aws-cdk-lib 2.173.4__py3-none-any.whl → 2.174.1__py3-none-any.whl

aws_cdk/aws_ecr/__init__.py

@@ -2940,6 +2940,17 @@ class CfnRepositoryProps:
 class IRepository(_IResource_c80c4260, typing_extensions.Protocol):
     '''Represents an ECR repository.'''
 
+    @builtins.property
+    @jsii.member(jsii_name="registryUri")
+    def registry_uri(self) -> builtins.str:
+        '''The URI of this repository's registry:.
+
+        ACCOUNT.dkr.ecr.REGION.amazonaws.com
+
+        :attribute: true
+        '''
+        ...
+
     @builtins.property
     @jsii.member(jsii_name="repositoryArn")
     def repository_arn(self) -> builtins.str:
@@ -3176,6 +3187,17 @@ class _IRepositoryProxy(
 
     __jsii_type__: typing.ClassVar[str] = "aws-cdk-lib.aws_ecr.IRepository"
 
+    @builtins.property
+    @jsii.member(jsii_name="registryUri")
+    def registry_uri(self) -> builtins.str:
+        '''The URI of this repository's registry:.
+
+        ACCOUNT.dkr.ecr.REGION.amazonaws.com
+
+        :attribute: true
+        '''
+        return typing.cast(builtins.str, jsii.get(self, "registryUri"))
+
     @builtins.property
     @jsii.member(jsii_name="repositoryArn")
     def repository_arn(self) -> builtins.str:
@@ -4387,6 +4409,15 @@ class RepositoryBase(
             check_type(argname="argument tag_or_digest", value=tag_or_digest, expected_type=type_hints["tag_or_digest"])
         return typing.cast(builtins.str, jsii.invoke(self, "repositoryUriForTagOrDigest", [tag_or_digest]))
 
+    @builtins.property
+    @jsii.member(jsii_name="registryUri")
+    def registry_uri(self) -> builtins.str:
+        '''The URI of this repository's registry:.
+
+        ACCOUNT.dkr.ecr.REGION.amazonaws.com
+        '''
+        return typing.cast(builtins.str, jsii.get(self, "registryUri"))
+
     @builtins.property
     @jsii.member(jsii_name="repositoryArn")
     @abc.abstractmethod

aws_cdk/aws_ecr_assets/__init__.py

@@ -52,6 +52,11 @@ asset hash.
 Additionally, you can supply `buildSecrets`. Your system must have Buildkit
 enabled, see https://docs.docker.com/build/buildkit/.
 
+Also, similarly to `@aws-cdk/aws-s3-assets`, you can set the CDK_DOCKER environment
+variable in order to provide a custom Docker executable command or path. This may sometimes
+be needed when building in environments where the standard docker cannot be executed
+(see https://github.com/aws/aws-cdk/issues/8460 for details).
+
 SSH agent sockets or keys may be passed to docker build via `buildSsh`.
 
 ```python

aws_cdk/aws_ecs/__init__.py

@@ -1998,6 +1998,7 @@ from ..aws_applicationautoscaling import (
 from ..aws_autoscaling import (
     AutoScalingGroup as _AutoScalingGroup_c547a7b9,
     BlockDevice as _BlockDevice_0cfc0568,
+    CapacityDistributionStrategy as _CapacityDistributionStrategy_2393ccfe,
     CommonAutoScalingGroupProps as _CommonAutoScalingGroupProps_808bbf2d,
     GroupMetrics as _GroupMetrics_7cdf729b,
     HealthCheck as _HealthCheck_03a4bd5a,
@@ -2211,6 +2212,7 @@ class AddAutoScalingGroupCapacityOptions:
         "allow_all_outbound": "allowAllOutbound",
         "associate_public_ip_address": "associatePublicIpAddress",
         "auto_scaling_group_name": "autoScalingGroupName",
+        "az_capacity_distribution_strategy": "azCapacityDistributionStrategy",
         "block_devices": "blockDevices",
         "capacity_rebalance": "capacityRebalance",
         "cooldown": "cooldown",
@@ -2252,6 +2254,7 @@ class AddCapacityOptions(
         allow_all_outbound: typing.Optional[builtins.bool] = None,
         associate_public_ip_address: typing.Optional[builtins.bool] = None,
         auto_scaling_group_name: typing.Optional[builtins.str] = None,
+        az_capacity_distribution_strategy: typing.Optional[_CapacityDistributionStrategy_2393ccfe] = None,
         block_devices: typing.Optional[typing.Sequence[typing.Union[_BlockDevice_0cfc0568, typing.Dict[builtins.str, typing.Any]]]] = None,
         capacity_rebalance: typing.Optional[builtins.bool] = None,
         cooldown: typing.Optional[_Duration_4839e8c3] = None,
@@ -2287,6 +2290,7 @@ class AddCapacityOptions(
         :param allow_all_outbound: Whether the instances can initiate connections to anywhere by default. Default: true
         :param associate_public_ip_address: Whether instances in the Auto Scaling Group should have public IP addresses associated with them. ``launchTemplate`` and ``mixedInstancesPolicy`` must not be specified when this property is specified Default: - Use subnet setting.
         :param auto_scaling_group_name: The name of the Auto Scaling group. This name must be unique per Region per account. Default: - Auto generated by CloudFormation
+        :param az_capacity_distribution_strategy: The strategy for distributing instances across Availability Zones. Default: None
         :param block_devices: Specifies how block devices are exposed to the instance. You can specify virtual devices and EBS volumes. Each instance that is launched has an associated root device volume, either an Amazon EBS volume or an instance store volume. You can use block device mappings to specify additional EBS volumes or instance store volumes to attach to an instance when it is launched. ``launchTemplate`` and ``mixedInstancesPolicy`` must not be specified when this property is specified Default: - Uses the block device mapping of the AMI
         :param capacity_rebalance: Indicates whether Capacity Rebalancing is enabled. When you turn on Capacity Rebalancing, Amazon EC2 Auto Scaling attempts to launch a Spot Instance whenever Amazon EC2 notifies that a Spot Instance is at an elevated risk of interruption. After launching a new instance, it then terminates an old instance. Default: false
         :param cooldown: Default scaling cooldown for this AutoScalingGroup. Default: Duration.minutes(5)
@@ -2337,6 +2341,7 @@ class AddCapacityOptions(
             check_type(argname="argument allow_all_outbound", value=allow_all_outbound, expected_type=type_hints["allow_all_outbound"])
             check_type(argname="argument associate_public_ip_address", value=associate_public_ip_address, expected_type=type_hints["associate_public_ip_address"])
             check_type(argname="argument auto_scaling_group_name", value=auto_scaling_group_name, expected_type=type_hints["auto_scaling_group_name"])
+            check_type(argname="argument az_capacity_distribution_strategy", value=az_capacity_distribution_strategy, expected_type=type_hints["az_capacity_distribution_strategy"])
             check_type(argname="argument block_devices", value=block_devices, expected_type=type_hints["block_devices"])
             check_type(argname="argument capacity_rebalance", value=capacity_rebalance, expected_type=type_hints["capacity_rebalance"])
             check_type(argname="argument cooldown", value=cooldown, expected_type=type_hints["cooldown"])
@@ -2379,6 +2384,8 @@ class AddCapacityOptions(
             self._values["associate_public_ip_address"] = associate_public_ip_address
         if auto_scaling_group_name is not None:
             self._values["auto_scaling_group_name"] = auto_scaling_group_name
+        if az_capacity_distribution_strategy is not None:
+            self._values["az_capacity_distribution_strategy"] = az_capacity_distribution_strategy
         if block_devices is not None:
             self._values["block_devices"] = block_devices
         if capacity_rebalance is not None:
@@ -2505,6 +2512,17 @@ class AddCapacityOptions(
         result = self._values.get("auto_scaling_group_name")
         return typing.cast(typing.Optional[builtins.str], result)
 
+    @builtins.property
+    def az_capacity_distribution_strategy(
+        self,
+    ) -> typing.Optional[_CapacityDistributionStrategy_2393ccfe]:
+        '''The strategy for distributing instances across Availability Zones.
+
+        :default: None
+        '''
+        result = self._values.get("az_capacity_distribution_strategy")
+        return typing.cast(typing.Optional[_CapacityDistributionStrategy_2393ccfe], result)
+
     @builtins.property
     def block_devices(self) -> typing.Optional[typing.List[_BlockDevice_0cfc0568]]:
         '''Specifies how block devices are exposed to the instance. You can specify virtual devices and EBS volumes.
@@ -8342,7 +8360,7 @@ class CfnService(
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
         :param availability_zone_rebalancing: Indicates whether to use Availability Zone rebalancing for the service. For more information, see `Balancing an Amazon ECS service across Availability Zones <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-rebalancing.html>`_ in the *Amazon Elastic Container Service Developer Guide* . Default: - "DISABLED"
-        :param capacity_provider_strategy: The capacity provider strategy to use for the service. If a ``capacityProviderStrategy`` is specified, the ``launchType`` parameter must be omitted. If no ``capacityProviderStrategy`` or ``launchType`` is specified, the ``defaultCapacityProviderStrategy`` for the cluster is used. A capacity provider strategy may contain a maximum of 6 capacity providers.
