aws-cdk-lib 2.197.0__py3-none-any.whl → 2.198.0__py3-none-any.whl

aws_cdk/aws_deadline/__init__.py

@@ -447,7 +447,8 @@ class CfnFleet(
                     ),
         
                     # the properties below are optional
-                    storage_profile_id="storageProfileId"
+                    storage_profile_id="storageProfileId",
+                    tag_propagation_mode="tagPropagationMode"
                 ),
                 service_managed_ec2=deadline.CfnFleet.ServiceManagedEc2FleetConfigurationProperty(
                     instance_capabilities=deadline.CfnFleet.ServiceManagedEc2InstanceCapabilitiesProperty(
@@ -1117,6 +1118,7 @@ class CfnFleet(
             "mode": "mode",
             "worker_capabilities": "workerCapabilities",
             "storage_profile_id": "storageProfileId",
+            "tag_propagation_mode": "tagPropagationMode",
         },
     )
     class CustomerManagedFleetConfigurationProperty:
@@ -1126,12 +1128,14 @@ class CfnFleet(
             mode: builtins.str,
             worker_capabilities: typing.Union[_IResolvable_da3f097b, typing.Union["CfnFleet.CustomerManagedWorkerCapabilitiesProperty", typing.Dict[builtins.str, typing.Any]]],
             storage_profile_id: typing.Optional[builtins.str] = None,
+            tag_propagation_mode: typing.Optional[builtins.str] = None,
         ) -> None:
             '''The details of a customer managed fleet configuration.
 
             :param mode: The AWS Auto Scaling mode for the customer managed fleet configuration.
             :param worker_capabilities: The worker capabilities for a customer managed fleet configuration.
             :param storage_profile_id: The storage profile ID.
+            :param tag_propagation_mode: 
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-deadline-fleet-customermanagedfleetconfiguration.html
             :exampleMetadata: fixture=_generated
@@ -1188,7 +1192,8 @@ class CfnFleet(
                     ),
                 
                     # the properties below are optional
-                    storage_profile_id="storageProfileId"
+                    storage_profile_id="storageProfileId",
+                    tag_propagation_mode="tagPropagationMode"
                 )
             '''
             if __debug__:
@@ -1196,12 +1201,15 @@ class CfnFleet(
                 check_type(argname="argument mode", value=mode, expected_type=type_hints["mode"])
                 check_type(argname="argument worker_capabilities", value=worker_capabilities, expected_type=type_hints["worker_capabilities"])
                 check_type(argname="argument storage_profile_id", value=storage_profile_id, expected_type=type_hints["storage_profile_id"])
+                check_type(argname="argument tag_propagation_mode", value=tag_propagation_mode, expected_type=type_hints["tag_propagation_mode"])
             self._values: typing.Dict[builtins.str, typing.Any] = {
                 "mode": mode,
                 "worker_capabilities": worker_capabilities,
             }
             if storage_profile_id is not None:
                 self._values["storage_profile_id"] = storage_profile_id
+            if tag_propagation_mode is not None:
+                self._values["tag_propagation_mode"] = tag_propagation_mode
 
         @builtins.property
         def mode(self) -> builtins.str:
@@ -1234,6 +1242,14 @@ class CfnFleet(
             result = self._values.get("storage_profile_id")
             return typing.cast(typing.Optional[builtins.str], result)
 
+        @builtins.property
+        def tag_propagation_mode(self) -> typing.Optional[builtins.str]:
+            '''
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-deadline-fleet-customermanagedfleetconfiguration.html#cfn-deadline-fleet-customermanagedfleetconfiguration-tagpropagationmode
+            '''
+            result = self._values.get("tag_propagation_mode")
+            return typing.cast(typing.Optional[builtins.str], result)
+
         def __eq__(self, rhs: typing.Any) -> builtins.bool:
             return isinstance(rhs, self.__class__) and rhs._values == self._values
 
@@ -1887,7 +1903,8 @@ class CfnFleet(
                         ),
                 
                         # the properties below are optional
-                        storage_profile_id="storageProfileId"
+                        storage_profile_id="storageProfileId",
+                        tag_propagation_mode="tagPropagationMode"
                     ),
                     service_managed_ec2=deadline.CfnFleet.ServiceManagedEc2FleetConfigurationProperty(
                         instance_capabilities=deadline.CfnFleet.ServiceManagedEc2InstanceCapabilitiesProperty(
@@ -2748,7 +2765,8 @@ class CfnFleetProps:
                         ),
             
                         # the properties below are optional
-                        storage_profile_id="storageProfileId"
+                        storage_profile_id="storageProfileId",
+                        tag_propagation_mode="tagPropagationMode"
                     ),
                     service_managed_ec2=deadline.CfnFleet.ServiceManagedEc2FleetConfigurationProperty(
                         instance_capabilities=deadline.CfnFleet.ServiceManagedEc2InstanceCapabilitiesProperty(
@@ -6300,6 +6318,7 @@ def _typecheckingstub__1e0d0744c60a31b3157ef03f930266f6c000eafa44c6050607897ea5b
     mode: builtins.str,
     worker_capabilities: typing.Union[_IResolvable_da3f097b, typing.Union[CfnFleet.CustomerManagedWorkerCapabilitiesProperty, typing.Dict[builtins.str, typing.Any]]],
     storage_profile_id: typing.Optional[builtins.str] = None,
+    tag_propagation_mode: typing.Optional[builtins.str] = None,
 ) -> None:
     """Type checking stubs"""
     pass

aws_cdk/aws_ec2/__init__.py

@@ -16999,7 +16999,7 @@ class CfnHost(
         :param instance_family: The instance family supported by the Dedicated Host. For example, ``m5`` .
         :param instance_type: Specifies the instance type to be supported by the Dedicated Hosts. If you specify an instance type, the Dedicated Hosts support instances of the specified instance type only.
         :param outpost_arn: The Amazon Resource Name (ARN) of the AWS Outpost on which the Dedicated Host is allocated.
-        :param tags: Any tags assigned to the Host.
+        :param tags: Any tags assigned to the Dedicated Host.
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__e3a07acffdb551edbc817b7c424628c812f21356d7f697757a332323f6dcfde8)
@@ -17176,7 +17176,7 @@ class CfnHost(
     @builtins.property
     @jsii.member(jsii_name="tags")
     def tags(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
-        '''Any tags assigned to the Host.'''
+        '''Any tags assigned to the Dedicated Host.'''
         return typing.cast(typing.Optional[typing.List[_CfnTag_f6864754]], jsii.get(self, "tags"))
 
