konokenj.cdk-api-mcp-server 0.70.0__py3-none-any.whl → 0.72.0__py3-none-any.whl

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.eks-cluster-native-oidc.ts

@@ -0,0 +1,49 @@
+/// !cdk-integ pragma:disable-update-workflow
+import { App, Stack, StackProps } from 'aws-cdk-lib';
+import * as integ from '@aws-cdk/integ-tests-alpha';
+import * as eks from 'aws-cdk-lib/aws-eks';
+import { EKS_USE_NATIVE_OIDC_PROVIDER } from 'aws-cdk-lib/cx-api';
+import { getClusterVersionConfig } from './integ-tests-kubernetes-version';
+
+class EksClusterNativeOidcStack extends Stack {
+  constructor(scope: App, id: string, props?: StackProps) {
+    super(scope, id, props);
+
+    const cluster = new eks.Cluster(this, 'Cluster', {
+      ...getClusterVersionConfig(this, eks.KubernetesVersion.V1_32),
+
+    });
+
+    /**
+     * ServiceAccount and AlbController are added to verify that OIDC provider is created and
+     * can be used to create IAM roles for service accounts.
+     */
+
+    new eks.ServiceAccount(this, 'ServiceAccount', {
+      cluster: cluster,
+      name: 'test-service-account',
+      namespace: 'default',
+    });
+    new eks.AlbController(this, 'AlbController', {
+      cluster: cluster,
+      version: eks.AlbControllerVersion.V2_8_2,
+    });
+  }
+}
+
+const app = new App({
+  postCliContext: {
+    [EKS_USE_NATIVE_OIDC_PROVIDER]: true,
+  },
+});
+
+const stack = new EksClusterNativeOidcStack(app, 'aws-cdk-eks-cluster-native-oidc', {
+  env: { region: 'us-east-1' },
+});
+
+new integ.IntegTest(app, 'aws-cdk-eks-cluster-native-oidc-integ', {
+  testCases: [stack],
+  diffAssets: false,
+});
+
+app.synth();

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.eks-cluster.ts

@@ -105,6 +105,7 @@ class EksClusterStack extends Stack {
   private assertServiceAccount() {
     // add a service account connected to a IAM role
     this.cluster.addServiceAccount('MyServiceAccount');
+    this.cluster.addServiceAccount('MyServiceAccountWithOverwrite', { overwriteServiceAccount: true });
   }
 
   private assertExtendedServiceAccount() {

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.eks-oidc-provider.ts

@@ -2,6 +2,7 @@ import { App, Stack } from 'aws-cdk-lib';
 import * as integ from '@aws-cdk/integ-tests-alpha';
 import * as eks from 'aws-cdk-lib/aws-eks';
 import { IAM_OIDC_REJECT_UNAUTHORIZED_CONNECTIONS } from 'aws-cdk-lib/cx-api';
+import { getClusterVersionConfig } from './integ-tests-kubernetes-version';
 
 const app = new App({
   postCliContext: {
@@ -10,10 +11,28 @@ const app = new App({
 });
 const stack = new Stack(app, 'aws-eks-oidc-provider-test');
 
+// OpenIdConnectProvider uses a custom resource that only needs to extract SSL certificate
+// thumbprints via TLS connection. It works with fake cluster IDs (like test2) because
+// oidc.eks.us-east-1.amazonaws.com is a real AWS server with valid SSL certificates.
+// The Lambda doesn't validate OIDC configuration, only retrieves thumbprints when
+// the IAM_OIDC_REJECT_UNAUTHORIZED_CONNECTIONS flag is false.
 new eks.OpenIdConnectProvider(stack, 'NoClientsNoThumbprint', {
   url: `https://oidc.eks.${Stack.of(stack).region}.amazonaws.com/id/test2`,
 });
 