+        :param capacity_provider_strategy: The capacity provider strategy to use for the service. If a ``capacityProviderStrategy`` is specified, the ``launchType`` parameter must be omitted. If no ``capacityProviderStrategy`` or ``launchType`` is specified, the ``defaultCapacityProviderStrategy`` for the cluster is used. A capacity provider strategy can contain a maximum of 20 capacity providers.
         :param cluster: The short name or full Amazon Resource Name (ARN) of the cluster that you run your service on. If you do not specify a cluster, the default cluster is assumed.
         :param deployment_configuration: Optional deployment parameters that control how many tasks run during the deployment and the ordering of stopping and starting tasks.
         :param deployment_controller: The deployment controller to use for the service. If no deployment controller is specified, the default value of ``ECS`` is used.
@@ -9272,8 +9290,8 @@ class CfnService(
 
             :param alarms: Information about the CloudWatch alarms.
             :param deployment_circuit_breaker: .. epigraph:: The deployment circuit breaker can only be used for services using the rolling update ( ``ECS`` ) deployment type. The *deployment circuit breaker* determines whether a service deployment will fail if the service can't reach a steady state. If you use the deployment circuit breaker, a service deployment will transition to a failed state and stop launching new tasks. If you use the rollback option, when a service deployment fails, the service is rolled back to the last deployment that completed successfully. For more information, see `Rolling update <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-type-ecs.html>`_ in the *Amazon Elastic Container Service Developer Guide*
-            :param maximum_percent: If a service is using the rolling update ( ``ECS`` ) deployment type, the ``maximumPercent`` parameter represents an upper limit on the number of your service's tasks that are allowed in the ``RUNNING`` or ``PENDING`` state during a deployment, as a percentage of the ``desiredCount`` (rounded down to the nearest integer). This parameter enables you to define the deployment batch size. For example, if your service is using the ``REPLICA`` service scheduler and has a ``desiredCount`` of four tasks and a ``maximumPercent`` value of 200%, the scheduler may start four new tasks before stopping the four older tasks (provided that the cluster resources required to do this are available). The default ``maximumPercent`` value for a service using the ``REPLICA`` service scheduler is 200%. If a service is using either the blue/green ( ``CODE_DEPLOY`` ) or ``EXTERNAL`` deployment types, and tasks in the service use the EC2 launch type, the *maximum percent* value is set to the default value. The *maximum percent* value is used to define the upper limit on the number of the tasks in the service that remain in the ``RUNNING`` state while the container instances are in the ``DRAINING`` state. .. epigraph:: You can't specify a custom ``maximumPercent`` value for a service that uses either the blue/green ( ``CODE_DEPLOY`` ) or ``EXTERNAL`` deployment types and has tasks that use the EC2 launch type. If the tasks in the service use the Fargate launch type, the maximum percent value is not used, although it is returned when describing your service.
-            :param minimum_healthy_percent: If a service is using the rolling update ( ``ECS`` ) deployment type, the ``minimumHealthyPercent`` represents a lower limit on the number of your service's tasks that must remain in the ``RUNNING`` state during a deployment, as a percentage of the ``desiredCount`` (rounded up to the nearest integer). This parameter enables you to deploy without using additional cluster capacity. For example, if your service has a ``desiredCount`` of four tasks and a ``minimumHealthyPercent`` of 50%, the service scheduler may stop two existing tasks to free up cluster capacity before starting two new tasks. For services that *do not* use a load balancer, the following should be noted: - A service is considered healthy if all essential containers within the tasks in the service pass their health checks. - If a task has no essential containers with a health check defined, the service scheduler will wait for 40 seconds after a task reaches a ``RUNNING`` state before the task is counted towards the minimum healthy percent total. - If a task has one or more essential containers with a health check defined, the service scheduler will wait for the task to reach a healthy status before counting it towards the minimum healthy percent total. A task is considered healthy when all essential containers within the task have passed their health checks. The amount of time the service scheduler can wait for is determined by the container health check settings. For services that *do* use a load balancer, the following should be noted: - If a task has no essential containers with a health check defined, the service scheduler will wait for the load balancer target group health check to return a healthy status before counting the task towards the minimum healthy percent total. - If a task has an essential container with a health check defined, the service scheduler will wait for both the task to reach a healthy status and the load balancer target group health check to return a healthy status before counting the task towards the minimum healthy percent total. The default value for a replica service for ``minimumHealthyPercent`` is 100%. The default ``minimumHealthyPercent`` value for a service using the ``DAEMON`` service schedule is 0% for the AWS CLI , the AWS SDKs, and the APIs and 50% for the AWS Management Console. The minimum number of healthy tasks during a deployment is the ``desiredCount`` multiplied by the ``minimumHealthyPercent`` /100, rounded up to the nearest integer value. If a service is using either the blue/green ( ``CODE_DEPLOY`` ) or ``EXTERNAL`` deployment types and is running tasks that use the EC2 launch type, the *minimum healthy percent* value is set to the default value. The *minimum healthy percent* value is used to define the lower limit on the number of the tasks in the service that remain in the ``RUNNING`` state while the container instances are in the ``DRAINING`` state. .. epigraph:: You can't specify a custom ``minimumHealthyPercent`` value for a service that uses either the blue/green ( ``CODE_DEPLOY`` ) or ``EXTERNAL`` deployment types and has tasks that use the EC2 launch type. If a service is using either the blue/green ( ``CODE_DEPLOY`` ) or ``EXTERNAL`` deployment types and is running tasks that use the Fargate launch type, the minimum healthy percent value is not used, although it is returned when describing your service.
+            :param maximum_percent: If a service is using the rolling update ( ``ECS`` ) deployment type, the ``maximumPercent`` parameter represents an upper limit on the number of your service's tasks that are allowed in the ``RUNNING`` or ``PENDING`` state during a deployment, as a percentage of the ``desiredCount`` (rounded down to the nearest integer). This parameter enables you to define the deployment batch size. For example, if your service is using the ``REPLICA`` service scheduler and has a ``desiredCount`` of four tasks and a ``maximumPercent`` value of 200%, the scheduler may start four new tasks before stopping the four older tasks (provided that the cluster resources required to do this are available). The default ``maximumPercent`` value for a service using the ``REPLICA`` service scheduler is 200%. The Amazon ECS scheduler uses this parameter to replace unhealthy tasks by starting replacement tasks first and then stopping the unhealthy tasks, as long as cluster resources for starting replacement tasks are available. For more information about how the scheduler replaces unhealthy tasks, see `Amazon ECS services <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs_services.html>`_ . If a service is using either the blue/green ( ``CODE_DEPLOY`` ) or ``EXTERNAL`` deployment types, and tasks in the service use the EC2 launch type, the *maximum percent* value is set to the default value. The *maximum percent* value is used to define the upper limit on the number of the tasks in the service that remain in the ``RUNNING`` state while the container instances are in the ``DRAINING`` state. .. epigraph:: You can't specify a custom ``maximumPercent`` value for a service that uses either the blue/green ( ``CODE_DEPLOY`` ) or ``EXTERNAL`` deployment types and has tasks that use the EC2 launch type. If the service uses either the blue/green ( ``CODE_DEPLOY`` ) or ``EXTERNAL`` deployment types, and the tasks in the service use the Fargate launch type, the maximum percent value is not used. The value is still returned when describing your service.
