aws-cdk-lib 2.164.1__py3-none-any.whl → 2.166.0__py3-none-any.whl

aws_cdk/aws_ecs/__init__.py

@@ -6200,7 +6200,7 @@ class CfnCapacityProvider(
 
             :param instance_warmup_period: The period of time, in seconds, after a newly launched Amazon EC2 instance can contribute to CloudWatch metrics for Auto Scaling group. If this parameter is omitted, the default value of ``300`` seconds is used.
             :param maximum_scaling_step_size: The maximum number of Amazon EC2 instances that Amazon ECS will scale out at one time. If this parameter is omitted, the default value of ``10000`` is used.
-            :param minimum_scaling_step_size: The minimum number of Amazon EC2 instances that Amazon ECS will scale out at one time. The scale in process is not affected by this parameter If this parameter is omitted, the default value of ``1`` is used. When additional capacity is required, Amazon ECS will scale up the minimum scaling step size even if the actual demand is less than the minimum scaling step size. If you use a capacity provider with an Auto Scaling group configured with more than one Amazon EC2 instance type or Availability Zone, Amazon ECS will scale up by the exact minimum scaling step size value and will ignore both the maximum scaling step size as well as the capacity demand.
+            :param minimum_scaling_step_size: The minimum number of Amazon EC2 instances that Amazon ECS will scale out at one time. If this parameter is omitted, the default value of ``1`` is used. When additional capacity is required, Amazon ECS will scale up the minimum scaling step size even if the actual demand is less than the minimum scaling step size. If you use a capacity provider with an Auto Scaling group configured with more than one Amazon EC2 instance type or Availability Zone, Amazon ECS will scale up by the exact minimum scaling step size value and will ignore both the maximum scaling step size as well as the capacity demand.
             :param status: Determines whether to use managed scaling for the capacity provider.
             :param target_capacity: The target capacity utilization as a percentage for the capacity provider. The specified value must be greater than ``0`` and less than or equal to ``100`` . For example, if you want the capacity provider to maintain 10% spare capacity, then that means the utilization is 90%, so use a ``targetCapacity`` of ``90`` . The default value of ``100`` percent results in the Amazon EC2 instances in your Auto Scaling group being completely used.
 
@@ -6266,7 +6266,7 @@ class CfnCapacityProvider(
         def minimum_scaling_step_size(self) -> typing.Optional[jsii.Number]:
             '''The minimum number of Amazon EC2 instances that Amazon ECS will scale out at one time.
 
-            The scale in process is not affected by this parameter If this parameter is omitted, the default value of ``1`` is used.
+            If this parameter is omitted, the default value of ``1`` is used.
 
             When additional capacity is required, Amazon ECS will scale up the minimum scaling step size even if the actual demand is less than the minimum scaling step size.
 
@@ -8323,7 +8323,7 @@ class CfnService(
         :param id: Construct identifier for this resource (unique in its scope).
         :param capacity_provider_strategy: The capacity provider strategy to use for the service. If a ``capacityProviderStrategy`` is specified, the ``launchType`` parameter must be omitted. If no ``capacityProviderStrategy`` or ``launchType`` is specified, the ``defaultCapacityProviderStrategy`` for the cluster is used. A capacity provider strategy may contain a maximum of 6 capacity providers.
         :param cluster: The short name or full Amazon Resource Name (ARN) of the cluster that you run your service on. If you do not specify a cluster, the default cluster is assumed.
-        :param deployment_configuration: Optional deployment parameters that control how many tasks run during the deployment and the ordering of stopping and starting tasks.
+        :param deployment_configuration: Optional deployment parameters that control how many tasks run during the deployment and the failure detection methods.
         :param deployment_controller: The deployment controller to use for the service. If no deployment controller is specified, the default value of ``ECS`` is used.
         :param desired_count: The number of instantiations of the specified task definition to place and keep running in your service. For new services, if a desired count is not specified, a default value of ``1`` is used. When using the ``DAEMON`` scheduling strategy, the desired count is not required. For existing services, if a desired count is not specified, it is omitted from the operation.
         :param enable_ecs_managed_tags: Specifies whether to turn on Amazon ECS managed tags for the tasks within the service. For more information, see `Tagging your Amazon ECS resources <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-using-tags.html>`_ in the *Amazon Elastic Container Service Developer Guide* . When you use Amazon ECS managed tags, you need to set the ``propagateTags`` request parameter.
@@ -8472,7 +8472,7 @@ class CfnService(
     def deployment_configuration(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnService.DeploymentConfigurationProperty"]]:
-        '''Optional deployment parameters that control how many tasks run during the deployment and the ordering of stopping and starting tasks.'''
+        '''Optional deployment parameters that control how many tasks run during the deployment and the failure detection methods.'''
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnService.DeploymentConfigurationProperty"]], jsii.get(self, "deploymentConfiguration"))
 
     @deployment_configuration.setter
@@ -9210,7 +9210,7 @@ class CfnService(
             maximum_percent: typing.Optional[jsii.Number] = None,
             minimum_healthy_percent: typing.Optional[jsii.Number] = None,
         ) -> None:
-            '''Optional deployment parameters that control how many tasks run during a deployment and the ordering of stopping and starting tasks.
+            '''Optional deployment parameters that control how many tasks run during the deployment and the failure detection methods.
 
             :param alarms: Information about the CloudWatch alarms.
             :param deployment_circuit_breaker: .. epigraph:: The deployment circuit breaker can only be used for services using the rolling update ( ``ECS`` ) deployment type. The *deployment circuit breaker* determines whether a service deployment will fail if the service can't reach a steady state. If you use the deployment circuit breaker, a service deployment will transition to a failed state and stop launching new tasks. If you use the rollback option, when a service deployment fails, the service is rolled back to the last deployment that completed successfully. For more information, see `Rolling update <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-type-ecs.html>`_ in the *Amazon Elastic Container Service Developer Guide*
@@ -9527,7 +9527,7 @@ class CfnService(
 
             :param container_name: The name of the container (as it appears in a container definition) to associate with the load balancer. You need to specify the container name when configuring the target group for an Amazon ECS load balancer.
             :param container_port: The port on the container to associate with the load balancer. This port must correspond to a ``containerPort`` in the task definition the tasks in the service are using. For tasks that use the EC2 launch type, the container instance they're launched on must allow ingress traffic on the ``hostPort`` of the port mapping.
-            :param load_balancer_name: The name of the load balancer to associate with the Amazon ECS service or task set. If you are using an Application Load Balancer or a Network Load Balancer the load balancer name parameter should be omitted.
+            :param load_balancer_name: The name of the load balancer to associate with the service or task set. If you are using an Application Load Balancer or a Network Load Balancer the load balancer name parameter should be omitted.
             :param target_group_arn: The full Amazon Resource Name (ARN) of the Elastic Load Balancing target group or groups associated with a service or task set. A target group ARN is only specified when using an Application Load Balancer or Network Load Balancer. For services using the ``ECS`` deployment controller, you can specify one or multiple target groups. For more information, see `Registering multiple target groups with a service <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/register-multiple-targetgroups.html>`_ in the *Amazon Elastic Container Service Developer Guide* . For services using the ``CODE_DEPLOY`` deployment controller, you're required to define two target groups for the load balancer. For more information, see `Blue/green deployment with CodeDeploy <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-type-bluegreen.html>`_ in the *Amazon Elastic Container Service Developer Guide* . .. epigraph:: If your service's task definition uses the ``awsvpc`` network mode, you must choose ``ip`` as the target type, not ``instance`` . Do this when creating your target groups because tasks that use the ``awsvpc`` network mode are associated with an elastic network interface, not an Amazon EC2 instance. This network mode is required for the Fargate launch type.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-loadbalancer.html
@@ -9586,7 +9586,7 @@ class CfnService(
 
         @builtins.property
         def load_balancer_name(self) -> typing.Optional[builtins.str]:
-            '''The name of the load balancer to associate with the Amazon ECS service or task set.
+            '''The name of the load balancer to associate with the service or task set.
 