+const cluster = new eks.Cluster(stack, 'Cluster', {
+  ...getClusterVersionConfig(stack, eks.KubernetesVersion.V1_32),
+});
+// OidcProviderNative uses the native AWS::IAM::OIDCProvider CloudFormation resource
+// which validates OIDC providers by fetching /.well-known/openid-configuration.
+// Fake cluster IDs return 404 for this endpoint, causing validation to fail.
+// eks.OidcProviderNative doesn't expose thumbprints property (unlike iam.OidcProviderNative)
+// as there is no use case for using an invalid OIDC issuer URL,
+// so we must use a real cluster URL for CloudFormation to successfully validate.
+new eks.OidcProviderNative(stack, 'OidcProviderNative', {
+  url: cluster.clusterOpenIdConnectIssuerUrl,
+});
+
 new integ.IntegTest(app, 'aws-cdk-eks-oidc-provider', {
   testCases: [stack],
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-iam/README.md

@@ -32,27 +32,29 @@ Managed policies can be attached using `xxx.addManagedPolicy(ManagedPolicy.fromA
 
 ## Granting permissions to resources
 
-Many of the AWS CDK resources have `grant*` methods that allow you to grant other resources access to that resource. As an example, the following code gives a Lambda function write permissions (Put, Update, Delete) to a DynamoDB table.
+Many of the AWS CDK resources have grant methods (accessible via the `grants` attribute) that allow you to grant other 
+resources access to that resource. As an example, the following code gives a Lambda function write permissions 
+(Put, Update, Delete) to a DynamoDB table.
 
 ```ts
 declare const fn: lambda.Function;
 declare const table: dynamodb.Table;
 
-table.grantWriteData(fn);
+table.grants.writeData(fn);
 ```
 
-The more generic `grant` method allows you to give specific permissions to a resource:
+The more generic `actions` method allows you to give specific permissions to a resource:
 
 ```ts
 declare const fn: lambda.Function;
 declare const table: dynamodb.Table;
 
-table.grant(fn, 'dynamodb:PutItem');
+table.grants.actions(fn, 'dynamodb:PutItem');
 ```
 
-The `grant*` methods accept an `IGrantable` object. This interface is implemented by IAM principal resources (groups, users and roles), policies, managed policies and resources that assume a role such as a Lambda function, EC2 instance or a Codebuild project.
+The grant methods accept an `IGrantable` object. This interface is implemented by IAM principal resources (groups, users and roles), policies, managed policies and resources that assume a role such as a Lambda function, EC2 instance or a Codebuild project.
 
-You can find which `grant*` methods exist for a resource in the [AWS CDK API Reference](https://docs.aws.amazon.com/cdk/api/latest/docs/aws-construct-library.html).
+You can find which grant methods exist for a resource in the [AWS CDK API Reference](https://docs.aws.amazon.com/cdk/api/latest/docs/aws-construct-library.html).
 
 ## Roles
 
@@ -70,8 +72,8 @@ automatically if you associate the construct with other constructs from the
 AWS Construct Library (for example, if you tell an *AWS CodePipeline* to trigger
 an *AWS Lambda Function*, the Pipeline's Role will automatically get
 `lambda:InvokeFunction` permissions on that particular Lambda Function),
-or if you explicitly grant permissions using `grant` functions (see the
-previous section).
+or if you explicitly grant permissions using the public methods in the 
+`RoleGrants` class (see the previous section).
 
 ### Opting out of automatic permissions management
 
@@ -186,7 +188,7 @@ const fn = new lambda.Function(this, 'MyLambda', {
 });
 
 const bucket = new s3.Bucket(this, 'Bucket');
-bucket.grantRead(fn);
+bucket.grants.read(fn);
 ```
 
 The following report will be generated.
@@ -445,7 +447,8 @@ new iam.Role(this, 'Role', {
 
 ### Granting a principal permission to assume a role
 
-A principal can be granted permission to assume a role using `grantAssumeRole`.
+A principal can be granted permission to assume a role using `assumeRole` from the `RoleGrants` class.
+For convenience, an instance of this class is available via the `grants` attribute on the `Role` class.
 
 Note that this does not apply to service principals or account principals as they must be added to the role trust policy via `assumeRolePolicy`.
 
@@ -455,7 +458,7 @@ const role = new iam.Role(this, 'role', {
   assumedBy: new iam.AccountPrincipal(this.account)
 });
 
-role.grantAssumeRole(user);
+role.grants.assumeRole(user);
 ```
 