+            :param minimum_healthy_percent: If a service is using the rolling update ( ``ECS`` ) deployment type, the ``minimumHealthyPercent`` represents a lower limit on the number of your service's tasks that must remain in the ``RUNNING`` state during a deployment, as a percentage of the ``desiredCount`` (rounded up to the nearest integer). This parameter enables you to deploy without using additional cluster capacity. For example, if your service has a ``desiredCount`` of four tasks and a ``minimumHealthyPercent`` of 50%, the service scheduler may stop two existing tasks to free up cluster capacity before starting two new tasks. If any tasks are unhealthy and if ``maximumPercent`` doesn't allow the Amazon ECS scheduler to start replacement tasks, the scheduler stops the unhealthy tasks one-by-one — using the ``minimumHealthyPercent`` as a constraint — to clear up capacity to launch replacement tasks. For more information about how the scheduler replaces unhealthy tasks, see `Amazon ECS services <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs_services.html>`_ . For services that *do not* use a load balancer, the following should be noted: - A service is considered healthy if all essential containers within the tasks in the service pass their health checks. - If a task has no essential containers with a health check defined, the service scheduler will wait for 40 seconds after a task reaches a ``RUNNING`` state before the task is counted towards the minimum healthy percent total. - If a task has one or more essential containers with a health check defined, the service scheduler will wait for the task to reach a healthy status before counting it towards the minimum healthy percent total. A task is considered healthy when all essential containers within the task have passed their health checks. The amount of time the service scheduler can wait for is determined by the container health check settings. For services that *do* use a load balancer, the following should be noted: - If a task has no essential containers with a health check defined, the service scheduler will wait for the load balancer target group health check to return a healthy status before counting the task towards the minimum healthy percent total. - If a task has an essential container with a health check defined, the service scheduler will wait for both the task to reach a healthy status and the load balancer target group health check to return a healthy status before counting the task towards the minimum healthy percent total. The default value for a replica service for ``minimumHealthyPercent`` is 100%. The default ``minimumHealthyPercent`` value for a service using the ``DAEMON`` service schedule is 0% for the AWS CLI , the AWS SDKs, and the APIs and 50% for the AWS Management Console. The minimum number of healthy tasks during a deployment is the ``desiredCount`` multiplied by the ``minimumHealthyPercent`` /100, rounded up to the nearest integer value. If a service is using either the blue/green ( ``CODE_DEPLOY`` ) or ``EXTERNAL`` deployment types and is running tasks that use the EC2 launch type, the *minimum healthy percent* value is set to the default value. The *minimum healthy percent* value is used to define the lower limit on the number of the tasks in the service that remain in the ``RUNNING`` state while the container instances are in the ``DRAINING`` state. .. epigraph:: You can't specify a custom ``minimumHealthyPercent`` value for a service that uses either the blue/green ( ``CODE_DEPLOY`` ) or ``EXTERNAL`` deployment types and has tasks that use the EC2 launch type. If a service is using either the blue/green ( ``CODE_DEPLOY`` ) or ``EXTERNAL`` deployment types and is running tasks that use the Fargate launch type, the minimum healthy percent value is not used, although it is returned when describing your service.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-deploymentconfiguration.html
             :exampleMetadata: fixture=_generated
@@ -9346,12 +9364,14 @@ class CfnService(
 
             This parameter enables you to define the deployment batch size. For example, if your service is using the ``REPLICA`` service scheduler and has a ``desiredCount`` of four tasks and a ``maximumPercent`` value of 200%, the scheduler may start four new tasks before stopping the four older tasks (provided that the cluster resources required to do this are available). The default ``maximumPercent`` value for a service using the ``REPLICA`` service scheduler is 200%.
 
+            The Amazon ECS scheduler uses this parameter to replace unhealthy tasks by starting replacement tasks first and then stopping the unhealthy tasks, as long as cluster resources for starting replacement tasks are available. For more information about how the scheduler replaces unhealthy tasks, see `Amazon ECS services <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs_services.html>`_ .
+
             If a service is using either the blue/green ( ``CODE_DEPLOY`` ) or ``EXTERNAL`` deployment types, and tasks in the service use the EC2 launch type, the *maximum percent* value is set to the default value. The *maximum percent* value is used to define the upper limit on the number of the tasks in the service that remain in the ``RUNNING`` state while the container instances are in the ``DRAINING`` state.
             .. epigraph::
 
                You can't specify a custom ``maximumPercent`` value for a service that uses either the blue/green ( ``CODE_DEPLOY`` ) or ``EXTERNAL`` deployment types and has tasks that use the EC2 launch type.
 
-            If the tasks in the service use the Fargate launch type, the maximum percent value is not used, although it is returned when describing your service.
+            If the service uses either the blue/green ( ``CODE_DEPLOY`` ) or ``EXTERNAL`` deployment types, and the tasks in the service use the Fargate launch type, the maximum percent value is not used. The value is still returned when describing your service.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-deploymentconfiguration.html#cfn-ecs-service-deploymentconfiguration-maximumpercent
             '''
@@ -9364,6 +9384,8 @@ class CfnService(
 
             This parameter enables you to deploy without using additional cluster capacity. For example, if your service has a ``desiredCount`` of four tasks and a ``minimumHealthyPercent`` of 50%, the service scheduler may stop two existing tasks to free up cluster capacity before starting two new tasks.
 
+            If any tasks are unhealthy and if ``maximumPercent`` doesn't allow the Amazon ECS scheduler to start replacement tasks, the scheduler stops the unhealthy tasks one-by-one — using the ``minimumHealthyPercent`` as a constraint — to clear up capacity to launch replacement tasks. For more information about how the scheduler replaces unhealthy tasks, see `Amazon ECS services <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs_services.html>`_ .
+
             For services that *do not* use a load balancer, the following should be noted:
 
             - A service is considered healthy if all essential containers within the tasks in the service pass their health checks.
@@ -9716,7 +9738,7 @@ class CfnService(
             - For tasks that are on AWS Fargate , because you don't have access to the underlying infrastructure your tasks are hosted on, any additional software needed must be installed outside of the task. For example, the Fluentd output aggregators or a remote host running Logstash to send Gelf logs to.
 
             :param log_driver: The log driver to use for the container. For tasks on AWS Fargate , the supported log drivers are ``awslogs`` , ``splunk`` , and ``awsfirelens`` . For tasks hosted on Amazon EC2 instances, the supported log drivers are ``awslogs`` , ``fluentd`` , ``gelf`` , ``json-file`` , ``journald`` , ``syslog`` , ``splunk`` , and ``awsfirelens`` . For more information about using the ``awslogs`` log driver, see `Send Amazon ECS logs to CloudWatch <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_awslogs.html>`_ in the *Amazon Elastic Container Service Developer Guide* . For more information about using the ``awsfirelens`` log driver, see `Send Amazon ECS logs to an AWS service or AWS Partner <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html>`_ . .. epigraph:: If you have a custom driver that isn't listed, you can fork the Amazon ECS container agent project that's `available on GitHub <https://docs.aws.amazon.com/https://github.com/aws/amazon-ecs-agent>`_ and customize it to work with that driver. We encourage you to submit pull requests for changes that you would like to have included. However, we don't currently provide support for running modified copies of this software.
-            :param options: The configuration options to send to the log driver. The options you can specify depend on the log driver. Some of the options you can specify when you use the ``awslogs`` log driver to route logs to Amazon CloudWatch include the following: - **awslogs-create-group** - Required: No Specify whether you want the log group to be created automatically. If this option isn't specified, it defaults to ``false`` . .. epigraph:: Your IAM policy must include the ``logs:CreateLogGroup`` permission before you attempt to use ``awslogs-create-group`` . - **awslogs-region** - Required: Yes Specify the AWS Region that the ``awslogs`` log driver is to send your Docker logs to. You can choose to send all of your logs from clusters in different Regions to a single region in CloudWatch Logs. This is so that they're all visible in one location. Otherwise, you can separate them by Region for more granularity. Make sure that the specified log group exists in the Region that you specify with this option. - **awslogs-group** - Required: Yes Make sure to specify a log group that the ``awslogs`` log driver sends its log streams to. - **awslogs-stream-prefix** - Required: Yes, when using the Fargate launch type.Optional for the EC2 launch type, required for the Fargate launch type. Use the ``awslogs-stream-prefix`` option to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task that the container belongs to. If you specify a prefix with this option, then the log stream takes the format ``prefix-name/container-name/ecs-task-id`` . If you don't specify a prefix with this option, then the log stream is named after the container ID that's assigned by the Docker daemon on the container instance. Because it's difficult to trace logs back to the container that sent them with just the Docker container ID (which is only available on the container instance), we recommend that you specify a prefix with this option. For Amazon ECS services, you can use the service name as the prefix. Doing so, you can trace log streams to the service that the container belongs to, the name of the container that sent them, and the ID of the task that the container belongs to. You must specify a stream-prefix for your logs to have your logs appear in the Log pane when using the Amazon ECS console. - **awslogs-datetime-format** - Required: No This option defines a multiline start pattern in Python ``strftime`` format. