PyPI - konokenj.cdk-api-mcp-server - Versions diffs - 0.70.0__py3-none-any.whl → 0.72.0__py3-none-any.whl - Mend

konokenj.cdk-api-mcp-server 0.70.0py3-none-any.whl → 0.72.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (30) hide show

cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-eks-v2-alpha/README.md CHANGED Viewed

@@ -451,6 +451,34 @@ new eks.Cluster(this, 'HelloEKS', {
 });
 ```
+To provide additional Helm chart values supported by `albController` in CDK, use the `additionalHelmChartValues` property. For example, the following code snippet shows how to set the `enableWafV2` flag:
+```ts
+import { KubectlV34Layer } from '@aws-cdk/lambda-layer-kubectl-v34';
+new eks.Cluster(this, 'HelloEKS', {
+  version: eks.KubernetesVersion.V1_34,
+  albController: {
+    version: eks.AlbControllerVersion.V2_8_2,
+    additionalHelmChartValues: {
+      enableWafv2: false
+    }
+  },
+});
+```
+To overwrite an existing ALB controller service account, use the `overwriteServiceAccount` property:
+```ts
+new eks.Cluster(this, 'HelloEKS', {
+  version: eks.KubernetesVersion.V1_34,
+  albController: {
+    version: eks.AlbControllerVersion.V2_8_2,
+    overwriteServiceAccount: true,
+  },
+});
+```
 The `albController` requires `defaultCapacity` or at least one nodegroup. If there's no `defaultCapacity` or available
 nodegroup for the cluster, the `albController` deployment would fail.
@@ -755,6 +783,173 @@ By default, the cluster creator role will be granted the cluster admin permissio
 > **Note** - Switching `bootstrapClusterCreatorAdminPermissions` on an existing cluster would cause cluster replacement and should be avoided in production.
+### Service Accounts
+With services account you can provide Kubernetes Pods access to AWS resources.
+```ts
+import * as s3 from 'aws-cdk-lib/aws-s3';
+declare const cluster: eks.Cluster;
+// add service account
+const serviceAccount = cluster.addServiceAccount('MyServiceAccount');
+const bucket = new s3.Bucket(this, 'Bucket');
+bucket.grantReadWrite(serviceAccount);
+const mypod = cluster.addManifest('mypod', {
+  apiVersion: 'v1',
+  kind: 'Pod',
+  metadata: { name: 'mypod' },
+  spec: {
+    serviceAccountName: serviceAccount.serviceAccountName,
+    containers: [
+      {
+        name: 'hello',
+        image: 'paulbouwer/hello-kubernetes:1.5',
+        ports: [ { containerPort: 8080 } ],
+      },
+    ],
+  },
+});
+// create the resource after the service account.
+mypod.node.addDependency(serviceAccount);
+// print the IAM role arn for this service account
+new CfnOutput(this, 'ServiceAccountIamRole', { value: serviceAccount.role.roleArn });
+```
+Note that using `serviceAccount.serviceAccountName` above **does not** translate into a resource dependency.
+This is why an explicit dependency is needed. See <https://github.com/aws/aws-cdk/issues/9910> for more details.
+It is possible to pass annotations and labels to the service account.
+```ts
+declare const cluster: eks.Cluster;
+// add service account with annotations and labels
+const serviceAccount = cluster.addServiceAccount('MyServiceAccount', {
+  annotations: {
+    'eks.amazonaws.com/sts-regional-endpoints': 'false',
+  },
+  labels: {
+    'some-label': 'with-some-value',
+  },
+});
+```
+You can also add service accounts to existing clusters.
+To do so, pass the `openIdConnectProvider` property when you import the cluster into the application.
+```ts
+import * as s3 from 'aws-cdk-lib/aws-s3';
+// you can import an existing provider
+const provider = eks.OidcProviderNative.fromOidcProviderArn(this, 'Provider', 'arn:aws:iam::123456:oidc-provider/oidc.eks.eu-west-1.amazonaws.com/id/AB123456ABC');
+// or create a new one using an existing issuer url
+declare const issuerUrl: string;
+const provider2 = new eks.OidcProviderNative(this, 'Provider', {
+  url: issuerUrl,
+});
+import { KubectlV34Layer } from '@aws-cdk/lambda-layer-kubectl-v34';
+const cluster = eks.Cluster.fromClusterAttributes(this, 'MyCluster', {
+  clusterName: 'Cluster',
+  openIdConnectProvider: provider,
+  kubectlProviderOptions: {
+    kubectlLayer: new KubectlV34Layer(this, 'kubectl'),
+  }});
+const serviceAccount = cluster.addServiceAccount('MyServiceAccount');
+const bucket = new s3.Bucket(this, 'Bucket');
+bucket.grantReadWrite(serviceAccount);
+```
+Note that adding service accounts requires running `kubectl` commands against the cluster which requires you to provide `kubectlProviderOptions` in the cluster props to create the `kubectl` provider. See [Kubectl Support](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-eks-v2-alpha-readme.html#kubectl-support)
