aws-cdk-lib 2.149.0__py3-none-any.whl → 2.151.0__py3-none-any.whl

aws_cdk/aws_synthetics/__init__.py

@@ -88,6 +88,64 @@ schedule = synthetics.Schedule.cron(
 
 If you want the canary to run just once upon deployment, you can use `Schedule.once()`.
 
+### Active Tracing
+
+You can choose to enable active AWS X-Ray tracing on canaries that use the `syn-nodejs-2.0` or later runtime by setting `activeTracing` to `true`.
+
+With tracing enabled, traces are sent for all calls made by the canary that use the browser, the AWS SDK, or HTTP or HTTPS modules.
+
+For more information, see [Canaries and X-Ray tracing](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Canaries_tracing.html).
+
+```python
+canary = synthetics.Canary(self, "MyCanary",
+    schedule=synthetics.Schedule.rate(Duration.minutes(5)),
+    test=synthetics.Test.custom(
+        code=synthetics.Code.from_asset(path.join(__dirname, "canary")),
+        handler="index.handler"
+    ),
+    runtime=synthetics.Runtime.SYNTHETICS_NODEJS_PUPPETEER_6_2,
+    active_tracing=True
+)
+```
+
+### Memory
+
+You can set the maximum amount of memory the canary can use while running with the `memory` property.
+
+```python
+import aws_cdk as cdk
+
+
+canary = synthetics.Canary(self, "MyCanary",
+    schedule=synthetics.Schedule.rate(Duration.minutes(5)),
+    test=synthetics.Test.custom(
+        code=synthetics.Code.from_asset(path.join(__dirname, "canary")),
+        handler="index.handler"
+    ),
+    runtime=synthetics.Runtime.SYNTHETICS_NODEJS_PUPPETEER_6_2,
+    memory=cdk.Size.mebibytes(1024)
+)
+```
+
+### Timeout
+
+You can set how long the canary is allowed to run before it must stop with the `timeout` property.
+
+```python
+import aws_cdk as cdk
+
+
+canary = synthetics.Canary(self, "MyCanary",
+    schedule=synthetics.Schedule.rate(Duration.minutes(5)),
+    test=synthetics.Test.custom(
+        code=synthetics.Code.from_asset(path.join(__dirname, "canary")),
+        handler="index.handler"
+    ),
+    runtime=synthetics.Runtime.SYNTHETICS_NODEJS_PUPPETEER_6_2,
+    timeout=cdk.Duration.seconds(60)
+)
+```
+
 ### Deleting underlying resources on canary deletion
 
 When you delete a lambda, the following underlying resources are isolated in your AWS account:
@@ -279,6 +337,7 @@ from .. import (
     ITaggable as _ITaggable_36806126,
     IgnoreMode as _IgnoreMode_655a98e8,
     Resource as _Resource_45bc6135,
+    Size as _Size_7b441c34,
     SymlinkFollowMode as _SymlinkFollowMode_047ec1f6,
     TagManager as _TagManager_0a598cb3,
     TreeInspector as _TreeInspector_488e0dd5,
@@ -394,6 +453,9 @@ class Canary(
 
     Example::
 
+        import aws_cdk as cdk
+        
+        
         canary = synthetics.Canary(self, "MyCanary",
             schedule=synthetics.Schedule.rate(Duration.minutes(5)),
             test=synthetics.Test.custom(
@@ -401,9 +463,7 @@ class Canary(
                 handler="index.handler"
             ),
             runtime=synthetics.Runtime.SYNTHETICS_NODEJS_PUPPETEER_6_2,
-            environment_variables={
-                "stage": "prod"
-            }
+            memory=cdk.Size.mebibytes(1024)
         )
     '''
 