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. One example of a use case for using this format is for parsing output such as a stack dump, which might otherwise be logged in multiple entries. The correct pattern allows it to be captured in a single entry. For more information, see `awslogs-datetime-format <https://docs.aws.amazon.com/https://docs.docker.com/config/containers/logging/awslogs/#awslogs-datetime-format>`_ . You cannot configure both the ``awslogs-datetime-format`` and ``awslogs-multiline-pattern`` options. .. epigraph:: Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. - **awslogs-multiline-pattern** - Required: No This option defines a multiline start pattern that uses a regular expression. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. For more information, see `awslogs-multiline-pattern <https://docs.aws.amazon.com/https://docs.docker.com/config/containers/logging/awslogs/#awslogs-multiline-pattern>`_ . This option is ignored if ``awslogs-datetime-format`` is also configured. You cannot configure both the ``awslogs-datetime-format`` and ``awslogs-multiline-pattern`` options. .. epigraph:: Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. - **mode** - Required: No Valid values: ``non-blocking`` | ``blocking`` This option defines the delivery mode of log messages from the container to CloudWatch Logs. The delivery mode you choose affects application availability when the flow of logs from container to CloudWatch is interrupted. If you use the ``blocking`` mode and the flow of logs to CloudWatch is interrupted, calls from container code to write to the ``stdout`` and ``stderr`` streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure. If you use the ``non-blocking`` mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the ``max-buffer-size`` option. This prevents the application from becoming unresponsive when logs cannot be sent to CloudWatch. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see `Preventing log loss with non-blocking mode in the ``awslogs`` container log driver <https://docs.aws.amazon.com/containers/preventing-log-loss-with-non-blocking-mode-in-the-awslogs-container-log-driver/>`_ . - **max-buffer-size** - Required: No Default value: ``1m`` When ``non-blocking`` mode is used, the ``max-buffer-size`` log option controls the size of the buffer that's used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost. To route logs using the ``splunk`` log router, you need to specify a ``splunk-token`` and a ``splunk-url`` . When you use the ``awsfirelens`` log router to route logs to an AWS Service or AWS Partner Network destination for log storage and analytics, you can set the ``log-driver-buffer-limit`` option to limit the number of events that are buffered in memory, before being sent to the log router container. It can help to resolve potential log loss issue because high throughput might result in memory running out for the buffer inside of Docker. Other options you can specify when using ``awsfirelens`` to route logs depend on the destination. When you export logs to Amazon Data Firehose, you can specify the AWS Region with ``region`` and a name for the log stream with ``delivery_stream`` . When you export logs to Amazon Kinesis Data Streams, you can specify an AWS Region with ``region`` and a data stream name with ``stream`` . When you export logs to Amazon OpenSearch Service, you can specify options like ``Name`` , ``Host`` (OpenSearch Service endpoint without protocol), ``Port`` , ``Index`` , ``Type`` , ``Aws_auth`` , ``Aws_region`` , ``Suppress_Type_Name`` , and ``tls`` . When you export logs to Amazon S3, you can specify the bucket using the ``bucket`` option. You can also specify ``region`` , ``total_file_size`` , ``upload_timeout`` , and ``use_put_object`` as options. This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'``
+            :param options: The configuration options to send to the log driver. The options you can specify depend on the log driver. Some of the options you can specify when you use the ``awslogs`` log driver to route logs to Amazon CloudWatch include the following: - **awslogs-create-group** - Required: No Specify whether you want the log group to be created automatically. If this option isn't specified, it defaults to ``false`` . .. epigraph:: Your IAM policy must include the ``logs:CreateLogGroup`` permission before you attempt to use ``awslogs-create-group`` . - **awslogs-region** - Required: Yes Specify the AWS Region that the ``awslogs`` log driver is to send your Docker logs to. You can choose to send all of your logs from clusters in different Regions to a single region in CloudWatch Logs. This is so that they're all visible in one location. Otherwise, you can separate them by Region for more granularity. Make sure that the specified log group exists in the Region that you specify with this option. - **awslogs-group** - Required: Yes Make sure to specify a log group that the ``awslogs`` log driver sends its log streams to. - **awslogs-stream-prefix** - Required: Yes, when using the Fargate launch type.Optional for the EC2 launch type, required for the Fargate launch type. Use the ``awslogs-stream-prefix`` option to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task that the container belongs to. If you specify a prefix with this option, then the log stream takes the format ``prefix-name/container-name/ecs-task-id`` . If you don't specify a prefix with this option, then the log stream is named after the container ID that's assigned by the Docker daemon on the container instance. Because it's difficult to trace logs back to the container that sent them with just the Docker container ID (which is only available on the container instance), we recommend that you specify a prefix with this option. For Amazon ECS services, you can use the service name as the prefix. Doing so, you can trace log streams to the service that the container belongs to, the name of the container that sent them, and the ID of the task that the container belongs to. You must specify a stream-prefix for your logs to have your logs appear in the Log pane when using the Amazon ECS console. - **awslogs-datetime-format** - Required: No This option defines a multiline start pattern in Python ``strftime`` format. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. One example of a use case for using this format is for parsing output such as a stack dump, which might otherwise be logged in multiple entries. The correct pattern allows it to be captured in a single entry. For more information, see `awslogs-datetime-format <https://docs.aws.amazon.com/https://docs.docker.com/config/containers/logging/awslogs/#awslogs-datetime-format>`_ . You cannot configure both the ``awslogs-datetime-format`` and ``awslogs-multiline-pattern`` options. .. epigraph:: Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. - **awslogs-multiline-pattern** - Required: No This option defines a multiline start pattern that uses a regular expression. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. For more information, see `awslogs-multiline-pattern <https://docs.aws.amazon.com/https://docs.docker.com/config/containers/logging/awslogs/#awslogs-multiline-pattern>`_ . This option is ignored if ``awslogs-datetime-format`` is also configured. You cannot configure both the ``awslogs-datetime-format`` and ``awslogs-multiline-pattern`` options. .. epigraph:: Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. - **mode** - Required: No Valid values: ``non-blocking`` | ``blocking`` This option defines the delivery mode of log messages from the container to CloudWatch Logs. The delivery mode you choose affects application availability when the flow of logs from container to CloudWatch is interrupted. If you use the ``blocking`` mode and the flow of logs to CloudWatch is interrupted, calls from container code to write to the ``stdout`` and ``stderr`` streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure. If you use the ``non-blocking`` mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the ``max-buffer-size`` option. This prevents the application from becoming unresponsive when logs cannot be sent to CloudWatch. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see `Preventing log loss with non-blocking mode in the ``awslogs`` container log driver <https://docs.aws.amazon.com/containers/preventing-log-loss-with-non-blocking-mode-in-the-awslogs-container-log-driver/>`_ . - **max-buffer-size** - Required: No Default value: ``1m`` When ``non-blocking`` mode is used, the ``max-buffer-size`` log option controls the size of the buffer that's used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost. To route logs using the ``splunk`` log router, you need to specify a ``splunk-token`` and a ``splunk-url`` . When you use the ``awsfirelens`` log router to route logs to an AWS Service or AWS Partner Network destination for log storage and analytics, you can set the ``log-driver-buffer-limit`` option to limit the number of events that are buffered in memory, before being sent to the log router container. It can help to resolve potential log loss issue because high throughput might result in memory running out for the buffer inside of Docker. Other options you can specify when using ``awsfirelens`` to route logs depend on the destination. When you export logs to Amazon Data Firehose, you can specify the AWS Region with ``region`` and a name for the log stream with ``delivery_stream`` . When you export logs to Amazon Kinesis Data Streams, you can specify an AWS Region with ``region`` and a data stream name with ``stream`` . When you export logs to Amazon OpenSearch Service, you can specify options like ``Name`` , ``Host`` (OpenSearch Service endpoint without protocol), ``Port`` , ``Index`` , ``Type`` , ``Aws_auth`` , ``Aws_region`` , ``Suppress_Type_Name`` , and ``tls`` . For more information, see `Under the hood: FireLens for Amazon ECS Tasks <https://docs.aws.amazon.com/containers/under-the-hood-firelens-for-amazon-ecs-tasks/>`_ . When you export logs to Amazon S3, you can specify the bucket using the ``bucket`` option. You can also specify ``region`` , ``total_file_size`` , ``upload_timeout`` , and ``use_put_object`` as options. This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'``
             :param secret_options: The secrets to pass to the log configuration. For more information, see `Specifying sensitive data <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-logconfiguration.html
@@ -9855,7 +9877,7 @@ class CfnService(
 
             When you export logs to Amazon Kinesis Data Streams, you can specify an AWS Region with ``region`` and a data stream name with ``stream`` .
 
-            When you export logs to Amazon OpenSearch Service, you can specify options like ``Name`` , ``Host`` (OpenSearch Service endpoint without protocol), ``Port`` , ``Index`` , ``Type`` , ``Aws_auth`` , ``Aws_region`` , ``Suppress_Type_Name`` , and ``tls`` .
+            When you export logs to Amazon OpenSearch Service, you can specify options like ``Name`` , ``Host`` (OpenSearch Service endpoint without protocol), ``Port`` , ``Index`` , ``Type`` , ``Aws_auth`` , ``Aws_region`` , ``Suppress_Type_Name`` , and ``tls`` . For more information, see `Under the hood: FireLens for Amazon ECS Tasks <https://docs.aws.amazon.com/containers/under-the-hood-firelens-for-amazon-ecs-tasks/>`_ .
 
             When you export logs to Amazon S3, you can specify the bucket using the ``bucket`` option. You can also specify ``region`` , ``total_file_size`` , ``upload_timeout`` , and ``use_put_object`` as options.
 
@@ -11532,7 +11554,7 @@ class CfnServiceProps:
         '''Properties for defining a ``CfnService``.
