konokenj.cdk-api-mcp-server 0.47.0__py3-none-any.whl → 0.49.0__py3-none-any.whl

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ec2/README.md

@@ -1306,6 +1306,21 @@ const endpoint = vpc.addClientVpnEndpoint('Endpoint', {
 });
 ```
 
+To control whether clients are automatically disconnected when the maximum session duration is reached, use the `disconnectOnSessionTimeout` prop.
+By default (`true`), clients are disconnected and must manually reconnect.
+Set to `false` to allow automatic reconnection attempts:
+
+```ts fixture=client-vpn
+const endpoint = vpc.addClientVpnEndpoint('Endpoint', {
+  cidr: '10.100.0.0/16',
+  serverCertificateArn: 'arn:aws:acm:us-east-1:123456789012:certificate/server-certificate-id',
+  clientCertificateArn: 'arn:aws:acm:us-east-1:123456789012:certificate/client-certificate-id',
+  disconnectOnSessionTimeout: false, // Allow automatic reconnection attempts
+});
+```
+
+Detail information about maximum VPN session duration timeout can be found in the [AWS documentation](https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/cvpn-working-max-duration.html).
+
 ## Instances
 
 You can use the `Instance` class to start up a single EC2 instance. For production setups, we recommend

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ec2/integ.client-vpn-endpoint-disconnect-on-session-timeout.ts

@@ -0,0 +1,65 @@
+import { App, RemovalPolicy, Stack, StackProps, UnscopedValidationError } from 'aws-cdk-lib';
+import * as acm from 'aws-cdk-lib/aws-certificatemanager';
+import * as ec2 from 'aws-cdk-lib/aws-ec2';
+import * as logs from 'aws-cdk-lib/aws-logs';
+import * as route53 from 'aws-cdk-lib/aws-route53';
+import { IntegTest } from '@aws-cdk/integ-tests-alpha';
+import { Construct } from 'constructs';
+
+/**
+ * In order to test this you need to have a valid public hosted zone that you can use
+ * to validate the domain identity.
+ */
+const hostedZoneId = process.env.CDK_INTEG_HOSTED_ZONE_ID ?? process.env.HOSTED_ZONE_ID;
+if (!hostedZoneId) throw new UnscopedValidationError('For this test you must provide your own HostedZoneId as an env var "HOSTED_ZONE_ID". See framework-integ/README.md for details.');
+const hostedZoneName = process.env.CDK_INTEG_HOSTED_ZONE_NAME ?? process.env.HOSTED_ZONE_NAME;
+if (!hostedZoneName) throw new UnscopedValidationError('For this test you must provide your own HostedZoneName as an env var "HOSTED_ZONE_NAME". See framework-integ/README.md for details.');
+
+interface TestStackProps extends StackProps {
+  hostedZoneId: string;
+  hostedZoneName: string;
+}
+
+class TestStack extends Stack {
+  constructor(scope: Construct, id: string, props: TestStackProps) {
+    super(scope, id, props);
+
+    const hostedZone = route53.PublicHostedZone.fromHostedZoneAttributes(this, 'HostedZone', {
+      hostedZoneId: props.hostedZoneId,
+      zoneName: props.hostedZoneName,
+    });
+
+    const serverCertificate = new acm.Certificate(this, 'Certificate', {
+      domainName: `server.${props.hostedZoneName}`,
+      validation: acm.CertificateValidation.fromDns(hostedZone),
+    });
+    const clientCertificate = new acm.Certificate(this, 'ClientCertificate', {
+      domainName: `client.${props.hostedZoneName}`,
+      validation: acm.CertificateValidation.fromDns(hostedZone),
+    });
+
+    const vpc = new ec2.Vpc(this, 'Vpc', { maxAzs: 2, natGateways: 0 });
+
+    const logGroup = new logs.LogGroup(this, 'LogGroup', {
+      removalPolicy: RemovalPolicy.DESTROY,
+    });
+
+    vpc.addClientVpnEndpoint('Endpoint', {
+      cidr: '10.100.0.0/16',
+      serverCertificateArn: serverCertificate.certificateArn,
+      clientCertificateArn: clientCertificate.certificateArn,
+      logGroup,
+      disconnectOnSessionTimeout: false,
+    });
+  }
+}
+
+const app = new App();
+new IntegTest(app, 'client-vpn-endpoint-integ', {
+  testCases: [
+    new TestStack(app, 'client-vpn-endpoint-stack', {
+      hostedZoneId,
+      hostedZoneName,
+    }),
+  ],
+});

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/README.md

@@ -1659,6 +1659,107 @@ new ecs.Ec2Service(this, 'EC2Service', {
 });
 ```
 