+#### Migrating from the deprecated eks.OpenIdConnectProvider to eks.OidcProviderNative
+`eks.OpenIdConnectProvider` creates an IAM OIDC (OpenId Connect) provider using a custom resource while `eks.OidcProviderNative` uses the CFN L1 (AWS::IAM::OidcProvider) to create the provider. It is recommended for new and existing projects to use `eks.OidcProviderNative`.
+To migrate without temporarily removing the OIDCProvider, follow these steps:
+1. Set the `removalPolicy` of `cluster.openIdConnectProvider` to `RETAIN`.
+   ```ts
+   import * as cdk from 'aws-cdk-lib';
+   declare const cluster: eks.Cluster;
+   cdk.RemovalPolicies.of(cluster.openIdConnectProvider).apply(cdk.RemovalPolicy.RETAIN);
+   ```
+2. Run `cdk diff` to verify the changes are expected then `cdk deploy`.
+3. Add the following to the `context` field of your `cdk.json` to enable the feature flag that creates the native oidc provider.
+   ```json
+   "@aws-cdk/aws-eks:useNativeOidcProvider": true,
+   ```
+4. Run `cdk diff` and ensure the changes are expected. Example of an expected diff:
+   ```bash
+   Resources
+   [-] Custom::AWSCDKOpenIdConnectProvider TestCluster/OpenIdConnectProvider/Resource TestClusterOpenIdConnectProviderE18F0FD0 orphan
+   [-] AWS::IAM::Role Custom::AWSCDKOpenIdConnectProviderCustomResourceProvider/Role CustomAWSCDKOpenIdConnectProviderCustomResourceProviderRole517FED65 destroy
+   [-] AWS::Lambda::Function Custom::AWSCDKOpenIdConnectProviderCustomResourceProvider/Handler CustomAWSCDKOpenIdConnectProviderCustomResourceProviderHandlerF2C543E0 destroy
+   [+] AWS::IAM::OIDCProvider TestCluster/OidcProviderNative TestClusterOidcProviderNative0BE3F155
+   ```
+5. Run `cdk import --force` and provide the ARN of the existing OpenIdConnectProvider when prompted. You will get a warning about pending changes to existing resources which is expected.
+6. Run `cdk deploy` to apply any pending changes. This will apply the destroy/orphan changes in the above example.
+If you are creating the OpenIdConnectProvider manually via `new eks.OpenIdConnectProvider`, follow these steps:
+1. Set the `removalPolicy` of the existing `OpenIdConnectProvider` to `RemovalPolicy.RETAIN`.
+   ```ts
+   import * as cdk from 'aws-cdk-lib';
+   // Step 1: Add retain policy to existing provider
+   const existingProvider = new eks.OpenIdConnectProvider(this, 'Provider', {
+     url: 'https://oidc.eks.us-west-2.amazonaws.com/id/EXAMPLE',
+     removalPolicy: cdk.RemovalPolicy.RETAIN, // Add this line
+   });
+   ```
+2. Deploy with the retain policy to avoid deletion of the underlying resource.
+   ```bash
+   cdk deploy
+   ```
+3. Replace `OpenIdConnectProvider` with `OidcProviderNative` in your code.
+   ```ts
+   // Step 3: Replace with native provider
+   const nativeProvider = new eks.OidcProviderNative(this, 'Provider', {
+     url: 'https://oidc.eks.us-west-2.amazonaws.com/id/EXAMPLE',
+   });
+   ```
+4. Run `cdk diff` and verify the changes are expected. Example of an expected diff:
+   ```bash
+   Resources
+   [-] Custom::AWSCDKOpenIdConnectProvider TestCluster/OpenIdConnectProvider/Resource TestClusterOpenIdConnectProviderE18F0FD0 orphan
+   [-] AWS::IAM::Role Custom::AWSCDKOpenIdConnectProviderCustomResourceProvider/Role CustomAWSCDKOpenIdConnectProviderCustomResourceProviderRole517FED65 destroy
+   [-] AWS::Lambda::Function Custom::AWSCDKOpenIdConnectProviderCustomResourceProvider/Handler CustomAWSCDKOpenIdConnectProviderCustomResourceProviderHandlerF2C543E0 destroy
+   [+] AWS::IAM::OIDCProvider TestCluster/OidcProviderNative TestClusterOidcProviderNative0BE3F155
+   ```
+5. Run `cdk import --force` to import the existing OIDC provider resource by providing the existing ARN.
+6. Run `cdk deploy` to apply any pending changes. This will apply the destroy/orphan operations in the example diff above.
 ### Cluster Security Group
 When you create an Amazon EKS cluster, a [cluster security group](https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html)

cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-elasticache-alpha/README.md CHANGED Viewed

@@ -397,7 +397,7 @@ declare const role: iam.Role;
 // grant "elasticache:Connect" action permissions to role
 user.grantConnect(role);
-serverlessCache.grantConnect(role);
+serverlessCache.grants.connect(role);
 ```
 ### Import an existing user and user group

cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-sagemaker-alpha/README.md CHANGED Viewed

@@ -214,6 +214,31 @@ const endpointConfig = new sagemaker.EndpointConfig(this, 'EndpointConfig', {
 });
 ```
+#### Container Startup Health Check Timeout
+You can specify a timeout value for your inference container to pass health check by configuring
+the `containerStartupHealthCheckTimeout` property. This is useful when your model takes longer
+to initialize and you want to avoid premature health check failures:
+```typescript
+import * as sagemaker from '@aws-cdk/aws-sagemaker-alpha';
+declare const model: sagemaker.Model;
+const endpointConfig = new sagemaker.EndpointConfig(this, 'EndpointConfig', {
+  instanceProductionVariants: [
+    {
+      model: model,
+      variantName: 'my-variant',
+      containerStartupHealthCheckTimeout: cdk.Duration.minutes(5), // 5 minutes timeout
+    },
+  ]
+});
+```
+The timeout value must be between 60 seconds and 1 hour (3600 seconds). If not specified,
+Amazon SageMaker uses the default timeout behavior.
 ### Serverless Inference
 Amazon SageMaker Serverless Inference is a purpose-built inference option that makes it easy for you to deploy and scale ML models. Serverless endpoints automatically launch compute resources and scale them in and out depending on traffic, eliminating the need to choose instance types or manage scaling policies. For more information, see [SageMaker Serverless Inference](https://docs.aws.amazon.com/sagemaker/latest/dg/serverless-endpoints.html).

cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/mixins-preview/README.md CHANGED Viewed

@@ -54,7 +54,7 @@ For convenience, you can use the `.with()` method for a more fluent syntax:
 import '@aws-cdk/mixins-preview/with';
 const bucket = new s3.CfnBucket(scope, "MyBucket")
-  .with(new EnableVersioning())
+  .with(new BucketVersioning())
   .with(new AutoDeleteObjects());
 ```
@@ -127,11 +127,29 @@ const bucket = new s3.CfnBucket(scope, "Bucket");
 Mixins.of(bucket).apply(new AutoDeleteObjects());
 ```
-**EnableVersioning**: Enables versioning on S3 buckets
+**BucketVersioning**: Enables versioning on S3 buckets
 ```typescript
 const bucket = new s3.CfnBucket(scope, "Bucket");
-Mixins.of(bucket).apply(new EnableVersioning());
+Mixins.of(bucket).apply(new BucketVersioning());
+```
+**BucketPolicyStatementsMixin**: Adds IAM policy statements to a bucket policy
+```typescript
+declare const bucket: s3.IBucketRef;
+const bucketPolicy = new s3.CfnBucketPolicy(scope, "BucketPolicy", {
+  bucket: bucket,
+  policyDocument: new iam.PolicyDocument(),
+});
+Mixins.of(bucketPolicy).apply(new BucketPolicyStatementsMixin([
+  new iam.PolicyStatement({
+    actions: ["s3:GetObject"],
+    resources: ["*"],
+    principals: [new iam.AnyPrincipal()],
+  }),
+]));
 ```
 ### Logs Delivery
@@ -213,7 +231,8 @@ Mixins.of(scope)
 // Strict application that requires all constructs to match
 Mixins.of(scope)
-  .mustApply(new EncryptionAtRest()); // Throws if no constructs support the mixin
+  .requireAll() // Throws if no constructs support the mixin
+  .apply(new EncryptionAtRest());
 ```
 ---