     @tags.setter
@@ -17226,7 +17226,7 @@ class CfnHostProps:
         :param instance_family: The instance family supported by the Dedicated Host. For example, ``m5`` .
         :param instance_type: Specifies the instance type to be supported by the Dedicated Hosts. If you specify an instance type, the Dedicated Hosts support instances of the specified instance type only.
         :param outpost_arn: The Amazon Resource Name (ARN) of the AWS Outpost on which the Dedicated Host is allocated.
-        :param tags: Any tags assigned to the Host.
+        :param tags: Any tags assigned to the Dedicated Host.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-host.html
         :exampleMetadata: fixture=_generated
@@ -17372,7 +17372,7 @@ class CfnHostProps:
 
     @builtins.property
     def tags(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
-        '''Any tags assigned to the Host.
+        '''Any tags assigned to the Dedicated Host.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-host.html#cfn-ec2-host-tags
         '''
@@ -20667,6 +20667,13 @@ class CfnInstance(
             license_specifications=[ec2.CfnInstance.LicenseSpecificationProperty(
                 license_configuration_arn="licenseConfigurationArn"
             )],
+            metadata_options=ec2.CfnInstance.MetadataOptionsProperty(
+                http_endpoint="httpEndpoint",
+                http_protocol_ipv6="httpProtocolIpv6",
+                http_put_response_hop_limit=123,
+                http_tokens="httpTokens",
+                instance_metadata_tags="instanceMetadataTags"
+            ),
             monitoring=False,
             network_interfaces=[ec2.CfnInstance.NetworkInterfaceProperty(
                 device_index="deviceIndex",
@@ -20760,6 +20767,7 @@ class CfnInstance(
         key_name: typing.Optional[builtins.str] = None,
         launch_template: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnInstance.LaunchTemplateSpecificationProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         license_specifications: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union["CfnInstance.LicenseSpecificationProperty", typing.Dict[builtins.str, typing.Any]]]]]] = None,
+        metadata_options: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnInstance.MetadataOptionsProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         monitoring: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         network_interfaces: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union["CfnInstance.NetworkInterfaceProperty", typing.Dict[builtins.str, typing.Any]]]]]] = None,
         placement_group_name: typing.Optional[builtins.str] = None,
@@ -20804,6 +20812,7 @@ class CfnInstance(
         :param key_name: The name of the key pair. You can create a key pair using `CreateKeyPair <https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateKeyPair.html>`_ or `ImportKeyPair <https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ImportKeyPair.html>`_ . .. epigraph:: If you do not specify a key pair, you can't connect to the instance unless you choose an AMI that is configured to allow users another way to log in.
         :param launch_template: The launch template. Any additional parameters that you specify for the new instance overwrite the corresponding parameters included in the launch template.
         :param license_specifications: The license configurations.
+        :param metadata_options: 
         :param monitoring: Specifies whether detailed monitoring is enabled for the instance. Specify ``true`` to enable detailed monitoring. Otherwise, basic monitoring is enabled. For more information about detailed monitoring, see `Enable or turn off detailed monitoring for your instances <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-cloudwatch-new.html>`_ in the *Amazon EC2 User Guide* .
         :param network_interfaces: The network interfaces to associate with the instance. .. epigraph:: If you use this property to point to a network interface, you must terminate the original interface before attaching a new one to allow the update of the instance to succeed. If this resource has a public IP address and is also in a VPC that is defined in the same template, you must use the `DependsOn Attribute <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html>`_ to declare a dependency on the VPC-gateway attachment.
         :param placement_group_name: The name of an existing placement group that you want to launch the instance into (cluster | partition | spread).
@@ -20850,6 +20859,7 @@ class CfnInstance(
             key_name=key_name,
             launch_template=launch_template,
             license_specifications=license_specifications,
+            metadata_options=metadata_options,
             monitoring=monitoring,
             network_interfaces=network_interfaces,
             placement_group_name=placement_group_name,
@@ -21371,6 +21381,23 @@ class CfnInstance(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "licenseSpecifications", value) # pyright: ignore[reportArgumentType]
 
+    @builtins.property
+    @jsii.member(jsii_name="metadataOptions")
+    def metadata_options(
+        self,
+    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnInstance.MetadataOptionsProperty"]]:
+        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnInstance.MetadataOptionsProperty"]], jsii.get(self, "metadataOptions"))
+
+    @metadata_options.setter
+    def metadata_options(
+        self,
+        value: typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnInstance.MetadataOptionsProperty"]],
+    ) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__829ee1a8f150cbfae9cd18b9c33d41b2e8f61b6ded5a58aa4c446baedaa0b5fc)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "metadataOptions", value) # pyright: ignore[reportArgumentType]
+
     @builtins.property
     @jsii.member(jsii_name="monitoring")
     def monitoring(
@@ -22831,6 +22858,134 @@ class CfnInstance(
                 k + "=" + repr(v) for k, v in self._values.items()
             )
 