+### Managed Instances Capacity Providers
+
+Managed Instances Capacity Providers allow you to use AWS-managed EC2 instances for your ECS tasks while providing more control over instance selection than standard Fargate. AWS handles the instance lifecycle, patching, and maintenance while you can specify detailed instance requirements.
+
+To create a Managed Instances Capacity Provider, you need to specify the required EC2 instance profile, and networking configuration. You can also define detailed instance requirements to control which types of instances are used for your workloads.
+
+```ts
+declare const vpc: ec2.Vpc;
+declare const infrastructureRole: iam.Role;
+declare const instanceProfile: iam.InstanceProfile;
+
+const cluster = new ecs.Cluster(this, 'Cluster', { vpc });
+
+// Create a Managed Instances Capacity Provider
+const miCapacityProvider = new ecs.ManagedInstancesCapacityProvider(this, 'MICapacityProvider', {
+  infrastructureRole,
+  ec2InstanceProfile: instanceProfile,
+  subnets: vpc.privateSubnets,
+  securityGroups: [new ec2.SecurityGroup(this, 'MISecurityGroup', { vpc })],
+  instanceRequirements: {
+    vCpuCountMin: 1,
+    memoryMin: Size.gibibytes(2),
+    cpuManufacturers: [ec2.CpuManufacturer.INTEL],
+    acceleratorManufacturers: [ec2.AcceleratorManufacturer.NVIDIA],
+  },
+  propagateTags: ecs.PropagateManagedInstancesTags.CAPACITY_PROVIDER,
+});
+
+// Add the capacity provider to the cluster
+cluster.addManagedInstancesCapacityProvider(miCapacityProvider);
+
+const taskDefinition = new ecs.Ec2TaskDefinition(this, 'TaskDef');
+
+taskDefinition.addContainer('web', {
+  image: ecs.ContainerImage.fromRegistry('amazon/amazon-ecs-sample'),
+  memoryReservationMiB: 256,
+});
+
+new ecs.Ec2Service(this, 'EC2Service', {
+  cluster,
+  taskDefinition,
+  minHealthyPercent: 100,
+  capacityProviderStrategies: [
+    {
+      capacityProvider: miCapacityProvider.capacityProviderName,
+      weight: 1,
+    },
+  ],
+});
+```
+
+You can specify detailed instance requirements to control which types of instances are used:
+
+```ts
+declare const infrastructureRole: iam.Role;
+declare const instanceProfile: iam.InstanceProfile;
+declare const vpc: ec2.Vpc;
+
+const miCapacityProvider = new ecs.ManagedInstancesCapacityProvider(this, 'MICapacityProvider', {
+  infrastructureRole,
+  ec2InstanceProfile: instanceProfile,
+  subnets: vpc.privateSubnets,
+  instanceRequirements: {
+    // Required: CPU and memory constraints
+    vCpuCountMin: 2,
+    vCpuCountMax: 8,
+    memoryMin: Size.gibibytes(4),
+    memoryMax: Size.gibibytes(32),
+    
+    // CPU preferences
+    cpuManufacturers: [ec2.CpuManufacturer.INTEL, ec2.CpuManufacturer.AMD],
+    instanceGenerations: [ec2.InstanceGeneration.CURRENT],
+    
+    // Instance type filtering
+    allowedInstanceTypes: ['m5.*', 'c5.*'],
+    
+    // Performance characteristics
+    burstablePerformance: ec2.BurstablePerformance.EXCLUDED,
+    bareMetal: ec2.BareMetal.EXCLUDED,
+    
+    // Accelerator requirements (for ML/AI workloads)
+    acceleratorTypes: [ec2.AcceleratorType.GPU],
+    acceleratorManufacturers: [ec2.AcceleratorManufacturer.NVIDIA],
+    acceleratorNames: [ec2.AcceleratorName.T4, ec2.AcceleratorName.V100],
+    acceleratorCountMin: 1,
+    
+    // Storage requirements
+    localStorage: ec2.LocalStorage.REQUIRED,
+    localStorageTypes: [ec2.LocalStorageType.SSD],
+    totalLocalStorageGBMin: 100,
+    
+    // Network requirements
+    networkInterfaceCountMin: 2,
+    networkBandwidthGbpsMin: 10,
+    
+    // Cost optimization
+    onDemandMaxPricePercentageOverLowestPrice: 10,
+  },
+});
+```
+
 ### Cluster Default Provider Strategy
 
