PyPI - konokenj.cdk-api-mcp-server - Versions diffs - 0.71.0__py3-none-any.whl → 0.72.0__py3-none-any.whl - Mend

konokenj.cdk-api-mcp-server 0.71.0py3-none-any.whl → 0.72.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

cdk_api_mcp_server/__about__.py CHANGED Viewed

@@ -1,4 +1,4 @@
 # SPDX-FileCopyrightText: 2025-present Kenji Kono <konoken@amazon.co.jp>
 #
 # SPDX-License-Identifier: MIT
-__version__ = "0.71.0"
+__version__ = "0.72.0"

cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-bedrock-agentcore-alpha/README.md CHANGED Viewed

@@ -469,16 +469,34 @@ const repository = new ecr.Repository(this, "TestRepository", {
 });
 const agentRuntimeArtifact = agentcore.AgentRuntimeArtifact.fromEcrRepository(repository, "v1.0.0");
+// Optional: Create custom claims for additional validation
+const customClaims = [
+  agentcore.RuntimeCustomClaim.withStringValue('department', 'engineering'),
+  agentcore.RuntimeCustomClaim.withStringArrayValue('roles', ['admin'], agentcore.CustomClaimOperator.CONTAINS),
+  agentcore.RuntimeCustomClaim.withStringArrayValue('permissions', ['read', 'write'], agentcore.CustomClaimOperator.CONTAINS_ANY),
+];
 const runtime = new agentcore.Runtime(this, "MyAgentRuntime", {
   runtimeName: "myAgent",
   agentRuntimeArtifact: agentRuntimeArtifact,
   authorizerConfiguration: agentcore.RuntimeAuthorizerConfiguration.usingCognito(
     userPool, // User Pool (required)
     [userPoolClient, anotherUserPoolClient], // User Pool Clients
+    ["audience1"], // Allowed Audiences (optional)
+    ["read", "write"], // Allowed Scopes (optional)
+    customClaims, // Custom claims (optional) - see Custom Claims Validation section
   ),
 });
 ```
+You can configure:
+- User Pool: The Cognito User Pool that issues JWT tokens
+- User Pool Clients: One or more Cognito User Pool App Clients that are allowed to access the runtime
+- Allowed audiences: Used to validate that the audiences specified in the Cognito token match or are a subset of the audiences specified in the AgentCore Runtime
+- Allowed scopes: Allow access only if the token contains at least one of the required scopes configured here
+- Custom claims: A set of rules to match specific claims in the incoming token against predefined values for validating JWT tokens
 #### JWT Authentication
 To configure custom JWT authentication with your own OpenID Connect (OIDC) provider:
@@ -495,13 +513,77 @@ const runtime = new agentcore.Runtime(this, "MyAgentRuntime", {
   authorizerConfiguration: agentcore.RuntimeAuthorizerConfiguration.usingJWT(
     "https://example.com/.well-known/openid-configuration",  // Discovery URL (required)
     ["client1", "client2"],  // Allowed Client IDs (optional)
-    ["audience1"]           // Allowed Audiences (optional)
+    ["audience1"],           // Allowed Audiences (optional)
+    ["read", "write"],       // Allowed Scopes (optional)
+    // Custom claims (optional) - see Custom Claims Validation section below
   ),
 });
 ```
+You can configure:
+- Discovery URL: Enter the Discovery URL from your identity provider (e.g. Okta, Cognito, etc.), typically found in that provider's documentation. This allows your Agent or Tool to fetch login, downstream resource token, and verification settings.
+- Allowed audiences: This is used to validate that the audiences specified for the OAuth token matches or are a subset of the audiences specified in the AgentCore Runtime.
+- Allowed clients: This is used to validate that the public identifier of the client, as specified in the authorization token, is allowed to access the AgentCore Runtime.
+- Allowed scopes: Allow access only if the token contains at least one of the required scopes configured here.
+- Custom claims: A set of rules to match specific claims in the incoming token against predefined values for validating JWT tokens.
