konokenj.cdk-api-mcp-server 0.28.0__py3-none-any.whl → 0.30.0__py3-none-any.whl

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/README.md

@@ -69,12 +69,12 @@ This example defines an Amazon EKS cluster with the following configuration:
 * A Kubernetes pod with a container based on the [paulbouwer/hello-kubernetes](https://github.com/paulbouwer/hello-kubernetes) image.
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 
 // provisioning a cluster
 const cluster = new eks.Cluster(this, 'hello-eks', {
-  version: eks.KubernetesVersion.V1_32,
-  kubectlLayer: new KubectlV32Layer(this, 'kubectl'),
+  version: eks.KubernetesVersion.V1_33,
+  kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
 });
 
 // apply a kubernetes manifest to the cluster
@@ -139,22 +139,22 @@ A more detailed breakdown of each is provided further down this README.
 Creating a new cluster is done using the `Cluster` or `FargateCluster` constructs. The only required properties are the kubernetes `version` and `kubectlLayer`.
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 
 new eks.Cluster(this, 'HelloEKS', {
-  version: eks.KubernetesVersion.V1_32,
-  kubectlLayer: new KubectlV32Layer(this, 'kubectl'),
+  version: eks.KubernetesVersion.V1_33,
+  kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
 });
 ```
 
 You can also use `FargateCluster` to provision a cluster that uses only fargate workers.
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 
 new eks.FargateCluster(this, 'HelloEKS', {
-  version: eks.KubernetesVersion.V1_32,
-  kubectlLayer: new KubectlV32Layer(this, 'kubectl'),
+  version: eks.KubernetesVersion.V1_33,
+  kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
 });
 ```
 
@@ -177,13 +177,13 @@ By default, this library will allocate a managed node group with 2 *m5.large* in
 At cluster instantiation time, you can customize the number of instances and their type:
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 
 new eks.Cluster(this, 'HelloEKS', {
-  version: eks.KubernetesVersion.V1_32,
+  version: eks.KubernetesVersion.V1_33,
   defaultCapacity: 5,
   defaultCapacityInstance: ec2.InstanceType.of(ec2.InstanceClass.M5, ec2.InstanceSize.SMALL),
-  kubectlLayer: new KubectlV32Layer(this, 'kubectl'),
+  kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
 });
 ```
 
@@ -192,12 +192,12 @@ To access the node group that was created on your behalf, you can use `cluster.d
 Additional customizations are available post instantiation. To apply them, set the default capacity to 0, and use the `cluster.addNodegroupCapacity` method:
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 
 const cluster = new eks.Cluster(this, 'HelloEKS', {
-  version: eks.KubernetesVersion.V1_32,
+  version: eks.KubernetesVersion.V1_33,
   defaultCapacity: 0,
-  kubectlLayer: new KubectlV32Layer(this, 'kubectl'),
+  kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
 });
 
 cluster.addNodegroupCapacity('custom-node-group', {
@@ -273,7 +273,7 @@ Node groups are available with IPv6 configured networks.  For custom roles assig
 > For more details visit [Configuring the Amazon VPC CNI plugin for Kubernetes to use IAM roles for service accounts](https://docs.aws.amazon.com/eks/latest/userguide/cni-iam-role.html#cni-iam-role-create-role)
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 
 const ipv6Management = new iam.PolicyDocument({
     statements: [new iam.PolicyStatement({
@@ -299,9 +299,9 @@ const eksClusterNodeGroupRole = new iam.Role(this, 'eksClusterNodeGroupRole', {
 });
 
 const cluster = new eks.Cluster(this, 'HelloEKS', {
-  version: eks.KubernetesVersion.V1_32,
+  version: eks.KubernetesVersion.V1_33,
   defaultCapacity: 0,
-  kubectlLayer: new KubectlV32Layer(this, 'kubectl'),
+  kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
 });
 
 cluster.addNodegroupCapacity('custom-node-group', {
@@ -413,12 +413,12 @@ has been changed. As a workaround, you need to add a temporary policy to the clu
 successful replacement. Consider this example if you are renaming the cluster from `foo` to `bar`:
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 
 const cluster = new eks.Cluster(this, 'cluster-to-rename', {
   clusterName: 'foo', // rename this to 'bar'
-  kubectlLayer: new KubectlV32Layer(this, 'kubectl'),
-  version: eks.KubernetesVersion.V1_32,
+  kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
+  version: eks.KubernetesVersion.V1_33,
 });
 
 // allow the cluster admin role to delete the cluster 'foo'
@@ -471,11 +471,11 @@ To create an EKS cluster that **only** uses Fargate capacity, you can use `Farga
 The following code defines an Amazon EKS cluster with a default Fargate Profile that matches all pods from the "kube-system" and "default" namespaces. It is also configured to [run CoreDNS on Fargate](https://docs.aws.amazon.com/eks/latest/userguide/fargate-getting-started.html#fargate-gs-coredns).
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 
 const cluster = new eks.FargateCluster(this, 'MyCluster', {
-  version: eks.KubernetesVersion.V1_32,
-  kubectlLayer: new KubectlV32Layer(this, 'kubectl'),
+  version: eks.KubernetesVersion.V1_33,
+  kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
 });
 ```
 