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_ec2.CfnInstance.MetadataOptionsProperty",
+        jsii_struct_bases=[],
+        name_mapping={
+            "http_endpoint": "httpEndpoint",
+            "http_protocol_ipv6": "httpProtocolIpv6",
+            "http_put_response_hop_limit": "httpPutResponseHopLimit",
+            "http_tokens": "httpTokens",
+            "instance_metadata_tags": "instanceMetadataTags",
+        },
+    )
+    class MetadataOptionsProperty:
+        def __init__(
+            self,
+            *,
+            http_endpoint: typing.Optional[builtins.str] = None,
+            http_protocol_ipv6: typing.Optional[builtins.str] = None,
+            http_put_response_hop_limit: typing.Optional[jsii.Number] = None,
+            http_tokens: typing.Optional[builtins.str] = None,
+            instance_metadata_tags: typing.Optional[builtins.str] = None,
+        ) -> None:
+            '''
+            :param http_endpoint: Enables or disables the HTTP metadata endpoint on your instances. If you specify a value of disabled, you cannot access your instance metadata.
+            :param http_protocol_ipv6: Enables or disables the IPv6 endpoint for the instance metadata service. To use this option, the instance must be a Nitro-based instance launched in a subnet that supports IPv6.
+            :param http_put_response_hop_limit: The number of network hops that the metadata token can travel. Maximum is 64. Default: - 1
+            :param http_tokens: Indicates whether IMDSv2 is required.
+            :param instance_metadata_tags: Indicates whether tags from the instance are propagated to the EBS volumes.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance-metadataoptions.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_ec2 as ec2
+                
+                metadata_options_property = ec2.CfnInstance.MetadataOptionsProperty(
+                    http_endpoint="httpEndpoint",
+                    http_protocol_ipv6="httpProtocolIpv6",
+                    http_put_response_hop_limit=123,
+                    http_tokens="httpTokens",
+                    instance_metadata_tags="instanceMetadataTags"
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__dd62c780267fd82323185183a14d7164b77b99b5493e4e4f98f5cd11a52c16a3)
+                check_type(argname="argument http_endpoint", value=http_endpoint, expected_type=type_hints["http_endpoint"])
+                check_type(argname="argument http_protocol_ipv6", value=http_protocol_ipv6, expected_type=type_hints["http_protocol_ipv6"])
+                check_type(argname="argument http_put_response_hop_limit", value=http_put_response_hop_limit, expected_type=type_hints["http_put_response_hop_limit"])
+                check_type(argname="argument http_tokens", value=http_tokens, expected_type=type_hints["http_tokens"])
+                check_type(argname="argument instance_metadata_tags", value=instance_metadata_tags, expected_type=type_hints["instance_metadata_tags"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {}
+            if http_endpoint is not None:
+                self._values["http_endpoint"] = http_endpoint
+            if http_protocol_ipv6 is not None:
+                self._values["http_protocol_ipv6"] = http_protocol_ipv6
+            if http_put_response_hop_limit is not None:
+                self._values["http_put_response_hop_limit"] = http_put_response_hop_limit
+            if http_tokens is not None:
+                self._values["http_tokens"] = http_tokens
+            if instance_metadata_tags is not None:
+                self._values["instance_metadata_tags"] = instance_metadata_tags
+
+        @builtins.property
+        def http_endpoint(self) -> typing.Optional[builtins.str]:
+            '''Enables or disables the HTTP metadata endpoint on your instances.
+
+            If you specify a value of disabled, you cannot access your instance metadata.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance-metadataoptions.html#cfn-ec2-instance-metadataoptions-httpendpoint
+            '''
+            result = self._values.get("http_endpoint")
+            return typing.cast(typing.Optional[builtins.str], result)
+
+        @builtins.property
+        def http_protocol_ipv6(self) -> typing.Optional[builtins.str]:
+            '''Enables or disables the IPv6 endpoint for the instance metadata service.
+
+            To use this option, the instance must be a Nitro-based instance launched in a subnet that supports IPv6.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance-metadataoptions.html#cfn-ec2-instance-metadataoptions-httpprotocolipv6
+            '''
+            result = self._values.get("http_protocol_ipv6")
+            return typing.cast(typing.Optional[builtins.str], result)
+
+        @builtins.property
+        def http_put_response_hop_limit(self) -> typing.Optional[jsii.Number]:
+            '''The number of network hops that the metadata token can travel.
+
+            Maximum is 64.
+
+            :default: - 1
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance-metadataoptions.html#cfn-ec2-instance-metadataoptions-httpputresponsehoplimit
+            '''
+            result = self._values.get("http_put_response_hop_limit")
+            return typing.cast(typing.Optional[jsii.Number], result)
+
+        @builtins.property
+        def http_tokens(self) -> typing.Optional[builtins.str]:
+            '''Indicates whether IMDSv2 is required.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance-metadataoptions.html#cfn-ec2-instance-metadataoptions-httptokens
+            '''
+            result = self._values.get("http_tokens")
+            return typing.cast(typing.Optional[builtins.str], result)
+
+        @builtins.property
+        def instance_metadata_tags(self) -> typing.Optional[builtins.str]:
+            '''Indicates whether tags from the instance are propagated to the EBS volumes.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance-metadataoptions.html#cfn-ec2-instance-metadataoptions-instancemetadatatags
+            '''
+            result = self._values.get("instance_metadata_tags")
+            return typing.cast(typing.Optional[builtins.str], result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "MetadataOptionsProperty(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
     @jsii.data_type(
         jsii_type="aws-cdk-lib.aws_ec2.CfnInstance.NetworkInterfaceProperty",
         jsii_struct_bases=[],
@@ -23958,6 +24113,7 @@ class CfnInstanceConnectEndpointProps:
         "key_name": "keyName",
         "launch_template": "launchTemplate",
         "license_specifications": "licenseSpecifications",
+        "metadata_options": "metadataOptions",
         "monitoring": "monitoring",
         "network_interfaces": "networkInterfaces",
         "placement_group_name": "placementGroupName",
@@ -24004,6 +24160,7 @@ class CfnInstanceProps:
         key_name: typing.Optional[builtins.str] = None,
         launch_template: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnInstance.LaunchTemplateSpecificationProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
         license_specifications: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnInstance.LicenseSpecificationProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
+        metadata_options: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnInstance.MetadataOptionsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
         monitoring: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         network_interfaces: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnInstance.NetworkInterfaceProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
         placement_group_name: typing.Optional[builtins.str] = None,
@@ -24047,6 +24204,7 @@ class CfnInstanceProps:
         :param key_name: The name of the key pair. You can create a key pair using `CreateKeyPair <https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateKeyPair.html>`_ or `ImportKeyPair <https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ImportKeyPair.html>`_ . .. epigraph:: If you do not specify a key pair, you can't connect to the instance unless you choose an AMI that is configured to allow users another way to log in.
         :param launch_template: The launch template. Any additional parameters that you specify for the new instance overwrite the corresponding parameters included in the launch template.
         :param license_specifications: The license configurations.
+        :param metadata_options: 
         :param monitoring: Specifies whether detailed monitoring is enabled for the instance. Specify ``true`` to enable detailed monitoring. Otherwise, basic monitoring is enabled. For more information about detailed monitoring, see `Enable or turn off detailed monitoring for your instances <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-cloudwatch-new.html>`_ in the *Amazon EC2 User Guide* .
         :param network_interfaces: The network interfaces to associate with the instance. .. epigraph:: If you use this property to point to a network interface, you must terminate the original interface before attaching a new one to allow the update of the instance to succeed. If this resource has a public IP address and is also in a VPC that is defined in the same template, you must use the `DependsOn Attribute <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html>`_ to declare a dependency on the VPC-gateway attachment.
         :param placement_group_name: The name of an existing placement group that you want to launch the instance into (cluster | partition | spread).
@@ -24139,6 +24297,13 @@ class CfnInstanceProps:
                 license_specifications=[ec2.CfnInstance.LicenseSpecificationProperty(
                     license_configuration_arn="licenseConfigurationArn"
                 )],
+                metadata_options=ec2.CfnInstance.MetadataOptionsProperty(
+                    http_endpoint="httpEndpoint",
+                    http_protocol_ipv6="httpProtocolIpv6",
+                    http_put_response_hop_limit=123,
+                    http_tokens="httpTokens",
+                    instance_metadata_tags="instanceMetadataTags"
+                ),
                 monitoring=False,
                 network_interfaces=[ec2.CfnInstance.NetworkInterfaceProperty(
                     device_index="deviceIndex",
@@ -24228,6 +24393,7 @@ class CfnInstanceProps:
             check_type(argname="argument key_name", value=key_name, expected_type=type_hints["key_name"])
             check_type(argname="argument launch_template", value=launch_template, expected_type=type_hints["launch_template"])
             check_type(argname="argument license_specifications", value=license_specifications, expected_type=type_hints["license_specifications"])
+            check_type(argname="argument metadata_options", value=metadata_options, expected_type=type_hints["metadata_options"])
             check_type(argname="argument monitoring", value=monitoring, expected_type=type_hints["monitoring"])
             check_type(argname="argument network_interfaces", value=network_interfaces, expected_type=type_hints["network_interfaces"])
             check_type(argname="argument placement_group_name", value=placement_group_name, expected_type=type_hints["placement_group_name"])
@@ -24293,6 +24459,8 @@ class CfnInstanceProps:
             self._values["launch_template"] = launch_template
         if license_specifications is not None:
             self._values["license_specifications"] = license_specifications
+        if metadata_options is not None:
+            self._values["metadata_options"] = metadata_options
         if monitoring is not None:
             self._values["monitoring"] = monitoring
         if network_interfaces is not None:
@@ -24635,6 +24803,16 @@ class CfnInstanceProps:
         result = self._values.get("license_specifications")
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, CfnInstance.LicenseSpecificationProperty]]]], result)
 
