aws-cdk-lib 2.90.0__py3-none-any.whl → 2.92.0__py3-none-any.whl

aws_cdk/aws_dynamodb/__init__.py

@@ -457,7 +457,6 @@ class CfnGlobalTable(
     - ``dynamodb:UpdateContributorInsights``
     - ``dynamodb:UpdateContinuousBackups``
     - ``dynamodb:ListTagsOfResource``
-    - ``dynamodb:TableClass``
     - ``dynamodb:TagResource``
     - ``dynamodb:UntagResource``
     - ``dynamodb:BatchWriteItem``

aws_cdk/aws_ec2/__init__.py

@@ -12433,7 +12433,7 @@ class CfnEC2Fleet(
 
             ``TagSpecification`` is a property of the `AWS::EC2::EC2Fleet <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ec2fleet.html>`_ resource.
 
-            :param resource_type: The type of resource to tag. ``ResourceType`` must be ``fleet`` .
+            :param resource_type: The type of resource to tag.
             :param tags: The tags to apply to the resource.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-ec2fleet-tagspecification.html
@@ -12467,8 +12467,6 @@ class CfnEC2Fleet(
         def resource_type(self) -> typing.Optional[builtins.str]:
             '''The type of resource to tag.
 
-            ``ResourceType`` must be ``fleet`` .
-
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-ec2fleet-tagspecification.html#cfn-ec2-ec2fleet-tagspecification-resourcetype
             '''
             result = self._values.get("resource_type")
@@ -15080,6 +15078,7 @@ class CfnHost(
             availability_zone="availabilityZone",
         
             # the properties below are optional
+            asset_id="assetId",
             auto_placement="autoPlacement",
             host_maintenance="hostMaintenance",
             host_recovery="hostRecovery",
@@ -15095,6 +15094,7 @@ class CfnHost(
         id: builtins.str,
         *,
         availability_zone: builtins.str,
+        asset_id: typing.Optional[builtins.str] = None,
         auto_placement: typing.Optional[builtins.str] = None,
         host_maintenance: typing.Optional[builtins.str] = None,
         host_recovery: typing.Optional[builtins.str] = None,
@@ -15106,6 +15106,7 @@ class CfnHost(
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
         :param availability_zone: The Availability Zone in which to allocate the Dedicated Host.
+        :param asset_id: The ID of the Outpost hardware asset on which the Dedicated Host is allocated.
         :param auto_placement: Indicates whether the host accepts any untargeted instance launches that match its instance type configuration, or if it only accepts Host tenancy instance launches that specify its unique host ID. For more information, see `Understanding auto-placement and affinity <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/how-dedicated-hosts-work.html#dedicated-hosts-understanding>`_ in the *Amazon EC2 User Guide* . Default: ``on``
         :param host_maintenance: Indicates whether host maintenance is enabled or disabled for the Dedicated Host.
         :param host_recovery: Indicates whether to enable or disable host recovery for the Dedicated Host. Host recovery is disabled by default. For more information, see `Host recovery <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-hosts-recovery.html>`_ in the *Amazon EC2 User Guide* . Default: ``off``
@@ -15119,6 +15120,7 @@ class CfnHost(
             check_type(argname="argument id", value=id, expected_type=type_hints["id"])
         props = CfnHostProps(
             availability_zone=availability_zone,
+            asset_id=asset_id,
             auto_placement=auto_placement,
             host_maintenance=host_maintenance,
             host_recovery=host_recovery,
@@ -15186,6 +15188,19 @@ class CfnHost(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "availabilityZone", value)
 
+    @builtins.property
+    @jsii.member(jsii_name="assetId")
+    def asset_id(self) -> typing.Optional[builtins.str]:
+        '''The ID of the Outpost hardware asset on which the Dedicated Host is allocated.'''
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "assetId"))
+
+    @asset_id.setter
+    def asset_id(self, value: typing.Optional[builtins.str]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__ef92a5203275a4f9d2ce9835a43f6cd82cac31cb59c1d0ce172cbfc9e50fbefb)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "assetId", value)
+
     @builtins.property
     @jsii.member(jsii_name="autoPlacement")
     def auto_placement(self) -> typing.Optional[builtins.str]:
@@ -15270,6 +15285,7 @@ class CfnHost(
     jsii_struct_bases=[],
     name_mapping={
         "availability_zone": "availabilityZone",
+        "asset_id": "assetId",
         "auto_placement": "autoPlacement",
         "host_maintenance": "hostMaintenance",
         "host_recovery": "hostRecovery",
@@ -15283,6 +15299,7 @@ class CfnHostProps:
         self,
         *,
         availability_zone: builtins.str,
+        asset_id: typing.Optional[builtins.str] = None,
         auto_placement: typing.Optional[builtins.str] = None,
         host_maintenance: typing.Optional[builtins.str] = None,
         host_recovery: typing.Optional[builtins.str] = None,
@@ -15293,6 +15310,7 @@ class CfnHostProps:
         '''Properties for defining a ``CfnHost``.
 
         :param availability_zone: The Availability Zone in which to allocate the Dedicated Host.
+        :param asset_id: The ID of the Outpost hardware asset on which the Dedicated Host is allocated.
         :param auto_placement: Indicates whether the host accepts any untargeted instance launches that match its instance type configuration, or if it only accepts Host tenancy instance launches that specify its unique host ID. For more information, see `Understanding auto-placement and affinity <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/how-dedicated-hosts-work.html#dedicated-hosts-understanding>`_ in the *Amazon EC2 User Guide* . Default: ``on``
         :param host_maintenance: Indicates whether host maintenance is enabled or disabled for the Dedicated Host.
         :param host_recovery: Indicates whether to enable or disable host recovery for the Dedicated Host. Host recovery is disabled by default. For more information, see `Host recovery <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-hosts-recovery.html>`_ in the *Amazon EC2 User Guide* . Default: ``off``
@@ -15313,6 +15331,7 @@ class CfnHostProps:
                 availability_zone="availabilityZone",
             
                 # the properties below are optional
+                asset_id="assetId",
                 auto_placement="autoPlacement",
                 host_maintenance="hostMaintenance",
                 host_recovery="hostRecovery",
@@ -15324,6 +15343,7 @@ class CfnHostProps:
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__6b2753a5bf48a7bda574bdc6bf8ca7f9c31c7e48329df5f793f75cfb822ea308)
             check_type(argname="argument availability_zone", value=availability_zone, expected_type=type_hints["availability_zone"])
+            check_type(argname="argument asset_id", value=asset_id, expected_type=type_hints["asset_id"])
             check_type(argname="argument auto_placement", value=auto_placement, expected_type=type_hints["auto_placement"])
             check_type(argname="argument host_maintenance", value=host_maintenance, expected_type=type_hints["host_maintenance"])
             check_type(argname="argument host_recovery", value=host_recovery, expected_type=type_hints["host_recovery"])
@@ -15333,6 +15353,8 @@ class CfnHostProps:
         self._values: typing.Dict[builtins.str, typing.Any] = {
             "availability_zone": availability_zone,
         }
+        if asset_id is not None:
+            self._values["asset_id"] = asset_id
         if auto_placement is not None:
             self._values["auto_placement"] = auto_placement
         if host_maintenance is not None:
@@ -15356,6 +15378,15 @@ class CfnHostProps:
         assert result is not None, "Required property 'availability_zone' is missing"
         return typing.cast(builtins.str, result)
 
