The real amazon kendra/assertions clean up #528

TheRealAmazonKendra · 2024-07-23T23:02:06Z

Issue # (if applicable)

Closes #.

Reason for this change

Description of changes

Description of how you validated changes

Checklist

My code adheres to the CONTRIBUTING GUIDE and DESIGN GUIDELINES

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

This test was failing due to the solution stack version not being supported any longer. ### Issue # (if applicable) Closes #<issue number here>. ### Reason for this change ### Description of changes ### Description of how you validated changes ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Note that the docstring in `aws-entities` states that the regions are added in the order they went live. For several, that was not accurate so I reordered them. This is unlikely to matter but I made the change so that the documentation there would be factually correct. Not all of these regions/partitions are live yet, but they have been announced [here](https://aws.amazon.com/blogs/aws/category/regions/) ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…rty to the BedrockInvokeModel (aws#30426) ### Issue # (if applicable) Closes aws#30425 ### Reason for this change In the current [BedrockInvokeModel](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_stepfunctions_tasks.BedrockInvokeModel.html), guardrail configuration and trace for the invocation are not supported. ### Description of changes Add `gurdrailConfiguration` and `trace` property to the `BedrockInvokeModel` ### Description of how you validated changes Add unit tests and integ tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/bump/2.148.0/CHANGELOG.md)

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/merge-back/2.148.0/CHANGELOG.md)

…s-cdk/aws-lambda-python-alpha/test/lambda-handler (aws#30767) Bumps [certifi](https://github.com/certifi/python-certifi) from 2023.7.22 to 2024.7.4. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463"><code>bd81538</code></a> 2024.07.04 (<a href="https://redirect.github.com/certifi/python-certifi/issues/295">#295</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/06a2cbf21f345563dde6c28b60e29d57e9b210b3"><code>06a2cbf</code></a> Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (<a href="https://redirect.github.com/certifi/python-certifi/issues/294">#294</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/13bba02b72bac97c432c277158bc04b4d2a6bc23"><code>13bba02</code></a> Bump actions/checkout from 4.1.6 to 4.1.7 (<a href="https://redirect.github.com/certifi/python-certifi/issues/293">#293</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/e8abcd0e62b334c164b95d49fcabdc9ecbca0554"><code>e8abcd0</code></a> Bump pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0 (<a href="https://redirect.github.com/certifi/python-certifi/issues/292">#292</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/124f4adf171e15cd9a91a8b6e0325ecc97be8fe1"><code>124f4ad</code></a> 2024.06.02 (<a href="https://redirect.github.com/certifi/python-certifi/issues/291">#291</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/c2196ce5d6ee675b27755a19948480a7823e2c6a"><code>c2196ce</code></a> --- (<a href="https://redirect.github.com/certifi/python-certifi/issues/290">#290</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/fefdeec7588ff1c05214b85a552afcad5fdb51b2"><code>fefdeec</code></a> Bump actions/checkout from 4.1.4 to 4.1.5 (<a href="https://redirect.github.com/certifi/python-certifi/issues/289">#289</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/3c5fb1560b826a7f83f1f9750173ff766492c9cf"><code>3c5fb15</code></a> Bump actions/download-artifact from 4.1.6 to 4.1.7 (<a href="https://redirect.github.com/certifi/python-certifi/issues/286">#286</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/4a9569a3eb58db8548536fc16c5c5c7af946a5b1"><code>4a9569a</code></a> Bump actions/checkout from 4.1.2 to 4.1.4 (<a href="https://redirect.github.com/certifi/python-certifi/issues/287">#287</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/1fc808626a895a916b1e4c2b63abae6c5eafdbe3"><code>1fc8086</code></a> Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (<a href="https://redirect.github.com/certifi/python-certifi/issues/288">#288</a>)</li> <li>Additional commits viewable in <a href="https://github.com/certifi/python-certifi/compare/2023.07.22...2024.07.04">compare view</a></li> </ul> </details> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=certifi&package-manager=pip&previous-version=2023.7.22&new-version=2024.7.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/aws/aws-cdk/network/alerts). </details>

…-cdk/aws-lambda-python-alpha/test/lambda-handler-dockercopy (aws#30768) Bumps [certifi](https://github.com/certifi/python-certifi) from 2024.2.2 to 2024.7.4. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463"><code>bd81538</code></a> 2024.07.04 (<a href="https://redirect.github.com/certifi/python-certifi/issues/295">#295</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/06a2cbf21f345563dde6c28b60e29d57e9b210b3"><code>06a2cbf</code></a> Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (<a href="https://redirect.github.com/certifi/python-certifi/issues/294">#294</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/13bba02b72bac97c432c277158bc04b4d2a6bc23"><code>13bba02</code></a> Bump actions/checkout from 4.1.6 to 4.1.7 (<a href="https://redirect.github.com/certifi/python-certifi/issues/293">#293</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/e8abcd0e62b334c164b95d49fcabdc9ecbca0554"><code>e8abcd0</code></a> Bump pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0 (<a href="https://redirect.github.com/certifi/python-certifi/issues/292">#292</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/124f4adf171e15cd9a91a8b6e0325ecc97be8fe1"><code>124f4ad</code></a> 2024.06.02 (<a href="https://redirect.github.com/certifi/python-certifi/issues/291">#291</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/c2196ce5d6ee675b27755a19948480a7823e2c6a"><code>c2196ce</code></a> --- (<a href="https://redirect.github.com/certifi/python-certifi/issues/290">#290</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/fefdeec7588ff1c05214b85a552afcad5fdb51b2"><code>fefdeec</code></a> Bump actions/checkout from 4.1.4 to 4.1.5 (<a href="https://redirect.github.com/certifi/python-certifi/issues/289">#289</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/3c5fb1560b826a7f83f1f9750173ff766492c9cf"><code>3c5fb15</code></a> Bump actions/download-artifact from 4.1.6 to 4.1.7 (<a href="https://redirect.github.com/certifi/python-certifi/issues/286">#286</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/4a9569a3eb58db8548536fc16c5c5c7af946a5b1"><code>4a9569a</code></a> Bump actions/checkout from 4.1.2 to 4.1.4 (<a href="https://redirect.github.com/certifi/python-certifi/issues/287">#287</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/1fc808626a895a916b1e4c2b63abae6c5eafdbe3"><code>1fc8086</code></a> Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (<a href="https://redirect.github.com/certifi/python-certifi/issues/288">#288</a>)</li> <li>Additional commits viewable in <a href="https://github.com/certifi/python-certifi/compare/2024.02.02...2024.07.04">compare view</a></li> </ul> </details> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=certifi&package-manager=pip&previous-version=2024.2.2&new-version=2024.7.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/aws/aws-cdk/network/alerts). </details>

Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec` **L1 CloudFormation resource definition changes:** ``` ├[~] service aws-applicationautoscaling │ └ resources │ ├[~] resource AWS::ApplicationAutoScaling::ScalableTarget │ │ └ properties │ │ ├ ResourceId: (documentation changed) │ │ └ ScalableDimension: (documentation changed) │ └[~] resource AWS::ApplicationAutoScaling::ScalingPolicy │ └ properties │ ├ ResourceId: (documentation changed) │ └ ScalableDimension: (documentation changed) ├[~] service aws-codebuild │ └ resources │ └[~] resource AWS::CodeBuild::Project │ └ types │ ├[~] type ProjectTriggers │ │ └ properties │ │ └ ScopeConfiguration: (documentation changed) │ └[~] type ScopeConfiguration │ ├ - documentation: undefined │ │ + documentation: Contains configuration information about the scope for a webhook. │ └ properties │ └ Name: (documentation changed) ├[~] service aws-deadline │ └ resources │ └[~] resource AWS::Deadline::MeteredProduct │ └ properties │ ├ Family: (documentation changed) │ ├ Port: (documentation changed) │ └ Vendor: (documentation changed) ├[~] service aws-dms │ └ resources │ └[~] resource AWS::DMS::Endpoint │ └ types │ └[~] type OracleSettings │ └ properties │ ├ ArchivedLogsOnly: (documentation changed) │ ├ UseBFile: (documentation changed) │ ├ UseDirectPathFullLoad: (documentation changed) │ └ UseLogminerReader: (documentation changed) ├[~] service aws-emr │ └ resources │ ├[~] resource AWS::EMR::Cluster │ │ └ types │ │ ├[~] type OnDemandProvisioningSpecification │ │ │ └ properties │ │ │ └ AllocationStrategy: (documentation changed) │ │ └[~] type SpotProvisioningSpecification │ │ └ properties │ │ └ AllocationStrategy: (documentation changed) │ └[~] resource AWS::EMR::InstanceFleetConfig │ └ types │ ├[~] type OnDemandProvisioningSpecification │ │ └ properties │ │ └ AllocationStrategy: (documentation changed) │ └[~] type SpotProvisioningSpecification │ └ properties │ └ AllocationStrategy: (documentation changed) ├[~] service aws-kinesisanalyticsv2 │ └ resources │ └[~] resource AWS::KinesisAnalyticsV2::Application │ └ types │ ├[~] type ApplicationConfiguration │ │ └ properties │ │ └ ApplicationSystemRollbackConfiguration: (documentation changed) │ ├[~] type ApplicationSystemRollbackConfiguration │ │ ├ - documentation: Describes whether system initiated rollbacks are enabled for a Flink-based Kinesis Data Analytics application. │ │ │ + documentation: Describes the system rollback configuration for a Managed Service for Apache Flink application. │ │ └ properties │ │ └ RollbackEnabled: (documentation changed) │ ├[~] type CheckpointConfiguration │ │ ├ - documentation: Describes an application's checkpointing configuration. Checkpointing is the process of persisting application state for fault tolerance. For more information, see [Checkpoints for Fault Tolerance](https://docs.aws.amazon.com/https://ci.apache.org/projects/flink/flink-docs-release-1.8/concepts/programming-model.html#checkpoints-for-fault-tolerance) in the [Apache Flink Documentation](https://docs.aws.amazon.com/https://ci.apache.org/projects/flink/flink-docs-release-1.8/) . │ │ │ + documentation: Describes an application's checkpointing configuration. Checkpointing is the process of persisting application state for fault tolerance. For more information, see [Checkpoints for Fault Tolerance](https://docs.aws.amazon.com/https://nightlies.apache.org/flink/flink-docs-master/docs/dev/datastream/fault-tolerance/checkpointing/) in the [Apache Flink Documentation](https://docs.aws.amazon.com/https://nightlies.apache.org/flink/flink-docs-master) . │ │ └ properties │ │ └ MinPauseBetweenCheckpoints: (documentation changed) │ ├[~] type FlinkRunConfiguration │ │ └ properties │ │ └ AllowNonRestoredState: (documentation changed) │ └[~] type ParallelismConfiguration │ └ - documentation: Describes parameters for how a Flink-based Kinesis Data Analytics application executes multiple tasks simultaneously. For more information about parallelism, see [Parallel Execution](https://docs.aws.amazon.com/https://ci.apache.org/projects/flink/flink-docs-release-1.8/dev/parallel.html) in the [Apache Flink Documentation](https://docs.aws.amazon.com/https://ci.apache.org/projects/flink/flink-docs-release-1.8/) . │ + documentation: Describes parameters for how a Flink-based Kinesis Data Analytics application executes multiple tasks simultaneously. For more information about parallelism, see [Parallel Execution](https://docs.aws.amazon.com/https://nightlies.apache.org/flink/flink-docs-master/docs/dev/datastream/execution/parallel/) in the [Apache Flink Documentation](https://docs.aws.amazon.com/https://nightlies.apache.org/flink/flink-docs-master) . ├[~] service aws-rds │ └ resources │ └[~] resource AWS::RDS::DBInstance │ └ types │ ├[~] type CertificateDetails │ │ └ - documentation: Returns the details of the DB instance’s server certificate. │ │ For more information, see [Using SSL/TLS to encrypt a connection to a DB instance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html) in the *Amazon RDS User Guide* and [Using SSL/TLS to encrypt a connection to a DB cluster](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html) in the *Amazon Aurora User Guide* . │ │ + documentation: The details of the DB instance’s server certificate. │ │ For more information, see [Using SSL/TLS to encrypt a connection to a DB instance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html) in the *Amazon RDS User Guide* and [Using SSL/TLS to encrypt a connection to a DB cluster](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html) in the *Amazon Aurora User Guide* . │ └[~] type ProcessorFeature │ └ properties │ └ Value: (documentation changed) ├[~] service aws-rolesanywhere │ └ resources │ └[~] resource AWS::RolesAnywhere::CRL │ ├ properties │ │ ├ CrlData: (documentation changed) │ │ ├ Enabled: (documentation changed) │ │ ├ Name: (documentation changed) │ │ └ Tags: (documentation changed) │ └ attributes │ └ CrlId: (documentation changed) ├[~] service aws-route53profiles │ └ resources │ └[~] resource AWS::Route53Profiles::ProfileAssociation │ └ properties │ └ ResourceId: (documentation changed) ├[~] service aws-ses │ └ resources │ ├[~] resource AWS::SES::ConfigurationSet │ │ ├ properties │ │ │ ├ DeliveryOptions: (documentation changed) │ │ │ ├ ReputationOptions: (documentation changed) │ │ │ └ TrackingOptions: (documentation changed) │ │ └ types │ │ ├[~] type DashboardOptions │ │ │ └ - documentation: Settings for your VDM configuration as applicable to the Dashboard. │ │ │ + documentation: An object containing additional settings for your VDM configuration as applicable to the Dashboard. │ │ ├[~] type DeliveryOptions │ │ │ └ - documentation: Specifies whether messages that use the configuration set are required to use Transport Layer Security (TLS). │ │ │ + documentation: Specifies the name of the dedicated IP pool to associate with the configuration set and whether messages that use the configuration set are required to use Transport Layer Security (TLS). │ │ ├[~] type GuardianOptions │ │ │ └ - documentation: Settings for your VDM configuration as applicable to the Guardian. │ │ │ + documentation: An object containing additional settings for your VDM configuration as applicable to the Guardian. │ │ ├[~] type ReputationOptions │ │ │ ├ - documentation: Contains information about the reputation settings for a configuration set. │ │ │ │ + documentation: Enable or disable collection of reputation metrics for emails that you send using this configuration set in the current AWS Region. │ │ │ └ properties │ │ │ └ ReputationMetricsEnabled: (documentation changed) │ │ ├[~] type TrackingOptions │ │ │ └ - documentation: A domain that is used to redirect email recipients to an Amazon SES-operated domain. This domain captures open and click events generated by Amazon SES emails. │ │ │ For more information, see [Configuring Custom Domains to Handle Open and Click Tracking](https://docs.aws.amazon.com/ses/latest/dg/configure-custom-open-click-domains.html) in the *Amazon SES Developer Guide* . │ │ │ + documentation: An object that defines the tracking options for a configuration set. When you use the Amazon SES API v2 to send an email, it contains an invisible image that's used to track when recipients open your email. If your email contains links, those links are changed slightly in order to track when recipients click them. │ │ │ You can optionally configure a custom subdomain that is used to redirect email recipients to an Amazon SES-operated domain. This domain captures open and click events generated by Amazon SES emails. │ │ │ For more information, see [Configuring Custom Domains to Handle Open and Click Tracking](https://docs.aws.amazon.com/ses/latest/dg/configure-custom-open-click-domains.html) in the *Amazon SES Developer Guide* . │ │ └[~] type VdmOptions │ │ └ properties │ │ ├ DashboardOptions: (documentation changed) │ │ └ GuardianOptions: (documentation changed) │ ├[~] resource AWS::SES::ConfigurationSetEventDestination │ │ ├ - documentation: Specifies a configuration set event destination. An event destination is an AWS service that Amazon SES publishes email sending events to. When you specify an event destination, you provide one, and only one, destination. You can send event data to Amazon CloudWatch, Amazon Kinesis Data Firehose, or Amazon Simple Notification Service (Amazon SNS). │ │ │ + documentation: Specifies a configuration set event destination. *Events* include message sends, deliveries, opens, clicks, bounces, and complaints. *Event destinations* are places that you can send information about these events to. For example, you can send event data to Amazon SNS to receive notifications when you receive bounces or complaints, or you can use Amazon Kinesis Data Firehose to stream data to Amazon S3 for long-term storage. │ │ │ A single configuration set can include more than one event destination. │ │ ├ properties │ │ │ └ EventDestination: (documentation changed) │ │ └ types │ │ ├[~] type CloudWatchDestination │ │ │ ├ - documentation: Contains information associated with an Amazon CloudWatch event destination to which email sending events are published. │ │ │ │ Event destinations, such as Amazon CloudWatch, are associated with configuration sets, which enable you to publish email sending events. For information about using configuration sets, see the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/dg/monitor-sending-activity.html) . │ │ │ │ + documentation: An object that defines an Amazon CloudWatch destination for email events. You can use Amazon CloudWatch to monitor and gain insights on your email sending metrics. │ │ │ └ properties │ │ │ └ DimensionConfigurations: (documentation changed) │ │ ├[~] type DimensionConfiguration │ │ │ ├ - documentation: Contains the dimension configuration to use when you publish email sending events to Amazon CloudWatch. │ │ │ │ For information about publishing email sending events to Amazon CloudWatch, see the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/dg/monitor-sending-activity.html) . │ │ │ │ + documentation: An object that defines the dimension configuration to use when you send email events to Amazon CloudWatch. │ │ │ └ properties │ │ │ ├ DefaultDimensionValue: (documentation changed) │ │ │ ├ DimensionName: (documentation changed) │ │ │ └ DimensionValueSource: (documentation changed) │ │ ├[~] type EventBridgeDestination │ │ │ ├ - documentation: An object that contains Event bus ARN associated with the event bridge destination. │ │ │ │ + documentation: An object that defines an Amazon EventBridge destination for email events. You can use Amazon EventBridge to send notifications when certain email events occur. │ │ │ └ properties │ │ │ └ EventBusArn: (documentation changed) │ │ ├[~] type EventDestination │ │ │ ├ - documentation: Contains information about an event destination. │ │ │ │ > When you create or update an event destination, you must provide one, and only one, destination. The destination can be Amazon CloudWatch, Amazon Kinesis Firehose or Amazon Simple Notification Service (Amazon SNS). │ │ │ │ Event destinations are associated with configuration sets, which enable you to publish email sending events to Amazon CloudWatch, Amazon Kinesis Firehose, or Amazon Simple Notification Service (Amazon SNS). For information about using configuration sets, see the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/dg/monitor-sending-activity.html) . │ │ │ │ + documentation: In the Amazon SES API v2, *events* include message sends, deliveries, opens, clicks, bounces, complaints and delivery delays. *Event destinations* are places that you can send information about these events to. For example, you can send event data to Amazon SNS to receive notifications when you receive bounces or complaints, or you can use Amazon Kinesis Data Firehose to stream data to Amazon S3 for long-term storage. │ │ │ └ properties │ │ │ ├ CloudWatchDestination: (documentation changed) │ │ │ ├ Enabled: (documentation changed) │ │ │ ├ EventBridgeDestination: (documentation changed) │ │ │ └ MatchingEventTypes: (documentation changed) │ │ └[~] type KinesisFirehoseDestination │ │ ├ - documentation: Contains the delivery stream ARN and the IAM role ARN associated with an Amazon Kinesis Firehose event destination. │ │ │ Event destinations, such as Amazon Kinesis Firehose, are associated with configuration sets, which enable you to publish email sending events. For information about using configuration sets, see the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/dg/monitor-sending-activity.html) . │ │ │ + documentation: An object that defines an Amazon Kinesis Data Firehose destination for email events. You can use Amazon Kinesis Data Firehose to stream data to other services, such as Amazon S3 and Amazon Redshift. │ │ └ properties │ │ └ IAMRoleARN: (documentation changed) │ ├[~] resource AWS::SES::EmailIdentity │ │ ├ - documentation: Specifies an identity for using within SES. An identity is an email address or domain that you use when you send email. Before you can use an identity to send email, you first have to verify it. By verifying an identity, you demonstrate that you're the owner of the identity, and that you've given Amazon SES API v2 permission to send email from the identity. │ │ │ When you verify an email address, SES sends an email to the address. Your email address is verified as soon as you follow the link in the verification email. When you verify a domain without specifying the DkimSigningAttributes properties, OR only the NextSigningKeyLength property of DkimSigningAttributes, this resource provides a set of CNAME token names and values (DkimDNSTokenName1, DkimDNSTokenValue1, DkimDNSTokenName2, DkimDNSTokenValue2, DkimDNSTokenName3, DkimDNSTokenValue3) as outputs. You can then add these to the DNS configuration for your domain. Your domain is verified when Amazon SES detects these records in the DNS configuration for your domain. This verification method is known as Easy DKIM. │ │ │ Alternatively, you can perform the verification process by providing your own public-private key pair. This verification