+    @builtins.property
+    def metadata_options(
+        self,
+    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnInstance.MetadataOptionsProperty]]:
+        '''
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-instance.html#cfn-ec2-instance-metadataoptions
+        '''
+        result = self._values.get("metadata_options")
+        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, CfnInstance.MetadataOptionsProperty]], result)
+
     @builtins.property
     def monitoring(
         self,
@@ -80001,6 +80179,10 @@ class InstanceClass(enum.Enum):
     '''Storage optimized instances powered by 5th generation Intel Xeon Scalable processors, 7th generation.'''
     I7IE = "I7IE"
     '''Storage optimized instances powered by 5th generation Intel Xeon Scalable processors, 7th generation.'''
+    IO7_INTEL = "IO7_INTEL"
+    '''I/O-optimized instances with local NVME drive powered by 5th generation Intel Xeon Scalable processors, 7th generation.'''
+    I7I = "I7I"
+    '''I/O-optimized instances with local NVME drive powered by 5th generation Intel Xeon Scalable processors, 7th generation.'''
     STORAGE8_GRAVITON = "STORAGE8_GRAVITON"
     '''Storage optimized instances powered by Graviton4 processor, 8th generation.'''
     I8G = "I8G"
@@ -81996,6 +82178,11 @@ class InterfaceVpcEndpointAwsService(
     def DYNAMODB_FIPS(cls) -> "InterfaceVpcEndpointAwsService":
         return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "DYNAMODB_FIPS"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="DYNAMODB_STREAMS")
+    def DYNAMODB_STREAMS(cls) -> "InterfaceVpcEndpointAwsService":
+        return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "DYNAMODB_STREAMS"))
+
     @jsii.python.classproperty
     @jsii.member(jsii_name="EBS_DIRECT")
     def EBS_DIRECT(cls) -> "InterfaceVpcEndpointAwsService":
@@ -105905,6 +106092,7 @@ def _typecheckingstub__c4a16bcac45df35102107cab13dbaea279aac225408d8ffe54a341484
     key_name: typing.Optional[builtins.str] = None,
     launch_template: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnInstance.LaunchTemplateSpecificationProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     license_specifications: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnInstance.LicenseSpecificationProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
+    metadata_options: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnInstance.MetadataOptionsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     monitoring: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     network_interfaces: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnInstance.NetworkInterfaceProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
     placement_group_name: typing.Optional[builtins.str] = None,
@@ -106081,6 +106269,12 @@ def _typecheckingstub__cc2686e45ed4c6d1878a8ae7e28861e3db1d532776cefb8db34c5911f
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__829ee1a8f150cbfae9cd18b9c33d41b2e8f61b6ded5a58aa4c446baedaa0b5fc(
+    value: typing.Optional[typing.Union[_IResolvable_da3f097b, CfnInstance.MetadataOptionsProperty]],
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__7a0da44bb62f454316060622acd522d46ed58c088bae4a9f6249bcf6deca5588(
     value: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]],
 ) -> None:
@@ -106290,6 +106484,17 @@ def _typecheckingstub__d052358cb33e29932cee94076b50021e871c21fc3250e7670a7f77437
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__dd62c780267fd82323185183a14d7164b77b99b5493e4e4f98f5cd11a52c16a3(
+    *,
+    http_endpoint: typing.Optional[builtins.str] = None,
+    http_protocol_ipv6: typing.Optional[builtins.str] = None,
+    http_put_response_hop_limit: typing.Optional[jsii.Number] = None,
+    http_tokens: typing.Optional[builtins.str] = None,
+    instance_metadata_tags: typing.Optional[builtins.str] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__34d8c3e0456d2764eb1c3d4b68e63d75d3e51811fe46a5cc1a3cd7a841079228(
     *,
     device_index: builtins.str,
@@ -106443,6 +106648,7 @@ def _typecheckingstub__605ba8f22e222289aa0ed61b03690aaf9a4e8eabb86a9ba2b63d10f2b
     key_name: typing.Optional[builtins.str] = None,
     launch_template: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnInstance.LaunchTemplateSpecificationProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     license_specifications: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnInstance.LicenseSpecificationProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
+    metadata_options: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnInstance.MetadataOptionsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     monitoring: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     network_interfaces: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnInstance.NetworkInterfaceProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
     placement_group_name: typing.Optional[builtins.str] = None,

aws_cdk/aws_ecs/__init__.py

@@ -10064,7 +10064,7 @@ class CfnService(
             - For tasks that are on AWS Fargate , because you don't have access to the underlying infrastructure your tasks are hosted on, any additional software needed must be installed outside of the task. For example, the Fluentd output aggregators or a remote host running Logstash to send Gelf logs to.
 