             If you are using an Application Load Balancer or a Network Load Balancer the load balancer name parameter should be omitted.
 
@@ -10765,13 +10765,13 @@ class CfnService(
         ) -> None:
             '''The configuration for the Amazon EBS volume that Amazon ECS creates and manages on your behalf.
 
-            These settings are used to create each Amazon EBS volume, with one volume created for each task in the service.
+            These settings are used to create each Amazon EBS volume, with one volume created for each task in the service. For information about the supported launch types and operating systems, see `Supported operating systems and launch types <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ebs-volumes.html#ebs-volumes-configuration>`_ in the *Amazon Elastic Container Service Developer Guide* .
 
             Many of these parameters map 1:1 with the Amazon EBS ``CreateVolume`` API request parameters.
 
             :param role_arn: The ARN of the IAM role to associate with this volume. This is the Amazon ECS infrastructure IAM role that is used to manage your AWS infrastructure. We recommend using the Amazon ECS-managed ``AmazonECSInfrastructureRolePolicyForVolumes`` IAM policy with this role. For more information, see `Amazon ECS infrastructure IAM role <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/infrastructure_IAM_role.html>`_ in the *Amazon ECS Developer Guide* .
             :param encrypted: Indicates whether the volume should be encrypted. If no value is specified, encryption is turned on by default. This parameter maps 1:1 with the ``Encrypted`` parameter of the `CreateVolume API <https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVolume.html>`_ in the *Amazon EC2 API Reference* .
-            :param filesystem_type: The Linux filesystem type for the volume. For volumes created from a snapshot, you must specify the same filesystem type that the volume was using when the snapshot was created. If there is a filesystem type mismatch, the task will fail to start. The available filesystem types are ``ext3`` , ``ext4`` , and ``xfs`` . If no value is specified, the ``xfs`` filesystem type is used by default.
+            :param filesystem_type: The filesystem type for the volume. For volumes created from a snapshot, you must specify the same filesystem type that the volume was using when the snapshot was created. If there is a filesystem type mismatch, the task will fail to start. The available Linux filesystem types are ``ext3`` , ``ext4`` , and ``xfs`` . If no value is specified, the ``xfs`` filesystem type is used by default. The available Windows filesystem types are ``NTFS`` .
             :param iops: The number of I/O operations per second (IOPS). For ``gp3`` , ``io1`` , and ``io2`` volumes, this represents the number of IOPS that are provisioned for the volume. For ``gp2`` volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting. The following are the supported values for each volume type. - ``gp3`` : 3,000 - 16,000 IOPS - ``io1`` : 100 - 64,000 IOPS - ``io2`` : 100 - 256,000 IOPS This parameter is required for ``io1`` and ``io2`` volume types. The default for ``gp3`` volumes is ``3,000 IOPS`` . This parameter is not supported for ``st1`` , ``sc1`` , or ``standard`` volume types. This parameter maps 1:1 with the ``Iops`` parameter of the `CreateVolume API <https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVolume.html>`_ in the *Amazon EC2 API Reference* .
             :param kms_key_id: The Amazon Resource Name (ARN) identifier of the AWS Key Management Service key to use for Amazon EBS encryption. When encryption is turned on and no AWS Key Management Service key is specified, the default AWS managed key for Amazon EBS volumes is used. This parameter maps 1:1 with the ``KmsKeyId`` parameter of the `CreateVolume API <https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVolume.html>`_ in the *Amazon EC2 API Reference* . .. epigraph:: AWS authenticates the AWS Key Management Service key asynchronously. Therefore, if you specify an ID, alias, or ARN that is invalid, the action can appear to complete, but eventually fails.
             :param size_in_gib: The size of the volume in GiB. You must specify either a volume size or a snapshot ID. If you specify a snapshot ID, the snapshot size is used for the volume size by default. You can optionally specify a volume size greater than or equal to the snapshot size. This parameter maps 1:1 with the ``Size`` parameter of the `CreateVolume API <https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVolume.html>`_ in the *Amazon EC2 API Reference* . The following are the supported volume size values for each volume type. - ``gp2`` and ``gp3`` : 1-16,384 - ``io1`` and ``io2`` : 4-16,384 - ``st1`` and ``sc1`` : 125-16,384 - ``standard`` : 1-1,024
@@ -10874,11 +10874,13 @@ class CfnService(
 
         @builtins.property
         def filesystem_type(self) -> typing.Optional[builtins.str]:
-            '''The Linux filesystem type for the volume.
+            '''The filesystem type for the volume.
 
             For volumes created from a snapshot, you must specify the same filesystem type that the volume was using when the snapshot was created. If there is a filesystem type mismatch, the task will fail to start.
 
-            The available filesystem types are ``ext3`` , ``ext4`` , and ``xfs`` . If no value is specified, the ``xfs`` filesystem type is used by default.
+            The available Linux filesystem types are ``ext3`` , ``ext4`` , and ``xfs`` . If no value is specified, the ``xfs`` filesystem type is used by default.
+
+            The available Windows filesystem types are ``NTFS`` .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-servicemanagedebsvolumeconfiguration.html#cfn-ecs-service-servicemanagedebsvolumeconfiguration-filesystemtype
             '''
@@ -11377,7 +11379,7 @@ class CfnServiceProps:
 
