aws-cdk.cx-api 2.182.0__tar.gz → 2.229.1__tar.gz

{aws_cdk_cx_api-2.182.0/src/aws_cdk.cx_api.egg-info → aws_cdk_cx_api-2.229.1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: aws-cdk.cx-api
-Version: 2.182.0
+Version: 2.229.1
 Summary: Cloud executable protocol
 Home-page: https://github.com/aws/aws-cdk
 Author: Amazon Web Services
@@ -10,7 +10,6 @@ Classifier: Intended Audience :: Developers
 Classifier: Operating System :: OS Independent
 Classifier: Programming Language :: JavaScript
 Classifier: Programming Language :: Python :: 3 :: Only
-Classifier: Programming Language :: Python :: 3.8
 Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
@@ -19,12 +18,12 @@ Classifier: Development Status :: 5 - Production/Stable
 Classifier: License :: OSI Approved
 Classifier: Framework :: AWS CDK
 Classifier: Framework :: AWS CDK :: 2
-Requires-Python: ~=3.8
+Requires-Python: ~=3.9
 Description-Content-Type: text/markdown
 License-File: LICENSE
 License-File: NOTICE
-Requires-Dist: aws-cdk.cloud-assembly-schema<41.0.0,>=40.6.0
-Requires-Dist: jsii<2.0.0,>=1.106.0
+Requires-Dist: aws-cdk.cloud-assembly-schema>=45.0.0
+Requires-Dist: jsii<2.0.0,>=1.119.0
 Requires-Dist: publication>=0.0.3
 Requires-Dist: typeguard<4.3.0,>=2.13.3
 
@@ -340,6 +339,20 @@ When this feature flag is enabled and calling KMS key grant method, the created
 }
 ```
 
+* `@aws-cdk/aws-kms:applyImportedAliasPermissionsToPrincipal`
+
+Enable grant methods on imported KMS Aliases to apply permissions scoped by the alias using the `kms:ResourceAliases` condition key. When this flag is disabled, grant* methods on `Alias.fromAliasName` remain no-ops to preserve existing behavior.
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-kms:applyImportedAliasPermissionsToPrincipal": true
+  }
+}
+```
+
 * `@aws-cdk/aws-eks:nodegroupNameAttribute`
 
 When enabled, nodegroupName attribute of the provisioned EKS NodeGroup will not have the cluster name prefix.
@@ -645,16 +658,191 @@ When this feature flag is enabled, CDK expands the scope of usage data collectio
 
 * `@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy`
 
-When this feature flag is enabled, Lambda will create new inline policies with AddToRolePolicy.
+[Deprecated default feature] When this feature flag is enabled, Lambda will create new inline policies with AddToRolePolicy.
 The purpose of this is to prevent lambda from creating a dependency on the Default Policy Statement.
 This solves an issue where a circular dependency could occur if adding lambda to something like a Cognito Trigger, then adding the User Pool to the lambda execution role permissions.
+However in the current implementation, we have removed a dependency of the lambda function on the policy. In addition to this, a Role will be attached to the Policy instead of an inline policy being attached to the role.
+This will create a data race condition in the CloudFormation template because the creation of the Lambda function no longer waits for the policy to be created. Having said that, we are not deprecating the feature (we are defaulting the feature flag to false for new stacks) since this feature can still be used to get around the circular dependency issue (issue-7016) particularly in cases where the lambda resource creation doesnt need to depend on the policy resource creation.
+We recommend to unset the feature flag if already set which will restore the original behavior.
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy": false
+  }
+}
+```
+
+* `@aws-cdk/aws-s3:setUniqueReplicationRoleName`
+
+When this feature flag is enabled, a unique role name is specified only when performing cross-account replication.
+When disabled, 'CDKReplicationRole' is always specified.
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-s3:setUniqueReplicationRoleName": true
+  }
+}
+```
+
+* `@aws-cdk/pipelines:reduceStageRoleTrustScope`
+
+When this feature flag is enabled, the root account principal will not be added to the trust policy of stage role.
+When this feature flag is disabled, it will keep the root account principal in the trust policy.
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/pipelines:reduceStageRoleTrustScope": true
+  }
+}
+```
+
+* `@aws-cdk/aws-events:requireEventBusPolicySid`
+
+When this flag is enabled:
+
+* Resource policies will be created with Statement IDs for service principals
+* The operation will succeed as expected
+
+When this flag is disabled:
+
+* A warning will be emitted
+* The grant operation will be dropped
+* No permissions will be added
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-events:requireEventBusPolicySid": true
+  }
+}
+```
+
+* `@aws-cdk/aws-dynamodb:retainTableReplica`
+
+Currently, table replica will always be deleted when stack deletes regardless of source table's deletion policy.
+When enabled, table replica will be default to the removal policy of source table unless specified otherwise.
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-dynamodb:retainTableReplica": true
+  }
+}
+```
+
+* `@aws-cdk/cognito:logUserPoolClientSecretValue`
+
+When this feature flag is enabled, the SDK API call response to desribe user pool client values will be logged in the custom
+resource lambda function logs.
+
+When this feature flag is disabled, the SDK API call response to describe user pool client values will not be logged in the custom
+resource lambda function logs.
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/cognito:logUserPoolClientSecretValue": true
+  }
+}
+```
+
+* `@aws-cdk/aws-s3:publicAccessBlockedByDefault`
+
+When BlockPublicAccess is not set at all, s3's default behavior will be to set all options to true in aws console.
+The previous behavior in cdk before this feature was; if only some of the BlockPublicAccessOptions were set (not all 4), then the ones undefined would default to false.
+This is counter intuitive to the console behavior where the options would start in true state and a user would uncheck the boxes as needed.
+The new behavior from this feature will allow a user, for example, to set 1 of the 4 BlockPublicAccessOpsions to false, and on deployment the other 3 will remain true.
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-s3:publicAccessBlockedByDefault": true
+  }
+}
+```
+
+* `@aws-cdk/aws-ec2:requirePrivateSubnetsForEgressOnlyInternetGateway`
+
+When this feature flag is enabled, EgressOnlyGateway is created only for dual-stack VPC with private subnets
+
+When this feature flag is disabled, EgressOnlyGateway resource is created for all dual-stack VPC regardless of subnet type
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-ec2:requirePrivateSubnetsForEgressOnlyInternetGateway": true
+  }
+}
+```
+
+* `@aws-cdk/aws-stepfunctions-tasks:httpInvokeDynamicJsonPathEndpoint`
+
+When this feature flag is enabled, the JSONPath apiEndpoint value will be resolved dynamically at runtime, while slightly increasing the size of the state machine definition.
+When disabled, the JSONPath apiEndpoint property will only support a static string value.
+
+_cdk.json
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-stepfunctions-tasks:httpInvokeDynamicJsonPathEndpoint": true
+  }
+}
+```
+
+* `@aws-cdk/aws-signer:signingProfileNamePassedToCfn`
+
+When this feature flag is enabled, the `signingProfileName` property is passed to the L1 `CfnSigningProfile` construct,
+which ensures that the AWS Signer profile is created with the specified name.
+
+When this feature flag is disabled, the `signingProfileName` is not passed to CloudFormation, maintaining backward
+compatibility with existing deployments where CloudFormation auto-generated profile names.
+
+This feature flag is needed because enabling it can cause existing signing profiles to be
+replaced during deployment if a `signingProfileName` was specified but not previously used
+in the CloudFormation template.
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-signer:signingProfileNamePassedToCfn": true
+  }
+}
+```
+
+* `@aws-cdk/aws-ecs-patterns:uniqueTargetGroupId`
+
+When enabled, ECS patterns will generate unique target group IDs that include the load balancer name and type (public/private). This prevents CloudFormation conflicts when switching between public and private load balancers.
+
+Without this flag, switching an ApplicationLoadBalancedFargateService from public to private (or vice versa) fails with "target group cannot be associated with more than one load balancer" error.
 
 *cdk.json*
 