 ### Granting service and account principals permission to assume a role

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda-event-sources/README.md

@@ -499,7 +499,76 @@ myFunction.addEventSource(new ManagedKafkaEventSource({
 }));
 ```
 
-Set configuration for provisioned pollers that read from the event source.
+### Kafka Observability Features
+
+AWS Lambda provides enhanced observability for Kafka event sources through logging and metrics configuration.
+
+**Important**: Observability features (`LogLevel` and `MetricsConfig`) are only available when using provisioned mode. 
+
+#### Logging
+
+You can configure the verbosity of logs generated by the polling infrastructure.
+This is particularly useful for troubleshooting connection issues, monitoring 
+polling behavior, and understanding the internal operations of your event 
+source mapping.
+
+```ts
+import { ManagedKafkaEventSource } from 'aws-cdk-lib/aws-lambda-event-sources';
+
+// Your MSK cluster arn
+const clusterArn = 'arn:aws:kafka:us-east-1:0123456789019:cluster/SalesCluster/abcd1234-abcd-cafe-abab-9876543210ab-4';
+
+declare const myFunction: lambda.Function;
+
+// Configure INFO level logging for production monitoring
+myFunction.addEventSource(new ManagedKafkaEventSource({
+  clusterArn,
+  topic: 'production-events',
+  startingPosition: lambda.StartingPosition.LATEST,
+  // Provisioned mode is required for observability features
+  provisionedPollerConfig: {
+    minimumPollers: 1,
+    maximumPollers: 5,
+  },
+  logLevel: lambda.EventSourceMappingLogLevel.INFO
+}));
+```
+
+#### Metrics Configuration
+
+Enhanced metrics provide detailed insights into your Kafka event source performance. 
+Metrics include event processing rates, error counts, and Kafka-specific metrics 
+like consumer lag.
+
+```ts
+import { ManagedKafkaEventSource } from 'aws-cdk-lib/aws-lambda-event-sources';
+
+// Your MSK cluster arn
+const clusterArn = 'arn:aws:kafka:us-east-1:0123456789019:cluster/SalesCluster/abcd1234-abcd-cafe-abab-9876543210ab-4';
+
+declare const myFunction: lambda.Function;
+
+// Enable basic event and error metrics
+myFunction.addEventSource(new ManagedKafkaEventSource({
+  clusterArn,
+  topic: 'basic-monitoring',
+  startingPosition: lambda.StartingPosition.LATEST,
+  // Provisioned mode is required for observability features
+  provisionedPollerConfig: {
+    minimumPollers: 2,
+    maximumPollers: 10,
+  },
+  metricsConfig: {
+    metrics: [
+      lambda.MetricType.EVENT_COUNT,
+      lambda.MetricType.ERROR_COUNT
+    ]
+  }
+}));
+```
+
+Set configuration for provisioned pollers that read from the event source. When specified, allows control over
+the minimum and maximum number of pollers that can be provisioned to process events from the source.
 
 ```ts
 import { ManagedKafkaEventSource } from 'aws-cdk-lib/aws-lambda-event-sources';
@@ -544,7 +613,9 @@ ordersFunction.addEventSource(new ManagedKafkaEventSource({
 
 ```
 
-Set a confluent or self-managed schema registry to de-serialize events from the event source. Note, this will similarly work for `SelfManagedKafkaEventSource` but the example only shows setup for `ManagedKafkaEventSource`.
+Set a confluent or self-managed schema registry to de-serialize events from the event source. 
+
+Note: This will also work for `SelfManagedKafkaEventSource`.
 
 ```ts
 import { ManagedKafkaEventSource, ConfluentSchemaRegistry } from 'aws-cdk-lib/aws-lambda-event-sources';
@@ -577,7 +648,9 @@ myFunction.addEventSource(new ManagedKafkaEventSource({
 }));
 ```
 
-Set Glue schema registry to de-serialize events from the event source. Note, this will similarly work for `SelfManagedKafkaEventSource` but the example only shows setup for `ManagedKafkaEventSource`.
+Set Glue schema registry to de-serialize events from the event source.
+
+Note: This will also work for `SelfManagedKafkaEventSource`.
 
