aws-cdk-lib 2.147.3__py3-none-any.whl → 2.148.0__py3-none-any.whl

aws_cdk/aws_dynamodb/__init__.py

@@ -1,4 +1,4 @@
-'''
+r'''
 # Amazon DynamoDB Construct Library
 
 > The DynamoDB construct library has two table constructs - `Table` and `TableV2`. `TableV2` is the preferred construct for all use cases, including creating a single table or a table with multiple `replicas`.

aws_cdk/aws_ec2/__init__.py

@@ -1,4 +1,4 @@
-'''
+r'''
 # Amazon EC2 Construct Library
 
 The `aws-cdk-lib/aws-ec2` package contains primitives for setting up networking and
@@ -10232,7 +10232,7 @@ class CfnEC2Fleet(
 ):
     '''Specifies the configuration information to launch a fleet--or group--of instances.
 
-    An EC2 Fleet can launch multiple instance types across multiple Availability Zones, using the On-Demand Instance, Reserved Instance, and Spot Instance purchasing models together. Using EC2 Fleet, you can define separate On-Demand and Spot capacity targets, specify the instance types that work best for your applications, and specify how Amazon EC2 should distribute your fleet capacity within each purchasing model. For more information, see `Launching an EC2 Fleet <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet.html>`_ in the *Amazon EC2 User Guide for Linux Instances* .
+    An EC2 Fleet can launch multiple instance types across multiple Availability Zones, using the On-Demand Instance, Reserved Instance, and Spot Instance purchasing models together. Using EC2 Fleet, you can define separate On-Demand and Spot capacity targets, specify the instance types that work best for your applications, and specify how Amazon EC2 should distribute your fleet capacity within each purchasing model. For more information, see `Launching an EC2 Fleet <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet.html>`_ in the *Amazon EC2 User Guide* .
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ec2fleet.html
     :cloudformationResource: AWS::EC2::EC2Fleet
@@ -11680,7 +11680,7 @@ class CfnEC2Fleet(
             :param instance_generations: Indicates whether current or previous generation instance types are included. The current generation instance types are recommended for use. Current generation instance types are typically the latest two to three generations in each instance family. For more information, see `Instance types <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html>`_ in the *Amazon EC2 User Guide* . For current generation instance types, specify ``current`` . For previous generation instance types, specify ``previous`` . Default: Current and previous generation instance types
             :param local_storage: Indicates whether instance types with instance store volumes are included, excluded, or required. For more information, `Amazon EC2 instance store <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html>`_ in the *Amazon EC2 User Guide* . - To include instance types with instance store volumes, specify ``included`` . - To require only instance types with instance store volumes, specify ``required`` . - To exclude instance types with instance store volumes, specify ``excluded`` . Default: ``included``
             :param local_storage_types: The type of local storage that is required. - For instance types with hard disk drive (HDD) storage, specify ``hdd`` . - For instance types with solid state drive (SSD) storage, specify ``ssd`` . Default: ``hdd`` and ``ssd``
-            :param max_spot_price_as_percentage_of_optimal_on_demand_price: [Price protection] The price protection threshold for Spot Instances, as a percentage of an identified On-Demand price. The identified On-Demand price is the price of the lowest priced current generation C, M, or R instance type with your specified attributes. If no current generation C, M, or R instance type matches your attributes, then the identified price is from the lowest priced current generation instance types, and failing that, from the lowest priced previous generation instance types that match your attributes. When Amazon EC2 selects instance types with your attributes, it will exclude instance types whose price exceeds your specified threshold. The parameter accepts an integer, which Amazon EC2 interprets as a percentage. If you set ``DesiredCapacityType`` to ``vcpu`` or ``memory-mib`` , the price protection threshold is based on the per vCPU or per memory price instead of the per instance price. .. epigraph:: Only one of ``SpotMaxPricePercentageOverLowestPrice`` or ``MaxSpotPriceAsPercentageOfOptimalOnDemandPrice`` can be specified. If you don't specify either, Amazon EC2 will automatically apply optimal price protection to consistently select from a wide range of instance types. To indicate no price protection threshold for Spot Instances, meaning you want to consider all instance types that match your attributes, include one of these parameters and specify a high value, such as ``999999`` .
+            :param max_spot_price_as_percentage_of_optimal_on_demand_price: [Price protection] The price protection threshold for Spot Instances, as a percentage of an identified On-Demand price. The identified On-Demand price is the price of the lowest priced current generation C, M, or R instance type with your specified attributes. If no current generation C, M, or R instance type matches your attributes, then the identified price is from the lowest priced current generation instance types, and failing that, from the lowest priced previous generation instance types that match your attributes. When Amazon EC2 selects instance types with your attributes, it will exclude instance types whose price exceeds your specified threshold. The parameter accepts an integer, which Amazon EC2 interprets as a percentage. If you set ``TargetCapacityUnitType`` to ``vcpu`` or ``memory-mib`` , the price protection threshold is based on the per vCPU or per memory price instead of the per instance price. .. epigraph:: Only one of ``SpotMaxPricePercentageOverLowestPrice`` or ``MaxSpotPriceAsPercentageOfOptimalOnDemandPrice`` can be specified. If you don't specify either, Amazon EC2 will automatically apply optimal price protection to consistently select from a wide range of instance types. To indicate no price protection threshold for Spot Instances, meaning you want to consider all instance types that match your attributes, include one of these parameters and specify a high value, such as ``999999`` .
             :param memory_gib_per_v_cpu: The minimum and maximum amount of memory per vCPU, in GiB. Default: No minimum or maximum limits
             :param memory_mib: The minimum and maximum amount of memory, in MiB.
             :param network_bandwidth_gbps: The minimum and maximum amount of baseline network bandwidth, in gigabits per second (Gbps). For more information, see `Amazon EC2 instance network bandwidth <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-network-bandwidth.html>`_ in the *Amazon EC2 User Guide* . Default: No minimum or maximum limits
@@ -12078,7 +12078,7 @@ class CfnEC2Fleet(
 
             The parameter accepts an integer, which Amazon EC2 interprets as a percentage.
 
-            If you set ``DesiredCapacityType`` to ``vcpu`` or ``memory-mib`` , the price protection threshold is based on the per vCPU or per memory price instead of the per instance price.
+            If you set ``TargetCapacityUnitType`` to ``vcpu`` or ``memory-mib`` , the price protection threshold is based on the per vCPU or per memory price instead of the per instance price.
             .. epigraph::
 
                Only one of ``SpotMaxPricePercentageOverLowestPrice`` or ``MaxSpotPriceAsPercentageOfOptimalOnDemandPrice`` can be specified. If you don't specify either, Amazon EC2 will automatically apply optimal price protection to consistently select from a wide range of instance types. To indicate no price protection threshold for Spot Instances, meaning you want to consider all instance types that match your attributes, include one of these parameters and specify a high value, such as ``999999`` .
@@ -15855,7 +15855,7 @@ class CfnHost(
 ):
     '''Allocates a fully dedicated physical server for launching EC2 instances.
 
-    Because the host is fully dedicated for your use, it can help you address compliance requirements and reduce costs by allowing you to use your existing server-bound software licenses. For more information, see `Dedicated Hosts <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-hosts-overview.html>`_ in the *Amazon EC2 User Guide for Linux Instances* .
+    Because the host is fully dedicated for your use, it can help you address compliance requirements and reduce costs by allowing you to use your existing server-bound software licenses. For more information, see `Dedicated Hosts <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-hosts-overview.html>`_ in the *Amazon EC2 User Guide* .
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-host.html
     :cloudformationResource: AWS::EC2::Host
@@ -20804,7 +20804,7 @@ class CfnInstance(
 
             For workloads that require graphics acceleration, we recommend that you use Amazon EC2 G4ad, G4dn, or G5 instances.
 
-            Specifies the type of Elastic GPU. An Elastic GPU is a GPU resource that you can attach to your Amazon EC2 instance to accelerate the graphics performance of your applications. For more information, see `Amazon EC2 Elastic GPUs <https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/elastic-graphics.html>`_ in the *Amazon EC2 User Guide for Windows Instances* .
+            Specifies the type of Elastic GPU. An Elastic GPU is a GPU resource that you can attach to your Amazon EC2 instance to accelerate the graphics performance of your applications.
 
             ``ElasticGpuSpecification`` is a property of the `AWS::EC2::Instance <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html>`_ resource.
 
@@ -22045,7 +22045,7 @@ class CfnInstanceConnectEndpoint(
         :param id: Construct identifier for this resource (unique in its scope).
         :param subnet_id: The ID of the subnet in which to create the EC2 Instance Connect Endpoint.
         :param client_token: Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
-        :param preserve_client_ip: Indicates whether your client's IP address is preserved as the source. The value is ``true`` or ``false`` . - If ``true`` , your client's IP address is used when you connect to a resource. - If ``false`` , the elastic network interface IP address is used when you connect to a resource. Default: ``true``
+        :param preserve_client_ip: Indicates whether the client IP address is preserved as the source. The following are the possible values. - ``true`` - Use the client IP address as the source. - ``false`` - Use the network interface IP address as the source. Default: ``false``
         :param security_group_ids: One or more security groups to associate with the endpoint. If you don't specify a security group, the default security group for your VPC will be associated with the endpoint.
         :param tags: The tags to apply to the EC2 Instance Connect Endpoint during creation.
         '''
@@ -22144,9 +22144,9 @@ class CfnInstanceConnectEndpoint(
     def preserve_client_ip(
         self,
     ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
-        '''Indicates whether your client's IP address is preserved as the source.
+        '''Indicates whether the client IP address is preserved as the source.
 
