshotId: string
│ │ ├Iops: integer
│ │ ├Throughput: integer
│ │ ├TagSpecifications: Array<EBSTagSpecification>
│ │ ├RoleArn: string (required)
│ │ └FilesystemType: string
│ └[+] type ServiceVolumeConfiguration
│ ├ name: ServiceVolumeConfiguration
│ └ properties
│ ├Name: string (required)
│ └ManagedEBSVolume: ServiceManagedEBSVolumeConfiguration
├[~] service aws-efs
│ └ resources
│ └[~] resource AWS::EFS::FileSystem
│ ├ properties
│ │ ├ AvailabilityZoneName: (documentation changed)
│ │ └ LifecyclePolicies: (documentation changed)
│ └ types
│ ├[~] type FileSystemProtection
│ │ ├ - documentation: undefined
│ │ │ + documentation: Describes the protection on the file system.
│ │ └ properties
│ │ └ ReplicationOverwriteProtection: (documentation changed)
│ ├[~] type LifecyclePolicy
│ │ ├ - documentation: Describes a policy used by EFS lifecycle management and EFS Intelligent-Tiering that specifies when to transition files into and out of the file system's Infrequent Access (IA) storage class. For more information, see [EFS Intelligent‐Tiering and EFS Lifecycle Management](https://docs.aws.amazon.com/efs/latest/ug/lifecycle-management-efs.html) .
│ │ │ > - Each `LifecyclePolicy` object can have only a single transition. This means that in a request body, `LifecyclePolicies` must be structured as an array of `LifecyclePolicy` objects, one object for each transition, `TransitionToIA` , `TransitionToPrimaryStorageClass` .
│ │ │ > - See the AWS::EFS::FileSystem examples for the correct `LifecyclePolicy` structure. Do not use the syntax shown on this page.
│ │ │ + documentation: Describes a policy used by Lifecycle management that specifies when to transition files into and out of the EFS storage classes. For more information, see [Managing file system storage](https://docs.aws.amazon.com/efs/latest/ug/lifecycle-management-efs.html) .
│ │ │ > - Each `LifecyclePolicy` object can have only a single transition. This means that in a request body, `LifecyclePolicies` must be structured as an array of `LifecyclePolicy` objects, one object for each transition, `TransitionToIA` , `TransitionToArchive` , `TransitionToPrimaryStorageClass` .
│ │ │ > - See the AWS::EFS::FileSystem examples for the correct `LifecyclePolicy` structure. Do not use the syntax shown on this page.
│ │ └ properties
│ │ └ TransitionToArchive: (documentation changed)
│ └[~] type ReplicationDestination
│ └ properties
│ ├ AvailabilityZoneName: (documentation changed)
│ └ Region: (documentation changed)
├[~] service aws-eks
│ └ resources
│ ├[+] resource AWS::EKS::AccessEntry
│ │ ├ name: AccessEntry
│ │ │ cloudFormationType: AWS::EKS::AccessEntry
│ │ │ documentation: Creates an access entry.
│ │ │ An access entry allows an IAM principal to access your cluster. Access entries can replace the need to maintain entries in the `aws-auth` `ConfigMap` for authentication. You have the following options for authorizing an IAM principal to access Kubernetes objects on your cluster: Kubernetes role-based access control (RBAC), Amazon EKS, or both. Kubernetes RBAC authorization requires you to create and manage Kubernetes `Role` , `ClusterRole` , `RoleBinding` , and `ClusterRoleBinding` objects, in addition to managing access entries. If you use Amazon EKS authorization exclusively, you don't need to create and manage Kubernetes `Role` , `ClusterRole` , `RoleBinding` , and `ClusterRoleBinding` objects.
│ │ │ For more information about access entries, see [Access entries](https://docs.aws.amazon.com/eks/latest/userguide/access-entries.html) in the *Amazon EKS User Guide* .