+    @builtins.property
+    def asset_id(self) -> typing.Optional[builtins.str]:
+        '''The ID of the Outpost hardware asset on which the Dedicated Host is allocated.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-host.html#cfn-ec2-host-assetid
+        '''
+        result = self._values.get("asset_id")
+        return typing.cast(typing.Optional[builtins.str], result)
+
     @builtins.property
     def auto_placement(self) -> typing.Optional[builtins.str]:
         '''Indicates whether the host accepts any untargeted instance launches that match its instance type configuration, or if it only accepts Host tenancy instance launches that specify its unique host ID.
@@ -28611,8 +28642,8 @@ class CfnNatGateway(
         :param max_drain_duration_seconds: The maximum amount of time to wait (in seconds) before forcibly releasing the IP addresses if connections are still in progress. Default value is 350 seconds.
         :param private_ip_address: The private IPv4 address to assign to the NAT gateway. If you don't provide an address, a private IPv4 address will be automatically assigned.
         :param secondary_allocation_ids: Secondary EIP allocation IDs. For more information, see `Create a NAT gateway <https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating>`_ in the *Amazon VPC User Guide* .
-        :param secondary_private_ip_address_count: [Private NAT gateway only] The number of secondary private IPv4 addresses you want to assign to the NAT gateway. For more information about secondary addresses, see `Create a NAT gateway <https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating>`_ in the *Amazon Virtual Private Cloud User Guide* . .. epigraph:: ``SecondaryPrivateIpAddressCount`` and ``SecondaryPrivateIpAddresses`` cannot be set at the same time.
-        :param secondary_private_ip_addresses: Secondary private IPv4 addresses. For more information about secondary addresses, see `Create a NAT gateway <https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating>`_ in the *Amazon Virtual Private Cloud User Guide* . .. epigraph:: ``SecondaryPrivateIpAddressCount`` and ``SecondaryPrivateIpAddresses`` cannot be set at the same time.
+        :param secondary_private_ip_address_count: [Private NAT gateway only] The number of secondary private IPv4 addresses you want to assign to the NAT gateway. For more information about secondary addresses, see `Create a NAT gateway <https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating>`_ in the *Amazon Virtual Private Cloud User Guide* . ``SecondaryPrivateIpAddressCount`` and ``SecondaryPrivateIpAddresses`` cannot be set at the same time.
+        :param secondary_private_ip_addresses: Secondary private IPv4 addresses. For more information about secondary addresses, see `Create a NAT gateway <https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating>`_ in the *Amazon Virtual Private Cloud User Guide* . ``SecondaryPrivateIpAddressCount`` and ``SecondaryPrivateIpAddresses`` cannot be set at the same time.
         :param tags: The tags for the NAT gateway.
         '''
         if __debug__:
@@ -28849,8 +28880,8 @@ class CfnNatGatewayProps:
         :param max_drain_duration_seconds: The maximum amount of time to wait (in seconds) before forcibly releasing the IP addresses if connections are still in progress. Default value is 350 seconds.
         :param private_ip_address: The private IPv4 address to assign to the NAT gateway. If you don't provide an address, a private IPv4 address will be automatically assigned.
         :param secondary_allocation_ids: Secondary EIP allocation IDs. For more information, see `Create a NAT gateway <https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating>`_ in the *Amazon VPC User Guide* .
-        :param secondary_private_ip_address_count: [Private NAT gateway only] The number of secondary private IPv4 addresses you want to assign to the NAT gateway. For more information about secondary addresses, see `Create a NAT gateway <https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating>`_ in the *Amazon Virtual Private Cloud User Guide* . .. epigraph:: ``SecondaryPrivateIpAddressCount`` and ``SecondaryPrivateIpAddresses`` cannot be set at the same time.
-        :param secondary_private_ip_addresses: Secondary private IPv4 addresses. For more information about secondary addresses, see `Create a NAT gateway <https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating>`_ in the *Amazon Virtual Private Cloud User Guide* . .. epigraph:: ``SecondaryPrivateIpAddressCount`` and ``SecondaryPrivateIpAddresses`` cannot be set at the same time.
+        :param secondary_private_ip_address_count: [Private NAT gateway only] The number of secondary private IPv4 addresses you want to assign to the NAT gateway. For more information about secondary addresses, see `Create a NAT gateway <https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating>`_ in the *Amazon Virtual Private Cloud User Guide* . ``SecondaryPrivateIpAddressCount`` and ``SecondaryPrivateIpAddresses`` cannot be set at the same time.
+        :param secondary_private_ip_addresses: Secondary private IPv4 addresses. For more information about secondary addresses, see `Create a NAT gateway <https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating>`_ in the *Amazon Virtual Private Cloud User Guide* . ``SecondaryPrivateIpAddressCount`` and ``SecondaryPrivateIpAddresses`` cannot be set at the same time.
         :param tags: The tags for the NAT gateway.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-natgateway.html
@@ -28980,9 +29011,8 @@ class CfnNatGatewayProps:
         '''[Private NAT gateway only] The number of secondary private IPv4 addresses you want to assign to the NAT gateway.
 
         For more information about secondary addresses, see `Create a NAT gateway <https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating>`_ in the *Amazon Virtual Private Cloud User Guide* .
-        .. epigraph::
 
-           ``SecondaryPrivateIpAddressCount`` and ``SecondaryPrivateIpAddresses`` cannot be set at the same time.
+        ``SecondaryPrivateIpAddressCount`` and ``SecondaryPrivateIpAddresses`` cannot be set at the same time.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-natgateway.html#cfn-ec2-natgateway-secondaryprivateipaddresscount
         '''
@@ -28996,9 +29026,8 @@ class CfnNatGatewayProps:
         '''Secondary private IPv4 addresses.
 
         For more information about secondary addresses, see `Create a NAT gateway <https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating>`_ in the *Amazon Virtual Private Cloud User Guide* .
-        .. epigraph::
 
-           ``SecondaryPrivateIpAddressCount`` and ``SecondaryPrivateIpAddresses`` cannot be set at the same time.
+        ``SecondaryPrivateIpAddressCount`` and ``SecondaryPrivateIpAddresses`` cannot be set at the same time.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-natgateway.html#cfn-ec2-natgateway-secondaryprivateipaddresses
         '''
@@ -35243,7 +35272,7 @@ class CfnNetworkInterface(
         :param id: Construct identifier for this resource (unique in its scope).
         :param subnet_id: The ID of the subnet to associate with the network interface.
         :param description: A description for the network interface.
-        :param enable_primary_ipv6: If you have instances or ENIs that rely on the IPv6 address not changing, to avoid disrupting traffic to instances or ENIs, you can enable a primary IPv6 address. Enable this option to automatically assign an IPv6 associated with the ENI attached to your instance to be the primary IPv6 address. When you enable an IPv6 address to be a primary IPv6, you cannot disable it. Traffic will be routed to the primary IPv6 address until the instance is terminated or the ENI is detached. If you have multiple IPv6 addresses associated with an ENI and you enable a primary IPv6 address, the first IPv6 address associated with the ENI becomes the primary IPv6 address.
+        :param enable_primary_ipv6: If you’re modifying a network interface in a dual-stack or IPv6-only subnet, you have the option to assign a primary IPv6 IP address. A primary IPv6 address is an IPv6 GUA address associated with an ENI that you have enabled to use a primary IPv6 address. Use this option if the instance that this ENI will be attached to relies on its IPv6 address not changing. AWS will automatically assign an IPv6 address associated with the ENI attached to your instance to be the primary IPv6 address. Once you enable an IPv6 GUA address to be a primary IPv6, you cannot disable it. When you enable an IPv6 GUA address to be a primary IPv6, the first IPv6 GUA will be made the primary IPv6 address until the instance is terminated or the network interface is detached. If you have multiple IPv6 addresses associated with an ENI attached to your instance and you enable a primary IPv6 address, the first IPv6 GUA address associated with the ENI becomes the primary IPv6 address.
         :param group_set: The security group IDs associated with this network interface.
         :param interface_type: The type of network interface. The default is ``interface`` . The supported values are ``efa`` and ``trunk`` .
         :param ipv6_address_count: The number of IPv6 addresses to assign to a network interface. Amazon EC2 automatically selects the IPv6 addresses from the subnet range. To specify specific IPv6 addresses, use the ``Ipv6Addresses`` property and don't specify this property.
@@ -35378,7 +35407,7 @@ class CfnNetworkInterface(
     def enable_primary_ipv6(
         self,
     ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
-        '''If you have instances or ENIs that rely on the IPv6 address not changing, to avoid disrupting traffic to instances or ENIs, you can enable a primary IPv6 address.'''
+        '''If you’re modifying a network interface in a dual-stack or IPv6-only subnet, you have the option to assign a primary IPv6 IP address.'''
         return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], jsii.get(self, "enablePrimaryIpv6"))
 
     @enable_primary_ipv6.setter
@@ -36195,7 +36224,7 @@ class CfnNetworkInterfaceProps:
 
         :param subnet_id: The ID of the subnet to associate with the network interface.
         :param description: A description for the network interface.
-        :param enable_primary_ipv6: If you have instances or ENIs that rely on the IPv6 address not changing, to avoid disrupting traffic to instances or ENIs, you can enable a primary IPv6 address. Enable this option to automatically assign an IPv6 associated with the ENI attached to your instance to be the primary IPv6 address. When you enable an IPv6 address to be a primary IPv6, you cannot disable it. Traffic will be routed to the primary IPv6 address until the instance is terminated or the ENI is detached. If you have multiple IPv6 addresses associated with an ENI and you enable a primary IPv6 address, the first IPv6 address associated with the ENI becomes the primary IPv6 address.
+        :param enable_primary_ipv6: If you’re modifying a network interface in a dual-stack or IPv6-only subnet, you have the option to assign a primary IPv6 IP address. A primary IPv6 address is an IPv6 GUA address associated with an ENI that you have enabled to use a primary IPv6 address. Use this option if the instance that this ENI will be attached to relies on its IPv6 address not changing. AWS will automatically assign an IPv6 address associated with the ENI attached to your instance to be the primary IPv6 address. Once you enable an IPv6 GUA address to be a primary IPv6, you cannot disable it. When you enable an IPv6 GUA address to be a primary IPv6, the first IPv6 GUA will be made the primary IPv6 address until the instance is terminated or the network interface is detached. If you have multiple IPv6 addresses associated with an ENI attached to your instance and you enable a primary IPv6 address, the first IPv6 GUA address associated with the ENI becomes the primary IPv6 address.
         :param group_set: The security group IDs associated with this network interface.
         :param interface_type: The type of network interface. The default is ``interface`` . The supported values are ``efa`` and ``trunk`` .
         :param ipv6_address_count: The number of IPv6 addresses to assign to a network interface. Amazon EC2 automatically selects the IPv6 addresses from the subnet range. To specify specific IPv6 addresses, use the ``Ipv6Addresses`` property and don't specify this property.
@@ -36303,9 +36332,9 @@ class CfnNetworkInterfaceProps:
     def enable_primary_ipv6(
         self,
     ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
-        '''If you have instances or ENIs that rely on the IPv6 address not changing, to avoid disrupting traffic to instances or ENIs, you can enable a primary IPv6 address.
+        '''If you’re modifying a network interface in a dual-stack or IPv6-only subnet, you have the option to assign a primary IPv6 IP address.
 