 **Note**: The discovery URL must end with `/.well-known/openid-configuration`.
+##### Custom Claims Validation
+Custom claims allow you to validate additional fields in JWT tokens beyond the standard audience, client, and scope validations. You can create custom claims using the `RuntimeCustomClaim` class:
+```typescript fixture=default
+const repository = new ecr.Repository(this, "TestRepository", {
+  repositoryName: "test-agent-runtime",
+});
+const agentRuntimeArtifact = agentcore.AgentRuntimeArtifact.fromEcrRepository(repository, "v1.0.0");
+// String claim - validates that the claim exactly equals the specified value
+// Uses EQUALS operator automatically
+const departmentClaim = agentcore.RuntimeCustomClaim.withStringValue('department', 'engineering');
+// String array claim with CONTAINS operator (default)
+// Validates that the claim array contains a specific string value
+// IMPORTANT: CONTAINS requires exactly one value in the array parameter
+const rolesClaim = agentcore.RuntimeCustomClaim.withStringArrayValue('roles', ['admin']);
+// String array claim with CONTAINS_ANY operator
+// Validates that the claim array contains at least one of the specified values
+// Use this when you want to check for multiple possible values
+const permissionsClaim = agentcore.RuntimeCustomClaim.withStringArrayValue(
+  'permissions',
+  ['read', 'write'],
+  agentcore.CustomClaimOperator.CONTAINS_ANY
+);
+// Use custom claims in authorizer configuration
+const runtime = new agentcore.Runtime(this, "MyAgentRuntime", {
+  runtimeName: "myAgent",
+  agentRuntimeArtifact: agentRuntimeArtifact,
+  authorizerConfiguration: agentcore.RuntimeAuthorizerConfiguration.usingJWT(
+    "https://example.com/.well-known/openid-configuration",
+    ["client1", "client2"],
+    ["audience1"],
+    ["read", "write"],
+    [departmentClaim, rolesClaim, permissionsClaim] // Custom claims
+  ),
+});
+```
+**Custom Claim Rules**:
+- **String claims**: Must use the `EQUALS` operator (automatically set). The claim value must exactly match the specified string.
+- **String array claims**: Can use `CONTAINS` (default) or `CONTAINS_ANY` operators:
+  - **`CONTAINS`**: Checks if the claim array contains a specific string value. **Requires exactly one value** in the array parameter. For example, `['admin']` will check if the token's claim array contains the string `'admin'`.
+  - **`CONTAINS_ANY`**: Checks if the claim array contains at least one of the provided string values. Use this when you want to validate against multiple possible values. For example, `['read', 'write']` will check if the token's claim array contains either `'read'` or `'write'`.
+**Example Use Cases**:
+- Use `CONTAINS` when you need to verify a user has a specific role: `RuntimeCustomClaim.withStringArrayValue('roles', ['admin'])`
+- Use `CONTAINS_ANY` when you need to verify a user has any of several permissions: `RuntimeCustomClaim.withStringArrayValue('permissions', ['read', 'write'], CustomClaimOperator.CONTAINS_ANY)`
 #### OAuth Authentication
 To configure OAuth 2.0 authentication:
@@ -516,8 +598,11 @@ const runtime = new agentcore.Runtime(this, "MyAgentRuntime", {
   runtimeName: "myAgent",
   agentRuntimeArtifact: agentRuntimeArtifact,
   authorizerConfiguration: agentcore.RuntimeAuthorizerConfiguration.usingOAuth(
-    "https://github.com/.well-known/openid-configuration",
-    "oauth_client_123",
+    "https://github.com/.well-known/openid-configuration",  // Discovery URL (required)
+    "oauth_client_123",  // OAuth Client ID (required)
+    ["audience1"],       // Allowed Audiences (optional)
+    ["openid", "profile"], // Allowed Scopes (optional)
+    // Custom claims (optional) - see Custom Claims Validation section
   ),
 });
 ```
@@ -1132,21 +1217,33 @@ your AgentCore gateway. By default, if not provided, the construct will create a
 **JSON Web Token (JWT)** – A secure and compact token used for authorization. After creating the JWT, you specify it as the authorization
 configuration when you create the gateway. You can create a JWT with any of the identity providers at Provider setup and configuration.
-You can configure a custom authorization provider using the `inboundAuthorizer` property with `GatewayAuthorizer.usingCustomJwt()`.
+You can configure a custom authorization provider using the `authorizerConfiguration` property with `GatewayAuthorizer.usingCustomJwt()`.
 You need to specify an OAuth discovery server and client IDs/audiences when you create the gateway. You can specify the following:
 - Discovery Url — String that must match the pattern ^.+/\.well-known/openid-configuration$ for OpenID Connect discovery URLs
 - At least one of the below options depending on the chosen identity provider.