method is known as Bring Your Own DKIM (BYODKIM). To use BYODKIM, your resource must include DkimSigningAttributes properties DomainSigningSelector and DomainSigningPrivateKey. When you specify this object, you provide a selector (DomainSigningSelector) (a component of the DNS record name that identifies the public key to use for DKIM authentication) and a private key (DomainSigningPrivateKey). │ │ │ Additionally, you can associate an existing configuration set with the email identity that you're verifying. │ │ │ + documentation: Specifies an identity for using within SES. An identity is an email address or domain that you use when you send email. Before you can use an identity to send email, you first have to verify it. By verifying an identity, you demonstrate that you're the owner of the identity, and that you've given Amazon SES API v2 permission to send email from the identity. │ │ │ When you verify an email address, SES sends an email to the address. Your email address is verified as soon as you follow the link in the verification email. When you verify a domain without specifying the `DkimSigningAttributes` properties, OR only the `NextSigningKeyLength` property of `DkimSigningAttributes` , this resource provides a set of CNAME token names and values ( *DkimDNSTokenName1* , *DkimDNSTokenValue1* , *DkimDNSTokenName2* , *DkimDNSTokenValue2* , *DkimDNSTokenName3* , *DkimDNSTokenValue3* ) as outputs. You can then add these to the DNS configuration for your domain. Your domain is verified when Amazon SES detects these records in the DNS configuration for your domain. This verification method is known as Easy DKIM. │ │ │ Alternatively, you can perform the verification process by providing your own public-private key pair. This verification method is known as Bring Your Own DKIM (BYODKIM). To use BYODKIM, your resource must include `DkimSigningAttributes` properties `DomainSigningSelector` and `DomainSigningPrivateKey` . When you specify this object, you provide a selector ( `DomainSigningSelector` ) (a component of the DNS record name that identifies the public key to use for DKIM authentication) and a private key ( `DomainSigningPrivateKey` ). │ │ │ Additionally, you can associate an existing configuration set with the email identity that you're verifying. │ │ └ properties │ │ └ DkimSigningAttributes: (documentation changed) │ ├[~] resource AWS::SES::ReceiptRule │ │ └ types │ │ ├[~] type Action │ │ │ └ properties │ │ │ └ WorkmailAction: (documentation changed) │ │ ├[~] type AddHeaderAction │ │ │ ├ - documentation: When included in a receipt rule, this action adds a header to the received email. │ │ │ │ For information about adding a header using a receipt rule, see the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/dg/receiving-email-action-add-header.html) . │ │ │ │ + documentation: When included in a receipt rule, this action adds a header to the received email. │ │ │ │ For information about adding a header using a receipt rule, see the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/dg/receiving-email-receipt-rules-console-walkthrough.html) . │ │ │ └ properties │ │ │ └ HeaderName: (documentation changed) │ │ └[~] type S3Action │ │ └ - documentation: When included in a receipt rule, this action saves the received message to an Amazon Simple Storage Service (Amazon S3) bucket and, optionally, publishes a notification to Amazon Simple Notification Service (Amazon SNS). │ │ To enable Amazon SES to write emails to your Amazon S3 bucket, use an AWS KMS key to encrypt your emails, or publish to an Amazon SNS topic of another account, Amazon SES must have permission to access those resources. For information about granting permissions, see the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/dg/receiving-email-permissions.html) . │ │ > When you save your emails to an Amazon S3 bucket, the maximum email size (including headers) is 40 MB. Emails larger than that bounces. │ │ For information about specifying Amazon S3 actions in receipt rules, see the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/dg/receiving-email-action-s3.html) . │ │ + documentation: When included in a receipt rule, this action saves the received message to an Amazon Simple Storage Service (Amazon S3) bucket and, optionally, publishes a notification to Amazon Simple Notification Service (Amazon SNS). │ │ To enable Amazon SES to write emails to your Amazon S3 bucket, use an AWS KMS key to encrypt your emails, or publish to an Amazon SNS topic of another account, Amazon SES must have permission to access those resources. For information about granting permissions, see the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/dg/receiving-email-permissions.html) . │ │ > When you save your emails to an Amazon S3 bucket, the maximum email size (including headers) is 30 MB. Emails larger than that bounces. │ │ For information about specifying Amazon S3 actions in receipt rules, see the [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/dg/receiving-email-action-s3.html) . │ ├[~] resource AWS::SES::ReceiptRuleSet │ │ └ properties │ │ └ RuleSetName: (documentation changed) │ ├[~] resource AWS::SES::Template │ │ └ types │ │ └[~] type Template │ │ ├ - documentation: The content of the email, composed of a subject line and either an HTML part or a text-only part. │ │ │ + documentation: An object that defines the email template to use for an email message, and the values to use for any message variables in that template. An *email template* is a type of message template that contains content that you want to define, save, and reuse in email messages that you send. │ │ └ properties │ │ └ TemplateName: (documentation changed) │ └[~] resource AWS::SES::VdmAttributes │ └ types │ ├[~] type DashboardAttributes │ │ └ - documentation: Settings for your VDM configuration as applicable to the Dashboard. │ │ + documentation: An object containing additional settings for your VDM configuration as applicable to the Dashboard. │ └[~] type GuardianAttributes │ └ - documentation: Settings for your VDM configuration as applicable to the Guardian. │ + documentation: An object containing additional settings for your VDM configuration as applicable to the Guardian. ├[~] service aws-verifiedpermissions │ └ resources │ ├[~] resource AWS::VerifiedPermissions::IdentitySource │ │ ├ properties │ │ │ └ Configuration: (documentation changed) │ │ └ types │ │ └[~] type CognitoGroupConfiguration │ │ └ - documentation: The type of entity that a policy store maps to groups from an Amazon Cognito user pool identity source. │ │ This data type is part of a [CognitoUserPoolConfiguration](https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CognitoUserPoolConfiguration.html) structure and is a request parameter in [CreateIdentitySource](https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreateIdentitySource.html) . │ │ + documentation: The type of entity that a policy store maps to groups from an Amazon Cognito user pool identity source. │ ├[~] resource AWS::VerifiedPermissions::Policy │ │ └ - documentation: Creates or updates a Cedar policy and saves it in the specified policy store. You can create either a static policy or a policy linked to a policy template. │ │ You can directly update only static policies. To update a template-linked policy, you must update it's linked policy template instead. │ │ - To create a static policy, in the `Definition` include a `Static` element that includes the Cedar policy text in the `Statement` element. │ │ - To create a policy that is dynamically linked to a policy template, in the `Definition` include a `Templatelinked` element that specifies the policy template ID and the principal and resource to associate with this policy. If the policy template is ever updated, any policies linked to the policy template automatically use the updated template. │ │ > - If policy validation is enabled in the policy store, then updating a static policy causes Verified Permissions to validate the policy against the schema in the policy store. If the updated static policy doesn't pass validation, the operation fails and the update isn't stored. │ │ > - When you edit a static policy, You can change only certain elements of a static policy: │ │ > │ │ > - The action referenced by the policy. │ │ > - A condition clause, such as when and unless. │ │ > │ │ > You can't change these elements of a static policy: │ │ > │ │ > - Changing a policy from a static policy to a template-linked policy. │ │ > - Changing the effect of a static policy from permit or forbid. │ │ > - The principal referenced by a static policy. │ │ > - The resource referenced by a static policy. │ │ > - To update a template-linked policy, you must update the template instead. │ │ + documentation: Creates or updates a Cedar policy and saves it in the specified policy store. You can create either a static policy or a policy linked to a policy template. │ │ You can directly update only static policies. To update a template-linked policy, you must update its linked policy template instead. │ │ - To create a static policy, in the `Definition` include a `Static` element that includes the Cedar policy text in the `Statement` element. │ │ - To create a policy that is dynamically linked to a policy template, in the `Definition` include a `Templatelinked` element that specifies the policy template ID and the principal and resource to associate with this policy. If the policy template is ever updated, any policies linked to the policy template automatically use the updated template. │ │ > - If policy validation is enabled in the policy store, then updating a static policy causes Verified Permissions to validate the policy against the schema in the policy store. If the updated static policy doesn't pass validation, the operation fails and the update isn't stored. │ │ > - When you edit a static policy, You can change only certain elements of a static policy: │ │ > │ │ > - The action referenced by the policy. │ │ > - A condition clause, such as when and unless. │ │ > │ │ > You can't change these elements of a static policy: │ │ > │ │ > - Changing a policy from a static policy to a template-linked policy. │ │ > - Changing the effect of a static policy from permit or forbid. │ │ > - The principal referenced by a static policy. │ │ > - The resource referenced by a static policy. │ │ > - To update a template-linked policy, you must update the template instead. │ └[~] resource AWS::VerifiedPermissions::PolicyStore │ └ types │ └[~] type SchemaDefinition │ └ properties │ └ CedarJson: (documentation changed) ├[~] service aws-wafv2 │ └ resources │ ├[~] resource AWS::WAFv2::RuleGroup │ │ └ types │ │ └[~] type JsonBody │ │ ├ - documentation: Inspect the body of the web request as JSON. The body immediately follows the request headers. │ │ │ This is used to indicate the web request component to inspect, in the `FieldToMatch` specification. │ │ │ Use the specifications in this object to indicate which parts of the JSON body to inspect using the rule's inspection criteria. AWS WAF inspects only the parts of the JSON that result from the matches that you indicate. │ │ │ Example JSON: `"JsonBody": { "MatchPattern": { "All": {} }, "MatchScope": "ALL" }` │ │ │ + documentation: Inspect the body of the web request as JSON. The body immediately follows the request headers. │ │ │ This is used to indicate the web request component to inspect, in the `FieldToMatch` specification. │ │ │ Use the specifications in this object to indicate which parts of the JSON body to inspect using the rule's inspection criteria. AWS WAF inspects only the parts of the JSON that result from the matches that you indicate. │ │ │ Example JSON: `"JsonBody": { "MatchPattern": { "All": {} }, "MatchScope": "ALL" }` │ │ │ For additional information about this request component option, see [JSON body](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-fields-list.html#waf-rule-statement-request-component-json-body) in the *AWS WAF Developer Guide* . │ │ └ properties │ │ └ InvalidFallbackBehavior: (documentation changed) │ └[~] resource AWS::WAFv2::WebACL │ └ types │ └[~] type JsonBody │ ├ - documentation: Inspect the body of the web request as JSON. The body immediately follows the request headers. │ │ This is used to indicate the web request component to inspect, in the `FieldToMatch` specification. │ │ Use the specifications in this object to indicate which parts of the JSON body to inspect using the rule's inspection criteria. AWS WAF inspects only the parts of the JSON that result from the matches that you indicate. │ │ Example JSON: `"JsonBody": { "MatchPattern": { "All": {} }, "MatchScope": "ALL" }` │ │ + documentation: Inspect the body of the web request as JSON. The body immediately follows the request headers. │ │ This is used to indicate the web request component to inspect, in the `FieldToMatch` specification. │ │ Use the specifications in this object to indicate which parts of the JSON body to inspect using the rule's inspection criteria. AWS WAF inspects only the parts of the JSON that result from the matches that you indicate. │ │ Example JSON: `"JsonBody": { "MatchPattern": { "All": {} }, "MatchScope": "ALL" }` │ │ For additional information about this request component option, see [JSON body](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-fields-list.html#waf-rule-statement-request-component-json-body) in the *AWS WAF Developer Guide* . │ └ properties │ └ InvalidFallbackBehavior: (documentation changed) └[~] service aws-workspaces └ resources ├[~] resource AWS::WorkSpaces::Workspace │ ├ properties │ │ ├ UserName: (documentation changed) │ │ └ VolumeEncryptionKey: (documentation changed) │ └ types │ └[~] type WorkspaceProperties │ └ properties │ └ RunningMode: (documentation changed) └[~] resource AWS::WorkSpaces::WorkspacesPool ├ - documentation: Resource Type definition for AWS::WorkSpaces::WorkspacesPool │ + documentation: Describes a pool of WorkSpaces. ├ properties │ ├ ApplicationSettings: (documentation changed) │ ├ BundleId: (documentation changed) │ ├ Capacity: (documentation changed) │ ├ Description: (documentation changed) │ ├ DirectoryId: (documentation changed) │ ├ PoolName: (documentation changed) │ ├ Tags: (documentation changed) │ └ TimeoutSettings: (documentation changed) ├ attributes │ ├ CreatedAt: (documentation changed) │ ├ PoolArn: (documentation changed) │ └ PoolId: (documentation changed) └ types ├[~] type ApplicationSettings │ ├ - documentation: undefined │ │ + documentation: The persistent application settings for users in the pool. │ └ properties │ ├ SettingsGroup: (documentation changed) │ └ Status: (documentation changed) ├[~] type Capacity │ ├ - documentation: undefined │ │ + documentation: Describes the user capacity for the pool. │ └ properties │ └ DesiredUserSessions: (documentation changed) └[~] type TimeoutSettings ├ - documentation: undefined │ + documentation: Describes the timeout settings for the pool. └ properties ├ DisconnectTimeoutInSeconds: (documentation changed) ├ IdleDisconnectTimeoutInSeconds: (documentation changed) └ MaxUserDurationInSeconds: (documentation changed) ```

