konokenj.cdk-api-mcp-server 0.65.0__py3-none-any.whl → 0.66.0__py3-none-any.whl

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs-patterns/integ.healthchecks-multiple-network-load-balanced-ecs-service.ts

@@ -1,14 +1,12 @@
 import { InstanceType, Vpc, Peer, Port, SecurityGroup } from 'aws-cdk-lib/aws-ec2';
 import { AsgCapacityProvider, Cluster, ContainerImage, EcsOptimizedImage } from 'aws-cdk-lib/aws-ecs';
 import { AutoScalingGroup } from 'aws-cdk-lib/aws-autoscaling';
-import { App, Stack } from 'aws-cdk-lib';
+import { App, Stack, CfnResource } from 'aws-cdk-lib';
 import { IntegTest } from '@aws-cdk/integ-tests-alpha';
 import { NetworkMultipleTargetGroupsEc2Service } from 'aws-cdk-lib/aws-ecs-patterns';
 
 const app = new App({
   postCliContext: {
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
   },
 });
 const stack = new Stack(app, 'aws-ecs-integ-nlb-healthchecks');
@@ -19,6 +17,13 @@ const securityGroup = new SecurityGroup(stack, 'MyAutoScalingGroupSG', {
   allowAllOutbound: true,
 });
 securityGroup.addIngressRule(Peer.anyIpv4(), Port.tcpRange(32768, 65535));
+
+// Suppress security guardian rule for intentional test setup
+const cfnSecurityGroup = securityGroup.node.defaultChild as CfnResource;
+cfnSecurityGroup.addMetadata('guard', {
+  SuppressedRules: ['EC2_NO_OPEN_SECURITY_GROUPS'],
+});
+
 const provider = new AsgCapacityProvider(stack, 'MyProvider', {
   autoScalingGroup: new AutoScalingGroup(stack, 'MyAutoScalingGroup', {
     vpc,

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs-patterns/integ.multiple-application-load-balanced-ecs-service-idle-timeout.ts

@@ -3,7 +3,7 @@ import { InstanceType, Vpc } from 'aws-cdk-lib/aws-ec2';
 import { Cluster, ContainerImage } from 'aws-cdk-lib/aws-ecs';
 import { ApplicationProtocol, SslPolicy } from 'aws-cdk-lib/aws-elasticloadbalancingv2';
 import { PublicHostedZone } from 'aws-cdk-lib/aws-route53';
-import { App, Duration, Stack } from 'aws-cdk-lib';
+import { App, Duration, Stack, CfnResource } from 'aws-cdk-lib';
 import * as integ from '@aws-cdk/integ-tests-alpha';
 import { ApplicationMultipleTargetGroupsEc2Service } from 'aws-cdk-lib/aws-ecs-patterns';
 import { AUTOSCALING_GENERATE_LAUNCH_TEMPLATE } from 'aws-cdk-lib/cx-api';
@@ -13,8 +13,6 @@ const app = new App({
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
     '@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm': false,
     '@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });
@@ -26,7 +24,7 @@ const cluster = new Cluster(stack, 'Cluster', { vpc });
 cluster.addCapacity('DefaultAutoScalingGroup', { instanceType: new InstanceType('t2.micro') });
 
 // Two load balancers with different idle timeouts.
-new ApplicationMultipleTargetGroupsEc2Service(stack, 'myService', {
+const service = new ApplicationMultipleTargetGroupsEc2Service(stack, 'myService', {
   cluster,
   memoryLimitMiB: 256,
   taskImageOptions: {
@@ -87,6 +85,16 @@ new ApplicationMultipleTargetGroupsEc2Service(stack, 'myService', {
   ],
 });
 
+// Suppress security guardian rule for ALB default behavior (open: true)
+service.loadBalancers.forEach(lb => {
+  lb.connections.securityGroups.forEach(sg => {
+    const cfnSg = sg.node.defaultChild as CfnResource;
+    cfnSg.addMetadata('guard', {
+      SuppressedRules: ['EC2_NO_OPEN_SECURITY_GROUPS'],
+    });
+  });
+});
+
 new integ.IntegTest(app, 'multiAlbEcsEc2Test', {
   testCases: [stack],
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs-patterns/integ.multiple-application-load-balanced-ecs-service.ts

