PyPI - aws-cdk.cx-api - Versions diffs - 2.163.1__tar.gz → 2.232.2__tar.gz - Mend

aws-cdk.cx-api 2.163.1tar.gz → 2.232.2tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

{aws_cdk_cx_api-2.163.1 → aws_cdk_cx_api-2.232.2}/LICENSE RENAMED Viewed

@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
-   Copyright 2018-2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+   Copyright 2018-2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

{aws_cdk_cx_api-2.163.1 → aws_cdk_cx_api-2.232.2}/NOTICE RENAMED Viewed

@@ -1,5 +1,5 @@
 AWS Cloud Development Kit (AWS CDK)
-Copyright 2018-2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+Copyright 2018-2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
 -------------------------------------------------------------------------------

{aws_cdk_cx_api-2.163.1/src/aws_cdk.cx_api.egg-info → aws_cdk_cx_api-2.232.2}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: aws-cdk.cx-api
-Version: 2.163.1
+Version: 2.232.2
 Summary: Cloud executable protocol
 Home-page: https://github.com/aws/aws-cdk
 Author: Amazon Web Services
@@ -10,7 +10,6 @@ Classifier: Intended Audience :: Developers
 Classifier: Operating System :: OS Independent
 Classifier: Programming Language :: JavaScript
 Classifier: Programming Language :: Python :: 3 :: Only
-Classifier: Programming Language :: Python :: 3.8
 Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
@@ -19,14 +18,14 @@ Classifier: Development Status :: 5 - Production/Stable
 Classifier: License :: OSI Approved
 Classifier: Framework :: AWS CDK
 Classifier: Framework :: AWS CDK :: 2
-Requires-Python: ~=3.8
+Requires-Python: ~=3.9
 Description-Content-Type: text/markdown
 License-File: LICENSE
 License-File: NOTICE
-Requires-Dist: aws-cdk.cloud-assembly-schema<39.0.0,>=38.0.0
-Requires-Dist: jsii<2.0.0,>=1.103.1
+Requires-Dist: aws-cdk.cloud-assembly-schema>=45.0.0
+Requires-Dist: jsii<2.0.0,>=1.120.0
 Requires-Dist: publication>=0.0.3
-Requires-Dist: typeguard<5.0.0,>=2.13.3
+Requires-Dist: typeguard==2.13.3
 # Cloud Executable API
@@ -48,7 +47,7 @@ and error indicating that a bucket policy already exists.
 In cases where we know what the required policy is we can go ahead and create the policy so we can
 remain in control of it.
-https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html#AWS-logs-infrastructure-S3
+[https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html#AWS-logs-infrastructure-S3](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html#AWS-logs-infrastructure-S3)
 *cdk.json*
@@ -151,7 +150,7 @@ enabled on the bucket.
 This flag uses a Bucket Policy statement to allow Server Access Log delivery, following best
 practices for S3.
-https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html
+[https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html](https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html)
 ```json
 {
@@ -201,7 +200,7 @@ Enable this feature flag to use the `AmazonEMRServicePolicy_v2` managed policies
 This is a feature flag as the old behavior will be deprecated, but some resources may require manual
 intervention since they might not have the appropriate tags propagated automatically.
-https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-managed-iam-policies.html
+[https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-managed-iam-policies.html](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-managed-iam-policies.html)
 *cdk.json*
@@ -340,6 +339,20 @@ When this feature flag is enabled and calling KMS key grant method, the created
 }
 ```
+* `@aws-cdk/aws-kms:applyImportedAliasPermissionsToPrincipal`
+Enable grant methods on imported KMS Aliases to apply permissions scoped by the alias using the `kms:ResourceAliases` condition key. When this flag is disabled, grant* methods on `Alias.fromAliasName` remain no-ops to preserve existing behavior.
+*cdk.json*
+```json
+{
+  "context": {
+    "@aws-cdk/aws-kms:applyImportedAliasPermissionsToPrincipal": true
+  }
+}
+```
 * `@aws-cdk/aws-eks:nodegroupNameAttribute`
 When enabled, nodegroupName attribute of the provisioned EKS NodeGroup will not have the cluster name prefix.