-        The value is ``true`` or ``false`` .
+        The following are the possible values.
         '''
         return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], jsii.get(self, "preserveClientIp"))
 
@@ -22215,7 +22215,7 @@ class CfnInstanceConnectEndpointProps:
 
         :param subnet_id: The ID of the subnet in which to create the EC2 Instance Connect Endpoint.
         :param client_token: Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
-        :param preserve_client_ip: Indicates whether your client's IP address is preserved as the source. The value is ``true`` or ``false`` . - If ``true`` , your client's IP address is used when you connect to a resource. - If ``false`` , the elastic network interface IP address is used when you connect to a resource. Default: ``true``
+        :param preserve_client_ip: Indicates whether the client IP address is preserved as the source. The following are the possible values. - ``true`` - Use the client IP address as the source. - ``false`` - Use the network interface IP address as the source. Default: ``false``
         :param security_group_ids: One or more security groups to associate with the endpoint. If you don't specify a security group, the default security group for your VPC will be associated with the endpoint.
         :param tags: The tags to apply to the EC2 Instance Connect Endpoint during creation.
 
@@ -22283,12 +22283,12 @@ class CfnInstanceConnectEndpointProps:
     def preserve_client_ip(
         self,
     ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
-        '''Indicates whether your client's IP address is preserved as the source. The value is ``true`` or ``false`` .
+        '''Indicates whether the client IP address is preserved as the source. The following are the possible values.
 
-        - If ``true`` , your client's IP address is used when you connect to a resource.
-        - If ``false`` , the elastic network interface IP address is used when you connect to a resource.
+        - ``true`` - Use the client IP address as the source.
+        - ``false`` - Use the network interface IP address as the source.
 
-        Default: ``true``
+        Default: ``false``
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-instanceconnectendpoint.html#cfn-ec2-instanceconnectendpoint-preserveclientip
         '''
@@ -25511,7 +25511,7 @@ class CfnLaunchTemplate(
             :param instance_generations: Indicates whether current or previous generation instance types are included. The current generation instance types are recommended for use. Current generation instance types are typically the latest two to three generations in each instance family. For more information, see `Instance types <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html>`_ in the *Amazon EC2 User Guide* . For current generation instance types, specify ``current`` . For previous generation instance types, specify ``previous`` . Default: Current and previous generation instance types
             :param local_storage: Indicates whether instance types with instance store volumes are included, excluded, or required. For more information, `Amazon EC2 instance store <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html>`_ in the *Amazon EC2 User Guide* . - To include instance types with instance store volumes, specify ``included`` . - To require only instance types with instance store volumes, specify ``required`` . - To exclude instance types with instance store volumes, specify ``excluded`` . Default: ``included``
             :param local_storage_types: The type of local storage that is required. - For instance types with hard disk drive (HDD) storage, specify ``hdd`` . - For instance types with solid state drive (SSD) storage, specify ``ssd`` . Default: ``hdd`` and ``ssd``
-            :param max_spot_price_as_percentage_of_optimal_on_demand_price: [Price protection] The price protection threshold for Spot Instances, as a percentage of an identified On-Demand price. The identified On-Demand price is the price of the lowest priced current generation C, M, or R instance type with your specified attributes. If no current generation C, M, or R instance type matches your attributes, then the identified price is from the lowest priced current generation instance types, and failing that, from the lowest priced previous generation instance types that match your attributes. When Amazon EC2 selects instance types with your attributes, it will exclude instance types whose price exceeds your specified threshold. The parameter accepts an integer, which Amazon EC2 interprets as a percentage. If you set ``DesiredCapacityType`` to ``vcpu`` or ``memory-mib`` , the price protection threshold is based on the per vCPU or per memory price instead of the per instance price. .. epigraph:: Only one of ``SpotMaxPricePercentageOverLowestPrice`` or ``MaxSpotPriceAsPercentageOfOptimalOnDemandPrice`` can be specified. If you don't specify either, Amazon EC2 will automatically apply optimal price protection to consistently select from a wide range of instance types. To indicate no price protection threshold for Spot Instances, meaning you want to consider all instance types that match your attributes, include one of these parameters and specify a high value, such as ``999999`` .
+            :param max_spot_price_as_percentage_of_optimal_on_demand_price: [Price protection] The price protection threshold for Spot Instances, as a percentage of an identified On-Demand price. The identified On-Demand price is the price of the lowest priced current generation C, M, or R instance type with your specified attributes. If no current generation C, M, or R instance type matches your attributes, then the identified price is from the lowest priced current generation instance types, and failing that, from the lowest priced previous generation instance types that match your attributes. When Amazon EC2 selects instance types with your attributes, it will exclude instance types whose price exceeds your specified threshold. The parameter accepts an integer, which Amazon EC2 interprets as a percentage. If you set ``TargetCapacityUnitType`` to ``vcpu`` or ``memory-mib`` , the price protection threshold is based on the per vCPU or per memory price instead of the per instance price. .. epigraph:: Only one of ``SpotMaxPricePercentageOverLowestPrice`` or ``MaxSpotPriceAsPercentageOfOptimalOnDemandPrice`` can be specified. If you don't specify either, Amazon EC2 will automatically apply optimal price protection to consistently select from a wide range of instance types. To indicate no price protection threshold for Spot Instances, meaning you want to consider all instance types that match your attributes, include one of these parameters and specify a high value, such as ``999999`` .
             :param memory_gib_per_v_cpu: The minimum and maximum amount of memory per vCPU, in GiB. Default: No minimum or maximum limits
             :param memory_mib: The minimum and maximum amount of memory, in MiB.
             :param network_bandwidth_gbps: The minimum and maximum amount of network bandwidth, in gigabits per second (Gbps). Default: No minimum or maximum limits
@@ -25909,7 +25909,7 @@ class CfnLaunchTemplate(
 
             The parameter accepts an integer, which Amazon EC2 interprets as a percentage.
 
-            If you set ``DesiredCapacityType`` to ``vcpu`` or ``memory-mib`` , the price protection threshold is based on the per vCPU or per memory price instead of the per instance price.
+            If you set ``TargetCapacityUnitType`` to ``vcpu`` or ``memory-mib`` , the price protection threshold is based on the per vCPU or per memory price instead of the per instance price.
             .. epigraph::
 
                Only one of ``SpotMaxPricePercentageOverLowestPrice`` or ``MaxSpotPriceAsPercentageOfOptimalOnDemandPrice`` can be specified. If you don't specify either, Amazon EC2 will automatically apply optimal price protection to consistently select from a wide range of instance types. To indicate no price protection threshold for Spot Instances, meaning you want to consider all instance types that match your attributes, include one of these parameters and specify a high value, such as ``999999`` .
@@ -26351,7 +26351,7 @@ class CfnLaunchTemplate(
             :param security_group_ids: The IDs of the security groups. You can specify the IDs of existing security groups and references to resources created by the stack template. If you specify a network interface, you must specify any security groups as part of the network interface instead.
             :param security_groups: The names of the security groups. For a nondefault VPC, you must use security group IDs instead. If you specify a network interface, you must specify any security groups as part of the network interface instead of using this parameter.
             :param tag_specifications: The tags to apply to the resources that are created during instance launch. To tag a resource after it has been created, see `CreateTags <https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTags.html>`_ . To tag the launch template itself, use `TagSpecifications <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-launchtemplate.html#cfn-ec2-launchtemplate-tagspecifications>`_ .
-            :param user_data: The user data to make available to the instance. You must provide base64-encoded text. User data is limited to 16 KB. For more information, see `Run commands on your Linux instance at launch <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html>`_ (Linux) or `Work with instance user data <https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/instancedata-add-user-data.html>`_ (Windows) in the *Amazon EC2 User Guide* . If you are creating the launch template for use with AWS Batch , the user data must be provided in the `MIME multi-part archive format <https://docs.aws.amazon.com/https://cloudinit.readthedocs.io/en/latest/topics/format.html#mime-multi-part-archive>`_ . For more information, see `Amazon EC2 user data in launch templates <https://docs.aws.amazon.com/batch/latest/userguide/launch-templates.html>`_ in the *AWS Batch User Guide* .
+            :param user_data: The user data to make available to the instance. You must provide base64-encoded text. User data is limited to 16 KB. For more information, see `Run commands on your Amazon EC2 instance at launch <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html>`_ in the *Amazon EC2 User Guide* . If you are creating the launch template for use with AWS Batch , the user data must be provided in the `MIME multi-part archive format <https://docs.aws.amazon.com/https://cloudinit.readthedocs.io/en/latest/topics/format.html#mime-multi-part-archive>`_ . For more information, see `Amazon EC2 user data in launch templates <https://docs.aws.amazon.com/batch/latest/userguide/launch-templates.html>`_ in the *AWS Batch User Guide* .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html
             :exampleMetadata: fixture=_generated
@@ -27070,7 +27070,7 @@ class CfnLaunchTemplate(
         def user_data(self) -> typing.Optional[builtins.str]:
             '''The user data to make available to the instance.
 
-            You must provide base64-encoded text. User data is limited to 16 KB. For more information, see `Run commands on your Linux instance at launch <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html>`_ (Linux) or `Work with instance user data <https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/instancedata-add-user-data.html>`_ (Windows) in the *Amazon EC2 User Guide* .
+            You must provide base64-encoded text. User data is limited to 16 KB. For more information, see `Run commands on your Amazon EC2 instance at launch <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html>`_ in the *Amazon EC2 User Guide* .
 
             If you are creating the launch template for use with AWS Batch , the user data must be provided in the `MIME multi-part archive format <https://docs.aws.amazon.com/https://cloudinit.readthedocs.io/en/latest/topics/format.html#mime-multi-part-archive>`_ . For more information, see `Amazon EC2 user data in launch templates <https://docs.aws.amazon.com/batch/latest/userguide/launch-templates.html>`_ in the *AWS Batch User Guide* .
 