             :param log_driver: The log driver to use for the container. For tasks on AWS Fargate , the supported log drivers are ``awslogs`` , ``splunk`` , and ``awsfirelens`` . For tasks hosted on Amazon EC2 instances, the supported log drivers are ``awslogs`` , ``fluentd`` , ``gelf`` , ``json-file`` , ``journald`` , ``syslog`` , ``splunk`` , and ``awsfirelens`` . For more information about using the ``awslogs`` log driver, see `Send Amazon ECS logs to CloudWatch <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_awslogs.html>`_ in the *Amazon Elastic Container Service Developer Guide* . For more information about using the ``awsfirelens`` log driver, see `Send Amazon ECS logs to an AWS service or AWS Partner <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html>`_ . .. epigraph:: If you have a custom driver that isn't listed, you can fork the Amazon ECS container agent project that's `available on GitHub <https://docs.aws.amazon.com/https://github.com/aws/amazon-ecs-agent>`_ and customize it to work with that driver. We encourage you to submit pull requests for changes that you would like to have included. However, we don't currently provide support for running modified copies of this software.
-            :param options: The configuration options to send to the log driver. The options you can specify depend on the log driver. Some of the options you can specify when you use the ``awslogs`` log driver to route logs to Amazon CloudWatch include the following: - **awslogs-create-group** - Required: No Specify whether you want the log group to be created automatically. If this option isn't specified, it defaults to ``false`` . .. epigraph:: Your IAM policy must include the ``logs:CreateLogGroup`` permission before you attempt to use ``awslogs-create-group`` . - **awslogs-region** - Required: Yes Specify the AWS Region that the ``awslogs`` log driver is to send your Docker logs to. You can choose to send all of your logs from clusters in different Regions to a single region in CloudWatch Logs. This is so that they're all visible in one location. Otherwise, you can separate them by Region for more granularity. Make sure that the specified log group exists in the Region that you specify with this option. - **awslogs-group** - Required: Yes Make sure to specify a log group that the ``awslogs`` log driver sends its log streams to. - **awslogs-stream-prefix** - Required: Yes, when using Fargate.Optional when using EC2. Use the ``awslogs-stream-prefix`` option to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task that the container belongs to. If you specify a prefix with this option, then the log stream takes the format ``prefix-name/container-name/ecs-task-id`` . If you don't specify a prefix with this option, then the log stream is named after the container ID that's assigned by the Docker daemon on the container instance. Because it's difficult to trace logs back to the container that sent them with just the Docker container ID (which is only available on the container instance), we recommend that you specify a prefix with this option. For Amazon ECS services, you can use the service name as the prefix. Doing so, you can trace log streams to the service that the container belongs to, the name of the container that sent them, and the ID of the task that the container belongs to. You must specify a stream-prefix for your logs to have your logs appear in the Log pane when using the Amazon ECS console. - **awslogs-datetime-format** - Required: No This option defines a multiline start pattern in Python ``strftime`` format. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. One example of a use case for using this format is for parsing output such as a stack dump, which might otherwise be logged in multiple entries. The correct pattern allows it to be captured in a single entry. For more information, see `awslogs-datetime-format <https://docs.aws.amazon.com/https://docs.docker.com/config/containers/logging/awslogs/#awslogs-datetime-format>`_ . You cannot configure both the ``awslogs-datetime-format`` and ``awslogs-multiline-pattern`` options. .. epigraph:: Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. - **awslogs-multiline-pattern** - Required: No This option defines a multiline start pattern that uses a regular expression. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. For more information, see `awslogs-multiline-pattern <https://docs.aws.amazon.com/https://docs.docker.com/config/containers/logging/awslogs/#awslogs-multiline-pattern>`_ . This option is ignored if ``awslogs-datetime-format`` is also configured. You cannot configure both the ``awslogs-datetime-format`` and ``awslogs-multiline-pattern`` options. .. epigraph:: Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. The following options apply to all supported log drivers. - **mode** - Required: No Valid values: ``non-blocking`` | ``blocking`` This option defines the delivery mode of log messages from the container to the log driver specified using ``logDriver`` . The delivery mode you choose affects application availability when the flow of logs from container is interrupted. If you use the ``blocking`` mode and the flow of logs is interrupted, calls from container code to write to the ``stdout`` and ``stderr`` streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure. If you use the ``non-blocking`` mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the ``max-buffer-size`` option. This prevents the application from becoming unresponsive when logs cannot be sent. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see `Preventing log loss with non-blocking mode in the ``awslogs`` container log driver <https://docs.aws.amazon.com/containers/preventing-log-loss-with-non-blocking-mode-in-the-awslogs-container-log-driver/>`_ . You can set a default ``mode`` for all containers in a specific AWS Region by using the ``defaultLogDriverMode`` account setting. If you don't specify the ``mode`` option or configure the account setting, Amazon ECS will default to the ``blocking`` mode. For more information about the account setting, see `Default log driver mode <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-account-settings.html#default-log-driver-mode>`_ in the *Amazon Elastic Container Service Developer Guide* . - **max-buffer-size** - Required: No Default value: ``1m`` When ``non-blocking`` mode is used, the ``max-buffer-size`` log option controls the size of the buffer that's used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost. To route logs using the ``splunk`` log router, you need to specify a ``splunk-token`` and a ``splunk-url`` . When you use the ``awsfirelens`` log router to route logs to an AWS Service or AWS Partner Network destination for log storage and analytics, you can set the ``log-driver-buffer-limit`` option to limit the number of events that are buffered in memory, before being sent to the log router container. It can help to resolve potential log loss issue because high throughput might result in memory running out for the buffer inside of Docker. Other options you can specify when using ``awsfirelens`` to route logs depend on the destination. When you export logs to Amazon Data Firehose, you can specify the AWS Region with ``region`` and a name for the log stream with ``delivery_stream`` . When you export logs to Amazon Kinesis Data Streams, you can specify an AWS Region with ``region`` and a data stream name with ``stream`` . When you export logs to Amazon OpenSearch Service, you can specify options like ``Name`` , ``Host`` (OpenSearch Service endpoint without protocol), ``Port`` , ``Index`` , ``Type`` , ``Aws_auth`` , ``Aws_region`` , ``Suppress_Type_Name`` , and ``tls`` . For more information, see `Under the hood: FireLens for Amazon ECS Tasks <https://docs.aws.amazon.com/containers/under-the-hood-firelens-for-amazon-ecs-tasks/>`_ . When you export logs to Amazon S3, you can specify the bucket using the ``bucket`` option. You can also specify ``region`` , ``total_file_size`` , ``upload_timeout`` , and ``use_put_object`` as options. This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'``