 A capacity provider strategy determines whether ECS tasks are launched on EC2 instances or Fargate/Fargate Spot. It can be specified at the cluster, service, or task level, and consists of one or more capacity providers. You can specify an optional base and weight value for finer control of how tasks are launched. The `base` specifies a minimum number of tasks on one capacity provider, and the `weight`s of each capacity provider determine how tasks are distributed after `base` is satisfied.

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.managedinstances-capacity-provider.ts

@@ -0,0 +1,112 @@
+import * as ec2 from 'aws-cdk-lib/aws-ec2';
+import * as iam from 'aws-cdk-lib/aws-iam';
+import * as cdk from 'aws-cdk-lib';
+import * as ecs from 'aws-cdk-lib/aws-ecs';
+import * as integ from '@aws-cdk/integ-tests-alpha';
+
+const app = new cdk.App({
+  postCliContext: {
+    '@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm': true,
+    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
+    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
+  },
+});
+const stack = new cdk.Stack(app, 'integ-managedinstances-capacity-provider');
+
+const vpc = new ec2.Vpc(stack, 'Vpc', { maxAzs: 2, restrictDefaultSecurityGroup: false });
+const cluster = new ecs.Cluster(stack, 'ManagedInstancesCluster', {
+  vpc,
+  enableFargateCapacityProviders: true,
+});
+
+// Create IAM roles required for FMI following Omakase specifications
+const infrastructureRole = new iam.Role(stack, 'InfrastructureRole', {
+  roleName: 'AmazonECSInfrastructureRoleForOmakase',
+  assumedBy: new iam.ServicePrincipal('ecs.amazonaws.com'),
+  managedPolicies: [
+    iam.ManagedPolicy.fromAwsManagedPolicyName('AdministratorAccess'),
+  ],
+});
+
+const instanceRole = new iam.Role(stack, 'InstanceRole', {
+  roleName: 'AmazonECSInstanceRoleForOmakase',
+  assumedBy: new iam.ServicePrincipal('ec2.amazonaws.com'),
+  managedPolicies: [
+    iam.ManagedPolicy.fromAwsManagedPolicyName('AdministratorAccess'),
+  ],
+});
+
+const instanceProfile = new iam.InstanceProfile(stack, 'InstanceProfile', {
+  instanceProfileName: 'AmazonECSInstanceRoleForOmakase',
+  role: instanceRole,
+});
+
+// Create a security group for FMI instances
+const fmiSecurityGroup = new ec2.SecurityGroup(stack, 'ManagedInstancesSecurityGroup', {
+  vpc,
+  description: 'Security group for ManagedInstances capacity provider instances',
+  allowAllOutbound: true,
+});
+
+// Create MI Capacity Provider
+const miCapacityProvider = new ecs.ManagedInstancesCapacityProvider(stack, 'ManagedInstancesCapacityProvider', {
+  infrastructureRole: infrastructureRole,
+  ec2InstanceProfile: instanceProfile,
+  subnets: vpc.privateSubnets,
+  securityGroups: [fmiSecurityGroup],