@@ -40791,7 +40791,7 @@ class CfnSecurityGroup(
     @builtins.property
     @jsii.member(jsii_name="attrGroupId")
     def attr_group_id(self) -> builtins.str:
-        '''The group ID of the specified security group, such as ``sg-94b3a1f6`` .
+        '''The ID of the security group, such as ``sg-94b3a1f6`` .
 
         :cloudformationAttribute: GroupId
         '''
@@ -40809,9 +40809,7 @@ class CfnSecurityGroup(
     @builtins.property
     @jsii.member(jsii_name="attrVpcId")
     def attr_vpc_id(self) -> builtins.str:
-        '''The physical ID of the VPC.
-
-        You can obtain the physical ID by using a reference to an `AWS::EC2::VPC <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpc.html>`_ , such as: ``{ "Ref" : "myVPC" }`` .
+        '''The ID of the VPC, such as ``vpc-0669f8f9`` .
 
         :cloudformationAttribute: VpcId
         '''
@@ -44361,7 +44359,7 @@ class CfnSpotFleet(
             :param instance_generations: Indicates whether current or previous generation instance types are included. The current generation instance types are recommended for use. Current generation instance types are typically the latest two to three generations in each instance family. For more information, see `Instance types <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html>`_ in the *Amazon EC2 User Guide* . For current generation instance types, specify ``current`` . For previous generation instance types, specify ``previous`` . Default: Current and previous generation instance types
             :param local_storage: Indicates whether instance types with instance store volumes are included, excluded, or required. For more information, `Amazon EC2 instance store <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html>`_ in the *Amazon EC2 User Guide* . - To include instance types with instance store volumes, specify ``included`` . - To require only instance types with instance store volumes, specify ``required`` . - To exclude instance types with instance store volumes, specify ``excluded`` . Default: ``included``
             :param local_storage_types: The type of local storage that is required. - For instance types with hard disk drive (HDD) storage, specify ``hdd`` . - For instance types with solid state drive (SSD) storage, specify ``ssd`` . Default: ``hdd`` and ``ssd``
-            :param max_spot_price_as_percentage_of_optimal_on_demand_price: [Price protection] The price protection threshold for Spot Instances, as a percentage of an identified On-Demand price. The identified On-Demand price is the price of the lowest priced current generation C, M, or R instance type with your specified attributes. If no current generation C, M, or R instance type matches your attributes, then the identified price is from the lowest priced current generation instance types, and failing that, from the lowest priced previous generation instance types that match your attributes. When Amazon EC2 selects instance types with your attributes, it will exclude instance types whose price exceeds your specified threshold. The parameter accepts an integer, which Amazon EC2 interprets as a percentage. If you set ``DesiredCapacityType`` to ``vcpu`` or ``memory-mib`` , the price protection threshold is based on the per vCPU or per memory price instead of the per instance price. .. epigraph:: Only one of ``SpotMaxPricePercentageOverLowestPrice`` or ``MaxSpotPriceAsPercentageOfOptimalOnDemandPrice`` can be specified. If you don't specify either, Amazon EC2 will automatically apply optimal price protection to consistently select from a wide range of instance types. To indicate no price protection threshold for Spot Instances, meaning you want to consider all instance types that match your attributes, include one of these parameters and specify a high value, such as ``999999`` .
+            :param max_spot_price_as_percentage_of_optimal_on_demand_price: [Price protection] The price protection threshold for Spot Instances, as a percentage of an identified On-Demand price. The identified On-Demand price is the price of the lowest priced current generation C, M, or R instance type with your specified attributes. If no current generation C, M, or R instance type matches your attributes, then the identified price is from the lowest priced current generation instance types, and failing that, from the lowest priced previous generation instance types that match your attributes. When Amazon EC2 selects instance types with your attributes, it will exclude instance types whose price exceeds your specified threshold. The parameter accepts an integer, which Amazon EC2 interprets as a percentage. If you set ``TargetCapacityUnitType`` to ``vcpu`` or ``memory-mib`` , the price protection threshold is based on the per vCPU or per memory price instead of the per instance price. .. epigraph:: Only one of ``SpotMaxPricePercentageOverLowestPrice`` or ``MaxSpotPriceAsPercentageOfOptimalOnDemandPrice`` can be specified. If you don't specify either, Amazon EC2 will automatically apply optimal price protection to consistently select from a wide range of instance types. To indicate no price protection threshold for Spot Instances, meaning you want to consider all instance types that match your attributes, include one of these parameters and specify a high value, such as ``999999`` .
             :param memory_gib_per_v_cpu: The minimum and maximum amount of memory per vCPU, in GiB. Default: No minimum or maximum limits
             :param memory_mib: The minimum and maximum amount of memory, in MiB.
             :param network_bandwidth_gbps: The minimum and maximum amount of baseline network bandwidth, in gigabits per second (Gbps). For more information, see `Amazon EC2 instance network bandwidth <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-network-bandwidth.html>`_ in the *Amazon EC2 User Guide* . Default: No minimum or maximum limits
@@ -44759,7 +44757,7 @@ class CfnSpotFleet(
 
             The parameter accepts an integer, which Amazon EC2 interprets as a percentage.
 
-            If you set ``DesiredCapacityType`` to ``vcpu`` or ``memory-mib`` , the price protection threshold is based on the per vCPU or per memory price instead of the per instance price.
+            If you set ``TargetCapacityUnitType`` to ``vcpu`` or ``memory-mib`` , the price protection threshold is based on the per vCPU or per memory price instead of the per instance price.
             .. epigraph::
 
                Only one of ``SpotMaxPricePercentageOverLowestPrice`` or ``MaxSpotPriceAsPercentageOfOptimalOnDemandPrice`` can be specified. If you don't specify either, Amazon EC2 will automatically apply optimal price protection to consistently select from a wide range of instance types. To indicate no price protection threshold for Spot Instances, meaning you want to consider all instance types that match your attributes, include one of these parameters and specify a high value, such as ``999999`` .
@@ -46447,7 +46445,7 @@ class CfnSpotFleet(
 
             You must specify either ``LaunchSpecifications`` or ``LaunchTemplateConfigs`` .
 
-            :param iam_fleet_role: The Amazon Resource Name (ARN) of an AWS Identity and Access Management (IAM) role that grants the Spot Fleet the permission to request, launch, terminate, and tag instances on your behalf. For more information, see `Spot Fleet Prerequisites <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-requests.html#spot-fleet-prerequisites>`_ in the *Amazon EC2 User Guide for Linux Instances* . Spot Fleet can terminate Spot Instances on your behalf when you cancel its Spot Fleet request or when the Spot Fleet request expires, if you set ``TerminateInstancesWithExpiration`` .
+            :param iam_fleet_role: The Amazon Resource Name (ARN) of an AWS Identity and Access Management (IAM) role that grants the Spot Fleet the permission to request, launch, terminate, and tag instances on your behalf. For more information, see `Spot Fleet Prerequisites <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-requests.html#spot-fleet-prerequisites>`_ in the *Amazon EC2 User Guide* . Spot Fleet can terminate Spot Instances on your behalf when you cancel its Spot Fleet request or when the Spot Fleet request expires, if you set ``TerminateInstancesWithExpiration`` .
             :param target_capacity: The number of units to request for the Spot Fleet. You can choose to set the target capacity in terms of instances or a performance characteristic that is important to your application workload, such as vCPUs, memory, or I/O. If the request type is ``maintain`` , you can specify a target capacity of 0 and add capacity later.
             :param allocation_strategy: The strategy that determines how to allocate the target Spot Instance capacity across the Spot Instance pools specified by the Spot Fleet launch configuration. For more information, see `Allocation strategies for Spot Instances <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-allocation-strategy.html>`_ in the *Amazon EC2 User Guide* . - **priceCapacityOptimized (recommended)** - Spot Fleet identifies the pools with the highest capacity availability for the number of instances that are launching. This means that we will request Spot Instances from the pools that we believe have the lowest chance of interruption in the near term. Spot Fleet then requests Spot Instances from the lowest priced of these pools. - **capacityOptimized** - Spot Fleet identifies the pools with the highest capacity availability for the number of instances that are launching. This means that we will request Spot Instances from the pools that we believe have the lowest chance of interruption in the near term. To give certain instance types a higher chance of launching first, use ``capacityOptimizedPrioritized`` . Set a priority for each instance type by using the ``Priority`` parameter for ``LaunchTemplateOverrides`` . You can assign the same priority to different ``LaunchTemplateOverrides`` . EC2 implements the priorities on a best-effort basis, but optimizes for capacity first. ``capacityOptimizedPrioritized`` is supported only if your Spot Fleet uses a launch template. Note that if the ``OnDemandAllocationStrategy`` is set to ``prioritized`` , the same priority is applied when fulfilling On-Demand capacity. - **diversified** - Spot Fleet requests instances from all of the Spot Instance pools that you specify. - **lowestPrice (not recommended)** - > We don't recommend the ``lowestPrice`` allocation strategy because it has the highest risk of interruption for your Spot Instances. Spot Fleet requests instances from the lowest priced Spot Instance pool that has available capacity. If the lowest priced pool doesn't have available capacity, the Spot Instances come from the next lowest priced pool that has available capacity. If a pool runs out of capacity before fulfilling your desired capacity, Spot Fleet will continue to fulfill your request by drawing from the next lowest priced pool. To ensure that your desired capacity is met, you might receive Spot Instances from several pools. Because this strategy only considers instance price and not capacity availability, it might lead to high interruption rates. Default: ``lowestPrice``
             :param context: Reserved.
@@ -46797,7 +46795,7 @@ class CfnSpotFleet(
         def iam_fleet_role(self) -> builtins.str:
             '''The Amazon Resource Name (ARN) of an AWS Identity and Access Management (IAM) role that grants the Spot Fleet the permission to request, launch, terminate, and tag instances on your behalf.
 