@@ -414,17 +474,20 @@ class Canary(
         *,
         runtime: "Runtime",
         test: "Test",
+        active_tracing: typing.Optional[builtins.bool] = None,
         artifacts_bucket_lifecycle_rules: typing.Optional[typing.Sequence[typing.Union[_LifecycleRule_bb74e6ff, typing.Dict[builtins.str, typing.Any]]]] = None,
         artifacts_bucket_location: typing.Optional[typing.Union[ArtifactsBucketLocation, typing.Dict[builtins.str, typing.Any]]] = None,
         canary_name: typing.Optional[builtins.str] = None,
         cleanup: typing.Optional["Cleanup"] = None,
         environment_variables: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
         failure_retention_period: typing.Optional[_Duration_4839e8c3] = None,
+        memory: typing.Optional[_Size_7b441c34] = None,
         role: typing.Optional[_IRole_235f5d8e] = None,
         schedule: typing.Optional["Schedule"] = None,
         security_groups: typing.Optional[typing.Sequence[_ISecurityGroup_acf8a799]] = None,
         start_after_creation: typing.Optional[builtins.bool] = None,
         success_retention_period: typing.Optional[_Duration_4839e8c3] = None,
+        timeout: typing.Optional[_Duration_4839e8c3] = None,
         time_to_live: typing.Optional[_Duration_4839e8c3] = None,
         vpc: typing.Optional[_IVpc_f30d5663] = None,
         vpc_subnets: typing.Optional[typing.Union[_SubnetSelection_e57d76df, typing.Dict[builtins.str, typing.Any]]] = None,
@@ -434,17 +497,20 @@ class Canary(
         :param id: -
         :param runtime: Specify the runtime version to use for the canary.
         :param test: The type of test that you want your canary to run. Use ``Test.custom()`` to specify the test to run.
+        :param active_tracing: Specifies whether this canary is to use active AWS X-Ray tracing when it runs. Active tracing enables this canary run to be displayed in the ServiceLens and X-Ray service maps even if the canary does not hit an endpoint that has X-Ray tracing enabled. Using X-Ray tracing incurs charges. You can enable active tracing only for canaries that use version ``syn-nodejs-2.0`` or later for their canary runtime. Default: false
         :param artifacts_bucket_lifecycle_rules: Lifecycle rules for the generated canary artifact bucket. Has no effect if a bucket is passed to ``artifactsBucketLocation``. If you pass a bucket to ``artifactsBucketLocation``, you can add lifecycle rules to the bucket itself. Default: - no rules applied to the generated bucket.
         :param artifacts_bucket_location: The s3 location that stores the data of the canary runs. Default: - A new s3 bucket will be created without a prefix.
         :param canary_name: The name of the canary. Be sure to give it a descriptive name that distinguishes it from other canaries in your account. Do not include secrets or proprietary information in your canary name. The canary name makes up part of the canary ARN, which is included in outbound calls over the internet. Default: - A unique name will be generated from the construct ID
         :param cleanup: Specify the underlying resources to be cleaned up when the canary is deleted. Using ``Cleanup.LAMBDA`` will create a Custom Resource to achieve this. Default: Cleanup.NOTHING
         :param environment_variables: Key-value pairs that the Synthetics caches and makes available for your canary scripts. Use environment variables to apply configuration changes, such as test and production environment configurations, without changing your Canary script source code. Default: - No environment variables.
         :param failure_retention_period: How many days should failed runs be retained. Default: Duration.days(31)
+        :param memory: The maximum amount of memory that the canary can use while running. This value must be a multiple of 64 Mib. The range is 960 MiB to 3008 MiB. Default: Size.mebibytes(1024)
         :param role: Canary execution role. This is the role that will be assumed by the canary upon execution. It controls the permissions that the canary will have. The role must be assumable by the AWS Lambda service principal. If not supplied, a role will be created with all the required permissions. If you provide a Role, you must add the required permissions. Default: - A unique role will be generated for this canary. You can add permissions to roles by calling 'addToRolePolicy'.
         :param schedule: Specify the schedule for how often the canary runs. For example, if you set ``schedule`` to ``rate(10 minutes)``, then the canary will run every 10 minutes. You can set the schedule with ``Schedule.rate(Duration)`` (recommended) or you can specify an expression using ``Schedule.expression()``. Default: 'rate(5 minutes)'
         :param security_groups: The list of security groups to associate with the canary's network interfaces. You must provide ``vpc`` when using this prop. Default: - If the canary is placed within a VPC and a security group is not specified a dedicated security group will be created for this canary.
         :param start_after_creation: Whether or not the canary should start after creation. Default: true
         :param success_retention_period: How many days should successful runs be retained. Default: Duration.days(31)
+        :param timeout: How long the canary is allowed to run before it must stop. You can't set this time to be longer than the frequency of the runs of this canary. The minimum allowed value is 3 seconds. The maximum allowed value is 840 seconds (14 minutes). Default: - the frequency of the canary is used as this value, up to a maximum of 900 seconds.
         :param time_to_live: How long the canary will be in a 'RUNNING' state. For example, if you set ``timeToLive`` to be 1 hour and ``schedule`` to be ``rate(10 minutes)``, your canary will run at 10 minute intervals for an hour, for a total of 6 times. Default: - no limit
         :param vpc: The VPC where this canary is run. Specify this if the canary needs to access resources in a VPC. Default: - Not in VPC
         :param vpc_subnets: Where to place the network interfaces within the VPC. You must provide ``vpc`` when using this prop. Default: - the Vpc default strategy if not specified
@@ -456,17 +522,20 @@ class Canary(
         props = CanaryProps(
             runtime=runtime,
             test=test,
+            active_tracing=active_tracing,
             artifacts_bucket_lifecycle_rules=artifacts_bucket_lifecycle_rules,
             artifacts_bucket_location=artifacts_bucket_location,
             canary_name=canary_name,
             cleanup=cleanup,
             environment_variables=environment_variables,
             failure_retention_period=failure_retention_period,
+            memory=memory,
             role=role,
             schedule=schedule,
             security_groups=security_groups,
             start_after_creation=start_after_creation,
             success_retention_period=success_retention_period,
+            timeout=timeout,
             time_to_live=time_to_live,
             vpc=vpc,
             vpc_subnets=vpc_subnets,
@@ -648,17 +717,20 @@ class Canary(
     name_mapping={
         "runtime": "runtime",
         "test": "test",
+        "active_tracing": "activeTracing",
         "artifacts_bucket_lifecycle_rules": "artifactsBucketLifecycleRules",
         "artifacts_bucket_location": "artifactsBucketLocation",
         "canary_name": "canaryName",
         "cleanup": "cleanup",
         "environment_variables": "environmentVariables",
         "failure_retention_period": "failureRetentionPeriod",
+        "memory": "memory",
         "role": "role",
         "schedule": "schedule",
         "security_groups": "securityGroups",
         "start_after_creation": "startAfterCreation",
         "success_retention_period": "successRetentionPeriod",
+        "timeout": "timeout",
         "time_to_live": "timeToLive",
         "vpc": "vpc",
         "vpc_subnets": "vpcSubnets",
@@ -670,17 +742,20 @@ class CanaryProps:
         *,
         runtime: "Runtime",
         test: "Test",
+        active_tracing: typing.Optional[builtins.bool] = None,
         artifacts_bucket_lifecycle_rules: typing.Optional[typing.Sequence[typing.Union[_LifecycleRule_bb74e6ff, typing.Dict[builtins.str, typing.Any]]]] = None,
         artifacts_bucket_location: typing.Optional[typing.Union[ArtifactsBucketLocation, typing.Dict[builtins.str, typing.Any]]] = None,
         canary_name: typing.Optional[builtins.str] = None,
         cleanup: typing.Optional["Cleanup"] = None,
         environment_variables: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
         failure_retention_period: typing.Optional[_Duration_4839e8c3] = None,
+        memory: typing.Optional[_Size_7b441c34] = None,
         role: typing.Optional[_IRole_235f5d8e] = None,
         schedule: typing.Optional["Schedule"] = None,
         security_groups: typing.Optional[typing.Sequence[_ISecurityGroup_acf8a799]] = None,
         start_after_creation: typing.Optional[builtins.bool] = None,
         success_retention_period: typing.Optional[_Duration_4839e8c3] = None,
+        timeout: typing.Optional[_Duration_4839e8c3] = None,
         time_to_live: typing.Optional[_Duration_4839e8c3] = None,
         vpc: typing.Optional[_IVpc_f30d5663] = None,
         vpc_subnets: typing.Optional[typing.Union[_SubnetSelection_e57d76df, typing.Dict[builtins.str, typing.Any]]] = None,
@@ -689,17 +764,20 @@ class CanaryProps:
 