@@ -1,6 +1,6 @@
 import { InstanceType, Vpc } from 'aws-cdk-lib/aws-ec2';
 import { Cluster, ContainerImage, Ec2TaskDefinition } from 'aws-cdk-lib/aws-ecs';
-import { App, Stack } from 'aws-cdk-lib';
+import { App, Stack, CfnResource } from 'aws-cdk-lib';
 import * as integ from '@aws-cdk/integ-tests-alpha';
 import { ApplicationMultipleTargetGroupsEc2Service } from 'aws-cdk-lib/aws-ecs-patterns';
 import { REDUCE_EC2_FARGATE_CLOUDWATCH_PERMISSIONS } from 'aws-cdk-lib/cx-api';
@@ -9,8 +9,6 @@ const app = new App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
     [REDUCE_EC2_FARGATE_CLOUDWATCH_PERMISSIONS]: false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });
@@ -32,7 +30,7 @@ taskDefinition.addContainer('web', {
 });
 
 // One load balancer with one listener and two target groups.
-new ApplicationMultipleTargetGroupsEc2Service(stack, 'myService', {
+const service = new ApplicationMultipleTargetGroupsEc2Service(stack, 'myService', {
   cluster,
   taskDefinition,
   enableExecuteCommand: true,
@@ -48,6 +46,14 @@ new ApplicationMultipleTargetGroupsEc2Service(stack, 'myService', {
   ],
 });
 
+// Suppress security guardian rule for ALB default behavior (open: true)
+service.loadBalancer.connections.securityGroups.forEach(sg => {
+  const cfnSg = sg.node.defaultChild as CfnResource;
+  cfnSg.addMetadata('guard', {
+    SuppressedRules: ['EC2_NO_OPEN_SECURITY_GROUPS'],
+  });
+});
+
 new integ.IntegTest(app, 'applicationMultipleTargetGroupsEc2ServiceTest', {
   testCases: [stack],
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs-patterns/integ.network-load-balanced-ecs-service.ts

@@ -1,15 +1,13 @@
 import { AutoScalingGroup } from 'aws-cdk-lib/aws-autoscaling';
 import { InstanceType, Vpc, SecurityGroup, Peer, Port } from 'aws-cdk-lib/aws-ec2';
 import { Cluster, ContainerImage, AsgCapacityProvider, EcsOptimizedImage } from 'aws-cdk-lib/aws-ecs';
-import { App, Stack } from 'aws-cdk-lib';
+import { App, Stack, CfnResource } from 'aws-cdk-lib';
 import * as integ from '@aws-cdk/integ-tests-alpha';
 import { NetworkLoadBalancedEc2Service } from 'aws-cdk-lib/aws-ecs-patterns';
 import { IpAddressType } from 'aws-cdk-lib/aws-elasticloadbalancingv2';
 
 const app = new App({
   postCliContext: {
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
   },
 });
 const stack = new Stack(app, 'aws-ecs-integ-nlb');
@@ -21,6 +19,12 @@ const securityGroup = new SecurityGroup(stack, 'SecurityGroup', {
 });
 securityGroup.addIngressRule(Peer.anyIpv4(), Port.tcpRange(32768, 65535));
 
+// Suppress security guardian rule for intentional test setup
+const cfnSecurityGroup = securityGroup.node.defaultChild as CfnResource;
+cfnSecurityGroup.addMetadata('guard', {
+  SuppressedRules: ['EC2_NO_OPEN_SECURITY_GROUPS'],
+});
+
 const provider1 = new AsgCapacityProvider(stack, 'FirstCapacityProvider', {
   autoScalingGroup: new AutoScalingGroup(stack, 'FirstAutoScalingGroup', {
     vpc,

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs-patterns/integ.scheduled-ecs-task.ts