-            For more information, see `Spot Fleet Prerequisites <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-requests.html#spot-fleet-prerequisites>`_ in the *Amazon EC2 User Guide for Linux Instances* . Spot Fleet can terminate Spot Instances on your behalf when you cancel its Spot Fleet request or when the Spot Fleet request expires, if you set ``TerminateInstancesWithExpiration`` .
+            For more information, see `Spot Fleet Prerequisites <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-requests.html#spot-fleet-prerequisites>`_ in the *Amazon EC2 User Guide* . Spot Fleet can terminate Spot Instances on your behalf when you cancel its Spot Fleet request or when the Spot Fleet request expires, if you set ``TerminateInstancesWithExpiration`` .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-spotfleet-spotfleetrequestconfigdata.html#cfn-ec2-spotfleet-spotfleetrequestconfigdata-iamfleetrole
             '''

aws_cdk/aws_ecr/__init__.py

@@ -1,4 +1,4 @@
-'''
+r'''
 # Amazon ECR Construct Library
 
 This package contains constructs for working with Amazon Elastic Container Registry.

aws_cdk/aws_ecr_assets/__init__.py

@@ -1,4 +1,4 @@
-'''
+r'''
 # AWS CDK Docker Image Assets
 
 This module allows bundling Docker images as assets.

aws_cdk/aws_ecs/__init__.py

@@ -1,4 +1,4 @@
-'''
+r'''
 # Amazon ECS Construct Library
 
 This package contains constructs for working with **Amazon Elastic Container
@@ -3290,7 +3290,7 @@ class AsgCapacityProvider(
         '''
         :param scope: -
         :param id: -
-        :param auto_scaling_group: The autoscaling group to add as a Capacity Provider.
+        :param auto_scaling_group: The autoscaling group to add as a Capacity Provider. Warning: When passing an imported resource using ``AutoScalingGroup.fromAutoScalingGroupName`` along with ``enableManagedTerminationProtection: true``, the ``AsgCapacityProvider`` construct will not be able to enforce the option ``newInstancesProtectedFromScaleIn`` of the ``AutoScalingGroup``. In this case the constructor of ``AsgCapacityProvider`` will throw an exception.
         :param capacity_provider_name: The name of the capacity provider. If a name is specified, it cannot start with ``aws``, ``ecs``, or ``fargate``. If no name is specified, a default name in the CFNStackName-CFNResourceName-RandomString format is used. If the stack name starts with ``aws``, ``ecs``, or ``fargate``, a unique resource name is generated that starts with ``cp-``. Default: CloudFormation-generated name
         :param enable_managed_draining: Managed instance draining facilitates graceful termination of Amazon ECS instances. This allows your service workloads to stop safely and be rescheduled to non-terminating instances. Infrastructure maintenance and updates are preformed without disruptions to workloads. To use managed instance draining, set enableManagedDraining to true. Default: true
         :param enable_managed_scaling: When enabled the scale-in and scale-out actions of the cluster's Auto Scaling Group will be managed for you. This means your cluster will automatically scale instances based on the load your tasks put on the cluster. For more information, see `Using Managed Scaling <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/asg-capacity-providers.html#asg-capacity-providers-managed-scaling>`_ in the ECS Developer Guide. Default: true
@@ -3412,7 +3412,7 @@ class AsgCapacityProviderProps(AddAutoScalingGroupCapacityOptions):
         :param machine_image_type: What type of machine image this is. Depending on the setting, different UserData will automatically be added to the ``AutoScalingGroup`` to configure it properly for use with ECS. If you create an ``AutoScalingGroup`` yourself and are adding it via ``addAutoScalingGroup()``, you must specify this value. If you are adding an ``autoScalingGroup`` via ``addCapacity``, this value will be determined from the ``machineImage`` you pass. Default: - Automatically determined from ``machineImage``, if available, otherwise ``MachineImageType.AMAZON_LINUX_2``.
         :param spot_instance_draining: Specify whether to enable Automated Draining for Spot Instances running Amazon ECS Services. For more information, see `Using Spot Instances <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/container-instance-spot.html>`_. Default: false
         :param topic_encryption_key: If ``AddAutoScalingGroupCapacityOptions.taskDrainTime`` is non-zero, then the ECS cluster creates an SNS Topic to as part of a system to drain instances of tasks when the instance is being shut down. If this property is provided, then this key will be used to encrypt the contents of that SNS Topic. See `SNS Data Encryption <https://docs.aws.amazon.com/sns/latest/dg/sns-data-encryption.html>`_ for more information. Default: The SNS Topic will not be encrypted.
-        :param auto_scaling_group: The autoscaling group to add as a Capacity Provider.
+        :param auto_scaling_group: The autoscaling group to add as a Capacity Provider. Warning: When passing an imported resource using ``AutoScalingGroup.fromAutoScalingGroupName`` along with ``enableManagedTerminationProtection: true``, the ``AsgCapacityProvider`` construct will not be able to enforce the option ``newInstancesProtectedFromScaleIn`` of the ``AutoScalingGroup``. In this case the constructor of ``AsgCapacityProvider`` will throw an exception.
         :param capacity_provider_name: The name of the capacity provider. If a name is specified, it cannot start with ``aws``, ``ecs``, or ``fargate``. If no name is specified, a default name in the CFNStackName-CFNResourceName-RandomString format is used. If the stack name starts with ``aws``, ``ecs``, or ``fargate``, a unique resource name is generated that starts with ``cp-``. Default: CloudFormation-generated name
         :param enable_managed_draining: Managed instance draining facilitates graceful termination of Amazon ECS instances. This allows your service workloads to stop safely and be rescheduled to non-terminating instances. Infrastructure maintenance and updates are preformed without disruptions to workloads. To use managed instance draining, set enableManagedDraining to true. Default: true
         :param enable_managed_scaling: When enabled the scale-in and scale-out actions of the cluster's Auto Scaling Group will be managed for you. This means your cluster will automatically scale instances based on the load your tasks put on the cluster. For more information, see `Using Managed Scaling <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/asg-capacity-providers.html#asg-capacity-providers-managed-scaling>`_ in the ECS Developer Guide. Default: true
@@ -3544,7 +3544,12 @@ class AsgCapacityProviderProps(AddAutoScalingGroupCapacityOptions):
 
     @builtins.property
     def auto_scaling_group(self) -> _IAutoScalingGroup_360f1cde:
-        '''The autoscaling group to add as a Capacity Provider.'''
+        '''The autoscaling group to add as a Capacity Provider.
+
+        Warning: When passing an imported resource using ``AutoScalingGroup.fromAutoScalingGroupName`` along with ``enableManagedTerminationProtection: true``,
+        the ``AsgCapacityProvider`` construct will not be able to enforce the option ``newInstancesProtectedFromScaleIn`` of the ``AutoScalingGroup``.
+        In this case the constructor of ``AsgCapacityProvider`` will throw an exception.
+        '''
         result = self._values.get("auto_scaling_group")
         assert result is not None, "Required property 'auto_scaling_group' is missing"
         return typing.cast(_IAutoScalingGroup_360f1cde, result)
@@ -5412,7 +5417,7 @@ class BaseServiceProps(BaseServiceOptions):
 
         :see:
 
-        - https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-capacityproviderstrategy
+        https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-capacityproviderstrategy
 
         Valid values are: LaunchType.ECS or LaunchType.FARGATE or LaunchType.EXTERNAL
         '''
@@ -9594,13 +9599,13 @@ class CfnService(
 
             For tasks on AWS Fargate , the supported log drivers are ``awslogs`` , ``splunk`` , and ``awsfirelens`` .
 
-            For tasks hosted on Amazon EC2 instances, the supported log drivers are ``awslogs`` , ``fluentd`` , ``gelf`` , ``json-file`` , ``journald`` , ``logentries`` , ``syslog`` , ``splunk`` , and ``awsfirelens`` .
+            For tasks hosted on Amazon EC2 instances, the supported log drivers are ``awslogs`` , ``fluentd`` , ``gelf`` , ``json-file`` , ``journald`` , ``syslog`` , ``splunk`` , and ``awsfirelens`` .
 
             - This parameter requires version 1.18 of the Docker Remote API or greater on your container instance.
             - For tasks that are hosted on Amazon EC2 instances, the Amazon ECS container agent must register the available logging drivers with the ``ECS_AVAILABLE_LOGGING_DRIVERS`` environment variable before containers placed on that instance can use these log configuration options. For more information, see `Amazon ECS container agent configuration <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
             - For tasks that are on AWS Fargate , because you don't have access to the underlying infrastructure your tasks are hosted on, any additional software needed must be installed outside of the task. For example, the Fluentd output aggregators or a remote host running Logstash to send Gelf logs to.
 