         :param runtime: Specify the runtime version to use for the canary.
         :param test: The type of test that you want your canary to run. Use ``Test.custom()`` to specify the test to run.
+        :param active_tracing: Specifies whether this canary is to use active AWS X-Ray tracing when it runs. Active tracing enables this canary run to be displayed in the ServiceLens and X-Ray service maps even if the canary does not hit an endpoint that has X-Ray tracing enabled. Using X-Ray tracing incurs charges. You can enable active tracing only for canaries that use version ``syn-nodejs-2.0`` or later for their canary runtime. Default: false
         :param artifacts_bucket_lifecycle_rules: Lifecycle rules for the generated canary artifact bucket. Has no effect if a bucket is passed to ``artifactsBucketLocation``. If you pass a bucket to ``artifactsBucketLocation``, you can add lifecycle rules to the bucket itself. Default: - no rules applied to the generated bucket.
         :param artifacts_bucket_location: The s3 location that stores the data of the canary runs. Default: - A new s3 bucket will be created without a prefix.
         :param canary_name: The name of the canary. Be sure to give it a descriptive name that distinguishes it from other canaries in your account. Do not include secrets or proprietary information in your canary name. The canary name makes up part of the canary ARN, which is included in outbound calls over the internet. Default: - A unique name will be generated from the construct ID
         :param cleanup: Specify the underlying resources to be cleaned up when the canary is deleted. Using ``Cleanup.LAMBDA`` will create a Custom Resource to achieve this. Default: Cleanup.NOTHING
         :param environment_variables: Key-value pairs that the Synthetics caches and makes available for your canary scripts. Use environment variables to apply configuration changes, such as test and production environment configurations, without changing your Canary script source code. Default: - No environment variables.
         :param failure_retention_period: How many days should failed runs be retained. Default: Duration.days(31)
+        :param memory: The maximum amount of memory that the canary can use while running. This value must be a multiple of 64 Mib. The range is 960 MiB to 3008 MiB. Default: Size.mebibytes(1024)
         :param role: Canary execution role. This is the role that will be assumed by the canary upon execution. It controls the permissions that the canary will have. The role must be assumable by the AWS Lambda service principal. If not supplied, a role will be created with all the required permissions. If you provide a Role, you must add the required permissions. Default: - A unique role will be generated for this canary. You can add permissions to roles by calling 'addToRolePolicy'.
         :param schedule: Specify the schedule for how often the canary runs. For example, if you set ``schedule`` to ``rate(10 minutes)``, then the canary will run every 10 minutes. You can set the schedule with ``Schedule.rate(Duration)`` (recommended) or you can specify an expression using ``Schedule.expression()``. Default: 'rate(5 minutes)'
         :param security_groups: The list of security groups to associate with the canary's network interfaces. You must provide ``vpc`` when using this prop. Default: - If the canary is placed within a VPC and a security group is not specified a dedicated security group will be created for this canary.
         :param start_after_creation: Whether or not the canary should start after creation. Default: true
         :param success_retention_period: How many days should successful runs be retained. Default: Duration.days(31)
+        :param timeout: How long the canary is allowed to run before it must stop. You can't set this time to be longer than the frequency of the runs of this canary. The minimum allowed value is 3 seconds. The maximum allowed value is 840 seconds (14 minutes). Default: - the frequency of the canary is used as this value, up to a maximum of 900 seconds.
         :param time_to_live: How long the canary will be in a 'RUNNING' state. For example, if you set ``timeToLive`` to be 1 hour and ``schedule`` to be ``rate(10 minutes)``, your canary will run at 10 minute intervals for an hour, for a total of 6 times. Default: - no limit
         :param vpc: The VPC where this canary is run. Specify this if the canary needs to access resources in a VPC. Default: - Not in VPC
         :param vpc_subnets: Where to place the network interfaces within the VPC. You must provide ``vpc`` when using this prop. Default: - the Vpc default strategy if not specified
@@ -708,6 +786,9 @@ class CanaryProps:
 