@@ -8,8 +8,6 @@ import { ScheduledEc2Task } from 'aws-cdk-lib/aws-ecs-patterns';
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs-patterns/integ.tls-network-load-balanced-ecs-service.ts

@@ -14,8 +14,6 @@ if (!certArn) throw new Error('For this test you must provide your own Certifica
 const app = new App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-events-targets/README.md

@@ -718,6 +718,52 @@ rule.addTarget(new targets.RedshiftQuery(workgroup.attrWorkgroupWorkgroupArn, {
 }));
 ```
 
+## Send events to an SQS queue
+
+Use the `SqsQueue` target to send events to an SQS queue.
+
+The code snippet below creates an event rule that sends events to an SQS queue every hour:
+
+```ts
+const queue = new sqs.Queue(this, 'MyQueue');
+
+const rule = new events.Rule(this, 'Rule', {
+  schedule: events.Schedule.rate(cdk.Duration.hours(1)),
+});
+
+rule.addTarget(new targets.SqsQueue(queue));
+```
+
+### Using Message Group IDs
+
+You can specify a `messageGroupId` to ensure messages are processed in order. This parameter is required for FIFO queues and optional for standard queues:
+
+```ts
+// FIFO queue - messageGroupId required
+const fifoQueue = new sqs.Queue(this, 'MyFifoQueue', {
+  fifo: true,
+});
+
+const fifoRule = new events.Rule(this, 'FifoRule', {
+  schedule: events.Schedule.rate(cdk.Duration.hours(1)),
+});
+
+fifoRule.addTarget(new targets.SqsQueue(fifoQueue, {
+  messageGroupId: 'MyMessageGroupId',
+}));
+
+// Standard queue - messageGroupId optional (SQS Fair queue feature)
+const standardQueue = new sqs.Queue(this, 'MyStandardQueue');
+
+const standardRule = new events.Rule(this, 'StandardRule', {
+  schedule: events.Schedule.rate(cdk.Duration.hours(1)),
+});
+
+standardRule.addTarget(new targets.SqsQueue(standardQueue, {
+  messageGroupId: 'MyMessageGroupId', // Optional for standard queues
+}));
+```
+
 ## Publish to an SNS Topic
 
 Use the `SnsTopic` target to publish to an SNS Topic.

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-events-targets/integ.event-ec2-task.ts

@@ -10,8 +10,6 @@ import * as targets from 'aws-cdk-lib/aws-events-targets';
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-events-targets/integ.sqs-event-rule-target.ts

@@ -3,6 +3,7 @@ import * as kms from 'aws-cdk-lib/aws-kms';
 import * as sqs from 'aws-cdk-lib/aws-sqs';
 import * as cdk from 'aws-cdk-lib';
 import * as targets from 'aws-cdk-lib/aws-events-targets';
+import { IntegTest } from '@aws-cdk/integ-tests-alpha';
 
 // ---------------------------------
 // Define a rule that triggers an SNS topic every 1min.
@@ -23,11 +24,45 @@ const queue = new sqs.Queue(stack, 'MyQueue', {
   encryption: sqs.QueueEncryption.KMS,
   encryptionMasterKey: key,
 });
+// Suppress false positive: queue uses separate QueuePolicy resource (not inline), which is the correct pattern
+(queue.node.defaultChild as cdk.CfnResource).addMetadata('guard', {
+  SuppressedRules: ['SQS_NO_WORLD_ACCESSIBLE_INLINE'],
+});
 
-const deadLetterQueue = new sqs.Queue(stack, 'MyDeadLetterQueue');
+const deadLetterQueue = new sqs.Queue(stack, 'MyDeadLetterQueue', {
+  encryption: sqs.QueueEncryption.SQS_MANAGED,
+});
+// Suppress false positive: queue uses separate QueuePolicy resource (not inline), which is the correct pattern
+(deadLetterQueue.node.defaultChild as cdk.CfnResource).addMetadata('guard', {
+  SuppressedRules: ['SQS_NO_WORLD_ACCESSIBLE_INLINE'],
+});
 
 event.addTarget(new targets.SqsQueue(queue, {
   deadLetterQueue,
 }));
 
-app.synth();
+// Test messageGroupId support for standard (non-FIFO) queues
+const standardQueue = new sqs.Queue(stack, 'StandardQueue', {
+  encryption: sqs.QueueEncryption.SQS_MANAGED,
+});
+// Suppress false positive: queue uses separate QueuePolicy resource (not inline), which is the correct pattern
+(standardQueue.node.defaultChild as cdk.CfnResource).addMetadata('guard', {
+  SuppressedRules: ['SQS_NO_WORLD_ACCESSIBLE_INLINE'],
+});
+
+const standardQueueEvent = new events.Rule(stack, 'StandardQueueRule', {
+  schedule: events.Schedule.rate(cdk.Duration.minutes(1)),
+});
+
+standardQueueEvent.addTarget(new targets.SqsQueue(standardQueue, {
+  messageGroupId: 'MyMessageGroupId',
+}));
+
+new IntegTest(app, 'integ.sqs-event-rule-target', {
+  testCases: [stack],
+  allowDestroy: [
+    'AWS::SQS::Queue',
+    'AWS::SQS::QueuePolicy',
+    'AWS::Events::Rule',
+  ],
+});

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda/integ.runtimes.ts

@@ -17,6 +17,14 @@ new Function(stack, 'Lambda', {
   runtime: Runtime.DOTNET_8,
 });
 
+new Function(stack, 'DotNet10Lambda', {
+  code: Code.fromAsset(path.join(__dirname, 'dotnet-handler')),
+  handler: 'Handler',
+  runtime: Runtime.DOTNET_10,
+});
+
 new integ.IntegTest(app, 'lambda-runtime-management', {
   testCases: [stack],
 });
+
+app.synth();

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-stepfunctions-tasks/integ.ec2-run-task-ref-definition.ts

@@ -10,8 +10,6 @@ import { EC2_RESTRICT_DEFAULT_SECURITY_GROUP, STEPFUNCTIONS_TASKS_FIX_RUN_ECS_TA
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-stepfunctions-tasks/integ.ec2-run-task.ts

@@ -20,8 +20,6 @@ import { IntegTest } from '@aws-cdk/integ-tests-alpha';
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-stepfunctions-tasks/integ.ec2-task.ts

@@ -20,8 +20,6 @@ import { IntegTest } from '@aws-cdk/integ-tests-alpha';
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/cx-api/FEATURE_FLAGS.md

@@ -84,8 +84,6 @@ Flags come in three types:
 | [@aws-cdk/aws-ec2:bastionHostUseAmazonLinux2023ByDefault](#aws-cdkaws-ec2bastionhostuseamazonlinux2023bydefault) | When enabled, the BastionHost construct will use the latest Amazon Linux 2023 AMI, instead of Amazon Linux 2. | 2.172.0 | new default |
