konokenj.cdk-api-mcp-server 0.31.0__py3-none-any.whl → 0.57.0__py3-none-any.whl

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-dynamodb/integ.table-v2-global.ts

@@ -19,7 +19,9 @@ class TestStack extends Stack {
         writeCapacity: Capacity.autoscaled({ maxCapacity: 20, targetUtilizationPercent: 60, seedCapacity: 10 }),
       }),
       encryption: TableEncryptionV2.awsManagedKey(),
-      contributorInsights: true,
+      contributorInsightsSpecification: {
+        enabled: true,
+      },
       pointInTimeRecovery: true,
       tableClass: TableClass.STANDARD_INFREQUENT_ACCESS,
       timeToLiveAttribute: 'attr',
@@ -49,7 +51,9 @@ class TestStack extends Stack {
           readCapacity: Capacity.autoscaled({ minCapacity: 5, maxCapacity: 25 }),
           globalSecondaryIndexOptions: {
             gsi2: {
-              contributorInsights: false,
+              contributorInsightsSpecification: {
+                enabled: false,
+              },
             },
           },
           tags: [{ key: 'USE2ReplicaTagKey', value: 'USE2ReplicaTagValue' }],
@@ -57,7 +61,9 @@ class TestStack extends Stack {
         {
           region: 'us-west-2',
           tableClass: TableClass.STANDARD,
-          contributorInsights: false,
+          contributorInsightsSpecification: {
+            enabled: false,
+          },
           globalSecondaryIndexOptions: {
             gsi1: {
               readCapacity: Capacity.fixed(15),

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-dynamodb/integ.table-v2-mrsc.ts

@@ -0,0 +1,31 @@
+import { IntegTest } from '@aws-cdk/integ-tests-alpha';
+import { App, RemovalPolicy, Stack, StackProps } from 'aws-cdk-lib';
+import { AttributeType, MultiRegionConsistency, TableV2 } from 'aws-cdk-lib/aws-dynamodb';
+import { Construct } from 'constructs';
+
+class TestStack extends Stack {
+  public constructor(scope: Construct, id: string, props: StackProps) {
+    super(scope, id, props);
+
+    new TableV2(this, 'GlobalTable', {
+      tableName: 'my-global-table',
+      partitionKey: { name: 'pk', type: AttributeType.STRING },
+      sortKey: { name: 'sk', type: AttributeType.NUMBER },
+      removalPolicy: RemovalPolicy.DESTROY,
+      multiRegionConsistency: MultiRegionConsistency.STRONG,
+      witnessRegion: 'us-west-2',
+      replicas: [
+        {
+          region: 'us-east-2',
+        },
+      ],
+    });
+  }
+}
+
+const app = new App();
+new IntegTest(app, 'aws-cdk-global-table-integ', {
+  testCases: [new TestStack(app, 'aws-cdk-global-table-mrsc', { env: { region: 'us-east-1' } })],
+  regions: ['us-east-1'],
+  stackUpdateWorkflow: false,
+});

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-dynamodb/integ.table-v2.compound.ts