@@ -551,12 +551,12 @@ To disable bootstrapping altogether (i.e. to fully customize user-data), set `bo
 You can also configure the cluster to use an auto-scaling group as the default capacity:
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 
 const cluster = new eks.Cluster(this, 'HelloEKS', {
-  version: eks.KubernetesVersion.V1_32,
+  version: eks.KubernetesVersion.V1_33,
   defaultCapacityType: eks.DefaultCapacityType.EC2,
-  kubectlLayer: new KubectlV32Layer(this, 'kubectl'),
+  kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
 });
 ```
 
@@ -658,12 +658,12 @@ AWS Identity and Access Management (IAM) and native Kubernetes [Role Based Acces
 You can configure the [cluster endpoint access](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) by using the `endpointAccess` property:
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 
 const cluster = new eks.Cluster(this, 'hello-eks', {
-  version: eks.KubernetesVersion.V1_32,
+  version: eks.KubernetesVersion.V1_33,
   endpointAccess: eks.EndpointAccess.PRIVATE, // No access outside of your VPC.
-  kubectlLayer: new KubectlV32Layer(this, 'kubectl'),
+  kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
 });
 ```
 
@@ -683,31 +683,31 @@ From the docs:
 To deploy the controller on your EKS cluster, configure the `albController` property:
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 
 new eks.Cluster(this, 'HelloEKS', {
-  version: eks.KubernetesVersion.V1_32,
+  version: eks.KubernetesVersion.V1_33,
   albController: {
     version: eks.AlbControllerVersion.V2_8_2,
   },
-  kubectlLayer: new KubectlV32Layer(this, 'kubectl'),
+  kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
 });
 ```
 
 To provide additional Helm chart values supported by `albController` in CDK, use the `additionalHelmChartValues` property. For example, the following code snippet shows how to set the `enableWafV2` flag:
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 
 new eks.Cluster(this, 'HelloEKS', {
-  version: eks.KubernetesVersion.V1_32,
+  version: eks.KubernetesVersion.V1_33,
   albController: {
     version: eks.AlbControllerVersion.V2_8_2,
     additionalHelmChartValues: {
       enableWafv2: false
     }
   },
-  kubectlLayer: new KubectlV32Layer(this, 'kubectl'),
+  kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
 });
 ```
 
@@ -744,15 +744,15 @@ if (cluster.albController) {
 You can specify the VPC of the cluster using the `vpc` and `vpcSubnets` properties:
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 
 declare const vpc: ec2.Vpc;
 
 new eks.Cluster(this, 'HelloEKS', {
-  version: eks.KubernetesVersion.V1_32,
+  version: eks.KubernetesVersion.V1_33,
   vpc,
   vpcSubnets: [{ subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS }],
-  kubectlLayer: new KubectlV32Layer(this, 'kubectl'),
+  kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
 });
 ```
 
@@ -795,11 +795,11 @@ The `ClusterHandler` is a set of Lambda functions (`onEventHandler`, `isComplete
 You can configure the environment of the Cluster Handler functions by specifying it at cluster instantiation. For example, this can be useful in order to configure an http proxy:
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 
 declare const proxyInstanceSecurityGroup: ec2.SecurityGroup;
 const cluster = new eks.Cluster(this, 'hello-eks', {
-  version: eks.KubernetesVersion.V1_32,
+  version: eks.KubernetesVersion.V1_33,
   clusterHandlerEnvironment: {
     https_proxy: 'http://proxy.myproxy.com',
   },
@@ -808,7 +808,7 @@ const cluster = new eks.Cluster(this, 'hello-eks', {
    * Cluster Handler Lambdas so that it can reach the proxy.
    */
   clusterHandlerSecurityGroup: proxyInstanceSecurityGroup,
-  kubectlLayer: new KubectlV32Layer(this, 'kubectl'),
+  kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
 });
 ```
 