         :param capacity_provider_strategy: The capacity provider strategy to use for the service. If a ``capacityProviderStrategy`` is specified, the ``launchType`` parameter must be omitted. If no ``capacityProviderStrategy`` or ``launchType`` is specified, the ``defaultCapacityProviderStrategy`` for the cluster is used. A capacity provider strategy may contain a maximum of 6 capacity providers.
         :param cluster: The short name or full Amazon Resource Name (ARN) of the cluster that you run your service on. If you do not specify a cluster, the default cluster is assumed.
-        :param deployment_configuration: Optional deployment parameters that control how many tasks run during the deployment and the ordering of stopping and starting tasks.
+        :param deployment_configuration: Optional deployment parameters that control how many tasks run during the deployment and the failure detection methods.
         :param deployment_controller: The deployment controller to use for the service. If no deployment controller is specified, the default value of ``ECS`` is used.
         :param desired_count: The number of instantiations of the specified task definition to place and keep running in your service. For new services, if a desired count is not specified, a default value of ``1`` is used. When using the ``DAEMON`` scheduling strategy, the desired count is not required. For existing services, if a desired count is not specified, it is omitted from the operation.
         :param enable_ecs_managed_tags: Specifies whether to turn on Amazon ECS managed tags for the tasks within the service. For more information, see `Tagging your Amazon ECS resources <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-using-tags.html>`_ in the *Amazon Elastic Container Service Developer Guide* . When you use Amazon ECS managed tags, you need to set the ``propagateTags`` request parameter.
@@ -11652,7 +11654,7 @@ class CfnServiceProps:
     def deployment_configuration(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnService.DeploymentConfigurationProperty]]:
-        '''Optional deployment parameters that control how many tasks run during the deployment and the ordering of stopping and starting tasks.
+        '''Optional deployment parameters that control how many tasks run during the deployment and the failure detection methods.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-deploymentconfiguration
         '''
@@ -12235,10 +12237,10 @@ class CfnTaskDefinition(
         :param execution_role_arn: The Amazon Resource Name (ARN) of the task execution role that grants the Amazon ECS container agent permission to make AWS API calls on your behalf. For informationabout the required IAM roles for Amazon ECS, see `IAM roles for Amazon ECS <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/security-ecs-iam-role-overview.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
         :param family: The name of a family that this task definition is registered to. Up to 255 letters (uppercase and lowercase), numbers, hyphens, and underscores are allowed. A family groups multiple versions of a task definition. Amazon ECS gives the first task definition that you registered to a family a revision number of 1. Amazon ECS gives sequential revision numbers to each task definition that you add. .. epigraph:: To use revision numbers when you update a task definition, specify this property. If you don't specify a value, AWS CloudFormation generates a new task definition each time that you update it.
         :param inference_accelerators: The Elastic Inference accelerators to use for the containers in the task.
-        :param ipc_mode: The IPC resource namespace to use for the containers in the task. The valid values are ``host`` , ``task`` , or ``none`` . If ``host`` is specified, then all containers within the tasks that specified the ``host`` IPC mode on the same container instance share the same IPC resources with the host Amazon EC2 instance. If ``task`` is specified, all containers within the specified task share the same IPC resources. If ``none`` is specified, then IPC resources within the containers of a task are private and not shared with other containers in a task or on the container instance. If no value is specified, then the IPC resource namespace sharing depends on the Docker daemon setting on the container instance. If the ``host`` IPC mode is used, be aware that there is a heightened risk of undesired IPC namespace expose. If you are setting namespaced kernel parameters using ``systemControls`` for the containers in the task, the following will apply to your IPC resource namespace. For more information, see `System Controls <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html>`_ in the *Amazon Elastic Container Service Developer Guide* . - For tasks that use the ``host`` IPC mode, IPC namespace related ``systemControls`` are not supported. - For tasks that use the ``task`` IPC mode, IPC namespace related ``systemControls`` will apply to all containers within a task. .. epigraph:: This parameter is not supported for Windows containers or tasks run on AWS Fargate .
+        :param ipc_mode: The IPC resource namespace to use for the containers in the task. The valid values are ``host`` , ``task`` , or ``none`` . If ``host`` is specified, then all containers within the tasks that specified the ``host`` IPC mode on the same container instance share the same IPC resources with the host Amazon EC2 instance. If ``task`` is specified, all containers within the specified task share the same IPC resources. If ``none`` is specified, then IPC resources within the containers of a task are private and not shared with other containers in a task or on the container instance. If no value is specified, then the IPC resource namespace sharing depends on the Docker daemon setting on the container instance. For more information, see `IPC settings <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#ipc-settings---ipc>`_ in the *Docker run reference* . If the ``host`` IPC mode is used, be aware that there is a heightened risk of undesired IPC namespace expose. For more information, see `Docker security <https://docs.aws.amazon.com/https://docs.docker.com/engine/security/security/>`_ . If you are setting namespaced kernel parameters using ``systemControls`` for the containers in the task, the following will apply to your IPC resource namespace. For more information, see `System Controls <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html>`_ in the *Amazon Elastic Container Service Developer Guide* . - For tasks that use the ``host`` IPC mode, IPC namespace related ``systemControls`` are not supported. - For tasks that use the ``task`` IPC mode, IPC namespace related ``systemControls`` will apply to all containers within a task. .. epigraph:: This parameter is not supported for Windows containers or tasks run on AWS Fargate .
         :param memory: The amount (in MiB) of memory used by the task. If your tasks runs on Amazon EC2 instances, you must specify either a task-level memory value or a container-level memory value. This field is optional and any value can be used. If a task-level memory value is specified, the container-level memory value is optional. For more information regarding container-level memory and memory reservation, see `ContainerDefinition <https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ContainerDefinition.html>`_ . If your tasks runs on AWS Fargate , this field is required. You must use one of the following values. The value you choose determines your range of valid values for the ``cpu`` parameter. - 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB) - Available ``cpu`` values: 256 (.25 vCPU) - 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB) - Available ``cpu`` values: 512 (.5 vCPU) - 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) - Available ``cpu`` values: 1024 (1 vCPU) - Between 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) - Available ``cpu`` values: 2048 (2 vCPU) - Between 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) - Available ``cpu`` values: 4096 (4 vCPU) - Between 16 GB and 60 GB in 4 GB increments - Available ``cpu`` values: 8192 (8 vCPU) This option requires Linux platform ``1.4.0`` or later. - Between 32GB and 120 GB in 8 GB increments - Available ``cpu`` values: 16384 (16 vCPU) This option requires Linux platform ``1.4.0`` or later.
-        :param network_mode: The Docker networking mode to use for the containers in the task. The valid values are ``none`` , ``bridge`` , ``awsvpc`` , and ``host`` . If no network mode is specified, the default is ``bridge`` . For Amazon ECS tasks on Fargate, the ``awsvpc`` network mode is required. For Amazon ECS tasks on Amazon EC2 Linux instances, any network mode can be used. For Amazon ECS tasks on Amazon EC2 Windows instances, ``<default>`` or ``awsvpc`` can be used. If the network mode is set to ``none`` , you cannot specify port mappings in your container definitions, and the tasks containers do not have external connectivity. The ``host`` and ``awsvpc`` network modes offer the highest networking performance for containers because they use the EC2 network stack instead of the virtualized network stack provided by the ``bridge`` mode. With the ``host`` and ``awsvpc`` network modes, exposed container ports are mapped directly to the corresponding host port (for the ``host`` network mode) or the attached elastic network interface port (for the ``awsvpc`` network mode), so you cannot take advantage of dynamic host port mappings. .. epigraph:: When using the ``host`` network mode, you should not run containers using the root user (UID 0). It is considered best practice to use a non-root user. If the network mode is ``awsvpc`` , the task is allocated an elastic network interface, and you must specify a `NetworkConfiguration <https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_NetworkConfiguration.html>`_ value when you create a service or run a task with the task definition. For more information, see `Task Networking <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html>`_ in the *Amazon Elastic Container Service Developer Guide* . If the network mode is ``host`` , you cannot run multiple instantiations of the same task on a single container instance when port mappings are used.
-        :param pid_mode: The process namespace to use for the containers in the task. The valid values are ``host`` or ``task`` . On Fargate for Linux containers, the only valid value is ``task`` . For example, monitoring sidecars might need ``pidMode`` to access information about other containers running in the same task. If ``host`` is specified, all containers within the tasks that specified the ``host`` PID mode on the same container instance share the same process namespace with the host Amazon EC2 instance. If ``task`` is specified, all containers within the specified task share the same process namespace. If no value is specified, the default is a private namespace for each container. If the ``host`` PID mode is used, there's a heightened risk of undesired process namespace exposure. .. epigraph:: This parameter is not supported for Windows containers. > This parameter is only supported for tasks that are hosted on AWS Fargate if the tasks are using platform version ``1.4.0`` or later (Linux). This isn't supported for Windows containers on Fargate.
+        :param network_mode: The Docker networking mode to use for the containers in the task. The valid values are ``none`` , ``bridge`` , ``awsvpc`` , and ``host`` . If no network mode is specified, the default is ``bridge`` . For Amazon ECS tasks on Fargate, the ``awsvpc`` network mode is required. For Amazon ECS tasks on Amazon EC2 Linux instances, any network mode can be used. For Amazon ECS tasks on Amazon EC2 Windows instances, ``<default>`` or ``awsvpc`` can be used. If the network mode is set to ``none`` , you cannot specify port mappings in your container definitions, and the tasks containers do not have external connectivity. The ``host`` and ``awsvpc`` network modes offer the highest networking performance for containers because they use the EC2 network stack instead of the virtualized network stack provided by the ``bridge`` mode. With the ``host`` and ``awsvpc`` network modes, exposed container ports are mapped directly to the corresponding host port (for the ``host`` network mode) or the attached elastic network interface port (for the ``awsvpc`` network mode), so you cannot take advantage of dynamic host port mappings. .. epigraph:: When using the ``host`` network mode, you should not run containers using the root user (UID 0). It is considered best practice to use a non-root user. If the network mode is ``awsvpc`` , the task is allocated an elastic network interface, and you must specify a ``NetworkConfiguration`` value when you create a service or run a task with the task definition. For more information, see `Task Networking <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html>`_ in the *Amazon Elastic Container Service Developer Guide* . If the network mode is ``host`` , you cannot run multiple instantiations of the same task on a single container instance when port mappings are used. For more information, see `Network settings <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#network-settings>`_ in the *Docker run reference* .
+        :param pid_mode: The process namespace to use for the containers in the task. The valid values are ``host`` or ``task`` . On Fargate for Linux containers, the only valid value is ``task`` . For example, monitoring sidecars might need ``pidMode`` to access information about other containers running in the same task. If ``host`` is specified, all containers within the tasks that specified the ``host`` PID mode on the same container instance share the same process namespace with the host Amazon EC2 instance. If ``task`` is specified, all containers within the specified task share the same process namespace. If no value is specified, the default is a private namespace for each container. For more information, see `PID settings <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#pid-settings---pid>`_ in the *Docker run reference* . If the ``host`` PID mode is used, there's a heightened risk of undesired process namespace exposure. For more information, see `Docker security <https://docs.aws.amazon.com/https://docs.docker.com/engine/security/security/>`_ . .. epigraph:: This parameter is not supported for Windows containers. > This parameter is only supported for tasks that are hosted on AWS Fargate if the tasks are using platform version ``1.4.0`` or later (Linux). This isn't supported for Windows containers on Fargate.
         :param placement_constraints: An array of placement constraint objects to use for tasks. .. epigraph:: This parameter isn't supported for tasks run on AWS Fargate .
         :param proxy_configuration: The configuration details for the App Mesh proxy. Your Amazon ECS container instances require at least version 1.26.0 of the container agent and at least version 1.26.0-1 of the ``ecs-init`` package to use a proxy configuration. If your container instances are launched from the Amazon ECS optimized AMI version ``20190301`` or later, they contain the required versions of the container agent and ``ecs-init`` . For more information, see `Amazon ECS-optimized Linux AMI <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
         :param requires_compatibilities: The task launch types the task definition was validated against. The valid values are ``EC2`` , ``FARGATE`` , and ``EXTERNAL`` . For more information, see `Amazon ECS launch types <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
@@ -14656,7 +14658,7 @@ class CfnTaskDefinition(
             - Container health checks are supported for Fargate tasks if you are using platform version 1.1.0 or greater. For more information, see `AWS Fargate Platform Versions <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html>`_ .
             - Container health checks are not supported for tasks that are part of a service that is configured to use a Classic Load Balancer.
 