 ```json
 {
   "context": {
-    "@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy": true
+    "@aws-cdk/aws-ecs-patterns:uniqueTargetGroupId": true
   }
 }
 ```

{aws_cdk_cx_api-2.182.0 → aws_cdk_cx_api-2.229.1}/README.md

@@ -310,6 +310,20 @@ When this feature flag is enabled and calling KMS key grant method, the created
 }
 ```
 
+* `@aws-cdk/aws-kms:applyImportedAliasPermissionsToPrincipal`
+
+Enable grant methods on imported KMS Aliases to apply permissions scoped by the alias using the `kms:ResourceAliases` condition key. When this flag is disabled, grant* methods on `Alias.fromAliasName` remain no-ops to preserve existing behavior.
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-kms:applyImportedAliasPermissionsToPrincipal": true
+  }
+}
+```
+
 * `@aws-cdk/aws-eks:nodegroupNameAttribute`
 
 When enabled, nodegroupName attribute of the provisioned EKS NodeGroup will not have the cluster name prefix.
@@ -615,16 +629,191 @@ When this feature flag is enabled, CDK expands the scope of usage data collectio
 
 * `@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy`
 
-When this feature flag is enabled, Lambda will create new inline policies with AddToRolePolicy.
+[Deprecated default feature] When this feature flag is enabled, Lambda will create new inline policies with AddToRolePolicy.
 The purpose of this is to prevent lambda from creating a dependency on the Default Policy Statement.
 This solves an issue where a circular dependency could occur if adding lambda to something like a Cognito Trigger, then adding the User Pool to the lambda execution role permissions.
+However in the current implementation, we have removed a dependency of the lambda function on the policy. In addition to this, a Role will be attached to the Policy instead of an inline policy being attached to the role.
+This will create a data race condition in the CloudFormation template because the creation of the Lambda function no longer waits for the policy to be created. Having said that, we are not deprecating the feature (we are defaulting the feature flag to false for new stacks) since this feature can still be used to get around the circular dependency issue (issue-7016) particularly in cases where the lambda resource creation doesnt need to depend on the policy resource creation.
+We recommend to unset the feature flag if already set which will restore the original behavior.
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy": false
+  }
+}
+```
+
+* `@aws-cdk/aws-s3:setUniqueReplicationRoleName`
+
+When this feature flag is enabled, a unique role name is specified only when performing cross-account replication.
+When disabled, 'CDKReplicationRole' is always specified.
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-s3:setUniqueReplicationRoleName": true
+  }
+}
+```
+
+* `@aws-cdk/pipelines:reduceStageRoleTrustScope`
+
+When this feature flag is enabled, the root account principal will not be added to the trust policy of stage role.
+When this feature flag is disabled, it will keep the root account principal in the trust policy.
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/pipelines:reduceStageRoleTrustScope": true
+  }
+}
+```
+
+* `@aws-cdk/aws-events:requireEventBusPolicySid`
+
+When this flag is enabled:
+
+* Resource policies will be created with Statement IDs for service principals
+* The operation will succeed as expected
+
+When this flag is disabled:
+
+* A warning will be emitted
+* The grant operation will be dropped
+* No permissions will be added
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-events:requireEventBusPolicySid": true
+  }
+}
+```
+
+* `@aws-cdk/aws-dynamodb:retainTableReplica`
+
+Currently, table replica will always be deleted when stack deletes regardless of source table's deletion policy.
+When enabled, table replica will be default to the removal policy of source table unless specified otherwise.
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-dynamodb:retainTableReplica": true
+  }
+}
+```
+
+* `@aws-cdk/cognito:logUserPoolClientSecretValue`
+
+When this feature flag is enabled, the SDK API call response to desribe user pool client values will be logged in the custom
+resource lambda function logs.
+
+When this feature flag is disabled, the SDK API call response to describe user pool client values will not be logged in the custom
+resource lambda function logs.
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/cognito:logUserPoolClientSecretValue": true
+  }
+}
+```
+
+* `@aws-cdk/aws-s3:publicAccessBlockedByDefault`
+
+When BlockPublicAccess is not set at all, s3's default behavior will be to set all options to true in aws console.
+The previous behavior in cdk before this feature was; if only some of the BlockPublicAccessOptions were set (not all 4), then the ones undefined would default to false.
+This is counter intuitive to the console behavior where the options would start in true state and a user would uncheck the boxes as needed.
+The new behavior from this feature will allow a user, for example, to set 1 of the 4 BlockPublicAccessOpsions to false, and on deployment the other 3 will remain true.
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-s3:publicAccessBlockedByDefault": true
+  }
+}
+```
+
+* `@aws-cdk/aws-ec2:requirePrivateSubnetsForEgressOnlyInternetGateway`
+
+When this feature flag is enabled, EgressOnlyGateway is created only for dual-stack VPC with private subnets
+
+When this feature flag is disabled, EgressOnlyGateway resource is created for all dual-stack VPC regardless of subnet type
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-ec2:requirePrivateSubnetsForEgressOnlyInternetGateway": true
+  }
+}
+```
+
+* `@aws-cdk/aws-stepfunctions-tasks:httpInvokeDynamicJsonPathEndpoint`
+
+When this feature flag is enabled, the JSONPath apiEndpoint value will be resolved dynamically at runtime, while slightly increasing the size of the state machine definition.
+When disabled, the JSONPath apiEndpoint property will only support a static string value.
+
+_cdk.json
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-stepfunctions-tasks:httpInvokeDynamicJsonPathEndpoint": true
+  }
+}
+```
+
+* `@aws-cdk/aws-signer:signingProfileNamePassedToCfn`
+
+When this feature flag is enabled, the `signingProfileName` property is passed to the L1 `CfnSigningProfile` construct,
+which ensures that the AWS Signer profile is created with the specified name.
+
+When this feature flag is disabled, the `signingProfileName` is not passed to CloudFormation, maintaining backward
+compatibility with existing deployments where CloudFormation auto-generated profile names.
+
+This feature flag is needed because enabling it can cause existing signing profiles to be
+replaced during deployment if a `signingProfileName` was specified but not previously used
+in the CloudFormation template.
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-signer:signingProfileNamePassedToCfn": true
+  }
+}
+```
+
+* `@aws-cdk/aws-ecs-patterns:uniqueTargetGroupId`
+
+When enabled, ECS patterns will generate unique target group IDs that include the load balancer name and type (public/private). This prevents CloudFormation conflicts when switching between public and private load balancers.
+
+Without this flag, switching an ApplicationLoadBalancedFargateService from public to private (or vice versa) fails with "target group cannot be associated with more than one load balancer" error.
 