…s-cdk/aws-lambda-python-alpha/test/lambda-handler-poetry (aws#30787) Bumps [certifi](https://github.com/certifi/python-certifi) from 2023.7.22 to 2024.7.4. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463"><code>bd81538</code></a> 2024.07.04 (<a href="https://redirect.github.com/certifi/python-certifi/issues/295">#295</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/06a2cbf21f345563dde6c28b60e29d57e9b210b3"><code>06a2cbf</code></a> Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (<a href="https://redirect.github.com/certifi/python-certifi/issues/294">#294</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/13bba02b72bac97c432c277158bc04b4d2a6bc23"><code>13bba02</code></a> Bump actions/checkout from 4.1.6 to 4.1.7 (<a href="https://redirect.github.com/certifi/python-certifi/issues/293">#293</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/e8abcd0e62b334c164b95d49fcabdc9ecbca0554"><code>e8abcd0</code></a> Bump pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0 (<a href="https://redirect.github.com/certifi/python-certifi/issues/292">#292</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/124f4adf171e15cd9a91a8b6e0325ecc97be8fe1"><code>124f4ad</code></a> 2024.06.02 (<a href="https://redirect.github.com/certifi/python-certifi/issues/291">#291</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/c2196ce5d6ee675b27755a19948480a7823e2c6a"><code>c2196ce</code></a> --- (<a href="https://redirect.github.com/certifi/python-certifi/issues/290">#290</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/fefdeec7588ff1c05214b85a552afcad5fdb51b2"><code>fefdeec</code></a> Bump actions/checkout from 4.1.4 to 4.1.5 (<a href="https://redirect.github.com/certifi/python-certifi/issues/289">#289</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/3c5fb1560b826a7f83f1f9750173ff766492c9cf"><code>3c5fb15</code></a> Bump actions/download-artifact from 4.1.6 to 4.1.7 (<a href="https://redirect.github.com/certifi/python-certifi/issues/286">#286</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/4a9569a3eb58db8548536fc16c5c5c7af946a5b1"><code>4a9569a</code></a> Bump actions/checkout from 4.1.2 to 4.1.4 (<a href="https://redirect.github.com/certifi/python-certifi/issues/287">#287</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/1fc808626a895a916b1e4c2b63abae6c5eafdbe3"><code>1fc8086</code></a> Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (<a href="https://redirect.github.com/certifi/python-certifi/issues/288">#288</a>)</li> <li>Additional commits viewable in <a href="https://github.com/certifi/python-certifi/compare/2023.07.22...2024.07.04">compare view</a></li> </ul> </details> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=certifi&package-manager=pip&previous-version=2023.7.22&new-version=2024.7.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/aws/aws-cdk/network/alerts). </details>