+            :param options: The configuration options to send to the log driver. The options you can specify depend on the log driver. Some of the options you can specify when you use the ``awslogs`` log driver to route logs to Amazon CloudWatch include the following: - **awslogs-create-group** - Required: No Specify whether you want the log group to be created automatically. If this option isn't specified, it defaults to ``false`` . .. epigraph:: Your IAM policy must include the ``logs:CreateLogGroup`` permission before you attempt to use ``awslogs-create-group`` . - **awslogs-region** - Required: Yes Specify the AWS Region that the ``awslogs`` log driver is to send your Docker logs to. You can choose to send all of your logs from clusters in different Regions to a single region in CloudWatch Logs. This is so that they're all visible in one location. Otherwise, you can separate them by Region for more granularity. Make sure that the specified log group exists in the Region that you specify with this option. - **awslogs-group** - Required: Yes Make sure to specify a log group that the ``awslogs`` log driver sends its log streams to. - **awslogs-stream-prefix** - Required: Yes, when using Fargate.Optional when using EC2. Use the ``awslogs-stream-prefix`` option to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task that the container belongs to. If you specify a prefix with this option, then the log stream takes the format ``prefix-name/container-name/ecs-task-id`` . If you don't specify a prefix with this option, then the log stream is named after the container ID that's assigned by the Docker daemon on the container instance. Because it's difficult to trace logs back to the container that sent them with just the Docker container ID (which is only available on the container instance), we recommend that you specify a prefix with this option. For Amazon ECS services, you can use the service name as the prefix. Doing so, you can trace log streams to the service that the container belongs to, the name of the container that sent them, and the ID of the task that the container belongs to. You must specify a stream-prefix for your logs to have your logs appear in the Log pane when using the Amazon ECS console. - **awslogs-datetime-format** - Required: No This option defines a multiline start pattern in Python ``strftime`` format. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. One example of a use case for using this format is for parsing output such as a stack dump, which might otherwise be logged in multiple entries. The correct pattern allows it to be captured in a single entry. For more information, see `awslogs-datetime-format <https://docs.aws.amazon.com/https://docs.docker.com/config/containers/logging/awslogs/#awslogs-datetime-format>`_ . You cannot configure both the ``awslogs-datetime-format`` and ``awslogs-multiline-pattern`` options. .. epigraph:: Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. - **awslogs-multiline-pattern** - Required: No This option defines a multiline start pattern that uses a regular expression. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. For more information, see `awslogs-multiline-pattern <https://docs.aws.amazon.com/https://docs.docker.com/config/containers/logging/awslogs/#awslogs-multiline-pattern>`_ . This option is ignored if ``awslogs-datetime-format`` is also configured. You cannot configure both the ``awslogs-datetime-format`` and ``awslogs-multiline-pattern`` options. .. epigraph:: Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. The following options apply to all supported log drivers. - **mode** - Required: No Valid values: ``non-blocking`` | ``blocking`` This option defines the delivery mode of log messages from the container to the log driver specified using ``logDriver`` . The delivery mode you choose affects application availability when the flow of logs from container is interrupted. If you use the ``blocking`` mode and the flow of logs is interrupted, calls from container code to write to the ``stdout`` and ``stderr`` streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure. If you use the ``non-blocking`` mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the ``max-buffer-size`` option. This prevents the application from becoming unresponsive when logs cannot be sent. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see `Preventing log loss with non-blocking mode in the ``awslogs`` container log driver <https://docs.aws.amazon.com/containers/preventing-log-loss-with-non-blocking-mode-in-the-awslogs-container-log-driver/>`_ . You can set a default ``mode`` for all containers in a specific AWS Region by using the ``defaultLogDriverMode`` account setting. If you don't specify the ``mode`` option or configure the account setting, Amazon ECS will default to the ``blocking`` mode. For more information about the account setting, see `Default log driver mode <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-account-settings.html#default-log-driver-mode>`_ in the *Amazon Elastic Container Service Developer Guide* . .. epigraph:: On June 25, 2025, Amazon ECS is changing the default log driver mode from ``blocking`` to ``non-blocking`` to prioritize task availability over logging. To continue using the ``blocking`` mode after this change, do one of the following: - Set the ``mode`` option in your container definition's ``logConfiguration`` as ``blocking`` . - Set the ``defaultLogDriverMode`` account setting to ``blocking`` . - **max-buffer-size** - Required: No Default value: ``1m`` When ``non-blocking`` mode is used, the ``max-buffer-size`` log option controls the size of the buffer that's used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost. To route logs using the ``splunk`` log router, you need to specify a ``splunk-token`` and a ``splunk-url`` . When you use the ``awsfirelens`` log router to route logs to an AWS Service or AWS Partner Network destination for log storage and analytics, you can set the ``log-driver-buffer-limit`` option to limit the number of events that are buffered in memory, before being sent to the log router container. It can help to resolve potential log loss issue because high throughput might result in memory running out for the buffer inside of Docker. Other options you can specify when using ``awsfirelens`` to route logs depend on the destination. When you export logs to Amazon Data Firehose, you can specify the AWS Region with ``region`` and a name for the log stream with ``delivery_stream`` . When you export logs to Amazon Kinesis Data Streams, you can specify an AWS Region with ``region`` and a data stream name with ``stream`` . When you export logs to Amazon OpenSearch Service, you can specify options like ``Name`` , ``Host`` (OpenSearch Service endpoint without protocol), ``Port`` , ``Index`` , ``Type`` , ``Aws_auth`` , ``Aws_region`` , ``Suppress_Type_Name`` , and ``tls`` . For more information, see `Under the hood: FireLens for Amazon ECS Tasks <https://docs.aws.amazon.com/containers/under-the-hood-firelens-for-amazon-ecs-tasks/>`_ . When you export logs to Amazon S3, you can specify the bucket using the ``bucket`` option. You can also specify ``region`` , ``total_file_size`` , ``upload_timeout`` , and ``use_put_object`` as options. This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'``
             :param secret_options: The secrets to pass to the log configuration. For more information, see `Specifying sensitive data <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-logconfiguration.html
@@ -10192,6 +10192,12 @@ class CfnService(
             If you use the ``non-blocking`` mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the ``max-buffer-size`` option. This prevents the application from becoming unresponsive when logs cannot be sent. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see `Preventing log loss with non-blocking mode in the ``awslogs`` container log driver <https://docs.aws.amazon.com/containers/preventing-log-loss-with-non-blocking-mode-in-the-awslogs-container-log-driver/>`_ .
 