│ │ │ tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│ │ ├ properties
│ │ │ ├ClusterName: string (required, immutable)
│ │ │ ├PrincipalArn: string (required, immutable)
│ │ │ ├Username: string
│ │ │ ├Tags: Array<tag>
│ │ │ ├KubernetesGroups: Array<string>
│ │ │ ├AccessPolicies: Array<AccessPolicy>
│ │ │ └Type: string (immutable)
│ │ ├ attributes
│ │ │ └AccessEntryArn: string
│ │ └ types
│ │ ├type AccessPolicy
│ │ │├ documentation: An access policy includes permissions that allow Amazon EKS to authorize an IAM principal to work with Kubernetes objects on your cluster. The policies are managed by Amazon EKS, but they're not IAM policies. You can't view the permissions in the policies using the API. The permissions for many of the policies are similar to the Kubernetes `cluster-admin` , `admin` , `edit` , and `view` cluster roles. For more information about these cluster roles, see [User-facing roles](https://docs.aws.amazon.com/https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles) in the Kubernetes documentation. To view the contents of the policies, see [Access policy permissions](https://docs.aws.amazon.com/eks/latest/userguide/access-policies.html#access-policy-permissions) in the *Amazon EKS User Guide* .
│ │ ││ name: AccessPolicy
│ │ │└ properties
│ │ │ ├PolicyArn: string (required)
│ │ │ └AccessScope: AccessScope (required)
│ │ └type AccessScope
│ │ ├ documentation: The scope of an `AccessPolicy` that's associated to an `AccessEntry` .
│ │ │ name: AccessScope
│ │ └ properties
│ │ ├Type: string (required)
│ │ └Namespaces: Array<string>
│ ├[~] resource AWS::EKS::Addon
│ │ └ properties
│ │ └ ClusterName: (documentation changed)
│ ├[~] resource AWS::EKS::Cluster
│ │ ├ properties
│ │ │ ├[+] AccessConfig: AccessConfig
│ │ │ └ ResourcesVpcConfig: (documentation changed)
│ │ └ types
│ │ ├[+] type AccessConfig
│ │ │ ├ documentation: The access configuration for the cluster.
│ │ │ │ name: AccessConfig
│ │ │ └ properties
│ │ │ ├BootstrapClusterCreatorAdminPermissions: boolean (immutable)
│ │ │ └AuthenticationMode: string
│ │ ├[~] type ControlPlanePlacement
│ │ │ └ properties
│ │ │ └ GroupName: (documentation changed)
│ │ ├[~] type EncryptionConfig
│ │ │ └ properties
│ │ │ └ Resources: (documentation changed)
│ │ ├[~] type KubernetesNetworkConfig
│ │ │ └ properties
│ │ │ └ ServiceIpv4Cidr: (documentation changed)
│ │ └[~] type ResourcesVpcConfig
│ │ └ properties
│ │ └ PublicAccessCidrs: (documentation changed)
│ ├[~] resource AWS::EKS::FargateProfile
│ │ ├ - documentation: Creates an AWS Fargate profile for your Amazon EKS cluster. You must have at least one Fargate profile in a cluster to be able to run pods on Fargate.
│ │ │ The Fargate profile allows an administrator to declare which pods run on Fargate and specify which pods run on which Fargate profile. This declaration is done through the profile’s selectors. Each profile can have up to five selectors that contain a namespace and labels. A namespace is required for every selector. The label field consists of multiple optional key-value pairs. Pods that match the selectors are scheduled on Fargate. If a to-be-scheduled pod matches any of the selectors in the Fargate profile, then that pod is run on Fargate.
│ │ │ When you create a Fargate profile, you must specify a pod execution role to use with the pods that are scheduled with the profile. This role is added to the cluster's Kubernetes [Role Based Access Control](https://docs.aws.amazon.com/https://kubernetes.io/docs/reference/access-authn-authz/rbac/) (RBAC) for authorization so that the `kubelet` that is running on the Fargate infrastructure can register with your Amazon EKS cluster so that it can appear in your cluster as a node. The pod execution role also provides IAM permissions to the Fargate infrastructure to allow read access to Amazon ECR image repositories. For more information, see [Pod Execution Role](https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html) in the *Amazon EKS User Guide* .
│ │ │ Fargate profiles are immutable. However, you can create a new updated profile to replace an existing profile and then delete the original after the updated profile has finished creating.
│ │ │ If any Fargate profiles in a cluster are in the `DELETING` status, you must wait for that Fargate profile to finish deleting before you can create any other profiles in that cluster.
│ │ │ For more information, see [AWS Fargate Profile](https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html) in the *Amazon EKS User Guide* .
│ │ │ + documentation: Creates an AWS Fargate profile for your Amazon EKS cluster. You must have at least one Fargate profile in a cluster to be able to run pods on Fargate.