 *cdk.json*
 
 ```json
 {
   "context": {
-    "@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy": true
+    "@aws-cdk/aws-ecs-patterns:uniqueTargetGroupId": true
   }
 }
 ```

{aws_cdk_cx_api-2.182.0 → aws_cdk_cx_api-2.229.1}/pyproject.toml

@@ -1,9 +1,9 @@
 [build-system]
-requires = ["setuptools~=70.0.0", "wheel~=0.42"]
+requires = ["setuptools~=75.3.2", "build~=1.3.0"]
 build-backend = "setuptools.build_meta"
 
 [tool.pyright]
 defineConstant = { DEBUG = true }
-pythonVersion = "3.8"
+pythonVersion = "3.9"
 pythonPlatform = "All"
 reportSelfClsParameterName = false

{aws_cdk_cx_api-2.182.0 → aws_cdk_cx_api-2.229.1}/setup.py

@@ -5,7 +5,7 @@ kwargs = json.loads(
     """
 {
     "name": "aws-cdk.cx-api",
-    "version": "2.182.0",
+    "version": "2.229.1",
     "description": "Cloud executable protocol",
     "license": "Apache-2.0",
     "url": "https://github.com/aws/aws-cdk",
@@ -26,16 +26,16 @@ kwargs = json.loads(
     ],
     "package_data": {
         "aws_cdk.cx_api._jsii": [
-            "cx-api@2.182.0.jsii.tgz"
+            "cx-api@2.229.1.jsii.tgz"
         ],
         "aws_cdk.cx_api": [
             "py.typed"
         ]
     },
-    "python_requires": "~=3.8",
+    "python_requires": "~=3.9",
     "install_requires": [
-        "aws-cdk.cloud-assembly-schema>=40.6.0, <41.0.0",
-        "jsii>=1.106.0, <2.0.0",
+        "aws-cdk.cloud-assembly-schema>=45.0.0",
+        "jsii>=1.119.0, <2.0.0",
         "publication>=0.0.3",
         "typeguard>=2.13.3,<4.3.0"
     ],
@@ -44,7 +44,6 @@ kwargs = json.loads(
         "Operating System :: OS Independent",
         "Programming Language :: JavaScript",
         "Programming Language :: Python :: 3 :: Only",
-        "Programming Language :: Python :: 3.8",
         "Programming Language :: Python :: 3.9",
         "Programming Language :: Python :: 3.10",
         "Programming Language :: Python :: 3.11",

{aws_cdk_cx_api-2.182.0 → aws_cdk_cx_api-2.229.1}/src/aws_cdk/cx_api/__init__.py

@@ -311,6 +311,20 @@ When this feature flag is enabled and calling KMS key grant method, the created
 }
 ```
 
+* `@aws-cdk/aws-kms:applyImportedAliasPermissionsToPrincipal`
+
+Enable grant methods on imported KMS Aliases to apply permissions scoped by the alias using the `kms:ResourceAliases` condition key. When this flag is disabled, grant* methods on `Alias.fromAliasName` remain no-ops to preserve existing behavior.
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-kms:applyImportedAliasPermissionsToPrincipal": true
+  }
+}
+```
+
 * `@aws-cdk/aws-eks:nodegroupNameAttribute`
 
 When enabled, nodegroupName attribute of the provisioned EKS NodeGroup will not have the cluster name prefix.
@@ -616,16 +630,191 @@ When this feature flag is enabled, CDK expands the scope of usage data collectio
 
 * `@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy`
 
-When this feature flag is enabled, Lambda will create new inline policies with AddToRolePolicy.
+[Deprecated default feature] When this feature flag is enabled, Lambda will create new inline policies with AddToRolePolicy.
 The purpose of this is to prevent lambda from creating a dependency on the Default Policy Statement.
 This solves an issue where a circular dependency could occur if adding lambda to something like a Cognito Trigger, then adding the User Pool to the lambda execution role permissions.
+However in the current implementation, we have removed a dependency of the lambda function on the policy. In addition to this, a Role will be attached to the Policy instead of an inline policy being attached to the role.
+This will create a data race condition in the CloudFormation template because the creation of the Lambda function no longer waits for the policy to be created. Having said that, we are not deprecating the feature (we are defaulting the feature flag to false for new stacks) since this feature can still be used to get around the circular dependency issue (issue-7016) particularly in cases where the lambda resource creation doesnt need to depend on the policy resource creation.
+We recommend to unset the feature flag if already set which will restore the original behavior.
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy": false
+  }
+}
+```
+
+* `@aws-cdk/aws-s3:setUniqueReplicationRoleName`
+
+When this feature flag is enabled, a unique role name is specified only when performing cross-account replication.
+When disabled, 'CDKReplicationRole' is always specified.
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-s3:setUniqueReplicationRoleName": true
+  }
+}
+```
+
+* `@aws-cdk/pipelines:reduceStageRoleTrustScope`
+
+When this feature flag is enabled, the root account principal will not be added to the trust policy of stage role.
+When this feature flag is disabled, it will keep the root account principal in the trust policy.
 
 *cdk.json*
 