@@ -394,7 +407,7 @@ When this featuer flag is enabled, remove the default deployment alarm settings
 When enabled, IAM Policy created to run tasks won't include the task definition ARN, only the revision ARN.
 When this feature flag is enabled, the IAM Policy created to run tasks won't include the task definition ARN, only the revision ARN.
-The revision ARN is more specific than the task definition ARN. See https://docs.aws.amazon.com/step-functions/latest/dg/ecs-iam.html
+The revision ARN is more specific than the task definition ARN. See [https://docs.aws.amazon.com/step-functions/latest/dg/ecs-iam.html](https://docs.aws.amazon.com/step-functions/latest/dg/ecs-iam.html)
 for more details.
 *cdk.json*
@@ -505,3 +518,331 @@ occur between these tightly coupled dependencies when using the AWS SDK v3 in La
   }
 }
 ```
+* `@aws-cdk/aws-dynamodb:resourcePolicyPerReplica`
+If this flag is not set, the default behavior for `TableV2` is to use a different `resourcePolicy` for each replica.
+If this flag is set to false, the behavior is that each replica shares the same `resourcePolicy` as the source table.
+This will prevent you from creating a new table which has an additional replica and a resource policy.
+This is a feature flag as the old behavior was technically incorrect but users may have come to depend on it.
+*cdk.json*
+```json
+{
+  "context": {
+    "@aws-cdk/aws-dynamodb:resourcePolicyPerReplica": false,
+  },
+}
+```
+* `@aws-cdk/aws-route53-targets:userPoolDomainNameMethodWithoutCustomResource`
+When enabled, use a new method for DNS Name of user pool domain target without creating a custom resource.
+When this feature flag is enabled, a new method will be used to get the DNS Name of the user pool domain target. The old method
+creates a custom resource internally, but the new method doesn't need a custom resource.
+If the flag is set to false then a custom resource will be created when using `UserPoolDomainTarget`.
+*cdk.json*
+```json
+{
+  "context": {
+    "@aws-cdk/aws-route53-targets:userPoolDomainNameMethodWithoutCustomResource": true
+  }
+}
+```
+* `@aws-cdk/aws-ecs:disableEcsImdsBlocking`
+When set to true, CDK synth will throw exception if canContainersAccessInstanceRole is false.
+In an ECS Cluster with `MachineImageType.AMAZON_LINUX_2`, the canContainersAccessInstanceRole=false option attempts to add commands to block containers from
+accessing IMDS. CDK cannot guarantee the correct execution of the feature in all platforms. Setting this feature flag
+to true will ensure CDK does not attempt to implement IMDS blocking. By <ins>**end of 2025**</ins>, CDK will remove the
+IMDS blocking feature. See [Github discussion](https://github.com/aws/aws-cdk/discussions/32609) for more information.
+**It is recommended to follow ECS documentation to block IMDS for your specific platform and cluster configuration.**
+*cdk.json*
+```json
+{
+  "context": {
+    "@aws-cdk/aws-ecs:disableEcsImdsBlocking": true
+  }
+}
+```
+* `@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature`
+When set to true along with canContainersAccessInstanceRole=false in ECS cluster, new updated commands will be added to UserData to block container accessing IMDS. **Applicable to Linux only.**
+In an ECS Cluster with `MachineImageType.AMAZON_LINUX_2`, the canContainersAccessInstanceRole=false option attempts to add commands to block containers from
+accessing IMDS. Set this flag to true in order to use new and updated commands. Please note that this
+feature alone with this feature flag will be deprecated by <ins>end of 2025</ins> as CDK cannot
+guarantee the correct execution of the feature in all platforms. See [Github discussion](https://github.com/aws/aws-cdk/discussions/32609) for more information.
+**It is recommended to follow ECS documentation to block IMDS for your specific platform and cluster configuration.**
+*cdk.json*
+```json
+{
+  "context": {
+    "@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature": false,
+  },
+}
+```
+* `@aws-cdk/aws-elasticloadbalancingV2:albDualstackWithoutPublicIpv4SecurityGroupRulesDefault`
+When enabled, the default security group ingress rules will allow IPv6 ingress from anywhere,
+For internet facing ALBs with `dualstack-without-public-ipv4` IP address type, the default security group rules
+will allow IPv6 ingress from anywhere (::/0). Previously, the default security group rules would only allow IPv4 ingress.