-            :param command: A string array representing the command that the container runs to determine if it is healthy. The string array must start with ``CMD`` to run the command arguments directly, or ``CMD-SHELL`` to run the command with the container's default shell. When you use the AWS Management Console JSON panel, the AWS Command Line Interface , or the APIs, enclose the list of commands in double quotes and brackets. ``[ "CMD-SHELL", "curl -f http://localhost/ || exit 1" ]`` You don't include the double quotes and brackets when you use the AWS Management Console. ``CMD-SHELL, curl -f http://localhost/ || exit 1`` An exit code of 0 indicates success, and non-zero exit code indicates failure. For more information, see ``HealthCheck`` in the docker container create command
+            :param command: A string array representing the command that the container runs to determine if it is healthy. The string array must start with ``CMD`` to run the command arguments directly, or ``CMD-SHELL`` to run the command with the container's default shell. When you use the AWS Management Console JSON panel, the AWS Command Line Interface , or the APIs, enclose the list of commands in double quotes and brackets. ``[ "CMD-SHELL", "curl -f http://localhost/ || exit 1" ]`` You don't include the double quotes and brackets when you use the AWS Management Console. ``CMD-SHELL, curl -f http://localhost/ || exit 1`` An exit code of 0 indicates success, and non-zero exit code indicates failure. For more information, see ``HealthCheck`` in the docker container create command.
             :param interval: The time period in seconds between each health check execution. You may specify between 5 and 300 seconds. The default value is 30 seconds.
             :param retries: The number of times to retry a failed health check before the container is considered unhealthy. You may specify between 1 and 10 retries. The default value is 3.
             :param start_period: The optional grace period to provide containers time to bootstrap before failed health checks count towards the maximum number of retries. You can specify between 0 and 300 seconds. By default, the ``startPeriod`` is off. .. epigraph:: If a health check succeeds within the ``startPeriod`` , then the container is considered healthy and any subsequent failures count toward the maximum number of retries.
@@ -14712,7 +14714,7 @@ class CfnTaskDefinition(
 
             ``CMD-SHELL, curl -f http://localhost/ || exit 1``
 
-            An exit code of 0 indicates success, and non-zero exit code indicates failure. For more information, see ``HealthCheck`` in the docker container create command
+            An exit code of 0 indicates success, and non-zero exit code indicates failure. For more information, see ``HealthCheck`` in the docker container create command.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-healthcheck.html#cfn-ecs-taskdefinition-healthcheck-command
             '''
@@ -15672,7 +15674,7 @@ class CfnTaskDefinition(
             After a task reaches the ``RUNNING`` status, manual and automatic host and container port assignments are visible in the ``networkBindings`` section of `DescribeTasks <https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_DescribeTasks.html>`_ API responses.
 