+  propagateTags: ecs.PropagateManagedInstancesTags.CAPACITY_PROVIDER,
+  instanceRequirements: {
+    vCpuCountMin: 1,
+    memoryMin: cdk.Size.gibibytes(2),
+    cpuManufacturers: [ec2.CpuManufacturer.INTEL],
+    acceleratorManufacturers: [ec2.AcceleratorManufacturer.NVIDIA],
+  },
+});
+
+// Add FMI capacity provider to cluster
+cluster.addManagedInstancesCapacityProvider(miCapacityProvider);
+cluster.addDefaultCapacityProviderStrategy([
+  {
+    capacityProvider: miCapacityProvider.capacityProviderName,
+    weight: 1,
+  },
+]);
+
+// Create a task definition compatible with Managed Instances and Fargate
+const taskDefinition = new ecs.TaskDefinition(stack, 'TaskDef', {
+  compatibility: ecs.Compatibility.FARGATE_AND_MANAGED_INSTANCES,
+  cpu: '256',
+  memoryMiB: '512',
+  networkMode: ecs.NetworkMode.AWS_VPC,
+});
+
+taskDefinition.addContainer('web', {
+  image: ecs.ContainerImage.fromRegistry('public.ecr.aws/docker/library/httpd:2.4'),
+  memoryLimitMiB: 512,
+  portMappings: [
+    {
+      containerPort: 80,
+      protocol: ecs.Protocol.TCP,
+    },
+  ],
+});
+
+// Create a service using the MI capacity provider
+new ecs.FargateService(stack, 'ManagedInstancesService', {
+  cluster,
+  taskDefinition,
+  capacityProviderStrategies: [
+    {
+      capacityProvider: miCapacityProvider.capacityProviderName,
+      weight: 1,
+    },
+  ],
+  desiredCount: 1,
+});
+
+new integ.IntegTest(app, 'ManagedInstancesCapacityProviders', {
+  testCases: [stack],
+  regions: ['us-west-2'],
+});
+
+app.synth();

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/README.md

@@ -147,6 +147,26 @@ new eks.Cluster(this, 'HelloEKS', {
 });
 ```
 
+You can control what happens to the resources created by the cluster construct when they are no longer managed by CloudFormation by specifying a `removalPolicy`.
+
+This can happen in one of three situations:
+- The resource is removed from the template, so CloudFormation stops managing it;
+- A change to the resource is made that requires it to be replaced, so CloudFormation stops managing it;
+- The stack is deleted, so CloudFormation stops managing all resources in it.
+
+This affects the EKS cluster itself, the custom resource that created the cluster, associated IAM roles, node groups, security groups, VPC and any other CloudFormation resources managed by this construct.
+
+```ts
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
+import * as core from 'aws-cdk-lib/core';
+
+new eks.Cluster(this, 'HelloEKS', {
+  version: eks.KubernetesVersion.V1_33,
+  kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
+  removalPolicy: core.RemovalPolicy.RETAIN, // Keep all resources created by the construct.
+});
+```
+
 You can also use `FargateCluster` to provision a cluster that uses only fargate workers.
 
