aws-cdk-lib 2.165.0__py3-none-any.whl → 2.166.0__py3-none-any.whl

aws_cdk/aws_dynamodb/__init__.py

@@ -12029,7 +12029,7 @@ class TableOptionsV2:
         :param point_in_time_recovery: Whether point-in-time recovery is enabled. Default: false
         :param resource_policy: Resource policy to assign to DynamoDB Table. Default: - No resource policy statements are added to the created table.
         :param table_class: The table class. Default: TableClass.STANDARD
-        :param tags: Tags to be applied to the table or replica table. Default: - no tags
+        :param tags: Tags to be applied to the primary table (default replica table). Default: - no tags
 
         :exampleMetadata: fixture=_generated
 
@@ -12140,7 +12140,7 @@ class TableOptionsV2:
 
     @builtins.property
     def tags(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
-        '''Tags to be applied to the table or replica table.
+        '''Tags to be applied to the primary table (default replica table).
 
         :default: - no tags
         '''
@@ -12676,7 +12676,7 @@ class TablePropsV2(TableOptionsV2):
         :param point_in_time_recovery: Whether point-in-time recovery is enabled. Default: false
         :param resource_policy: Resource policy to assign to DynamoDB Table. Default: - No resource policy statements are added to the created table.
         :param table_class: The table class. Default: TableClass.STANDARD
-        :param tags: Tags to be applied to the table or replica table. Default: - no tags
+        :param tags: Tags to be applied to the primary table (default replica table). Default: - no tags
         :param partition_key: Partition key attribute definition.
         :param billing: The billing mode and capacity settings to apply to the table. Default: Billing.onDemand()
         :param dynamo_stream: When an item in the table is modified, StreamViewType determines what information is written to the stream. Default: - streams are disabled if replicas are not configured and this property is not specified. If this property is not specified when replicas are configured, then NEW_AND_OLD_IMAGES will be the StreamViewType for all replicas
@@ -12827,7 +12827,7 @@ class TablePropsV2(TableOptionsV2):
 
     @builtins.property
     def tags(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
-        '''Tags to be applied to the table or replica table.
+        '''Tags to be applied to the primary table (default replica table).
 
         :default: - no tags
         '''
@@ -13029,7 +13029,7 @@ class TableV2(
         :param point_in_time_recovery: Whether point-in-time recovery is enabled. Default: false
         :param resource_policy: Resource policy to assign to DynamoDB Table. Default: - No resource policy statements are added to the created table.
         :param table_class: The table class. Default: TableClass.STANDARD
-        :param tags: Tags to be applied to the table or replica table. Default: - no tags
+        :param tags: Tags to be applied to the primary table (default replica table). Default: - no tags
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__9ea47b003cdb497ff620f1410260696f97dbb2b00fa8558235f23771f8edcb29)
@@ -13245,7 +13245,7 @@ class TableV2(
         :param point_in_time_recovery: Whether point-in-time recovery is enabled. Default: false
         :param resource_policy: Resource policy to assign to DynamoDB Table. Default: - No resource policy statements are added to the created table.
         :param table_class: The table class. Default: TableClass.STANDARD
-        :param tags: Tags to be applied to the table or replica table. Default: - no tags
+        :param tags: Tags to be applied to the primary table (default replica table). Default: - no tags
         '''
         props = ReplicaTableProps(
             region=region,
@@ -13304,6 +13304,11 @@ class TableV2(
         '''
         return typing.cast(builtins.str, jsii.get(self, "tableName"))
 
+    @builtins.property
+    @jsii.member(jsii_name="tags")
+    def _tags(self) -> _TagManager_0a598cb3:
+        return typing.cast(_TagManager_0a598cb3, jsii.get(self, "tags"))
+
     @builtins.property
     @jsii.member(jsii_name="encryptionKey")
     def encryption_key(self) -> typing.Optional[_IKey_5f11635f]:
@@ -14320,7 +14325,7 @@ class ReplicaTableProps(TableOptionsV2):
         :param point_in_time_recovery: Whether point-in-time recovery is enabled. Default: false
         :param resource_policy: Resource policy to assign to DynamoDB Table. Default: - No resource policy statements are added to the created table.
         :param table_class: The table class. Default: TableClass.STANDARD
-        :param tags: Tags to be applied to the table or replica table. Default: - no tags
+        :param tags: Tags to be applied to the primary table (default replica table). Default: - no tags
         :param region: The region that the replica table will be created in.
         :param global_secondary_index_options: Options used to configure global secondary index properties. Default: - inherited from the primary table
         :param max_read_request_units: The maxium read request units. Note: This can only be configured if the primary table billing is PAY_PER_REQUEST. Default: - inherited from the primary table
@@ -14438,7 +14443,7 @@ class ReplicaTableProps(TableOptionsV2):
 
     @builtins.property
     def tags(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
-        '''Tags to be applied to the table or replica table.
+        '''Tags to be applied to the primary table (default replica table).
 
         :default: - no tags
         '''

aws_cdk/aws_ec2/__init__.py

@@ -14121,7 +14121,7 @@ class CfnEIP(
         '''
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
-        :param address: 
+        :param address: Describes an Elastic IP address, or a carrier IP address.
         :param domain: The network ( ``vpc`` ). If you define an Elastic IP address and associate it with a VPC that is defined in the same template, you must declare a dependency on the VPC-gateway attachment by using the `DependsOn Attribute <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html>`_ on this resource.
         :param instance_id: The ID of the instance. .. epigraph:: Updates to the ``InstanceId`` property may require *some interruptions* . Updates on an EIP reassociates the address on its associated resource.
         :param ipam_pool_id: 
@@ -14211,6 +14211,7 @@ class CfnEIP(
     @builtins.property
     @jsii.member(jsii_name="address")
     def address(self) -> typing.Optional[builtins.str]:
+        '''Describes an Elastic IP address, or a carrier IP address.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "address"))
 
     @address.setter
@@ -14653,7 +14654,7 @@ class CfnEIPProps:
     ) -> None:
         '''Properties for defining a ``CfnEIP``.
 
-        :param address: 
+        :param address: Describes an Elastic IP address, or a carrier IP address.
         :param domain: The network ( ``vpc`` ). If you define an Elastic IP address and associate it with a VPC that is defined in the same template, you must declare a dependency on the VPC-gateway attachment by using the `DependsOn Attribute <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html>`_ on this resource.
         :param instance_id: The ID of the instance. .. epigraph:: Updates to the ``InstanceId`` property may require *some interruptions* . Updates on an EIP reassociates the address on its associated resource.
         :param ipam_pool_id: 
@@ -14711,7 +14712,8 @@ class CfnEIPProps:
 
     @builtins.property
     def address(self) -> typing.Optional[builtins.str]:
-        '''
+        '''Describes an Elastic IP address, or a carrier IP address.
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-eip.html#cfn-ec2-eip-address
         '''
         result = self._values.get("address")
@@ -28220,7 +28222,7 @@ class CfnLaunchTemplate(
             :param device_index: The device index for the network interface attachment. Each network interface requires a device index. If you create a launch template that includes secondary network interfaces but not a primary network interface, then you must add a primary network interface as a launch parameter when you launch an instance from the template.
             :param ena_srd_specification: The ENA Express configuration for the network interface.
             :param groups: The IDs of one or more security groups.
-            :param interface_type: The type of network interface. To create an Elastic Fabric Adapter (EFA), specify ``efa`` . For more information, see `Elastic Fabric Adapter <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/efa.html>`_ in the *Amazon EC2 User Guide* . If you are not creating an EFA, specify ``interface`` or omit this parameter. Valid values: ``interface`` | ``efa``
+            :param interface_type: The type of network interface. To create an Elastic Fabric Adapter (EFA), specify ``efa`` or ``efa`` . For more information, see `Elastic Fabric Adapter <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/efa.html>`_ in the *Amazon EC2 User Guide* . If you are not creating an EFA, specify ``interface`` or omit this parameter. If you specify ``efa-only`` , do not assign any IP addresses to the network interface. EFA-only network interfaces do not support IP addresses. Valid values: ``interface`` | ``efa`` | ``efa-only``
             :param ipv4_prefix_count: The number of IPv4 prefixes to be automatically assigned to the network interface. You cannot use this option if you use the ``Ipv4Prefix`` option.
             :param ipv4_prefixes: One or more IPv4 prefixes to be assigned to the network interface. You cannot use this option if you use the ``Ipv4PrefixCount`` option.
             :param ipv6_address_count: The number of IPv6 addresses to assign to a network interface. Amazon EC2 automatically selects the IPv6 addresses from the subnet range. You can't use this option if specifying specific IPv6 addresses.
@@ -28449,11 +28451,13 @@ class CfnLaunchTemplate(
         def interface_type(self) -> typing.Optional[builtins.str]:
             '''The type of network interface.
 