@@ -0,0 +1,43 @@
+import { IntegTest } from '@aws-cdk/integ-tests-alpha';
+import { App, RemovalPolicy, Stack } from 'aws-cdk-lib';
+import { AttributeType, ProjectionType, TableV2 } from 'aws-cdk-lib/aws-dynamodb';
+
+const app = new App();
+const stack = new Stack(app, 'aws-cdk-dynamodb-v2-compound-keys');
+
+const table = new TableV2(stack, 'Table', {
+  tableName: 'cdk-test-tableV2-compound',
+  partitionKey: { name: 'pkey', type: AttributeType.NUMBER },
+  globalSecondaryIndexes: [{
+    indexName: 'IndexA',
+    partitionKeys: [{ name: 'GSIAPK1', type: AttributeType.STRING }, { name: 'GSIAPK2', type: AttributeType.STRING }],
+    sortKeys: [{ name: 'GSIASK1', type: AttributeType.STRING }, { name: 'GSIASK2', type: AttributeType.NUMBER }],
+  }],
+  removalPolicy: RemovalPolicy.DESTROY,
+});
+
+table.addGlobalSecondaryIndex({
+  indexName: 'IndexB',
+  partitionKeys: [{ name: 'PK1', type: AttributeType.STRING }, { name: 'PK2', type: AttributeType.NUMBER }],
+  sortKeys: [{ name: 'SK1', type: AttributeType.STRING }, { name: 'SK2', type: AttributeType.NUMBER }],
+  projectionType: ProjectionType.INCLUDE,
+  nonKeyAttributes: ['bar'],
+});
+
+table.addGlobalSecondaryIndex({
+  indexName: 'IndexC',
+  partitionKey: { name: 'baz', type: AttributeType.STRING },
+  sortKeys: [{ name: 'bar', type: AttributeType.STRING }],
+  projectionType: ProjectionType.INCLUDE,
+  nonKeyAttributes: ['blah'],
+});
+
+table.addGlobalSecondaryIndex({
+  indexName: 'IndexD',
+  partitionKeys: [{ name: 'PK3', type: AttributeType.STRING }, { name: 'PK4', type: AttributeType.NUMBER }],
+  sortKeys: [{ name: 'SK3', type: AttributeType.STRING }, { name: 'SK4', type: AttributeType.NUMBER }],
+});
+
+new IntegTest(app, 'aws-cdk-dynamodbv2-compound-key-gsi', {
+  testCases: [stack],
+});

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ec2/README.md

@@ -1104,6 +1104,18 @@ new ec2.InterfaceVpcEndpoint(this, 'VPC Endpoint', {
 });
 ```
 
+For cross-region VPC endpoints, specify the `serviceRegion` parameter:
+
+```ts
+declare const vpc: ec2.Vpc;
+
+new ec2.InterfaceVpcEndpoint(this, 'CrossRegionEndpoint', {
+  vpc,
+  service: new ec2.InterfaceVpcEndpointService('com.amazonaws.vpce.us-east-1.vpce-svc-123456', 443),
+  serviceRegion: 'us-east-1', // Same region as the service endpoint above
+});
+```
+
 #### Security groups for interface VPC endpoints
 
 By default, interface VPC endpoints create a new security group and all traffic to the endpoint from within the VPC will be automatically allowed.
@@ -1294,6 +1306,21 @@ const endpoint = vpc.addClientVpnEndpoint('Endpoint', {
 });
 ```
 
+To control whether clients are automatically disconnected when the maximum session duration is reached, use the `disconnectOnSessionTimeout` prop.
+By default (`true`), clients are disconnected and must manually reconnect.
+Set to `false` to allow automatic reconnection attempts:
+
+```ts fixture=client-vpn
+const endpoint = vpc.addClientVpnEndpoint('Endpoint', {
+  cidr: '10.100.0.0/16',
+  serverCertificateArn: 'arn:aws:acm:us-east-1:123456789012:certificate/server-certificate-id',
+  clientCertificateArn: 'arn:aws:acm:us-east-1:123456789012:certificate/client-certificate-id',
+  disconnectOnSessionTimeout: false, // Allow automatic reconnection attempts
+});
+```
+
+Detail information about maximum VPN session duration timeout can be found in the [AWS documentation](https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/cvpn-working-max-duration.html).
+
 ## Instances
 
 You can use the `Instance` class to start up a single EC2 instance. For production setups, we recommend
@@ -1880,7 +1907,7 @@ You can configure [tag propagation on volume creation](https://docs.aws.amazon.c
 