-            :param log_driver: The log driver to use for the container. For tasks on AWS Fargate , the supported log drivers are ``awslogs`` , ``splunk`` , and ``awsfirelens`` . For tasks hosted on Amazon EC2 instances, the supported log drivers are ``awslogs`` , ``fluentd`` , ``gelf`` , ``json-file`` , ``journald`` , ``logentries`` , ``syslog`` , ``splunk`` , and ``awsfirelens`` . For more information about using the ``awslogs`` log driver, see `Using the awslogs log driver <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_awslogs.html>`_ in the *Amazon Elastic Container Service Developer Guide* . For more information about using the ``awsfirelens`` log driver, see `Custom log routing <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html>`_ in the *Amazon Elastic Container Service Developer Guide* . .. epigraph:: If you have a custom driver that isn't listed, you can fork the Amazon ECS container agent project that's `available on GitHub <https://docs.aws.amazon.com/https://github.com/aws/amazon-ecs-agent>`_ and customize it to work with that driver. We encourage you to submit pull requests for changes that you would like to have included. However, we don't currently provide support for running modified copies of this software.
+            :param log_driver: The log driver to use for the container. For tasks on AWS Fargate , the supported log drivers are ``awslogs`` , ``splunk`` , and ``awsfirelens`` . For tasks hosted on Amazon EC2 instances, the supported log drivers are ``awslogs`` , ``fluentd`` , ``gelf`` , ``json-file`` , ``journald`` , ``logentries`` , ``syslog`` , ``splunk`` , and ``awsfirelens`` . For more information about using the ``awslogs`` log driver, see `Send Amazon ECS logs to CloudWatch <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_awslogs.html>`_ in the *Amazon Elastic Container Service Developer Guide* . For more information about using the ``awsfirelens`` log driver, see `Send Amazon ECS logs to an AWS service or AWS Partner <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html>`_ . .. epigraph:: If you have a custom driver that isn't listed, you can fork the Amazon ECS container agent project that's `available on GitHub <https://docs.aws.amazon.com/https://github.com/aws/amazon-ecs-agent>`_ and customize it to work with that driver. We encourage you to submit pull requests for changes that you would like to have included. However, we don't currently provide support for running modified copies of this software.
             :param options: The configuration options to send to the log driver. This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'``
             :param secret_options: The secrets to pass to the log configuration. For more information, see `Specifying sensitive data <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
 
@@ -9645,9 +9650,9 @@ class CfnService(
 
             For tasks hosted on Amazon EC2 instances, the supported log drivers are ``awslogs`` , ``fluentd`` , ``gelf`` , ``json-file`` , ``journald`` , ``logentries`` , ``syslog`` , ``splunk`` , and ``awsfirelens`` .
 
-            For more information about using the ``awslogs`` log driver, see `Using the awslogs log driver <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_awslogs.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
+            For more information about using the ``awslogs`` log driver, see `Send Amazon ECS logs to CloudWatch <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_awslogs.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
 
-            For more information about using the ``awsfirelens`` log driver, see `Custom log routing <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
+            For more information about using the ``awsfirelens`` log driver, see `Send Amazon ECS logs to an AWS service or AWS Partner <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html>`_ .
             .. epigraph::
 
                If you have a custom driver that isn't listed, you can fork the Amazon ECS container agent project that's `available on GitHub <https://docs.aws.amazon.com/https://github.com/aws/amazon-ecs-agent>`_ and customize it to work with that driver. We encourage you to submit pull requests for changes that you would like to have included. However, we don't currently provide support for running modified copies of this software.
@@ -10113,7 +10118,7 @@ class CfnService(
             Tasks that run in a namespace can use short names to connect to services in the namespace. Tasks can connect to services across all of the clusters in the namespace. Tasks connect through a managed proxy container that collects logs and metrics for increased visibility. Only the tasks that Amazon ECS services create are supported with Service Connect. For more information, see `Service Connect <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
 
             :param enabled: Specifies whether to use Service Connect with this service.
-            :param log_configuration: The log configuration for the container. This parameter maps to ``LogConfig`` in the `Create a container <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate>`_ section of the `Docker Remote API <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/>`_ and the ``--log-driver`` option to ```docker run`` <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/commandline/run/>`_ . By default, containers use the same logging driver that the Docker daemon uses. However, the container might use a different logging driver than the Docker daemon by specifying a log driver configuration in the container definition. For more information about the options for different supported log drivers, see `Configure logging drivers <https://docs.aws.amazon.com/https://docs.docker.com/engine/admin/logging/overview/>`_ in the Docker documentation. Understand the following when specifying a log configuration for your containers. - Amazon ECS currently supports a subset of the logging drivers available to the Docker daemon. Additional log drivers may be available in future releases of the Amazon ECS container agent. For tasks on AWS Fargate , the supported log drivers are ``awslogs`` , ``splunk`` , and ``awsfirelens`` . For tasks hosted on Amazon EC2 instances, the supported log drivers are ``awslogs`` , ``fluentd`` , ``gelf`` , ``json-file`` , ``journald`` , ``logentries`` , ``syslog`` , ``splunk`` , and ``awsfirelens`` . - This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. - For tasks that are hosted on Amazon EC2 instances, the Amazon ECS container agent must register the available logging drivers with the ``ECS_AVAILABLE_LOGGING_DRIVERS`` environment variable before containers placed on that instance can use these log configuration options. For more information, see `Amazon ECS container agent configuration <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html>`_ in the *Amazon Elastic Container Service Developer Guide* . - For tasks that are on AWS Fargate , because you don't have access to the underlying infrastructure your tasks are hosted on, any additional software needed must be installed outside of the task. For example, the Fluentd output aggregators or a remote host running Logstash to send Gelf logs to.
+            :param log_configuration: The log configuration for the container. This parameter maps to ``LogConfig`` in the `Create a container <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate>`_ section of the `Docker Remote API <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/>`_ and the ``--log-driver`` option to ```docker run`` <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/commandline/run/>`_ . By default, containers use the same logging driver that the Docker daemon uses. However, the container might use a different logging driver than the Docker daemon by specifying a log driver configuration in the container definition. For more information about the options for different supported log drivers, see `Configure logging drivers <https://docs.aws.amazon.com/https://docs.docker.com/engine/admin/logging/overview/>`_ in the Docker documentation. Understand the following when specifying a log configuration for your containers. - Amazon ECS currently supports a subset of the logging drivers available to the Docker daemon. Additional log drivers may be available in future releases of the Amazon ECS container agent. For tasks on AWS Fargate , the supported log drivers are ``awslogs`` , ``splunk`` , and ``awsfirelens`` . For tasks hosted on Amazon EC2 instances, the supported log drivers are ``awslogs`` , ``fluentd`` , ``gelf`` , ``json-file`` , ``journald`` , ``syslog`` , ``splunk`` , and ``awsfirelens`` . - This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. - For tasks that are hosted on Amazon EC2 instances, the Amazon ECS container agent must register the available logging drivers with the ``ECS_AVAILABLE_LOGGING_DRIVERS`` environment variable before containers placed on that instance can use these log configuration options. For more information, see `Amazon ECS container agent configuration <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html>`_ in the *Amazon Elastic Container Service Developer Guide* . - For tasks that are on AWS Fargate , because you don't have access to the underlying infrastructure your tasks are hosted on, any additional software needed must be installed outside of the task. For example, the Fluentd output aggregators or a remote host running Logstash to send Gelf logs to.
             :param namespace: The namespace name or full Amazon Resource Name (ARN) of the AWS Cloud Map namespace for use with Service Connect. The namespace must be in the same AWS Region as the Amazon ECS service and cluster. The type of namespace doesn't affect Service Connect. For more information about AWS Cloud Map , see `Working with Services <https://docs.aws.amazon.com/cloud-map/latest/dg/working-with-services.html>`_ in the *AWS Cloud Map Developer Guide* .
             :param services: The list of Service Connect service objects. These are names and aliases (also known as endpoints) that are used by other Amazon ECS services to connect to this service. This field is not required for a "client" Amazon ECS service that's a member of a namespace only to connect to other services within the namespace. An example of this would be a frontend application that accepts incoming requests from either a load balancer that's attached to the service or by other means. An object selects a port from the task definition, assigns a name for the AWS Cloud Map service, and a list of aliases (endpoints) and ports for client applications to refer to this service.
 
@@ -10211,7 +10216,7 @@ class CfnService(
 
             For tasks on AWS Fargate , the supported log drivers are ``awslogs`` , ``splunk`` , and ``awsfirelens`` .
 
-            For tasks hosted on Amazon EC2 instances, the supported log drivers are ``awslogs`` , ``fluentd`` , ``gelf`` , ``json-file`` , ``journald`` , ``logentries`` , ``syslog`` , ``splunk`` , and ``awsfirelens`` .
+            For tasks hosted on Amazon EC2 instances, the supported log drivers are ``awslogs`` , ``fluentd`` , ``gelf`` , ``json-file`` , ``journald`` , ``syslog`` , ``splunk`` , and ``awsfirelens`` .
 