 
         :param availability_zone_rebalancing: Indicates whether to use Availability Zone rebalancing for the service. For more information, see `Balancing an Amazon ECS service across Availability Zones <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-rebalancing.html>`_ in the *Amazon Elastic Container Service Developer Guide* . Default: - "DISABLED"
-        :param capacity_provider_strategy: The capacity provider strategy to use for the service. If a ``capacityProviderStrategy`` is specified, the ``launchType`` parameter must be omitted. If no ``capacityProviderStrategy`` or ``launchType`` is specified, the ``defaultCapacityProviderStrategy`` for the cluster is used. A capacity provider strategy may contain a maximum of 6 capacity providers.
+        :param capacity_provider_strategy: The capacity provider strategy to use for the service. If a ``capacityProviderStrategy`` is specified, the ``launchType`` parameter must be omitted. If no ``capacityProviderStrategy`` or ``launchType`` is specified, the ``defaultCapacityProviderStrategy`` for the cluster is used. A capacity provider strategy can contain a maximum of 20 capacity providers.
         :param cluster: The short name or full Amazon Resource Name (ARN) of the cluster that you run your service on. If you do not specify a cluster, the default cluster is assumed.
         :param deployment_configuration: Optional deployment parameters that control how many tasks run during the deployment and the ordering of stopping and starting tasks.
         :param deployment_controller: The deployment controller to use for the service. If no deployment controller is specified, the default value of ``ECS`` is used.
@@ -11813,7 +11835,7 @@ class CfnServiceProps:
 
         If a ``capacityProviderStrategy`` is specified, the ``launchType`` parameter must be omitted. If no ``capacityProviderStrategy`` or ``launchType`` is specified, the ``defaultCapacityProviderStrategy`` for the cluster is used.
 
-        A capacity provider strategy may contain a maximum of 6 capacity providers.
+        A capacity provider strategy can contain a maximum of 20 capacity providers.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-capacityproviderstrategy
         '''
@@ -12314,6 +12336,7 @@ class CfnTaskDefinition(
                 working_directory="workingDirectory"
             )],
             cpu="cpu",
+            enable_fault_injection=False,
             ephemeral_storage=ecs.CfnTaskDefinition.EphemeralStorageProperty(
                 size_in_gi_b=123
             ),
@@ -12403,6 +12426,7 @@ class CfnTaskDefinition(
         *,
         container_definitions: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union["CfnTaskDefinition.ContainerDefinitionProperty", typing.Dict[builtins.str, typing.Any]]]]]] = None,
         cpu: typing.Optional[builtins.str] = None,
+        enable_fault_injection: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         ephemeral_storage: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnTaskDefinition.EphemeralStorageProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         execution_role_arn: typing.Optional[builtins.str] = None,
         family: typing.Optional[builtins.str] = None,
@@ -12424,6 +12448,7 @@ class CfnTaskDefinition(
         :param id: Construct identifier for this resource (unique in its scope).
         :param container_definitions: A list of container definitions in JSON format that describe the different containers that make up your task. For more information about container definition parameters and defaults, see `Amazon ECS Task Definitions <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_defintions.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
         :param cpu: The number of ``cpu`` units used by the task. If you use the EC2 launch type, this field is optional. Any value can be used. If you use the Fargate launch type, this field is required. You must use one of the following values. The value that you choose determines your range of valid values for the ``memory`` parameter. If you use the EC2 launch type, this field is optional. Supported values are between ``128`` CPU units ( ``0.125`` vCPUs) and ``10240`` CPU units ( ``10`` vCPUs). The CPU units cannot be less than 1 vCPU when you use Windows containers on Fargate. - 256 (.25 vCPU) - Available ``memory`` values: 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB) - 512 (.5 vCPU) - Available ``memory`` values: 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB) - 1024 (1 vCPU) - Available ``memory`` values: 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) - 2048 (2 vCPU) - Available ``memory`` values: 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) - 4096 (4 vCPU) - Available ``memory`` values: 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) - 8192 (8 vCPU) - Available ``memory`` values: 16 GB and 60 GB in 4 GB increments This option requires Linux platform ``1.4.0`` or later. - 16384 (16vCPU) - Available ``memory`` values: 32GB and 120 GB in 8 GB increments This option requires Linux platform ``1.4.0`` or later.
+        :param enable_fault_injection: Enables fault injection and allows for fault injection requests to be accepted from the task's containers. The default value is ``false`` .
         :param ephemeral_storage: The ephemeral storage settings to use for tasks run with the task definition.
         :param execution_role_arn: The Amazon Resource Name (ARN) of the task execution role that grants the Amazon ECS container agent permission to make AWS API calls on your behalf. For informationabout the required IAM roles for Amazon ECS, see `IAM roles for Amazon ECS <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/security-ecs-iam-role-overview.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
         :param family: The name of a family that this task definition is registered to. Up to 255 letters (uppercase and lowercase), numbers, hyphens, and underscores are allowed. A family groups multiple versions of a task definition. Amazon ECS gives the first task definition that you registered to a family a revision number of 1. Amazon ECS gives sequential revision numbers to each task definition that you add. .. epigraph:: To use revision numbers when you update a task definition, specify this property. If you don't specify a value, AWS CloudFormation generates a new task definition each time that you update it.
@@ -12447,6 +12472,7 @@ class CfnTaskDefinition(
         props = CfnTaskDefinitionProps(
             container_definitions=container_definitions,
             cpu=cpu,
+            enable_fault_injection=enable_fault_injection,
             ephemeral_storage=ephemeral_storage,
             execution_role_arn=execution_role_arn,
             family=family,
@@ -12547,6 +12573,24 @@ class CfnTaskDefinition(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "cpu", value) # pyright: ignore[reportArgumentType]
 
+    @builtins.property
+    @jsii.member(jsii_name="enableFaultInjection")
+    def enable_fault_injection(
+        self,
+    ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
+        '''Enables fault injection and allows for fault injection requests to be accepted from the task's containers.'''
+        return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], jsii.get(self, "enableFaultInjection"))
+
+    @enable_fault_injection.setter
+    def enable_fault_injection(
+        self,
+        value: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]],
+    ) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__aa2816ef80c100b1df58247274b83e116e7f9568ae1e6f2acba3307b8b5c8f1f)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "enableFaultInjection", value) # pyright: ignore[reportArgumentType]
+
     @builtins.property
     @jsii.member(jsii_name="ephemeralStorage")
     def ephemeral_storage(
@@ -15581,7 +15625,7 @@ class CfnTaskDefinition(
             '''The ``LogConfiguration`` property specifies log configuration options to send to a custom log driver for the container.
 
             :param log_driver: The log driver to use for the container. For tasks on AWS Fargate , the supported log drivers are ``awslogs`` , ``splunk`` , and ``awsfirelens`` . For tasks hosted on Amazon EC2 instances, the supported log drivers are ``awslogs`` , ``fluentd`` , ``gelf`` , ``json-file`` , ``journald`` , ``syslog`` , ``splunk`` , and ``awsfirelens`` . For more information about using the ``awslogs`` log driver, see `Send Amazon ECS logs to CloudWatch <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_awslogs.html>`_ in the *Amazon Elastic Container Service Developer Guide* . For more information about using the ``awsfirelens`` log driver, see `Send Amazon ECS logs to an AWS service or AWS Partner <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html>`_ . .. epigraph:: If you have a custom driver that isn't listed, you can fork the Amazon ECS container agent project that's `available on GitHub <https://docs.aws.amazon.com/https://github.com/aws/amazon-ecs-agent>`_ and customize it to work with that driver. We encourage you to submit pull requests for changes that you would like to have included. However, we don't currently provide support for running modified copies of this software.