 #### Throughput on GP3 Volumes
 
-You can specify the `throughput` of a GP3 volume from 125 (default) to 1000.
+You can specify the `throughput` of a GP3 volume from 125 (default) to 2000.
 
 ```ts
 new ec2.Volume(this, 'Volume', {

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ec2/integ.client-vpn-endpoint-disconnect-on-session-timeout.ts

@@ -0,0 +1,65 @@
+import { App, RemovalPolicy, Stack, StackProps, UnscopedValidationError } from 'aws-cdk-lib';
+import * as acm from 'aws-cdk-lib/aws-certificatemanager';
+import * as ec2 from 'aws-cdk-lib/aws-ec2';
+import * as logs from 'aws-cdk-lib/aws-logs';
+import * as route53 from 'aws-cdk-lib/aws-route53';
+import { IntegTest } from '@aws-cdk/integ-tests-alpha';
+import { Construct } from 'constructs';
+
+/**
+ * In order to test this you need to have a valid public hosted zone that you can use
+ * to validate the domain identity.
+ */
+const hostedZoneId = process.env.CDK_INTEG_HOSTED_ZONE_ID ?? process.env.HOSTED_ZONE_ID;
+if (!hostedZoneId) throw new UnscopedValidationError('For this test you must provide your own HostedZoneId as an env var "HOSTED_ZONE_ID". See framework-integ/README.md for details.');
+const hostedZoneName = process.env.CDK_INTEG_HOSTED_ZONE_NAME ?? process.env.HOSTED_ZONE_NAME;
+if (!hostedZoneName) throw new UnscopedValidationError('For this test you must provide your own HostedZoneName as an env var "HOSTED_ZONE_NAME". See framework-integ/README.md for details.');
+
+interface TestStackProps extends StackProps {
+  hostedZoneId: string;
+  hostedZoneName: string;
+}
+
+class TestStack extends Stack {
+  constructor(scope: Construct, id: string, props: TestStackProps) {
+    super(scope, id, props);
+
+    const hostedZone = route53.PublicHostedZone.fromHostedZoneAttributes(this, 'HostedZone', {
+      hostedZoneId: props.hostedZoneId,
+      zoneName: props.hostedZoneName,
+    });
+
+    const serverCertificate = new acm.Certificate(this, 'Certificate', {
+      domainName: `server.${props.hostedZoneName}`,
+      validation: acm.CertificateValidation.fromDns(hostedZone),
+    });
+    const clientCertificate = new acm.Certificate(this, 'ClientCertificate', {
+      domainName: `client.${props.hostedZoneName}`,
+      validation: acm.CertificateValidation.fromDns(hostedZone),
+    });
+
+    const vpc = new ec2.Vpc(this, 'Vpc', { maxAzs: 2, natGateways: 0 });
+
+    const logGroup = new logs.LogGroup(this, 'LogGroup', {
+      removalPolicy: RemovalPolicy.DESTROY,
+    });
+
+    vpc.addClientVpnEndpoint('Endpoint', {
+      cidr: '10.100.0.0/16',
+      serverCertificateArn: serverCertificate.certificateArn,
+      clientCertificateArn: clientCertificate.certificateArn,
+      logGroup,
+      disconnectOnSessionTimeout: false,
+    });
+  }
+}
+
+const app = new App();
+new IntegTest(app, 'client-vpn-endpoint-integ', {
+  testCases: [
+    new TestStack(app, 'client-vpn-endpoint-stack', {
+      hostedZoneId,
+      hostedZoneName,
+    }),
+  ],
+});

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ec2/integ.vpc-endpoint.lit.ts

@@ -55,6 +55,12 @@ class VpcEndpointStack extends cdk.Stack {
       ipAddressType: ec2.VpcEndpointIpAddressType.IPV4,
       dnsRecordIpType: ec2.VpcEndpointDnsRecordIpType.IPV4,
     });
+
+    // Add a cross-region interface endpoint
+    vpc.addInterfaceEndpoint('CrossRegionEndpoint', {
+      service: new ec2.InterfaceVpcEndpointService('com.amazonaws.vpce.us-east-1.vpce-svc-123456', 443),
+      serviceRegion: 'us-east-1', // Cross-region service
+    });
   }
 }
 

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ec2/integ.vpc-flow-logs.ts

@@ -72,6 +72,10 @@ class TestStack extends Stack {
       destination: FlowLogDestination.toS3(),
     });
 
+    vpc.addFlowLog('FlowLogsCloudwatch', {
+      destination: FlowLogDestination.toCloudWatchLogs(),
+    });
+
     const bucket = new s3.Bucket(this, 'Bucket', {
       removalPolicy: RemovalPolicy.DESTROY,
       autoDeleteObjects: true,

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecr/README.md

@@ -121,12 +121,51 @@ By using these methods, you can grant specific operational permissions on the EC
 
 ### Image tag immutability
 
-You can set tag immutability on images in our repository using the `imageTagMutability` construct prop.
+You can set tag immutability on images in your repository using the `imageTagMutability` construct prop.
 