-            To create an Elastic Fabric Adapter (EFA), specify ``efa`` . For more information, see `Elastic Fabric Adapter <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/efa.html>`_ in the *Amazon EC2 User Guide* .
+            To create an Elastic Fabric Adapter (EFA), specify ``efa`` or ``efa`` . For more information, see `Elastic Fabric Adapter <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/efa.html>`_ in the *Amazon EC2 User Guide* .
 
             If you are not creating an EFA, specify ``interface`` or omit this parameter.
 
-            Valid values: ``interface`` | ``efa``
+            If you specify ``efa-only`` , do not assign any IP addresses to the network interface. EFA-only network interfaces do not support IP addresses.
+
+            Valid values: ``interface`` | ``efa`` | ``efa-only``
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-networkinterface.html#cfn-ec2-launchtemplate-networkinterface-interfacetype
             '''
@@ -76321,6 +76325,11 @@ class InterfaceVpcEndpointAwsService(
     def COST_EXPLORER(cls) -> "InterfaceVpcEndpointAwsService":
         return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "COST_EXPLORER"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="COST_OPTIMIZATION_HUB")
+    def COST_OPTIMIZATION_HUB(cls) -> "InterfaceVpcEndpointAwsService":
+        return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "COST_OPTIMIZATION_HUB"))
+
     @jsii.python.classproperty
     @jsii.member(jsii_name="DATA_EXCHANGE")
     def DATA_EXCHANGE(cls) -> "InterfaceVpcEndpointAwsService":

aws_cdk/aws_ecs/__init__.py

@@ -6200,7 +6200,7 @@ class CfnCapacityProvider(
 
             :param instance_warmup_period: The period of time, in seconds, after a newly launched Amazon EC2 instance can contribute to CloudWatch metrics for Auto Scaling group. If this parameter is omitted, the default value of ``300`` seconds is used.
             :param maximum_scaling_step_size: The maximum number of Amazon EC2 instances that Amazon ECS will scale out at one time. If this parameter is omitted, the default value of ``10000`` is used.
-            :param minimum_scaling_step_size: The minimum number of Amazon EC2 instances that Amazon ECS will scale out at one time. The scale in process is not affected by this parameter If this parameter is omitted, the default value of ``1`` is used. When additional capacity is required, Amazon ECS will scale up the minimum scaling step size even if the actual demand is less than the minimum scaling step size. If you use a capacity provider with an Auto Scaling group configured with more than one Amazon EC2 instance type or Availability Zone, Amazon ECS will scale up by the exact minimum scaling step size value and will ignore both the maximum scaling step size as well as the capacity demand.
+            :param minimum_scaling_step_size: The minimum number of Amazon EC2 instances that Amazon ECS will scale out at one time. If this parameter is omitted, the default value of ``1`` is used. When additional capacity is required, Amazon ECS will scale up the minimum scaling step size even if the actual demand is less than the minimum scaling step size. If you use a capacity provider with an Auto Scaling group configured with more than one Amazon EC2 instance type or Availability Zone, Amazon ECS will scale up by the exact minimum scaling step size value and will ignore both the maximum scaling step size as well as the capacity demand.
             :param status: Determines whether to use managed scaling for the capacity provider.
             :param target_capacity: The target capacity utilization as a percentage for the capacity provider. The specified value must be greater than ``0`` and less than or equal to ``100`` . For example, if you want the capacity provider to maintain 10% spare capacity, then that means the utilization is 90%, so use a ``targetCapacity`` of ``90`` . The default value of ``100`` percent results in the Amazon EC2 instances in your Auto Scaling group being completely used.
 
@@ -6266,7 +6266,7 @@ class CfnCapacityProvider(
         def minimum_scaling_step_size(self) -> typing.Optional[jsii.Number]:
             '''The minimum number of Amazon EC2 instances that Amazon ECS will scale out at one time.
 
-            The scale in process is not affected by this parameter If this parameter is omitted, the default value of ``1`` is used.
+            If this parameter is omitted, the default value of ``1`` is used.
 
             When additional capacity is required, Amazon ECS will scale up the minimum scaling step size even if the actual demand is less than the minimum scaling step size.
 
@@ -8323,7 +8323,7 @@ class CfnService(
         :param id: Construct identifier for this resource (unique in its scope).
         :param capacity_provider_strategy: The capacity provider strategy to use for the service. If a ``capacityProviderStrategy`` is specified, the ``launchType`` parameter must be omitted. If no ``capacityProviderStrategy`` or ``launchType`` is specified, the ``defaultCapacityProviderStrategy`` for the cluster is used. A capacity provider strategy may contain a maximum of 6 capacity providers.
         :param cluster: The short name or full Amazon Resource Name (ARN) of the cluster that you run your service on. If you do not specify a cluster, the default cluster is assumed.
-        :param deployment_configuration: Optional deployment parameters that control how many tasks run during the deployment and the ordering of stopping and starting tasks.
+        :param deployment_configuration: Optional deployment parameters that control how many tasks run during the deployment and the failure detection methods.
         :param deployment_controller: The deployment controller to use for the service. If no deployment controller is specified, the default value of ``ECS`` is used.
         :param desired_count: The number of instantiations of the specified task definition to place and keep running in your service. For new services, if a desired count is not specified, a default value of ``1`` is used. When using the ``DAEMON`` scheduling strategy, the desired count is not required. For existing services, if a desired count is not specified, it is omitted from the operation.
         :param enable_ecs_managed_tags: Specifies whether to turn on Amazon ECS managed tags for the tasks within the service. For more information, see `Tagging your Amazon ECS resources <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-using-tags.html>`_ in the *Amazon Elastic Container Service Developer Guide* . When you use Amazon ECS managed tags, you need to set the ``propagateTags`` request parameter.
@@ -8472,7 +8472,7 @@ class CfnService(
     def deployment_configuration(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnService.DeploymentConfigurationProperty"]]:
-        '''Optional deployment parameters that control how many tasks run during the deployment and the ordering of stopping and starting tasks.'''
+        '''Optional deployment parameters that control how many tasks run during the deployment and the failure detection methods.'''
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnService.DeploymentConfigurationProperty"]], jsii.get(self, "deploymentConfiguration"))
 
     @deployment_configuration.setter
@@ -9210,7 +9210,7 @@ class CfnService(
             maximum_percent: typing.Optional[jsii.Number] = None,
             minimum_healthy_percent: typing.Optional[jsii.Number] = None,
         ) -> None:
-            '''Optional deployment parameters that control how many tasks run during a deployment and the ordering of stopping and starting tasks.
+            '''Optional deployment parameters that control how many tasks run during the deployment and the failure detection methods.
 
             :param alarms: Information about the CloudWatch alarms.
             :param deployment_circuit_breaker: .. epigraph:: The deployment circuit breaker can only be used for services using the rolling update ( ``ECS`` ) deployment type. The *deployment circuit breaker* determines whether a service deployment will fail if the service can't reach a steady state. If you use the deployment circuit breaker, a service deployment will transition to a failed state and stop launching new tasks. If you use the rollback option, when a service deployment fails, the service is rolled back to the last deployment that completed successfully. For more information, see `Rolling update <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-type-ecs.html>`_ in the *Amazon Elastic Container Service Developer Guide*
@@ -9527,7 +9527,7 @@ class CfnService(
 
             :param container_name: The name of the container (as it appears in a container definition) to associate with the load balancer. You need to specify the container name when configuring the target group for an Amazon ECS load balancer.
             :param container_port: The port on the container to associate with the load balancer. This port must correspond to a ``containerPort`` in the task definition the tasks in the service are using. For tasks that use the EC2 launch type, the container instance they're launched on must allow ingress traffic on the ``hostPort`` of the port mapping.
-            :param load_balancer_name: The name of the load balancer to associate with the Amazon ECS service or task set. If you are using an Application Load Balancer or a Network Load Balancer the load balancer name parameter should be omitted.
+            :param load_balancer_name: The name of the load balancer to associate with the service or task set. If you are using an Application Load Balancer or a Network Load Balancer the load balancer name parameter should be omitted.
             :param target_group_arn: The full Amazon Resource Name (ARN) of the Elastic Load Balancing target group or groups associated with a service or task set. A target group ARN is only specified when using an Application Load Balancer or Network Load Balancer. For services using the ``ECS`` deployment controller, you can specify one or multiple target groups. For more information, see `Registering multiple target groups with a service <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/register-multiple-targetgroups.html>`_ in the *Amazon Elastic Container Service Developer Guide* . For services using the ``CODE_DEPLOY`` deployment controller, you're required to define two target groups for the load balancer. For more information, see `Blue/green deployment with CodeDeploy <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-type-bluegreen.html>`_ in the *Amazon Elastic Container Service Developer Guide* . .. epigraph:: If your service's task definition uses the ``awsvpc`` network mode, you must choose ``ip`` as the target type, not ``instance`` . Do this when creating your target groups because tasks that use the ``awsvpc`` network mode are associated with an elastic network interface, not an Amazon EC2 instance. This network mode is required for the Fargate launch type.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-loadbalancer.html
@@ -9586,7 +9586,7 @@ class CfnService(
 
         @builtins.property
         def load_balancer_name(self) -> typing.Optional[builtins.str]:
-            '''The name of the load balancer to associate with the Amazon ECS service or task set.
+            '''The name of the load balancer to associate with the service or task set.
 