+Using a feature flag to make sure existing customers who might be relying
+on the overly restrictive permissions are not broken.,
+If the flag is set to false then the default security group rules will only allow IPv4 ingress.
+*cdk.json*
+```json
+{
+  "context": {
+    "@aws-cdk/aws-elasticloadbalancingV2:albDualstackWithoutPublicIpv4SecurityGroupRulesDefault": true
+  }
+}
+```
+* `@aws-cdk/aws-iam:oidcRejectUnauthorizedConnections`
+When this feature flag is enabled, the default behaviour of OIDC Provider's custom resource handler will
+default to reject unauthorized connections when downloading CA Certificates.
+When this feature flag is disabled, the behaviour will be the same as current and will allow downloading
+thumbprints from unsecure connnections.
+*cdk.json*
+```json
+{
+  "context": {
+    "@aws-cdk/aws-iam:oidcRejectUnauthorizedConnections": true
+  }
+}
+```
+* `@aws-cdk/core:enableAdditionalMetadataCollection`
+When this feature flag is enabled, CDK expands the scope of usage data collection to include the:
+* L2 construct property keys - Collect which property keys you use from the L2 constructs in your app. This includes property keys nested in dictionary objects.
+* L2 construct property values of BOOL and ENUM types - Collect property key values of only BOOL and ENUM types. All other types, such as string values or construct references will be redacted.
+* L2 construct method usage - Collection method name, parameter keys and parameter values of BOOL and ENUM type.
+*cdk.json*
+```json
+{
+  "context": {
+    "@aws-cdk/core:enableAdditionalMetadataCollection": true
+  }
+}
+```
+* `@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy`
+[Deprecated default feature] When this feature flag is enabled, Lambda will create new inline policies with AddToRolePolicy.
+The purpose of this is to prevent lambda from creating a dependency on the Default Policy Statement.
+This solves an issue where a circular dependency could occur if adding lambda to something like a Cognito Trigger, then adding the User Pool to the lambda execution role permissions.
+However in the current implementation, we have removed a dependency of the lambda function on the policy. In addition to this, a Role will be attached to the Policy instead of an inline policy being attached to the role.
+This will create a data race condition in the CloudFormation template because the creation of the Lambda function no longer waits for the policy to be created. Having said that, we are not deprecating the feature (we are defaulting the feature flag to false for new stacks) since this feature can still be used to get around the circular dependency issue (issue-7016) particularly in cases where the lambda resource creation doesnt need to depend on the policy resource creation.
+We recommend to unset the feature flag if already set which will restore the original behavior.
+*cdk.json*
+```json
+{
+  "context": {
+    "@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy": false
+  }
+}
+```
+* `@aws-cdk/aws-s3:setUniqueReplicationRoleName`
+When this feature flag is enabled, a unique role name is specified only when performing cross-account replication.
+When disabled, 'CDKReplicationRole' is always specified.
+*cdk.json*
+```json
+{
+  "context": {
+    "@aws-cdk/aws-s3:setUniqueReplicationRoleName": true
+  }
+}
+```
+* `@aws-cdk/pipelines:reduceStageRoleTrustScope`
+When this feature flag is enabled, the root account principal will not be added to the trust policy of stage role.
+When this feature flag is disabled, it will keep the root account principal in the trust policy.
+*cdk.json*
+```json
+{
+  "context": {
+    "@aws-cdk/pipelines:reduceStageRoleTrustScope": true
+  }
+}
+```
+* `@aws-cdk/aws-events:requireEventBusPolicySid`
+When this flag is enabled:
+* Resource policies will be created with Statement IDs for service principals
+* The operation will succeed as expected
+When this flag is disabled:
+* A warning will be emitted
+* The grant operation will be dropped
+* No permissions will be added
+*cdk.json*
+```json
+{
+  "context": {
+    "@aws-cdk/aws-events:requireEventBusPolicySid": true
+  }
+}
+```
+* `@aws-cdk/aws-dynamodb:retainTableReplica`
+Currently, table replica will always be deleted when stack deletes regardless of source table's deletion policy.