 ```ts
 new ecr.Repository(this, 'Repo', { imageTagMutability: ecr.TagMutability.IMMUTABLE });
 ```
 
+#### Image tag mutability with exclusion filters
+
+ECR supports more granular control over image tag mutability by allowing you to specify exclusion filters. This enables you to make your repository immutable while allowing specific tag patterns to remain mutable (or vice versa).
+
+There are two new mutability options that work with exclusion filters:
+
+- `MUTABLE_WITH_EXCLUSION`: Tags are mutable by default, except those matching the exclusion filters
+- `IMMUTABLE_WITH_EXCLUSION`: Tags are immutable by default, except those matching the exclusion filters
+
+Use `ImageTagMutabilityExclusionFilter.wildcard()` to create filters with wildcard patterns:
+
+```ts
+// Make all tags immutable except for those starting with 'dev-' or 'test-'
+new ecr.Repository(this, 'Repo', {
+  imageTagMutability: ecr.TagMutability.IMMUTABLE_WITH_EXCLUSION,
+  imageTagMutabilityExclusionFilters: [
+    ecr.ImageTagMutabilityExclusionFilter.wildcard('dev-*'),
+    ecr.ImageTagMutabilityExclusionFilter.wildcard('test-*'),
+  ],
+});
+```
+
+```ts
+// Make all tags mutable except for production releases
+new ecr.Repository(this, 'Repo', {
+  imageTagMutability: ecr.TagMutability.MUTABLE_WITH_EXCLUSION,
+  imageTagMutabilityExclusionFilters: [
+    ecr.ImageTagMutabilityExclusionFilter.wildcard('prod-*'),
+    ecr.ImageTagMutabilityExclusionFilter.wildcard('release-v*'),
+  ],
+});
+```
+
+##### Exclusion filter pattern rules
+
+- Patterns can contain alphanumeric characters, dots (.), underscores (_), hyphens (-), and asterisks (*) as wildcards
+- Maximum pattern length is 128 characters
+- You can specify up to 5 exclusion filters per repository
+
 ### Encryption
 
 By default, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts your data at rest using an AES-256 encryption algorithm. For more control over the encryption for your Amazon ECR repositories, you can use server-side encryption with KMS keys stored in AWS Key Management Service (AWS KMS). Read more about this feature in the [ECR Developer Guide](https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html).
@@ -209,7 +248,7 @@ repository.addToResourcePolicy(new iam.PolicyStatement({
 }));
 ```
 
-## import existing repository
+## Import existing repository
 
 You can import an existing repository into your CDK app using the `Repository.fromRepositoryArn`, `Repository.fromRepositoryName` or `Repository.fromLookup` method.
 These methods take the ARN or the name of the repository and returns an `IRepository` object.