             If you are using an Application Load Balancer or a Network Load Balancer the load balancer name parameter should be omitted.
 
@@ -10765,13 +10765,13 @@ class CfnService(
         ) -> None:
             '''The configuration for the Amazon EBS volume that Amazon ECS creates and manages on your behalf.
 
-            These settings are used to create each Amazon EBS volume, with one volume created for each task in the service.
+            These settings are used to create each Amazon EBS volume, with one volume created for each task in the service. For information about the supported launch types and operating systems, see `Supported operating systems and launch types <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ebs-volumes.html#ebs-volumes-configuration>`_ in the *Amazon Elastic Container Service Developer Guide* .
 
             Many of these parameters map 1:1 with the Amazon EBS ``CreateVolume`` API request parameters.
 
             :param role_arn: The ARN of the IAM role to associate with this volume. This is the Amazon ECS infrastructure IAM role that is used to manage your AWS infrastructure. We recommend using the Amazon ECS-managed ``AmazonECSInfrastructureRolePolicyForVolumes`` IAM policy with this role. For more information, see `Amazon ECS infrastructure IAM role <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/infrastructure_IAM_role.html>`_ in the *Amazon ECS Developer Guide* .
             :param encrypted: Indicates whether the volume should be encrypted. If no value is specified, encryption is turned on by default. This parameter maps 1:1 with the ``Encrypted`` parameter of the `CreateVolume API <https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVolume.html>`_ in the *Amazon EC2 API Reference* .
-            :param filesystem_type: The Linux filesystem type for the volume. For volumes created from a snapshot, you must specify the same filesystem type that the volume was using when the snapshot was created. If there is a filesystem type mismatch, the task will fail to start. The available filesystem types are ``ext3`` , ``ext4`` , and ``xfs`` . If no value is specified, the ``xfs`` filesystem type is used by default.
+            :param filesystem_type: The filesystem type for the volume. For volumes created from a snapshot, you must specify the same filesystem type that the volume was using when the snapshot was created. If there is a filesystem type mismatch, the task will fail to start. The available Linux filesystem types are ``ext3`` , ``ext4`` , and ``xfs`` . If no value is specified, the ``xfs`` filesystem type is used by default. The available Windows filesystem types are ``NTFS`` .
             :param iops: The number of I/O operations per second (IOPS). For ``gp3`` , ``io1`` , and ``io2`` volumes, this represents the number of IOPS that are provisioned for the volume. For ``gp2`` volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting. The following are the supported values for each volume type. - ``gp3`` : 3,000 - 16,000 IOPS - ``io1`` : 100 - 64,000 IOPS - ``io2`` : 100 - 256,000 IOPS This parameter is required for ``io1`` and ``io2`` volume types. The default for ``gp3`` volumes is ``3,000 IOPS`` . This parameter is not supported for ``st1`` , ``sc1`` , or ``standard`` volume types. This parameter maps 1:1 with the ``Iops`` parameter of the `CreateVolume API <https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVolume.html>`_ in the *Amazon EC2 API Reference* .
             :param kms_key_id: The Amazon Resource Name (ARN) identifier of the AWS Key Management Service key to use for Amazon EBS encryption. When encryption is turned on and no AWS Key Management Service key is specified, the default AWS managed key for Amazon EBS volumes is used. This parameter maps 1:1 with the ``KmsKeyId`` parameter of the `CreateVolume API <https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVolume.html>`_ in the *Amazon EC2 API Reference* . .. epigraph:: AWS authenticates the AWS Key Management Service key asynchronously. Therefore, if you specify an ID, alias, or ARN that is invalid, the action can appear to complete, but eventually fails.
             :param size_in_gib: The size of the volume in GiB. You must specify either a volume size or a snapshot ID. If you specify a snapshot ID, the snapshot size is used for the volume size by default. You can optionally specify a volume size greater than or equal to the snapshot size. This parameter maps 1:1 with the ``Size`` parameter of the `CreateVolume API <https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVolume.html>`_ in the *Amazon EC2 API Reference* . The following are the supported volume size values for each volume type. - ``gp2`` and ``gp3`` : 1-16,384 - ``io1`` and ``io2`` : 4-16,384 - ``st1`` and ``sc1`` : 125-16,384 - ``standard`` : 1-1,024
@@ -10874,11 +10874,13 @@ class CfnService(
 
         @builtins.property
         def filesystem_type(self) -> typing.Optional[builtins.str]:
-            '''The Linux filesystem type for the volume.
+            '''The filesystem type for the volume.
 
             For volumes created from a snapshot, you must specify the same filesystem type that the volume was using when the snapshot was created. If there is a filesystem type mismatch, the task will fail to start.
 
-            The available filesystem types are ``ext3`` , ``ext4`` , and ``xfs`` . If no value is specified, the ``xfs`` filesystem type is used by default.
+            The available Linux filesystem types are ``ext3`` , ``ext4`` , and ``xfs`` . If no value is specified, the ``xfs`` filesystem type is used by default.
+
+            The available Windows filesystem types are ``NTFS`` .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-servicemanagedebsvolumeconfiguration.html#cfn-ecs-service-servicemanagedebsvolumeconfiguration-filesystemtype
             '''
@@ -11377,7 +11379,7 @@ class CfnServiceProps:
 