         Example::
 
+            import aws_cdk as cdk
+            
+            
             canary = synthetics.Canary(self, "MyCanary",
                 schedule=synthetics.Schedule.rate(Duration.minutes(5)),
                 test=synthetics.Test.custom(
@@ -715,9 +796,7 @@ class CanaryProps:
                     handler="index.handler"
                 ),
                 runtime=synthetics.Runtime.SYNTHETICS_NODEJS_PUPPETEER_6_2,
-                environment_variables={
-                    "stage": "prod"
-                }
+                memory=cdk.Size.mebibytes(1024)
             )
         '''
         if isinstance(artifacts_bucket_location, dict):
@@ -728,17 +807,20 @@ class CanaryProps:
             type_hints = typing.get_type_hints(_typecheckingstub__44ec0b14d52b66927d4daebe6f97bb070f3629bb0eb86e21668ca7862bb5f5bd)
             check_type(argname="argument runtime", value=runtime, expected_type=type_hints["runtime"])
             check_type(argname="argument test", value=test, expected_type=type_hints["test"])
+            check_type(argname="argument active_tracing", value=active_tracing, expected_type=type_hints["active_tracing"])
             check_type(argname="argument artifacts_bucket_lifecycle_rules", value=artifacts_bucket_lifecycle_rules, expected_type=type_hints["artifacts_bucket_lifecycle_rules"])
             check_type(argname="argument artifacts_bucket_location", value=artifacts_bucket_location, expected_type=type_hints["artifacts_bucket_location"])
             check_type(argname="argument canary_name", value=canary_name, expected_type=type_hints["canary_name"])
             check_type(argname="argument cleanup", value=cleanup, expected_type=type_hints["cleanup"])
             check_type(argname="argument environment_variables", value=environment_variables, expected_type=type_hints["environment_variables"])
             check_type(argname="argument failure_retention_period", value=failure_retention_period, expected_type=type_hints["failure_retention_period"])
+            check_type(argname="argument memory", value=memory, expected_type=type_hints["memory"])
             check_type(argname="argument role", value=role, expected_type=type_hints["role"])
             check_type(argname="argument schedule", value=schedule, expected_type=type_hints["schedule"])
             check_type(argname="argument security_groups", value=security_groups, expected_type=type_hints["security_groups"])
             check_type(argname="argument start_after_creation", value=start_after_creation, expected_type=type_hints["start_after_creation"])
             check_type(argname="argument success_retention_period", value=success_retention_period, expected_type=type_hints["success_retention_period"])
+            check_type(argname="argument timeout", value=timeout, expected_type=type_hints["timeout"])
             check_type(argname="argument time_to_live", value=time_to_live, expected_type=type_hints["time_to_live"])
             check_type(argname="argument vpc", value=vpc, expected_type=type_hints["vpc"])
             check_type(argname="argument vpc_subnets", value=vpc_subnets, expected_type=type_hints["vpc_subnets"])
@@ -746,6 +828,8 @@ class CanaryProps:
             "runtime": runtime,
             "test": test,
         }
+        if active_tracing is not None:
+            self._values["active_tracing"] = active_tracing
         if artifacts_bucket_lifecycle_rules is not None:
             self._values["artifacts_bucket_lifecycle_rules"] = artifacts_bucket_lifecycle_rules
         if artifacts_bucket_location is not None:
@@ -758,6 +842,8 @@ class CanaryProps:
             self._values["environment_variables"] = environment_variables
         if failure_retention_period is not None:
             self._values["failure_retention_period"] = failure_retention_period
+        if memory is not None:
+            self._values["memory"] = memory
         if role is not None:
             self._values["role"] = role
         if schedule is not None:
@@ -768,6 +854,8 @@ class CanaryProps:
             self._values["start_after_creation"] = start_after_creation
         if success_retention_period is not None:
             self._values["success_retention_period"] = success_retention_period
+        if timeout is not None:
+            self._values["timeout"] = timeout
         if time_to_live is not None:
             self._values["time_to_live"] = time_to_live
         if vpc is not None:
@@ -795,6 +883,22 @@ class CanaryProps:
         assert result is not None, "Required property 'test' is missing"
         return typing.cast("Test", result)
 