             You can set a default ``mode`` for all containers in a specific AWS Region by using the ``defaultLogDriverMode`` account setting. If you don't specify the ``mode`` option or configure the account setting, Amazon ECS will default to the ``blocking`` mode. For more information about the account setting, see `Default log driver mode <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-account-settings.html#default-log-driver-mode>`_ in the *Amazon Elastic Container Service Developer Guide* .
+            .. epigraph::
+
+               On June 25, 2025, Amazon ECS is changing the default log driver mode from ``blocking`` to ``non-blocking`` to prioritize task availability over logging. To continue using the ``blocking`` mode after this change, do one of the following:
+
+               - Set the ``mode`` option in your container definition's ``logConfiguration`` as ``blocking`` .
+               - Set the ``defaultLogDriverMode`` account setting to ``blocking`` .
 
             - **max-buffer-size** - Required: No
 
@@ -15998,7 +16004,7 @@ class CfnTaskDefinition(
             '''The ``LogConfiguration`` property specifies log configuration options to send to a custom log driver for the container.
 
             :param log_driver: The log driver to use for the container. For tasks on AWS Fargate , the supported log drivers are ``awslogs`` , ``splunk`` , and ``awsfirelens`` . For tasks hosted on Amazon EC2 instances, the supported log drivers are ``awslogs`` , ``fluentd`` , ``gelf`` , ``json-file`` , ``journald`` , ``syslog`` , ``splunk`` , and ``awsfirelens`` . For more information about using the ``awslogs`` log driver, see `Send Amazon ECS logs to CloudWatch <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_awslogs.html>`_ in the *Amazon Elastic Container Service Developer Guide* . For more information about using the ``awsfirelens`` log driver, see `Send Amazon ECS logs to an AWS service or AWS Partner <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html>`_ . .. epigraph:: If you have a custom driver that isn't listed, you can fork the Amazon ECS container agent project that's `available on GitHub <https://docs.aws.amazon.com/https://github.com/aws/amazon-ecs-agent>`_ and customize it to work with that driver. We encourage you to submit pull requests for changes that you would like to have included. However, we don't currently provide support for running modified copies of this software.
-            :param options: The configuration options to send to the log driver. The options you can specify depend on the log driver. Some of the options you can specify when you use the ``awslogs`` log driver to route logs to Amazon CloudWatch include the following: - **awslogs-create-group** - Required: No Specify whether you want the log group to be created automatically. If this option isn't specified, it defaults to ``false`` . .. epigraph:: Your IAM policy must include the ``logs:CreateLogGroup`` permission before you attempt to use ``awslogs-create-group`` . - **awslogs-region** - Required: Yes Specify the AWS Region that the ``awslogs`` log driver is to send your Docker logs to. You can choose to send all of your logs from clusters in different Regions to a single region in CloudWatch Logs. This is so that they're all visible in one location. Otherwise, you can separate them by Region for more granularity. Make sure that the specified log group exists in the Region that you specify with this option. - **awslogs-group** - Required: Yes Make sure to specify a log group that the ``awslogs`` log driver sends its log streams to. - **awslogs-stream-prefix** - Required: Yes, when using Fargate.Optional when using EC2. Use the ``awslogs-stream-prefix`` option to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task that the container belongs to. If you specify a prefix with this option, then the log stream takes the format ``prefix-name/container-name/ecs-task-id`` . If you don't specify a prefix with this option, then the log stream is named after the container ID that's assigned by the Docker daemon on the container instance. Because it's difficult to trace logs back to the container that sent them with just the Docker container ID (which is only available on the container instance), we recommend that you specify a prefix with this option. For Amazon ECS services, you can use the service name as the prefix. Doing so, you can trace log streams to the service that the container belongs to, the name of the container that sent them, and the ID of the task that the container belongs to. You must specify a stream-prefix for your logs to have your logs appear in the Log pane when using the Amazon ECS console. - **awslogs-datetime-format** - Required: No This option defines a multiline start pattern in Python ``strftime`` format. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. One example of a use case for using this format is for parsing output such as a stack dump, which might otherwise be logged in multiple entries. The correct pattern allows it to be captured in a single entry. For more information, see `awslogs-datetime-format <https://docs.aws.amazon.com/https://docs.docker.com/config/containers/logging/awslogs/#awslogs-datetime-format>`_ . You cannot configure both the ``awslogs-datetime-format`` and ``awslogs-multiline-pattern`` options. .. epigraph:: Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. - **awslogs-multiline-pattern** - Required: No This option defines a multiline start pattern that uses a regular expression. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. For more information, see `awslogs-multiline-pattern <https://docs.aws.amazon.com/https://docs.docker.com/config/containers/logging/awslogs/#awslogs-multiline-pattern>`_ . This option is ignored if ``awslogs-datetime-format`` is also configured. You cannot configure both the ``awslogs-datetime-format`` and ``awslogs-multiline-pattern`` options. .. epigraph:: Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. The following options apply to all supported log drivers. - **mode** - Required: No Valid values: ``non-blocking`` | ``blocking`` This option defines the delivery mode of log messages from the container to the log driver specified using ``logDriver`` . The delivery mode you choose affects application availability when the flow of logs from container is interrupted. If you use the ``blocking`` mode and the flow of logs is interrupted, calls from container code to write to the ``stdout`` and ``stderr`` streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure. If you use the ``non-blocking`` mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the ``max-buffer-size`` option. This prevents the application from becoming unresponsive when logs cannot be sent. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see `Preventing log loss with non-blocking mode in the ``awslogs`` container log driver <https://docs.aws.amazon.com/containers/preventing-log-loss-with-non-blocking-mode-in-the-awslogs-container-log-driver/>`_ . You can set a default ``mode`` for all containers in a specific AWS Region by using the ``defaultLogDriverMode`` account setting. If you don't specify the ``mode`` option or configure the account setting, Amazon ECS will default to the ``blocking`` mode. For more information about the account setting, see `Default log driver mode <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-account-settings.html#default-log-driver-mode>`_ in the *Amazon Elastic Container Service Developer Guide* . - **max-buffer-size** - Required: No Default value: ``1m`` When ``non-blocking`` mode is used, the ``max-buffer-size`` log option controls the size of the buffer that's used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost. To route logs using the ``splunk`` log router, you need to specify a ``splunk-token`` and a ``splunk-url`` . When you use the ``awsfirelens`` log router to route logs to an AWS Service or AWS Partner Network destination for log storage and analytics, you can set the ``log-driver-buffer-limit`` option to limit the number of events that are buffered in memory, before being sent to the log router container. It can help to resolve potential log loss issue because high throughput might result in memory running out for the buffer inside of Docker. Other options you can specify when using ``awsfirelens`` to route logs depend on the destination. When you export logs to Amazon Data Firehose, you can specify the AWS Region with ``region`` and a name for the log stream with ``delivery_stream`` . When you export logs to Amazon Kinesis Data Streams, you can specify an AWS Region with ``region`` and a data stream name with ``stream`` . When you export logs to Amazon OpenSearch Service, you can specify options like ``Name`` , ``Host`` (OpenSearch Service endpoint without protocol), ``Port`` , ``Index`` , ``Type`` , ``Aws_auth`` , ``Aws_region`` , ``Suppress_Type_Name`` , and ``tls`` . For more information, see `Under the hood: FireLens for Amazon ECS Tasks <https://docs.aws.amazon.com/containers/under-the-hood-firelens-for-amazon-ecs-tasks/>`_ . When you export logs to Amazon S3, you can specify the bucket using the ``bucket`` option. You can also specify ``region`` , ``total_file_size`` , ``upload_timeout`` , and ``use_put_object`` as options. This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'``