│ │ │ The Fargate profile allows an administrator to declare which pods run on Fargate and specify which pods run on which Fargate profile. This declaration is done through the profile’s selectors. Each profile can have up to five selectors that contain a namespace and labels. A namespace is required for every selector. The label field consists of multiple optional key-value pairs. Pods that match the selectors are scheduled on Fargate. If a to-be-scheduled pod matches any of the selectors in the Fargate profile, then that pod is run on Fargate.
│ │ │ When you create a Fargate profile, you must specify a pod execution role to use with the pods that are scheduled with the profile. This role is added to the cluster's Kubernetes [Role Based Access Control](https://docs.aws.amazon.com/https://kubernetes.io/docs/reference/access-authn-authz/rbac/) (RBAC) for authorization so that the `kubelet` that is running on the Fargate infrastructure can register with your Amazon EKS cluster so that it can appear in your cluster as a node. The pod execution role also provides IAM permissions to the Fargate infrastructure to allow read access to Amazon ECR image repositories. For more information, see [Pod Execution Role](https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html) in the *Amazon EKS User Guide* .
│ │ │ Fargate profiles are immutable. However, you can create a new updated profile to replace an existing profile and then delete the original after the updated profile has finished creating.
│ │ │ If any Fargate profiles in a cluster are in the `DELETING` status, you must wait for that Fargate profile to finish deleting before you can create any other profiles in that cluster.
│ │ │ For more information, see [AWS Fargate profile](https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html) in the *Amazon EKS User Guide* .
│ │ ├ properties
│ │ │ ├ ClusterName: (documentation changed)
│ │ │ ├ PodExecutionRoleArn: (documentation changed)
│ │ │ ├ Selectors: (documentation changed)
│ │ │ ├ Subnets: (documentation changed)
│ │ │ └ Tags: (documentation changed)
│ │ └ types
│ │ └[~] type Selector
│ │ └ properties
│ │ └ Namespace: (documentation changed)
│ ├[~] resource AWS::EKS::IdentityProviderConfig
│ │ ├ - documentation: Associate an identity provider configuration to a cluster.
│ │ │ If you want to authenticate identities using an identity provider, you can create an identity provider configuration and associate it to your cluster. After configuring authentication to your cluster you can create Kubernetes `roles` and `clusterroles` to assign permissions to the roles, and then bind the roles to the identities using Kubernetes `rolebindings` and `clusterrolebindings` . For more information see [Using RBAC Authorization](https://docs.aws.amazon.com/https://kubernetes.io/docs/reference/access-authn-authz/rbac/) in the Kubernetes documentation.
│ │ │ + documentation: Associates an identity provider configuration to a cluster.
│ │ │ If you want to authenticate identities using an identity provider, you can create an identity provider configuration and associate it to your cluster. After configuring authentication to your cluster you can create Kubernetes `Role` and `ClusterRole` objects, assign permissions to them, and then bind them to the identities using Kubernetes `RoleBinding` and `ClusterRoleBinding` objects. For more information see [Using RBAC Authorization](https://docs.aws.amazon.com/https://kubernetes.io/docs/reference/access-authn-authz/rbac/) in the Kubernetes documentation.
│ │ └ properties
│ │ ├ ClusterName: (documentation changed)
│ │ └ Tags: (documentation changed)
│ ├[~] resource AWS::EKS::Nodegroup
│ │ ├ - documentation: Creates a managed node group for an Amazon EKS cluster. You can only create a node group for your cluster that is equal to the current Kubernetes version for the cluster.
│ │ │ An Amazon EKS managed node group is an Amazon EC2 Auto Scaling group and associated Amazon EC2 instances that are managed by AWS for an Amazon EKS cluster. For more information, see [Managed node groups](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html) in the *Amazon EKS User Guide* .
│ │ │ > Windows AMI types are only supported for commercial Regions that support Windows Amazon EKS.
│ │ │ + documentation: Creates a managed node group for an Amazon EKS cluster.
│ │ │ You can only create a node group for your cluster that is equal to the current Kubernetes version for the cluster. All node groups are created with the latest AMI release version for the respective minor Kubernetes version of the cluster, unless you deploy a custom AMI using a launch template. For more information about using launch templates, see [Launch template support](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) .
│ │ │ An Amazon EKS managed node group is an Amazon EC2 Auto Scaling group and associated Amazon EC2 instances that are managed by AWS for an Amazon EKS cluster. For more information, see [Managed node groups](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html) in the *Amazon EKS User Guide* .
│ │ │ > Windows AMI types are only supported for commercial AWS Regions that support Windows on Amazon EKS.