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/README.md/README.md CHANGED Viewed

@@ -1486,6 +1486,8 @@ To do this for a specific stack, add a `suppressTemplateIndentation: true` prope
 stack's `StackProps` parameter. You can also set this property to `false` to override
 the context key setting.
+Similarly, to do this for a specific nested stack, add a `suppressTemplateIndentation: true` property to its `NestedStackProps` parameter. You can also set this property to `false` to override the context key setting.
 ## App Context
 [Context values](https://docs.aws.amazon.com/cdk/v2/guide/context.html) are key-value pairs that can be associated with an app, stack, or construct.

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-batch/README.md CHANGED Viewed

@@ -65,68 +65,88 @@ For stateful or otherwise non-interruption-tolerant workflows, omit `spot` or se
 #### Choosing Your Instance Types
-Batch allows you to choose most up-to-date instance classes based on your region.
-This example configures your `ComputeEnvironment` to use only ARM64 instance:
+There are several ways to configure instance types for your compute environment:
+##### Using Default Instance Classes (Recommended)
+AWS Batch provides default instance classes that automatically select cost-effective, up-to-date instances based on your region.
+This is the recommended approach for new projects:
 ```ts
-const vpc = new ec2.Vpc(this, 'VPC');
+const vpc = new ec2.Vpc(this, 'Vpc');
-new batch.ManagedEc2EcsComputeEnvironment(this, 'myEc2ComputeEnv', {
+// Use ARM64 instances (e.g., m6g, c6g, r6g, c7g families)
+new batch.ManagedEc2EcsComputeEnvironment(this, 'Arm64Ec2ComputeEnv', {
   vpc,
   defaultInstanceClasses: [batch.DefaultInstanceClass.ARM64],
 });
-```
-This example configures your `ComputeEnvironment` to use only the `M5AD.large` instance:
-```ts
-const vpc = new ec2.Vpc(this, 'VPC');
-new batch.ManagedEc2EcsComputeEnvironment(this, 'myEc2ComputeEnv', {
+// Use x86_64 instances (e.g., m6i, c6i, r6i, c7i families)
+new batch.ManagedEc2EcsComputeEnvironment(this, 'X86_64Ec2ComputeEnv', {
   vpc,
-  instanceTypes: [ec2.InstanceType.of(ec2.InstanceClass.M5AD, ec2.InstanceSize.LARGE)],
+  defaultInstanceClasses: [batch.DefaultInstanceClass.X86_64],
 });
 ```
-Batch allows you to specify only the instance class and to let it choose the size, which you can do like this:
+The `default_x86_64` and `default_arm64` categories are dynamically updated by AWS as new instance families become available in your region.
+##### Using Specific Instance Types Only
+To use only specific instance types without any automatic defaults, set `useOptimalInstanceClasses: false`:
 ```ts
-const vpc = new ec2.Vpc(this, 'VPC');
+const vpc = new ec2.Vpc(this, 'Vpc');
-declare const computeEnv: batch.IManagedEc2EcsComputeEnvironment
-computeEnv.addInstanceClass(ec2.InstanceClass.M5AD);
-// Or, specify it on the constructor:
-new batch.ManagedEc2EcsComputeEnvironment(this, 'myEc2ComputeEnv', {
+// Use only R4 instance class (Batch chooses the size)
+new batch.ManagedEc2EcsComputeEnvironment(this, 'R4Ec2ComputeEnv', {
   vpc,
+  useOptimalInstanceClasses: false,
   instanceClasses: [ec2.InstanceClass.R4],
 });
+// Use only a specific instance type
+new batch.ManagedEc2EcsComputeEnvironment(this, 'M5AdLargeEc2ComputeEnv', {