+            :param options: The configuration options to send to the log driver. The options you can specify depend on the log driver. Some of the options you can specify when you use the ``awslogs`` log driver to route logs to Amazon CloudWatch include the following: - **awslogs-create-group** - Required: No Specify whether you want the log group to be created automatically. If this option isn't specified, it defaults to ``false`` . .. epigraph:: Your IAM policy must include the ``logs:CreateLogGroup`` permission before you attempt to use ``awslogs-create-group`` . - **awslogs-region** - Required: Yes Specify the AWS Region that the ``awslogs`` log driver is to send your Docker logs to. You can choose to send all of your logs from clusters in different Regions to a single region in CloudWatch Logs. This is so that they're all visible in one location. Otherwise, you can separate them by Region for more granularity. Make sure that the specified log group exists in the Region that you specify with this option. - **awslogs-group** - Required: Yes Make sure to specify a log group that the ``awslogs`` log driver sends its log streams to. - **awslogs-stream-prefix** - Required: Yes, when using Fargate.Optional when using EC2. Use the ``awslogs-stream-prefix`` option to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task that the container belongs to. If you specify a prefix with this option, then the log stream takes the format ``prefix-name/container-name/ecs-task-id`` . If you don't specify a prefix with this option, then the log stream is named after the container ID that's assigned by the Docker daemon on the container instance. Because it's difficult to trace logs back to the container that sent them with just the Docker container ID (which is only available on the container instance), we recommend that you specify a prefix with this option. For Amazon ECS services, you can use the service name as the prefix. Doing so, you can trace log streams to the service that the container belongs to, the name of the container that sent them, and the ID of the task that the container belongs to. You must specify a stream-prefix for your logs to have your logs appear in the Log pane when using the Amazon ECS console. - **awslogs-datetime-format** - Required: No This option defines a multiline start pattern in Python ``strftime`` format. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. One example of a use case for using this format is for parsing output such as a stack dump, which might otherwise be logged in multiple entries. The correct pattern allows it to be captured in a single entry. For more information, see `awslogs-datetime-format <https://docs.aws.amazon.com/https://docs.docker.com/config/containers/logging/awslogs/#awslogs-datetime-format>`_ . You cannot configure both the ``awslogs-datetime-format`` and ``awslogs-multiline-pattern`` options. .. epigraph:: Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. - **awslogs-multiline-pattern** - Required: No This option defines a multiline start pattern that uses a regular expression. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. For more information, see `awslogs-multiline-pattern <https://docs.aws.amazon.com/https://docs.docker.com/config/containers/logging/awslogs/#awslogs-multiline-pattern>`_ . This option is ignored if ``awslogs-datetime-format`` is also configured. You cannot configure both the ``awslogs-datetime-format`` and ``awslogs-multiline-pattern`` options. .. epigraph:: Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. The following options apply to all supported log drivers. - **mode** - Required: No Valid values: ``non-blocking`` | ``blocking`` This option defines the delivery mode of log messages from the container to the log driver specified using ``logDriver`` . The delivery mode you choose affects application availability when the flow of logs from container is interrupted. If you use the ``blocking`` mode and the flow of logs is interrupted, calls from container code to write to the ``stdout`` and ``stderr`` streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure. If you use the ``non-blocking`` mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the ``max-buffer-size`` option. This prevents the application from becoming unresponsive when logs cannot be sent. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see `Preventing log loss with non-blocking mode in the ``awslogs`` container log driver <https://docs.aws.amazon.com/containers/preventing-log-loss-with-non-blocking-mode-in-the-awslogs-container-log-driver/>`_ . You can set a default ``mode`` for all containers in a specific AWS Region by using the ``defaultLogDriverMode`` account setting. If you don't specify the ``mode`` option or configure the account setting, Amazon ECS will default to the ``blocking`` mode. For more information about the account setting, see `Default log driver mode <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-account-settings.html#default-log-driver-mode>`_ in the *Amazon Elastic Container Service Developer Guide* . .. epigraph:: On June 25, 2025, Amazon ECS is changing the default log driver mode from ``blocking`` to ``non-blocking`` to prioritize task availability over logging. To continue using the ``blocking`` mode after this change, do one of the following: - Set the ``mode`` option in your container definition's ``logConfiguration`` as ``blocking`` . - Set the ``defaultLogDriverMode`` account setting to ``blocking`` . - **max-buffer-size** - Required: No Default value: ``1m`` When ``non-blocking`` mode is used, the ``max-buffer-size`` log option controls the size of the buffer that's used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost. To route logs using the ``splunk`` log router, you need to specify a ``splunk-token`` and a ``splunk-url`` . When you use the ``awsfirelens`` log router to route logs to an AWS Service or AWS Partner Network destination for log storage and analytics, you can set the ``log-driver-buffer-limit`` option to limit the number of events that are buffered in memory, before being sent to the log router container. It can help to resolve potential log loss issue because high throughput might result in memory running out for the buffer inside of Docker. Other options you can specify when using ``awsfirelens`` to route logs depend on the destination. When you export logs to Amazon Data Firehose, you can specify the AWS Region with ``region`` and a name for the log stream with ``delivery_stream`` . When you export logs to Amazon Kinesis Data Streams, you can specify an AWS Region with ``region`` and a data stream name with ``stream`` . When you export logs to Amazon OpenSearch Service, you can specify options like ``Name`` , ``Host`` (OpenSearch Service endpoint without protocol), ``Port`` , ``Index`` , ``Type`` , ``Aws_auth`` , ``Aws_region`` , ``Suppress_Type_Name`` , and ``tls`` . For more information, see `Under the hood: FireLens for Amazon ECS Tasks <https://docs.aws.amazon.com/containers/under-the-hood-firelens-for-amazon-ecs-tasks/>`_ . When you export logs to Amazon S3, you can specify the bucket using the ``bucket`` option. You can also specify ``region`` , ``total_file_size`` , ``upload_timeout`` , and ``use_put_object`` as options. This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'``
             :param secret_options: The secrets to pass to the log configuration. For more information, see `Specifying sensitive data <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-logconfiguration.html
@@ -16129,6 +16135,12 @@ class CfnTaskDefinition(
             If you use the ``non-blocking`` mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the ``max-buffer-size`` option. This prevents the application from becoming unresponsive when logs cannot be sent. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see `Preventing log loss with non-blocking mode in the ``awslogs`` container log driver <https://docs.aws.amazon.com/containers/preventing-log-loss-with-non-blocking-mode-in-the-awslogs-container-log-driver/>`_ .
 
             You can set a default ``mode`` for all containers in a specific AWS Region by using the ``defaultLogDriverMode`` account setting. If you don't specify the ``mode`` option or configure the account setting, Amazon ECS will default to the ``blocking`` mode. For more information about the account setting, see `Default log driver mode <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-account-settings.html#default-log-driver-mode>`_ in the *Amazon Elastic Container Service Developer Guide* .
+            .. epigraph::
+
+               On June 25, 2025, Amazon ECS is changing the default log driver mode from ``blocking`` to ``non-blocking`` to prioritize task availability over logging. To continue using the ``blocking`` mode after this change, do one of the following:
+
+               - Set the ``mode`` option in your container definition's ``logConfiguration`` as ``blocking`` .
+               - Set the ``defaultLogDriverMode`` account setting to ``blocking`` .
 
             - **max-buffer-size** - Required: No