 ```json
 {
   "context": {
-    "@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy": true
+    "@aws-cdk/pipelines:reduceStageRoleTrustScope": true
+  }
+}
+```
+
+* `@aws-cdk/aws-events:requireEventBusPolicySid`
+
+When this flag is enabled:
+
+* Resource policies will be created with Statement IDs for service principals
+* The operation will succeed as expected
+
+When this flag is disabled:
+
+* A warning will be emitted
+* The grant operation will be dropped
+* No permissions will be added
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-events:requireEventBusPolicySid": true
+  }
+}
+```
+
+* `@aws-cdk/aws-dynamodb:retainTableReplica`
+
+Currently, table replica will always be deleted when stack deletes regardless of source table's deletion policy.
+When enabled, table replica will be default to the removal policy of source table unless specified otherwise.
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-dynamodb:retainTableReplica": true
+  }
+}
+```
+
+* `@aws-cdk/cognito:logUserPoolClientSecretValue`
+
+When this feature flag is enabled, the SDK API call response to desribe user pool client values will be logged in the custom
+resource lambda function logs.
+
+When this feature flag is disabled, the SDK API call response to describe user pool client values will not be logged in the custom
+resource lambda function logs.
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/cognito:logUserPoolClientSecretValue": true
+  }
+}
+```
+
+* `@aws-cdk/aws-s3:publicAccessBlockedByDefault`
+
+When BlockPublicAccess is not set at all, s3's default behavior will be to set all options to true in aws console.
+The previous behavior in cdk before this feature was; if only some of the BlockPublicAccessOptions were set (not all 4), then the ones undefined would default to false.
+This is counter intuitive to the console behavior where the options would start in true state and a user would uncheck the boxes as needed.
+The new behavior from this feature will allow a user, for example, to set 1 of the 4 BlockPublicAccessOpsions to false, and on deployment the other 3 will remain true.
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-s3:publicAccessBlockedByDefault": true
+  }
+}
+```
+
+* `@aws-cdk/aws-ec2:requirePrivateSubnetsForEgressOnlyInternetGateway`
+
+When this feature flag is enabled, EgressOnlyGateway is created only for dual-stack VPC with private subnets
+
+When this feature flag is disabled, EgressOnlyGateway resource is created for all dual-stack VPC regardless of subnet type
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-ec2:requirePrivateSubnetsForEgressOnlyInternetGateway": true
+  }
+}
+```
+
+* `@aws-cdk/aws-stepfunctions-tasks:httpInvokeDynamicJsonPathEndpoint`
+
+When this feature flag is enabled, the JSONPath apiEndpoint value will be resolved dynamically at runtime, while slightly increasing the size of the state machine definition.
+When disabled, the JSONPath apiEndpoint property will only support a static string value.
+
+_cdk.json
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-stepfunctions-tasks:httpInvokeDynamicJsonPathEndpoint": true
+  }
+}
+```
+
+* `@aws-cdk/aws-signer:signingProfileNamePassedToCfn`
+
+When this feature flag is enabled, the `signingProfileName` property is passed to the L1 `CfnSigningProfile` construct,
+which ensures that the AWS Signer profile is created with the specified name.
+
+When this feature flag is disabled, the `signingProfileName` is not passed to CloudFormation, maintaining backward
+compatibility with existing deployments where CloudFormation auto-generated profile names.
+
+This feature flag is needed because enabling it can cause existing signing profiles to be
+replaced during deployment if a `signingProfileName` was specified but not previously used
+in the CloudFormation template.
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-signer:signingProfileNamePassedToCfn": true
+  }
+}
+```
+
+* `@aws-cdk/aws-ecs-patterns:uniqueTargetGroupId`
+
+When enabled, ECS patterns will generate unique target group IDs that include the load balancer name and type (public/private). This prevents CloudFormation conflicts when switching between public and private load balancers.
+
+Without this flag, switching an ApplicationLoadBalancedFargateService from public to private (or vice versa) fails with "target group cannot be associated with more than one load balancer" error.
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-ecs-patterns:uniqueTargetGroupId": true
   }
 }
 ```
@@ -915,14 +1104,14 @@ class CloudArtifact(metaclass=jsii.JSIIMeta, jsii_type="@aws-cdk/cx-api.CloudArt
         display_name: typing.Optional[builtins.str] = None,
         environment: typing.Optional[builtins.str] = None,
         metadata: typing.Optional[typing.Mapping[builtins.str, typing.Sequence[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.MetadataEntry, typing.Dict[builtins.str, typing.Any]]]]] = None,
-        properties: typing.Optional[typing.Union[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AwsCloudFormationStackProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AssetManifestProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.TreeArtifactProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.NestedCloudAssemblyProperties, typing.Dict[builtins.str, typing.Any]]]] = None,
+        properties: typing.Optional[typing.Union[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AwsCloudFormationStackProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AssetManifestProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.TreeArtifactProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.NestedCloudAssemblyProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.FeatureFlagReportProperties, typing.Dict[builtins.str, typing.Any]]]] = None,
     ) -> None:
         '''
         :param assembly: -
         :param id: -
         :param type: The type of artifact.
         :param dependencies: IDs of artifacts that must be deployed before this artifact. Default: - no dependencies.
-        :param display_name: A string that represents this artifact. Should only be used in user interfaces. Default: - no display name
+        :param display_name: A string that can be shown to a user to uniquely identify this artifact inside a cloud assembly tree. Is used by the CLI to present a list of stacks to the user in a way that makes sense to them. Even though the property name "display name" doesn't imply it, this field is used to select stacks as well, so all stacks should have a unique display name. Default: - no display name
         :param environment: The environment into which this artifact is deployed. Default: - no envrionment.
         :param metadata: Associated metadata. Default: - no metadata.
         :param properties: The set of properties for this artifact (depends on type). Default: - no properties.
@@ -954,7 +1143,7 @@ class CloudArtifact(metaclass=jsii.JSIIMeta, jsii_type="@aws-cdk/cx-api.CloudArt
         display_name: typing.Optional[builtins.str] = None,
         environment: typing.Optional[builtins.str] = None,
         metadata: typing.Optional[typing.Mapping[builtins.str, typing.Sequence[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.MetadataEntry, typing.Dict[builtins.str, typing.Any]]]]] = None,
-        properties: typing.Optional[typing.Union[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AwsCloudFormationStackProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AssetManifestProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.TreeArtifactProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.NestedCloudAssemblyProperties, typing.Dict[builtins.str, typing.Any]]]] = None,
+        properties: typing.Optional[typing.Union[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AwsCloudFormationStackProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AssetManifestProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.TreeArtifactProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.NestedCloudAssemblyProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.FeatureFlagReportProperties, typing.Dict[builtins.str, typing.Any]]]] = None,