│ │ ├ properties
│ │ │ ├ ClusterName: (documentation changed)
│ │ │ ├ ForceUpdateEnabled: (documentation changed)
│ │ │ ├ Labels: (documentation changed)
│ │ │ ├ NodeRole: (documentation changed)
│ │ │ ├ Subnets: (documentation changed)
│ │ │ └ Tags: (documentation changed)
│ │ ├ attributes
│ │ │ └ ClusterName: (documentation changed)
│ │ └ types
│ │ ├[~] type ScalingConfig
│ │ │ └ properties
│ │ │ └ DesiredSize: (documentation changed)
│ │ ├[~] type Taint
│ │ │ └ - documentation: A property that allows a node to repel a set of pods. For more information, see [Node taints on managed node groups](https://docs.aws.amazon.com/eks/latest/userguide/node-taints-managed-node-groups.html) .
│ │ │ + documentation: A property that allows a node to repel a `Pod` . For more information, see [Node taints on managed node groups](https://docs.aws.amazon.com/eks/latest/userguide/node-taints-managed-node-groups.html) in the *Amazon EKS User Guide* .
│ │ └[~] type UpdateConfig
│ │ └ properties
│ │ ├ MaxUnavailable: (documentation changed)
│ │ └ MaxUnavailablePercentage: (documentation changed)
│ └[~] resource AWS::EKS::PodIdentityAssociation
│ └ properties
│ └ Tags: (documentation changed)
├[~] service aws-emr
│ └ resources
│ └[~] resource AWS::EMR::Cluster
│ ├ properties
│ │ ├ EbsRootVolumeIops: (documentation changed)
│ │ └ EbsRootVolumeThroughput: (documentation changed)
│ └ types
│ └[~] type PlacementGroupConfig
│ ├ - documentation: undefined
│ │ + documentation: Placement group configuration for an Amazon EMR cluster. The configuration specifies the placement strategy that can be applied to instance roles during cluster creation.
│ │ To use this configuration, consider attaching managed policy AmazonElasticMapReducePlacementGroupPolicy to the Amazon EMR role.
│ └ properties
│ ├ InstanceRole: (documentation changed)
│ └ PlacementStrategy: (documentation changed)
├[~] service aws-emrserverless
│ └ resources
│ └[~] resource AWS::EMRServerless::Application
│ └ types
│ ├[+] type CloudWatchLoggingConfiguration
│ │ ├ name: CloudWatchLoggingConfiguration
│ │ └ properties
│ │ ├Enabled: boolean (default=false)
│ │ ├LogGroupName: string
│ │ ├LogStreamNamePrefix: string
│ │ ├EncryptionKeyArn: string
│ │ └LogTypeMap: Array<LogTypeMapKeyValuePair>
│ ├[+] type LogTypeMapKeyValuePair
│ │ ├ name: LogTypeMapKeyValuePair
│ │ └ properties
│ │ ├Key: string (required)
│ │ └Value: Array<string> (required)
│ └[~] type MonitoringConfiguration
│ └ properties
│ └[+] CloudWatchLoggingConfiguration: CloudWatchLoggingConfiguration
├[~] service aws-eventschemas
│ └ resources
│ └[~] resource AWS::EventSchemas::Schema
│ └ attributes
│ └ LastModified: (documentation changed)
├[~] service aws-gamelift
│ └ resources
│ └[~] resource AWS::GameLift::MatchmakingConfiguration
│ └ types
│ └[~] type GameProperty
│ └ - documentation: Set of key-value pairs that contain information about a game session. When included in a game session request, these properties communicate details to be used when setting up the new game session. For example, a game property might specify a game mode, level, or map. Game properties are passed to the game server process when initiating a new game session. For more information, see the [Amazon GameLift Developer Guide](https://docs.aws.amazon.com/gamelift/latest/developerguide/gamelift-sdk-client-api.html#gamelift-sdk-client-api-create) .
│ + documentation: This key-value pair can store custom data about a game session. For example, you might use a `GameProperty` to track a game session's map, level of difficulty, or remaining time. The difficulty level could be specified like this: `{"Key": "difficulty", "Value":"Novice"}` .
│ You can set game properties when creating a game session. You can also modify game properties of an active game session. When searching for game sessions, you can filter on game property keys and values. You can't delete game properties from a game session.
│ For examples of working with game properties, see [Create a game session with properties](https://docs.aws.amazon.com/gamelift/latest/developerguide/gamelift-sdk-client-api.html#game-properties) .