 ```ts

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.eks-cluster-removal-policy.ts

@@ -0,0 +1,31 @@
+/// !cdk-integ pragma:disable-update-workflow
+import { App, RemovalPolicy, Stack, StackProps } from 'aws-cdk-lib';
+import * as integ from '@aws-cdk/integ-tests-alpha';
+import { getClusterVersionConfig } from './integ-tests-kubernetes-version';
+import * as eks from 'aws-cdk-lib/aws-eks';
+
+/**
+ * This test just checks that all resources can be deployed with a removal policy.
+ * We use the DESTROY policy here to avoid leaving orphaned resources behind, but if it works for DESTROY, it should work for other values as well.
+ */
+class EksClusterRemovalPolicyStack extends Stack {
+  constructor(scope: App, id: string, props?: StackProps) {
+    super(scope, id, props);
+
+    new eks.Cluster(this, 'Cluster', {
+      ...getClusterVersionConfig(this, eks.KubernetesVersion.V1_32),
+      removalPolicy: RemovalPolicy.DESTROY,
+    });
+  }
+}
+
+const app = new App();
+
+const stack = new EksClusterRemovalPolicyStack(app, 'EksClusterRemovalPolicyStack');
+
+new integ.IntegTest(app, 'eks-cluster-removal-policy-integ', {
+  testCases: [stack],
+  diffAssets: false,
+});
+
+app.synth();

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-kinesis/README.md

@@ -15,6 +15,7 @@ intake and aggregation.
     - [Write Permissions](#write-permissions)
     - [Custom Permissions](#custom-permissions)
   - [Metrics](#metrics)
+    - [Shard-level Metrics](#shard-level-metrics)
 - [Stream Consumers](#stream-consumers)
   - [Read Permissions](#read-permissions-1)
 - [Resource Policy](#resource-policy)
@@ -191,6 +192,47 @@ stream.metricGetRecordsSuccess();
 stream.metricGetRecordsSuccess({ statistic: 'Maximum' });
 ```
 
+#### Shard-level Metrics
+
+You can enable enhanced shard-level metrics for your Kinesis stream to get detailed monitoring of individual shards. Shard-level metrics provide more granular insights into the performance and health of your stream.
+
+```ts
+const stream = new kinesis.Stream(this, 'MyStream', {
+  shardLevelMetrics: [kinesis.ShardLevelMetrics.ALL],
+});
+```
+
+You can also specify individual metrics that you want to monitor:
+
+```ts
+const stream = new kinesis.Stream(this, 'MyStream', {
+  shardLevelMetrics: [
+    kinesis.ShardLevelMetrics.INCOMING_BYTES,
+    kinesis.ShardLevelMetrics.INCOMING_RECORDS,
+    kinesis.ShardLevelMetrics.ITERATOR_AGE_MILLISECONDS,
+    kinesis.ShardLevelMetrics.OUTGOING_BYTES,
+    kinesis.ShardLevelMetrics.OUTGOING_RECORDS,
+    kinesis.ShardLevelMetrics.READ_PROVISIONED_THROUGHPUT_EXCEEDED,
+    kinesis.ShardLevelMetrics.WRITE_PROVISIONED_THROUGHPUT_EXCEEDED,
+  ],
+});
+```
+
+Available shard-level metrics include:
+
+- `INCOMING_BYTES` - The number of bytes successfully put to the shard
+- `INCOMING_RECORDS` - The number of records successfully put to the shard