+    @builtins.property
+    def active_tracing(self) -> typing.Optional[builtins.bool]:
+        '''Specifies whether this canary is to use active AWS X-Ray tracing when it runs.
+
+        Active tracing enables this canary run to be displayed in the ServiceLens and X-Ray service maps even if the
+        canary does not hit an endpoint that has X-Ray tracing enabled. Using X-Ray tracing incurs charges.
+
+        You can enable active tracing only for canaries that use version ``syn-nodejs-2.0`` or later for their canary runtime.
+
+        :default: false
+
+        :see: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Canaries_tracing.html
+        '''
+        result = self._values.get("active_tracing")
+        return typing.cast(typing.Optional[builtins.bool], result)
+
     @builtins.property
     def artifacts_bucket_lifecycle_rules(
         self,
@@ -872,6 +976,18 @@ class CanaryProps:
         result = self._values.get("failure_retention_period")
         return typing.cast(typing.Optional[_Duration_4839e8c3], result)
 
+    @builtins.property
+    def memory(self) -> typing.Optional[_Size_7b441c34]:
+        '''The maximum amount of memory that the canary can use while running.
+
+        This value must be a multiple of 64 Mib.
+        The range is 960 MiB to 3008 MiB.
+
+        :default: Size.mebibytes(1024)
+        '''
+        result = self._values.get("memory")
+        return typing.cast(typing.Optional[_Size_7b441c34], result)
+
     @builtins.property
     def role(self) -> typing.Optional[_IRole_235f5d8e]:
         '''Canary execution role.
@@ -937,6 +1053,20 @@ class CanaryProps:
         result = self._values.get("success_retention_period")
         return typing.cast(typing.Optional[_Duration_4839e8c3], result)
 
+    @builtins.property
+    def timeout(self) -> typing.Optional[_Duration_4839e8c3]:
+        '''How long the canary is allowed to run before it must stop.
+
+        You can't set this time to be longer than the frequency of the runs of this canary.
+
+        The minimum allowed value is 3 seconds.
+        The maximum allowed value is 840 seconds (14 minutes).
+
+        :default: - the frequency of the canary is used as this value, up to a maximum of 900 seconds.
+        '''
+        result = self._values.get("timeout")
+        return typing.cast(typing.Optional[_Duration_4839e8c3], result)
+
     @builtins.property
     def time_to_live(self) -> typing.Optional[_Duration_4839e8c3]:
         '''How long the canary will be in a 'RUNNING' state.
@@ -2881,6 +3011,9 @@ class Code(
 
     Example::
 
+        import aws_cdk as cdk
+        
+        
         canary = synthetics.Canary(self, "MyCanary",
             schedule=synthetics.Schedule.rate(Duration.minutes(5)),
             test=synthetics.Test.custom(
@@ -2888,9 +3021,7 @@ class Code(
                 handler="index.handler"
             ),
             runtime=synthetics.Runtime.SYNTHETICS_NODEJS_PUPPETEER_6_2,
-            environment_variables={
-                "stage": "prod"
-            }
+            memory=cdk.Size.mebibytes(1024)
         )
     '''
 