     ) -> typing.Optional["CloudArtifact"]:
         '''Returns a subclass of ``CloudArtifact`` based on the artifact type defined in the artifact manifest.
 
@@ -962,7 +1151,7 @@ class CloudArtifact(metaclass=jsii.JSIIMeta, jsii_type="@aws-cdk/cx-api.CloudArt
         :param id: The artifact ID.
         :param type: The type of artifact.
         :param dependencies: IDs of artifacts that must be deployed before this artifact. Default: - no dependencies.
-        :param display_name: A string that represents this artifact. Should only be used in user interfaces. Default: - no display name
+        :param display_name: A string that can be shown to a user to uniquely identify this artifact inside a cloud assembly tree. Is used by the CLI to present a list of stacks to the user in a way that makes sense to them. Even though the property name "display name" doesn't imply it, this field is used to select stacks as well, so all stacks should have a unique display name. Default: - no display name
         :param environment: The environment into which this artifact is deployed. Default: - no envrionment.
         :param metadata: Associated metadata. Default: - no metadata.
         :param properties: The set of properties for this artifact (depends on type). Default: - no properties.
@@ -1306,14 +1495,14 @@ class CloudAssemblyBuilder(
         display_name: typing.Optional[builtins.str] = None,
         environment: typing.Optional[builtins.str] = None,
         metadata: typing.Optional[typing.Mapping[builtins.str, typing.Sequence[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.MetadataEntry, typing.Dict[builtins.str, typing.Any]]]]] = None,
-        properties: typing.Optional[typing.Union[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AwsCloudFormationStackProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AssetManifestProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.TreeArtifactProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.NestedCloudAssemblyProperties, typing.Dict[builtins.str, typing.Any]]]] = None,
+        properties: typing.Optional[typing.Union[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AwsCloudFormationStackProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AssetManifestProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.TreeArtifactProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.NestedCloudAssemblyProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.FeatureFlagReportProperties, typing.Dict[builtins.str, typing.Any]]]] = None,
     ) -> None:
         '''Adds an artifact into the cloud assembly.
 
         :param id: The ID of the artifact.
         :param type: The type of artifact.
         :param dependencies: IDs of artifacts that must be deployed before this artifact. Default: - no dependencies.
-        :param display_name: A string that represents this artifact. Should only be used in user interfaces. Default: - no display name
+        :param display_name: A string that can be shown to a user to uniquely identify this artifact inside a cloud assembly tree. Is used by the CLI to present a list of stacks to the user in a way that makes sense to them. Even though the property name "display name" doesn't imply it, this field is used to select stacks as well, so all stacks should have a unique display name. Default: - no display name
         :param environment: The environment into which this artifact is deployed. Default: - no envrionment.
         :param metadata: Associated metadata. Default: - no metadata.
         :param properties: The set of properties for this artifact (depends on type). Default: - no properties.
@@ -1555,14 +1744,14 @@ class CloudFormationStackArtifact(
         display_name: typing.Optional[builtins.str] = None,
         environment: typing.Optional[builtins.str] = None,
         metadata: typing.Optional[typing.Mapping[builtins.str, typing.Sequence[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.MetadataEntry, typing.Dict[builtins.str, typing.Any]]]]] = None,
-        properties: typing.Optional[typing.Union[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AwsCloudFormationStackProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AssetManifestProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.TreeArtifactProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.NestedCloudAssemblyProperties, typing.Dict[builtins.str, typing.Any]]]] = None,
+        properties: typing.Optional[typing.Union[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AwsCloudFormationStackProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AssetManifestProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.TreeArtifactProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.NestedCloudAssemblyProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.FeatureFlagReportProperties, typing.Dict[builtins.str, typing.Any]]]] = None,
     ) -> None:
         '''
         :param assembly: -
         :param artifact_id: -
         :param type: The type of artifact.
         :param dependencies: IDs of artifacts that must be deployed before this artifact. Default: - no dependencies.
-        :param display_name: A string that represents this artifact. Should only be used in user interfaces. Default: - no display name
+        :param display_name: A string that can be shown to a user to uniquely identify this artifact inside a cloud assembly tree. Is used by the CLI to present a list of stacks to the user in a way that makes sense to them. Even though the property name "display name" doesn't imply it, this field is used to select stacks as well, so all stacks should have a unique display name. Default: - no display name
         :param environment: The environment into which this artifact is deployed. Default: - no envrionment.
         :param metadata: Associated metadata. Default: - no metadata.
         :param properties: The set of properties for this artifact (depends on type). Default: - no properties.
@@ -2861,14 +3050,14 @@ class NestedCloudAssemblyArtifact(
         display_name: typing.Optional[builtins.str] = None,
         environment: typing.Optional[builtins.str] = None,
         metadata: typing.Optional[typing.Mapping[builtins.str, typing.Sequence[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.MetadataEntry, typing.Dict[builtins.str, typing.Any]]]]] = None,
-        properties: typing.Optional[typing.Union[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AwsCloudFormationStackProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AssetManifestProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.TreeArtifactProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.NestedCloudAssemblyProperties, typing.Dict[builtins.str, typing.Any]]]] = None,
+        properties: typing.Optional[typing.Union[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AwsCloudFormationStackProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AssetManifestProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.TreeArtifactProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.NestedCloudAssemblyProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.FeatureFlagReportProperties, typing.Dict[builtins.str, typing.Any]]]] = None,
     ) -> None:
         '''
         :param assembly: -
         :param name: -
         :param type: The type of artifact.
         :param dependencies: IDs of artifacts that must be deployed before this artifact. Default: - no dependencies.
-        :param display_name: A string that represents this artifact. Should only be used in user interfaces. Default: - no display name
+        :param display_name: A string that can be shown to a user to uniquely identify this artifact inside a cloud assembly tree. Is used by the CLI to present a list of stacks to the user in a way that makes sense to them. Even though the property name "display name" doesn't imply it, this field is used to select stacks as well, so all stacks should have a unique display name. Default: - no display name