…ws#30429) ### Issue # (if applicable) Closes aws#30430 ### Reason for this change `ServerDeploymentConfig` does not support for configuring the [zonal configuration](https://docs.aws.amazon.com/codedeploy/latest/userguide/deployment-configurations-create.html#zonal-config). ### Description of changes - define `ZonalConfig` interface - define `MinimumHealthyHostsPerZone` class - add `zonalConfig` property to the `BaseDeploymentConfigProps` ### Description of how you validated changes Add both unit and integ tests ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…tartQueryExecution (aws#30447) ### Issue # (if applicable) Closes aws#30446. ### Reason for this change To use "reuse result" feature in Amazon Athena on Step Functions. ### Description of changes Add `resultReuseConfiguration` to the `AthenaStartQueryExecution` ### Description of how you validated changes ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Issue # (if applicable) Closes #<issue number here>. ### Reason for this change Just fix a broken link. ### Description of changes ### Description of how you validated changes ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

aws#30785) ### Reason for this change Information about targets supported by `aws-events-targets` is also listed in `aws-events`, but this information is outdated and can be confusing to users. Aggregating the list of supported targets in `aws-events-targets` will prevent contributors from forgetting to update it. ### Description of changes Add a message to the README of `aws-events` encouraging people to look at `aws-events-targets` for information on targets. ### Description of how you validated changes ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Closes aws#6831 ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…s-cdk/aws-lambda-python-alpha/test/lambda-handler-custom-build (aws#30802) Bumps [certifi](https://github.com/certifi/python-certifi) from 2023.7.22 to 2024.7.4. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463"><code>bd81538</code></a> 2024.07.04 (<a href="https://redirect.github.com/certifi/python-certifi/issues/295">#295</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/06a2cbf21f345563dde6c28b60e29d57e9b210b3"><code>06a2cbf</code></a> Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (<a href="https://redirect.github.com/certifi/python-certifi/issues/294">#294</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/13bba02b72bac97c432c277158bc04b4d2a6bc23"><code>13bba02</code></a> Bump actions/checkout from 4.1.6 to 4.1.7 (<a href="https://redirect.github.com/certifi/python-certifi/issues/293">#293</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/e8abcd0e62b334c164b95d49fcabdc9ecbca0554"><code>e8abcd0</code></a> Bump pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0 (<a href="https://redirect.github.com/certifi/python-certifi/issues/292">#292</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/124f4adf171e15cd9a91a8b6e0325ecc97be8fe1"><code>124f4ad</code></a> 2024.06.02 (<a href="https://redirect.github.com/certifi/python-certifi/issues/291">#291</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/c2196ce5d6ee675b27755a19948480a7823e2c6a"><code>c2196ce</code></a> --- (<a href="https://redirect.github.com/certifi/python-certifi/issues/290">#290</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/fefdeec7588ff1c05214b85a552afcad5fdb51b2"><code>fefdeec</code></a> Bump actions/checkout from 4.1.4 to 4.1.5 (<a href="https://redirect.github.com/certifi/python-certifi/issues/289">#289</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/3c5fb1560b826a7f83f1f9750173ff766492c9cf"><code>3c5fb15</code></a> Bump actions/download-artifact from 4.1.6 to 4.1.7 (<a href="https://redirect.github.com/certifi/python-certifi/issues/286">#286</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/4a9569a3eb58db8548536fc16c5c5c7af946a5b1"><code>4a9569a</code></a> Bump actions/checkout from 4.1.2 to 4.1.4 (<a href="https://redirect.github.com/certifi/python-certifi/issues/287">#287</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/1fc808626a895a916b1e4c2b63abae6c5eafdbe3"><code>1fc8086</code></a> Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (<a href="https://redirect.github.com/certifi/python-certifi/issues/288">#288</a>)</li> <li>Additional commits viewable in <a href="https://github.com/certifi/python-certifi/compare/2023.07.22...2024.07.04">compare view</a></li> </ul> </details> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=certifi&package-manager=pip&previous-version=2023.7.22&new-version=2024.7.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/aws/aws-cdk/network/alerts). </details>

…n rule (aws#30780) ### Issue # (if applicable) ### Reason for this change The `createdBy` property existed in the L1 construct but was not present in the L2 construct ### Description of changes - Add the `createdBy` property for `NotificationRule`, which was missing in the L2 construct. ### Description of how you validated changes I Added a unit test for codestarnotifications and integration tests for pipeline and codestarnotifications ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Issue # (if applicable) None ### Reason for this change AWS EC2 now supports R8G instance type. But CDK L2 construct does not support this. ### Description of changes Update `InstanceClass` ### Description of how you validated changes None ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…ror during synth (aws#30634) ### Reason for this change Creating multiple `Schedule`s causes Resolution Error during synth. This PR does not fix the root cause (discussing at aws#28713), but apply a workaround to prevent the error. ### Description of changes Use `ServicePrincipal` with conditions directly, instead of `PrincipalWithConditions`. ### Description of how you validated changes Added a feature flag `{"@aws-cdk/aws-iam:minimizePolicies":true}` to unit tests. Resolution errors occur before fix. No errors occur after fix. ## Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

… defining authorization type in method or root api (aws#30822) ### Issue # (if applicable) Closes aws#30444 ### Reason for this change The original PR caused a breaking change, we can't rollback because it was released in v2.142.0 and it fixes customers issues (partially). Simply doing a revert will be breaking for those customers again. ### Description of changes Identified the root cause and we should use `AuthorizationType` instead of `AuthorizationTypeOption`. `AuthorizationType` defaults to find the authorization type from the authorizer, falling back to use the auth type defined in the `Method` construct's options property and falling back to `None`. `AuthorizationTypeOptions` on the other hand tries to find the auth type from `Method` construct's options property which can be None because it's optional. ### Description of how you validated changes New unit tests covering the changes and new integration tests covering it. ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --------- Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