-            :param options: The configuration options to send to the log driver. The options you can specify depend on the log driver. Some of the options you can specify when you use the ``awslogs`` log driver to route logs to Amazon CloudWatch include the following: - **awslogs-create-group** - Required: No Specify whether you want the log group to be created automatically. If this option isn't specified, it defaults to ``false`` . .. epigraph:: Your IAM policy must include the ``logs:CreateLogGroup`` permission before you attempt to use ``awslogs-create-group`` . - **awslogs-region** - Required: Yes Specify the AWS Region that the ``awslogs`` log driver is to send your Docker logs to. You can choose to send all of your logs from clusters in different Regions to a single region in CloudWatch Logs. This is so that they're all visible in one location. Otherwise, you can separate them by Region for more granularity. Make sure that the specified log group exists in the Region that you specify with this option. - **awslogs-group** - Required: Yes Make sure to specify a log group that the ``awslogs`` log driver sends its log streams to. - **awslogs-stream-prefix** - Required: Yes, when using the Fargate launch type.Optional for the EC2 launch type, required for the Fargate launch type. Use the ``awslogs-stream-prefix`` option to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task that the container belongs to. If you specify a prefix with this option, then the log stream takes the format ``prefix-name/container-name/ecs-task-id`` . If you don't specify a prefix with this option, then the log stream is named after the container ID that's assigned by the Docker daemon on the container instance. Because it's difficult to trace logs back to the container that sent them with just the Docker container ID (which is only available on the container instance), we recommend that you specify a prefix with this option. For Amazon ECS services, you can use the service name as the prefix. Doing so, you can trace log streams to the service that the container belongs to, the name of the container that sent them, and the ID of the task that the container belongs to. You must specify a stream-prefix for your logs to have your logs appear in the Log pane when using the Amazon ECS console. - **awslogs-datetime-format** - Required: No This option defines a multiline start pattern in Python ``strftime`` format. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. One example of a use case for using this format is for parsing output such as a stack dump, which might otherwise be logged in multiple entries. The correct pattern allows it to be captured in a single entry. For more information, see `awslogs-datetime-format <https://docs.aws.amazon.com/https://docs.docker.com/config/containers/logging/awslogs/#awslogs-datetime-format>`_ . You cannot configure both the ``awslogs-datetime-format`` and ``awslogs-multiline-pattern`` options. .. epigraph:: Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. - **awslogs-multiline-pattern** - Required: No This option defines a multiline start pattern that uses a regular expression. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. For more information, see `awslogs-multiline-pattern <https://docs.aws.amazon.com/https://docs.docker.com/config/containers/logging/awslogs/#awslogs-multiline-pattern>`_ . This option is ignored if ``awslogs-datetime-format`` is also configured. You cannot configure both the ``awslogs-datetime-format`` and ``awslogs-multiline-pattern`` options. .. epigraph:: Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. - **mode** - Required: No Valid values: ``non-blocking`` | ``blocking`` This option defines the delivery mode of log messages from the container to CloudWatch Logs. The delivery mode you choose affects application availability when the flow of logs from container to CloudWatch is interrupted. If you use the ``blocking`` mode and the flow of logs to CloudWatch is interrupted, calls from container code to write to the ``stdout`` and ``stderr`` streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure. If you use the ``non-blocking`` mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the ``max-buffer-size`` option. This prevents the application from becoming unresponsive when logs cannot be sent to CloudWatch. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see `Preventing log loss with non-blocking mode in the ``awslogs`` container log driver <https://docs.aws.amazon.com/containers/preventing-log-loss-with-non-blocking-mode-in-the-awslogs-container-log-driver/>`_ . - **max-buffer-size** - Required: No Default value: ``1m`` When ``non-blocking`` mode is used, the ``max-buffer-size`` log option controls the size of the buffer that's used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost. To route logs using the ``splunk`` log router, you need to specify a ``splunk-token`` and a ``splunk-url`` . When you use the ``awsfirelens`` log router to route logs to an AWS Service or AWS Partner Network destination for log storage and analytics, you can set the ``log-driver-buffer-limit`` option to limit the number of events that are buffered in memory, before being sent to the log router container. It can help to resolve potential log loss issue because high throughput might result in memory running out for the buffer inside of Docker. Other options you can specify when using ``awsfirelens`` to route logs depend on the destination. When you export logs to Amazon Data Firehose, you can specify the AWS Region with ``region`` and a name for the log stream with ``delivery_stream`` . When you export logs to Amazon Kinesis Data Streams, you can specify an AWS Region with ``region`` and a data stream name with ``stream`` . When you export logs to Amazon OpenSearch Service, you can specify options like ``Name`` , ``Host`` (OpenSearch Service endpoint without protocol), ``Port`` , ``Index`` , ``Type`` , ``Aws_auth`` , ``Aws_region`` , ``Suppress_Type_Name`` , and ``tls`` . When you export logs to Amazon S3, you can specify the bucket using the ``bucket`` option. You can also specify ``region`` , ``total_file_size`` , ``upload_timeout`` , and ``use_put_object`` as options. This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'``
+            :param options: The configuration options to send to the log driver. The options you can specify depend on the log driver. Some of the options you can specify when you use the ``awslogs`` log driver to route logs to Amazon CloudWatch include the following: - **awslogs-create-group** - Required: No Specify whether you want the log group to be created automatically. If this option isn't specified, it defaults to ``false`` . .. epigraph:: Your IAM policy must include the ``logs:CreateLogGroup`` permission before you attempt to use ``awslogs-create-group`` . - **awslogs-region** - Required: Yes Specify the AWS Region that the ``awslogs`` log driver is to send your Docker logs to. You can choose to send all of your logs from clusters in different Regions to a single region in CloudWatch Logs. This is so that they're all visible in one location. Otherwise, you can separate them by Region for more granularity. Make sure that the specified log group exists in the Region that you specify with this option. - **awslogs-group** - Required: Yes Make sure to specify a log group that the ``awslogs`` log driver sends its log streams to. - **awslogs-stream-prefix** - Required: Yes, when using the Fargate launch type.Optional for the EC2 launch type, required for the Fargate launch type. Use the ``awslogs-stream-prefix`` option to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task that the container belongs to. If you specify a prefix with this option, then the log stream takes the format ``prefix-name/container-name/ecs-task-id`` . If you don't specify a prefix with this option, then the log stream is named after the container ID that's assigned by the Docker daemon on the container instance. Because it's difficult to trace logs back to the container that sent them with just the Docker container ID (which is only available on the container instance), we recommend that you specify a prefix with this option. For Amazon ECS services, you can use the service name as the prefix. Doing so, you can trace log streams to the service that the container belongs to, the name of the container that sent them, and the ID of the task that the container belongs to. You must specify a stream-prefix for your logs to have your logs appear in the Log pane when using the Amazon ECS console. - **awslogs-datetime-format** - Required: No This option defines a multiline start pattern in Python ``strftime`` format. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. One example of a use case for using this format is for parsing output such as a stack dump, which might otherwise be logged in multiple entries. The correct pattern allows it to be captured in a single entry. For more information, see `awslogs-datetime-format <https://docs.aws.amazon.com/https://docs.docker.com/config/containers/logging/awslogs/#awslogs-datetime-format>`_ . You cannot configure both the ``awslogs-datetime-format`` and ``awslogs-multiline-pattern`` options. .. epigraph:: Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. - **awslogs-multiline-pattern** - Required: No This option defines a multiline start pattern that uses a regular expression. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. For more information, see `awslogs-multiline-pattern <https://docs.aws.amazon.com/https://docs.docker.com/config/containers/logging/awslogs/#awslogs-multiline-pattern>`_ . This option is ignored if ``awslogs-datetime-format`` is also configured. You cannot configure both the ``awslogs-datetime-format`` and ``awslogs-multiline-pattern`` options. .. epigraph:: Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. - **mode** - Required: No Valid values: ``non-blocking`` | ``blocking`` This option defines the delivery mode of log messages from the container to CloudWatch Logs. The delivery mode you choose affects application availability when the flow of logs from container to CloudWatch is interrupted. If you use the ``blocking`` mode and the flow of logs to CloudWatch is interrupted, calls from container code to write to the ``stdout`` and ``stderr`` streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure. If you use the ``non-blocking`` mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the ``max-buffer-size`` option. This prevents the application from becoming unresponsive when logs cannot be sent to CloudWatch. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see `Preventing log loss with non-blocking mode in the ``awslogs`` container log driver <https://docs.aws.amazon.com/containers/preventing-log-loss-with-non-blocking-mode-in-the-awslogs-container-log-driver/>`_ . - **max-buffer-size** - Required: No Default value: ``1m`` When ``non-blocking`` mode is used, the ``max-buffer-size`` log option controls the size of the buffer that's used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost. To route logs using the ``splunk`` log router, you need to specify a ``splunk-token`` and a ``splunk-url`` . When you use the ``awsfirelens`` log router to route logs to an AWS Service or AWS Partner Network destination for log storage and analytics, you can set the ``log-driver-buffer-limit`` option to limit the number of events that are buffered in memory, before being sent to the log router container. It can help to resolve potential log loss issue because high throughput might result in memory running out for the buffer inside of Docker. Other options you can specify when using ``awsfirelens`` to route logs depend on the destination. When you export logs to Amazon Data Firehose, you can specify the AWS Region with ``region`` and a name for the log stream with ``delivery_stream`` . When you export logs to Amazon Kinesis Data Streams, you can specify an AWS Region with ``region`` and a data stream name with ``stream`` . When you export logs to Amazon OpenSearch Service, you can specify options like ``Name`` , ``Host`` (OpenSearch Service endpoint without protocol), ``Port`` , ``Index`` , ``Type`` , ``Aws_auth`` , ``Aws_region`` , ``Suppress_Type_Name`` , and ``tls`` . For more information, see `Under the hood: FireLens for Amazon ECS Tasks <https://docs.aws.amazon.com/containers/under-the-hood-firelens-for-amazon-ecs-tasks/>`_ . When you export logs to Amazon S3, you can specify the bucket using the ``bucket`` option. You can also specify ``region`` , ``total_file_size`` , ``upload_timeout`` , and ``use_put_object`` as options. This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'``
             :param secret_options: The secrets to pass to the log configuration. For more information, see `Specifying sensitive data <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-logconfiguration.html
@@ -15723,7 +15767,7 @@ class CfnTaskDefinition(
 
             When you export logs to Amazon Kinesis Data Streams, you can specify an AWS Region with ``region`` and a data stream name with ``stream`` .