             - This parameter requires version 1.18 of the Docker Remote API or greater on your container instance.
             - For tasks that are hosted on Amazon EC2 instances, the Amazon ECS container agent must register the available logging drivers with the ``ECS_AVAILABLE_LOGGING_DRIVERS`` environment variable before containers placed on that instance can use these log configuration options. For more information, see `Amazon ECS container agent configuration <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
@@ -12087,7 +12092,7 @@ class CfnTaskDefinition(
         :param container_definitions: A list of container definitions in JSON format that describe the different containers that make up your task. For more information about container definition parameters and defaults, see `Amazon ECS Task Definitions <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_defintions.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
         :param cpu: The number of ``cpu`` units used by the task. If you use the EC2 launch type, this field is optional. Any value can be used. If you use the Fargate launch type, this field is required. You must use one of the following values. The value that you choose determines your range of valid values for the ``memory`` parameter. The CPU units cannot be less than 1 vCPU when you use Windows containers on Fargate. - 256 (.25 vCPU) - Available ``memory`` values: 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB) - 512 (.5 vCPU) - Available ``memory`` values: 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB) - 1024 (1 vCPU) - Available ``memory`` values: 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) - 2048 (2 vCPU) - Available ``memory`` values: 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) - 4096 (4 vCPU) - Available ``memory`` values: 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) - 8192 (8 vCPU) - Available ``memory`` values: 16 GB and 60 GB in 4 GB increments This option requires Linux platform ``1.4.0`` or later. - 16384 (16vCPU) - Available ``memory`` values: 32GB and 120 GB in 8 GB increments This option requires Linux platform ``1.4.0`` or later.
         :param ephemeral_storage: The ephemeral storage settings to use for tasks run with the task definition.
-        :param execution_role_arn: The Amazon Resource Name (ARN) of the task execution role that grants the Amazon ECS container agent permission to make AWS API calls on your behalf. The task execution IAM role is required depending on the requirements of your task. For more information, see `Amazon ECS task execution IAM role <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_execution_IAM_role.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
+        :param execution_role_arn: The Amazon Resource Name (ARN) of the task execution role that grants the Amazon ECS container agent permission to make AWS API calls on your behalf. For informationabout the required IAM roles for Amazon ECS, see `IAM roles for Amazon ECS <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/security-ecs-iam-role-overview.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
         :param family: The name of a family that this task definition is registered to. Up to 255 letters (uppercase and lowercase), numbers, hyphens, and underscores are allowed. A family groups multiple versions of a task definition. Amazon ECS gives the first task definition that you registered to a family a revision number of 1. Amazon ECS gives sequential revision numbers to each task definition that you add. .. epigraph:: To use revision numbers when you update a task definition, specify this property. If you don't specify a value, AWS CloudFormation generates a new task definition each time that you update it.
         :param inference_accelerators: The Elastic Inference accelerators to use for the containers in the task.
         :param ipc_mode: The IPC resource namespace to use for the containers in the task. The valid values are ``host`` , ``task`` , or ``none`` . If ``host`` is specified, then all containers within the tasks that specified the ``host`` IPC mode on the same container instance share the same IPC resources with the host Amazon EC2 instance. If ``task`` is specified, all containers within the specified task share the same IPC resources. If ``none`` is specified, then IPC resources within the containers of a task are private and not shared with other containers in a task or on the container instance. If no value is specified, then the IPC resource namespace sharing depends on the Docker daemon setting on the container instance. For more information, see `IPC settings <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#ipc-settings---ipc>`_ in the *Docker run reference* . If the ``host`` IPC mode is used, be aware that there is a heightened risk of undesired IPC namespace expose. For more information, see `Docker security <https://docs.aws.amazon.com/https://docs.docker.com/engine/security/security/>`_ . If you are setting namespaced kernel parameters using ``systemControls`` for the containers in the task, the following will apply to your IPC resource namespace. For more information, see `System Controls <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html>`_ in the *Amazon Elastic Container Service Developer Guide* . - For tasks that use the ``host`` IPC mode, IPC namespace related ``systemControls`` are not supported. - For tasks that use the ``task`` IPC mode, IPC namespace related ``systemControls`` will apply to all containers within a task. .. epigraph:: This parameter is not supported for Windows containers or tasks run on AWS Fargate .
@@ -12099,7 +12104,7 @@ class CfnTaskDefinition(
         :param requires_compatibilities: The task launch types the task definition was validated against. The valid values are ``EC2`` , ``FARGATE`` , and ``EXTERNAL`` . For more information, see `Amazon ECS launch types <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
         :param runtime_platform: The operating system that your tasks definitions run on. A platform family is specified only for tasks using the Fargate launch type.
         :param tags: The metadata that you apply to the task definition to help you categorize and organize them. Each tag consists of a key and an optional value. You define both of them. The following basic restrictions apply to tags: - Maximum number of tags per resource - 50 - For each resource, each tag key must be unique, and each tag key can have only one value. - Maximum key length - 128 Unicode characters in UTF-8 - Maximum value length - 256 Unicode characters in UTF-8 - If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : /
-        :param task_role_arn: The short name or full Amazon Resource Name (ARN) of the AWS Identity and Access Management role that grants containers in the task permission to call AWS APIs on your behalf. For more information, see `Amazon ECS Task Role <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html>`_ in the *Amazon Elastic Container Service Developer Guide* . IAM roles for tasks on Windows require that the ``-EnableTaskIAMRole`` option is set when you launch the Amazon ECS-optimized Windows AMI. Your containers must also run some configuration code to use the feature. For more information, see `Windows IAM roles for tasks <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/windows_task_IAM_roles.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
+        :param task_role_arn: The short name or full Amazon Resource Name (ARN) of the AWS Identity and Access Management role that grants containers in the task permission to call AWS APIs on your behalf. For informationabout the required IAM roles for Amazon ECS, see `IAM roles for Amazon ECS <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/security-ecs-iam-role-overview.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
         :param volumes: The list of data volume definitions for the task. For more information, see `Using data volumes in tasks <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_data_volumes.html>`_ in the *Amazon Elastic Container Service Developer Guide* . .. epigraph:: The ``host`` and ``sourcePath`` parameters aren't supported for tasks run on AWS Fargate .
         '''
         if __debug__:
@@ -12609,7 +12614,7 @@ class CfnTaskDefinition(
             :param image: The image used to start a container. This string is passed directly to the Docker daemon. By default, images in the Docker Hub registry are available. Other repositories are specified with either ``*repository-url* / *image* : *tag*`` or ``*repository-url* / *image* @ *digest*`` . Up to 255 letters (uppercase and lowercase), numbers, hyphens, underscores, colons, periods, forward slashes, and number signs are allowed. This parameter maps to ``Image`` in the `Create a container <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate>`_ section of the `Docker Remote API <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/>`_ and the ``IMAGE`` parameter of `docker run <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration>`_ . - When a new task starts, the Amazon ECS container agent pulls the latest version of the specified image and tag for the container to use. However, subsequent updates to a repository image aren't propagated to already running tasks. - Images in Amazon ECR repositories can be specified by either using the full ``registry/repository:tag`` or ``registry/repository@digest`` . For example, ``012345678910.dkr.ecr.<region-name>.amazonaws.com/<repository-name>:latest`` or ``012345678910.dkr.ecr.<region-name>.amazonaws.com/<repository-name>@sha256:94afd1f2e64d908bc90dbca0035a5b567EXAMPLE`` . - Images in official repositories on Docker Hub use a single name (for example, ``ubuntu`` or ``mongo`` ). - Images in other repositories on Docker Hub are qualified with an organization name (for example, ``amazon/amazon-ecs-agent`` ). - Images in other online repositories are qualified further by a domain name (for example, ``quay.io/assemblyline/ubuntu`` ).
             :param name: The name of a container. If you're linking multiple containers together in a task definition, the ``name`` of one container can be entered in the ``links`` of another container to connect the containers. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. This parameter maps to ``name`` in the `Create a container <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate>`_ section of the `Docker Remote API <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/>`_ and the ``--name`` option to `docker run <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration>`_ .
             :param command: The command that's passed to the container. This parameter maps to ``Cmd`` in the `Create a container <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate>`_ section of the `Docker Remote API <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/>`_ and the ``COMMAND`` parameter to `docker run <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration>`_ . For more information, see `https://docs.docker.com/engine/reference/builder/#cmd <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/builder/#cmd>`_ . If there are multiple arguments, each argument is a separated string in the array.
-            :param cpu: The number of ``cpu`` units reserved for the container. This parameter maps to ``CpuShares`` in the `Create a container <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate>`_ section of the `Docker Remote API <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/>`_ and the ``--cpu-shares`` option to `docker run <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration>`_ . This field is optional for tasks using the Fargate launch type, and the only requirement is that the total amount of CPU reserved for all containers within a task be lower than the task-level ``cpu`` value. .. epigraph:: You can determine the number of CPU units that are available per EC2 instance type by multiplying the vCPUs listed for that instance type on the `Amazon EC2 Instances <https://docs.aws.amazon.com/ec2/instance-types/>`_ detail page by 1,024. Linux containers share unallocated CPU units with other containers on the container instance with the same ratio as their allocated amount. For example, if you run a single-container task on a single-core instance type with 512 CPU units specified for that container, and that's the only task running on the container instance, that container could use the full 1,024 CPU unit share at any given time. However, if you launched another copy of the same task on that container instance, each task is guaranteed a minimum of 512 CPU units when needed. Moreover, each container could float to higher CPU usage if the other container was not using it. If both tasks were 100% active all of the time, they would be limited to 512 CPU units. On Linux container instances, the Docker daemon on the container instance uses the CPU value to calculate the relative CPU share ratios for running containers. For more information, see `CPU share constraint <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#cpu-share-constraint>`_ in the Docker documentation. The minimum valid CPU share value that the Linux kernel allows is 2. However, the CPU parameter isn't required, and you can use CPU values below 2 in your container definitions. For CPU values below 2 (including null), the behavior varies based on your Amazon ECS container agent version: - *Agent versions less than or equal to 1.1.0:* Null and zero CPU values are passed to Docker as 0, which Docker then converts to 1,024 CPU shares. CPU values of 1 are passed to Docker as 1, which the Linux kernel converts to two CPU shares. - *Agent versions greater than or equal to 1.2.0:* Null, zero, and CPU values of 1 are passed to Docker as 2. On Windows container instances, the CPU limit is enforced as an absolute limit, or a quota. Windows containers only have access to the specified amount of CPU that's described in the task definition. A null or zero CPU value is passed to Docker as ``0`` , which Windows interprets as 1% of one CPU.
+            :param cpu: The number of ``cpu`` units reserved for the container. This parameter maps to ``CpuShares`` in the `Create a container <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate>`_ section of the `Docker Remote API <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/>`_ and the ``--cpu-shares`` option to `docker run <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration>`_ . This field is optional for tasks using the Fargate launch type, and the only requirement is that the total amount of CPU reserved for all containers within a task be lower than the task-level ``cpu`` value. .. epigraph:: You can determine the number of CPU units that are available per EC2 instance type by multiplying the vCPUs listed for that instance type on the `Amazon EC2 Instances <https://docs.aws.amazon.com/ec2/instance-types/>`_ detail page by 1,024. Linux containers share unallocated CPU units with other containers on the container instance with the same ratio as their allocated amount. For example, if you run a single-container task on a single-core instance type with 512 CPU units specified for that container, and that's the only task running on the container instance, that container could use the full 1,024 CPU unit share at any given time. However, if you launched another copy of the same task on that container instance, each task is guaranteed a minimum of 512 CPU units when needed. Moreover, each container could float to higher CPU usage if the other container was not using it. If both tasks were 100% active all of the time, they would be limited to 512 CPU units. On Linux container instances, the Docker daemon on the container instance uses the CPU value to calculate the relative CPU share ratios for running containers. For more information, see `CPU share constraint <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#cpu-share-constraint>`_ in the Docker documentation. The minimum valid CPU share value that the Linux kernel allows is 2, and the maximum valid CPU share value that the Linux kernel allows is 262144. However, the CPU parameter isn't required, and you can use CPU values below 2 or above 262144 in your container definitions. For CPU values below 2 (including null) or above 262144, the behavior varies based on your Amazon ECS container agent version: - *Agent versions less than or equal to 1.1.0:* Null and zero CPU values are passed to Docker as 0, which Docker then converts to 1,024 CPU shares. CPU values of 1 are passed to Docker as 1, which the Linux kernel converts to two CPU shares. - *Agent versions greater than or equal to 1.2.0:* Null, zero, and CPU values of 1 are passed to Docker as 2. - *Agent versions greater than or equal to 1.84.0:* CPU values greater than 256 vCPU are passed to Docker as 256, which is equivalent to 262144 CPU shares. On Windows container instances, the CPU limit is enforced as an absolute limit, or a quota. Windows containers only have access to the specified amount of CPU that's described in the task definition. A null or zero CPU value is passed to Docker as ``0`` , which Windows interprets as 1% of one CPU.
             :param credential_specs: A list of ARNs in SSM or Amazon S3 to a credential spec ( ``CredSpec`` ) file that configures the container for Active Directory authentication. We recommend that you use this parameter instead of the ``dockerSecurityOptions`` . The maximum number of ARNs is 1. There are two formats for each ARN. - **credentialspecdomainless:MyARN** - You use ``credentialspecdomainless:MyARN`` to provide a ``CredSpec`` with an additional section for a secret in AWS Secrets Manager . You provide the login credentials to the domain in the secret. Each task that runs on any container instance can join different domains. You can use this format without joining the container instance to a domain. - **credentialspec:MyARN** - You use ``credentialspec:MyARN`` to provide a ``CredSpec`` for a single domain. You must join the container instance to the domain before you start any tasks that use this task definition. In both formats, replace ``MyARN`` with the ARN in SSM or Amazon S3. If you provide a ``credentialspecdomainless:MyARN`` , the ``credspec`` must provide a ARN in AWS Secrets Manager for a secret containing the username, password, and the domain to connect to. For better security, the instance isn't joined to the domain for domainless authentication. Other applications on the instance can't use the domainless credentials. You can use this parameter to run tasks on the same instance, even it the tasks need to join different domains. For more information, see `Using gMSAs for Windows Containers <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/windows-gmsa.html>`_ and `Using gMSAs for Linux Containers <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/linux-gmsa.html>`_ .
             :param depends_on: The dependencies defined for container startup and shutdown. A container can contain multiple dependencies. When a dependency is defined for container startup, for container shutdown it is reversed. For tasks using the EC2 launch type, the container instances require at least version 1.26.0 of the container agent to turn on container dependencies. However, we recommend using the latest container agent version. For information about checking your agent version and updating to the latest version, see `Updating the Amazon ECS Container Agent <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-update.html>`_ in the *Amazon Elastic Container Service Developer Guide* . If you're using an Amazon ECS-optimized Linux AMI, your instance needs at least version 1.26.0-1 of the ``ecs-init`` package. If your container instances are launched from version ``20190301`` or later, then they contain the required versions of the container agent and ``ecs-init`` . For more information, see `Amazon ECS-optimized Linux AMI <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html>`_ in the *Amazon Elastic Container Service Developer Guide* . For tasks using the Fargate launch type, the task or service requires the following platforms: - Linux platform version ``1.3.0`` or later. - Windows platform version ``1.0.0`` or later. If the task definition is used in a blue/green deployment that uses `AWS::CodeDeploy::DeploymentGroup BlueGreenDeploymentConfiguration <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codedeploy-deploymentgroup-bluegreendeploymentconfiguration.html>`_ , the ``dependsOn`` parameter is not supported. For more information see `Issue #680 <https://docs.aws.amazon.com/https://github.com/aws-cloudformation/cloudformation-coverage-roadmap/issues/680>`_ on the on the GitHub website.
             :param disable_networking: When this parameter is true, networking is off within the container. This parameter maps to ``NetworkDisabled`` in the `Create a container <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate>`_ section of the `Docker Remote API <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/>`_ . .. epigraph:: This parameter is not supported for Windows containers.
@@ -12964,10 +12969,11 @@ class CfnTaskDefinition(
 