+- `ITERATOR_AGE_MILLISECONDS` - The age of the last record in all GetRecords calls made against a shard
+- `OUTGOING_BYTES` - The number of bytes retrieved from the shard
+- `OUTGOING_RECORDS` - The number of records retrieved from the shard
+- `READ_PROVISIONED_THROUGHPUT_EXCEEDED` - The number of GetRecords calls throttled for the shard
+- `WRITE_PROVISIONED_THROUGHPUT_EXCEEDED` - The number of records rejected due to throttling for the shard
+- `ALL` - All available metrics
+
+Note: You cannot specify `ALL` together with other individual metrics. If you want all metrics, use `ALL` alone.
+
+For more information about shard-level metrics, see [Monitoring the Amazon Kinesis Data Streams Service with Amazon CloudWatch](https://docs.aws.amazon.com/streams/latest/dev/monitoring-with-cloudwatch.html#kinesis-metrics-shard).
+
 ## Stream Consumers
 
 Creating stream consumers allow consumers to receive data from the stream using enhanced fan-out at a rate of up to 2 MiB per second for every shard.

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-kinesis/integ.stream-shard-level-monitoring.ts

@@ -0,0 +1,47 @@
+import { App, Stack, RemovalPolicies } from 'aws-cdk-lib';
+import * as kinesis from 'aws-cdk-lib/aws-kinesis';
+import { ExpectedResult, IntegTest } from '@aws-cdk/integ-tests-alpha';
+
+const app = new App();
+const stack = new Stack(app, 'kinesis-stream-shard-level-monitoring-stack');
+
+const explicitStream = new kinesis.Stream(stack, 'ExplicitStream', {
+  shardLevelMetrics: [
+    kinesis.ShardLevelMetrics.INCOMING_BYTES,
+    kinesis.ShardLevelMetrics.INCOMING_RECORDS,
+    kinesis.ShardLevelMetrics.ITERATOR_AGE_MILLISECONDS,
+    kinesis.ShardLevelMetrics.OUTGOING_BYTES,
+    kinesis.ShardLevelMetrics.OUTGOING_RECORDS,
+    kinesis.ShardLevelMetrics.WRITE_PROVISIONED_THROUGHPUT_EXCEEDED,
+    kinesis.ShardLevelMetrics.READ_PROVISIONED_THROUGHPUT_EXCEEDED,
+  ],
+});
+
+const allStream = new kinesis.Stream(stack, 'AllStream', {
+  shardLevelMetrics: [kinesis.ShardLevelMetrics.ALL],
+});
+
+RemovalPolicies.of(stack).destroy();
+
+const integ = new IntegTest(app, 'integ-kinesis-stream-consumer', {
+  testCases: [stack],
+});
+
+const streams = [explicitStream, allStream];
+streams.forEach((stream) => {
+  integ.assertions.awsApiCall('Kinesis', 'describeStream', {
+    StreamName: stream.streamName,
+  }).expect(ExpectedResult.objectLike({
+    StreamDescription: {
+      ShardLevelMetrics: [
+        'IncomingBytes',
+        'IncomingRecords',
+        'IteratorAgeMilliseconds',
+        'OutgoingBytes',
+        'OutgoingRecords',
+        'WriteProvisionedThroughputExceeded',
+        'ReadProvisionedThroughputExceeded',
+      ],
+    },
+  }));
+});

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda/README.md

@@ -642,6 +642,15 @@ new CfnOutput(this, 'TheUrl', {
 });
 ```
 