@@ -817,7 +817,7 @@ const cluster = new eks.Cluster(this, 'hello-eks', {
 You can optionally choose to configure your cluster to use IPv6 using the [`ipFamily`](https://docs.aws.amazon.com/eks/latest/APIReference/API_KubernetesNetworkConfigRequest.html#AmazonEKS-Type-KubernetesNetworkConfigRequest-ipFamily) definition for your cluster.  Note that this will require the underlying subnets to have an associated IPv6 CIDR.
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 declare const vpc: ec2.Vpc;
 
 function associateSubnetWithV6Cidr(vpc: ec2.Vpc, count: number, subnet: ec2.ISubnet) {
@@ -843,11 +843,11 @@ for (let subnet of subnets) {
 }
 
 const cluster = new eks.Cluster(this, 'hello-eks', {
-  version: eks.KubernetesVersion.V1_32,
+  version: eks.KubernetesVersion.V1_33,
   vpc: vpc,
   ipFamily: eks.IpFamily.IP_V6,
   vpcSubnets: [{ subnets: vpc.publicSubnets }],
-  kubectlLayer: new KubectlV32Layer(this, 'kubectl'),
+  kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
 });
 ```
 
@@ -878,14 +878,14 @@ const cluster = eks.Cluster.fromClusterAttributes(this, 'Cluster', {
 You can configure the environment of this function by specifying it at cluster instantiation. For example, this can be useful in order to configure an http proxy:
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 
 const cluster = new eks.Cluster(this, 'hello-eks', {
-  version: eks.KubernetesVersion.V1_32,
+  version: eks.KubernetesVersion.V1_33,
   kubectlEnvironment: {
     'http_proxy': 'http://proxy.myproxy.com',
   },
-  kubectlLayer: new KubectlV32Layer(this, 'kubectl'),
+  kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
 });
 ```
 
@@ -902,11 +902,11 @@ Depending on which version of kubernetes you're targeting, you will need to use
 the `@aws-cdk/lambda-layer-kubectl-vXY` packages.
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 
 const cluster = new eks.Cluster(this, 'hello-eks', {
-  version: eks.KubernetesVersion.V1_32,
-  kubectlLayer: new KubectlV32Layer(this, 'kubectl'),
+  version: eks.KubernetesVersion.V1_33,
+  kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
 });
 ```
 
@@ -941,7 +941,7 @@ const cluster1 = new eks.Cluster(this, 'MyCluster', {
   kubectlLayer: layer,
   vpc,
   clusterName: 'cluster-name',
-  version: eks.KubernetesVersion.V1_32,
+  version: eks.KubernetesVersion.V1_33,
 });
 
 // or
@@ -957,12 +957,12 @@ const cluster2 = eks.Cluster.fromClusterAttributes(this, 'MyCluster', {
 By default, the kubectl provider is configured with 1024MiB of memory. You can use the `kubectlMemory` option to specify the memory size for the AWS Lambda function:
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 
 new eks.Cluster(this, 'MyCluster', {
   kubectlMemory: Size.gibibytes(4),
-  version: eks.KubernetesVersion.V1_32,
-  kubectlLayer: new KubectlV32Layer(this, 'kubectl'),
+  version: eks.KubernetesVersion.V1_33,
+  kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
 });
 
 // or
@@ -999,13 +999,13 @@ cluster.addAutoScalingGroupCapacity('self-ng-arm', {
 When you create a cluster, you can specify a `mastersRole`. The `Cluster` construct will associate this role with the `system:masters` [RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) group, giving it super-user access to the cluster.
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 
 declare const role: iam.Role;
 new eks.Cluster(this, 'HelloEKS', {
-  version: eks.KubernetesVersion.V1_32,
+  version: eks.KubernetesVersion.V1_33,
   mastersRole: role,
-  kubectlLayer: new KubectlV32Layer(this, 'kubectl'),
+  kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
 });
 ```
 