+  vpc,
+  useOptimalInstanceClasses: false,
+  instanceTypes: [ec2.InstanceType.of(ec2.InstanceClass.M5AD, ec2.InstanceSize.LARGE)],
+});
 ```
-> [!WARNING]
-> `useOptimalInstanceClasses` is deprecated! Use `defaultInstanceClasses` instead.
+##### Using Optimal Instance Classes
+By default, `useOptimalInstanceClasses` is `true`, which adds the `optimal` instance type.
+**Note**: Since November 2025, `optimal` behaves the same as `default_x86_64` and is dynamically updated as AWS introduces new instance families. Both options automatically select cost-effective x86_64 instance types (from the m6i, c6i, r6i, and c7i families) based on your region.
-Unless you explicitly specify `useOptimalInstanceClasses: false`, this compute environment will use `'optimal'` instances,
-which tells Batch to pick an instance from the C4, M4, and R4 instance families.
-*Note*: Batch does not allow specifying instance types or classes with different architectures.
-For example, `InstanceClass.A1` cannot be specified alongside `'optimal'`,
-because `A1` uses ARM and `'optimal'` uses x86_64.
-You can specify both `'optimal'` alongside several different instance types in the same compute environment:
+You can combine this with additional instance types:
 ```ts
 declare const vpc: ec2.IVpc;
-const computeEnv = new batch.ManagedEc2EcsComputeEnvironment(this, 'myEc2ComputeEnv', {
-  instanceTypes: [ec2.InstanceType.of(ec2.InstanceClass.M5AD, ec2.InstanceSize.LARGE)],
-  useOptimalInstanceClasses: true, // default
+const computeEnv = new batch.ManagedEc2EcsComputeEnvironment(this, 'Ec2ComputeEnv', {
   vpc,
+  instanceTypes: [ec2.InstanceType.of(ec2.InstanceClass.M5AD, ec2.InstanceSize.LARGE)],
+  // useOptimalInstanceClasses: true (default)
 });
-// Note: this is equivalent to specifying
-computeEnv.addInstanceType(ec2.InstanceType.of(ec2.InstanceClass.M5AD, ec2.InstanceSize.LARGE));
-computeEnv.addInstanceClass(ec2.InstanceClass.C4);
-computeEnv.addInstanceClass(ec2.InstanceClass.M4);
-computeEnv.addInstanceClass(ec2.InstanceClass.R4);
+// Result: ['m5ad.large', 'optimal']
 ```
+##### Instance Type Configuration Reference
+| Goal | Configuration |
+|------|---------------|
+| Use latest x86_64 instances | `defaultInstanceClasses: [DefaultInstanceClass.X86_64]` or no configuration (default) |
+| Use latest ARM64 instances | `defaultInstanceClasses: [DefaultInstanceClass.ARM64]` |
+| Use only specific instance classes | `useOptimalInstanceClasses: false` + `instanceClasses: [...]` |
+| Use only specific instance types | `useOptimalInstanceClasses: false` + `instanceTypes: [...]` |
+| Use optimal + additional instances | `instanceClasses: [...]` or `instanceTypes: [...]` |
+**Note**: Batch does not allow specifying instance types or classes with different architectures.
+For example, `InstanceClass.A1` (ARM) cannot be specified alongside `optimal` (x86_64).
+When using ARM-based instances (e.g., Graviton), use `defaultInstanceClasses: [DefaultInstanceClass.ARM64]`, or set `useOptimalInstanceClasses: false` and explicitly specify ARM instance classes/types.
+**Note**: `useOptimalInstanceClasses` and `defaultInstanceClasses` cannot be used together.
 #### Configure AMIs
 You can configure Amazon Machine Images (AMIs). This example configures your `ComputeEnvironment` to use Amazon Linux 2023.