+When enabled, table replica will be default to the removal policy of source table unless specified otherwise.
+*cdk.json*
+```json
+{
+  "context": {
+    "@aws-cdk/aws-dynamodb:retainTableReplica": true
+  }
+}
+```
+* `@aws-cdk/cognito:logUserPoolClientSecretValue`
+When this feature flag is enabled, the SDK API call response to desribe user pool client values will be logged in the custom
+resource lambda function logs.
+When this feature flag is disabled, the SDK API call response to describe user pool client values will not be logged in the custom
+resource lambda function logs.
+*cdk.json*
+```json
+{
+  "context": {
+    "@aws-cdk/cognito:logUserPoolClientSecretValue": true
+  }
+}
+```
+* `@aws-cdk/aws-s3:publicAccessBlockedByDefault`
+When BlockPublicAccess is not set at all, s3's default behavior will be to set all options to true in aws console.
+The previous behavior in cdk before this feature was; if only some of the BlockPublicAccessOptions were set (not all 4), then the ones undefined would default to false.
+This is counter intuitive to the console behavior where the options would start in true state and a user would uncheck the boxes as needed.
+The new behavior from this feature will allow a user, for example, to set 1 of the 4 BlockPublicAccessOpsions to false, and on deployment the other 3 will remain true.
+*cdk.json*
+```json
+{
+  "context": {
+    "@aws-cdk/aws-s3:publicAccessBlockedByDefault": true
+  }
+}
+```
+* `@aws-cdk/aws-ec2:requirePrivateSubnetsForEgressOnlyInternetGateway`
+When this feature flag is enabled, EgressOnlyGateway is created only for dual-stack VPC with private subnets
+When this feature flag is disabled, EgressOnlyGateway resource is created for all dual-stack VPC regardless of subnet type
+*cdk.json*
+```json
+{
+  "context": {
+    "@aws-cdk/aws-ec2:requirePrivateSubnetsForEgressOnlyInternetGateway": true
+  }
+}
+```
+* `@aws-cdk/aws-stepfunctions-tasks:httpInvokeDynamicJsonPathEndpoint`
+When this feature flag is enabled, the JSONPath apiEndpoint value will be resolved dynamically at runtime, while slightly increasing the size of the state machine definition.
+When disabled, the JSONPath apiEndpoint property will only support a static string value.
+_cdk.json
+```json
+{
+  "context": {
+    "@aws-cdk/aws-stepfunctions-tasks:httpInvokeDynamicJsonPathEndpoint": true
+  }
+}
+```
+* `@aws-cdk/aws-signer:signingProfileNamePassedToCfn`
+When this feature flag is enabled, the `signingProfileName` property is passed to the L1 `CfnSigningProfile` construct,
+which ensures that the AWS Signer profile is created with the specified name.
+When this feature flag is disabled, the `signingProfileName` is not passed to CloudFormation, maintaining backward
+compatibility with existing deployments where CloudFormation auto-generated profile names.
+This feature flag is needed because enabling it can cause existing signing profiles to be
+replaced during deployment if a `signingProfileName` was specified but not previously used
+in the CloudFormation template.
+*cdk.json*
+```json
+{
+  "context": {
+    "@aws-cdk/aws-signer:signingProfileNamePassedToCfn": true
+  }
+}
+```
+* `@aws-cdk/aws-ecs-patterns:uniqueTargetGroupId`
+When enabled, ECS patterns will generate unique target group IDs that include the load balancer name and type (public/private). This prevents CloudFormation conflicts when switching between public and private load balancers.
+Without this flag, switching an ApplicationLoadBalancedFargateService from public to private (or vice versa) fails with "target group cannot be associated with more than one load balancer" error.
+*cdk.json*
+```json
+{
+  "context": {
+    "@aws-cdk/aws-ecs-patterns:uniqueTargetGroupId": true
+  }
+}
+```

aws-cdk.cx-api 2.163.1__tar.gz → 2.232.2__tar.gz

aws-cdk.cx-api 2.163.1tar.gz → 2.232.2tar.gz