@@ -3245,6 +3376,9 @@ class CustomTestOptions:
 
         Example::
 
+            import aws_cdk as cdk
+            
+            
             canary = synthetics.Canary(self, "MyCanary",
                 schedule=synthetics.Schedule.rate(Duration.minutes(5)),
                 test=synthetics.Test.custom(
@@ -3252,9 +3386,7 @@ class CustomTestOptions:
                     handler="index.handler"
                 ),
                 runtime=synthetics.Runtime.SYNTHETICS_NODEJS_PUPPETEER_6_2,
-                environment_variables={
-                    "stage": "prod"
-                }
+                memory=cdk.Size.mebibytes(1024)
             )
         '''
         if __debug__:
@@ -3350,6 +3482,9 @@ class Runtime(metaclass=jsii.JSIIMeta, jsii_type="aws-cdk-lib.aws_synthetics.Run
 
     Example::
 
+        import aws_cdk as cdk
+        
+        
         canary = synthetics.Canary(self, "MyCanary",
             schedule=synthetics.Schedule.rate(Duration.minutes(5)),
             test=synthetics.Test.custom(
@@ -3357,9 +3492,7 @@ class Runtime(metaclass=jsii.JSIIMeta, jsii_type="aws-cdk-lib.aws_synthetics.Run
                 handler="index.handler"
             ),
             runtime=synthetics.Runtime.SYNTHETICS_NODEJS_PUPPETEER_6_2,
-            environment_variables={
-                "stage": "prod"
-            }
+            memory=cdk.Size.mebibytes(1024)
         )
     '''
 
@@ -3564,7 +3697,7 @@ class Runtime(metaclass=jsii.JSIIMeta, jsii_type="aws-cdk-lib.aws_synthetics.Run
         - **Ephemeral storage monitoring**: This runtime adds ephemeral storage monitoring in customer accounts.
         - **Bug fixes**
 
-        :see: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Library_nodejs_puppeteer.html#CloudWatch_Synthetics_runtimeversion-nodejs-puppeteer-6.1
+        :see: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Library_nodejs_puppeteer.html#CloudWatch_Synthetics_runtimeversion-nodejs-puppeteer-6.2
         '''
         return typing.cast("Runtime", jsii.sget(cls, "SYNTHETICS_NODEJS_PUPPETEER_6_2"))
 
@@ -3581,6 +3714,20 @@ class Runtime(metaclass=jsii.JSIIMeta, jsii_type="aws-cdk-lib.aws_synthetics.Run
         '''
         return typing.cast("Runtime", jsii.sget(cls, "SYNTHETICS_NODEJS_PUPPETEER_7_0"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="SYNTHETICS_NODEJS_PUPPETEER_8_0")
+    def SYNTHETICS_NODEJS_PUPPETEER_8_0(cls) -> "Runtime":
+        '''``syn-nodejs-puppeteer-8.0`` includes the following: - Lambda runtime Node.js 20.x - Puppeteer-core version 22.10.0 - Chromium version 125.0.6422.112.
+
+        New Features:
+
+        - **Support for two-factor authentication**
+        - **Bug fixes** for situations where some service clients were losing data in Node.js SDK V3 responses.
+
+        :see: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Library_nodejs_puppeteer.html#CloudWatch_Synthetics_runtimeversion-nodejs-puppeteer-8.0
+        '''
+        return typing.cast("Runtime", jsii.sget(cls, "SYNTHETICS_NODEJS_PUPPETEER_8_0"))
+
     @jsii.python.classproperty
     @jsii.member(jsii_name="SYNTHETICS_PYTHON_SELENIUM_1_0")
     def SYNTHETICS_PYTHON_SELENIUM_1_0(cls) -> "Runtime":
@@ -3794,9 +3941,7 @@ class Schedule(
                 handler="index.handler"
             ),
             runtime=synthetics.Runtime.SYNTHETICS_NODEJS_PUPPETEER_6_2,
-            environment_variables={
-                "stage": "prod"
-            }
+            active_tracing=True
         )
     '''
 
@@ -3875,6 +4020,9 @@ class Test(metaclass=jsii.JSIIMeta, jsii_type="aws-cdk-lib.aws_synthetics.Test")
 
     Example::
 