 - Allowed audiences — List of allowed audiences for JWT tokens
 - Allowed clients — List of allowed client identifiers
+- Allowed scopes — List of allowed scopes for JWT tokens
+- Custom claims — Optional custom claim validations (see Custom Claims Validation section below)
 ```typescript fixture=default
+// Optional: Create custom claims (CustomClaimOperator and GatewayCustomClaim from agentcore)
+const customClaims = [
+  agentcore.GatewayCustomClaim.withStringValue('department', 'engineering'),
+  agentcore.GatewayCustomClaim.withStringArrayValue('roles', ['admin'], agentcore.CustomClaimOperator.CONTAINS),
+  agentcore.GatewayCustomClaim.withStringArrayValue('permissions', ['read', 'write'], agentcore.CustomClaimOperator.CONTAINS_ANY),
+];
 const gateway = new agentcore.Gateway(this, "MyGateway", {
   gatewayName: "my-gateway",
   authorizerConfiguration: agentcore.GatewayAuthorizer.usingCustomJwt({
     discoveryUrl: "https://auth.example.com/.well-known/openid-configuration",
     allowedAudience: ["my-app"],
     allowedClients: ["my-client-id"],
+    allowedScopes: ["read", "write"],
+    customClaims: customClaims, // Optional custom claims
   }),
 });
 ```
@@ -1188,6 +1285,31 @@ const oauthScopes = gateway.oauthScopes;
 // oauthScopes are in the format: ['{resourceServerId}/read', '{resourceServerId}/write']
 ```
+**Using Cognito User Pool Explicitly with Custom Claims** – You can also use an existing Cognito User Pool with custom claims:
+```typescript fixture=default
+declare const userPool: cognito.UserPool;
+declare const userPoolClient: cognito.UserPoolClient;
+// Optional: Create custom claims (CustomClaimOperator and GatewayCustomClaim from agentcore)
+const customClaims = [
+  agentcore.GatewayCustomClaim.withStringValue('department', 'engineering'),
+  agentcore.GatewayCustomClaim.withStringArrayValue('roles', ['admin'], agentcore.CustomClaimOperator.CONTAINS),
+  agentcore.GatewayCustomClaim.withStringArrayValue('permissions', ['read', 'write'], agentcore.CustomClaimOperator.CONTAINS_ANY),
+];
+const gateway = new agentcore.Gateway(this, "MyGateway", {
+  gatewayName: "my-gateway",
+  authorizerConfiguration: agentcore.GatewayAuthorizer.usingCognito({
+    userPool: userPool,
+    allowedClients: [userPoolClient],
+    allowedAudiences: ["audience1"],
+    allowedScopes: ["read", "write"],
+    customClaims: customClaims, // Optional custom claims
+  }),
+});
+```
 To authenticate with the gateway, request an access token using the client credentials flow and use it to call Gateway endpoints. For more information about the token endpoint, see [The token issuer endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/token-endpoint.html).
 The following is an example of a token request using curl:
@@ -1225,6 +1347,7 @@ const gateway = new agentcore.Gateway(this, "MyGateway", {
     discoveryUrl: "https://auth.example.com/.well-known/openid-configuration",
     allowedAudience: ["my-app"],
     allowedClients: ["my-client-id"],
+    allowedScopes: ["read", "write"],
   }),
   kmsKey: encryptionKey,
   exceptionLevel: agentcore.GatewayExceptionLevel.DEBUG,
@@ -1255,6 +1378,7 @@ const gateway = new agentcore.Gateway(this, "MyGateway", {
     discoveryUrl: "https://auth.example.com/.well-known/openid-configuration",
     allowedAudience: ["my-app"],
     allowedClients: ["my-client-id"],
+    allowedScopes: ["read", "write"],
   }),
   role: executionRole,
 });
@@ -1278,6 +1402,7 @@ const gateway = new agentcore.Gateway(this, "MyGateway", {
     discoveryUrl: "https://auth.example.com/.well-known/openid-configuration",
     allowedAudience: ["my-app"],
     allowedClients: ["my-client-id"],
+    allowedScopes: ["read", "write"],
   }),
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-eks-v2-alpha/README.md CHANGED Viewed

@@ -451,6 +451,34 @@ new eks.Cluster(this, 'HelloEKS', {
 });
 ```
+To provide additional Helm chart values supported by `albController` in CDK, use the `additionalHelmChartValues` property. For example, the following code snippet shows how to set the `enableWafV2` flag:
+```ts
+import { KubectlV34Layer } from '@aws-cdk/lambda-layer-kubectl-v34';
+new eks.Cluster(this, 'HelloEKS', {
+  version: eks.KubernetesVersion.V1_34,
+  albController: {
+    version: eks.AlbControllerVersion.V2_8_2,
+    additionalHelmChartValues: {
+      enableWafv2: false
+    }
+  },
+});
+```
+To overwrite an existing ALB controller service account, use the `overwriteServiceAccount` property:
+```ts
+new eks.Cluster(this, 'HelloEKS', {
+  version: eks.KubernetesVersion.V1_34,
+  albController: {
+    version: eks.AlbControllerVersion.V2_8_2,
+    overwriteServiceAccount: true,
+  },
+});
+```
 The `albController` requires `defaultCapacity` or at least one nodegroup. If there's no `defaultCapacity` or available
 nodegroup for the cluster, the `albController` deployment would fail.