         :param capacity_provider_strategy: The capacity provider strategy to use for the service. If a ``capacityProviderStrategy`` is specified, the ``launchType`` parameter must be omitted. If no ``capacityProviderStrategy`` or ``launchType`` is specified, the ``defaultCapacityProviderStrategy`` for the cluster is used. A capacity provider strategy may contain a maximum of 6 capacity providers.
         :param cluster: The short name or full Amazon Resource Name (ARN) of the cluster that you run your service on. If you do not specify a cluster, the default cluster is assumed.
-        :param deployment_configuration: Optional deployment parameters that control how many tasks run during the deployment and the ordering of stopping and starting tasks.
+        :param deployment_configuration: Optional deployment parameters that control how many tasks run during the deployment and the failure detection methods.
         :param deployment_controller: The deployment controller to use for the service. If no deployment controller is specified, the default value of ``ECS`` is used.
         :param desired_count: The number of instantiations of the specified task definition to place and keep running in your service. For new services, if a desired count is not specified, a default value of ``1`` is used. When using the ``DAEMON`` scheduling strategy, the desired count is not required. For existing services, if a desired count is not specified, it is omitted from the operation.
         :param enable_ecs_managed_tags: Specifies whether to turn on Amazon ECS managed tags for the tasks within the service. For more information, see `Tagging your Amazon ECS resources <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-using-tags.html>`_ in the *Amazon Elastic Container Service Developer Guide* . When you use Amazon ECS managed tags, you need to set the ``propagateTags`` request parameter.
@@ -11652,7 +11654,7 @@ class CfnServiceProps:
     def deployment_configuration(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnService.DeploymentConfigurationProperty]]:
-        '''Optional deployment parameters that control how many tasks run during the deployment and the ordering of stopping and starting tasks.
+        '''Optional deployment parameters that control how many tasks run during the deployment and the failure detection methods.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-deploymentconfiguration
         '''
@@ -12235,10 +12237,10 @@ class CfnTaskDefinition(
         :param execution_role_arn: The Amazon Resource Name (ARN) of the task execution role that grants the Amazon ECS container agent permission to make AWS API calls on your behalf. For informationabout the required IAM roles for Amazon ECS, see `IAM roles for Amazon ECS <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/security-ecs-iam-role-overview.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
         :param family: The name of a family that this task definition is registered to. Up to 255 letters (uppercase and lowercase), numbers, hyphens, and underscores are allowed. A family groups multiple versions of a task definition. Amazon ECS gives the first task definition that you registered to a family a revision number of 1. Amazon ECS gives sequential revision numbers to each task definition that you add. .. epigraph:: To use revision numbers when you update a task definition, specify this property. If you don't specify a value, AWS CloudFormation generates a new task definition each time that you update it.
         :param inference_accelerators: The Elastic Inference accelerators to use for the containers in the task.
-        :param ipc_mode: The IPC resource namespace to use for the containers in the task. The valid values are ``host`` , ``task`` , or ``none`` . If ``host`` is specified, then all containers within the tasks that specified the ``host`` IPC mode on the same container instance share the same IPC resources with the host Amazon EC2 instance. If ``task`` is specified, all containers within the specified task share the same IPC resources. If ``none`` is specified, then IPC resources within the containers of a task are private and not shared with other containers in a task or on the container instance. If no value is specified, then the IPC resource namespace sharing depends on the Docker daemon setting on the container instance. If the ``host`` IPC mode is used, be aware that there is a heightened risk of undesired IPC namespace expose. If you are setting namespaced kernel parameters using ``systemControls`` for the containers in the task, the following will apply to your IPC resource namespace. For more information, see `System Controls <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html>`_ in the *Amazon Elastic Container Service Developer Guide* . - For tasks that use the ``host`` IPC mode, IPC namespace related ``systemControls`` are not supported. - For tasks that use the ``task`` IPC mode, IPC namespace related ``systemControls`` will apply to all containers within a task. .. epigraph:: This parameter is not supported for Windows containers or tasks run on AWS Fargate .
+        :param ipc_mode: The IPC resource namespace to use for the containers in the task. The valid values are ``host`` , ``task`` , or ``none`` . If ``host`` is specified, then all containers within the tasks that specified the ``host`` IPC mode on the same container instance share the same IPC resources with the host Amazon EC2 instance. If ``task`` is specified, all containers within the specified task share the same IPC resources. If ``none`` is specified, then IPC resources within the containers of a task are private and not shared with other containers in a task or on the container instance. If no value is specified, then the IPC resource namespace sharing depends on the Docker daemon setting on the container instance. For more information, see `IPC settings <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#ipc-settings---ipc>`_ in the *Docker run reference* . If the ``host`` IPC mode is used, be aware that there is a heightened risk of undesired IPC namespace expose. For more information, see `Docker security <https://docs.aws.amazon.com/https://docs.docker.com/engine/security/security/>`_ . If you are setting namespaced kernel parameters using ``systemControls`` for the containers in the task, the following will apply to your IPC resource namespace. For more information, see `System Controls <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html>`_ in the *Amazon Elastic Container Service Developer Guide* . - For tasks that use the ``host`` IPC mode, IPC namespace related ``systemControls`` are not supported. - For tasks that use the ``task`` IPC mode, IPC namespace related ``systemControls`` will apply to all containers within a task. .. epigraph:: This parameter is not supported for Windows containers or tasks run on AWS Fargate .
         :param memory: The amount (in MiB) of memory used by the task. If your tasks runs on Amazon EC2 instances, you must specify either a task-level memory value or a container-level memory value. This field is optional and any value can be used. If a task-level memory value is specified, the container-level memory value is optional. For more information regarding container-level memory and memory reservation, see `ContainerDefinition <https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ContainerDefinition.html>`_ . If your tasks runs on AWS Fargate , this field is required. You must use one of the following values. The value you choose determines your range of valid values for the ``cpu`` parameter. - 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB) - Available ``cpu`` values: 256 (.25 vCPU) - 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB) - Available ``cpu`` values: 512 (.5 vCPU) - 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) - Available ``cpu`` values: 1024 (1 vCPU) - Between 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) - Available ``cpu`` values: 2048 (2 vCPU) - Between 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) - Available ``cpu`` values: 4096 (4 vCPU) - Between 16 GB and 60 GB in 4 GB increments - Available ``cpu`` values: 8192 (8 vCPU) This option requires Linux platform ``1.4.0`` or later. - Between 32GB and 120 GB in 8 GB increments - Available ``cpu`` values: 16384 (16 vCPU) This option requires Linux platform ``1.4.0`` or later.
-        :param network_mode: The Docker networking mode to use for the containers in the task. The valid values are ``none`` , ``bridge`` , ``awsvpc`` , and ``host`` . If no network mode is specified, the default is ``bridge`` . For Amazon ECS tasks on Fargate, the ``awsvpc`` network mode is required. For Amazon ECS tasks on Amazon EC2 Linux instances, any network mode can be used. For Amazon ECS tasks on Amazon EC2 Windows instances, ``<default>`` or ``awsvpc`` can be used. If the network mode is set to ``none`` , you cannot specify port mappings in your container definitions, and the tasks containers do not have external connectivity. The ``host`` and ``awsvpc`` network modes offer the highest networking performance for containers because they use the EC2 network stack instead of the virtualized network stack provided by the ``bridge`` mode. With the ``host`` and ``awsvpc`` network modes, exposed container ports are mapped directly to the corresponding host port (for the ``host`` network mode) or the attached elastic network interface port (for the ``awsvpc`` network mode), so you cannot take advantage of dynamic host port mappings. .. epigraph:: When using the ``host`` network mode, you should not run containers using the root user (UID 0). It is considered best practice to use a non-root user. If the network mode is ``awsvpc`` , the task is allocated an elastic network interface, and you must specify a `NetworkConfiguration <https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_NetworkConfiguration.html>`_ value when you create a service or run a task with the task definition. For more information, see `Task Networking <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html>`_ in the *Amazon Elastic Container Service Developer Guide* . If the network mode is ``host`` , you cannot run multiple instantiations of the same task on a single container instance when port mappings are used.
-        :param pid_mode: The process namespace to use for the containers in the task. The valid values are ``host`` or ``task`` . On Fargate for Linux containers, the only valid value is ``task`` . For example, monitoring sidecars might need ``pidMode`` to access information about other containers running in the same task. If ``host`` is specified, all containers within the tasks that specified the ``host`` PID mode on the same container instance share the same process namespace with the host Amazon EC2 instance. If ``task`` is specified, all containers within the specified task share the same process namespace. If no value is specified, the default is a private namespace for each container. If the ``host`` PID mode is used, there's a heightened risk of undesired process namespace exposure. .. epigraph:: This parameter is not supported for Windows containers. > This parameter is only supported for tasks that are hosted on AWS Fargate if the tasks are using platform version ``1.4.0`` or later (Linux). This isn't supported for Windows containers on Fargate.
+        :param network_mode: The Docker networking mode to use for the containers in the task. The valid values are ``none`` , ``bridge`` , ``awsvpc`` , and ``host`` . If no network mode is specified, the default is ``bridge`` . For Amazon ECS tasks on Fargate, the ``awsvpc`` network mode is required. For Amazon ECS tasks on Amazon EC2 Linux instances, any network mode can be used. For Amazon ECS tasks on Amazon EC2 Windows instances, ``<default>`` or ``awsvpc`` can be used. If the network mode is set to ``none`` , you cannot specify port mappings in your container definitions, and the tasks containers do not have external connectivity. The ``host`` and ``awsvpc`` network modes offer the highest networking performance for containers because they use the EC2 network stack instead of the virtualized network stack provided by the ``bridge`` mode. With the ``host`` and ``awsvpc`` network modes, exposed container ports are mapped directly to the corresponding host port (for the ``host`` network mode) or the attached elastic network interface port (for the ``awsvpc`` network mode), so you cannot take advantage of dynamic host port mappings. .. epigraph:: When using the ``host`` network mode, you should not run containers using the root user (UID 0). It is considered best practice to use a non-root user. If the network mode is ``awsvpc`` , the task is allocated an elastic network interface, and you must specify a ``NetworkConfiguration`` value when you create a service or run a task with the task definition. For more information, see `Task Networking <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html>`_ in the *Amazon Elastic Container Service Developer Guide* . If the network mode is ``host`` , you cannot run multiple instantiations of the same task on a single container instance when port mappings are used. For more information, see `Network settings <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#network-settings>`_ in the *Docker run reference* .
+        :param pid_mode: The process namespace to use for the containers in the task. The valid values are ``host`` or ``task`` . On Fargate for Linux containers, the only valid value is ``task`` . For example, monitoring sidecars might need ``pidMode`` to access information about other containers running in the same task. If ``host`` is specified, all containers within the tasks that specified the ``host`` PID mode on the same container instance share the same process namespace with the host Amazon EC2 instance. If ``task`` is specified, all containers within the specified task share the same process namespace. If no value is specified, the default is a private namespace for each container. For more information, see `PID settings <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#pid-settings---pid>`_ in the *Docker run reference* . If the ``host`` PID mode is used, there's a heightened risk of undesired process namespace exposure. For more information, see `Docker security <https://docs.aws.amazon.com/https://docs.docker.com/engine/security/security/>`_ . .. epigraph:: This parameter is not supported for Windows containers. > This parameter is only supported for tasks that are hosted on AWS Fargate if the tasks are using platform version ``1.4.0`` or later (Linux). This isn't supported for Windows containers on Fargate.
         :param placement_constraints: An array of placement constraint objects to use for tasks. .. epigraph:: This parameter isn't supported for tasks run on AWS Fargate .
         :param proxy_configuration: The configuration details for the App Mesh proxy. Your Amazon ECS container instances require at least version 1.26.0 of the container agent and at least version 1.26.0-1 of the ``ecs-init`` package to use a proxy configuration. If your container instances are launched from the Amazon ECS optimized AMI version ``20190301`` or later, they contain the required versions of the container agent and ``ecs-init`` . For more information, see `Amazon ECS-optimized Linux AMI <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
         :param requires_compatibilities: The task launch types the task definition was validated against. The valid values are ``EC2`` , ``FARGATE`` , and ``EXTERNAL`` . For more information, see `Amazon ECS launch types <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
@@ -14656,7 +14658,7 @@ class CfnTaskDefinition(
             - Container health checks are supported for Fargate tasks if you are using platform version 1.1.0 or greater. For more information, see `AWS Fargate Platform Versions <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html>`_ .
             - Container health checks are not supported for tasks that are part of a service that is configured to use a Classic Load Balancer.
 