├[~] service aws-greengrass
│ └ resources
│ ├[~] resource AWS::Greengrass::ConnectorDefinition
│ │ ├ properties
│ │ │ └ Tags: (documentation changed)
│ │ └ types
│ │ └[~] type Connector
│ │ ├ - documentation: Connectors are modules that provide built-in integration with local infrastructure, device protocols, AWS , and other cloud services. For more information, see [Integrate with Services and Protocols Using Greengrass Connectors](https://docs.aws.amazon.com/greengrass/latest/developerguide/connectors.html) in the *Developer Guide* .
│ │ │ In an AWS CloudFormation template, the `Connectors` property of the [`ConnectorDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-connectordefinition-connectordefinitionversion.html) property type contains a list of `Connector` property types.
│ │ │ + documentation: Connectors are modules that provide built-in integration with local infrastructure, device protocols, AWS , and other cloud services. For more information, see [Integrate with Services and Protocols Using Greengrass Connectors](https://docs.aws.amazon.com/greengrass/v1/developerguide/connectors.html) in the *Developer Guide* .
│ │ │ In an AWS CloudFormation template, the `Connectors` property of the [`ConnectorDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-connectordefinition-connectordefinitionversion.html) property type contains a list of `Connector` property types.
│ │ └ properties
│ │ ├ ConnectorArn: (documentation changed)
│ │ └ Parameters: (documentation changed)
│ ├[~] resource AWS::Greengrass::ConnectorDefinitionVersion
│ │ └ types
│ │ └[~] type Connector
│ │ ├ - documentation: Connectors are modules that provide built-in integration with local infrastructure, device protocols, AWS , and other cloud services. For more information, see [Integrate with Services and Protocols Using Greengrass Connectors](https://docs.aws.amazon.com/greengrass/latest/developerguide/connectors.html) in the *Developer Guide* .
│ │ │ In an AWS CloudFormation template, the `Connectors` property of the [`AWS::Greengrass::ConnectorDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-greengrass-connectordefinitionversion.html) resource contains a list of `Connector` property types.
│ │ │ + documentation: Connectors are modules that provide built-in integration with local infrastructure, device protocols, AWS , and other cloud services. For more information, see [Integrate with Services and Protocols Using Greengrass Connectors](https://docs.aws.amazon.com/greengrass/v1/developerguide/connectors.html) in the *Developer Guide* .
│ │ │ In an AWS CloudFormation template, the `Connectors` property of the [`AWS::Greengrass::ConnectorDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-greengrass-connectordefinitionversion.html) resource contains a list of `Connector` property types.
│ │ └ properties
│ │ ├ ConnectorArn: (documentation changed)
│ │ └ Parameters: (documentation changed)
│ ├[~] resource AWS::Greengrass::CoreDefinition
│ │ ├ properties
│ │ │ └ Tags: (documentation changed)
│ │ └ types
│ │ └[~] type Core
│ │ └ - documentation: A core is an AWS IoT device that runs the AWS IoT Greengrass core software and manages local processes for a Greengrass group. For more information, see [What Is AWS IoT Greengrass ?](https://docs.aws.amazon.com/greengrass/latest/developerguide/what-is-gg.html) in the *Developer Guide* .
│ │ In an AWS CloudFormation template, the `Cores` property of the [`CoreDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-coredefinition-coredefinitionversion.html) property type contains a list of `Core` property types. Currently, the list can contain only one core.
│ │ + documentation: A core is an AWS IoT device that runs the AWS IoT Greengrass core software and manages local processes for a Greengrass group. For more information, see [What Is AWS IoT Greengrass ?](https://docs.aws.amazon.com/greengrass/v1/developerguide/what-is-gg.html) in the *Developer Guide* .
│ │ In an AWS CloudFormation template, the `Cores` property of the [`CoreDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-coredefinition-coredefinitionversion.html) property type contains a list of `Core` property types. Currently, the list can contain only one core.
│ ├[~] resource AWS::Greengrass::CoreDefinitionVersion
│ │ └ types
│ │ └[~] type Core
│ │ └ - documentation: A core is an AWS IoT device that runs the AWS IoT Greengrass core software and manages local processes for a Greengrass group. For more information, see [What Is AWS IoT Greengrass ?](https://docs.aws.amazon.com/greengrass/latest/developerguide/what-is-gg.html) in the *Developer Guide* .