 | [@aws-cdk/core:aspectStabilization](#aws-cdkcoreaspectstabilization) | When enabled, a stabilization loop will be run when invoking Aspects during synthesis. | 2.172.0 | config |
 | [@aws-cdk/aws-route53-targets:userPoolDomainNameMethodWithoutCustomResource](#aws-cdkaws-route53-targetsuserpooldomainnamemethodwithoutcustomresource) | When enabled, use a new method for DNS Name of user pool domain target without creating a custom resource. | 2.174.0 | fix |
-| [@aws-cdk/aws-ecs:disableEcsImdsBlocking](#aws-cdkaws-ecsdisableecsimdsblocking) | When set to true, CDK synth will throw exception if canContainersAccessInstanceRole is false. **IMPORTANT: See [details.](#aws-cdkaws-ecsdisableEcsImdsBlocking)** | 2.175.0 | temporary |
-| [@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature](#aws-cdkaws-ecsenableimdsblockingdeprecatedfeature) | When set to true along with canContainersAccessInstanceRole=false in ECS cluster, new updated commands will be added to UserData to block container accessing IMDS. **Applicable to Linux only. IMPORTANT: See [details.](#aws-cdkaws-ecsenableImdsBlockingDeprecatedFeature)** | 2.175.0 | temporary |
 | [@aws-cdk/aws-elasticloadbalancingV2:albDualstackWithoutPublicIpv4SecurityGroupRulesDefault](#aws-cdkaws-elasticloadbalancingv2albdualstackwithoutpublicipv4securitygrouprulesdefault) | When enabled, the default security group ingress rules will allow IPv6 ingress from anywhere | 2.176.0 | fix |
 | [@aws-cdk/aws-iam:oidcRejectUnauthorizedConnections](#aws-cdkaws-iamoidcrejectunauthorizedconnections) | When enabled, the default behaviour of OIDC provider will reject unauthorized connections | 2.177.0 | fix |
 | [@aws-cdk/core:enableAdditionalMetadataCollection](#aws-cdkcoreenableadditionalmetadatacollection) | When enabled, CDK will expand the scope of usage data collected to better inform CDK development and improve communication for security concerns and emerging issues. | 2.178.0 | config |
@@ -177,8 +175,6 @@ The following json shows the current recommended set of flags, as `cdk init` wou
     "@aws-cdk/custom-resources:logApiResponseDataPropertyTrueDefault": false,
     "@aws-cdk/aws-s3:keepNotificationInImportedBucket": false,
     "@aws-cdk/core:explicitStackTags": true,
-    "@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature": false,
-    "@aws-cdk/aws-ecs:disableEcsImdsBlocking": true,
     "@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions": true,
     "@aws-cdk/aws-dynamodb:resourcePolicyPerReplica": true,
     "@aws-cdk/aws-ec2:ec2SumTImeoutEnabled": true,
@@ -1787,49 +1783,6 @@ If the flag is set to false then a custom resource will be created when using `U
 | 2.174.0 | `false` | `true` |
 
 
-### @aws-cdk/aws-ecs:disableEcsImdsBlocking
-
-*When set to true, CDK synth will throw exception if canContainersAccessInstanceRole is false. **IMPORTANT: See [details.](#aws-cdkaws-ecsdisableEcsImdsBlocking)***
-
-Flag type: Temporary flag
-
-In an ECS Cluster with `MachineImageType.AMAZON_LINUX_2`, the canContainersAccessInstanceRole=false option attempts to add commands to block containers from
-accessing IMDS. CDK cannot guarantee the correct execution of the feature in all platforms. Setting this feature flag
-to true will ensure CDK does not attempt to implement IMDS blocking. By <ins>**end of 2025**</ins>, CDK will remove the
-IMDS blocking feature. See [Github discussion](https://github.com/aws/aws-cdk/discussions/32609) for more information.
-
-It is recommended to follow ECS documentation to block IMDS for your specific platform and cluster configuration.
-
-
-| Since | Unset behaves like | Recommended value |
-| ----- | ----- | ----- |
-| (not in v1) |  |  |
-| 2.175.0 | `false` | `true` |
-
-**Compatibility with old behavior:** It is strongly recommended to set this flag to true. However, if necessary, set this flag to false to continue using the old implementation.
-
-
-### @aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature
-
-*When set to true along with canContainersAccessInstanceRole=false in ECS cluster, new updated commands will be added to UserData to block container accessing IMDS. **Applicable to Linux only. IMPORTANT: See [details.](#aws-cdkaws-ecsenableImdsBlockingDeprecatedFeature)***
-
-Flag type: Temporary flag
-
-In an ECS Cluster with `MachineImageType.AMAZON_LINUX_2`, the canContainersAccessInstanceRole=false option attempts to add commands to block containers from
-accessing IMDS. Set this flag to true in order to use new and updated commands. Please note that this
-feature alone with this feature flag will be deprecated by <ins>**end of 2025**</ins> as CDK cannot
-guarantee the correct execution of the feature in all platforms. See [Github discussion](https://github.com/aws/aws-cdk/discussions/32609) for more information.
-It is recommended to follow ECS documentation to block IMDS for your specific platform and cluster configuration.
-
-
-| Since | Unset behaves like | Recommended value |
-| ----- | ----- | ----- |
-| (not in v1) |  |  |
-| 2.175.0 | `false` | `false` |
-
-**Compatibility with old behavior:** Set this flag to false in order to continue using old and outdated commands. However, it is **not** recommended.
-
-
 ### @aws-cdk/aws-elasticloadbalancingV2:albDualstackWithoutPublicIpv4SecurityGroupRulesDefault
 
 *When enabled, the default security group ingress rules will allow IPv6 ingress from anywhere*

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/cx-api/README.md

@@ -528,48 +528,6 @@ _cdk.json_
 }
 ```
 