             Linux containers share unallocated CPU units with other containers on the container instance with the same ratio as their allocated amount. For example, if you run a single-container task on a single-core instance type with 512 CPU units specified for that container, and that's the only task running on the container instance, that container could use the full 1,024 CPU unit share at any given time. However, if you launched another copy of the same task on that container instance, each task is guaranteed a minimum of 512 CPU units when needed. Moreover, each container could float to higher CPU usage if the other container was not using it. If both tasks were 100% active all of the time, they would be limited to 512 CPU units.
 
-            On Linux container instances, the Docker daemon on the container instance uses the CPU value to calculate the relative CPU share ratios for running containers. For more information, see `CPU share constraint <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#cpu-share-constraint>`_ in the Docker documentation. The minimum valid CPU share value that the Linux kernel allows is 2. However, the CPU parameter isn't required, and you can use CPU values below 2 in your container definitions. For CPU values below 2 (including null), the behavior varies based on your Amazon ECS container agent version:
+            On Linux container instances, the Docker daemon on the container instance uses the CPU value to calculate the relative CPU share ratios for running containers. For more information, see `CPU share constraint <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#cpu-share-constraint>`_ in the Docker documentation. The minimum valid CPU share value that the Linux kernel allows is 2, and the maximum valid CPU share value that the Linux kernel allows is 262144. However, the CPU parameter isn't required, and you can use CPU values below 2 or above 262144 in your container definitions. For CPU values below 2 (including null) or above 262144, the behavior varies based on your Amazon ECS container agent version:
 
             - *Agent versions less than or equal to 1.1.0:* Null and zero CPU values are passed to Docker as 0, which Docker then converts to 1,024 CPU shares. CPU values of 1 are passed to Docker as 1, which the Linux kernel converts to two CPU shares.
             - *Agent versions greater than or equal to 1.2.0:* Null, zero, and CPU values of 1 are passed to Docker as 2.
+            - *Agent versions greater than or equal to 1.84.0:* CPU values greater than 256 vCPU are passed to Docker as 256, which is equivalent to 262144 CPU shares.
 
             On Windows container instances, the CPU limit is enforced as an absolute limit, or a quota. Windows containers only have access to the specified amount of CPU that's described in the task definition. A null or zero CPU value is passed to Docker as ``0`` , which Windows interprets as 1% of one CPU.
 
@@ -15190,7 +15196,7 @@ class CfnTaskDefinition(
         ) -> None:
             '''The ``LogConfiguration`` property specifies log configuration options to send to a custom log driver for the container.
 
-            :param log_driver: The log driver to use for the container. For tasks on AWS Fargate , the supported log drivers are ``awslogs`` , ``splunk`` , and ``awsfirelens`` . For tasks hosted on Amazon EC2 instances, the supported log drivers are ``awslogs`` , ``fluentd`` , ``gelf`` , ``json-file`` , ``journald`` , ``logentries`` , ``syslog`` , ``splunk`` , and ``awsfirelens`` . For more information about using the ``awslogs`` log driver, see `Using the awslogs log driver <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_awslogs.html>`_ in the *Amazon Elastic Container Service Developer Guide* . For more information about using the ``awsfirelens`` log driver, see `Custom log routing <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html>`_ in the *Amazon Elastic Container Service Developer Guide* . .. epigraph:: If you have a custom driver that isn't listed, you can fork the Amazon ECS container agent project that's `available on GitHub <https://docs.aws.amazon.com/https://github.com/aws/amazon-ecs-agent>`_ and customize it to work with that driver. We encourage you to submit pull requests for changes that you would like to have included. However, we don't currently provide support for running modified copies of this software.
+            :param log_driver: The log driver to use for the container. For tasks on AWS Fargate , the supported log drivers are ``awslogs`` , ``splunk`` , and ``awsfirelens`` . For tasks hosted on Amazon EC2 instances, the supported log drivers are ``awslogs`` , ``fluentd`` , ``gelf`` , ``json-file`` , ``journald`` , ``logentries`` , ``syslog`` , ``splunk`` , and ``awsfirelens`` . For more information about using the ``awslogs`` log driver, see `Send Amazon ECS logs to CloudWatch <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_awslogs.html>`_ in the *Amazon Elastic Container Service Developer Guide* . For more information about using the ``awsfirelens`` log driver, see `Send Amazon ECS logs to an AWS service or AWS Partner <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html>`_ . .. epigraph:: If you have a custom driver that isn't listed, you can fork the Amazon ECS container agent project that's `available on GitHub <https://docs.aws.amazon.com/https://github.com/aws/amazon-ecs-agent>`_ and customize it to work with that driver. We encourage you to submit pull requests for changes that you would like to have included. However, we don't currently provide support for running modified copies of this software.
             :param options: The configuration options to send to the log driver. This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'``
             :param secret_options: The secrets to pass to the log configuration. For more information, see `Specifying sensitive data <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
 
@@ -15237,9 +15243,9 @@ class CfnTaskDefinition(
 
             For tasks hosted on Amazon EC2 instances, the supported log drivers are ``awslogs`` , ``fluentd`` , ``gelf`` , ``json-file`` , ``journald`` , ``logentries`` , ``syslog`` , ``splunk`` , and ``awsfirelens`` .
 