│ │ In an AWS CloudFormation template, the `Cores` property of the [`AWS::Greengrass::CoreDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-greengrass-coredefinitionversion.html) resource contains a list of `Core` property types. Currently, the list can contain only one core.
│ │ + documentation: A core is an AWS IoT device that runs the AWS IoT Greengrass core software and manages local processes for a Greengrass group. For more information, see [What Is AWS IoT Greengrass ?](https://docs.aws.amazon.com/greengrass/v1/developerguide/what-is-gg.html) in the *Developer Guide* .
│ │ In an AWS CloudFormation template, the `Cores` property of the [`AWS::Greengrass::CoreDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-greengrass-coredefinitionversion.html) resource contains a list of `Core` property types. Currently, the list can contain only one core.
│ ├[~] resource AWS::Greengrass::DeviceDefinition
│ │ ├ properties
│ │ │ └ Tags: (documentation changed)
│ │ └ types
│ │ └[~] type Device
│ │ └ - documentation: A device is an AWS IoT device (thing) that's added to a Greengrass group. Greengrass devices can communicate with the Greengrass core in the same group. For more information, see [What Is AWS IoT Greengrass ?](https://docs.aws.amazon.com/greengrass/latest/developerguide/what-is-gg.html) in the *Developer Guide* .
│ │ In an AWS CloudFormation template, the `Devices` property of the [`DeviceDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-devicedefinition-devicedefinitionversion.html) property type contains a list of `Device` property types.
│ │ + documentation: A device is an AWS IoT device (thing) that's added to a Greengrass group. Greengrass devices can communicate with the Greengrass core in the same group. For more information, see [What Is AWS IoT Greengrass ?](https://docs.aws.amazon.com/greengrass/v1/developerguide/what-is-gg.html) in the *Developer Guide* .
│ │ In an AWS CloudFormation template, the `Devices` property of the [`DeviceDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-devicedefinition-devicedefinitionversion.html) property type contains a list of `Device` property types.
│ ├[~] resource AWS::Greengrass::DeviceDefinitionVersion
│ │ └ types
│ │ └[~] type Device
│ │ └ - documentation: A device is an AWS IoT device (thing) that's added to a Greengrass group. Greengrass devices can communicate with the Greengrass core in the same group. For more information, see [What Is AWS IoT Greengrass ?](https://docs.aws.amazon.com/greengrass/latest/developerguide/what-is-gg.html) in the *Developer Guide* .
│ │ In an AWS CloudFormation template, the `Devices` property of the [`AWS::Greengrass::DeviceDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-greengrass-devicedefinitionversion.html) resource contains a list of `Device` property types.
│ │ + documentation: A device is an AWS IoT device (thing) that's added to a Greengrass group. Greengrass devices can communicate with the Greengrass core in the same group. For more information, see [What Is AWS IoT Greengrass ?](https://docs.aws.amazon.com/greengrass/v1/developerguide/what-is-gg.html) in the *Developer Guide* .
│ │ In an AWS CloudFormation template, the `Devices` property of the [`AWS::Greengrass::DeviceDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-greengrass-devicedefinitionversion.html) resource contains a list of `Device` property types.
│ ├[~] resource AWS::Greengrass::FunctionDefinition
│ │ ├ properties
│ │ │ └ Tags: (documentation changed)
│ │ └ types
│ │ ├[~] type Execution
│ │ │ └ properties
│ │ │ ├ IsolationMode: (documentation changed)
│ │ │ └ RunAs: (documentation changed)
│ │ ├[~] type Function
│ │ │ └ - documentation: A function is a Lambda function that's referenced from an AWS IoT Greengrass group. The function is deployed to a Greengrass core where it runs locally. For more information, see [Run Lambda Functions on the AWS IoT Greengrass Core](https://docs.aws.amazon.com/greengrass/latest/developerguide/lambda-functions.html) in the *Developer Guide* .
│ │ │ In an AWS CloudFormation template, the `Functions` property of the [`FunctionDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-functiondefinition-functiondefinitionversion.html) property type contains a list of `Function` property types.
│ │ │ + documentation: A function is a Lambda function that's referenced from an AWS IoT Greengrass group. The function is deployed to a Greengrass core where it runs locally. For more information, see [Run Lambda Functions on the AWS IoT Greengrass Core](https://docs.aws.amazon.com/greengrass/v1/developerguide/lambda-functions.html) in the *Developer Guide* .