 ```ts
 import { CfnRegistry } from 'aws-cdk-lib/aws-glue';

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda-event-sources/integ.kafka-observability.ts

@@ -0,0 +1,90 @@
+import * as lambda from 'aws-cdk-lib/aws-lambda';
+import * as secretsmanager from 'aws-cdk-lib/aws-secretsmanager';
+import * as cdk from 'aws-cdk-lib';
+import * as integ from '@aws-cdk/integ-tests-alpha';
+import { TestFunction } from './test-function';
+import { AuthenticationMethod, SelfManagedKafkaEventSource } from 'aws-cdk-lib/aws-lambda-event-sources';
+
+/**
+ * Integration test for Kafka observability features (LoggingConfig and MetricsConfig)
+ *
+ * This test validates that LoggingConfig and MetricsConfig generate correct CloudFormation
+ * templates with proper provisioned poller configuration.
+ *
+ * Test scenarios:
+ * 1. Self-managed Kafka with LoggingConfig only
+ * 2. Self-managed Kafka with MetricsConfig only
+ */
+class KafkaObservabilityTest extends cdk.Stack {
+  constructor(scope: cdk.App, id: string) {
+    super(scope, id);
+
+    // Create secret for authentication
+    const secret = new secretsmanager.Secret(this, 'KafkaSecret', {
+      secretObjectValue: {
+        username: cdk.SecretValue.unsafePlainText('testuser'),
+        password: cdk.SecretValue.unsafePlainText('testpass'),
+      },
+    });
+
+    // Scenario 1: Self-managed Kafka with LoggingConfig only
+    const smkLoggingFunction = new TestFunction(this, 'SMKLoggingFunction');
+    smkLoggingFunction.addEventSource(new SelfManagedKafkaEventSource({
+      bootstrapServers: ['kafka-broker-1:9092', 'kafka-broker-2:9092'],
+      topic: 'logging-topic',
+      secret: secret,
+      authenticationMethod: AuthenticationMethod.SASL_SCRAM_512_AUTH,
+      startingPosition: lambda.StartingPosition.LATEST,
+      consumerGroupId: 'logging-consumer-group',
+      // Provisioned mode is required for observability features
+      provisionedPollerConfig: {
+        minimumPollers: 1,
+        maximumPollers: 5,
+      },
+      // Configure DEBUG level logging for detailed troubleshooting
+      logLevel: lambda.EventSourceMappingLogLevel.DEBUG,
+    }));
+
+    // Scenario 2: Self-managed Kafka with MetricsConfig only
+    const smkMetricsFunction = new TestFunction(this, 'SMKMetricsFunction');
+    smkMetricsFunction.addEventSource(new SelfManagedKafkaEventSource({
+      bootstrapServers: ['kafka-broker-3:9092', 'kafka-broker-4:9092'],
+      topic: 'metrics-topic',
+      secret: secret,
+      authenticationMethod: AuthenticationMethod.SASL_SCRAM_256_AUTH,
+      startingPosition: lambda.StartingPosition.TRIM_HORIZON,
+      consumerGroupId: 'metrics-consumer-group',
+      batchSize: 100,
+      // Provisioned mode is required for observability features
+      provisionedPollerConfig: {
+        minimumPollers: 3,
+        maximumPollers: 15,
+      },
+      // Configure comprehensive metrics including Kafka-specific metrics
+      metricsConfig: {
+        metrics: [
+          lambda.MetricType.EVENT_COUNT,
+          lambda.MetricType.ERROR_COUNT,
+          lambda.MetricType.KAFKA_METRICS,
+        ],
+      },
+    }));
+  }
+}
+
+const app = new cdk.App({
+  postCliContext: {
+    '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
+  },
+});
+
+const stack = new KafkaObservabilityTest(
+  app,
+  'KafkaObservabilityTest',
+);
+
+new integ.IntegTest(app, 'KafkaObservabilityIntegTest', {
+  testCases: [stack],
+});
+
+app.synth();

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-logs/README.md

@@ -68,14 +68,14 @@ Or more conveniently, write permissions to the log group can be granted as follo
 
 ```ts
 const logGroup = new logs.LogGroup(this, 'LogGroup');
-logGroup.grantWrite(new iam.ServicePrincipal('es.amazonaws.com'));
+logGroup.grants.write(new iam.ServicePrincipal('es.amazonaws.com'));
 ```
 