@@ -755,6 +783,173 @@ By default, the cluster creator role will be granted the cluster admin permissio
 > **Note** - Switching `bootstrapClusterCreatorAdminPermissions` on an existing cluster would cause cluster replacement and should be avoided in production.
+### Service Accounts
+With services account you can provide Kubernetes Pods access to AWS resources.
+```ts
+import * as s3 from 'aws-cdk-lib/aws-s3';
+declare const cluster: eks.Cluster;
+// add service account
+const serviceAccount = cluster.addServiceAccount('MyServiceAccount');
+const bucket = new s3.Bucket(this, 'Bucket');
+bucket.grantReadWrite(serviceAccount);
+const mypod = cluster.addManifest('mypod', {
+  apiVersion: 'v1',
+  kind: 'Pod',
+  metadata: { name: 'mypod' },
+  spec: {
+    serviceAccountName: serviceAccount.serviceAccountName,
+    containers: [
+      {
+        name: 'hello',
+        image: 'paulbouwer/hello-kubernetes:1.5',
+        ports: [ { containerPort: 8080 } ],
+      },
+    ],
+  },
+});
+// create the resource after the service account.
+mypod.node.addDependency(serviceAccount);
+// print the IAM role arn for this service account
+new CfnOutput(this, 'ServiceAccountIamRole', { value: serviceAccount.role.roleArn });
+```
+Note that using `serviceAccount.serviceAccountName` above **does not** translate into a resource dependency.
+This is why an explicit dependency is needed. See <https://github.com/aws/aws-cdk/issues/9910> for more details.
+It is possible to pass annotations and labels to the service account.
+```ts
+declare const cluster: eks.Cluster;
+// add service account with annotations and labels
+const serviceAccount = cluster.addServiceAccount('MyServiceAccount', {
+  annotations: {
+    'eks.amazonaws.com/sts-regional-endpoints': 'false',
+  },
+  labels: {
+    'some-label': 'with-some-value',
+  },
+});
+```
+You can also add service accounts to existing clusters.
+To do so, pass the `openIdConnectProvider` property when you import the cluster into the application.
+```ts
+import * as s3 from 'aws-cdk-lib/aws-s3';
+// you can import an existing provider
+const provider = eks.OidcProviderNative.fromOidcProviderArn(this, 'Provider', 'arn:aws:iam::123456:oidc-provider/oidc.eks.eu-west-1.amazonaws.com/id/AB123456ABC');
+// or create a new one using an existing issuer url
+declare const issuerUrl: string;
+const provider2 = new eks.OidcProviderNative(this, 'Provider', {
+  url: issuerUrl,
+});
+import { KubectlV34Layer } from '@aws-cdk/lambda-layer-kubectl-v34';
+const cluster = eks.Cluster.fromClusterAttributes(this, 'MyCluster', {
+  clusterName: 'Cluster',
+  openIdConnectProvider: provider,
+  kubectlProviderOptions: {
+    kubectlLayer: new KubectlV34Layer(this, 'kubectl'),
+  }});
+const serviceAccount = cluster.addServiceAccount('MyServiceAccount');
+const bucket = new s3.Bucket(this, 'Bucket');
+bucket.grantReadWrite(serviceAccount);
+```
+Note that adding service accounts requires running `kubectl` commands against the cluster which requires you to provide `kubectlProviderOptions` in the cluster props to create the `kubectl` provider. See [Kubectl Support](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-eks-v2-alpha-readme.html#kubectl-support)
+#### Migrating from the deprecated eks.OpenIdConnectProvider to eks.OidcProviderNative
+`eks.OpenIdConnectProvider` creates an IAM OIDC (OpenId Connect) provider using a custom resource while `eks.OidcProviderNative` uses the CFN L1 (AWS::IAM::OidcProvider) to create the provider. It is recommended for new and existing projects to use `eks.OidcProviderNative`.