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-bedrock/README.md CHANGED Viewed

@@ -30,7 +30,6 @@ bedrock.ProvisionedModel.fromProvisionedModelArn(
 );
 ```
-There are no official hand-written ([L2](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib)) constructs for provisioning Bedrock resources yet. Here are some suggestions on how to proceed:
+L2 constructs for this service are available in the [`@aws-cdk/aws-bedrock-alpha`](https://www.npmjs.com/package/@aws-cdk/aws-bedrock-alpha) package.
-- Search [Construct Hub for Bedrock construct libraries](https://constructs.dev/search?q=bedrock)
-- Use the automatically generated [L1](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_l1_using) constructs, in the same way you would use [the CloudFormation AWS::Bedrock resources](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_Bedrock.html) directly.
+You can also use the automatically generated [L1](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_l1_using) constructs, in the same way you would use [the CloudFormation AWS::Bedrock resources](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_Bedrock.html) directly.

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-bedrockagentcore/README.md ADDED Viewed

@@ -0,0 +1,24 @@
+# AWS::BedrockAgentCore Construct Library
+<!--BEGIN STABILITY BANNER-->
+---
+![cfn-resources: Stable](https://img.shields.io/badge/cfn--resources-stable-success.svg?style=for-the-badge)
+> All classes with the `Cfn` prefix in this module ([CFN Resources]) are always stable and safe to use.
+>
+> [CFN Resources]: https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib
+---
+<!--END STABILITY BANNER-->
+This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project.
+```ts nofixture
+import * as bedrockagentcore from 'aws-cdk-lib/aws-bedrockagentcore';
+```
+L2 constructs for this service are available in the [`@aws-cdk/aws-bedrock-agentcore-alpha`](https://www.npmjs.com/package/@aws-cdk/aws-bedrock-agentcore-alpha) package.
+You can also use the automatically generated [L1](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_l1_using) constructs, in the same way you would use [the CloudFormation AWS::BedrockAgentCore resources](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_BedrockAgentCore.html) directly.

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ec2/README.md CHANGED Viewed

@@ -245,7 +245,7 @@ const vpc = new ec2.Vpc(this, 'TheVPC', {
 const securityGroup = new ec2.SecurityGroup(this, 'SecurityGroup', { vpc });
     securityGroup.addEgressRule(ec2.Peer.anyIpv4(), ec2.Port.tcp(443));
 for (const gateway of provider.gatewayInstances) {
-  bucket.grantWrite(gateway);
+  bucket.grants.write(gateway);
   gateway.addSecurityGroup(securityGroup);
 }
 ```

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/README.md CHANGED Viewed

@@ -1678,6 +1678,8 @@ new ecs.Ec2Service(this, 'EC2Service', {
 Managed Instances Capacity Providers allow you to use AWS-managed EC2 instances for your ECS tasks while providing more control over instance selection than standard Fargate. AWS handles the instance lifecycle, patching, and maintenance while you can specify detailed instance requirements. You can  define detailed instance requirements to control which types of instances are used for your workloads.
+Capacity Option Type provides the purchasing option for the EC2 instances used in the capacity provider. Determines whether to use On-Demand or Spot instances. Valid values are `ON_DEMAND` and `SPOT`. Defaults to `ON_DEMAND` when not specified. Changing this value will trigger replacement of the capacity provider. For more information, see [Amazon EC2 billing and purchasing options](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-purchasing-options.html) in the Amazon EC2 User Guide.
 See [ECS documentation for Managed Instances Capacity Provider](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/managed-instances-capacity-providers-concept.html) for more documentation.
 #### IAM Roles Setup
@@ -1695,6 +1697,7 @@ const securityGroup = new ec2.SecurityGroup(this, 'SecurityGroup', {
 });
 const miCapacityProvider = new ecs.ManagedInstancesCapacityProvider(this, 'MICapacityProvider', {
+  capacityOptionType: ecs.CapacityOptionType.SPOT,
   subnets: vpc.privateSubnets,
   securityGroups: [securityGroup],
   instanceRequirements: {

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.managedinstances-capacity-provider.ts CHANGED Viewed