 Similarly, read permissions can be granted to the log group as follows.
 
 ```ts
 const logGroup = new logs.LogGroup(this, 'LogGroup');
-logGroup.grantRead(new iam.ServicePrincipal('es.amazonaws.com'));
+logGroup.grants.read(new iam.ServicePrincipal('es.amazonaws.com'));
 ```
 
 Be aware that any ARNs or tokenized values passed to the resource policy will be converted into AWS Account IDs.

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-sns/README.md

@@ -61,14 +61,14 @@ myTopic.addSubscription(new subscriptions.SqsSubscription(queue));
 Note that subscriptions of queues in different accounts need to be manually confirmed by
 reading the initial message from the queue and visiting the link found in it.
 
- The `grantSubscribe` method adds a policy statement to the topic's resource policy, allowing the specified principal to perform the `sns:Subscribe` action.
+ The `topic.grants.subscribe` method adds a policy statement to the topic's resource policy, allowing the specified principal to perform the `sns:Subscribe` action.
  It's useful when you want to allow entities, such as another AWS account or resources created later, to subscribe to the topic at their own pace, separating permission granting from the actual subscription process.
 
 ```ts
 declare const accountPrincipal: iam.AccountPrincipal;
 const myTopic = new sns.Topic(this, 'MyTopic');
 
-myTopic.grantSubscribe(accountPrincipal);
+myTopic.grants.subscribe(accountPrincipal);
 ```
 
 ### Filter policy

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/core/integ.nested-stack-suppress-template-indentation.ts

@@ -0,0 +1,29 @@
+import * as cdk from 'aws-cdk-lib/core';
+import * as integ from '@aws-cdk/integ-tests-alpha';
+import * as s3 from 'aws-cdk-lib/aws-s3';
+
+const app = new cdk.App();
+const stack = new cdk.Stack(app, 'ParentStack');
+
+const nested = new cdk.NestedStack(stack, 'NestedSuppressIndentation', {
+  suppressTemplateIndentation: true,
+});
+new s3.Bucket(nested, 'Bucket'); // dummy
+
+const testCase = new integ.IntegTest(app, 'NestedSuppressIndentationTest', {
+  testCases: [stack],
+});
+
+const nestedChild = nested.node.defaultChild as cdk.CfnStack;
+const nestedTemplateUrl = nestedChild.templateUrl!; // Nested stacks must have the templateUrl
+
+const apiCall = testCase.assertions.awsApiCall('S3', 'getObject', {
+  Bucket: cdk.Fn.select(3, cdk.Fn.split('/', nestedTemplateUrl)),
+  Key: cdk.Fn.select(4, cdk.Fn.split('/', nestedTemplateUrl)),
+});
+
+apiCall.expect(
+  integ.ExpectedResult.objectLike({
+    Body: '{"Resources":{"Bucket83908E77":{"Type":"AWS::S3::Bucket","UpdateReplacePolicy":"Retain","DeletionPolicy":"Retain"}}}',
+  }),
+);

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/cx-api/FEATURE_FLAGS.md

@@ -109,6 +109,7 @@ Flags come in three types:
 | [@aws-cdk/aws-stepfunctions-tasks:httpInvokeDynamicJsonPathEndpoint](#aws-cdkaws-stepfunctions-taskshttpinvokedynamicjsonpathendpoint) | When enabled, allows using a dynamic apiEndpoint with JSONPath format in HttpInvoke tasks. | 2.221.0 | fix |
 | [@aws-cdk/aws-elasticloadbalancingv2:networkLoadBalancerWithSecurityGroupByDefault](#aws-cdkaws-elasticloadbalancingv2networkloadbalancerwithsecuritygroupbydefault) | When enabled, Network Load Balancer will be created with a security group by default. | 2.222.0 | new default |
 | [@aws-cdk/aws-route53-patterns:useDistribution](#aws-cdkaws-route53-patternsusedistribution) | Use the `Distribution` resource instead of `CloudFrontWebDistribution` | 2.233.0 | new default |
+| [@aws-cdk/aws-eks:useNativeOidcProvider](#aws-cdkaws-eksusenativeoidcprovider) | When enabled, EKS V2 clusters will use the native OIDC provider resource AWS::IAM::OIDCProvider instead of creating the OIDCProvider with a custom resource (iam.OpenIDConnectProvider). | V2NEXT | fix |
 