+To migrate without temporarily removing the OIDCProvider, follow these steps:
+1. Set the `removalPolicy` of `cluster.openIdConnectProvider` to `RETAIN`.
+   ```ts
+   import * as cdk from 'aws-cdk-lib';
+   declare const cluster: eks.Cluster;
+   cdk.RemovalPolicies.of(cluster.openIdConnectProvider).apply(cdk.RemovalPolicy.RETAIN);
+   ```
+2. Run `cdk diff` to verify the changes are expected then `cdk deploy`.
+3. Add the following to the `context` field of your `cdk.json` to enable the feature flag that creates the native oidc provider.
+   ```json
+   "@aws-cdk/aws-eks:useNativeOidcProvider": true,
+   ```
+4. Run `cdk diff` and ensure the changes are expected. Example of an expected diff:
+   ```bash
+   Resources
+   [-] Custom::AWSCDKOpenIdConnectProvider TestCluster/OpenIdConnectProvider/Resource TestClusterOpenIdConnectProviderE18F0FD0 orphan
+   [-] AWS::IAM::Role Custom::AWSCDKOpenIdConnectProviderCustomResourceProvider/Role CustomAWSCDKOpenIdConnectProviderCustomResourceProviderRole517FED65 destroy
+   [-] AWS::Lambda::Function Custom::AWSCDKOpenIdConnectProviderCustomResourceProvider/Handler CustomAWSCDKOpenIdConnectProviderCustomResourceProviderHandlerF2C543E0 destroy
+   [+] AWS::IAM::OIDCProvider TestCluster/OidcProviderNative TestClusterOidcProviderNative0BE3F155
+   ```
+5. Run `cdk import --force` and provide the ARN of the existing OpenIdConnectProvider when prompted. You will get a warning about pending changes to existing resources which is expected.
+6. Run `cdk deploy` to apply any pending changes. This will apply the destroy/orphan changes in the above example.
+If you are creating the OpenIdConnectProvider manually via `new eks.OpenIdConnectProvider`, follow these steps:
+1. Set the `removalPolicy` of the existing `OpenIdConnectProvider` to `RemovalPolicy.RETAIN`.
+   ```ts
+   import * as cdk from 'aws-cdk-lib';
+   // Step 1: Add retain policy to existing provider
+   const existingProvider = new eks.OpenIdConnectProvider(this, 'Provider', {
+     url: 'https://oidc.eks.us-west-2.amazonaws.com/id/EXAMPLE',
+     removalPolicy: cdk.RemovalPolicy.RETAIN, // Add this line
+   });
+   ```
+2. Deploy with the retain policy to avoid deletion of the underlying resource.
+   ```bash
+   cdk deploy
+   ```
+3. Replace `OpenIdConnectProvider` with `OidcProviderNative` in your code.
+   ```ts
+   // Step 3: Replace with native provider
+   const nativeProvider = new eks.OidcProviderNative(this, 'Provider', {
+     url: 'https://oidc.eks.us-west-2.amazonaws.com/id/EXAMPLE',
+   });
+   ```
+4. Run `cdk diff` and verify the changes are expected. Example of an expected diff:
+   ```bash
+   Resources
+   [-] Custom::AWSCDKOpenIdConnectProvider TestCluster/OpenIdConnectProvider/Resource TestClusterOpenIdConnectProviderE18F0FD0 orphan
+   [-] AWS::IAM::Role Custom::AWSCDKOpenIdConnectProviderCustomResourceProvider/Role CustomAWSCDKOpenIdConnectProviderCustomResourceProviderRole517FED65 destroy
+   [-] AWS::Lambda::Function Custom::AWSCDKOpenIdConnectProviderCustomResourceProvider/Handler CustomAWSCDKOpenIdConnectProviderCustomResourceProviderHandlerF2C543E0 destroy
+   [+] AWS::IAM::OIDCProvider TestCluster/OidcProviderNative TestClusterOidcProviderNative0BE3F155
+   ```
+5. Run `cdk import --force` to import the existing OIDC provider resource by providing the existing ARN.