-* `@aws-cdk/aws-ecs:disableEcsImdsBlocking`
-
-When set to true, CDK synth will throw exception if canContainersAccessInstanceRole is false.
-
-In an ECS Cluster with `MachineImageType.AMAZON_LINUX_2`, the canContainersAccessInstanceRole=false option attempts to add commands to block containers from
-accessing IMDS. CDK cannot guarantee the correct execution of the feature in all platforms. Setting this feature flag
-to true will ensure CDK does not attempt to implement IMDS blocking. By <ins>**end of 2025**</ins>, CDK will remove the
-IMDS blocking feature. See [Github discussion](https://github.com/aws/aws-cdk/discussions/32609) for more information.
-
-**It is recommended to follow ECS documentation to block IMDS for your specific platform and cluster configuration.**
-
-_cdk.json_
-
-```json
-{
-  "context": {
-    "@aws-cdk/aws-ecs:disableEcsImdsBlocking": true
-  }
-}
-```
-
-* `@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature`
-
-When set to true along with canContainersAccessInstanceRole=false in ECS cluster, new updated commands will be added to UserData to block container accessing IMDS. **Applicable to Linux only.**
-
-In an ECS Cluster with `MachineImageType.AMAZON_LINUX_2`, the canContainersAccessInstanceRole=false option attempts to add commands to block containers from
-accessing IMDS. Set this flag to true in order to use new and updated commands. Please note that this
-feature alone with this feature flag will be deprecated by <ins>end of 2025</ins> as CDK cannot
-guarantee the correct execution of the feature in all platforms. See [Github discussion](https://github.com/aws/aws-cdk/discussions/32609) for more information.
-
-**It is recommended to follow ECS documentation to block IMDS for your specific platform and cluster configuration.**
-
-_cdk.json_
-
-```json
-{
-  "context": {
-    "@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature": false,
-  },
-}
-```
-
 * `@aws-cdk/aws-elasticloadbalancingV2:albDualstackWithoutPublicIpv4SecurityGroupRulesDefault`
 