-            For more information about using the ``awslogs`` log driver, see `Using the awslogs log driver <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_awslogs.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
+            For more information about using the ``awslogs`` log driver, see `Send Amazon ECS logs to CloudWatch <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_awslogs.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
 
-            For more information about using the ``awsfirelens`` log driver, see `Custom log routing <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
+            For more information about using the ``awsfirelens`` log driver, see `Send Amazon ECS logs to an AWS service or AWS Partner <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html>`_ .
             .. epigraph::
 
                If you have a custom driver that isn't listed, you can fork the Amazon ECS container agent project that's `available on GitHub <https://docs.aws.amazon.com/https://github.com/aws/amazon-ecs-agent>`_ and customize it to work with that driver. We encourage you to submit pull requests for changes that you would like to have included. However, we don't currently provide support for running modified copies of this software.
@@ -16262,7 +16268,7 @@ class CfnTaskDefinition(
         ) -> None:
             '''The ``ulimit`` settings to pass to the container.
 
-            Amazon ECS tasks hosted on AWS Fargate use the default resource limit values set by the operating system with the exception of the ``nofile`` resource limit parameter which AWS Fargate overrides. The ``nofile`` resource limit sets a restriction on the number of open files that a container can use. The default ``nofile`` soft limit is ``1024`` and the default hard limit is ``65535`` .
+            Amazon ECS tasks hosted on AWS Fargate use the default resource limit values set by the operating system with the exception of the ``nofile`` resource limit parameter which AWS Fargate overrides. The ``nofile`` resource limit sets a restriction on the number of open files that a container can use. The default ``nofile`` soft limit is ``65535`` and the default hard limit is ``65535`` .
 
             You can specify the ``ulimit`` settings for a container in a task definition.
 
@@ -16662,7 +16668,7 @@ class CfnTaskDefinitionProps:
         :param container_definitions: A list of container definitions in JSON format that describe the different containers that make up your task. For more information about container definition parameters and defaults, see `Amazon ECS Task Definitions <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_defintions.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
         :param cpu: The number of ``cpu`` units used by the task. If you use the EC2 launch type, this field is optional. Any value can be used. If you use the Fargate launch type, this field is required. You must use one of the following values. The value that you choose determines your range of valid values for the ``memory`` parameter. The CPU units cannot be less than 1 vCPU when you use Windows containers on Fargate. - 256 (.25 vCPU) - Available ``memory`` values: 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB) - 512 (.5 vCPU) - Available ``memory`` values: 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB) - 1024 (1 vCPU) - Available ``memory`` values: 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) - 2048 (2 vCPU) - Available ``memory`` values: 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) - 4096 (4 vCPU) - Available ``memory`` values: 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) - 8192 (8 vCPU) - Available ``memory`` values: 16 GB and 60 GB in 4 GB increments This option requires Linux platform ``1.4.0`` or later. - 16384 (16vCPU) - Available ``memory`` values: 32GB and 120 GB in 8 GB increments This option requires Linux platform ``1.4.0`` or later.
         :param ephemeral_storage: The ephemeral storage settings to use for tasks run with the task definition.
-        :param execution_role_arn: The Amazon Resource Name (ARN) of the task execution role that grants the Amazon ECS container agent permission to make AWS API calls on your behalf. The task execution IAM role is required depending on the requirements of your task. For more information, see `Amazon ECS task execution IAM role <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_execution_IAM_role.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
+        :param execution_role_arn: The Amazon Resource Name (ARN) of the task execution role that grants the Amazon ECS container agent permission to make AWS API calls on your behalf. For informationabout the required IAM roles for Amazon ECS, see `IAM roles for Amazon ECS <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/security-ecs-iam-role-overview.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
         :param family: The name of a family that this task definition is registered to. Up to 255 letters (uppercase and lowercase), numbers, hyphens, and underscores are allowed. A family groups multiple versions of a task definition. Amazon ECS gives the first task definition that you registered to a family a revision number of 1. Amazon ECS gives sequential revision numbers to each task definition that you add. .. epigraph:: To use revision numbers when you update a task definition, specify this property. If you don't specify a value, AWS CloudFormation generates a new task definition each time that you update it.
         :param inference_accelerators: The Elastic Inference accelerators to use for the containers in the task.
         :param ipc_mode: The IPC resource namespace to use for the containers in the task. The valid values are ``host`` , ``task`` , or ``none`` . If ``host`` is specified, then all containers within the tasks that specified the ``host`` IPC mode on the same container instance share the same IPC resources with the host Amazon EC2 instance. If ``task`` is specified, all containers within the specified task share the same IPC resources. If ``none`` is specified, then IPC resources within the containers of a task are private and not shared with other containers in a task or on the container instance. If no value is specified, then the IPC resource namespace sharing depends on the Docker daemon setting on the container instance. For more information, see `IPC settings <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#ipc-settings---ipc>`_ in the *Docker run reference* . If the ``host`` IPC mode is used, be aware that there is a heightened risk of undesired IPC namespace expose. For more information, see `Docker security <https://docs.aws.amazon.com/https://docs.docker.com/engine/security/security/>`_ . If you are setting namespaced kernel parameters using ``systemControls`` for the containers in the task, the following will apply to your IPC resource namespace. For more information, see `System Controls <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html>`_ in the *Amazon Elastic Container Service Developer Guide* . - For tasks that use the ``host`` IPC mode, IPC namespace related ``systemControls`` are not supported. - For tasks that use the ``task`` IPC mode, IPC namespace related ``systemControls`` will apply to all containers within a task. .. epigraph:: This parameter is not supported for Windows containers or tasks run on AWS Fargate .
@@ -16674,7 +16680,7 @@ class CfnTaskDefinitionProps:
         :param requires_compatibilities: The task launch types the task definition was validated against. The valid values are ``EC2`` , ``FARGATE`` , and ``EXTERNAL`` . For more information, see `Amazon ECS launch types <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
         :param runtime_platform: The operating system that your tasks definitions run on. A platform family is specified only for tasks using the Fargate launch type.
         :param tags: The metadata that you apply to the task definition to help you categorize and organize them. Each tag consists of a key and an optional value. You define both of them. The following basic restrictions apply to tags: - Maximum number of tags per resource - 50 - For each resource, each tag key must be unique, and each tag key can have only one value. - Maximum key length - 128 Unicode characters in UTF-8 - Maximum value length - 256 Unicode characters in UTF-8 - If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : /
-        :param task_role_arn: The short name or full Amazon Resource Name (ARN) of the AWS Identity and Access Management role that grants containers in the task permission to call AWS APIs on your behalf. For more information, see `Amazon ECS Task Role <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html>`_ in the *Amazon Elastic Container Service Developer Guide* . IAM roles for tasks on Windows require that the ``-EnableTaskIAMRole`` option is set when you launch the Amazon ECS-optimized Windows AMI. Your containers must also run some configuration code to use the feature. For more information, see `Windows IAM roles for tasks <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/windows_task_IAM_roles.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
+        :param task_role_arn: The short name or full Amazon Resource Name (ARN) of the AWS Identity and Access Management role that grants containers in the task permission to call AWS APIs on your behalf. For informationabout the required IAM roles for Amazon ECS, see `IAM roles for Amazon ECS <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/security-ecs-iam-role-overview.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
         :param volumes: The list of data volume definitions for the task. For more information, see `Using data volumes in tasks <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_data_volumes.html>`_ in the *Amazon Elastic Container Service Developer Guide* . .. epigraph:: The ``host`` and ``sourcePath`` parameters aren't supported for tasks run on AWS Fargate .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html
@@ -17008,7 +17014,7 @@ class CfnTaskDefinitionProps:
     def execution_role_arn(self) -> typing.Optional[builtins.str]:
         '''The Amazon Resource Name (ARN) of the task execution role that grants the Amazon ECS container agent permission to make AWS API calls on your behalf.
 
-        The task execution IAM role is required depending on the requirements of your task. For more information, see `Amazon ECS task execution IAM role <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_execution_IAM_role.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
+        For informationabout the required IAM roles for Amazon ECS, see `IAM roles for Amazon ECS <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/security-ecs-iam-role-overview.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-executionrolearn
         '''
@@ -17217,9 +17223,7 @@ class CfnTaskDefinitionProps:
     def task_role_arn(self) -> typing.Optional[builtins.str]:
         '''The short name or full Amazon Resource Name (ARN) of the AWS Identity and Access Management role that grants containers in the task permission to call AWS APIs on your behalf.
 
-        For more information, see `Amazon ECS Task Role <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
-
-        IAM roles for tasks on Windows require that the ``-EnableTaskIAMRole`` option is set when you launch the Amazon ECS-optimized Windows AMI. Your containers must also run some configuration code to use the feature. For more information, see `Windows IAM roles for tasks <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/windows_task_IAM_roles.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
+        For informationabout the required IAM roles for Amazon ECS, see `IAM roles for Amazon ECS <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/security-ecs-iam-role-overview.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-taskrolearn
         '''

aws_cdk/aws_ecs_patterns/__init__.py

@@ -1,4 +1,4 @@
-'''
+r'''
 # CDK Construct library for higher-level ECS Constructs
 
 This library provides higher-level Amazon ECS constructs which follow common architectural patterns. It contains:

aws_cdk/aws_efs/__init__.py

@@ -1,4 +1,4 @@
-'''
+r'''
 # Amazon Elastic File System Construct Library
 
 [Amazon Elastic File System](https://docs.aws.amazon.com/efs/latest/ug/whatisefs.html) (Amazon EFS) provides a simple, scalable,