-            :param command: A string array representing the command that the container runs to determine if it is healthy. The string array must start with ``CMD`` to run the command arguments directly, or ``CMD-SHELL`` to run the command with the container's default shell. When you use the AWS Management Console JSON panel, the AWS Command Line Interface , or the APIs, enclose the list of commands in double quotes and brackets. ``[ "CMD-SHELL", "curl -f http://localhost/ || exit 1" ]`` You don't include the double quotes and brackets when you use the AWS Management Console. ``CMD-SHELL, curl -f http://localhost/ || exit 1`` An exit code of 0 indicates success, and non-zero exit code indicates failure. For more information, see ``HealthCheck`` in the docker container create command
+            :param command: A string array representing the command that the container runs to determine if it is healthy. The string array must start with ``CMD`` to run the command arguments directly, or ``CMD-SHELL`` to run the command with the container's default shell. When you use the AWS Management Console JSON panel, the AWS Command Line Interface , or the APIs, enclose the list of commands in double quotes and brackets. ``[ "CMD-SHELL", "curl -f http://localhost/ || exit 1" ]`` You don't include the double quotes and brackets when you use the AWS Management Console. ``CMD-SHELL, curl -f http://localhost/ || exit 1`` An exit code of 0 indicates success, and non-zero exit code indicates failure. For more information, see ``HealthCheck`` in the docker container create command.
             :param interval: The time period in seconds between each health check execution. You may specify between 5 and 300 seconds. The default value is 30 seconds.
             :param retries: The number of times to retry a failed health check before the container is considered unhealthy. You may specify between 1 and 10 retries. The default value is 3.
             :param start_period: The optional grace period to provide containers time to bootstrap before failed health checks count towards the maximum number of retries. You can specify between 0 and 300 seconds. By default, the ``startPeriod`` is off. .. epigraph:: If a health check succeeds within the ``startPeriod`` , then the container is considered healthy and any subsequent failures count toward the maximum number of retries.
@@ -14712,7 +14714,7 @@ class CfnTaskDefinition(
 
             ``CMD-SHELL, curl -f http://localhost/ || exit 1``
 
-            An exit code of 0 indicates success, and non-zero exit code indicates failure. For more information, see ``HealthCheck`` in the docker container create command
+            An exit code of 0 indicates success, and non-zero exit code indicates failure. For more information, see ``HealthCheck`` in the docker container create command.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-healthcheck.html#cfn-ecs-taskdefinition-healthcheck-command
             '''
@@ -15672,7 +15674,7 @@ class CfnTaskDefinition(
             After a task reaches the ``RUNNING`` status, manual and automatic host and container port assignments are visible in the ``networkBindings`` section of `DescribeTasks <https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_DescribeTasks.html>`_ API responses.
 
             :param app_protocol: The application protocol that's used for the port mapping. This parameter only applies to Service Connect. We recommend that you set this parameter to be consistent with the protocol that your application uses. If you set this parameter, Amazon ECS adds protocol-specific connection handling to the Service Connect proxy. If you set this parameter, Amazon ECS adds protocol-specific telemetry in the Amazon ECS console and CloudWatch. If you don't set a value for this parameter, then TCP is used. However, Amazon ECS doesn't add protocol-specific telemetry for TCP. ``appProtocol`` is immutable in a Service Connect service. Updating this field requires a service deletion and redeployment. Tasks that run in a namespace can use short names to connect to services in the namespace. Tasks can connect to services across all of the clusters in the namespace. Tasks connect through a managed proxy container that collects logs and metrics for increased visibility. Only the tasks that Amazon ECS services create are supported with Service Connect. For more information, see `Service Connect <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
-            :param container_port: The port number on the container that's bound to the user-specified or automatically assigned host port. If you use containers in a task with the ``awsvpc`` or ``host`` network mode, specify the exposed ports using ``containerPort`` . If you use containers in a task with the ``bridge`` network mode and you specify a container port and not a host port, your container automatically receives a host port in the ephemeral port range. For more information, see ``hostPort`` . Port mappings that are automatically assigned in this way do not count toward the 100 reserved ports limit of a container instance.
+            :param container_port: The port number on the container that's bound to the user-specified or automatically assigned host port. For tasks that use the Fargate launch type or EC2 tasks that use the ``awsvpc`` network mode, you use ``containerPort`` to specify the exposed ports. For Windows containers on Fargate, you can't use port 3150 for the ``containerPort`` . This is because it's reserved. Suppose that you're using containers in a task with the EC2 launch type and you specify a container port and not a host port. Then, your container automatically receives a host port in the ephemeral port range. For more information, see ``hostPort`` . Port mappings that are automatically assigned in this way don't count toward the 100 reserved ports quota of a container instance.
             :param container_port_range: The port number range on the container that's bound to the dynamically mapped host port range. The following rules apply when you specify a ``containerPortRange`` : - You must use either the ``bridge`` network mode or the ``awsvpc`` network mode. - This parameter is available for both the EC2 and AWS Fargate launch types. - This parameter is available for both the Linux and Windows operating systems. - The container instance must have at least version 1.67.0 of the container agent and at least version 1.67.0-1 of the ``ecs-init`` package - You can specify a maximum of 100 port ranges per container. - You do not specify a ``hostPortRange`` . The value of the ``hostPortRange`` is set as follows: - For containers in a task with the ``awsvpc`` network mode, the ``hostPortRange`` is set to the same value as the ``containerPortRange`` . This is a static mapping strategy. - For containers in a task with the ``bridge`` network mode, the Amazon ECS agent finds open host ports from the default ephemeral range and passes it to docker to bind them to the container ports. - The ``containerPortRange`` valid values are between 1 and 65535. - A port can only be included in one port mapping per container. - You cannot specify overlapping port ranges. - The first port in the range must be less than last port in the range. - Docker recommends that you turn off the docker-proxy in the Docker daemon config file when you have a large number of ports. For more information, see `Issue #11185 <https://docs.aws.amazon.com/https://github.com/moby/moby/issues/11185>`_ on the Github website. For information about how to turn off the docker-proxy in the Docker daemon config file, see `Docker daemon <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/bootstrap_container_instance.html#bootstrap_docker_daemon>`_ in the *Amazon ECS Developer Guide* . You can call ```DescribeTasks`` <https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_DescribeTasks.html>`_ to view the ``hostPortRange`` which are the host ports that are bound to the container ports.
             :param host_port: The port number on the container instance to reserve for your container. If you specify a ``containerPortRange`` , leave this field empty and the value of the ``hostPort`` is set as follows: - For containers in a task with the ``awsvpc`` network mode, the ``hostPort`` is set to the same value as the ``containerPort`` . This is a static mapping strategy. - For containers in a task with the ``bridge`` network mode, the Amazon ECS agent finds open ports on the host and automatically binds them to the container ports. This is a dynamic mapping strategy. If you use containers in a task with the ``awsvpc`` or ``host`` network mode, the ``hostPort`` can either be left blank or set to the same value as the ``containerPort`` . If you use containers in a task with the ``bridge`` network mode, you can specify a non-reserved host port for your container port mapping, or you can omit the ``hostPort`` (or set it to ``0`` ) while specifying a ``containerPort`` and your container automatically receives a port in the ephemeral port range for your container instance operating system and Docker version. The default ephemeral port range for Docker version 1.6.0 and later is listed on the instance under ``/proc/sys/net/ipv4/ip_local_port_range`` . If this kernel parameter is unavailable, the default ephemeral port range from 49153 through 65535 (Linux) or 49152 through 65535 (Windows) is used. Do not attempt to specify a host port in the ephemeral port range as these are reserved for automatic assignment. In general, ports below 32768 are outside of the ephemeral port range. The default reserved ports are 22 for SSH, the Docker ports 2375 and 2376, and the Amazon ECS container agent ports 51678-51680. Any host port that was previously specified in a running task is also reserved while the task is running. That is, after a task stops, the host port is released. The current reserved ports are displayed in the ``remainingResources`` of `DescribeContainerInstances <https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_DescribeContainerInstances.html>`_ output. A container instance can have up to 100 reserved ports at a time. This number includes the default reserved ports. Automatically assigned ports aren't included in the 100 reserved ports quota.
             :param name: The name that's used for the port mapping. This parameter only applies to Service Connect. This parameter is the name that you use in the ``serviceConnectConfiguration`` of a service. The name can include up to 64 characters. The characters can include lowercase letters, numbers, underscores (_), and hyphens (-). The name can't start with a hyphen. For more information, see `Service Connect <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
@@ -15739,9 +15741,11 @@ class CfnTaskDefinition(
         def container_port(self) -> typing.Optional[jsii.Number]:
             '''The port number on the container that's bound to the user-specified or automatically assigned host port.
 