         :param environment: The environment into which this artifact is deployed. Default: - no envrionment.
         :param metadata: Associated metadata. Default: - no metadata.
         :param properties: The set of properties for this artifact (depends on type). Default: - no properties.
@@ -3244,14 +3433,14 @@ class TreeCloudArtifact(
         display_name: typing.Optional[builtins.str] = None,
         environment: typing.Optional[builtins.str] = None,
         metadata: typing.Optional[typing.Mapping[builtins.str, typing.Sequence[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.MetadataEntry, typing.Dict[builtins.str, typing.Any]]]]] = None,
-        properties: typing.Optional[typing.Union[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AwsCloudFormationStackProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AssetManifestProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.TreeArtifactProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.NestedCloudAssemblyProperties, typing.Dict[builtins.str, typing.Any]]]] = None,
+        properties: typing.Optional[typing.Union[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AwsCloudFormationStackProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AssetManifestProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.TreeArtifactProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.NestedCloudAssemblyProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.FeatureFlagReportProperties, typing.Dict[builtins.str, typing.Any]]]] = None,
     ) -> None:
         '''
         :param assembly: -
         :param name: -
         :param type: The type of artifact.
         :param dependencies: IDs of artifacts that must be deployed before this artifact. Default: - no dependencies.
-        :param display_name: A string that represents this artifact. Should only be used in user interfaces. Default: - no display name
+        :param display_name: A string that can be shown to a user to uniquely identify this artifact inside a cloud assembly tree. Is used by the CLI to present a list of stacks to the user in a way that makes sense to them. Even though the property name "display name" doesn't imply it, this field is used to select stacks as well, so all stacks should have a unique display name. Default: - no display name
         :param environment: The environment into which this artifact is deployed. Default: - no envrionment.
         :param metadata: Associated metadata. Default: - no metadata.
         :param properties: The set of properties for this artifact (depends on type). Default: - no properties.
@@ -3904,14 +4093,14 @@ class AssetManifestArtifact(
         display_name: typing.Optional[builtins.str] = None,
         environment: typing.Optional[builtins.str] = None,
         metadata: typing.Optional[typing.Mapping[builtins.str, typing.Sequence[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.MetadataEntry, typing.Dict[builtins.str, typing.Any]]]]] = None,
-        properties: typing.Optional[typing.Union[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AwsCloudFormationStackProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AssetManifestProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.TreeArtifactProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.NestedCloudAssemblyProperties, typing.Dict[builtins.str, typing.Any]]]] = None,
+        properties: typing.Optional[typing.Union[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AwsCloudFormationStackProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AssetManifestProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.TreeArtifactProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.NestedCloudAssemblyProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.FeatureFlagReportProperties, typing.Dict[builtins.str, typing.Any]]]] = None,
     ) -> None:
         '''
         :param assembly: -
         :param name: -
         :param type: The type of artifact.
         :param dependencies: IDs of artifacts that must be deployed before this artifact. Default: - no dependencies.
-        :param display_name: A string that represents this artifact. Should only be used in user interfaces. Default: - no display name
+        :param display_name: A string that can be shown to a user to uniquely identify this artifact inside a cloud assembly tree. Is used by the CLI to present a list of stacks to the user in a way that makes sense to them. Even though the property name "display name" doesn't imply it, this field is used to select stacks as well, so all stacks should have a unique display name. Default: - no display name
         :param environment: The environment into which this artifact is deployed. Default: - no envrionment.
         :param metadata: Associated metadata. Default: - no metadata.
         :param properties: The set of properties for this artifact (depends on type). Default: - no properties.
@@ -4047,7 +4236,7 @@ def _typecheckingstub__1ed62a7c2247dd4c625ec6c28ed3100e2bf8bc293ce9accfb5aa199e5
     display_name: typing.Optional[builtins.str] = None,
     environment: typing.Optional[builtins.str] = None,
     metadata: typing.Optional[typing.Mapping[builtins.str, typing.Sequence[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.MetadataEntry, typing.Dict[builtins.str, typing.Any]]]]] = None,
-    properties: typing.Optional[typing.Union[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AwsCloudFormationStackProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AssetManifestProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.TreeArtifactProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.NestedCloudAssemblyProperties, typing.Dict[builtins.str, typing.Any]]]] = None,
+    properties: typing.Optional[typing.Union[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AwsCloudFormationStackProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AssetManifestProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.TreeArtifactProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.NestedCloudAssemblyProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.FeatureFlagReportProperties, typing.Dict[builtins.str, typing.Any]]]] = None,
 ) -> None:
     """Type checking stubs"""
     pass
@@ -4061,7 +4250,7 @@ def _typecheckingstub__9a9e7172494e8d6e1062852f66a87eb480f31763995170a9b158baa1f
     display_name: typing.Optional[builtins.str] = None,
     environment: typing.Optional[builtins.str] = None,
     metadata: typing.Optional[typing.Mapping[builtins.str, typing.Sequence[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.MetadataEntry, typing.Dict[builtins.str, typing.Any]]]]] = None,
-    properties: typing.Optional[typing.Union[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AwsCloudFormationStackProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AssetManifestProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.TreeArtifactProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.NestedCloudAssemblyProperties, typing.Dict[builtins.str, typing.Any]]]] = None,
+    properties: typing.Optional[typing.Union[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AwsCloudFormationStackProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AssetManifestProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.TreeArtifactProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.NestedCloudAssemblyProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.FeatureFlagReportProperties, typing.Dict[builtins.str, typing.Any]]]] = None,
 ) -> None:
     """Type checking stubs"""
     pass
@@ -4141,7 +4330,7 @@ def _typecheckingstub__46e80c3b6bfd97977edd543650bf180354083f8f8ac476e020cef1381
     display_name: typing.Optional[builtins.str] = None,
     environment: typing.Optional[builtins.str] = None,
     metadata: typing.Optional[typing.Mapping[builtins.str, typing.Sequence[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.MetadataEntry, typing.Dict[builtins.str, typing.Any]]]]] = None,