 
-            When you export logs to Amazon OpenSearch Service, you can specify options like ``Name`` , ``Host`` (OpenSearch Service endpoint without protocol), ``Port`` , ``Index`` , ``Type`` , ``Aws_auth`` , ``Aws_region`` , ``Suppress_Type_Name`` , and ``tls`` .
+            When you export logs to Amazon OpenSearch Service, you can specify options like ``Name`` , ``Host`` (OpenSearch Service endpoint without protocol), ``Port`` , ``Index`` , ``Type`` , ``Aws_auth`` , ``Aws_region`` , ``Suppress_Type_Name`` , and ``tls`` . For more information, see `Under the hood: FireLens for Amazon ECS Tasks <https://docs.aws.amazon.com/containers/under-the-hood-firelens-for-amazon-ecs-tasks/>`_ .
 
             When you export logs to Amazon S3, you can specify the bucket using the ``bucket`` option. You can also specify ``region`` , ``total_file_size`` , ``upload_timeout`` , and ``use_put_object`` as options.
 
@@ -17190,6 +17234,7 @@ class CfnTaskDefinition(
     name_mapping={
         "container_definitions": "containerDefinitions",
         "cpu": "cpu",
+        "enable_fault_injection": "enableFaultInjection",
         "ephemeral_storage": "ephemeralStorage",
         "execution_role_arn": "executionRoleArn",
         "family": "family",
@@ -17213,6 +17258,7 @@ class CfnTaskDefinitionProps:
         *,
         container_definitions: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnTaskDefinition.ContainerDefinitionProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
         cpu: typing.Optional[builtins.str] = None,
+        enable_fault_injection: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         ephemeral_storage: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnTaskDefinition.EphemeralStorageProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
         execution_role_arn: typing.Optional[builtins.str] = None,
         family: typing.Optional[builtins.str] = None,
@@ -17233,6 +17279,7 @@ class CfnTaskDefinitionProps:
 
         :param container_definitions: A list of container definitions in JSON format that describe the different containers that make up your task. For more information about container definition parameters and defaults, see `Amazon ECS Task Definitions <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_defintions.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
         :param cpu: The number of ``cpu`` units used by the task. If you use the EC2 launch type, this field is optional. Any value can be used. If you use the Fargate launch type, this field is required. You must use one of the following values. The value that you choose determines your range of valid values for the ``memory`` parameter. If you use the EC2 launch type, this field is optional. Supported values are between ``128`` CPU units ( ``0.125`` vCPUs) and ``10240`` CPU units ( ``10`` vCPUs). The CPU units cannot be less than 1 vCPU when you use Windows containers on Fargate. - 256 (.25 vCPU) - Available ``memory`` values: 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB) - 512 (.5 vCPU) - Available ``memory`` values: 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB) - 1024 (1 vCPU) - Available ``memory`` values: 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) - 2048 (2 vCPU) - Available ``memory`` values: 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) - 4096 (4 vCPU) - Available ``memory`` values: 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) - 8192 (8 vCPU) - Available ``memory`` values: 16 GB and 60 GB in 4 GB increments This option requires Linux platform ``1.4.0`` or later. - 16384 (16vCPU) - Available ``memory`` values: 32GB and 120 GB in 8 GB increments This option requires Linux platform ``1.4.0`` or later.
+        :param enable_fault_injection: Enables fault injection and allows for fault injection requests to be accepted from the task's containers. The default value is ``false`` .
         :param ephemeral_storage: The ephemeral storage settings to use for tasks run with the task definition.
         :param execution_role_arn: The Amazon Resource Name (ARN) of the task execution role that grants the Amazon ECS container agent permission to make AWS API calls on your behalf. For informationabout the required IAM roles for Amazon ECS, see `IAM roles for Amazon ECS <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/security-ecs-iam-role-overview.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
         :param family: The name of a family that this task definition is registered to. Up to 255 letters (uppercase and lowercase), numbers, hyphens, and underscores are allowed. A family groups multiple versions of a task definition. Amazon ECS gives the first task definition that you registered to a family a revision number of 1. Amazon ECS gives sequential revision numbers to each task definition that you add. .. epigraph:: To use revision numbers when you update a task definition, specify this property. If you don't specify a value, AWS CloudFormation generates a new task definition each time that you update it.
@@ -17396,6 +17443,7 @@ class CfnTaskDefinitionProps:
                     working_directory="workingDirectory"
                 )],
                 cpu="cpu",
+                enable_fault_injection=False,
                 ephemeral_storage=ecs.CfnTaskDefinition.EphemeralStorageProperty(
                     size_in_gi_b=123
                 ),
@@ -17481,6 +17529,7 @@ class CfnTaskDefinitionProps:
             type_hints = typing.get_type_hints(_typecheckingstub__aa26bba98a26acc68000a13cd676c1f16ef698b1af77ac4e6fb710c7f0ba893d)
             check_type(argname="argument container_definitions", value=container_definitions, expected_type=type_hints["container_definitions"])
             check_type(argname="argument cpu", value=cpu, expected_type=type_hints["cpu"])
+            check_type(argname="argument enable_fault_injection", value=enable_fault_injection, expected_type=type_hints["enable_fault_injection"])
             check_type(argname="argument ephemeral_storage", value=ephemeral_storage, expected_type=type_hints["ephemeral_storage"])
             check_type(argname="argument execution_role_arn", value=execution_role_arn, expected_type=type_hints["execution_role_arn"])
             check_type(argname="argument family", value=family, expected_type=type_hints["family"])
@@ -17501,6 +17550,8 @@ class CfnTaskDefinitionProps:
             self._values["container_definitions"] = container_definitions
         if cpu is not None:
             self._values["cpu"] = cpu
+        if enable_fault_injection is not None:
+            self._values["enable_fault_injection"] = enable_fault_injection
         if ephemeral_storage is not None:
             self._values["ephemeral_storage"] = ephemeral_storage
         if execution_role_arn is not None:
@@ -17573,6 +17624,19 @@ class CfnTaskDefinitionProps:
         result = self._values.get("cpu")
         return typing.cast(typing.Optional[builtins.str], result)
 
+    @builtins.property
+    def enable_fault_injection(
+        self,
+    ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
+        '''Enables fault injection and allows for fault injection requests to be accepted from the task's containers.
+
+        The default value is ``false`` .
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-enablefaultinjection
+        '''
+        result = self._values.get("enable_fault_injection")
+        return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], result)
+
     @builtins.property
     def ephemeral_storage(
         self,
@@ -18326,7 +18390,7 @@ class CfnTaskSet(
 
             With ``FARGATE_SPOT`` , you can run interruption tolerant tasks at a rate that's discounted compared to the ``FARGATE`` price. ``FARGATE_SPOT`` runs tasks on spare compute capacity. When AWS needs the capacity back, your tasks are interrupted with a two-minute warning. ``FARGATE_SPOT`` supports Linux tasks with the X86_64 architecture on platform version 1.3.0 or later. ``FARGATE_SPOT`` supports Linux tasks with the ARM64 architecture on platform version 1.4.0 or later.
 
-            A capacity provider strategy may contain a maximum of 6 capacity providers.
+            A capacity provider strategy can contain a maximum of 20 capacity providers.
 
             :param base: The *base* value designates how many tasks, at a minimum, to run on the specified capacity provider. Only one capacity provider in a capacity provider strategy can have a *base* defined. If no value is specified, the default value of ``0`` is used.
             :param capacity_provider: The short name of the capacity provider.
@@ -38899,6 +38963,7 @@ class Cluster(
         allow_all_outbound: typing.Optional[builtins.bool] = None,
         associate_public_ip_address: typing.Optional[builtins.bool] = None,
         auto_scaling_group_name: typing.Optional[builtins.str] = None,
+        az_capacity_distribution_strategy: typing.Optional[_CapacityDistributionStrategy_2393ccfe] = None,
         block_devices: typing.Optional[typing.Sequence[typing.Union[_BlockDevice_0cfc0568, typing.Dict[builtins.str, typing.Any]]]] = None,
         capacity_rebalance: typing.Optional[builtins.bool] = None,
         cooldown: typing.Optional[_Duration_4839e8c3] = None,
@@ -38939,6 +39004,7 @@ class Cluster(
         :param allow_all_outbound: Whether the instances can initiate connections to anywhere by default. Default: true
         :param associate_public_ip_address: Whether instances in the Auto Scaling Group should have public IP addresses associated with them. ``launchTemplate`` and ``mixedInstancesPolicy`` must not be specified when this property is specified Default: - Use subnet setting.