-            If you use containers in a task with the ``awsvpc`` or ``host`` network mode, specify the exposed ports using ``containerPort`` .
+            For tasks that use the Fargate launch type or EC2 tasks that use the ``awsvpc`` network mode, you use ``containerPort`` to specify the exposed ports.
+
+            For Windows containers on Fargate, you can't use port 3150 for the ``containerPort`` . This is because it's reserved.
 
-            If you use containers in a task with the ``bridge`` network mode and you specify a container port and not a host port, your container automatically receives a host port in the ephemeral port range. For more information, see ``hostPort`` . Port mappings that are automatically assigned in this way do not count toward the 100 reserved ports limit of a container instance.
+            Suppose that you're using containers in a task with the EC2 launch type and you specify a container port and not a host port. Then, your container automatically receives a host port in the ephemeral port range. For more information, see ``hostPort`` . Port mappings that are automatically assigned in this way don't count toward the 100 reserved ports quota of a container instance.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-portmapping.html#cfn-ecs-taskdefinition-portmapping-containerport
             '''
@@ -16194,8 +16198,8 @@ class CfnTaskDefinition(
 
             For more information about ``RuntimePlatform`` , see `RuntimePlatform <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#runtime-platform>`_ in the *Amazon Elastic Container Service Developer Guide* .
 
-            :param cpu_architecture: The CPU architecture. You can run your Linux tasks on an ARM-based platform by setting the value to ``ARM64`` . This option is available for tasks that run on Linux Amazon EC2 instance or Linux containers on Fargate.
-            :param operating_system_family: The operating system.
+            :param cpu_architecture: The CPU architecture. You can run your Linux tasks on an ARM-based platform by setting the value to ``ARM64`` . This option is available for tasks that run on Linux Amazon EC2 instance or Linux containers on Fargate. The default is ``X86_64`` .
+            :param operating_system_family: The operating system. The default is ``Linux`` .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-runtimeplatform.html
             :exampleMetadata: fixture=_generated
@@ -16227,6 +16231,8 @@ class CfnTaskDefinition(
 
             You can run your Linux tasks on an ARM-based platform by setting the value to ``ARM64`` . This option is available for tasks that run on Linux Amazon EC2 instance or Linux containers on Fargate.
 
+            The default is ``X86_64`` .
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-runtimeplatform.html#cfn-ecs-taskdefinition-runtimeplatform-cpuarchitecture
             '''
             result = self._values.get("cpu_architecture")
@@ -16236,6 +16242,8 @@ class CfnTaskDefinition(
         def operating_system_family(self) -> typing.Optional[builtins.str]:
             '''The operating system.
 