-    properties: typing.Optional[typing.Union[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AwsCloudFormationStackProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AssetManifestProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.TreeArtifactProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.NestedCloudAssemblyProperties, typing.Dict[builtins.str, typing.Any]]]] = None,
+    properties: typing.Optional[typing.Union[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AwsCloudFormationStackProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AssetManifestProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.TreeArtifactProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.NestedCloudAssemblyProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.FeatureFlagReportProperties, typing.Dict[builtins.str, typing.Any]]]] = None,
 ) -> None:
     """Type checking stubs"""
     pass
@@ -4170,7 +4359,7 @@ def _typecheckingstub__e4221f8243cf17c04683af8c1bce956c1e255ee17738e4524551c6505
     display_name: typing.Optional[builtins.str] = None,
     environment: typing.Optional[builtins.str] = None,
     metadata: typing.Optional[typing.Mapping[builtins.str, typing.Sequence[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.MetadataEntry, typing.Dict[builtins.str, typing.Any]]]]] = None,
-    properties: typing.Optional[typing.Union[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AwsCloudFormationStackProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AssetManifestProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.TreeArtifactProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.NestedCloudAssemblyProperties, typing.Dict[builtins.str, typing.Any]]]] = None,
+    properties: typing.Optional[typing.Union[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AwsCloudFormationStackProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AssetManifestProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.TreeArtifactProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.NestedCloudAssemblyProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.FeatureFlagReportProperties, typing.Dict[builtins.str, typing.Any]]]] = None,
 ) -> None:
     """Type checking stubs"""
     pass
@@ -4310,7 +4499,7 @@ def _typecheckingstub__1aa6af50763dddea1d45ad3308472b2d2ff5763ed26b8f4919b6ff417
     display_name: typing.Optional[builtins.str] = None,
     environment: typing.Optional[builtins.str] = None,
     metadata: typing.Optional[typing.Mapping[builtins.str, typing.Sequence[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.MetadataEntry, typing.Dict[builtins.str, typing.Any]]]]] = None,
-    properties: typing.Optional[typing.Union[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AwsCloudFormationStackProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AssetManifestProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.TreeArtifactProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.NestedCloudAssemblyProperties, typing.Dict[builtins.str, typing.Any]]]] = None,
+    properties: typing.Optional[typing.Union[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AwsCloudFormationStackProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AssetManifestProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.TreeArtifactProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.NestedCloudAssemblyProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.FeatureFlagReportProperties, typing.Dict[builtins.str, typing.Any]]]] = None,
 ) -> None:
     """Type checking stubs"""
     pass
@@ -4354,7 +4543,7 @@ def _typecheckingstub__d44839b2c4ac38a89725b61338793da24a9add3afea876d70e9f06e98
     display_name: typing.Optional[builtins.str] = None,
     environment: typing.Optional[builtins.str] = None,
     metadata: typing.Optional[typing.Mapping[builtins.str, typing.Sequence[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.MetadataEntry, typing.Dict[builtins.str, typing.Any]]]]] = None,
-    properties: typing.Optional[typing.Union[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AwsCloudFormationStackProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AssetManifestProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.TreeArtifactProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.NestedCloudAssemblyProperties, typing.Dict[builtins.str, typing.Any]]]] = None,
+    properties: typing.Optional[typing.Union[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AwsCloudFormationStackProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AssetManifestProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.TreeArtifactProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.NestedCloudAssemblyProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.FeatureFlagReportProperties, typing.Dict[builtins.str, typing.Any]]]] = None,
 ) -> None:
     """Type checking stubs"""
     pass
@@ -4415,7 +4604,7 @@ def _typecheckingstub__2f357f6d07a16e0dfa09eb27eac736f3cba2a46289700a94afedb335c
     display_name: typing.Optional[builtins.str] = None,
     environment: typing.Optional[builtins.str] = None,
     metadata: typing.Optional[typing.Mapping[builtins.str, typing.Sequence[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.MetadataEntry, typing.Dict[builtins.str, typing.Any]]]]] = None,
-    properties: typing.Optional[typing.Union[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AwsCloudFormationStackProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AssetManifestProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.TreeArtifactProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.NestedCloudAssemblyProperties, typing.Dict[builtins.str, typing.Any]]]] = None,
+    properties: typing.Optional[typing.Union[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AwsCloudFormationStackProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.AssetManifestProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.TreeArtifactProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.NestedCloudAssemblyProperties, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.FeatureFlagReportProperties, typing.Dict[builtins.str, typing.Any]]]] = None,
 ) -> None:
     """Type checking stubs"""
     pass
@@ -4425,3 +4614,6 @@ def _typecheckingstub__0f13a4defa9d74d578442cc9dbb25cbe53318785930cd66e40d43ac92
 ) -> None:
     """Type checking stubs"""
     pass
+
+for cls in [IEnvironmentPlaceholderProvider]:
+    typing.cast(typing.Any, cls).__protocol_attrs__ = typing.cast(typing.Any, cls).__protocol_attrs__ - set(['__jsii_proxy_class__', '__jsii_type__'])

{aws_cdk_cx_api-2.182.0 → aws_cdk_cx_api-2.229.1}/src/aws_cdk/cx_api/_jsii/__init__.py

@@ -31,7 +31,7 @@ def check_type(argname: str, value: object, expected_type: typing.Any) -> typing
 import aws_cdk.cloud_assembly_schema._jsii
 
 __jsii_assembly__ = jsii.JSIIAssembly.load(
-    "@aws-cdk/cx-api", "2.182.0", __name__[0:-6], "cx-api@2.182.0.jsii.tgz"
+    "@aws-cdk/cx-api", "2.229.1", __name__[0:-6], "cx-api@2.229.1.jsii.tgz"
 )
 
 __all__ = [

{aws_cdk_cx_api-2.182.0 → aws_cdk_cx_api-2.229.1/src/aws_cdk.cx_api.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: aws-cdk.cx-api
-Version: 2.182.0
+Version: 2.229.1
 Summary: Cloud executable protocol
 Home-page: https://github.com/aws/aws-cdk
 Author: Amazon Web Services
@@ -10,7 +10,6 @@ Classifier: Intended Audience :: Developers
 Classifier: Operating System :: OS Independent
 Classifier: Programming Language :: JavaScript
 Classifier: Programming Language :: Python :: 3 :: Only
-Classifier: Programming Language :: Python :: 3.8
 Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
@@ -19,12 +18,12 @@ Classifier: Development Status :: 5 - Production/Stable
 Classifier: License :: OSI Approved
 Classifier: Framework :: AWS CDK
 Classifier: Framework :: AWS CDK :: 2
-Requires-Python: ~=3.8
+Requires-Python: ~=3.9
 Description-Content-Type: text/markdown
 License-File: LICENSE
 License-File: NOTICE
-Requires-Dist: aws-cdk.cloud-assembly-schema<41.0.0,>=40.6.0
-Requires-Dist: jsii<2.0.0,>=1.106.0
+Requires-Dist: aws-cdk.cloud-assembly-schema>=45.0.0
+Requires-Dist: jsii<2.0.0,>=1.119.0
 Requires-Dist: publication>=0.0.3
 Requires-Dist: typeguard<4.3.0,>=2.13.3
 
@@ -340,6 +339,20 @@ When this feature flag is enabled and calling KMS key grant method, the created
 }
 ```
 