+6. Run `cdk deploy` to apply any pending changes. This will apply the destroy/orphan operations in the example diff above.
 ### Cluster Security Group
 When you create an Amazon EKS cluster, a [cluster security group](https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html)

cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/mixins-preview/README.md CHANGED Viewed

@@ -54,7 +54,7 @@ For convenience, you can use the `.with()` method for a more fluent syntax:
 import '@aws-cdk/mixins-preview/with';
 const bucket = new s3.CfnBucket(scope, "MyBucket")
-  .with(new EnableVersioning())
+  .with(new BucketVersioning())
   .with(new AutoDeleteObjects());
 ```
@@ -127,11 +127,11 @@ const bucket = new s3.CfnBucket(scope, "Bucket");
 Mixins.of(bucket).apply(new AutoDeleteObjects());
 ```
-**EnableVersioning**: Enables versioning on S3 buckets
+**BucketVersioning**: Enables versioning on S3 buckets
 ```typescript
 const bucket = new s3.CfnBucket(scope, "Bucket");
-Mixins.of(bucket).apply(new EnableVersioning());
+Mixins.of(bucket).apply(new BucketVersioning());
 ```
 **BucketPolicyStatementsMixin**: Adds IAM policy statements to a bucket policy
@@ -231,7 +231,8 @@ Mixins.of(scope)
 // Strict application that requires all constructs to match
 Mixins.of(scope)
-  .mustApply(new EncryptionAtRest()); // Throws if no constructs support the mixin
+  .requireAll() // Throws if no constructs support the mixin
+  .apply(new EncryptionAtRest());
 ```
 ---

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/README.md/README.md CHANGED Viewed

@@ -1486,6 +1486,8 @@ To do this for a specific stack, add a `suppressTemplateIndentation: true` prope
 stack's `StackProps` parameter. You can also set this property to `false` to override
 the context key setting.
+Similarly, to do this for a specific nested stack, add a `suppressTemplateIndentation: true` property to its `NestedStackProps` parameter. You can also set this property to `false` to override the context key setting.
 ## App Context
 [Context values](https://docs.aws.amazon.com/cdk/v2/guide/context.html) are key-value pairs that can be associated with an app, stack, or construct.

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-bedrock/README.md CHANGED Viewed

@@ -30,7 +30,6 @@ bedrock.ProvisionedModel.fromProvisionedModelArn(
 );
 ```
-There are no official hand-written ([L2](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib)) constructs for provisioning Bedrock resources yet. Here are some suggestions on how to proceed:
+L2 constructs for this service are available in the [`@aws-cdk/aws-bedrock-alpha`](https://www.npmjs.com/package/@aws-cdk/aws-bedrock-alpha) package.
-- Search [Construct Hub for Bedrock construct libraries](https://constructs.dev/search?q=bedrock)
-- Use the automatically generated [L1](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_l1_using) constructs, in the same way you would use [the CloudFormation AWS::Bedrock resources](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_Bedrock.html) directly.
+You can also use the automatically generated [L1](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_l1_using) constructs, in the same way you would use [the CloudFormation AWS::Bedrock resources](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_Bedrock.html) directly.

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-bedrockagentcore/README.md ADDED Viewed

@@ -0,0 +1,24 @@
+# AWS::BedrockAgentCore Construct Library
+<!--BEGIN STABILITY BANNER-->
+---
+![cfn-resources: Stable](https://img.shields.io/badge/cfn--resources-stable-success.svg?style=for-the-badge)
+> All classes with the `Cfn` prefix in this module ([CFN Resources]) are always stable and safe to use.
+>
+> [CFN Resources]: https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib
+---
+<!--END STABILITY BANNER-->
+This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project.
+```ts nofixture
+import * as bedrockagentcore from 'aws-cdk-lib/aws-bedrockagentcore';
+```
+L2 constructs for this service are available in the [`@aws-cdk/aws-bedrock-agentcore-alpha`](https://www.npmjs.com/package/@aws-cdk/aws-bedrock-agentcore-alpha) package.