@@ -49,6 +49,7 @@ const fmiSecurityGroup = new ec2.SecurityGroup(stack, 'ManagedInstancesSecurityG
 // Create MI Capacity Provider
 const miCapacityProvider = new ecs.ManagedInstancesCapacityProvider(stack, 'ManagedInstancesCapacityProvider', {
   infrastructureRole: infrastructureRole,
+  capacityOptionType: ecs.CapacityOptionType.SPOT,
   ec2InstanceProfile: instanceProfile,
   subnets: vpc.privateSubnets,
   securityGroups: [fmiSecurityGroup],

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/README.md CHANGED Viewed

@@ -731,6 +731,21 @@ new eks.Cluster(this, 'HelloEKS', {
 });
 ```
+To overwrite an existing ALB controller service account, use the `overwriteServiceAccount` property:
+```ts
+import { KubectlV34Layer } from '@aws-cdk/lambda-layer-kubectl-v34';
+new eks.Cluster(this, 'HelloEKS', {
+  version: eks.KubernetesVersion.V1_34,
+  albController: {
+    version: eks.AlbControllerVersion.V2_8_2,
+    overwriteServiceAccount: true
+  },
+  kubectlLayer: new KubectlV34Layer(this, 'kubectl'),
+});
+```
 The `albController` requires `defaultCapacity` or at least one nodegroup. If there's no `defaultCapacity` or available
 nodegroup for the cluster, the `albController` deployment would fail.
@@ -1430,16 +1445,26 @@ const serviceAccount = cluster.addServiceAccount('MyServiceAccount', {
 });
 ```
+To overwrite an existing service account, use the `overwriteServiceAccount` property:
+```ts
+declare const cluster: eks.Cluster;
+// overwrite existing service account
+const serviceAccount = cluster.addServiceAccount('MyServiceAccount', {
+  overwriteServiceAccount: true,
+});
+```
 You can also add service accounts to existing clusters.
 To do so, pass the `openIdConnectProvider` property when you import the cluster into the application.
 ```ts
 // you can import an existing provider
-const provider = eks.OpenIdConnectProvider.fromOpenIdConnectProviderArn(this, 'Provider', 'arn:aws:iam::123456:oidc-provider/oidc.eks.eu-west-1.amazonaws.com/id/AB123456ABC');
+const provider = eks.OidcProviderNative.fromOidcProviderArn(this, 'Provider', 'arn:aws:iam::123456:oidc-provider/oidc.eks.eu-west-1.amazonaws.com/id/AB123456ABC');
 // or create a new one using an existing issuer url
 declare const issuerUrl: string;
-const provider2 = new eks.OpenIdConnectProvider(this, 'Provider', {
+const provider2 = new eks.OidcProviderNative(this, 'Provider', {
   url: issuerUrl,
 });
@@ -1459,6 +1484,87 @@ Note that adding service accounts requires running `kubectl` commands against th
 This means you must also pass the `kubectlRoleArn` when importing the cluster.
 See [Using existing Clusters](https://github.com/aws/aws-cdk/tree/main/packages/aws-cdk-lib/aws-eks#using-existing-clusters).
+##### Migrating from eks.OpenIdConnectProvider to eks.OidcProviderNative
+`eks.OpenIdConnectProvider` creates an IAM OIDC (OpenId Connect) provider using a custom resource while `eks.OidcProviderNative` uses the CFN L1 (AWS::IAM::OidcProvider) to create the provider. It is recommended for new and existing projects to use `eks.OidcProviderNative`. Migrating from the `eks.OpenIdConnectProvider` is not as trivial as switching out the property since the property controls the creation of a resource whose type is changing. Due to the potential complexlity of the migration and the requirement of a manual step (`cdk import`) we are not deprecating the `eks.OpenIdConnectProvider` construct but encourge you to migrate.
+To migrate without temporarily removing the OIDCProvider, follow these steps:
+1. Set the `removalPolicy` of `cluster.openIdConnectProvider` to `RETAIN`.
+   ```ts