             :param app_protocol: The application protocol that's used for the port mapping. This parameter only applies to Service Connect. We recommend that you set this parameter to be consistent with the protocol that your application uses. If you set this parameter, Amazon ECS adds protocol-specific connection handling to the Service Connect proxy. If you set this parameter, Amazon ECS adds protocol-specific telemetry in the Amazon ECS console and CloudWatch. If you don't set a value for this parameter, then TCP is used. However, Amazon ECS doesn't add protocol-specific telemetry for TCP. ``appProtocol`` is immutable in a Service Connect service. Updating this field requires a service deletion and redeployment. Tasks that run in a namespace can use short names to connect to services in the namespace. Tasks can connect to services across all of the clusters in the namespace. Tasks connect through a managed proxy container that collects logs and metrics for increased visibility. Only the tasks that Amazon ECS services create are supported with Service Connect. For more information, see `Service Connect <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
-            :param container_port: The port number on the container that's bound to the user-specified or automatically assigned host port. If you use containers in a task with the ``awsvpc`` or ``host`` network mode, specify the exposed ports using ``containerPort`` . If you use containers in a task with the ``bridge`` network mode and you specify a container port and not a host port, your container automatically receives a host port in the ephemeral port range. For more information, see ``hostPort`` . Port mappings that are automatically assigned in this way do not count toward the 100 reserved ports limit of a container instance.
+            :param container_port: The port number on the container that's bound to the user-specified or automatically assigned host port. For tasks that use the Fargate launch type or EC2 tasks that use the ``awsvpc`` network mode, you use ``containerPort`` to specify the exposed ports. For Windows containers on Fargate, you can't use port 3150 for the ``containerPort`` . This is because it's reserved. Suppose that you're using containers in a task with the EC2 launch type and you specify a container port and not a host port. Then, your container automatically receives a host port in the ephemeral port range. For more information, see ``hostPort`` . Port mappings that are automatically assigned in this way don't count toward the 100 reserved ports quota of a container instance.
             :param container_port_range: The port number range on the container that's bound to the dynamically mapped host port range. The following rules apply when you specify a ``containerPortRange`` : - You must use either the ``bridge`` network mode or the ``awsvpc`` network mode. - This parameter is available for both the EC2 and AWS Fargate launch types. - This parameter is available for both the Linux and Windows operating systems. - The container instance must have at least version 1.67.0 of the container agent and at least version 1.67.0-1 of the ``ecs-init`` package - You can specify a maximum of 100 port ranges per container. - You do not specify a ``hostPortRange`` . The value of the ``hostPortRange`` is set as follows: - For containers in a task with the ``awsvpc`` network mode, the ``hostPortRange`` is set to the same value as the ``containerPortRange`` . This is a static mapping strategy. - For containers in a task with the ``bridge`` network mode, the Amazon ECS agent finds open host ports from the default ephemeral range and passes it to docker to bind them to the container ports. - The ``containerPortRange`` valid values are between 1 and 65535. - A port can only be included in one port mapping per container. - You cannot specify overlapping port ranges. - The first port in the range must be less than last port in the range. - Docker recommends that you turn off the docker-proxy in the Docker daemon config file when you have a large number of ports. For more information, see `Issue #11185 <https://docs.aws.amazon.com/https://github.com/moby/moby/issues/11185>`_ on the Github website. For information about how to turn off the docker-proxy in the Docker daemon config file, see `Docker daemon <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/bootstrap_container_instance.html#bootstrap_docker_daemon>`_ in the *Amazon ECS Developer Guide* . You can call ```DescribeTasks`` <https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_DescribeTasks.html>`_ to view the ``hostPortRange`` which are the host ports that are bound to the container ports.
             :param host_port: The port number on the container instance to reserve for your container. If you specify a ``containerPortRange`` , leave this field empty and the value of the ``hostPort`` is set as follows: - For containers in a task with the ``awsvpc`` network mode, the ``hostPort`` is set to the same value as the ``containerPort`` . This is a static mapping strategy. - For containers in a task with the ``bridge`` network mode, the Amazon ECS agent finds open ports on the host and automatically binds them to the container ports. This is a dynamic mapping strategy. If you use containers in a task with the ``awsvpc`` or ``host`` network mode, the ``hostPort`` can either be left blank or set to the same value as the ``containerPort`` . If you use containers in a task with the ``bridge`` network mode, you can specify a non-reserved host port for your container port mapping, or you can omit the ``hostPort`` (or set it to ``0`` ) while specifying a ``containerPort`` and your container automatically receives a port in the ephemeral port range for your container instance operating system and Docker version. The default ephemeral port range for Docker version 1.6.0 and later is listed on the instance under ``/proc/sys/net/ipv4/ip_local_port_range`` . If this kernel parameter is unavailable, the default ephemeral port range from 49153 through 65535 (Linux) or 49152 through 65535 (Windows) is used. Do not attempt to specify a host port in the ephemeral port range as these are reserved for automatic assignment. In general, ports below 32768 are outside of the ephemeral port range. The default reserved ports are 22 for SSH, the Docker ports 2375 and 2376, and the Amazon ECS container agent ports 51678-51680. Any host port that was previously specified in a running task is also reserved while the task is running. That is, after a task stops, the host port is released. The current reserved ports are displayed in the ``remainingResources`` of `DescribeContainerInstances <https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_DescribeContainerInstances.html>`_ output. A container instance can have up to 100 reserved ports at a time. This number includes the default reserved ports. Automatically assigned ports aren't included in the 100 reserved ports quota.
             :param name: The name that's used for the port mapping. This parameter only applies to Service Connect. This parameter is the name that you use in the ``serviceConnectConfiguration`` of a service. The name can include up to 64 characters. The characters can include lowercase letters, numbers, underscores (_), and hyphens (-). The name can't start with a hyphen. For more information, see `Service Connect <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
@@ -15739,9 +15741,11 @@ class CfnTaskDefinition(
         def container_port(self) -> typing.Optional[jsii.Number]:
             '''The port number on the container that's bound to the user-specified or automatically assigned host port.
 
-            If you use containers in a task with the ``awsvpc`` or ``host`` network mode, specify the exposed ports using ``containerPort`` .
+            For tasks that use the Fargate launch type or EC2 tasks that use the ``awsvpc`` network mode, you use ``containerPort`` to specify the exposed ports.
+
+            For Windows containers on Fargate, you can't use port 3150 for the ``containerPort`` . This is because it's reserved.
 
-            If you use containers in a task with the ``bridge`` network mode and you specify a container port and not a host port, your container automatically receives a host port in the ephemeral port range. For more information, see ``hostPort`` . Port mappings that are automatically assigned in this way do not count toward the 100 reserved ports limit of a container instance.
+            Suppose that you're using containers in a task with the EC2 launch type and you specify a container port and not a host port. Then, your container automatically receives a host port in the ephemeral port range. For more information, see ``hostPort`` . Port mappings that are automatically assigned in this way don't count toward the 100 reserved ports quota of a container instance.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-portmapping.html#cfn-ecs-taskdefinition-portmapping-containerport
             '''
@@ -16194,8 +16198,8 @@ class CfnTaskDefinition(
 
             For more information about ``RuntimePlatform`` , see `RuntimePlatform <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#runtime-platform>`_ in the *Amazon Elastic Container Service Developer Guide* .
 