-        Enable this option to automatically assign an IPv6 associated with the ENI attached to your instance to be the primary IPv6 address. When you enable an IPv6 address to be a primary IPv6, you cannot disable it. Traffic will be routed to the primary IPv6 address until the instance is terminated or the ENI is detached. If you have multiple IPv6 addresses associated with an ENI and you enable a primary IPv6 address, the first IPv6 address associated with the ENI becomes the primary IPv6 address.
+        A primary IPv6 address is an IPv6 GUA address associated with an ENI that you have enabled to use a primary IPv6 address. Use this option if the instance that this ENI will be attached to relies on its IPv6 address not changing. AWS will automatically assign an IPv6 address associated with the ENI attached to your instance to be the primary IPv6 address. Once you enable an IPv6 GUA address to be a primary IPv6, you cannot disable it. When you enable an IPv6 GUA address to be a primary IPv6, the first IPv6 GUA will be made the primary IPv6 address until the instance is terminated or the network interface is detached. If you have multiple IPv6 addresses associated with an ENI attached to your instance and you enable a primary IPv6 address, the first IPv6 GUA address associated with the ENI becomes the primary IPv6 address.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-networkinterface.html#cfn-ec2-networkinterface-enableprimaryipv6
         '''
@@ -37532,12 +37561,13 @@ class CfnRoute(
         return typing.cast(builtins.str, jsii.sget(cls, "CFN_RESOURCE_TYPE_NAME"))
 
     @builtins.property
-    @jsii.member(jsii_name="attrId")
-    def attr_id(self) -> builtins.str:
-        '''
-        :cloudformationAttribute: Id
+    @jsii.member(jsii_name="attrCidrBlock")
+    def attr_cidr_block(self) -> builtins.str:
+        '''The IPv4 CIDR block.
+
+        :cloudformationAttribute: CidrBlock
         '''
-        return typing.cast(builtins.str, jsii.get(self, "attrId"))
+        return typing.cast(builtins.str, jsii.get(self, "attrCidrBlock"))
 
     @builtins.property
     @jsii.member(jsii_name="cfnProperties")
@@ -90168,6 +90198,7 @@ def _typecheckingstub__e3a07acffdb551edbc817b7c424628c812f21356d7f697757a332323f
     id: builtins.str,
     *,
     availability_zone: builtins.str,
+    asset_id: typing.Optional[builtins.str] = None,
     auto_placement: typing.Optional[builtins.str] = None,
     host_maintenance: typing.Optional[builtins.str] = None,
     host_recovery: typing.Optional[builtins.str] = None,
@@ -90196,6 +90227,12 @@ def _typecheckingstub__8f2943fd7038584c6a32abc7ac0a93f4b0f4c63881cfa72150bd73ada
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__ef92a5203275a4f9d2ce9835a43f6cd82cac31cb59c1d0ce172cbfc9e50fbefb(
+    value: typing.Optional[builtins.str],
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__847519b23588450ab8d14c5778b80f32cdf5fa3f1ca8c772c0b129d3a9ad3c32(
     value: typing.Optional[builtins.str],
 ) -> None:
@@ -90235,6 +90272,7 @@ def _typecheckingstub__1e93e24d3ea88403b39f7d948c7495b074446c1b676d25cd60fc9a3a5
 def _typecheckingstub__6b2753a5bf48a7bda574bdc6bf8ca7f9c31c7e48329df5f793f75cfb822ea308(
     *,
     availability_zone: builtins.str,
+    asset_id: typing.Optional[builtins.str] = None,
     auto_placement: typing.Optional[builtins.str] = None,
     host_maintenance: typing.Optional[builtins.str] = None,
     host_recovery: typing.Optional[builtins.str] = None,

aws_cdk/aws_ecs/__init__.py

@@ -5390,7 +5390,7 @@ class CfnCapacityProvider(
         ) -> None:
             '''The details of the Auto Scaling group for the capacity provider.
 
-            :param auto_scaling_group_arn: The Amazon Resource Name (ARN) that identifies the Auto Scaling group.
+            :param auto_scaling_group_arn: The Amazon Resource Name (ARN) that identifies the Auto Scaling group, or the Auto Scaling group name.
             :param managed_scaling: The managed scaling settings for the Auto Scaling group capacity provider.
             :param managed_termination_protection: The managed termination protection setting to use for the Auto Scaling group capacity provider. This determines whether the Auto Scaling group has managed termination protection. The default is off. .. epigraph:: When using managed termination protection, managed scaling must also be used otherwise managed termination protection doesn't work. When managed termination protection is on, Amazon ECS prevents the Amazon EC2 instances in an Auto Scaling group that contain tasks from being terminated during a scale-in action. The Auto Scaling group and each instance in the Auto Scaling group must have instance protection from scale-in actions on as well. For more information, see `Instance Protection <https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-instance-termination.html#instance-protection>`_ in the *AWS Auto Scaling User Guide* . When managed termination protection is off, your Amazon EC2 instances aren't protected from termination when the Auto Scaling group scales in.
 
@@ -5432,7 +5432,7 @@ class CfnCapacityProvider(
 
         @builtins.property
         def auto_scaling_group_arn(self) -> builtins.str:
-            '''The Amazon Resource Name (ARN) that identifies the Auto Scaling group.
+            '''The Amazon Resource Name (ARN) that identifies the Auto Scaling group, or the Auto Scaling group name.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-capacityprovider-autoscalinggroupprovider.html#cfn-ecs-capacityprovider-autoscalinggroupprovider-autoscalinggrouparn
             '''
@@ -5508,7 +5508,7 @@ class CfnCapacityProvider(
             If managed scaling is off, the user must manage the scaling of the Auto Scaling group.
 
             :param instance_warmup_period: The period of time, in seconds, after a newly launched Amazon EC2 instance can contribute to CloudWatch metrics for Auto Scaling group. If this parameter is omitted, the default value of ``300`` seconds is used.
-            :param maximum_scaling_step_size: The maximum number of Amazon EC2 instances that Amazon ECS will scale out at one time. The scale in process is not affected by this parameter. If this parameter is omitted, the default value of ``1`` is used.
+            :param maximum_scaling_step_size: The maximum number of Amazon EC2 instances that Amazon ECS will scale out at one time. The scale in process is not affected by this parameter. If this parameter is omitted, the default value of ``10000`` is used.
             :param minimum_scaling_step_size: The minimum number of Amazon EC2 instances that Amazon ECS will scale out at one time. The scale in process is not affected by this parameter If this parameter is omitted, the default value of ``1`` is used. When additional capacity is required, Amazon ECS will scale up the minimum scaling step size even if the actual demand is less than the minimum scaling step size. If you use a capacity provider with an Auto Scaling group configured with more than one Amazon EC2 instance type or Availability Zone, Amazon ECS will scale up by the exact minimum scaling step size value and will ignore both the maximum scaling step size as well as the capacity demand.
             :param status: Determines whether to use managed scaling for the capacity provider.
             :param target_capacity: The target capacity utilization as a percentage for the capacity provider. The specified value must be greater than ``0`` and less than or equal to ``100`` . For example, if you want the capacity provider to maintain 10% spare capacity, then that means the utilization is 90%, so use a ``targetCapacity`` of ``90`` . The default value of ``100`` percent results in the Amazon EC2 instances in your Auto Scaling group being completely used.
@@ -5564,7 +5564,7 @@ class CfnCapacityProvider(
         def maximum_scaling_step_size(self) -> typing.Optional[jsii.Number]:
             '''The maximum number of Amazon EC2 instances that Amazon ECS will scale out at one time.
 