 When enabled, the default security group ingress rules will allow IPv6 ingress from anywhere,

{konokenj_cdk_api_mcp_server-0.65.0.dist-info → konokenj_cdk_api_mcp_server-0.66.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: konokenj.cdk-api-mcp-server
-Version: 0.65.0
+Version: 0.66.0
 Summary: An MCP server provides AWS CDK API Reference
 Project-URL: Documentation, https://github.com/konokenj/cdk-api-mcp-server#readme
 Project-URL: Issues, https://github.com/konokenj/cdk-api-mcp-server/issues
@@ -26,7 +26,7 @@ Description-Content-Type: text/markdown
 [![PyPI - Python Version](https://img.shields.io/pypi/pyversions/konokenj.cdk-api-mcp-server.svg)](https://pypi.org/project/konokenj.cdk-api-mcp-server)
 
 <!-- DEP-VERSIONS-START -->
-[![aws-cdk](https://img.shields.io/badge/aws%20cdk-v2.232.1-blue.svg)](https://github.com/konokenj/cdk-api-mcp-server/blob/main/current-versions/aws-cdk.txt)
+[![aws-cdk](https://img.shields.io/badge/aws%20cdk-v2.232.2-blue.svg)](https://github.com/konokenj/cdk-api-mcp-server/blob/main/current-versions/aws-cdk.txt)
 <!-- DEP-VERSIONS-END -->
 
 ---