@@ -1051,26 +1051,26 @@ You can use the `secretsEncryptionKey` to configure which key the cluster will u
 > This setting can only be specified when the cluster is created and cannot be updated.
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 
 const secretsKey = new kms.Key(this, 'SecretsKey');
 const cluster = new eks.Cluster(this, 'MyCluster', {
   secretsEncryptionKey: secretsKey,
-  version: eks.KubernetesVersion.V1_32,
-  kubectlLayer: new KubectlV32Layer(this, 'kubectl'),
+  version: eks.KubernetesVersion.V1_33,
+  kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
 });
 ```
 
 You can also use a similar configuration for running a cluster built using the FargateCluster construct.
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 
 const secretsKey = new kms.Key(this, 'SecretsKey');
 const cluster = new eks.FargateCluster(this, 'MyFargateCluster', {
   secretsEncryptionKey: secretsKey,
-  version: eks.KubernetesVersion.V1_32,
-  kubectlLayer: new KubectlV32Layer(this, 'kubectl'),
+  version: eks.KubernetesVersion.V1_33,
+  kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
 });
 ```
 
@@ -1088,11 +1088,11 @@ When you create an Amazon EKS cluster, you can configure it to leverage the [EKS
 Once you have identified the on-premises node and pod (optional) CIDRs you will use for your hybrid nodes and the workloads running on them, you can specify them during cluster creation using the `remoteNodeNetworks` and `remotePodNetworks` (optional) properties:
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 
 new eks.Cluster(this, 'Cluster', {
-  version: eks.KubernetesVersion.V1_32,
-  kubectlLayer: new KubectlV32Layer(this, 'KubectlLayer'),
+  version: eks.KubernetesVersion.V1_33,
+  kubectlLayer: new KubectlV33Layer(this, 'KubectlLayer'),
   remoteNodeNetworks: [
     {
       cidrs: ['10.0.0.0/16'],
@@ -1145,7 +1145,7 @@ To access the Kubernetes resources from the console, make sure your viewing prin
 in the `aws-auth` ConfigMap. Some options to consider:
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 declare const cluster: eks.Cluster;
 declare const your_current_role: iam.Role;
 declare const vpc: ec2.Vpc;
@@ -1165,7 +1165,7 @@ your_current_role.addToPolicy(new iam.PolicyStatement({
 
 ```ts
 // Option 2: create your custom mastersRole with scoped assumeBy arn as the Cluster prop. Switch to this role from the AWS console.
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 declare const vpc: ec2.Vpc;
 
 
@@ -1175,8 +1175,8 @@ const mastersRole = new iam.Role(this, 'MastersRole', {
 
 const cluster = new eks.Cluster(this, 'EksCluster', {
   vpc,
-  version: eks.KubernetesVersion.V1_32,
-  kubectlLayer: new KubectlV32Layer(this, 'KubectlLayer'),
+  version: eks.KubernetesVersion.V1_33,
+  kubectlLayer: new KubectlV33Layer(this, 'KubectlLayer'),
   mastersRole,
 });
 
@@ -1220,13 +1220,13 @@ AWS IAM principals from both Amazon EKS access entry APIs and the aws-auth confi
 To specify the `authenticationMode`:
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 declare const vpc: ec2.Vpc;
 
 new eks.Cluster(this, 'Cluster', {
   vpc,
-  version: eks.KubernetesVersion.V1_32,
-  kubectlLayer: new KubectlV32Layer(this, 'KubectlLayer'),
+  version: eks.KubernetesVersion.V1_33,
+  kubectlLayer: new KubectlV33Layer(this, 'KubectlLayer'),
   authenticationMode: eks.AuthenticationMode.API_AND_CONFIG_MAP,
 });
 ```
@@ -1271,7 +1271,7 @@ eks.AccessPolicy.fromAccessPolicyName('AmazonEKSAdminPolicy', {
 Use `grantAccess()` to grant the AccessPolicy to an IAM principal:
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 declare const vpc: ec2.Vpc;
 
 const clusterAdminRole = new iam.Role(this, 'ClusterAdminRole', {
@@ -1289,8 +1289,8 @@ const eksAdminViewRole = new iam.Role(this, 'EKSAdminViewRole', {
 const cluster = new eks.Cluster(this, 'Cluster', {
   vpc,
   mastersRole: clusterAdminRole,
-  version: eks.KubernetesVersion.V1_32,
-  kubectlLayer: new KubectlV32Layer(this, 'KubectlLayer'),
+  version: eks.KubernetesVersion.V1_33,
+  kubectlLayer: new KubectlV33Layer(this, 'KubectlLayer'),
   authenticationMode: eks.AuthenticationMode.API_AND_CONFIG_MAP,
 });
 