-            The scale in process is not affected by this parameter. If this parameter is omitted, the default value of ``1`` is used.
+            The scale in process is not affected by this parameter. If this parameter is omitted, the default value of ``10000`` is used.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-capacityprovider-managedscaling.html#cfn-ecs-capacityprovider-managedscaling-maximumscalingstepsize
             '''
@@ -8673,7 +8673,12 @@ class CfnService(
 
             Understand the following when specifying a log configuration for your containers.
 
-            - Amazon ECS currently supports a subset of the logging drivers available to the Docker daemon (shown in the valid values below). Additional log drivers may be available in future releases of the Amazon ECS container agent.
+            - Amazon ECS currently supports a subset of the logging drivers available to the Docker daemon. Additional log drivers may be available in future releases of the Amazon ECS container agent.
+
+            For tasks on AWS Fargate , the supported log drivers are ``awslogs`` , ``splunk`` , and ``awsfirelens`` .
+
+            For tasks hosted on Amazon EC2 instances, the supported log drivers are ``awslogs`` , ``fluentd`` , ``gelf`` , ``json-file`` , ``journald`` , ``logentries`` , ``syslog`` , ``splunk`` , and ``awsfirelens`` .
+
             - This parameter requires version 1.18 of the Docker Remote API or greater on your container instance.
             - For tasks that are hosted on Amazon EC2 instances, the Amazon ECS container agent must register the available logging drivers with the ``ECS_AVAILABLE_LOGGING_DRIVERS`` environment variable before containers placed on that instance can use these log configuration options. For more information, see `Amazon ECS container agent configuration <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
             - For tasks that are on AWS Fargate , because you don't have access to the underlying infrastructure your tasks are hosted on, any additional software needed must be installed outside of the task. For example, the Fluentd output aggregators or a remote host running Logstash to send Gelf logs to.
@@ -9188,7 +9193,7 @@ class CfnService(
             Tasks that run in a namespace can use short names to connect to services in the namespace. Tasks can connect to services across all of the clusters in the namespace. Tasks connect through a managed proxy container that collects logs and metrics for increased visibility. Only the tasks that Amazon ECS services create are supported with Service Connect. For more information, see `Service Connect <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
 
             :param enabled: Specifies whether to use Service Connect with this service.
-            :param log_configuration: The log configuration for the container. This parameter maps to ``LogConfig`` in the `Create a container <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate>`_ section of the `Docker Remote API <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/>`_ and the ``--log-driver`` option to ```docker run`` <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/commandline/run/>`_ . By default, containers use the same logging driver that the Docker daemon uses. However, the container might use a different logging driver than the Docker daemon by specifying a log driver configuration in the container definition. For more information about the options for different supported log drivers, see `Configure logging drivers <https://docs.aws.amazon.com/https://docs.docker.com/engine/admin/logging/overview/>`_ in the Docker documentation. Understand the following when specifying a log configuration for your containers. - Amazon ECS currently supports a subset of the logging drivers available to the Docker daemon (shown in the valid values below). Additional log drivers may be available in future releases of the Amazon ECS container agent. - This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. - For tasks that are hosted on Amazon EC2 instances, the Amazon ECS container agent must register the available logging drivers with the ``ECS_AVAILABLE_LOGGING_DRIVERS`` environment variable before containers placed on that instance can use these log configuration options. For more information, see `Amazon ECS container agent configuration <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html>`_ in the *Amazon Elastic Container Service Developer Guide* . - For tasks that are on AWS Fargate , because you don't have access to the underlying infrastructure your tasks are hosted on, any additional software needed must be installed outside of the task. For example, the Fluentd output aggregators or a remote host running Logstash to send Gelf logs to.
+            :param log_configuration: The log configuration for the container. This parameter maps to ``LogConfig`` in the `Create a container <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate>`_ section of the `Docker Remote API <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/>`_ and the ``--log-driver`` option to ```docker run`` <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/commandline/run/>`_ . By default, containers use the same logging driver that the Docker daemon uses. However, the container might use a different logging driver than the Docker daemon by specifying a log driver configuration in the container definition. For more information about the options for different supported log drivers, see `Configure logging drivers <https://docs.aws.amazon.com/https://docs.docker.com/engine/admin/logging/overview/>`_ in the Docker documentation. Understand the following when specifying a log configuration for your containers. - Amazon ECS currently supports a subset of the logging drivers available to the Docker daemon. Additional log drivers may be available in future releases of the Amazon ECS container agent. For tasks on AWS Fargate , the supported log drivers are ``awslogs`` , ``splunk`` , and ``awsfirelens`` . For tasks hosted on Amazon EC2 instances, the supported log drivers are ``awslogs`` , ``fluentd`` , ``gelf`` , ``json-file`` , ``journald`` , ``logentries`` , ``syslog`` , ``splunk`` , and ``awsfirelens`` . - This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. - For tasks that are hosted on Amazon EC2 instances, the Amazon ECS container agent must register the available logging drivers with the ``ECS_AVAILABLE_LOGGING_DRIVERS`` environment variable before containers placed on that instance can use these log configuration options. For more information, see `Amazon ECS container agent configuration <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html>`_ in the *Amazon Elastic Container Service Developer Guide* . - For tasks that are on AWS Fargate , because you don't have access to the underlying infrastructure your tasks are hosted on, any additional software needed must be installed outside of the task. For example, the Fluentd output aggregators or a remote host running Logstash to send Gelf logs to.
             :param namespace: The namespace name or full Amazon Resource Name (ARN) of the AWS Cloud Map namespace for use with Service Connect. The namespace must be in the same AWS Region as the Amazon ECS service and cluster. The type of namespace doesn't affect Service Connect. For more information about AWS Cloud Map , see `Working with Services <https://docs.aws.amazon.com/cloud-map/latest/dg/working-with-services.html>`_ in the *AWS Cloud Map Developer Guide* .
             :param services: The list of Service Connect service objects. These are names and aliases (also known as endpoints) that are used by other Amazon ECS services to connect to this service. This field is not required for a "client" Amazon ECS service that's a member of a namespace only to connect to other services within the namespace. An example of this would be a frontend application that accepts incoming requests from either a load balancer that's attached to the service or by other means. An object selects a port from the task definition, assigns a name for the AWS Cloud Map service, and a list of aliases (endpoints) and ports for client applications to refer to this service.
 
@@ -9269,7 +9274,12 @@ class CfnService(
 
             Understand the following when specifying a log configuration for your containers.
 