+            The default is ``Linux`` .
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-runtimeplatform.html#cfn-ecs-taskdefinition-runtimeplatform-operatingsystemfamily
             '''
             result = self._values.get("operating_system_family")
@@ -17026,10 +17034,10 @@ class CfnTaskDefinitionProps:
         :param execution_role_arn: The Amazon Resource Name (ARN) of the task execution role that grants the Amazon ECS container agent permission to make AWS API calls on your behalf. For informationabout the required IAM roles for Amazon ECS, see `IAM roles for Amazon ECS <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/security-ecs-iam-role-overview.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
         :param family: The name of a family that this task definition is registered to. Up to 255 letters (uppercase and lowercase), numbers, hyphens, and underscores are allowed. A family groups multiple versions of a task definition. Amazon ECS gives the first task definition that you registered to a family a revision number of 1. Amazon ECS gives sequential revision numbers to each task definition that you add. .. epigraph:: To use revision numbers when you update a task definition, specify this property. If you don't specify a value, AWS CloudFormation generates a new task definition each time that you update it.
         :param inference_accelerators: The Elastic Inference accelerators to use for the containers in the task.
-        :param ipc_mode: The IPC resource namespace to use for the containers in the task. The valid values are ``host`` , ``task`` , or ``none`` . If ``host`` is specified, then all containers within the tasks that specified the ``host`` IPC mode on the same container instance share the same IPC resources with the host Amazon EC2 instance. If ``task`` is specified, all containers within the specified task share the same IPC resources. If ``none`` is specified, then IPC resources within the containers of a task are private and not shared with other containers in a task or on the container instance. If no value is specified, then the IPC resource namespace sharing depends on the Docker daemon setting on the container instance. If the ``host`` IPC mode is used, be aware that there is a heightened risk of undesired IPC namespace expose. If you are setting namespaced kernel parameters using ``systemControls`` for the containers in the task, the following will apply to your IPC resource namespace. For more information, see `System Controls <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html>`_ in the *Amazon Elastic Container Service Developer Guide* . - For tasks that use the ``host`` IPC mode, IPC namespace related ``systemControls`` are not supported. - For tasks that use the ``task`` IPC mode, IPC namespace related ``systemControls`` will apply to all containers within a task. .. epigraph:: This parameter is not supported for Windows containers or tasks run on AWS Fargate .
+        :param ipc_mode: The IPC resource namespace to use for the containers in the task. The valid values are ``host`` , ``task`` , or ``none`` . If ``host`` is specified, then all containers within the tasks that specified the ``host`` IPC mode on the same container instance share the same IPC resources with the host Amazon EC2 instance. If ``task`` is specified, all containers within the specified task share the same IPC resources. If ``none`` is specified, then IPC resources within the containers of a task are private and not shared with other containers in a task or on the container instance. If no value is specified, then the IPC resource namespace sharing depends on the Docker daemon setting on the container instance. For more information, see `IPC settings <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#ipc-settings---ipc>`_ in the *Docker run reference* . If the ``host`` IPC mode is used, be aware that there is a heightened risk of undesired IPC namespace expose. For more information, see `Docker security <https://docs.aws.amazon.com/https://docs.docker.com/engine/security/security/>`_ . If you are setting namespaced kernel parameters using ``systemControls`` for the containers in the task, the following will apply to your IPC resource namespace. For more information, see `System Controls <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html>`_ in the *Amazon Elastic Container Service Developer Guide* . - For tasks that use the ``host`` IPC mode, IPC namespace related ``systemControls`` are not supported. - For tasks that use the ``task`` IPC mode, IPC namespace related ``systemControls`` will apply to all containers within a task. .. epigraph:: This parameter is not supported for Windows containers or tasks run on AWS Fargate .
         :param memory: The amount (in MiB) of memory used by the task. If your tasks runs on Amazon EC2 instances, you must specify either a task-level memory value or a container-level memory value. This field is optional and any value can be used. If a task-level memory value is specified, the container-level memory value is optional. For more information regarding container-level memory and memory reservation, see `ContainerDefinition <https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ContainerDefinition.html>`_ . If your tasks runs on AWS Fargate , this field is required. You must use one of the following values. The value you choose determines your range of valid values for the ``cpu`` parameter. - 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB) - Available ``cpu`` values: 256 (.25 vCPU) - 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB) - Available ``cpu`` values: 512 (.5 vCPU) - 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) - Available ``cpu`` values: 1024 (1 vCPU) - Between 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) - Available ``cpu`` values: 2048 (2 vCPU) - Between 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) - Available ``cpu`` values: 4096 (4 vCPU) - Between 16 GB and 60 GB in 4 GB increments - Available ``cpu`` values: 8192 (8 vCPU) This option requires Linux platform ``1.4.0`` or later. - Between 32GB and 120 GB in 8 GB increments - Available ``cpu`` values: 16384 (16 vCPU) This option requires Linux platform ``1.4.0`` or later.
-        :param network_mode: The Docker networking mode to use for the containers in the task. The valid values are ``none`` , ``bridge`` , ``awsvpc`` , and ``host`` . If no network mode is specified, the default is ``bridge`` . For Amazon ECS tasks on Fargate, the ``awsvpc`` network mode is required. For Amazon ECS tasks on Amazon EC2 Linux instances, any network mode can be used. For Amazon ECS tasks on Amazon EC2 Windows instances, ``<default>`` or ``awsvpc`` can be used. If the network mode is set to ``none`` , you cannot specify port mappings in your container definitions, and the tasks containers do not have external connectivity. The ``host`` and ``awsvpc`` network modes offer the highest networking performance for containers because they use the EC2 network stack instead of the virtualized network stack provided by the ``bridge`` mode. With the ``host`` and ``awsvpc`` network modes, exposed container ports are mapped directly to the corresponding host port (for the ``host`` network mode) or the attached elastic network interface port (for the ``awsvpc`` network mode), so you cannot take advantage of dynamic host port mappings. .. epigraph:: When using the ``host`` network mode, you should not run containers using the root user (UID 0). It is considered best practice to use a non-root user. If the network mode is ``awsvpc`` , the task is allocated an elastic network interface, and you must specify a `NetworkConfiguration <https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_NetworkConfiguration.html>`_ value when you create a service or run a task with the task definition. For more information, see `Task Networking <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html>`_ in the *Amazon Elastic Container Service Developer Guide* . If the network mode is ``host`` , you cannot run multiple instantiations of the same task on a single container instance when port mappings are used.
-        :param pid_mode: The process namespace to use for the containers in the task. The valid values are ``host`` or ``task`` . On Fargate for Linux containers, the only valid value is ``task`` . For example, monitoring sidecars might need ``pidMode`` to access information about other containers running in the same task. If ``host`` is specified, all containers within the tasks that specified the ``host`` PID mode on the same container instance share the same process namespace with the host Amazon EC2 instance. If ``task`` is specified, all containers within the specified task share the same process namespace. If no value is specified, the default is a private namespace for each container. If the ``host`` PID mode is used, there's a heightened risk of undesired process namespace exposure. .. epigraph:: This parameter is not supported for Windows containers. > This parameter is only supported for tasks that are hosted on AWS Fargate if the tasks are using platform version ``1.4.0`` or later (Linux). This isn't supported for Windows containers on Fargate.
+        :param network_mode: The Docker networking mode to use for the containers in the task. The valid values are ``none`` , ``bridge`` , ``awsvpc`` , and ``host`` . If no network mode is specified, the default is ``bridge`` . For Amazon ECS tasks on Fargate, the ``awsvpc`` network mode is required. For Amazon ECS tasks on Amazon EC2 Linux instances, any network mode can be used. For Amazon ECS tasks on Amazon EC2 Windows instances, ``<default>`` or ``awsvpc`` can be used. If the network mode is set to ``none`` , you cannot specify port mappings in your container definitions, and the tasks containers do not have external connectivity. The ``host`` and ``awsvpc`` network modes offer the highest networking performance for containers because they use the EC2 network stack instead of the virtualized network stack provided by the ``bridge`` mode. With the ``host`` and ``awsvpc`` network modes, exposed container ports are mapped directly to the corresponding host port (for the ``host`` network mode) or the attached elastic network interface port (for the ``awsvpc`` network mode), so you cannot take advantage of dynamic host port mappings. .. epigraph:: When using the ``host`` network mode, you should not run containers using the root user (UID 0). It is considered best practice to use a non-root user. If the network mode is ``awsvpc`` , the task is allocated an elastic network interface, and you must specify a ``NetworkConfiguration`` value when you create a service or run a task with the task definition. For more information, see `Task Networking <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html>`_ in the *Amazon Elastic Container Service Developer Guide* . If the network mode is ``host`` , you cannot run multiple instantiations of the same task on a single container instance when port mappings are used. For more information, see `Network settings <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#network-settings>`_ in the *Docker run reference* .
+        :param pid_mode: The process namespace to use for the containers in the task. The valid values are ``host`` or ``task`` . On Fargate for Linux containers, the only valid value is ``task`` . For example, monitoring sidecars might need ``pidMode`` to access information about other containers running in the same task. If ``host`` is specified, all containers within the tasks that specified the ``host`` PID mode on the same container instance share the same process namespace with the host Amazon EC2 instance. If ``task`` is specified, all containers within the specified task share the same process namespace. If no value is specified, the default is a private namespace for each container. For more information, see `PID settings <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#pid-settings---pid>`_ in the *Docker run reference* . If the ``host`` PID mode is used, there's a heightened risk of undesired process namespace exposure. For more information, see `Docker security <https://docs.aws.amazon.com/https://docs.docker.com/engine/security/security/>`_ . .. epigraph:: This parameter is not supported for Windows containers. > This parameter is only supported for tasks that are hosted on AWS Fargate if the tasks are using platform version ``1.4.0`` or later (Linux). This isn't supported for Windows containers on Fargate.
         :param placement_constraints: An array of placement constraint objects to use for tasks. .. epigraph:: This parameter isn't supported for tasks run on AWS Fargate .
         :param proxy_configuration: The configuration details for the App Mesh proxy. Your Amazon ECS container instances require at least version 1.26.0 of the container agent and at least version 1.26.0-1 of the ``ecs-init`` package to use a proxy configuration. If your container instances are launched from the Amazon ECS optimized AMI version ``20190301`` or later, they contain the required versions of the container agent and ``ecs-init`` . For more information, see `Amazon ECS-optimized Linux AMI <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
         :param requires_compatibilities: The task launch types the task definition was validated against. The valid values are ``EC2`` , ``FARGATE`` , and ``EXTERNAL`` . For more information, see `Amazon ECS launch types <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
@@ -17414,9 +17422,9 @@ class CfnTaskDefinitionProps:
     def ipc_mode(self) -> typing.Optional[builtins.str]:
         '''The IPC resource namespace to use for the containers in the task.
 
-        The valid values are ``host`` , ``task`` , or ``none`` . If ``host`` is specified, then all containers within the tasks that specified the ``host`` IPC mode on the same container instance share the same IPC resources with the host Amazon EC2 instance. If ``task`` is specified, all containers within the specified task share the same IPC resources. If ``none`` is specified, then IPC resources within the containers of a task are private and not shared with other containers in a task or on the container instance. If no value is specified, then the IPC resource namespace sharing depends on the Docker daemon setting on the container instance.
+        The valid values are ``host`` , ``task`` , or ``none`` . If ``host`` is specified, then all containers within the tasks that specified the ``host`` IPC mode on the same container instance share the same IPC resources with the host Amazon EC2 instance. If ``task`` is specified, all containers within the specified task share the same IPC resources. If ``none`` is specified, then IPC resources within the containers of a task are private and not shared with other containers in a task or on the container instance. If no value is specified, then the IPC resource namespace sharing depends on the Docker daemon setting on the container instance. For more information, see `IPC settings <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#ipc-settings---ipc>`_ in the *Docker run reference* .
 
-        If the ``host`` IPC mode is used, be aware that there is a heightened risk of undesired IPC namespace expose.
+        If the ``host`` IPC mode is used, be aware that there is a heightened risk of undesired IPC namespace expose. For more information, see `Docker security <https://docs.aws.amazon.com/https://docs.docker.com/engine/security/security/>`_ .
 
         If you are setting namespaced kernel parameters using ``systemControls`` for the containers in the task, the following will apply to your IPC resource namespace. For more information, see `System Controls <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
 
@@ -17471,10 +17479,12 @@ class CfnTaskDefinitionProps:
 
            When using the ``host`` network mode, you should not run containers using the root user (UID 0). It is considered best practice to use a non-root user.
 
-        If the network mode is ``awsvpc`` , the task is allocated an elastic network interface, and you must specify a `NetworkConfiguration <https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_NetworkConfiguration.html>`_ value when you create a service or run a task with the task definition. For more information, see `Task Networking <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
+        If the network mode is ``awsvpc`` , the task is allocated an elastic network interface, and you must specify a ``NetworkConfiguration`` value when you create a service or run a task with the task definition. For more information, see `Task Networking <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
 
         If the network mode is ``host`` , you cannot run multiple instantiations of the same task on a single container instance when port mappings are used.
 
+        For more information, see `Network settings <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#network-settings>`_ in the *Docker run reference* .
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-networkmode
         '''
         result = self._values.get("network_mode")
@@ -17490,9 +17500,9 @@ class CfnTaskDefinitionProps:
 
         If ``task`` is specified, all containers within the specified task share the same process namespace.
 