+### Important Function URL Permission Update - Oct 2025
+Starting Oct 2025, Function URL invocation will require two permissions
+- lambda:InvokeFunctionUrl
+- lambda:InvokeFunction (New)
+
+CDK has updated `grantInvokeUrl` and `addFunctionUrl` to add both permission above.
+
+If your existing CDK stack uses `grantInvokeUrl` or `addFunctionUrl`, your next deployment will automatically add the `lambda:InvokeFunction` permission without requiring any code changes. This ensures your Function URLs continue working seamlessly. No additional actions are needed.
+
 ### CORS configuration for Function URLs
 
 If you want your Function URLs to be invokable from a web page in browser, you

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-logs/README.md

@@ -545,6 +545,10 @@ new logs.Transformer(this, 'Transformer', {
 
 For more details on CloudWatch Logs transformation processors, refer to the [AWS documentation](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation-Processors.html).
 
+### Usage of metric filters on transformed logs
+
+In order to use the transformed logs as search pattern, set the parameter `applyOnTransformedLogs: true` in the MetricFilterProps.
+
 ## Notes
 
 Be aware that Log Group ARNs will always have the string `:*` appended to

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-logs/integ.metricfilter-apply-on-transformed-logs.ts

@@ -0,0 +1,29 @@
+import { App, RemovalPolicy, Stack, StackProps } from 'aws-cdk-lib';
+import { IntegTest } from '@aws-cdk/integ-tests-alpha';
+import { FilterPattern, LogGroup, MetricFilter } from 'aws-cdk-lib/aws-logs';
+
+class TestStack extends Stack {
+  constructor(scope: App, id: string, props?: StackProps) {
+    super(scope, id, props);
+
+    const logGroup = new LogGroup(this, 'LogGroup', {
+      removalPolicy: RemovalPolicy.DESTROY,
+    });
+
+    new MetricFilter(this, 'MetricFilter', {
+      logGroup,
+      metricNamespace: 'MyApp',
+      metricName: 'Latency',
+      filterPattern: FilterPattern.exists('$.latency'),
+      applyOnTransformedLogs: true,
+    });
+  }
+}
+
+const app = new App();
+const testCase = new TestStack(app, 'aws-cdk-metricfilter-apply-on-transformed-logs-integ');
+
+new IntegTest(app, 'metricfilter-apply-on-transformed-logs', {
+  testCases: [testCase],
+});
+app.synth();

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-opensearchservice/integ.opensearch.min.ts

@@ -11,6 +11,7 @@ class TestStack extends Stack {
       opensearch.EngineVersion.OPENSEARCH_2_13,
       opensearch.EngineVersion.OPENSEARCH_2_15,
       opensearch.EngineVersion.OPENSEARCH_2_17,
+      opensearch.EngineVersion.OPENSEARCH_3_1,
     ];
 
     // deploy opensearch domain with minimal configuration

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-route53/README.md

@@ -558,6 +558,18 @@ const zoneFromAttributes = route53.PublicHostedZone.fromPublicHostedZoneAttribut
 const zoneFromId = route53.PublicHostedZone.fromPublicHostedZoneId(this, 'MyZone', 'ZOJJZC49E0EPZ');
 ```
 
+You can import a Private Hosted Zone with `PrivateHostedZone.fromPrivateHostedZoneId` and `PrivateHostedZone.fromPrivateHostedZoneAttributes` methods:
+
+```ts
+const privateZoneFromAttributes = route53.PrivateHostedZone.fromPrivateHostedZoneAttributes(this, 'MyPrivateZone', {
+  zoneName: 'example.local',
+  hostedZoneId: 'ZOJJZC49E0EPZ',
+});
+
+// Does not know zoneName  
+const privateZoneFromId = route53.PrivateHostedZone.fromPrivateHostedZoneId(this, 'MyPrivateZone', 'ZOJJZC49E0EPZ');
+```
+
 You can use `CrossAccountZoneDelegationRecord` on imported Hosted Zones with the `grantDelegation` method:
 
 ```ts

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-route53/integ.private-hosted-zone-from-attributes.ts

@@ -0,0 +1,41 @@
+import * as ec2 from 'aws-cdk-lib/aws-ec2';
+import * as cdk from 'aws-cdk-lib';
+import * as route53 from 'aws-cdk-lib/aws-route53';
+import { PrivateHostedZone } from 'aws-cdk-lib/aws-route53';
+import { ExpectedResult, IntegTest } from '@aws-cdk/integ-tests-alpha';
+
+const app = new cdk.App();
+
+const stack = new cdk.Stack(app, 'aws-cdk-route53-integ');
+
+const vpc = new ec2.Vpc(stack, 'VPC', { maxAzs: 1, restrictDefaultSecurityGroup: false });
+
+const privateZone = new PrivateHostedZone(stack, 'PrivateZone', {
+  zoneName: 'aws-cdk.dev', vpc,
+});
+
+const expectPrivateHostedZone = route53.PrivateHostedZone.fromHostedZoneAttributes(stack, 'ExpectPrivateHostedZone', {
+  hostedZoneId: privateZone.hostedZoneId,
+  zoneName: privateZone.zoneName,
+});
+
+const integTest = new IntegTest(app, 'AwsCdkRoute53IntegTest', {
+  testCases: [stack],
+  diffAssets: false,
+});
+
+const hostedZoneApiCall = integTest.assertions.awsApiCall('Route53', 'getHostedZone', {
+  Id: expectPrivateHostedZone.hostedZoneId,
+});
+
+hostedZoneApiCall.expect(
+  ExpectedResult.objectLike({
+    HostedZone: {
+      Id: expectPrivateHostedZone.hostedZoneId,
+      Name: expectPrivateHostedZone.zoneName,
+    },
+  }),
+);
+
+app.synth();
+