-            - Amazon ECS currently supports a subset of the logging drivers available to the Docker daemon (shown in the valid values below). Additional log drivers may be available in future releases of the Amazon ECS container agent.
+            - Amazon ECS currently supports a subset of the logging drivers available to the Docker daemon. Additional log drivers may be available in future releases of the Amazon ECS container agent.
+
+            For tasks on AWS Fargate , the supported log drivers are ``awslogs`` , ``splunk`` , and ``awsfirelens`` .
+
+            For tasks hosted on Amazon EC2 instances, the supported log drivers are ``awslogs`` , ``fluentd`` , ``gelf`` , ``json-file`` , ``journald`` , ``logentries`` , ``syslog`` , ``splunk`` , and ``awsfirelens`` .
+
             - This parameter requires version 1.18 of the Docker Remote API or greater on your container instance.
             - For tasks that are hosted on Amazon EC2 instances, the Amazon ECS container agent must register the available logging drivers with the ``ECS_AVAILABLE_LOGGING_DRIVERS`` environment variable before containers placed on that instance can use these log configuration options. For more information, see `Amazon ECS container agent configuration <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
             - For tasks that are on AWS Fargate , because you don't have access to the underlying infrastructure your tasks are hosted on, any additional software needed must be installed outside of the task. For example, the Fluentd output aggregators or a remote host running Logstash to send Gelf logs to.
@@ -10409,7 +10419,7 @@ class CfnTaskDefinition(
         :param ipc_mode: The IPC resource namespace to use for the containers in the task. The valid values are ``host`` , ``task`` , or ``none`` . If ``host`` is specified, then all containers within the tasks that specified the ``host`` IPC mode on the same container instance share the same IPC resources with the host Amazon EC2 instance. If ``task`` is specified, all containers within the specified task share the same IPC resources. If ``none`` is specified, then IPC resources within the containers of a task are private and not shared with other containers in a task or on the container instance. If no value is specified, then the IPC resource namespace sharing depends on the Docker daemon setting on the container instance. For more information, see `IPC settings <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#ipc-settings---ipc>`_ in the *Docker run reference* . If the ``host`` IPC mode is used, be aware that there is a heightened risk of undesired IPC namespace expose. For more information, see `Docker security <https://docs.aws.amazon.com/https://docs.docker.com/engine/security/security/>`_ . If you are setting namespaced kernel parameters using ``systemControls`` for the containers in the task, the following will apply to your IPC resource namespace. For more information, see `System Controls <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html>`_ in the *Amazon Elastic Container Service Developer Guide* . - For tasks that use the ``host`` IPC mode, IPC namespace related ``systemControls`` are not supported. - For tasks that use the ``task`` IPC mode, IPC namespace related ``systemControls`` will apply to all containers within a task. .. epigraph:: This parameter is not supported for Windows containers or tasks run on AWS Fargate .
         :param memory: The amount (in MiB) of memory used by the task. If your tasks runs on Amazon EC2 instances, you must specify either a task-level memory value or a container-level memory value. This field is optional and any value can be used. If a task-level memory value is specified, the container-level memory value is optional. For more information regarding container-level memory and memory reservation, see `ContainerDefinition <https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ContainerDefinition.html>`_ . If your tasks runs on AWS Fargate , this field is required. You must use one of the following values. The value you choose determines your range of valid values for the ``cpu`` parameter. - 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB) - Available ``cpu`` values: 256 (.25 vCPU) - 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB) - Available ``cpu`` values: 512 (.5 vCPU) - 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) - Available ``cpu`` values: 1024 (1 vCPU) - Between 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) - Available ``cpu`` values: 2048 (2 vCPU) - Between 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) - Available ``cpu`` values: 4096 (4 vCPU) - Between 16 GB and 60 GB in 4 GB increments - Available ``cpu`` values: 8192 (8 vCPU) This option requires Linux platform ``1.4.0`` or later. - Between 32GB and 120 GB in 8 GB increments - Available ``cpu`` values: 16384 (16 vCPU) This option requires Linux platform ``1.4.0`` or later.
         :param network_mode: The Docker networking mode to use for the containers in the task. The valid values are ``none`` , ``bridge`` , ``awsvpc`` , and ``host`` . If no network mode is specified, the default is ``bridge`` . For Amazon ECS tasks on Fargate, the ``awsvpc`` network mode is required. For Amazon ECS tasks on Amazon EC2 Linux instances, any network mode can be used. For Amazon ECS tasks on Amazon EC2 Windows instances, ``<default>`` or ``awsvpc`` can be used. If the network mode is set to ``none`` , you cannot specify port mappings in your container definitions, and the tasks containers do not have external connectivity. The ``host`` and ``awsvpc`` network modes offer the highest networking performance for containers because they use the EC2 network stack instead of the virtualized network stack provided by the ``bridge`` mode. With the ``host`` and ``awsvpc`` network modes, exposed container ports are mapped directly to the corresponding host port (for the ``host`` network mode) or the attached elastic network interface port (for the ``awsvpc`` network mode), so you cannot take advantage of dynamic host port mappings. .. epigraph:: When using the ``host`` network mode, you should not run containers using the root user (UID 0). It is considered best practice to use a non-root user. If the network mode is ``awsvpc`` , the task is allocated an elastic network interface, and you must specify a ``NetworkConfiguration`` value when you create a service or run a task with the task definition. For more information, see `Task Networking <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html>`_ in the *Amazon Elastic Container Service Developer Guide* . If the network mode is ``host`` , you cannot run multiple instantiations of the same task on a single container instance when port mappings are used. For more information, see `Network settings <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#network-settings>`_ in the *Docker run reference* .
-        :param pid_mode: The process namespace to use for the containers in the task. The valid values are ``host`` or ``task`` . If ``host`` is specified, then all containers within the tasks that specified the ``host`` PID mode on the same container instance share the same process namespace with the host Amazon EC2 instance. If ``task`` is specified, all containers within the specified task share the same process namespace. If no value is specified, the default is a private namespace. For more information, see `PID settings <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#pid-settings---pid>`_ in the *Docker run reference* . If the ``host`` PID mode is used, be aware that there is a heightened risk of undesired process namespace expose. For more information, see `Docker security <https://docs.aws.amazon.com/https://docs.docker.com/engine/security/security/>`_ . .. epigraph:: This parameter is not supported for Windows containers or tasks run on AWS Fargate .
+        :param pid_mode: The process namespace to use for the containers in the task. The valid values are ``host`` or ``task`` . On Fargate for Linux containers, the only valid value is ``task`` . For example, monitoring sidecars might need ``pidMode`` to access information about other containers running in the same task. If ``host`` is specified, all containers within the tasks that specified the ``host`` PID mode on the same container instance share the same process namespace with the host Amazon EC2 instance. If ``task`` is specified, all containers within the specified task share the same process namespace. If no value is specified, the default is a private namespace for each container. For more information, see `PID settings <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#pid-settings---pid>`_ in the *Docker run reference* . If the ``host`` PID mode is used, there's a heightened risk of undesired process namespace exposure. For more information, see `Docker security <https://docs.aws.amazon.com/https://docs.docker.com/engine/security/security/>`_ . .. epigraph:: This parameter is not supported for Windows containers. > This parameter is only supported for tasks that are hosted on AWS Fargate if the tasks are using platform version ``1.4.0`` or later (Linux). This isn't supported for Windows containers on Fargate.
         :param placement_constraints: An array of placement constraint objects to use for tasks. .. epigraph:: This parameter isn't supported for tasks run on AWS Fargate .
         :param proxy_configuration: The configuration details for the App Mesh proxy. Your Amazon ECS container instances require at least version 1.26.0 of the container agent and at least version 1.26.0-1 of the ``ecs-init`` package to use a proxy configuration. If your container instances are launched from the Amazon ECS optimized AMI version ``20190301`` or later, they contain the required versions of the container agent and ``ecs-init`` . For more information, see `Amazon ECS-optimized Linux AMI <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
         :param requires_compatibilities: The task launch types the task definition was validated against. The valid values are ``EC2`` , ``FARGATE`` , and ``EXTERNAL`` . For more information, see `Amazon ECS launch types <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
@@ -10954,7 +10964,7 @@ class CfnTaskDefinition(
             :param secrets: The secrets to pass to the container. For more information, see `Specifying Sensitive Data <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
             :param start_timeout: Time duration (in seconds) to wait before giving up on resolving dependencies for a container. For example, you specify two containers in a task definition with containerA having a dependency on containerB reaching a ``COMPLETE`` , ``SUCCESS`` , or ``HEALTHY`` status. If a ``startTimeout`` value is specified for containerB and it doesn't reach the desired status within that time then containerA gives up and not start. This results in the task transitioning to a ``STOPPED`` state. .. epigraph:: When the ``ECS_CONTAINER_START_TIMEOUT`` container agent configuration variable is used, it's enforced independently from this start timeout value. For tasks using the Fargate launch type, the task or service requires the following platforms: - Linux platform version ``1.3.0`` or later. - Windows platform version ``1.0.0`` or later. For tasks using the EC2 launch type, your container instances require at least version ``1.26.0`` of the container agent to use a container start timeout value. However, we recommend using the latest container agent version. For information about checking your agent version and updating to the latest version, see `Updating the Amazon ECS Container Agent <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-update.html>`_ in the *Amazon Elastic Container Service Developer Guide* . If you're using an Amazon ECS-optimized Linux AMI, your instance needs at least version ``1.26.0-1`` of the ``ecs-init`` package. If your container instances are launched from version ``20190301`` or later, then they contain the required versions of the container agent and ``ecs-init`` . For more information, see `Amazon ECS-optimized Linux AMI <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html>`_ in the *Amazon Elastic Container Service Developer Guide* . The valid values are 2-120 seconds.
             :param stop_timeout: Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own. For tasks using the Fargate launch type, the task or service requires the following platforms: - Linux platform version ``1.3.0`` or later. - Windows platform version ``1.0.0`` or later. The max stop timeout value is 120 seconds and if the parameter is not specified, the default value of 30 seconds is used. For tasks that use the EC2 launch type, if the ``stopTimeout`` parameter isn't specified, the value set for the Amazon ECS container agent configuration variable ``ECS_CONTAINER_STOP_TIMEOUT`` is used. If neither the ``stopTimeout`` parameter or the ``ECS_CONTAINER_STOP_TIMEOUT`` agent configuration variable are set, then the default values of 30 seconds for Linux containers and 30 seconds on Windows containers are used. Your container instances require at least version 1.26.0 of the container agent to use a container stop timeout value. However, we recommend using the latest container agent version. For information about checking your agent version and updating to the latest version, see `Updating the Amazon ECS Container Agent <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-update.html>`_ in the *Amazon Elastic Container Service Developer Guide* . If you're using an Amazon ECS-optimized Linux AMI, your instance needs at least version 1.26.0-1 of the ``ecs-init`` package. If your container instances are launched from version ``20190301`` or later, then they contain the required versions of the container agent and ``ecs-init`` . For more information, see `Amazon ECS-optimized Linux AMI <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html>`_ in the *Amazon Elastic Container Service Developer Guide* . The valid values are 2-120 seconds.
-            :param system_controls: A list of namespaced kernel parameters to set in the container. This parameter maps to ``Sysctls`` in the `Create a container <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate>`_ section of the `Docker Remote API <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/>`_ and the ``--sysctl`` option to `docker run <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration>`_ . .. epigraph:: We don't recommended that you specify network-related ``systemControls`` parameters for multiple containers in a single task that also uses either the ``awsvpc`` or ``host`` network modes. For tasks that use the ``awsvpc`` network mode, the container that's started last determines which ``systemControls`` parameters take effect. For tasks that use the ``host`` network mode, it changes the container instance's namespaced kernel parameters as well as the containers.
+            :param system_controls: A list of namespaced kernel parameters to set in the container. This parameter maps to ``Sysctls`` in the `Create a container <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate>`_ section of the `Docker Remote API <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/>`_ and the ``--sysctl`` option to `docker run <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration>`_ . For example, you can configure ``net.ipv4.tcp_keepalive_time`` setting to maintain longer lived connections. .. epigraph:: We don't recommended that you specify network-related ``systemControls`` parameters for multiple containers in a single task that also uses either the ``awsvpc`` or ``host`` network modes. For tasks that use the ``awsvpc`` network mode, the container that's started last determines which ``systemControls`` parameters take effect. For tasks that use the ``host`` network mode, it changes the container instance's namespaced kernel parameters as well as the containers. > This parameter is not supported for Windows containers. > This parameter is only supported for tasks that are hosted on AWS Fargate if the tasks are using platform version ``1.4.0`` or later (Linux). This isn't supported for Windows containers on Fargate.
             :param ulimits: A list of ``ulimits`` to set in the container. This parameter maps to ``Ulimits`` in the `Create a container <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate>`_ section of the `Docker Remote API <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/>`_ and the ``--ulimit`` option to `docker run <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/>`_ . Valid naming values are displayed in the `Ulimit <https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_Ulimit.html>`_ data type. This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'`` .. epigraph:: This parameter is not supported for Windows containers.
             :param user: The user to use inside the container. This parameter maps to ``User`` in the `Create a container <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate>`_ section of the `Docker Remote API <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/>`_ and the ``--user`` option to `docker run <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration>`_ . .. epigraph:: When running tasks using the ``host`` network mode, don't run containers using the root user (UID 0). We recommend using a non-root user for better security. You can specify the ``user`` using the following formats. If specifying a UID or GID, you must specify it as a positive integer. - ``user`` - ``user:group`` - ``uid`` - ``uid:gid`` - ``user:gid`` - ``uid:group`` .. epigraph:: This parameter is not supported for Windows containers.
             :param volumes_from: Data volumes to mount from another container. This parameter maps to ``VolumesFrom`` in the `Create a container <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate>`_ section of the `Docker Remote API <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/>`_ and the ``--volumes-from`` option to `docker run <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration>`_ .
@@ -11776,10 +11786,10 @@ class CfnTaskDefinition(
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnTaskDefinition.SystemControlProperty"]]]]:
             '''A list of namespaced kernel parameters to set in the container.
 