@@ -1622,12 +1622,12 @@ Pruning is enabled by default but can be disabled through the `prune` option
 when a cluster is defined:
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 
 new eks.Cluster(this, 'MyCluster', {
-  version: eks.KubernetesVersion.V1_32,
+  version: eks.KubernetesVersion.V1_33,
   prune: false,
-  kubectlLayer: new KubectlV32Layer(this, 'kubectl'),
+  kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
 });
 ```
 
@@ -2030,17 +2030,17 @@ You can enable logging for each one separately using the `clusterLogging`
 property. For example:
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 
 const cluster = new eks.Cluster(this, 'Cluster', {
   // ...
-  version: eks.KubernetesVersion.V1_32,
+  version: eks.KubernetesVersion.V1_33,
   clusterLogging: [
     eks.ClusterLoggingTypes.API,
     eks.ClusterLoggingTypes.AUTHENTICATOR,
     eks.ClusterLoggingTypes.SCHEDULER,
   ],
-  kubectlLayer: new KubectlV32Layer(this, 'kubectl'),
+  kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
 });
 ```
 

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.eks-al2023-nodegroup.ts

@@ -27,7 +27,7 @@ class EksClusterStack extends Stack {
       vpc: this.vpc,
       mastersRole,
       defaultCapacity: 0,
-      ...getClusterVersionConfig(this, eks.KubernetesVersion.V1_32),
+      ...getClusterVersionConfig(this, eks.KubernetesVersion.V1_33),
     });
 
     // create nodegroup with AL2023_X86_64_STANDARD
@@ -65,4 +65,3 @@ new integ.IntegTest(app, 'aws-cdk-eks-cluster-al2023-nodegroup', {
   // Test includes assets that are updated weekly. If not disabled, the upgrade PR will fail.
   diffAssets: false,
 });
-app.synth();

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.fargate-cluster.ts

@@ -17,7 +17,7 @@ class EksFargateClusterStack extends Stack {
     this.node.setContext(EC2_RESTRICT_DEFAULT_SECURITY_GROUP, false);
     this.vpc = props?.vpc ?? this.createDummyVpc();
     new eks.FargateCluster(this, 'FargateCluster', {
-      ...getClusterVersionConfig(this, eks.KubernetesVersion.V1_30),
+      ...getClusterVersionConfig(this, eks.KubernetesVersion.V1_33),
       prune: false,
       authenticationMode: props?.authMode,
       vpc: this.vpc,
@@ -50,5 +50,3 @@ new integ.IntegTest(app, 'aws-cdk-eks-fargate-cluster', {
   // Test includes assets that are updated weekly. If not disabled, the upgrade PR will fail.
   diffAssets: false,
 });
-
-app.synth();