See CHANGELOG

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/merge-back/2.148.1/CHANGELOG.md)

Adds a condition to restrict s3 permissions on the file publish role. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/bump/2.149.0/CHANGELOG.md)

They have now been standardized for a few years. We did not initially remove the old mappings out of caution and because we were unsure that the changes has made it to all regions yet. It is long past that happening at this point. Because we never removed this or marked it as deprecated, we still have a not insignificant amount of customers who believe the individual mapping is necessary and cut tickets because it is not up-to-date. ### Issue # (if applicable) Closes #<issue number here>. ### Reason for this change ### Description of changes ### Description of how you validated changes ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/merge-back/2.149.0/CHANGELOG.md)

### Reason for this change As documented, the Node.js v16 runtime was deprecated on June 12, 2024. https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html ### Description of changes ### Description of how you validated changes ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec` **L1 CloudFormation resource definition changes:** ``` ├[~] service aws-bedrock │ └ resources │ ├[~] resource AWS::Bedrock::Agent │ │ └ types │ │ ├[~] type GuardrailConfiguration │ │ │ └ - documentation: Configuration information for a guardrail that you use with the `Converse` action. │ │ │ + documentation: Configuration information for a guardrail that you use with the [Converse](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_runtime_Converse.html) operation. │ │ └[~] type S3Identifier │ │ ├ - documentation: Contains information about the S3 object containing the resource. │ │ │ + documentation: The identifier information for an Amazon S3 bucket. │ │ └ properties │ │ └ S3ObjectKey: (documentation changed) │ ├[~] resource AWS::Bedrock::DataSource │ │ ├ properties │ │ │ ├ DataDeletionPolicy: (documentation changed) │ │ │ └ DataSourceConfiguration: (documentation changed) │ │ └ types │ │ ├[~] type ChunkingConfiguration │ │ │ └ properties │ │ │ └ ChunkingStrategy: (documentation changed) │ │ ├[~] type DataSourceConfiguration │ │ │ ├ - documentation: Contains details about how a data source is stored. │ │ │ │ + documentation: The connection configuration for the data source. │ │ │ └ properties │ │ │ ├ S3Configuration: (documentation changed) │ │ │ └ Type: (documentation changed) │ │ └[~] type S3DataSourceConfiguration │ │ ├ - documentation: Contains information about the S3 configuration of the data source. │ │ │ + documentation: The configuration information to connect to Amazon S3 as your data source. │ │ └ properties │ │ ├ BucketArn: (documentation changed) │ │ ├ BucketOwnerAccountId: (documentation changed) │ │ └ InclusionPrefixes: (documentation changed) │ └[~] resource AWS::Bedrock::KnowledgeBase │ └ types │ └[~] type KnowledgeBaseConfiguration │ └ - documentation: Contains details about the embeddings configuration of the knowledge base. │ + documentation: Configurations to apply to a knowledge base attached to the agent during query. For more information, see [Knowledge base retrieval configurations](https://docs.aws.amazon.com/bedrock/latest/userguide/agents-session-state.html#session-state-kb) . ├[~] service aws-cloudtrail │ └ resources │ ├[~] resource AWS::CloudTrail::EventDataStore │ │ └ types │ │ └[~] type AdvancedFieldSelector │ │ └ properties │ │ └ Field: (documentation changed) │ └[~] resource AWS::CloudTrail::Trail │ └ types │ ├[~] type AdvancedFieldSelector │ │ └ properties │ │ └ Field: (documentation changed) │ ├[~] type DataResource │ │ └ - documentation: Data events provide information about the resource operations performed on or within a resource itself. These are also known as data plane operations. You can specify up to 250 data resources for a trail. │ │ Configure the `DataResource` to specify the resource type and resource ARNs for which you want to log data events. │ │ You can specify the following resource types in your event selectors for your trail: │ │ - `AWS::DynamoDB::Table` │ │ - `AWS::Lambda::Function` │ │ - `AWS::S3::Object` │ │ > The total number of allowed data resources is 250. This number can be distributed between 1 and 5 event selectors, but the total cannot exceed 250 across all selectors for the trail. │ │ > │ │ > If you are using advanced event selectors, the maximum total number of values for all conditions, across all advanced event selectors for the trail, is 500. │ │ The following example demonstrates how logging works when you configure logging of all data events for an S3 bucket named `DOC-EXAMPLE-BUCKET1` . In this example, the CloudTrail user specified an empty prefix, and the option to log both `Read` and `Write` data events. │ │ - A user uploads an image file to `DOC-EXAMPLE-BUCKET1` . │ │ - The `PutObject` API operation is an Amazon S3 object-level API. It is recorded as a data event in CloudTrail. Because the CloudTrail user specified an S3 bucket with an empty prefix, events that occur on any object in that bucket are logged. The trail processes and logs the event. │ │ - A user uploads an object to an Amazon S3 bucket named `arn:aws:s3:::DOC-EXAMPLE-BUCKET1` . │ │ - The `PutObject` API operation occurred for an object in an S3 bucket that the CloudTrail user didn't specify for the trail. The trail doesn’t log the event. │ │ The following example demonstrates how logging works when you configure logging of AWS Lambda data events for a Lambda function named *MyLambdaFunction* , but not for all Lambda functions. │ │ - A user runs a script that includes a call to the *MyLambdaFunction* function and the *MyOtherLambdaFunction* function. │ │ - The `Invoke` API operation on *MyLambdaFunction* is an Lambda API. It is recorded as a data event in CloudTrail. Because the CloudTrail user specified logging data events for *MyLambdaFunction* , any invocations of that function are logged. The trail processes and logs the event. │ │ - The `Invoke` API operation on *MyOtherLambdaFunction* is an Lambda API. Because the CloudTrail user did not specify logging data events for all Lambda functions, the `Invoke` operation for *MyOtherLambdaFunction* does not match the function specified for the trail. The trail doesn’t log the event. │ │ + documentation: You can configure the `DataResource` in an `EventSelector` to log data events for the following three resource types: │ │ - `AWS::DynamoDB::Table` │ │ - `AWS::Lambda::Function` │ │ - `AWS::S3::Object` │ │ To log data events for all other resource types including objects stored in [directory buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-overview.html) , you must use [AdvancedEventSelectors](https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_AdvancedEventSelector.html) . You must also use `AdvancedEventSelectors` if you want to filter on the `eventName` field. │ │ Configure the `DataResource` to specify the resource type and resource ARNs for which you want to log data events. │ │ > The total number of allowed data resources is 250. This number can be distributed between 1 and 5 event selectors, but the total cannot exceed 250 across all selectors for the trail. │ │ The following example demonstrates how logging works when you configure logging of all data events for a general purpose bucket named `DOC-EXAMPLE-BUCKET1` . In this example, the CloudTrail user specified an empty prefix, and the option to log both `Read` and `Write` data events. │ │ - A user uploads an image file to `DOC-EXAMPLE-BUCKET1` . │ │ - The `PutObject` API operation is an Amazon S3 object-level API. It is recorded as a data event in CloudTrail. Because the CloudTrail user specified an S3 bucket with an empty prefix, events that occur on any object in that bucket are logged. The trail processes and logs the event. │ │ - A user uploads an object to an Amazon S3 bucket named `arn:aws:s3:::DOC-EXAMPLE-BUCKET1` . │ │ - The `PutObject` API operation occurred for an object in an S3 bucket that the CloudTrail user didn't specify for the trail. The trail doesn’t log the event. │ │ The following example demonstrates how logging works when you configure logging of AWS Lambda data events for a Lambda function named *MyLambdaFunction* , but not for all Lambda functions. │ │ - A user runs a script that includes a call to the *MyLambdaFunction* function and the *MyOtherLambdaFunction* function. │ │ - The `Invoke` API operation on *MyLambdaFunction* is an Lambda API. It is recorded as a data event in CloudTrail. Because the CloudTrail user specified logging data events for *MyLambdaFunction* , any invocations of that function are logged. The trail processes and logs the event. │ │ - The `Invoke` API operation on *MyOtherLambdaFunction* is an Lambda API. Because the CloudTrail user did not specify logging data events for all Lambda functions, the `Invoke` operation for *MyOtherLambdaFunction* does not match the function specified for the trail. The trail doesn’t log the event. │ └[~] type EventSelector │ └ properties │ └ DataResources: (documentation changed) ├[~] service aws-cognito │ └ resources │ └[~] resource AWS::Cognito::UserPoolUICustomizationAttachment │ └ attributes │ └ Id: (documentation changed) ├[~] service aws-ecs │ └ resources │ ├[~] resource AWS::ECS::Service │ │ └ types │ │ └[~] type LogConfiguration │ │ └ properties │ │ └ LogDriver: (documentation changed) │ └[~] resource AWS::ECS::TaskDefinition │ ├ properties │ │ └ Cpu: (documentation changed) │ └ types │ ├[~] type ContainerDefinition │ │ └ properties │ │ └ StartTimeout: (documentation changed) │ └[~] type LogConfiguration │ └ properties │ └ LogDriver: (documentation changed) ├[~] service aws-fsx │ └ resources │ ├[~] resource AWS::FSx::FileSystem │ │ └ types │ │ ├[~] type OntapConfiguration │ │ │ └ properties │ │ │ ├ DeploymentType: (documentation changed) │ │ │ ├ HAPairs: (documentation changed) │ │ │ ├ PreferredSubnetId: (documentation changed) │ │ │ └ ThroughputCapacityPerHAPair: (documentation changed) │ │ └[~] type OpenZFSConfiguration │ │ └ properties │ │ └ DeploymentType: (documentation changed) │ └[~] resource AWS::FSx::Volume │ └ types │ └[~] type AggregateConfiguration │ └ properties │ └ Aggregates: (documentation changed) ├[~] service aws-qbusiness │ └ resources │ ├[~] resource AWS::QBusiness::DataSource │ │ └ properties │ │ └ Configuration: (documentation changed) │ └[~] resource AWS::QBusiness::WebExperience │ └ properties │ └ RoleArn: (documentation changed) ├[~] service aws-rds │ └ resources │ └[~] resource AWS::RDS::DBInstance │ ├ properties │ │ └ AutomaticBackupReplicationRegion: (documentation changed) │ └ types │ └[~] type ProcessorFeature │ └ - documentation: The `ProcessorFeature` property type specifies the processor features of a DB instance class status. │ + documentation: The `ProcessorFeature` property type specifies the processor features of a DB instance class. └[~] service aws-sagemaker └ resources ├[~] resource AWS::SageMaker::DataQualityJobDefinition │ └ types │ └[~] type StoppingCondition │ └ - documentation: Specifies a limit to how long a model training job or model compilation job can run. It also specifies how long a managed spot training