-            This parameter maps to ``Sysctls`` in the `Create a container <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate>`_ section of the `Docker Remote API <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/>`_ and the ``--sysctl`` option to `docker run <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration>`_ .
+            This parameter maps to ``Sysctls`` in the `Create a container <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate>`_ section of the `Docker Remote API <https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/>`_ and the ``--sysctl`` option to `docker run <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration>`_ . For example, you can configure ``net.ipv4.tcp_keepalive_time`` setting to maintain longer lived connections.
             .. epigraph::
 
-               We don't recommended that you specify network-related ``systemControls`` parameters for multiple containers in a single task that also uses either the ``awsvpc`` or ``host`` network modes. For tasks that use the ``awsvpc`` network mode, the container that's started last determines which ``systemControls`` parameters take effect. For tasks that use the ``host`` network mode, it changes the container instance's namespaced kernel parameters as well as the containers.
+               We don't recommended that you specify network-related ``systemControls`` parameters for multiple containers in a single task that also uses either the ``awsvpc`` or ``host`` network modes. For tasks that use the ``awsvpc`` network mode, the container that's started last determines which ``systemControls`` parameters take effect. For tasks that use the ``host`` network mode, it changes the container instance's namespaced kernel parameters as well as the containers. > This parameter is not supported for Windows containers. > This parameter is only supported for tasks that are hosted on AWS Fargate if the tasks are using platform version ``1.4.0`` or later (Linux). This isn't supported for Windows containers on Fargate.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinition.html#cfn-ecs-taskdefinition-containerdefinition-systemcontrols
             '''
@@ -12340,7 +12350,7 @@ class CfnTaskDefinition(
 
             If there are environment variables specified using the ``environment`` parameter in a container definition, they take precedence over the variables contained within an environment file. If multiple environment files are specified that contain the same variable, they're processed from the top down. We recommend that you use unique variable names. For more information, see `Specifying environment variables <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/taskdef-envfiles.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
 
-            This parameter is only supported for tasks hosted on Fargate using the following platform versions:
+            You must use the following platforms for the Fargate launch type:
 
             - Linux platform version ``1.4.0`` or later.
             - Windows platform version ``1.0.0`` or later.
@@ -13523,7 +13533,7 @@ class CfnTaskDefinition(
             :param app_protocol: The application protocol that's used for the port mapping. This parameter only applies to Service Connect. We recommend that you set this parameter to be consistent with the protocol that your application uses. If you set this parameter, Amazon ECS adds protocol-specific connection handling to the Service Connect proxy. If you set this parameter, Amazon ECS adds protocol-specific telemetry in the Amazon ECS console and CloudWatch. If you don't set a value for this parameter, then TCP is used. However, Amazon ECS doesn't add protocol-specific telemetry for TCP. Tasks that run in a namespace can use short names to connect to services in the namespace. Tasks can connect to services across all of the clusters in the namespace. Tasks connect through a managed proxy container that collects logs and metrics for increased visibility. Only the tasks that Amazon ECS services create are supported with Service Connect. For more information, see `Service Connect <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
             :param container_port: The port number on the container that's bound to the user-specified or automatically assigned host port. If you use containers in a task with the ``awsvpc`` or ``host`` network mode, specify the exposed ports using ``containerPort`` . If you use containers in a task with the ``bridge`` network mode and you specify a container port and not a host port, your container automatically receives a host port in the ephemeral port range. For more information, see ``hostPort`` . Port mappings that are automatically assigned in this way do not count toward the 100 reserved ports limit of a container instance.
             :param container_port_range: The port number range on the container that's bound to the dynamically mapped host port range. The following rules apply when you specify a ``containerPortRange`` : - You must use either the ``bridge`` network mode or the ``awsvpc`` network mode. - This parameter is available for both the EC2 and AWS Fargate launch types. - This parameter is available for both the Linux and Windows operating systems. - The container instance must have at least version 1.67.0 of the container agent and at least version 1.67.0-1 of the ``ecs-init`` package - You can specify a maximum of 100 port ranges per container. - You do not specify a ``hostPortRange`` . The value of the ``hostPortRange`` is set as follows: - For containers in a task with the ``awsvpc`` network mode, the ``hostPort`` is set to the same value as the ``containerPort`` . This is a static mapping strategy. - For containers in a task with the ``bridge`` network mode, the Amazon ECS agent finds open host ports from the default ephemeral range and passes it to docker to bind them to the container ports. - The ``containerPortRange`` valid values are between 1 and 65535. - A port can only be included in one port mapping per container. - You cannot specify overlapping port ranges. - The first port in the range must be less than last port in the range. - Docker recommends that you turn off the docker-proxy in the Docker daemon config file when you have a large number of ports. For more information, see `Issue #11185 <https://docs.aws.amazon.com/https://github.com/moby/moby/issues/11185>`_ on the Github website. For information about how to turn off the docker-proxy in the Docker daemon config file, see `Docker daemon <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/bootstrap_container_instance.html#bootstrap_docker_daemon>`_ in the *Amazon ECS Developer Guide* . You can call ```DescribeTasks`` <https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_DescribeTasks.html>`_ to view the ``hostPortRange`` which are the host ports that are bound to the container ports.
-            :param host_port: The port number on the container instance to reserve for your container. If you specify a ``containerPortRange`` , leave this field empty and the value of the ``hostPort`` is set as follows: - For containers in a task with the ``awsvpc`` network mode, the ``hostPort`` is set to the same value as the ``containerPort`` . This is a static mapping strategy. - For containers in a task with the ``bridge`` network mode, the Amazon ECS agent finds open ports on the host and automatically binds them to the container ports. This is a dynamic mapping strategy. If you use containers in a task with the ``awsvpc`` or ``host`` network mode, the ``hostPort`` can either be left blank or set to the same value as the ``containerPort`` . If you use containers in a task with the ``bridge`` network mode, you can specify a non-reserved host port for your container port mapping, or you can omit the ``hostPort`` (or set it to ``0`` ) while specifying a ``containerPort`` and your container automatically receives a port in the ephemeral port range for your container instance operating system and Docker version. The default ephemeral port range for Docker version 1.6.0 and later is listed on the instance under ``/proc/sys/net/ipv4/ip_local_port_range`` . If this kernel parameter is unavailable, the default ephemeral port range from 49153 through 65535 is used. Do not attempt to specify a host port in the ephemeral port range as these are reserved for automatic assignment. In general, ports below 32768 are outside of the ephemeral port range. The default reserved ports are 22 for SSH, the Docker ports 2375 and 2376, and the Amazon ECS container agent ports 51678-51680. Any host port that was previously specified in a running task is also reserved while the task is running. That is, after a task stops, the host port is released. The current reserved ports are displayed in the ``remainingResources`` of `DescribeContainerInstances <https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_DescribeContainerInstances.html>`_ output. A container instance can have up to 100 reserved ports at a time. This number includes the default reserved ports. Automatically assigned ports aren't included in the 100 reserved ports quota.
+            :param host_port: The port number on the container instance to reserve for your container. If you specify a ``containerPortRange`` , leave this field empty and the value of the ``hostPort`` is set as follows: - For containers in a task with the ``awsvpc`` network mode, the ``hostPort`` is set to the same value as the ``containerPort`` . This is a static mapping strategy. - For containers in a task with the ``bridge`` network mode, the Amazon ECS agent finds open ports on the host and automatically binds them to the container ports. This is a dynamic mapping strategy. If you use containers in a task with the ``awsvpc`` or ``host`` network mode, the ``hostPort`` can either be left blank or set to the same value as the ``containerPort`` . If you use containers in a task with the ``bridge`` network mode, you can specify a non-reserved host port for your container port mapping, or you can omit the ``hostPort`` (or set it to ``0`` ) while specifying a ``containerPort`` and your container automatically receives a port in the ephemeral port range for your container instance operating system and Docker version. The default ephemeral port range for Docker version 1.6.0 and later is listed on the instance under ``/proc/sys/net/ipv4/ip_local_port_range`` . If this kernel parameter is unavailable, the default ephemeral port range from 49153 through 65535 (Linux) or 49152 through 65535 (Windows) is used. Do not attempt to specify a host port in the ephemeral port range as these are reserved for automatic assignment. In general, ports below 32768 are outside of the ephemeral port range. The default reserved ports are 22 for SSH, the Docker ports 2375 and 2376, and the Amazon ECS container agent ports 51678-51680. Any host port that was previously specified in a running task is also reserved while the task is running. That is, after a task stops, the host port is released. The current reserved ports are displayed in the ``remainingResources`` of `DescribeContainerInstances <https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_DescribeContainerInstances.html>`_ output. A container instance can have up to 100 reserved ports at a time. This number includes the default reserved ports. Automatically assigned ports aren't included in the 100 reserved ports quota.
             :param name: The name that's used for the port mapping. This parameter only applies to Service Connect. This parameter is the name that you use in the ``serviceConnectConfiguration`` of a service. The name can include up to 64 characters. The characters can include lowercase letters, numbers, underscores (_), and hyphens (-). The name can't start with a hyphen. For more information, see `Service Connect <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
             :param protocol: The protocol used for the port mapping. Valid values are ``tcp`` and ``udp`` . The default is ``tcp`` .
 