│ │ │ In an AWS CloudFormation template, the `Functions` property of the [`FunctionDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-functiondefinition-functiondefinitionversion.html) property type contains a list of `Function` property types.
│ │ ├[~] type FunctionConfiguration
│ │ │ └ - documentation: The group-specific configuration settings for a Lambda function. These settings configure the function's behavior in the Greengrass group. For more information, see [Controlling Execution of Greengrass Lambda Functions by Using Group-Specific Configuration](https://docs.aws.amazon.com/greengrass/latest/developerguide/lambda-group-config.html) in the *Developer Guide* .
│ │ │ In an AWS CloudFormation template, `FunctionConfiguration` is a property of the [`Function`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-functiondefinition-function.html) property type.
│ │ │ + documentation: The group-specific configuration settings for a Lambda function. These settings configure the function's behavior in the Greengrass group. For more information, see [Controlling Execution of Greengrass Lambda Functions by Using Group-Specific Configuration](https://docs.aws.amazon.com/greengrass/v1/developerguide/lambda-group-config.html) in the *Developer Guide* .
│ │ │ In an AWS CloudFormation template, `FunctionConfiguration` is a property of the [`Function`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-functiondefinition-function.html) property type.
│ │ └[~] type RunAs
│ │ └ - documentation: The access identity whose permissions are used to run the Lambda function. This setting overrides the default access identity that's specified for the group (by default, ggc_user and ggc_group). You can override the user, group, or both. For more information, see [Run as](https://docs.aws.amazon.com/greengrass/latest/developerguide/lambda-group-config.html#lambda-access-identity.html) in the *Developer Guide* .
│ │ > Running as the root user increases risks to your data and device. Do not run as root (UID/GID=0) unless your business case requires it. For more information and requirements, see [Running a Lambda Function as Root](https://docs.aws.amazon.com/greengrass/latest/developerguide/lambda-group-config.html#lambda-running-as-root) .
│ │ In an AWS CloudFormation template, `RunAs` is a property of the [`Execution`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-functiondefinition-execution.html) property type.
│ │ + documentation: The access identity whose permissions are used to run the Lambda function. This setting overrides the default access identity that's specified for the group (by default, ggc_user and ggc_group). You can override the user, group, or both. For more information, see [Run as](https://docs.aws.amazon.com/greengrass/v1/developerguide/lambda-group-config.html#lambda-access-identity.html) in the *Developer Guide* .
│ │ > Running as the root user increases risks to your data and device. Do not run as root (UID/GID=0) unless your business case requires it. For more information and requirements, see [Running a Lambda Function as Root](https://docs.aws.amazon.com/greengrass/v1/developerguide/lambda-group-config.html#lambda-running-as-root) .
│ │ In an AWS CloudFormation template, `RunAs` is a property of the [`Execution`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-functiondefinition-execution.html) property type.
│ ├[~] resource AWS::Greengrass::FunctionDefinitionVersion
│ │ └ types
│ │ ├[~] type Execution
│ │ │ └ properties
│ │ │ ├ IsolationMode: (documentation changed)
│ │ │ └ RunAs: (documentation changed)
│ │ ├[~] type Function
│ │ │ └ - documentation: A function is a Lambda function that's referenced from an AWS IoT Greengrass group. The function is deployed to a Greengrass core where it runs locally. For more information, see [Run Lambda Functions on the AWS IoT Greengrass Core](https://docs.aws.amazon.com/greengrass/latest/developerguide/lambda-functions.html) in the *Developer Guide* .
│ │ │ In an AWS CloudFormation template, the `Functions` property of the [`AWS::Greengrass::FunctionDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-greengrass-functiondefinitionversion.html) resource contains a list of `Function` property types.
│ │ │ + documentation: A function is a Lambda function that's referenced from an AWS IoT Greengrass group. The function is deployed to a Greengrass core where it runs locally. For more information, see [Run Lambda Functions on the AWS IoT Greengrass Core](https://docs.aws.amazon.com/greengrass/v1/developerguide/lambda-functions.html) in the *Developer Guide* .
│ │ │ In an AWS CloudFormation template, the `Functions` property of the [`AWS::Greengrass::FunctionDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-greengrass-functiondefinitionversion.html) resource contains a list of `Function` property types.
│ │ ├[~] type FunctionConfiguration
│ │ │ └ - documentation: The group-specific configuration settings for a Lambda function. These settings configure the function's behavior in the Greengrass group. For more information, see [Controlling Execution of Greengrass Lambda Functions by Using Group-Specific Configuration](https://docs.aws.amazon.com/greengrass/latest/developerguide/lambda-group-config.html) in the *Developer Guide* .