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecr/integ.tag-mutability-exclusion.ts

@@ -0,0 +1,30 @@
+import * as cdk from 'aws-cdk-lib';
+import { IntegTest } from '@aws-cdk/integ-tests-alpha';
+import * as ecr from 'aws-cdk-lib/aws-ecr';
+
+const app = new cdk.App();
+const stack = new cdk.Stack(app, 'aws-ecr-tag-mutability-exclusion-stack');
+
+new ecr.Repository(stack, 'ImmutableRepoWithExclusions', {
+  imageTagMutability: ecr.TagMutability.IMMUTABLE_WITH_EXCLUSION,
+  imageTagMutabilityExclusionFilters: [
+    ecr.ImageTagMutabilityExclusionFilter.wildcard('dev-*'),
+    ecr.ImageTagMutabilityExclusionFilter.wildcard('test-*'),
+  ],
+  removalPolicy: cdk.RemovalPolicy.DESTROY,
+  emptyOnDelete: true,
+});
+
+new ecr.Repository(stack, 'MutableRepoWithExclusions', {
+  imageTagMutability: ecr.TagMutability.MUTABLE_WITH_EXCLUSION,
+  imageTagMutabilityExclusionFilters: [
+    ecr.ImageTagMutabilityExclusionFilter.wildcard('prod-*'),
+    ecr.ImageTagMutabilityExclusionFilter.wildcard('release-v*'),
+  ],
+  removalPolicy: cdk.RemovalPolicy.DESTROY,
+  emptyOnDelete: true,
+});
+
+new IntegTest(app, 'cdk-ecr-tag-mutability-exclusion-test', {
+  testCases: [stack],
+});

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecr-assets/README.md

@@ -163,6 +163,10 @@ This will instruct the toolkit to add the tarball as a file asset. During deploy
 from `local-image.tar`, push it to an Amazon ECR repository and wire the name of the repository as CloudFormation parameters
 to your stack.
 
+Similar to `DockerImageAsset`, you can set the `CDK_DOCKER` environment variable to provide a custom Docker executable 
+command or path. This may be needed when building in environments where the standard docker cannot be executed or when 
+using alternative container runtimes like Finch.
+
 ## Publishing images to ECR repositories
 
 `DockerImageAsset` is designed for seamless build & consumption of image assets by CDK code deployed to multiple environments

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecr-assets/integ.assets-docker.ts

@@ -46,6 +46,10 @@ const asset8 = new assets.DockerImageAsset(stack, 'DockerImage8', {
   cacheDisabled: true,
 });
 
+const asset9 = new assets.DockerImageAsset(stack, 'DockerImage9', {
+  directory: path.join(__dirname, 'demo-image-dockerignore'),
+});
+
 const user = new iam.User(stack, 'MyUser');
 asset.repository.grantPull(user);
 asset2.repository.grantPull(user);
@@ -55,6 +59,7 @@ asset5.repository.grantPull(user);
 asset6.repository.grantPull(user);
 asset7.repository.grantPull(user);
 asset8.repository.grantPull(user);
+asset9.repository.grantPull(user);
 
 new cdk.CfnOutput(stack, 'ImageUri', { value: asset.imageUri });
 new cdk.CfnOutput(stack, 'ImageUri2', { value: asset2.imageUri });
@@ -64,5 +69,6 @@ new cdk.CfnOutput(stack, 'ImageUri5', { value: asset5.imageUri });
 new cdk.CfnOutput(stack, 'ImageUri6', { value: asset6.imageUri });
 new cdk.CfnOutput(stack, 'ImageUri7', { value: asset7.imageUri });
 new cdk.CfnOutput(stack, 'ImageUri8', { value: asset8.imageUri });
+new cdk.CfnOutput(stack, 'ImageUri9', { value: asset9.imageUri });
 
 app.synth();

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/README.md

@@ -1591,6 +1591,8 @@ it in the constructor. Then add the Capacity Provider to the cluster. Finally,
 you can refer to the Provider by its name in your service's or task's Capacity
 Provider strategy.
 