+        import aws_cdk as cdk
+        
+        
         canary = synthetics.Canary(self, "MyCanary",
             schedule=synthetics.Schedule.rate(Duration.minutes(5)),
             test=synthetics.Test.custom(
@@ -3882,9 +4030,7 @@ class Test(metaclass=jsii.JSIIMeta, jsii_type="aws-cdk-lib.aws_synthetics.Test")
                 handler="index.handler"
             ),
             runtime=synthetics.Runtime.SYNTHETICS_NODEJS_PUPPETEER_6_2,
-            environment_variables={
-                "stage": "prod"
-            }
+            memory=cdk.Size.mebibytes(1024)
         )
     '''
 
@@ -4072,17 +4218,20 @@ def _typecheckingstub__b3b6d76e5f93e31884e16cc00a9b4fc93e6782ff7db09c74aa1ef9346
     *,
     runtime: Runtime,
     test: Test,
+    active_tracing: typing.Optional[builtins.bool] = None,
     artifacts_bucket_lifecycle_rules: typing.Optional[typing.Sequence[typing.Union[_LifecycleRule_bb74e6ff, typing.Dict[builtins.str, typing.Any]]]] = None,
     artifacts_bucket_location: typing.Optional[typing.Union[ArtifactsBucketLocation, typing.Dict[builtins.str, typing.Any]]] = None,
     canary_name: typing.Optional[builtins.str] = None,
     cleanup: typing.Optional[Cleanup] = None,
     environment_variables: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
     failure_retention_period: typing.Optional[_Duration_4839e8c3] = None,
+    memory: typing.Optional[_Size_7b441c34] = None,
     role: typing.Optional[_IRole_235f5d8e] = None,
     schedule: typing.Optional[Schedule] = None,
     security_groups: typing.Optional[typing.Sequence[_ISecurityGroup_acf8a799]] = None,
     start_after_creation: typing.Optional[builtins.bool] = None,
     success_retention_period: typing.Optional[_Duration_4839e8c3] = None,
+    timeout: typing.Optional[_Duration_4839e8c3] = None,
     time_to_live: typing.Optional[_Duration_4839e8c3] = None,
     vpc: typing.Optional[_IVpc_f30d5663] = None,
     vpc_subnets: typing.Optional[typing.Union[_SubnetSelection_e57d76df, typing.Dict[builtins.str, typing.Any]]] = None,
@@ -4094,17 +4243,20 @@ def _typecheckingstub__44ec0b14d52b66927d4daebe6f97bb070f3629bb0eb86e21668ca7862
     *,
     runtime: Runtime,
     test: Test,
+    active_tracing: typing.Optional[builtins.bool] = None,
     artifacts_bucket_lifecycle_rules: typing.Optional[typing.Sequence[typing.Union[_LifecycleRule_bb74e6ff, typing.Dict[builtins.str, typing.Any]]]] = None,
     artifacts_bucket_location: typing.Optional[typing.Union[ArtifactsBucketLocation, typing.Dict[builtins.str, typing.Any]]] = None,
     canary_name: typing.Optional[builtins.str] = None,
     cleanup: typing.Optional[Cleanup] = None,
     environment_variables: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
     failure_retention_period: typing.Optional[_Duration_4839e8c3] = None,
+    memory: typing.Optional[_Size_7b441c34] = None,
     role: typing.Optional[_IRole_235f5d8e] = None,
     schedule: typing.Optional[Schedule] = None,
     security_groups: typing.Optional[typing.Sequence[_ISecurityGroup_acf8a799]] = None,
     start_after_creation: typing.Optional[builtins.bool] = None,
     success_retention_period: typing.Optional[_Duration_4839e8c3] = None,
+    timeout: typing.Optional[_Duration_4839e8c3] = None,
     time_to_live: typing.Optional[_Duration_4839e8c3] = None,
     vpc: typing.Optional[_IVpc_f30d5663] = None,
     vpc_subnets: typing.Optional[typing.Union[_SubnetSelection_e57d76df, typing.Dict[builtins.str, typing.Any]]] = None,

aws_cdk/custom_resources/__init__.py

@@ -158,7 +158,7 @@ The return value from `onEvent` must be a JSON object with the following fields:
 | -------------------- | ------- | -------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | `PhysicalResourceId` | String  | No       | The allocated/assigned physical ID of the resource. If omitted for `Create` events, the event's `RequestId` will be used. For `Update`, the current physical ID will be used. If a different value is returned, CloudFormation will follow with a subsequent `Delete` for the previous ID (resource replacement). For `Delete`, it will always return the current physical resource ID, and if the user returns a different one, an error will occur. |
 | `Data`               | JSON    | No       | Resource attributes, which can later be retrieved through `Fn::GetAtt` on the custom resource object.                                                                                                                                                                                                                                                                                                                                                 |
-| `NoEcho`             | Boolean | No       | Whether to mask the output of the custom resource when retrieved by using the `Fn::GetAtt` function.                                                                                                                                                                                                                                                                                                                                                  |
+| `NoEcho`             | Boolean | No       | Whether to mask the output of the custom resource when retrieved by using the `Fn::GetAtt` function and to mask the `Data` values.                                                                                                                                                                                                                                                                                                                                                 |
 | *any*                | *any*   | No       | Any other field included in the response will be passed through to `isComplete`. This can sometimes be useful to pass state between the handlers.                                                                                                                                                                                                                                                                                                     |
 
 ### Asynchronous Providers: isComplete
@@ -215,6 +215,48 @@ must return this name in `PhysicalResourceId` and make sure to handle
 replacement properly. The `S3File` example demonstrates this
 through the `objectKey` property.
 