@@ -13639,7 +13649,7 @@ class CfnTaskDefinition(
 
             If you use containers in a task with the ``bridge`` network mode, you can specify a non-reserved host port for your container port mapping, or you can omit the ``hostPort`` (or set it to ``0`` ) while specifying a ``containerPort`` and your container automatically receives a port in the ephemeral port range for your container instance operating system and Docker version.
 
-            The default ephemeral port range for Docker version 1.6.0 and later is listed on the instance under ``/proc/sys/net/ipv4/ip_local_port_range`` . If this kernel parameter is unavailable, the default ephemeral port range from 49153 through 65535 is used. Do not attempt to specify a host port in the ephemeral port range as these are reserved for automatic assignment. In general, ports below 32768 are outside of the ephemeral port range.
+            The default ephemeral port range for Docker version 1.6.0 and later is listed on the instance under ``/proc/sys/net/ipv4/ip_local_port_range`` . If this kernel parameter is unavailable, the default ephemeral port range from 49153 through 65535 (Linux) or 49152 through 65535 (Windows) is used. Do not attempt to specify a host port in the ephemeral port range as these are reserved for automatic assignment. In general, ports below 32768 are outside of the ephemeral port range.
 
             The default reserved ports are 22 for SSH, the Docker ports 2375 and 2376, and the Amazon ECS container agent ports 51678-51680. Any host port that was previously specified in a running task is also reserved while the task is running. That is, after a task stops, the host port is released. The current reserved ports are displayed in the ``remainingResources`` of `DescribeContainerInstances <https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_DescribeContainerInstances.html>`_ output. A container instance can have up to 100 reserved ports at a time. This number includes the default reserved ports. Automatically assigned ports aren't included in the 100 reserved ports quota.
 
@@ -14104,7 +14114,7 @@ class CfnTaskDefinition(
             - For tasks that use the ``host`` network mode, the ``systemControls`` parameter applies to the container instance's kernel parameter and that of all containers of any tasks running on that container instance.
 
             :param namespace: The namespaced kernel parameter to set a ``value`` for.
-            :param value: The value for the namespaced kernel parameter that's specified in ``namespace`` .
+            :param value: The namespaced kernel parameter to set a ``value`` for. Valid IPC namespace values: ``"kernel.msgmax" | "kernel.msgmnb" | "kernel.msgmni" | "kernel.sem" | "kernel.shmall" | "kernel.shmmax" | "kernel.shmmni" | "kernel.shm_rmid_forced"`` , and ``Sysctls`` that start with ``"fs.mqueue.*"`` Valid network namespace values: ``Sysctls`` that start with ``"net.*"`` All of these values are supported by Fargate.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-systemcontrol.html
             :exampleMetadata: fixture=_generated
@@ -14141,7 +14151,13 @@ class CfnTaskDefinition(
 
         @builtins.property
         def value(self) -> typing.Optional[builtins.str]:
-            '''The value for the namespaced kernel parameter that's specified in ``namespace`` .
+            '''The namespaced kernel parameter to set a ``value`` for.
+
+            Valid IPC namespace values: ``"kernel.msgmax" | "kernel.msgmnb" | "kernel.msgmni" | "kernel.sem" | "kernel.shmall" | "kernel.shmmax" | "kernel.shmmni" | "kernel.shm_rmid_forced"`` , and ``Sysctls`` that start with ``"fs.mqueue.*"``
+
+            Valid network namespace values: ``Sysctls`` that start with ``"net.*"``
+
+            All of these values are supported by Fargate.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-systemcontrol.html#cfn-ecs-taskdefinition-systemcontrol-value
             '''
@@ -14529,7 +14545,7 @@ class CfnTaskDefinition(
             :param docker_volume_configuration: This parameter is specified when you use Docker volumes. Windows containers only support the use of the ``local`` driver. To use bind mounts, specify the ``host`` parameter instead. .. epigraph:: Docker volumes aren't supported by tasks run on AWS Fargate .
             :param efs_volume_configuration: This parameter is specified when you use an Amazon Elastic File System file system for task storage.
             :param host: This parameter is specified when you use bind mount host volumes. The contents of the ``host`` parameter determine whether your bind mount host volume persists on the host container instance and where it's stored. If the ``host`` parameter is empty, then the Docker daemon assigns a host path for your data volume. However, the data isn't guaranteed to persist after the containers that are associated with it stop running. Windows containers can mount whole directories on the same drive as ``$env:ProgramData`` . Windows containers can't mount directories on a different drive, and mount point can't be across drives. For example, you can mount ``C:\\my\\path:C:\\my\\path`` and ``D:\\:D:\\`` , but not ``D:\\my\\path:C:\\my\\path`` or ``D:\\:C:\\my\\path`` .
-            :param name: The name of the volume. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. This name is referenced in the ``sourceVolume`` parameter of container definition ``mountPoints`` .
+            :param name: The name of the volume. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. This name is referenced in the ``sourceVolume`` parameter of container definition ``mountPoints`` . This is required wwhen you use an Amazon EFS volume.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-volume.html
             :exampleMetadata: fixture=_generated
@@ -14634,6 +14650,8 @@ class CfnTaskDefinition(
 
             Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. This name is referenced in the ``sourceVolume`` parameter of container definition ``mountPoints`` .
 