+You can also use the automatically generated [L1](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_l1_using) constructs, in the same way you would use [the CloudFormation AWS::BedrockAgentCore resources](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_BedrockAgentCore.html) directly.

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/README.md CHANGED Viewed

@@ -731,6 +731,21 @@ new eks.Cluster(this, 'HelloEKS', {
 });
 ```
+To overwrite an existing ALB controller service account, use the `overwriteServiceAccount` property:
+```ts
+import { KubectlV34Layer } from '@aws-cdk/lambda-layer-kubectl-v34';
+new eks.Cluster(this, 'HelloEKS', {
+  version: eks.KubernetesVersion.V1_34,
+  albController: {
+    version: eks.AlbControllerVersion.V2_8_2,
+    overwriteServiceAccount: true
+  },
+  kubectlLayer: new KubectlV34Layer(this, 'kubectl'),
+});
+```
 The `albController` requires `defaultCapacity` or at least one nodegroup. If there's no `defaultCapacity` or available
 nodegroup for the cluster, the `albController` deployment would fail.
@@ -1430,16 +1445,26 @@ const serviceAccount = cluster.addServiceAccount('MyServiceAccount', {
 });
 ```
+To overwrite an existing service account, use the `overwriteServiceAccount` property:
+```ts
+declare const cluster: eks.Cluster;
+// overwrite existing service account
+const serviceAccount = cluster.addServiceAccount('MyServiceAccount', {
+  overwriteServiceAccount: true,
+});
+```
 You can also add service accounts to existing clusters.
 To do so, pass the `openIdConnectProvider` property when you import the cluster into the application.
 ```ts
 // you can import an existing provider
-const provider = eks.OpenIdConnectProvider.fromOpenIdConnectProviderArn(this, 'Provider', 'arn:aws:iam::123456:oidc-provider/oidc.eks.eu-west-1.amazonaws.com/id/AB123456ABC');
+const provider = eks.OidcProviderNative.fromOidcProviderArn(this, 'Provider', 'arn:aws:iam::123456:oidc-provider/oidc.eks.eu-west-1.amazonaws.com/id/AB123456ABC');
 // or create a new one using an existing issuer url
 declare const issuerUrl: string;
-const provider2 = new eks.OpenIdConnectProvider(this, 'Provider', {
+const provider2 = new eks.OidcProviderNative(this, 'Provider', {
   url: issuerUrl,
 });
@@ -1459,6 +1484,87 @@ Note that adding service accounts requires running `kubectl` commands against th
 This means you must also pass the `kubectlRoleArn` when importing the cluster.
 See [Using existing Clusters](https://github.com/aws/aws-cdk/tree/main/packages/aws-cdk-lib/aws-eks#using-existing-clusters).
+##### Migrating from eks.OpenIdConnectProvider to eks.OidcProviderNative
+`eks.OpenIdConnectProvider` creates an IAM OIDC (OpenId Connect) provider using a custom resource while `eks.OidcProviderNative` uses the CFN L1 (AWS::IAM::OidcProvider) to create the provider. It is recommended for new and existing projects to use `eks.OidcProviderNative`. Migrating from the `eks.OpenIdConnectProvider` is not as trivial as switching out the property since the property controls the creation of a resource whose type is changing. Due to the potential complexlity of the migration and the requirement of a manual step (`cdk import`) we are not deprecating the `eks.OpenIdConnectProvider` construct but encourge you to migrate.
+To migrate without temporarily removing the OIDCProvider, follow these steps:
+1. Set the `removalPolicy` of `cluster.openIdConnectProvider` to `RETAIN`.
+   ```ts
+   import * as cdk from 'aws-cdk-lib';
+   declare const cluster: eks.Cluster;
+   cdk.RemovalPolicies.of(cluster.openIdConnectProvider).apply(cdk.RemovalPolicy.RETAIN);
+   ```
+2. Run `cdk diff` to verify the changes are expected then `cdk deploy`.
+3. Add the following to the `context` field of your `cdk.json` to enable the feature flag that creates the native oidc provider.