+> **Note**: Cross-stack capacity provider registration is not supported. The ECS cluster and its capacity providers must be created in the same stack to avoid circular dependency issues.
+
 By default, Auto Scaling Group Capacity Providers will manage the scale-in and
 scale-out behavior of the auto scaling group based on the load your tasks put on
 the cluster, this is called [Managed Scaling](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/asg-capacity-providers.html#asg-capacity-providers-managed-scaling). If you'd
@@ -1657,6 +1659,150 @@ new ecs.Ec2Service(this, 'EC2Service', {
 });
 ```
 
+### Managed Instances Capacity Providers
+
+Managed Instances Capacity Providers allow you to use AWS-managed EC2 instances for your ECS tasks while providing more control over instance selection than standard Fargate. AWS handles the instance lifecycle, patching, and maintenance while you can specify detailed instance requirements. You can  define detailed instance requirements to control which types of instances are used for your workloads.
+
+See [ECS documentation for Managed Instances Capacity Provider](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/managed-instances-capacity-providers-concept.html) for more documentation.
+
+```ts
+declare const vpc: ec2.Vpc;
+declare const infrastructureRole: iam.Role;
+declare const instanceProfile: iam.InstanceProfile;
+
+const cluster = new ecs.Cluster(this, 'Cluster', { vpc });
+
+// Create a Managed Instances Capacity Provider
+const miCapacityProvider = new ecs.ManagedInstancesCapacityProvider(this, 'MICapacityProvider', {
+  infrastructureRole,
+  ec2InstanceProfile: instanceProfile,
+  subnets: vpc.privateSubnets,
+  securityGroups: [new ec2.SecurityGroup(this, 'MISecurityGroup', { vpc })],
+  instanceRequirements: {
+    vCpuCountMin: 1,
+    memoryMin: Size.gibibytes(2),
+    cpuManufacturers: [ec2.CpuManufacturer.INTEL],
+    acceleratorManufacturers: [ec2.AcceleratorManufacturer.NVIDIA],
+  },
+  propagateTags: ecs.PropagateManagedInstancesTags.CAPACITY_PROVIDER,
+});
+
+// Optionally configure security group rules using IConnectable interface
+miCapacityProvider.connections.allowFrom(ec2.Peer.ipv4(vpc.vpcCidrBlock), ec2.Port.tcp(80));
+
+// Add the capacity provider to the cluster
+cluster.addManagedInstancesCapacityProvider(miCapacityProvider);
+
+const taskDefinition = new ecs.TaskDefinition(this, 'TaskDef', {
+  memoryMiB: '512',
+  cpu: '256',
+  networkMode: ecs.NetworkMode.AWS_VPC,
+  compatibility: ecs.Compatibility.MANAGED_INSTANCES,
+});
+
+taskDefinition.addContainer('web', {
+  image: ecs.ContainerImage.fromRegistry('amazon/amazon-ecs-sample'),
+  memoryReservationMiB: 256,
+});
+
+new ecs.FargateService(this, 'FargateService', {
+  cluster,
+  taskDefinition,
+  minHealthyPercent: 100,
+  capacityProviderStrategies: [
+    {
+      capacityProvider: miCapacityProvider.capacityProviderName,
+      weight: 1,
+    },
+  ],
+});
+```
+
+You can specify detailed instance requirements to control which types of instances are used:
+
+```ts
+declare const infrastructureRole: iam.Role;
+declare const instanceProfile: iam.InstanceProfile;
+declare const vpc: ec2.Vpc;
+
+const miCapacityProvider = new ecs.ManagedInstancesCapacityProvider(this, 'MICapacityProvider', {
+  infrastructureRole,
+  ec2InstanceProfile: instanceProfile,
+  subnets: vpc.privateSubnets,
+  instanceRequirements: {
+    // Required: CPU and memory constraints
+    vCpuCountMin: 2,
+    vCpuCountMax: 8,
+    memoryMin: Size.gibibytes(4),
+    memoryMax: Size.gibibytes(32),
+    
+    // CPU preferences
+    cpuManufacturers: [ec2.CpuManufacturer.INTEL, ec2.CpuManufacturer.AMD],
+    instanceGenerations: [ec2.InstanceGeneration.CURRENT],