+            This is required wwhen you use an Amazon EFS volume.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-volume.html#cfn-ecs-taskdefinition-volume-name
             '''
             result = self._values.get("name")
@@ -14707,7 +14725,7 @@ class CfnTaskDefinitionProps:
         :param ipc_mode: The IPC resource namespace to use for the containers in the task. The valid values are ``host`` , ``task`` , or ``none`` . If ``host`` is specified, then all containers within the tasks that specified the ``host`` IPC mode on the same container instance share the same IPC resources with the host Amazon EC2 instance. If ``task`` is specified, all containers within the specified task share the same IPC resources. If ``none`` is specified, then IPC resources within the containers of a task are private and not shared with other containers in a task or on the container instance. If no value is specified, then the IPC resource namespace sharing depends on the Docker daemon setting on the container instance. For more information, see `IPC settings <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#ipc-settings---ipc>`_ in the *Docker run reference* . If the ``host`` IPC mode is used, be aware that there is a heightened risk of undesired IPC namespace expose. For more information, see `Docker security <https://docs.aws.amazon.com/https://docs.docker.com/engine/security/security/>`_ . If you are setting namespaced kernel parameters using ``systemControls`` for the containers in the task, the following will apply to your IPC resource namespace. For more information, see `System Controls <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html>`_ in the *Amazon Elastic Container Service Developer Guide* . - For tasks that use the ``host`` IPC mode, IPC namespace related ``systemControls`` are not supported. - For tasks that use the ``task`` IPC mode, IPC namespace related ``systemControls`` will apply to all containers within a task. .. epigraph:: This parameter is not supported for Windows containers or tasks run on AWS Fargate .
         :param memory: The amount (in MiB) of memory used by the task. If your tasks runs on Amazon EC2 instances, you must specify either a task-level memory value or a container-level memory value. This field is optional and any value can be used. If a task-level memory value is specified, the container-level memory value is optional. For more information regarding container-level memory and memory reservation, see `ContainerDefinition <https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ContainerDefinition.html>`_ . If your tasks runs on AWS Fargate , this field is required. You must use one of the following values. The value you choose determines your range of valid values for the ``cpu`` parameter. - 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB) - Available ``cpu`` values: 256 (.25 vCPU) - 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB) - Available ``cpu`` values: 512 (.5 vCPU) - 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) - Available ``cpu`` values: 1024 (1 vCPU) - Between 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) - Available ``cpu`` values: 2048 (2 vCPU) - Between 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) - Available ``cpu`` values: 4096 (4 vCPU) - Between 16 GB and 60 GB in 4 GB increments - Available ``cpu`` values: 8192 (8 vCPU) This option requires Linux platform ``1.4.0`` or later. - Between 32GB and 120 GB in 8 GB increments - Available ``cpu`` values: 16384 (16 vCPU) This option requires Linux platform ``1.4.0`` or later.
         :param network_mode: The Docker networking mode to use for the containers in the task. The valid values are ``none`` , ``bridge`` , ``awsvpc`` , and ``host`` . If no network mode is specified, the default is ``bridge`` . For Amazon ECS tasks on Fargate, the ``awsvpc`` network mode is required. For Amazon ECS tasks on Amazon EC2 Linux instances, any network mode can be used. For Amazon ECS tasks on Amazon EC2 Windows instances, ``<default>`` or ``awsvpc`` can be used. If the network mode is set to ``none`` , you cannot specify port mappings in your container definitions, and the tasks containers do not have external connectivity. The ``host`` and ``awsvpc`` network modes offer the highest networking performance for containers because they use the EC2 network stack instead of the virtualized network stack provided by the ``bridge`` mode. With the ``host`` and ``awsvpc`` network modes, exposed container ports are mapped directly to the corresponding host port (for the ``host`` network mode) or the attached elastic network interface port (for the ``awsvpc`` network mode), so you cannot take advantage of dynamic host port mappings. .. epigraph:: When using the ``host`` network mode, you should not run containers using the root user (UID 0). It is considered best practice to use a non-root user. If the network mode is ``awsvpc`` , the task is allocated an elastic network interface, and you must specify a ``NetworkConfiguration`` value when you create a service or run a task with the task definition. For more information, see `Task Networking <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html>`_ in the *Amazon Elastic Container Service Developer Guide* . If the network mode is ``host`` , you cannot run multiple instantiations of the same task on a single container instance when port mappings are used. For more information, see `Network settings <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#network-settings>`_ in the *Docker run reference* .
-        :param pid_mode: The process namespace to use for the containers in the task. The valid values are ``host`` or ``task`` . If ``host`` is specified, then all containers within the tasks that specified the ``host`` PID mode on the same container instance share the same process namespace with the host Amazon EC2 instance. If ``task`` is specified, all containers within the specified task share the same process namespace. If no value is specified, the default is a private namespace. For more information, see `PID settings <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#pid-settings---pid>`_ in the *Docker run reference* . If the ``host`` PID mode is used, be aware that there is a heightened risk of undesired process namespace expose. For more information, see `Docker security <https://docs.aws.amazon.com/https://docs.docker.com/engine/security/security/>`_ . .. epigraph:: This parameter is not supported for Windows containers or tasks run on AWS Fargate .
+        :param pid_mode: The process namespace to use for the containers in the task. The valid values are ``host`` or ``task`` . On Fargate for Linux containers, the only valid value is ``task`` . For example, monitoring sidecars might need ``pidMode`` to access information about other containers running in the same task. If ``host`` is specified, all containers within the tasks that specified the ``host`` PID mode on the same container instance share the same process namespace with the host Amazon EC2 instance. If ``task`` is specified, all containers within the specified task share the same process namespace. If no value is specified, the default is a private namespace for each container. For more information, see `PID settings <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#pid-settings---pid>`_ in the *Docker run reference* . If the ``host`` PID mode is used, there's a heightened risk of undesired process namespace exposure. For more information, see `Docker security <https://docs.aws.amazon.com/https://docs.docker.com/engine/security/security/>`_ . .. epigraph:: This parameter is not supported for Windows containers. > This parameter is only supported for tasks that are hosted on AWS Fargate if the tasks are using platform version ``1.4.0`` or later (Linux). This isn't supported for Windows containers on Fargate.
         :param placement_constraints: An array of placement constraint objects to use for tasks. .. epigraph:: This parameter isn't supported for tasks run on AWS Fargate .
         :param proxy_configuration: The configuration details for the App Mesh proxy. Your Amazon ECS container instances require at least version 1.26.0 of the container agent and at least version 1.26.0-1 of the ``ecs-init`` package to use a proxy configuration. If your container instances are launched from the Amazon ECS optimized AMI version ``20190301`` or later, they contain the required versions of the container agent and ``ecs-init`` . For more information, see `Amazon ECS-optimized Linux AMI <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
         :param requires_compatibilities: The task launch types the task definition was validated against. The valid values are ``EC2`` , ``FARGATE`` , and ``EXTERNAL`` . For more information, see `Amazon ECS launch types <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
@@ -15145,12 +15163,18 @@ class CfnTaskDefinitionProps:
     def pid_mode(self) -> typing.Optional[builtins.str]:
         '''The process namespace to use for the containers in the task.
 
-        The valid values are ``host`` or ``task`` . If ``host`` is specified, then all containers within the tasks that specified the ``host`` PID mode on the same container instance share the same process namespace with the host Amazon EC2 instance. If ``task`` is specified, all containers within the specified task share the same process namespace. If no value is specified, the default is a private namespace. For more information, see `PID settings <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#pid-settings---pid>`_ in the *Docker run reference* .
+        The valid values are ``host`` or ``task`` . On Fargate for Linux containers, the only valid value is ``task`` . For example, monitoring sidecars might need ``pidMode`` to access information about other containers running in the same task.
+
+        If ``host`` is specified, all containers within the tasks that specified the ``host`` PID mode on the same container instance share the same process namespace with the host Amazon EC2 instance.
+
+        If ``task`` is specified, all containers within the specified task share the same process namespace.
 
-        If the ``host`` PID mode is used, be aware that there is a heightened risk of undesired process namespace expose. For more information, see `Docker security <https://docs.aws.amazon.com/https://docs.docker.com/engine/security/security/>`_ .
+        If no value is specified, the default is a private namespace for each container. For more information, see `PID settings <https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#pid-settings---pid>`_ in the *Docker run reference* .
+
+        If the ``host`` PID mode is used, there's a heightened risk of undesired process namespace exposure. For more information, see `Docker security <https://docs.aws.amazon.com/https://docs.docker.com/engine/security/security/>`_ .
         .. epigraph::
 
-           This parameter is not supported for Windows containers or tasks run on AWS Fargate .
+           This parameter is not supported for Windows containers. > This parameter is only supported for tasks that are hosted on AWS Fargate if the tasks are using platform version ``1.4.0`` or later (Linux). This isn't supported for Windows containers on Fargate.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-pidmode
         '''