│ │ │ In an AWS CloudFormation template, `FunctionConfiguration` is a property of the [`Function`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-functiondefinitionversion-function.html) property type.
│ │ │ + documentation: The group-specific configuration settings for a Lambda function. These settings configure the function's behavior in the Greengrass group. For more information, see [Controlling Execution of Greengrass Lambda Functions by Using Group-Specific Configuration](https://docs.aws.amazon.com/greengrass/v1/developerguide/lambda-group-config.html) in the *Developer Guide* .
│ │ │ In an AWS CloudFormation template, `FunctionConfiguration` is a property of the [`Function`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-functiondefinitionversion-function.html) property type.
│ │ └[~] type RunAs
│ │ └ - documentation: The user and group permissions used to run the Lambda function. This setting overrides the default access identity that's specified for the group (by default, ggc_user and ggc_group). You can override the user, group, or both. For more information, see [Run as](https://docs.aws.amazon.com/greengrass/latest/developerguide/lambda-group-config.html#lambda-access-identity.html) in the *Developer Guide* .
│ │ > Running as the root user increases risks to your data and device. Do not run as root (UID/GID=0) unless your business case requires it. For more information and requirements, see [Running a Lambda Function as Root](https://docs.aws.amazon.com/greengrass/latest/developerguide/lambda-group-config.html#lambda-running-as-root) .
│ │ In an AWS CloudFormation template, `RunAs` is a property of the [`Execution`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-functiondefinitionversion-execution.html) property type.
│ │ + documentation: The user and group permissions used to run the Lambda function. This setting overrides the default access identity that's specified for the group (by default, ggc_user and ggc_group). You can override the user, group, or both. For more information, see [Run as](https://docs.aws.amazon.com/greengrass/v1/developerguide/lambda-group-config.html#lambda-access-identity.html) in the *Developer Guide* .
│ │ > Running as the root user increases risks to your data and device. Do not run as root (UID/GID=0) unless your business case requires it. For more information and requirements, see [Running a Lambda Function as Root](https://docs.aws.amazon.com/greengrass/v1/developerguide/lambda-group-config.html#lambda-running-as-root) .
│ │ In an AWS CloudFormation template, `RunAs` is a property of the [`Execution`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-functiondefinitionversion-execution.html) property type.
│ ├[~] resource AWS::Greengrass::Group
│ │ ├ - documentation: AWS IoT Greengrass seamlessly extends AWS to edge devices so they can act locally on the data they generate, while still using the cloud for management, analytics, and durable storage. With AWS IoT Greengrass , connected devices can run AWS Lambda functions, execute predictions based on machine learning models, keep device data in sync, and communicate with other devices securely – even when not connected to the internet. For more information, see the [Developer Guide](https://docs.aws.amazon.com/greengrass/latest/developerguide/what-is-gg.html) .
│ │ │ > For AWS Region support, see [AWS CloudFormation Support for AWS IoT Greengrass](https://docs.aws.amazon.com/greengrass/latest/developerguide/cloudformation-support.html) in the *Developer Guide* .
│ │ │ The `AWS::Greengrass::Group` resource represents a group in AWS IoT Greengrass . In the AWS IoT Greengrass API, groups are used to organize your group versions.
│ │ │ Groups can reference multiple group versions. All group versions must be associated with a group. A group version references a device definition version, subscription definition version, and other version types that contain the components you want to deploy to a Greengrass core device.
│ │ │ To deploy a group version, the group version must reference a core definition version that contains one core. Other version types are optionally included, depending on your business need.
│ │ │ > When you create a group, you can optionally include an initial group version. To associate a group version later, create a [`AWS::Greengrass::GroupVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-greengrass-groupversion.html) resource and specify the ID of this group.
│ │ │ >
│ │ │ > To change group components (such as…
Because of PRs that require cli integ tests run, some PRs have the automated review failing while awaiting review (and integ tests run). We shouldn't auto-close these as stale ever, since the ball is in our court. See #27882, where we were bad. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws-cdk-automation
added
auto-approve
pr/no-squash
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
aws-cdk-automation
had a problem deploying
to
test-pipeline
GitHub Actions
Failure
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be automatically updated and merged without squashing (do not update manually, and be sure to allow changes to be pushed to your fork). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See CHANGELOG and Alpha CHANGELOG