         :param auto_scaling_group_name: The name of the Auto Scaling group. This name must be unique per Region per account. Default: - Auto generated by CloudFormation
+        :param az_capacity_distribution_strategy: The strategy for distributing instances across Availability Zones. Default: None
         :param block_devices: Specifies how block devices are exposed to the instance. You can specify virtual devices and EBS volumes. Each instance that is launched has an associated root device volume, either an Amazon EBS volume or an instance store volume. You can use block device mappings to specify additional EBS volumes or instance store volumes to attach to an instance when it is launched. ``launchTemplate`` and ``mixedInstancesPolicy`` must not be specified when this property is specified Default: - Uses the block device mapping of the AMI
         :param capacity_rebalance: Indicates whether Capacity Rebalancing is enabled. When you turn on Capacity Rebalancing, Amazon EC2 Auto Scaling attempts to launch a Spot Instance whenever Amazon EC2 notifies that a Spot Instance is at an elevated risk of interruption. After launching a new instance, it then terminates an old instance. Default: false
         :param cooldown: Default scaling cooldown for this AutoScalingGroup. Default: Duration.minutes(5)
@@ -38976,6 +39042,7 @@ class Cluster(
             allow_all_outbound=allow_all_outbound,
             associate_public_ip_address=associate_public_ip_address,
             auto_scaling_group_name=auto_scaling_group_name,
+            az_capacity_distribution_strategy=az_capacity_distribution_strategy,
             block_devices=block_devices,
             capacity_rebalance=capacity_rebalance,
             cooldown=cooldown,
@@ -42102,6 +42169,7 @@ def _typecheckingstub__64f2d9b3495e3be78346f77d5ad90928968c8ce230e670b6279dc67ad
     allow_all_outbound: typing.Optional[builtins.bool] = None,
     associate_public_ip_address: typing.Optional[builtins.bool] = None,
     auto_scaling_group_name: typing.Optional[builtins.str] = None,
+    az_capacity_distribution_strategy: typing.Optional[_CapacityDistributionStrategy_2393ccfe] = None,
     block_devices: typing.Optional[typing.Sequence[typing.Union[_BlockDevice_0cfc0568, typing.Dict[builtins.str, typing.Any]]]] = None,
     capacity_rebalance: typing.Optional[builtins.bool] = None,
     cooldown: typing.Optional[_Duration_4839e8c3] = None,
@@ -43126,6 +43194,7 @@ def _typecheckingstub__a77e92d9ff0a9ac5b9f5909726a2e91dafa1fae662c3fdef09e5f9c3f
     *,
     container_definitions: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnTaskDefinition.ContainerDefinitionProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
     cpu: typing.Optional[builtins.str] = None,
+    enable_fault_injection: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     ephemeral_storage: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnTaskDefinition.EphemeralStorageProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     execution_role_arn: typing.Optional[builtins.str] = None,
     family: typing.Optional[builtins.str] = None,
@@ -43169,6 +43238,12 @@ def _typecheckingstub__54ee0f0538c4fcd482362fac760fb6e813d1c01e85a1bb6e1da58c885
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__aa2816ef80c100b1df58247274b83e116e7f9568ae1e6f2acba3307b8b5c8f1f(
+    value: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]],
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__501da7d8d052de8848e38b3ce458cd787c3006be2870679cd704efc8594577e3(
     value: typing.Optional[typing.Union[_IResolvable_da3f097b, CfnTaskDefinition.EphemeralStorageProperty]],
 ) -> None:
@@ -43594,6 +43669,7 @@ def _typecheckingstub__aa26bba98a26acc68000a13cd676c1f16ef698b1af77ac4e6fb710c7f
     *,
     container_definitions: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnTaskDefinition.ContainerDefinitionProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
     cpu: typing.Optional[builtins.str] = None,
+    enable_fault_injection: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     ephemeral_storage: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnTaskDefinition.EphemeralStorageProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     execution_role_arn: typing.Optional[builtins.str] = None,
     family: typing.Optional[builtins.str] = None,
@@ -45850,6 +45926,7 @@ def _typecheckingstub__63e98e008463515927d4aee3c938d64639e34ce8a2c09fa766883be6a
     allow_all_outbound: typing.Optional[builtins.bool] = None,
     associate_public_ip_address: typing.Optional[builtins.bool] = None,
     auto_scaling_group_name: typing.Optional[builtins.str] = None,
+    az_capacity_distribution_strategy: typing.Optional[_CapacityDistributionStrategy_2393ccfe] = None,
     block_devices: typing.Optional[typing.Sequence[typing.Union[_BlockDevice_0cfc0568, typing.Dict[builtins.str, typing.Any]]]] = None,
     capacity_rebalance: typing.Optional[builtins.bool] = None,
     cooldown: typing.Optional[_Duration_4839e8c3] = None,

aws_cdk/aws_efs/__init__.py

@@ -2070,7 +2070,7 @@ class CfnFileSystem(
         ) -> None:
             '''Describes the protection on the file system.
 
-            :param replication_overwrite_protection: The status of the file system's replication overwrite protection. - ``ENABLED`` – The file system cannot be used as the destination file system in a replication configuration. The file system is writeable. Replication overwrite protection is ``ENABLED`` by default. - ``DISABLED`` – The file system can be used as the destination file system in a replication configuration. The file system is read-only and can only be modified by EFS replication. - ``REPLICATING`` – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is only modified only by EFS replication. If the replication configuration is deleted, the file system's replication overwrite protection is re-enabled, the file system becomes writeable.
+            :param replication_overwrite_protection: The status of the file system's replication overwrite protection. - ``ENABLED`` – The file system cannot be used as the destination file system in a replication configuration. The file system is writeable. Replication overwrite protection is ``ENABLED`` by default. - ``DISABLED`` – The file system can be used as the destination file system in a replication configuration. The file system is read-only and can only be modified by EFS replication. - ``REPLICATING`` – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is modified only by EFS replication. If the replication configuration is deleted, the file system's replication overwrite protection is re-enabled, the file system becomes writeable.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-efs-filesystem-filesystemprotection.html
             :exampleMetadata: fixture=_generated
@@ -2098,7 +2098,7 @@ class CfnFileSystem(
 
             - ``ENABLED`` – The file system cannot be used as the destination file system in a replication configuration. The file system is writeable. Replication overwrite protection is ``ENABLED`` by default.
             - ``DISABLED`` – The file system can be used as the destination file system in a replication configuration. The file system is read-only and can only be modified by EFS replication.
-            - ``REPLICATING`` – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is only modified only by EFS replication.
+            - ``REPLICATING`` – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is modified only by EFS replication.
 
             If the replication configuration is deleted, the file system's replication overwrite protection is re-enabled, the file system becomes writeable.
 
@@ -2317,9 +2317,9 @@ class CfnFileSystem(
             :param file_system_id: The ID of the destination Amazon EFS file system.
             :param kms_key_id: The ID of an AWS KMS key used to protect the encrypted file system.
             :param region: The AWS Region in which the destination file system is located. .. epigraph:: For One Zone file systems, the replication configuration must specify the AWS Region in which the destination file system is located.
-            :param role_arn: 
-            :param status: 
-            :param status_message: 
+            :param role_arn: The Amazon Resource Name (ARN) of the current source file system in the replication configuration.
+            :param status: Describes the status of the replication configuration. For more information about replication status, see `Viewing replication details <https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html>`_ in the *Amazon EFS User Guide* .
+            :param status_message: Message that provides details about the ``PAUSED`` or ``ERRROR`` state of the replication destination configuration. For more information about replication status messages, see `Viewing replication details <https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html>`_ in the *Amazon EFS User Guide* .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-efs-filesystem-replicationdestination.html
             :exampleMetadata: fixture=_generated
@@ -2412,7 +2412,8 @@ class CfnFileSystem(
 
         @builtins.property
         def role_arn(self) -> typing.Optional[builtins.str]:
-            '''
+            '''The Amazon Resource Name (ARN) of the current source file system in the replication configuration.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-efs-filesystem-replicationdestination.html#cfn-efs-filesystem-replicationdestination-rolearn
             '''
             result = self._values.get("role_arn")
@@ -2420,7 +2421,10 @@ class CfnFileSystem(
 
         @builtins.property
         def status(self) -> typing.Optional[builtins.str]:
-            '''
+            '''Describes the status of the replication configuration.
+
+            For more information about replication status, see `Viewing replication details <https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html>`_ in the *Amazon EFS User Guide* .
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-efs-filesystem-replicationdestination.html#cfn-efs-filesystem-replicationdestination-status
             '''
             result = self._values.get("status")
@@ -2428,7 +2432,10 @@ class CfnFileSystem(
 
         @builtins.property
         def status_message(self) -> typing.Optional[builtins.str]:
-            '''
+            '''Message that provides details about the ``PAUSED`` or ``ERRROR`` state of the replication destination configuration.
+
+            For more information about replication status messages, see `Viewing replication details <https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html>`_ in the *Amazon EFS User Guide* .
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-efs-filesystem-replicationdestination.html#cfn-efs-filesystem-replicationdestination-statusmessage
             '''
             result = self._values.get("status_message")