+   import * as cdk from 'aws-cdk-lib';
+   declare const cluster: eks.Cluster;
+   cdk.RemovalPolicies.of(cluster.openIdConnectProvider).apply(cdk.RemovalPolicy.RETAIN);
+   ```
+2. Run `cdk diff` to verify the changes are expected then `cdk deploy`.
+3. Add the following to the `context` field of your `cdk.json` to enable the feature flag that creates the native oidc provider.
+   ```json
+   "@aws-cdk/aws-eks:useNativeOidcProvider": true,
+   ```
+4. Run `cdk diff` and ensure the changes are expected. Example of an expected diff:
+   ```bash
+   Resources
+   [-] Custom::AWSCDKOpenIdConnectProvider TestCluster/OpenIdConnectProvider/Resource TestClusterOpenIdConnectProviderE18F0FD0 orphan
+   [-] AWS::IAM::Role Custom::AWSCDKOpenIdConnectProviderCustomResourceProvider/Role CustomAWSCDKOpenIdConnectProviderCustomResourceProviderRole517FED65 destroy
+   [-] AWS::Lambda::Function Custom::AWSCDKOpenIdConnectProviderCustomResourceProvider/Handler CustomAWSCDKOpenIdConnectProviderCustomResourceProviderHandlerF2C543E0 destroy
+   [+] AWS::IAM::OIDCProvider TestCluster/OidcProviderNative TestClusterOidcProviderNative0BE3F155
+   ```
+5. Run `cdk import --force` and provide the ARN of the existing OpenIdConnectProvider when prompted. You will get a warning about pending changes to existing resources which is expected.
+6. Run `cdk deploy` to apply any pending changes. This will apply the destroy/orphan changes in the above example.
+If you are creating the OpenIdConnectProvider manually via `new eks.OpenIdConnectProvider`, follow these steps:
+1. Set the `removalPolicy` of the existing `OpenIdConnectProvider` to `RemovalPolicy.RETAIN`.
+   ```ts
+   import * as cdk from 'aws-cdk-lib';
+   // Step 1: Add retain policy to existing provider
+   const existingProvider = new eks.OpenIdConnectProvider(this, 'Provider', {
+     url: 'https://oidc.eks.us-west-2.amazonaws.com/id/EXAMPLE',
+     removalPolicy: cdk.RemovalPolicy.RETAIN, // Add this line
+   });
+   ```
+2. Deploy with the retain policy to avoid deletion of the underlying resource.
+   ```bash
+   cdk deploy
+   ```
+3. Replace `OpenIdConnectProvider` with `OidcProviderNative` in your code.
+   ```ts
+   // Step 3: Replace with native provider
+   const nativeProvider = new eks.OidcProviderNative(this, 'Provider', {
+     url: 'https://oidc.eks.us-west-2.amazonaws.com/id/EXAMPLE',
+   });
+   ```
+4. Run `cdk diff` and verify the changes are expected. Example of an expected diff:
+   ```bash
+   Resources
+   [-] Custom::AWSCDKOpenIdConnectProvider TestCluster/OpenIdConnectProvider/Resource TestClusterOpenIdConnectProviderE18F0FD0 orphan
+   [-] AWS::IAM::Role Custom::AWSCDKOpenIdConnectProviderCustomResourceProvider/Role CustomAWSCDKOpenIdConnectProviderCustomResourceProviderRole517FED65 destroy
+   [-] AWS::Lambda::Function Custom::AWSCDKOpenIdConnectProviderCustomResourceProvider/Handler CustomAWSCDKOpenIdConnectProviderCustomResourceProviderHandlerF2C543E0 destroy
+   [+] AWS::IAM::OIDCProvider TestCluster/OidcProviderNative TestClusterOidcProviderNative0BE3F155
+   ```
+5. Run `cdk import --force` to import the existing OIDC provider resource by providing the existing ARN.
+6. Run `cdk deploy` to apply any pending changes. This will apply the destroy/orphan operations in the example diff above.
 ### Pod Identities
 [Amazon EKS Pod Identities](https://docs.aws.amazon.com/eks/latest/userguide/pod-identities.html) is a feature that simplifies how

konokenj.cdk-api-mcp-server 0.70.0__py3-none-any.whl → 0.72.0__py3-none-any.whl

konokenj.cdk-api-mcp-server 0.70.0py3-none-any.whl → 0.72.0py3-none-any.whl