job has to complete. When the job reaches the time limit, SageMaker ends the training or compilation job. Use this API to cap model training costs. │ To stop a training job, SageMaker sends the algorithm the `SIGTERM` signal, which delays job termination for 120 seconds. Algorithms can use this 120-second window to save the model artifacts, so the results of training are not lost. │ The training algorithms provided by SageMaker automatically save the intermediate results of a model training job when possible. This attempt to save artifacts is only a best effort case as model might not be in a state from which it can be saved. For example, if training has just started, the model might not be ready to save. When saved, this intermediate data is a valid model artifact. You can use it to create a model with `CreateModel` . │ > The Neural Topic Model (NTM) currently does not support saving intermediate model artifacts. When training NTMs, make sure that the maximum runtime is sufficient for the training job to complete. │ + documentation: Specifies a limit to how long a job can run. When the job reaches the time limit, SageMaker ends the job. Use this API to cap costs. │ To stop a training job, SageMaker sends the algorithm the `SIGTERM` signal, which delays job termination for 120 seconds. Algorithms can use this 120-second window to save the model artifacts, so the results of training are not lost. │ The training algorithms provided by SageMaker automatically save the intermediate results of a model training job when possible. This attempt to save artifacts is only a best effort case as model might not be in a state from which it can be saved. For example, if training has just started, the model might not be ready to save. When saved, this intermediate data is a valid model artifact. You can use it to create a model with `CreateModel` . │ > The Neural Topic Model (NTM) currently does not support saving intermediate model artifacts. When training NTMs, make sure that the maximum runtime is sufficient for the training job to complete. ├[~] resource AWS::SageMaker::ModelBiasJobDefinition │ └ types │ └[~] type StoppingCondition │ └ - documentation: Specifies a limit to how long a model training job or model compilation job can run. It also specifies how long a managed spot training job has to complete. When the job reaches the time limit, SageMaker ends the training or compilation job. Use this API to cap model training costs. │ To stop a training job, SageMaker sends the algorithm the `SIGTERM` signal, which delays job termination for 120 seconds. Algorithms can use this 120-second window to save the model artifacts, so the results of training are not lost. │ The training algorithms provided by SageMaker automatically save the intermediate results of a model training job when possible. This attempt to save artifacts is only a best effort case as model might not be in a state from which it can be saved. For example, if training has just started, the model might not be ready to save. When saved, this intermediate data is a valid model artifact. You can use it to create a model with `CreateModel` . │ > The Neural Topic Model (NTM) currently does not support saving intermediate model artifacts. When training NTMs, make sure that the maximum runtime is sufficient for the training job to complete. │ + documentation: Specifies a limit to how long a job can run. When the job reaches the time limit, SageMaker ends the job. Use this API to cap costs. │ To stop a training job, SageMaker sends the algorithm the `SIGTERM` signal, which delays job termination for 120 seconds. Algorithms can use this 120-second window to save the model artifacts, so the results of training are not lost. │ The training algorithms provided by SageMaker automatically save the intermediate results of a model training job when possible. This attempt to save artifacts is only a best effort case as model might not be in a state from which it can be saved. For example, if training has just started, the model might not be ready to save. When saved, this intermediate data is a valid model artifact. You can use it to create a model with `CreateModel` . │ > The Neural Topic Model (NTM) currently does not support saving intermediate model artifacts. When training NTMs, make sure that the maximum runtime is sufficient for the training job to complete. ├[~] resource AWS::SageMaker::ModelExplainabilityJobDefinition │ └ types │ └[~] type StoppingCondition │ └ - documentation: Specifies a limit to how long a model training job or model compilation job can run. It also specifies how long a managed spot training job has to complete. When the job reaches the time limit, SageMaker ends the training or compilation job. Use this API to cap model training costs. │ To stop a training job, SageMaker sends the algorithm the `SIGTERM` signal, which delays job termination for 120 seconds. Algorithms can use this 120-second window to save the model artifacts, so the results of training are not lost. │ The training algorithms provided by SageMaker automatically save the intermediate results of a model training job when possible. This attempt to save artifacts is only a best effort case as model might not be in a state from which it can be saved. For example, if training has just started, the model might not be ready to save. When saved, this intermediate data is a valid model artifact. You can use it to create a model with `CreateModel` . │ > The Neural Topic Model (NTM) currently does not support saving intermediate model artifacts. When training NTMs, make sure that the maximum runtime is sufficient for the training job to complete. │ + documentation: Specifies a limit to how long a job can run. When the job reaches the time limit, SageMaker ends the job. Use this API to cap costs. │ To stop a training job, SageMaker sends the algorithm the `SIGTERM` signal, which delays job termination for 120 seconds. Algorithms can use this 120-second window to save the model artifacts, so the results of training are not lost. │ The training algorithms provided by SageMaker automatically save the intermediate results of a model training job when possible. This attempt to save artifacts is only a best effort case as model might not be in a state from which it can be saved. For example, if training has just started, the model might not be ready to save. When saved, this intermediate data is a valid model artifact. You can use it to create a model with `CreateModel` . │ > The Neural Topic Model (NTM) currently does not support saving intermediate model artifacts. When training NTMs, make sure that the maximum runtime is sufficient for the training job to complete. ├[~] resource AWS::SageMaker::ModelQualityJobDefinition │ └ types │ └[~] type StoppingCondition │ └ - documentation: Specifies a limit to how long a model training job or model compilation job can run. It also specifies how long a managed spot training job has to complete. When the job reaches the time limit, SageMaker ends the training or compilation job. Use this API to cap model training costs. │ To stop a training job, SageMaker sends the algorithm the `SIGTERM` signal, which delays job termination for 120 seconds. Algorithms can use this 120-second window to save the model artifacts, so the results of training are not lost. │ The training algorithms provided by SageMaker automatically save the intermediate results of a model training job when possible. This attempt to save artifacts is only a best effort case as model might not be in a state from which it can be saved. For example, if training has just started, the model might not be ready to save. When saved, this intermediate data is a valid model artifact. You can use it to create a model with `CreateModel` . │ > The Neural Topic Model (NTM) currently does not support saving intermediate model artifacts. When training NTMs, make sure that the maximum runtime is sufficient for the training job to complete. │ + documentation: Specifies a limit to how long a job can run. When the job reaches the time limit, SageMaker ends the job. Use this API to cap costs. │ To stop a training job, SageMaker sends the algorithm the `SIGTERM` signal, which delays job termination for 120 seconds. Algorithms can use this 120-second window to save the model artifacts, so the results of training are not lost. │ The training algorithms provided by SageMaker automatically save the intermediate results of a model training job when possible. This attempt to save artifacts is only a best effort case as model might not be in a state from which it can be saved. For example, if training has just started, the model might not be ready to save. When saved, this intermediate data is a valid model artifact. You can use it to create a model with `CreateModel` . │ > The Neural Topic Model (NTM) currently does not support saving intermediate model artifacts. When training NTMs, make sure that the maximum runtime is sufficient for the training job to complete. └[~] resource AWS::SageMaker::MonitoringSchedule └ types └[~] type StoppingCondition └ - documentation: Specifies a limit to how long a model training job or model compilation job can run. It also specifies how long a managed spot training job has to complete. When the job reaches the time limit, SageMaker ends the training or compilation job. Use this API to cap model training costs. To stop a training job, SageMaker sends the algorithm the `SIGTERM` signal, which delays job termination for 120 seconds. Algorithms can use this 120-second window to save the model artifacts, so the results of training are not lost. The training algorithms provided by SageMaker automatically save the intermediate results of a model training job when possible. This attempt to save artifacts is only a best effort case as model might not be in a state from which it can be saved. For example, if training has just started, the model might not be ready to save. When saved, this intermediate data is a valid model artifact. You can use it to create a model with `CreateModel` . > The Neural Topic Model (NTM) currently does not support saving intermediate model artifacts. When training NTMs, make sure that the maximum runtime is sufficient for the training job to complete. + documentation: Specifies a limit to how long a job can run. When the job reaches the time limit, SageMaker ends the job. Use this API to cap costs. To stop a training job, SageMaker sends the algorithm the `SIGTERM` signal, which delays job termination for 120 seconds. Algorithms can use this 120-second window to save the model artifacts, so the results of training are not lost. The training algorithms provided by SageMaker automatically save the intermediate results of a model training job when possible. This attempt to save artifacts is only a best effort case as model might not be in a state from which it can be saved. For example, if training has just started, the model might not be ready to save. When saved, this intermediate data is a valid model artifact. You can use it to create a model with `CreateModel` . > The Neural Topic Model (NTM) currently does not support saving intermediate model artifacts. When training NTMs, make sure that the maximum runtime is sufficient for the training job to complete. ```