+    
+    // Instance type filtering
+    allowedInstanceTypes: ['m5.*', 'c5.*'],
+    
+    // Performance characteristics
+    burstablePerformance: ec2.BurstablePerformance.EXCLUDED,
+    bareMetal: ec2.BareMetal.EXCLUDED,
+    
+    // Accelerator requirements (for ML/AI workloads)
+    acceleratorTypes: [ec2.AcceleratorType.GPU],
+    acceleratorManufacturers: [ec2.AcceleratorManufacturer.NVIDIA],
+    acceleratorNames: [ec2.AcceleratorName.T4, ec2.AcceleratorName.V100],
+    acceleratorCountMin: 1,
+    
+    // Storage requirements
+    localStorage: ec2.LocalStorage.REQUIRED,
+    localStorageTypes: [ec2.LocalStorageType.SSD],
+    totalLocalStorageGBMin: 100,
+    
+    // Network requirements
+    networkInterfaceCountMin: 2,
+    networkBandwidthGbpsMin: 10,
+    
+    // Cost optimization
+    onDemandMaxPricePercentageOverLowestPrice: 10,
+  },
+});
+
+```
+#### Note: Service Replacement When Migrating from LaunchType to CapacityProviderStrategy
+
+**Understanding the Limitation**
+
+The ECS [CreateService API](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_CreateService.html#ECS-CreateService-request-launchType) does not allow specifying both `launchType` and `capacityProviderStrategies` simultaneously. When you specify `capacityProviderStrategies`, the CDK uses those capacity providers instead of a launch type. This is a limitation of the ECS API and CloudFormation, not a CDK bug.
+
+**Impact on Updates**
+
+Because `launchType` is immutable during updates, switching from `launchType` to `capacityProviderStrategies` requires CloudFormation to replace the service. This means your existing service will be deleted and recreated with the new configuration. This behavior is expected and reflects the underlying API constraints.
+
+**Workaround**
+
+While we work on a long-term solution, you can use the following [escape hatch](https://docs.aws.amazon.com/cdk/v2/guide/cfn-layer.html) to preserve your service during the migration:
+
+```ts
+declare const cluster: ecs.Cluster;
+declare const taskDefinition: ecs.TaskDefinition;
+declare const miCapacityProvider: ecs.ManagedInstancesCapacityProvider;
+
+const service = new ecs.FargateService(this, 'Service', {
+  cluster,
+  taskDefinition,
+  capacityProviderStrategies: [
+    {
+      capacityProvider: miCapacityProvider.capacityProviderName,
+      weight: 1,
+    },
+  ],
+});
+
+// Escape hatch: Force launchType at the CloudFormation level to prevent service replacement
+const cfnService = service.node.defaultChild as ecs.CfnService;
+cfnService.launchType = 'FARGATE'; // or 'FARGATE_SPOT' depending on your capacity provider
+```
+
 ### Cluster Default Provider Strategy
 
 A capacity provider strategy determines whether ECS tasks are launched on EC2 instances or Fargate/Fargate Spot. It can be specified at the cluster, service, or task level, and consists of one or more capacity providers. You can specify an optional base and weight value for finer control of how tasks are launched. The `base` specifies a minimum number of tasks on one capacity provider, and the `weight`s of each capacity provider determine how tasks are distributed after `base` is satisfied.
@@ -1970,6 +2116,9 @@ const volumeFromSnapshot = new ecs.ServiceManagedVolume(this, 'EBSVolume', {
     snapShotId: 'snap-066877671789bd71b',
     volumeType: ec2.EbsDeviceVolumeType.GP3,
     fileSystemType: ecs.FileSystemType.XFS,
+    // Specifies the Amazon EBS Provisioned Rate for Volume Initialization.
+    // Valid range is between 100 and 300 MiB/s.
+    volumeInitializationRate: Size.mebibytes(200),
   },
 });
 
@@ -2070,7 +2219,46 @@ const service = new ecs.FargateService(this, 'FargateService', {
 });
 ```
 