-        If no value is specified, the default is a private namespace for each container.
+        If no value is specified, the default is a private namespace for each container. For more information, see `PID settings <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#pid-settings---pid>`_ in the *Docker run reference* .
 
-        If the ``host`` PID mode is used, there's a heightened risk of undesired process namespace exposure.
+        If the ``host`` PID mode is used, there's a heightened risk of undesired process namespace exposure. For more information, see `Docker security <https://docs.aws.amazon.com/https://docs.docker.com/engine/security/security/>`_ .
         .. epigraph::
 
            This parameter is not supported for Windows containers. > This parameter is only supported for tasks that are hosted on AWS Fargate if the tasks are using platform version ``1.4.0`` or later (Linux). This isn't supported for Windows containers on Fargate.

aws_cdk/aws_elasticache/__init__.py

@@ -1680,7 +1680,7 @@ class CfnGlobalReplicationGroup(
         :param automatic_failover_enabled: Specifies whether a read-only replica is automatically promoted to read/write primary if the existing primary fails. ``AutomaticFailoverEnabled`` must be enabled for Valkey or Redis OSS (cluster mode enabled) replication groups.
         :param cache_node_type: The cache node type of the Global datastore.
         :param cache_parameter_group_name: The name of the cache parameter group to use with the Global datastore. It must be compatible with the major engine version used by the Global datastore.
-        :param engine: The engine of the Global Datastore.
+        :param engine: The ElastiCache engine. For Valkey or Redis OSS only.
         :param engine_version: The Elasticache Valkey or Redis OSS engine version.
         :param global_node_group_count: The number of node groups that comprise the Global Datastore.
         :param global_replication_group_description: The optional description of the Global datastore.
@@ -1826,7 +1826,7 @@ class CfnGlobalReplicationGroup(
     @builtins.property
     @jsii.member(jsii_name="engine")
     def engine(self) -> typing.Optional[builtins.str]:
-        '''The engine of the Global Datastore.'''
+        '''The ElastiCache engine.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "engine"))
 
     @engine.setter
@@ -2210,7 +2210,7 @@ class CfnGlobalReplicationGroupProps:
         :param automatic_failover_enabled: Specifies whether a read-only replica is automatically promoted to read/write primary if the existing primary fails. ``AutomaticFailoverEnabled`` must be enabled for Valkey or Redis OSS (cluster mode enabled) replication groups.
         :param cache_node_type: The cache node type of the Global datastore.
         :param cache_parameter_group_name: The name of the cache parameter group to use with the Global datastore. It must be compatible with the major engine version used by the Global datastore.
-        :param engine: The engine of the Global Datastore.
+        :param engine: The ElastiCache engine. For Valkey or Redis OSS only.
         :param engine_version: The Elasticache Valkey or Redis OSS engine version.
         :param global_node_group_count: The number of node groups that comprise the Global Datastore.
         :param global_replication_group_description: The optional description of the Global datastore.
@@ -2333,7 +2333,9 @@ class CfnGlobalReplicationGroupProps:
 
     @builtins.property
     def engine(self) -> typing.Optional[builtins.str]:
-        '''The engine of the Global Datastore.
+        '''The ElastiCache engine.
+
+        For Valkey or Redis OSS only.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticache-globalreplicationgroup.html#cfn-elasticache-globalreplicationgroup-engine
         '''
@@ -2851,7 +2853,7 @@ class CfnReplicationGroup(
         :param cache_subnet_group_name: The name of the cache subnet group to be used for the replication group. .. epigraph:: If you're going to launch your cluster in an Amazon VPC, you need to create a subnet group before you start creating a cluster. For more information, see `AWS::ElastiCache::SubnetGroup <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticache-subnetgroup.html>`_ .
         :param cluster_mode: Enabled or Disabled. To modify cluster mode from Disabled to Enabled, you must first set the cluster mode to Compatible. Compatible mode allows your Valkey or Redis OSS clients to connect using both cluster mode enabled and cluster mode disabled. After you migrate all Valkey or Redis OSS clients to use cluster mode enabled, you can then complete cluster mode configuration and set the cluster mode to Enabled. For more information, see `Modify cluster mode <https://docs.aws.amazon.com/AmazonElastiCache/latest/dg/modify-cluster-mode.html>`_ .
         :param data_tiering_enabled: Enables data tiering. Data tiering is only supported for replication groups using the r6gd node type. This parameter must be set to true when using r6gd nodes. For more information, see `Data tiering <https://docs.aws.amazon.com/AmazonElastiCache/latest/dg/data-tiering.html>`_ .
-        :param engine: The name of the cache engine to be used for the clusters in this replication group. The value must be set to ``valkey`` or ``redis`` .
+        :param engine: The name of the cache engine to be used for the clusters in this replication group. The value must be set to ``valkey`` or ``redis`` . .. epigraph:: Upgrading an existing engine from redis to valkey is done through in-place migration, and requires a parameter group.
         :param engine_version: The version number of the cache engine to be used for the clusters in this replication group. To view the supported cache engine versions, use the ``DescribeCacheEngineVersions`` operation. *Important:* You can upgrade to a newer engine version (see `Selecting a Cache Engine and Version <https://docs.aws.amazon.com/AmazonElastiCache/latest/dg/SelectEngine.html#VersionManagement>`_ ) in the *ElastiCache User Guide* , but you cannot downgrade to an earlier engine version. If you want to use an earlier engine version, you must delete the existing cluster or replication group and create it anew with the earlier engine version.
         :param global_replication_group_id: The name of the Global datastore.
         :param ip_discovery: The network type you choose when creating a replication group, either ``ipv4`` | ``ipv6`` . IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 and above or Memcached engine version 1.6.6 and above on all instances built on the `Nitro system <https://docs.aws.amazon.com/ec2/nitro/>`_ .
@@ -4179,7 +4181,7 @@ class CfnReplicationGroupProps:
         :param cache_subnet_group_name: The name of the cache subnet group to be used for the replication group. .. epigraph:: If you're going to launch your cluster in an Amazon VPC, you need to create a subnet group before you start creating a cluster. For more information, see `AWS::ElastiCache::SubnetGroup <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticache-subnetgroup.html>`_ .
         :param cluster_mode: Enabled or Disabled. To modify cluster mode from Disabled to Enabled, you must first set the cluster mode to Compatible. Compatible mode allows your Valkey or Redis OSS clients to connect using both cluster mode enabled and cluster mode disabled. After you migrate all Valkey or Redis OSS clients to use cluster mode enabled, you can then complete cluster mode configuration and set the cluster mode to Enabled. For more information, see `Modify cluster mode <https://docs.aws.amazon.com/AmazonElastiCache/latest/dg/modify-cluster-mode.html>`_ .
         :param data_tiering_enabled: Enables data tiering. Data tiering is only supported for replication groups using the r6gd node type. This parameter must be set to true when using r6gd nodes. For more information, see `Data tiering <https://docs.aws.amazon.com/AmazonElastiCache/latest/dg/data-tiering.html>`_ .
-        :param engine: The name of the cache engine to be used for the clusters in this replication group. The value must be set to ``valkey`` or ``redis`` .
+        :param engine: The name of the cache engine to be used for the clusters in this replication group. The value must be set to ``valkey`` or ``redis`` . .. epigraph:: Upgrading an existing engine from redis to valkey is done through in-place migration, and requires a parameter group.
         :param engine_version: The version number of the cache engine to be used for the clusters in this replication group. To view the supported cache engine versions, use the ``DescribeCacheEngineVersions`` operation. *Important:* You can upgrade to a newer engine version (see `Selecting a Cache Engine and Version <https://docs.aws.amazon.com/AmazonElastiCache/latest/dg/SelectEngine.html#VersionManagement>`_ ) in the *ElastiCache User Guide* , but you cannot downgrade to an earlier engine version. If you want to use an earlier engine version, you must delete the existing cluster or replication group and create it anew with the earlier engine version.
         :param global_replication_group_id: The name of the Global datastore.
         :param ip_discovery: The network type you choose when creating a replication group, either ``ipv4`` | ``ipv6`` . IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 and above or Memcached engine version 1.6.6 and above on all instances built on the `Nitro system <https://docs.aws.amazon.com/ec2/nitro/>`_ .
@@ -4609,6 +4611,9 @@ class CfnReplicationGroupProps:
         '''The name of the cache engine to be used for the clusters in this replication group.
 
         The value must be set to ``valkey`` or ``redis`` .
+        .. epigraph::
+
+           Upgrading an existing engine from redis to valkey is done through in-place migration, and requires a parameter group.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticache-replicationgroup.html#cfn-elasticache-replicationgroup-engine
         '''