### Issue # (if applicable) - N/A Closes #<issue number here>- N/A ### Reason for this change Update issue-label-assign.yml to add cli-lib-alpha. ### Description of changes Update issue-label-assign.yml to add cli-lib-alpha. ### Description of how you validated changes ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…rviceCrossRegion (aws#30795) ### Issue # (if applicable) closes aws#30799 ### Reason for this change I found some AWS services uses camelCase for API parameters, such as [api-gateway](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/api-gateway/command/GetRestApiCommand/) or [bedrock-runtime](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/bedrock-runtime/command/InvokeModelCommand/). However, currently `CallAwsServiceCrossRegion` allows only PascalCase for parameters, and it throws an error if parameters are not in PascalCase. ### Description of changes Because we do not precisely know which service uses camelCase, this PR just removes the validation logic to allow both camelCase and PascalCase for parameters. This will also reduce maintanance cost in the future. ### Description of how you validated changes Added a unit test. ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

@adamjkeller

…s#30864) ### Reason for this change I spoke with @adamjkeller the other day about a more appropriate PR link regarding the community contribution call-outs. I submit this PR on his behalf. ### Description of changes ### Description of how you validated changes ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…cluding confidential data (aws#30689) ### Issue # (if applicable) Closes aws#30275. ### Reason for this change When using a Provider to create a custom resource, the request and response objects are logged by the provider function. There is no apparent way to prevent or redact this logging, resulting in secrets being logged if returned in the custom resource's Data object. By extension, if secret values are passed in the resource's ResourceProperties they will be logged as well. ### Description of changes Allow `NoEcho` fields to mask the data response to `*****`. ### Description of how you validated changes Integ test covering this and verifeid in the log stream that `redacted` is included in the message. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Fix wrong link in syn-nodejs-puppeteer 6.2. I discovered this while working on aws#30851. I was [advised](aws#30851 (comment)) to separate the PRs, so I'm creating this as a new PR. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…0852) Fixed a broken link. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…mAction (aws#30867) ### Issue # (if applicable) N/A ### Reason for this change Fixing a typo ### Description of changes Fixing a typo in the docs under aws-cdk-lib aws_cloudwatch Alarm addAlarmAction ### Description of how you validated changes Spell checker ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Issue # (if applicable) None ### Reason for this change Addon L2 construct is added by aws#30576 but there is no documentation about it in the README.md. ### Description of changes Add Add-ons documentation to README.md ### Description of how you validated changes None ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

PRs with the exemption requested label should not be marked as stale since the onus is on the maintainers to address the exemption before the contributor can satisfy our linter. Unlikely to be abused, but we can reconsider this approach if it is.

Signed-off-by: github-actions <[email protected]>

TheRealAmazonKendra and others added 30 commits July 4, 2024 19:35

chore(release): 2.148.0

64dd445

chore: update CHANGELOG.v2.md

a923a59

chore(release): 2.148.0 (aws#30764)

e5740c0

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/bump/2.148.0/CHANGELOG.md)

Merge branch 'main' into merge-back/2.148.0

e083db1

chore(merge-back): 2.148.0 (aws#30766)

81b111a

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/merge-back/2.148.0/CHANGELOG.md)

chore(release): 2.148.1

54bcb86

Update CHANGELOG.v2.alpha.md

0170079

Update CHANGELOG.v2.md

776bf03

chore(release): v2.148.1 (aws#30824)

283525d

See CHANGELOG

Merge branch 'main' into merge-back/2.148.1

2647ef4

chore(merge-back): 2.148.1 (aws#30825)

8d55d86

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/merge-back/2.148.1/CHANGELOG.md)

chore: add condition to bootstrap file publish role (aws#30823)

5ef3be5

Adds a condition to restrict s3 permissions on the file publish role. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

mergify bot and others added 16 commits July 12, 2024 18:38

chore(release): 2.149.0 (aws#30845)

c8e5924

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/bump/2.149.0/CHANGELOG.md)

Merge branch 'main' into merge-back/2.149.0

cac2964

chore(merge-back): 2.149.0 (aws#30847)

b9165f0

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/merge-back/2.149.0/CHANGELOG.md)

feat(assertions): cleanup stacks after test

24af184

github-actions bot added the p2 label Jul 23, 2024

TheRealAmazonKendra had a problem deploying to test-pipeline July 23, 2024 23:02 — with GitHub Actions Failure

TheRealAmazonKendra had a problem deploying to test-pipeline July 23, 2024 23:33 — with GitHub Actions Failure

integ test assertions don't play all that nicely

5a71513

TheRealAmazonKendra force-pushed the TheRealAmazonKendra/assertions-clean-up branch from 3abdb5e to 5a71513 Compare July 24, 2024 01:23

TheRealAmazonKendra had a problem deploying to test-pipeline July 24, 2024 01:23 — with GitHub Actions Failure

linted

d12bc6b

TheRealAmazonKendra had a problem deploying to test-pipeline July 24, 2024 01:42 — with GitHub Actions Failure

TheRealAmazonKendra had a problem deploying to test-pipeline July 24, 2024 02:13 — with GitHub Actions Failure

service catalog test

7b71852

TheRealAmazonKendra force-pushed the TheRealAmazonKendra/assertions-clean-up branch from b1a0967 to 7b71852 Compare July 24, 2024 02:35

TheRealAmazonKendra had a problem deploying to test-pipeline July 24, 2024 02:36 — with GitHub Actions Failure

chore: self mutation

3d341f2

Signed-off-by: github-actions <[email protected]>

TheRealAmazonKendra had a problem deploying to test-pipeline July 24, 2024 03:09 — with GitHub Actions Failure

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

The real amazon kendra/assertions clean up #528

The real amazon kendra/assertions clean up #528

Uh oh!

TheRealAmazonKendra commented Jul 23, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

17 participants

The real amazon kendra/assertions clean up #528

Are you sure you want to change the base?

The real amazon kendra/assertions clean up #528

Uh oh!

Conversation

TheRealAmazonKendra commented Jul 23, 2024

Issue # (if applicable)

Reason for this change

Description of changes

Description of how you validated changes

Checklist

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

17 participants