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.helm-chart-logging.ts

@@ -0,0 +1,55 @@
+/// !cdk-integ pragma:disable-update-workflow
+import * as ec2 from 'aws-cdk-lib/aws-ec2';
+import { App, Stack } from 'aws-cdk-lib';
+import * as integ from '@aws-cdk/integ-tests-alpha';
+import { getClusterVersionConfig } from './integ-tests-kubernetes-version';
+import * as eks from 'aws-cdk-lib/aws-eks';
+
+/**
+ * Integration test for improved Helm chart error logging
+ *
+ * This test creates a minimal EKS cluster and installs a Helm chart
+ * to verify the improved error logging functionality.
+ */
+class HelmChartLoggingStack extends Stack {
+  constructor(scope: App, id: string) {
+    super(scope, id);
+
+    // Create a minimal VPC with just one NAT gateway
+    const vpc = new ec2.Vpc(this, 'Vpc', {
+      natGateways: 1,
+      restrictDefaultSecurityGroup: false,
+    });
+
+    // Create a minimal EKS cluster
+    const cluster = new eks.Cluster(this, 'Cluster', {
+      vpc,
+      defaultCapacity: 1,
+      ...getClusterVersionConfig(this),
+    });
+
+    // Install a simple Helm chart from a public repository
+    // Using the AWS Load Balancer Controller chart as it's commonly used
+    cluster.addHelmChart('aws-load-balancer-controller', {
+      chart: 'aws-load-balancer-controller',
+      repository: 'https://aws.github.io/eks-charts',
+      namespace: 'kube-system',
+      version: '1.6.0',
+      values: {
+        clusterName: cluster.clusterName,
+      },
+    });
+  }
+}
+
+const app = new App();
+
+const stack = new HelmChartLoggingStack(app, 'aws-cdk-eks-helm-logging-test');
+
+new integ.IntegTest(app, 'aws-cdk-eks-helm-logging', {
+  testCases: [stack],
+  // Test includes assets that are updated weekly. If not disabled, the upgrade PR will fail.
+  diffAssets: false,
+});
+
+app.synth();

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-kms/README.md

@@ -91,9 +91,10 @@ const trail = new cloudtrail.Trail(this, 'myCloudTrail', {
 });
 ```
 
-Note that calls to `addToResourcePolicy` and `grant*` methods on `myKeyAlias` will be
-no-ops, and `addAlias` and `aliasTargetKey` will fail, as the imported alias does not
-have a reference to the underlying KMS Key.
+Note that calls to `addToResourcePolicy` method on `myKeyAlias` will be a no-op, `addAlias` and `aliasTargetKey` will fail.
+The `grant*` methods will not modify the key policy, as the imported alias does not have a reference to the underlying KMS Key.
+For the `grant*` methods to modify the principal's IAM policy, the feature flag `@aws-cdk/aws-kms:applyImportedAliasPermissionsToPrincipal`
+must be set to `true`. By default, this flag is `false` and `grant*` calls on an imported alias are a no-op.
 
 ### Lookup key by alias
 

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-kms/integ.alias-from-alias-name.ts

@@ -0,0 +1,26 @@
+import { App, Stack } from 'aws-cdk-lib';
+import { Alias } from 'aws-cdk-lib/aws-kms';
+import { IntegTest } from '@aws-cdk/integ-tests-alpha';
+import { ServicePrincipal, Role } from 'aws-cdk-lib/aws-iam';
+import * as cxapi from 'aws-cdk-lib/cx-api';
+
+const app = new App({
+  context: { [cxapi.KMS_APPLY_IMPORTED_ALIAS_PERMISSIONS_TO_PRINCIPAL]: true },
+});
+const stack = new Stack(app, 'aws-cdk-kms');
+const alias = Alias.fromAliasName(stack, 'alias', 'alias/MyKey');
+
+const role = new Role(stack, 'Role', {
+  assumedBy: new ServicePrincipal('lambda.amazonaws.com'),
+});
+
+alias.grantVerifyMac(role);
+alias.grantEncryptDecrypt(role);
+alias.grantSignVerify(role);
+alias.grantGenerateMac(role);
+
+new IntegTest(app, 'kms-alias-from-alias-name', {
+  testCases: [stack],
+});
+
+app.synth();

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda/README.md

@@ -281,6 +281,21 @@ const fn = new lambda.Function(this, 'MyFunctionWithFFTrue', {
 cdk.Tags.of(fn).add('env', 'dev'); // the tag is also added to the log group
 ```
 
+### Log removal policy
+
+When using the deprecated `logRetention` property for creating a LogGroup, you can configure log removal policy:
+```ts
+import * as logs from 'aws-cdk-lib/aws-logs';
+
+const fn = new lambda.Function(this, 'MyFunctionWithFFTrue', {
+  runtime: lambda.Runtime.NODEJS_LATEST,
+  handler: 'handler.main',
+  code: lambda.Code.fromAsset('lambda'),
+  logRetention: logs.RetentionDays.INFINITE,
+  logRemovalPolicy: RemovalPolicy.RETAIN,
+});
+```
+
 ## Resource-based Policies
 
 AWS Lambda supports resource-based policies for controlling access to Lambda