-            :param cpu_architecture: The CPU architecture. You can run your Linux tasks on an ARM-based platform by setting the value to ``ARM64`` . This option is available for tasks that run on Linux Amazon EC2 instance or Linux containers on Fargate.
-            :param operating_system_family: The operating system.
+            :param cpu_architecture: The CPU architecture. You can run your Linux tasks on an ARM-based platform by setting the value to ``ARM64`` . This option is available for tasks that run on Linux Amazon EC2 instance or Linux containers on Fargate. The default is ``X86_64`` .
+            :param operating_system_family: The operating system. The default is ``Linux`` .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-runtimeplatform.html
             :exampleMetadata: fixture=_generated
@@ -16227,6 +16231,8 @@ class CfnTaskDefinition(
 
             You can run your Linux tasks on an ARM-based platform by setting the value to ``ARM64`` . This option is available for tasks that run on Linux Amazon EC2 instance or Linux containers on Fargate.
 
+            The default is ``X86_64`` .
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-runtimeplatform.html#cfn-ecs-taskdefinition-runtimeplatform-cpuarchitecture
             '''
             result = self._values.get("cpu_architecture")
@@ -16236,6 +16242,8 @@ class CfnTaskDefinition(
         def operating_system_family(self) -> typing.Optional[builtins.str]:
             '''The operating system.
 
+            The default is ``Linux`` .
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-runtimeplatform.html#cfn-ecs-taskdefinition-runtimeplatform-operatingsystemfamily
             '''
             result = self._values.get("operating_system_family")
@@ -17026,10 +17034,10 @@ class CfnTaskDefinitionProps:
         :param execution_role_arn: The Amazon Resource Name (ARN) of the task execution role that grants the Amazon ECS container agent permission to make AWS API calls on your behalf. For informationabout the required IAM roles for Amazon ECS, see `IAM roles for Amazon ECS <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/security-ecs-iam-role-overview.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
         :param family: The name of a family that this task definition is registered to. Up to 255 letters (uppercase and lowercase), numbers, hyphens, and underscores are allowed. A family groups multiple versions of a task definition. Amazon ECS gives the first task definition that you registered to a family a revision number of 1. Amazon ECS gives sequential revision numbers to each task definition that you add. .. epigraph:: To use revision numbers when you update a task definition, specify this property. If you don't specify a value, AWS CloudFormation generates a new task definition each time that you update it.
         :param inference_accelerators: The Elastic Inference accelerators to use for the containers in the task.
-        :param ipc_mode: The IPC resource namespace to use for the containers in the task. The valid values are ``host`` , ``task`` , or ``none`` . If ``host`` is specified, then all containers within the tasks that specified the ``host`` IPC mode on the same container instance share the same IPC resources with the host Amazon EC2 instance. If ``task`` is specified, all containers within the specified task share the same IPC resources. If ``none`` is specified, then IPC resources within the containers of a task are private and not shared with other containers in a task or on the container instance. If no value is specified, then the IPC resource namespace sharing depends on the Docker daemon setting on the container instance. If the ``host`` IPC mode is used, be aware that there is a heightened risk of undesired IPC namespace expose. If you are setting namespaced kernel parameters using ``systemControls`` for the containers in the task, the following will apply to your IPC resource namespace. For more information, see `System Controls <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html>`_ in the *Amazon Elastic Container Service Developer Guide* . - For tasks that use the ``host`` IPC mode, IPC namespace related ``systemControls`` are not supported. - For tasks that use the ``task`` IPC mode, IPC namespace related ``systemControls`` will apply to all containers within a task. .. epigraph:: This parameter is not supported for Windows containers or tasks run on AWS Fargate .
+        :param ipc_mode: The IPC resource namespace to use for the containers in the task. The valid values are ``host`` , ``task`` , or ``none`` . If ``host`` is specified, then all containers within the tasks that specified the ``host`` IPC mode on the same container instance share the same IPC resources with the host Amazon EC2 instance. If ``task`` is specified, all containers within the specified task share the same IPC resources. If ``none`` is specified, then IPC resources within the containers of a task are private and not shared with other containers in a task or on the container instance. If no value is specified, then the IPC resource namespace sharing depends on the Docker daemon setting on the container instance. For more information, see `IPC settings <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#ipc-settings---ipc>`_ in the *Docker run reference* . If the ``host`` IPC mode is used, be aware that there is a heightened risk of undesired IPC namespace expose. For more information, see `Docker security <https://docs.aws.amazon.com/https://docs.docker.com/engine/security/security/>`_ . If you are setting namespaced kernel parameters using ``systemControls`` for the containers in the task, the following will apply to your IPC resource namespace. For more information, see `System Controls <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html>`_ in the *Amazon Elastic Container Service Developer Guide* . - For tasks that use the ``host`` IPC mode, IPC namespace related ``systemControls`` are not supported. - For tasks that use the ``task`` IPC mode, IPC namespace related ``systemControls`` will apply to all containers within a task. .. epigraph:: This parameter is not supported for Windows containers or tasks run on AWS Fargate .
         :param memory: The amount (in MiB) of memory used by the task. If your tasks runs on Amazon EC2 instances, you must specify either a task-level memory value or a container-level memory value. This field is optional and any value can be used. If a task-level memory value is specified, the container-level memory value is optional. For more information regarding container-level memory and memory reservation, see `ContainerDefinition <https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ContainerDefinition.html>`_ . If your tasks runs on AWS Fargate , this field is required. You must use one of the following values. The value you choose determines your range of valid values for the ``cpu`` parameter. - 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB) - Available ``cpu`` values: 256 (.25 vCPU) - 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB) - Available ``cpu`` values: 512 (.5 vCPU) - 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) - Available ``cpu`` values: 1024 (1 vCPU) - Between 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) - Available ``cpu`` values: 2048 (2 vCPU) - Between 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) - Available ``cpu`` values: 4096 (4 vCPU) - Between 16 GB and 60 GB in 4 GB increments - Available ``cpu`` values: 8192 (8 vCPU) This option requires Linux platform ``1.4.0`` or later. - Between 32GB and 120 GB in 8 GB increments - Available ``cpu`` values: 16384 (16 vCPU) This option requires Linux platform ``1.4.0`` or later.
-        :param network_mode: The Docker networking mode to use for the containers in the task. The valid values are ``none`` , ``bridge`` , ``awsvpc`` , and ``host`` . If no network mode is specified, the default is ``bridge`` . For Amazon ECS tasks on Fargate, the ``awsvpc`` network mode is required. For Amazon ECS tasks on Amazon EC2 Linux instances, any network mode can be used. For Amazon ECS tasks on Amazon EC2 Windows instances, ``<default>`` or ``awsvpc`` can be used. If the network mode is set to ``none`` , you cannot specify port mappings in your container definitions, and the tasks containers do not have external connectivity. The ``host`` and ``awsvpc`` network modes offer the highest networking performance for containers because they use the EC2 network stack instead of the virtualized network stack provided by the ``bridge`` mode. With the ``host`` and ``awsvpc`` network modes, exposed container ports are mapped directly to the corresponding host port (for the ``host`` network mode) or the attached elastic network interface port (for the ``awsvpc`` network mode), so you cannot take advantage of dynamic host port mappings. .. epigraph:: When using the ``host`` network mode, you should not run containers using the root user (UID 0). It is considered best practice to use a non-root user. If the network mode is ``awsvpc`` , the task is allocated an elastic network interface, and you must specify a `NetworkConfiguration <https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_NetworkConfiguration.html>`_ value when you create a service or run a task with the task definition. For more information, see `Task Networking <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html>`_ in the *Amazon Elastic Container Service Developer Guide* . If the network mode is ``host`` , you cannot run multiple instantiations of the same task on a single container instance when port mappings are used.
-        :param pid_mode: The process namespace to use for the containers in the task. The valid values are ``host`` or ``task`` . On Fargate for Linux containers, the only valid value is ``task`` . For example, monitoring sidecars might need ``pidMode`` to access information about other containers running in the same task. If ``host`` is specified, all containers within the tasks that specified the ``host`` PID mode on the same container instance share the same process namespace with the host Amazon EC2 instance. If ``task`` is specified, all containers within the specified task share the same process namespace. If no value is specified, the default is a private namespace for each container. If the ``host`` PID mode is used, there's a heightened risk of undesired process namespace exposure. .. epigraph:: This parameter is not supported for Windows containers. > This parameter is only supported for tasks that are hosted on AWS Fargate if the tasks are using platform version ``1.4.0`` or later (Linux). This isn't supported for Windows containers on Fargate.
+        :param network_mode: The Docker networking mode to use for the containers in the task. The valid values are ``none`` , ``bridge`` , ``awsvpc`` , and ``host`` . If no network mode is specified, the default is ``bridge`` . For Amazon ECS tasks on Fargate, the ``awsvpc`` network mode is required. For Amazon ECS tasks on Amazon EC2 Linux instances, any network mode can be used. For Amazon ECS tasks on Amazon EC2 Windows instances, ``<default>`` or ``awsvpc`` can be used. If the network mode is set to ``none`` , you cannot specify port mappings in your container definitions, and the tasks containers do not have external connectivity. The ``host`` and ``awsvpc`` network modes offer the highest networking performance for containers because they use the EC2 network stack instead of the virtualized network stack provided by the ``bridge`` mode. With the ``host`` and ``awsvpc`` network modes, exposed container ports are mapped directly to the corresponding host port (for the ``host`` network mode) or the attached elastic network interface port (for the ``awsvpc`` network mode), so you cannot take advantage of dynamic host port mappings. .. epigraph:: When using the ``host`` network mode, you should not run containers using the root user (UID 0). It is considered best practice to use a non-root user. If the network mode is ``awsvpc`` , the task is allocated an elastic network interface, and you must specify a ``NetworkConfiguration`` value when you create a service or run a task with the task definition. For more information, see `Task Networking <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html>`_ in the *Amazon Elastic Container Service Developer Guide* . If the network mode is ``host`` , you cannot run multiple instantiations of the same task on a single container instance when port mappings are used. For more information, see `Network settings <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#network-settings>`_ in the *Docker run reference* .
+        :param pid_mode: The process namespace to use for the containers in the task. The valid values are ``host`` or ``task`` . On Fargate for Linux containers, the only valid value is ``task`` . For example, monitoring sidecars might need ``pidMode`` to access information about other containers running in the same task. If ``host`` is specified, all containers within the tasks that specified the ``host`` PID mode on the same container instance share the same process namespace with the host Amazon EC2 instance. If ``task`` is specified, all containers within the specified task share the same process namespace. If no value is specified, the default is a private namespace for each container. For more information, see `PID settings <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#pid-settings---pid>`_ in the *Docker run reference* . If the ``host`` PID mode is used, there's a heightened risk of undesired process namespace exposure. For more information, see `Docker security <https://docs.aws.amazon.com/https://docs.docker.com/engine/security/security/>`_ . .. epigraph:: This parameter is not supported for Windows containers. > This parameter is only supported for tasks that are hosted on AWS Fargate if the tasks are using platform version ``1.4.0`` or later (Linux). This isn't supported for Windows containers on Fargate.
         :param placement_constraints: An array of placement constraint objects to use for tasks. .. epigraph:: This parameter isn't supported for tasks run on AWS Fargate .
         :param proxy_configuration: The configuration details for the App Mesh proxy. Your Amazon ECS container instances require at least version 1.26.0 of the container agent and at least version 1.26.0-1 of the ``ecs-init`` package to use a proxy configuration. If your container instances are launched from the Amazon ECS optimized AMI version ``20190301`` or later, they contain the required versions of the container agent and ``ecs-init`` . For more information, see `Amazon ECS-optimized Linux AMI <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
         :param requires_compatibilities: The task launch types the task definition was validated against. The valid values are ``EC2`` , ``FARGATE`` , and ``EXTERNAL`` . For more information, see `Amazon ECS launch types <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
@@ -17414,9 +17422,9 @@ class CfnTaskDefinitionProps:
     def ipc_mode(self) -> typing.Optional[builtins.str]:
         '''The IPC resource namespace to use for the containers in the task.
 