+### Masking the output of log statements
+
+When using the Provider framework to create a custom resource, the request and response
+objects are logged by the provider function.If secret values are returned in the custom
+resource's Data object, it would be logged and exposed which possesses security threats.
+
+To mask the output of log statements, you can utilize the `NoEcho` field in the custom
+resource handler's response.
+
+```python
+# Create custom resource handler entrypoint
+handler = lambda_.Function(self, "my-handler",
+    runtime=lambda_.Runtime.NODEJS_20_X,
+    handler="index.handler",
+    code=lambda_.Code.from_inline("""
+          exports.handler = async (event, context) => {
+            return {
+              PhysicalResourceId: '1234',
+              NoEcho: true,
+              Data: {
+                mySecret: 'secret-value',
+                hello: 'world',
+                ghToken: 'gho_xxxxxxx',
+              },
+            };
+          };""")
+)
+
+# Provision a custom resource provider framework
+provider = cr.Provider(self, "my-provider",
+    on_event_handler=handler
+)
+
+CustomResource(self, "my-cr",
+    service_token=provider.service_token
+)
+```
+
+When `NoEcho` field is set to `true` in the response of custom resource handler,
+it will automatically mask all values in the `Data` object in the log statements
+to asterisks (*****).
+
 ### When there are errors
 
 As mentioned above, if any of the user handlers fail (i.e. throws an exception)
@@ -2011,18 +2053,31 @@ class Provider(
 
     Example::
 
-        # on_event: lambda.Function
-        # is_complete: lambda.Function
-        # my_role: iam.Role
+        # Create custom resource handler entrypoint
+        handler = lambda_.Function(self, "my-handler",
+            runtime=lambda_.Runtime.NODEJS_20_X,
+            handler="index.handler",
+            code=lambda_.Code.from_inline("""
+                  exports.handler = async (event, context) => {
+                    return {
+                      PhysicalResourceId: '1234',
+                      NoEcho: true,
+                      Data: {
+                        mySecret: 'secret-value',
+                        hello: 'world',
+                        ghToken: 'gho_xxxxxxx',
+                      },
+                    };
+                  };""")
+        )
         
-        my_provider = cr.Provider(self, "MyProvider",
-            on_event_handler=on_event,
-            is_complete_handler=is_complete,
-            log_group=logs.LogGroup(self, "MyProviderLogs",
-                retention=logs.RetentionDays.ONE_DAY
-            ),
-            role=my_role,
-            provider_function_name="the-lambda-name"
+        # Provision a custom resource provider framework
+        provider = cr.Provider(self, "my-provider",
+            on_event_handler=handler
+        )
+        
+        CustomResource(self, "my-cr",
+            service_token=provider.service_token
         )
     '''
 
@@ -2166,18 +2221,31 @@ class ProviderProps:
 
         Example::
 
-            # on_event: lambda.Function
-            # is_complete: lambda.Function
-            # my_role: iam.Role
+            # Create custom resource handler entrypoint
+            handler = lambda_.Function(self, "my-handler",
+                runtime=lambda_.Runtime.NODEJS_20_X,
+                handler="index.handler",
+                code=lambda_.Code.from_inline("""
+                      exports.handler = async (event, context) => {
+                        return {
+                          PhysicalResourceId: '1234',
+                          NoEcho: true,
+                          Data: {
+                            mySecret: 'secret-value',
+                            hello: 'world',
+                            ghToken: 'gho_xxxxxxx',
+                          },
+                        };
+                      };""")
+            )
+            
+            # Provision a custom resource provider framework
+            provider = cr.Provider(self, "my-provider",
+                on_event_handler=handler
+            )
             
-            my_provider = cr.Provider(self, "MyProvider",
-                on_event_handler=on_event,
-                is_complete_handler=is_complete,
-                log_group=logs.LogGroup(self, "MyProviderLogs",
-                    retention=logs.RetentionDays.ONE_DAY
-                ),
-                role=my_role,
-                provider_function_name="the-lambda-name"
+            CustomResource(self, "my-cr",
+                service_token=provider.service_token
             )
         '''
         if isinstance(vpc_subnets, dict):