-## Daemon scheduling strategy
+## ECS Native Blue/Green Deployment
+
+Amazon ECS supports native blue/green deployments that allow you to deploy new versions of your services with zero downtime. This deployment strategy creates a new set of tasks (green) alongside the existing tasks (blue), then shifts traffic from the old version to the new version.
+
+[Amazon ECS blue/green deployments](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-type-blue-green.html)
+
+```ts
+import * as lambda from 'aws-cdk-lib/aws-lambda';
+
+declare const cluster: ecs.Cluster;
+declare const taskDefinition: ecs.TaskDefinition;
+declare const lambdaHook: lambda.Function;
+declare const blueTargetGroup: elbv2.ApplicationTargetGroup;
+declare const greenTargetGroup: elbv2.ApplicationTargetGroup;
+declare const prodListenerRule: elbv2.ApplicationListenerRule;
+
+const service = new ecs.FargateService(this, 'Service', {
+  cluster,
+  taskDefinition,
+  deploymentStrategy: ecs.DeploymentStrategy.BLUE_GREEN,
+});
+
+service.addLifecycleHook(new ecs.DeploymentLifecycleLambdaTarget(lambdaHook, 'PreScaleHook', {
+  lifecycleStages: [ecs.DeploymentLifecycleStage.PRE_SCALE_UP],
+}));
+
+const target = service.loadBalancerTarget({
+  containerName: 'nginx',
+  containerPort: 80,
+  protocol: ecs.Protocol.TCP,
+  alternateTarget: new ecs.AlternateTarget('AlternateTarget', {
+    alternateTargetGroup: greenTargetGroup,
+    productionListener: ecs.ListenerRuleConfiguration.applicationListenerRule(prodListenerRule),
+  }),
+});
+
+target.attachToApplicationTargetGroup(blueTargetGroup);
+```
+
+## Daemon Scheduling Strategy
 You can specify whether service use Daemon scheduling strategy by specifying `daemon` option in Service constructs. See [differences between Daemon and Replica scheduling strategy](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs_services.html)
 
 ```ts

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.availability-zone-rebalancing.ts

@@ -3,20 +3,30 @@ import * as cdk from 'aws-cdk-lib';
 import * as ecs from 'aws-cdk-lib/aws-ecs';
 import { IntegTest } from '@aws-cdk/integ-tests-alpha';
 
-const app = new cdk.App();
+const app = new cdk.App({
+  postCliContext: {
+    '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
+    '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
+  },
+});
 const stack = new cdk.Stack(app, 'aws-ecs-integ-availability-zone-rebalancing');
 
 const vpc = new ec2.Vpc(stack, 'Vpc', { maxAzs: 2, restrictDefaultSecurityGroup: false });
 
-const cluster = new ecs.Cluster(stack, 'Cluster', { vpc });
+const cluster = new ecs.Cluster(stack, 'EcsCluster', { vpc });
+
+cluster.addCapacity('DefaultAutoScalingGroup', {
+  instanceType: new ec2.InstanceType('t2.micro'),
+});
 
-const taskDefinition = new ecs.FargateTaskDefinition(stack, 'TaskDef');
+const taskDefinition = new ecs.Ec2TaskDefinition(stack, 'TaskDef');
 
 taskDefinition.addContainer('web', {
   image: ecs.ContainerImage.fromRegistry('amazon/amazon-ecs-sample'),
+  memoryLimitMiB: 256,
 });
 
-new ecs.FargateService(stack, 'FargateService', {
+new ecs.Ec2Service(stack, 'FrontendService', {
   cluster,
   taskDefinition,
   availabilityZoneRebalancing: ecs.AvailabilityZoneRebalancing.ENABLED,