-        The valid values are ``host`` , ``task`` , or ``none`` . If ``host`` is specified, then all containers within the tasks that specified the ``host`` IPC mode on the same container instance share the same IPC resources with the host Amazon EC2 instance. If ``task`` is specified, all containers within the specified task share the same IPC resources. If ``none`` is specified, then IPC resources within the containers of a task are private and not shared with other containers in a task or on the container instance. If no value is specified, then the IPC resource namespace sharing depends on the Docker daemon setting on the container instance.
+        The valid values are ``host`` , ``task`` , or ``none`` . If ``host`` is specified, then all containers within the tasks that specified the ``host`` IPC mode on the same container instance share the same IPC resources with the host Amazon EC2 instance. If ``task`` is specified, all containers within the specified task share the same IPC resources. If ``none`` is specified, then IPC resources within the containers of a task are private and not shared with other containers in a task or on the container instance. If no value is specified, then the IPC resource namespace sharing depends on the Docker daemon setting on the container instance. For more information, see `IPC settings <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#ipc-settings---ipc>`_ in the *Docker run reference* .
 
-        If the ``host`` IPC mode is used, be aware that there is a heightened risk of undesired IPC namespace expose.
+        If the ``host`` IPC mode is used, be aware that there is a heightened risk of undesired IPC namespace expose. For more information, see `Docker security <https://docs.aws.amazon.com/https://docs.docker.com/engine/security/security/>`_ .
 
         If you are setting namespaced kernel parameters using ``systemControls`` for the containers in the task, the following will apply to your IPC resource namespace. For more information, see `System Controls <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
 
@@ -17471,10 +17479,12 @@ class CfnTaskDefinitionProps:
 
            When using the ``host`` network mode, you should not run containers using the root user (UID 0). It is considered best practice to use a non-root user.
 
-        If the network mode is ``awsvpc`` , the task is allocated an elastic network interface, and you must specify a `NetworkConfiguration <https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_NetworkConfiguration.html>`_ value when you create a service or run a task with the task definition. For more information, see `Task Networking <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
+        If the network mode is ``awsvpc`` , the task is allocated an elastic network interface, and you must specify a ``NetworkConfiguration`` value when you create a service or run a task with the task definition. For more information, see `Task Networking <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
 
         If the network mode is ``host`` , you cannot run multiple instantiations of the same task on a single container instance when port mappings are used.
 