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-synthetics/README.md

@@ -267,7 +267,7 @@ new synthetics.Canary(this, 'Bucket Canary', {
 ```
 
 > **Note:** Synthetics have a specified folder structure for canaries.
-> For Node with puppeteer scripts supplied via `code.fromAsset()` or `code.fromBucket()`, the canary resource requires the following folder structure:
+> For Node with puppeteer scripts supplied via `code.fromAsset()` or `code.fromBucket()`, the canary resource requires the following folder structure for runtime versions older than `syn-nodejs-puppeteer-11.0`:
 >
 > ```plaintext
 > canary/
@@ -276,6 +276,22 @@ new synthetics.Canary(this, 'Bucket Canary', {
 >         ├── <filename>.js
 > ```
 >
+> For puppeteer based runtime versions newer than or equal to `syn-nodejs-puppeteer-11.0`, `nodjs/node_modules` is not necessary but supported. 
+>
+> Both
+> ```plaintext
+> canary/
+> ├── nodejs/
+>    ├── node_modules/
+>         ├── <filename>.js
+> ```
+> And 
+> ```plaintext
+> canary/
+>  ├── <filename>.js
+> ```
+> are supported.
+>
 > For Node with playwright scripts supplied via `code.fromAsset()` or `code.fromBucket()`, the canary resource requires the following folder structure:
 >
 > ```plaintext

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-synthetics/integ.canary-runtime-validation.ts

@@ -0,0 +1,43 @@
+import * as path from 'node:path';
+import { App, Duration, Size, Stack, StackProps } from 'aws-cdk-lib/core';
+import { IntegTest } from '@aws-cdk/integ-tests-alpha';
+import { Construct } from 'constructs';
+import * as synthetics from 'aws-cdk-lib/aws-synthetics';
+
+class TestStack extends Stack {
+  public puppeteer11RootCanary: synthetics.Canary;
+  public puppeteer11NodeModulesCanary: synthetics.Canary;
+
+  constructor(scope: Construct, id: string, props?: StackProps) {
+    super(scope, id, props);
+
+    // Test puppeteer 11.0+ with root-level files only
+    this.puppeteer11RootCanary = new synthetics.Canary(this, 'Puppeteer11RootCanary', {
+      runtime: synthetics.Runtime.SYNTHETICS_NODEJS_PUPPETEER_11_0,
+      test: synthetics.Test.custom({
+        handler: 'canary.handler',
+        code: synthetics.Code.fromAsset(path.join(__dirname, 'canaries-runtime-validation', 'root-only')),
+      }),
+      memory: Size.mebibytes(1024),
+      timeout: Duration.minutes(2),
+    });
+
+    // Test puppeteer 11.0+ also supports nodejs/node_modules structure
+    this.puppeteer11NodeModulesCanary = new synthetics.Canary(this, 'Puppeteer11NodeModulesCanary', {
+      runtime: synthetics.Runtime.SYNTHETICS_NODEJS_PUPPETEER_11_0,
+      test: synthetics.Test.custom({
+        handler: 'canary.handler',
+        code: synthetics.Code.fromAsset(path.join(__dirname, 'canaries')),
+      }),
+      memory: Size.mebibytes(1024),
+      timeout: Duration.minutes(2),
+    });
+  }
+}
+
+const app = new App();
+const testStack = new TestStack(app, 'SyntheticsCanaryRuntimeValidationStack');
+
+new IntegTest(app, 'SyntheticsCanaryRuntimeValidation', {
+  testCases: [testStack],
+});