+* `@aws-cdk/aws-kms:applyImportedAliasPermissionsToPrincipal`
+
+Enable grant methods on imported KMS Aliases to apply permissions scoped by the alias using the `kms:ResourceAliases` condition key. When this flag is disabled, grant* methods on `Alias.fromAliasName` remain no-ops to preserve existing behavior.
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-kms:applyImportedAliasPermissionsToPrincipal": true
+  }
+}
+```
+
 * `@aws-cdk/aws-eks:nodegroupNameAttribute`
 
 When enabled, nodegroupName attribute of the provisioned EKS NodeGroup will not have the cluster name prefix.
@@ -645,16 +658,191 @@ When this feature flag is enabled, CDK expands the scope of usage data collectio
 
 * `@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy`
 
-When this feature flag is enabled, Lambda will create new inline policies with AddToRolePolicy.
+[Deprecated default feature] When this feature flag is enabled, Lambda will create new inline policies with AddToRolePolicy.
 The purpose of this is to prevent lambda from creating a dependency on the Default Policy Statement.
 This solves an issue where a circular dependency could occur if adding lambda to something like a Cognito Trigger, then adding the User Pool to the lambda execution role permissions.
+However in the current implementation, we have removed a dependency of the lambda function on the policy. In addition to this, a Role will be attached to the Policy instead of an inline policy being attached to the role.
+This will create a data race condition in the CloudFormation template because the creation of the Lambda function no longer waits for the policy to be created. Having said that, we are not deprecating the feature (we are defaulting the feature flag to false for new stacks) since this feature can still be used to get around the circular dependency issue (issue-7016) particularly in cases where the lambda resource creation doesnt need to depend on the policy resource creation.
+We recommend to unset the feature flag if already set which will restore the original behavior.
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy": false
+  }
+}
+```
+
+* `@aws-cdk/aws-s3:setUniqueReplicationRoleName`
+
+When this feature flag is enabled, a unique role name is specified only when performing cross-account replication.
+When disabled, 'CDKReplicationRole' is always specified.
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-s3:setUniqueReplicationRoleName": true
+  }
+}
+```
+
+* `@aws-cdk/pipelines:reduceStageRoleTrustScope`
+
+When this feature flag is enabled, the root account principal will not be added to the trust policy of stage role.
+When this feature flag is disabled, it will keep the root account principal in the trust policy.
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/pipelines:reduceStageRoleTrustScope": true
+  }
+}
+```
+
+* `@aws-cdk/aws-events:requireEventBusPolicySid`
+
+When this flag is enabled:
+
+* Resource policies will be created with Statement IDs for service principals
+* The operation will succeed as expected
+
+When this flag is disabled:
+
+* A warning will be emitted
+* The grant operation will be dropped
+* No permissions will be added
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-events:requireEventBusPolicySid": true
+  }
+}
+```
+
+* `@aws-cdk/aws-dynamodb:retainTableReplica`
+
+Currently, table replica will always be deleted when stack deletes regardless of source table's deletion policy.
+When enabled, table replica will be default to the removal policy of source table unless specified otherwise.
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-dynamodb:retainTableReplica": true
+  }
+}
+```
+
+* `@aws-cdk/cognito:logUserPoolClientSecretValue`
+
+When this feature flag is enabled, the SDK API call response to desribe user pool client values will be logged in the custom
+resource lambda function logs.
+
+When this feature flag is disabled, the SDK API call response to describe user pool client values will not be logged in the custom
+resource lambda function logs.
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/cognito:logUserPoolClientSecretValue": true
+  }
+}
+```
+
+* `@aws-cdk/aws-s3:publicAccessBlockedByDefault`
+
+When BlockPublicAccess is not set at all, s3's default behavior will be to set all options to true in aws console.
+The previous behavior in cdk before this feature was; if only some of the BlockPublicAccessOptions were set (not all 4), then the ones undefined would default to false.
+This is counter intuitive to the console behavior where the options would start in true state and a user would uncheck the boxes as needed.
+The new behavior from this feature will allow a user, for example, to set 1 of the 4 BlockPublicAccessOpsions to false, and on deployment the other 3 will remain true.
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-s3:publicAccessBlockedByDefault": true
+  }
+}
+```
+
+* `@aws-cdk/aws-ec2:requirePrivateSubnetsForEgressOnlyInternetGateway`
+
+When this feature flag is enabled, EgressOnlyGateway is created only for dual-stack VPC with private subnets
+
+When this feature flag is disabled, EgressOnlyGateway resource is created for all dual-stack VPC regardless of subnet type
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-ec2:requirePrivateSubnetsForEgressOnlyInternetGateway": true
+  }
+}
+```
+
+* `@aws-cdk/aws-stepfunctions-tasks:httpInvokeDynamicJsonPathEndpoint`
+
+When this feature flag is enabled, the JSONPath apiEndpoint value will be resolved dynamically at runtime, while slightly increasing the size of the state machine definition.
+When disabled, the JSONPath apiEndpoint property will only support a static string value.
+
+_cdk.json
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-stepfunctions-tasks:httpInvokeDynamicJsonPathEndpoint": true
+  }
+}
+```
+
+* `@aws-cdk/aws-signer:signingProfileNamePassedToCfn`
+
+When this feature flag is enabled, the `signingProfileName` property is passed to the L1 `CfnSigningProfile` construct,
+which ensures that the AWS Signer profile is created with the specified name.
+
+When this feature flag is disabled, the `signingProfileName` is not passed to CloudFormation, maintaining backward
+compatibility with existing deployments where CloudFormation auto-generated profile names.
+
+This feature flag is needed because enabling it can cause existing signing profiles to be
+replaced during deployment if a `signingProfileName` was specified but not previously used
+in the CloudFormation template.
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-signer:signingProfileNamePassedToCfn": true
+  }
+}
+```
+
+* `@aws-cdk/aws-ecs-patterns:uniqueTargetGroupId`
+
+When enabled, ECS patterns will generate unique target group IDs that include the load balancer name and type (public/private). This prevents CloudFormation conflicts when switching between public and private load balancers.
+
+Without this flag, switching an ApplicationLoadBalancedFargateService from public to private (or vice versa) fails with "target group cannot be associated with more than one load balancer" error.
 
 *cdk.json*
 
 ```json
 {
   "context": {
-    "@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy": true
+    "@aws-cdk/aws-ecs-patterns:uniqueTargetGroupId": true
   }
 }
 ```

{aws_cdk_cx_api-2.182.0 → aws_cdk_cx_api-2.229.1}/src/aws_cdk.cx_api.egg-info/SOURCES.txt

@@ -12,4 +12,4 @@ src/aws_cdk.cx_api.egg-info/top_level.txt
 src/aws_cdk/cx_api/__init__.py
 src/aws_cdk/cx_api/py.typed
 src/aws_cdk/cx_api/_jsii/__init__.py
-src/aws_cdk/cx_api/_jsii/cx-api@2.182.0.jsii.tgz
+src/aws_cdk/cx_api/_jsii/cx-api@2.229.1.jsii.tgz

aws_cdk_cx_api-2.229.1/src/aws_cdk.cx_api.egg-info/requires.txt

@@ -0,0 +1,4 @@
+aws-cdk.cloud-assembly-schema>=45.0.0
+jsii<2.0.0,>=1.119.0
+publication>=0.0.3
+typeguard<4.3.0,>=2.13.3

aws_cdk_cx_api-2.182.0/src/aws_cdk.cx_api.egg-info/requires.txt

@@ -1,4 +0,0 @@
-aws-cdk.cloud-assembly-schema<41.0.0,>=40.6.0
-jsii<2.0.0,>=1.106.0
-publication>=0.0.3
-typeguard<4.3.0,>=2.13.3