+        For more information, see `Network settings <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#network-settings>`_ in the *Docker run reference* .
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-networkmode
         '''
         result = self._values.get("network_mode")
@@ -17490,9 +17500,9 @@ class CfnTaskDefinitionProps:
 
         If ``task`` is specified, all containers within the specified task share the same process namespace.
 
-        If no value is specified, the default is a private namespace for each container.
+        If no value is specified, the default is a private namespace for each container. For more information, see `PID settings <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#pid-settings---pid>`_ in the *Docker run reference* .
 
-        If the ``host`` PID mode is used, there's a heightened risk of undesired process namespace exposure.
+        If the ``host`` PID mode is used, there's a heightened risk of undesired process namespace exposure. For more information, see `Docker security <https://docs.aws.amazon.com/https://docs.docker.com/engine/security/security/>`_ .
         .. epigraph::
 
            This parameter is not supported for Windows containers. > This parameter is only supported for tasks that are hosted on AWS Fargate if the tasks are using platform version ``1.4.0`` or later (Linux). This isn't supported for Windows containers on Fargate.

aws_cdk/aws_eks/__init__.py

@@ -5858,12 +5858,12 @@ class CfnCluster(
         :param encryption_config: The encryption configuration for the cluster.
         :param kubernetes_network_config: The Kubernetes network configuration for the cluster.
         :param logging: The logging configuration for your cluster.
-        :param name: The unique name to give to your cluster. The name can contain only alphanumeric characters (case-sensitive), hyphens, and underscores. It must start with an alphanumeric character and can't be longer than 100 characters. The name must be unique within the AWS Region and AWS account that you're creating the cluster in.
+        :param name: The unique name to give to your cluster. The name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphanumeric character and can't be longer than 100 characters. The name must be unique within the AWS Region and AWS account that you're creating the cluster in. Note that underscores can't be used in AWS CloudFormation .
         :param outpost_config: An object representing the configuration of your local Amazon EKS cluster on an AWS Outpost. This object isn't available for clusters on the AWS cloud.
         :param tags: The metadata that you apply to the cluster to assist with categorization and organization. Each tag consists of a key and an optional value, both of which you define. Cluster tags don't propagate to any other resources associated with the cluster. .. epigraph:: You must have the ``eks:TagResource`` and ``eks:UntagResource`` permissions for your `IAM principal <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html>`_ to manage the AWS CloudFormation stack. If you don't have these permissions, there might be unexpected behavior with stack-level tags propagating to the resource during resource creation and update.
         :param upgrade_policy: This value indicates if extended support is enabled or disabled for the cluster. `Learn more about EKS Extended Support in the EKS User Guide. <https://docs.aws.amazon.com/eks/latest/userguide/extended-support-control.html>`_
         :param version: The desired Kubernetes version for your cluster. If you don't specify a value here, the default version available in Amazon EKS is used. .. epigraph:: The default version might not be the latest version available.
-        :param zonal_shift_config: The current zonal shift configuration to use for the cluster.
+        :param zonal_shift_config: The configuration for zonal shift for the cluster.
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__d3e62a858014f3867f3039d1328d57223fb0d16e3fb6d1e2d79279938756eb35)
@@ -6209,7 +6209,7 @@ class CfnCluster(
     def zonal_shift_config(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnCluster.ZonalShiftConfigProperty"]]:
-        '''The current zonal shift configuration to use for the cluster.'''
+        '''The configuration for zonal shift for the cluster.'''
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnCluster.ZonalShiftConfigProperty"]], jsii.get(self, "zonalShiftConfig"))
 
     @zonal_shift_config.setter
@@ -7092,9 +7092,9 @@ class CfnCluster(
             *,
             enabled: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         ) -> None:
-            '''The current zonal shift configuration to use for the cluster.
+            '''The configuration for zonal shift for the cluster.
 
-            :param enabled: Set this value to true to enable zonal shift for the cluster.
+            :param enabled: If zonal shift is enabled, AWS configures zonal autoshift for the cluster.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-zonalshiftconfig.html
             :exampleMetadata: fixture=_generated
@@ -7120,7 +7120,7 @@ class CfnCluster(
         def enabled(
             self,
         ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
-            '''Set this value to true to enable zonal shift for the cluster.
+            '''If zonal shift is enabled, AWS configures zonal autoshift for the cluster.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-zonalshiftconfig.html#cfn-eks-cluster-zonalshiftconfig-enabled
             '''
@@ -7185,12 +7185,12 @@ class CfnClusterProps:
         :param encryption_config: The encryption configuration for the cluster.
         :param kubernetes_network_config: The Kubernetes network configuration for the cluster.
         :param logging: The logging configuration for your cluster.
-        :param name: The unique name to give to your cluster. The name can contain only alphanumeric characters (case-sensitive), hyphens, and underscores. It must start with an alphanumeric character and can't be longer than 100 characters. The name must be unique within the AWS Region and AWS account that you're creating the cluster in.
+        :param name: The unique name to give to your cluster. The name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphanumeric character and can't be longer than 100 characters. The name must be unique within the AWS Region and AWS account that you're creating the cluster in. Note that underscores can't be used in AWS CloudFormation .
         :param outpost_config: An object representing the configuration of your local Amazon EKS cluster on an AWS Outpost. This object isn't available for clusters on the AWS cloud.
         :param tags: The metadata that you apply to the cluster to assist with categorization and organization. Each tag consists of a key and an optional value, both of which you define. Cluster tags don't propagate to any other resources associated with the cluster. .. epigraph:: You must have the ``eks:TagResource`` and ``eks:UntagResource`` permissions for your `IAM principal <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html>`_ to manage the AWS CloudFormation stack. If you don't have these permissions, there might be unexpected behavior with stack-level tags propagating to the resource during resource creation and update.
         :param upgrade_policy: This value indicates if extended support is enabled or disabled for the cluster. `Learn more about EKS Extended Support in the EKS User Guide. <https://docs.aws.amazon.com/eks/latest/userguide/extended-support-control.html>`_
         :param version: The desired Kubernetes version for your cluster. If you don't specify a value here, the default version available in Amazon EKS is used. .. epigraph:: The default version might not be the latest version available.
-        :param zonal_shift_config: The current zonal shift configuration to use for the cluster.
+        :param zonal_shift_config: The configuration for zonal shift for the cluster.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html
         :exampleMetadata: fixture=_generated
@@ -7391,9 +7391,7 @@ class CfnClusterProps:
     def name(self) -> typing.Optional[builtins.str]:
         '''The unique name to give to your cluster.
 
-        The name can contain only alphanumeric characters (case-sensitive),
-        hyphens, and underscores. It must start with an alphanumeric character and can't be longer than
-        100 characters. The name must be unique within the AWS Region and AWS account that you're creating the cluster in.
+        The name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphanumeric character and can't be longer than 100 characters. The name must be unique within the AWS Region and AWS account that you're creating the cluster in. Note that underscores can't be used in AWS CloudFormation .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-name
         '''
@@ -7458,7 +7456,7 @@ class CfnClusterProps:
     def zonal_shift_config(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnCluster.ZonalShiftConfigProperty]]:
-        '''The current zonal shift configuration to use for the cluster.
+        '''The configuration for zonal shift for the cluster.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-zonalshiftconfig
         '''