 <!-- END table -->
 
@@ -170,6 +171,7 @@ The following json shows the current recommended set of flags, as `cdk init` wou
     "@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2": true,
     "@aws-cdk/aws-kms:reduceCrossAccountRegionPolicyScope": true,
     "@aws-cdk/aws-eks:nodegroupNameAttribute": true,
+    "@aws-cdk/aws-eks:useNativeOidcProvider": true,
     "@aws-cdk/aws-ec2:ebsDefaultGp3Volume": true,
     "@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm": true,
     "@aws-cdk/custom-resources:logApiResponseDataPropertyTrueDefault": false,
@@ -2311,4 +2313,27 @@ of the deprecated `CloudFrontWebDistribution` construct.
 **Compatibility with old behavior:** Define a `CloudFrontWebDistribution` explicitly
 
 
+### @aws-cdk/aws-eks:useNativeOidcProvider
+
+*When enabled, EKS V2 clusters will use the native OIDC provider resource AWS::IAM::OIDCProvider instead of creating the OIDCProvider with a custom resource (iam.OpenIDConnectProvider).*
+
+Flag type: Backwards incompatible bugfix
+
+When this feature flag is enabled, EKS clusters will use the native AWS::IAM::OIDCProvider
+      CloudFormation resource instead of the custom resource provider for creating OIDC providers.
+
+			WARNING: Enabling this flag on a cluster with an existing OIDC provider created by the custom resource (iam.OpenIDConnectProvider)
+			will cause the OIDC provider to be replaced with the native resource, which may lead to disruption.
+
+			To migrate in place without disruption, follow the guide at: https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-eks/README.md#migrating-from-the-deprecated-eksopenidconnectprovider-to-eksoidcprovidernative
+
+
+| Since | Unset behaves like | Recommended value |
+| ----- | ----- | ----- |
+| (not in v1) |  |  |
+| V2NEXT | `false` | `true` |
+
+**Compatibility with old behavior:** Disable the feature flag to use the custom resource provider.
+
+
 <!-- END details -->

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/pipelines/ORIGINAL_API.md

@@ -628,7 +628,7 @@ The Action can also be used as a Grantable after having been added to a Pipeline
 const action = new pipelines.ShellScriptAction({ /* ... */ });
 pipeline.addStage('Test').addActions(action);
 
-bucket.grantRead(action);
+bucket.grants.read(action);
 ```
 
 #### Additional files from the source repository

{konokenj_cdk_api_mcp_server-0.70.0.dist-info → konokenj_cdk_api_mcp_server-0.72.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: konokenj.cdk-api-mcp-server
-Version: 0.70.0
+Version: 0.72.0
 Summary: An MCP server provides AWS CDK API Reference
 Project-URL: Documentation, https://github.com/konokenj/cdk-api-mcp-server#readme
 Project-URL: Issues, https://github.com/konokenj/cdk-api-mcp-server/issues
@@ -26,7 +26,7 @@ Description-Content-Type: text/markdown
 [![PyPI - Python Version](https://img.shields.io/pypi/pyversions/konokenj.cdk-api-mcp-server.svg)](https://pypi.org/project/konokenj.cdk-api-mcp-server)
 
 <!-- DEP-VERSIONS-START -->
-[![aws-cdk](https://img.shields.io/badge/aws%20cdk-v2.235.0-blue.svg)](https://github.com/konokenj/cdk-api-mcp-server/blob/main/current-versions/aws-cdk.txt)
+[![aws-cdk](https://img.shields.io/badge/aws%20cdk-v2.236.0-blue.svg)](https://github.com/konokenj/cdk-api-mcp-server/blob/main/current-versions/aws-cdk.txt)
 <!-- DEP-VERSIONS-END -->
 
 ---