+   ```json
+   "@aws-cdk/aws-eks:useNativeOidcProvider": true,
+   ```
+4. Run `cdk diff` and ensure the changes are expected. Example of an expected diff:
+   ```bash
+   Resources
+   [-] Custom::AWSCDKOpenIdConnectProvider TestCluster/OpenIdConnectProvider/Resource TestClusterOpenIdConnectProviderE18F0FD0 orphan
+   [-] AWS::IAM::Role Custom::AWSCDKOpenIdConnectProviderCustomResourceProvider/Role CustomAWSCDKOpenIdConnectProviderCustomResourceProviderRole517FED65 destroy
+   [-] AWS::Lambda::Function Custom::AWSCDKOpenIdConnectProviderCustomResourceProvider/Handler CustomAWSCDKOpenIdConnectProviderCustomResourceProviderHandlerF2C543E0 destroy
+   [+] AWS::IAM::OIDCProvider TestCluster/OidcProviderNative TestClusterOidcProviderNative0BE3F155
+   ```
+5. Run `cdk import --force` and provide the ARN of the existing OpenIdConnectProvider when prompted. You will get a warning about pending changes to existing resources which is expected.
+6. Run `cdk deploy` to apply any pending changes. This will apply the destroy/orphan changes in the above example.
+If you are creating the OpenIdConnectProvider manually via `new eks.OpenIdConnectProvider`, follow these steps:
+1. Set the `removalPolicy` of the existing `OpenIdConnectProvider` to `RemovalPolicy.RETAIN`.
+   ```ts
+   import * as cdk from 'aws-cdk-lib';
+   // Step 1: Add retain policy to existing provider
+   const existingProvider = new eks.OpenIdConnectProvider(this, 'Provider', {
+     url: 'https://oidc.eks.us-west-2.amazonaws.com/id/EXAMPLE',
+     removalPolicy: cdk.RemovalPolicy.RETAIN, // Add this line
+   });
+   ```
+2. Deploy with the retain policy to avoid deletion of the underlying resource.
+   ```bash
+   cdk deploy
+   ```
+3. Replace `OpenIdConnectProvider` with `OidcProviderNative` in your code.
+   ```ts
+   // Step 3: Replace with native provider
+   const nativeProvider = new eks.OidcProviderNative(this, 'Provider', {
+     url: 'https://oidc.eks.us-west-2.amazonaws.com/id/EXAMPLE',
+   });
+   ```
+4. Run `cdk diff` and verify the changes are expected. Example of an expected diff:
+   ```bash
+   Resources
+   [-] Custom::AWSCDKOpenIdConnectProvider TestCluster/OpenIdConnectProvider/Resource TestClusterOpenIdConnectProviderE18F0FD0 orphan
+   [-] AWS::IAM::Role Custom::AWSCDKOpenIdConnectProviderCustomResourceProvider/Role CustomAWSCDKOpenIdConnectProviderCustomResourceProviderRole517FED65 destroy
+   [-] AWS::Lambda::Function Custom::AWSCDKOpenIdConnectProviderCustomResourceProvider/Handler CustomAWSCDKOpenIdConnectProviderCustomResourceProviderHandlerF2C543E0 destroy
+   [+] AWS::IAM::OIDCProvider TestCluster/OidcProviderNative TestClusterOidcProviderNative0BE3F155
+   ```
+5. Run `cdk import --force` to import the existing OIDC provider resource by providing the existing ARN.
+6. Run `cdk deploy` to apply any pending changes. This will apply the destroy/orphan operations in the example diff above.
 ### Pod Identities
 [Amazon EKS Pod Identities](https://docs.aws.amazon.com/eks/latest/userguide/pod-identities.html) is a feature that simplifies how

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.eks-cluster-native-oidc.ts ADDED Viewed

@@ -0,0 +1,49 @@
+/// !cdk-integ pragma:disable-update-workflow
+import { App, Stack, StackProps } from 'aws-cdk-lib';
+import * as integ from '@aws-cdk/integ-tests-alpha';
+import * as eks from 'aws-cdk-lib/aws-eks';
+import { EKS_USE_NATIVE_OIDC_PROVIDER } from 'aws-cdk-lib/cx-api';
+import { getClusterVersionConfig } from './integ-tests-kubernetes-version';
+class EksClusterNativeOidcStack extends Stack {
+  constructor(scope: App, id: string, props?: StackProps) {
+    super(scope, id, props);
+    const cluster = new eks.Cluster(this, 'Cluster', {
+      ...getClusterVersionConfig(this, eks.KubernetesVersion.V1_32),
+    });
+    /**
+     * ServiceAccount and AlbController are added to verify that OIDC provider is created and
+     * can be used to create IAM roles for service accounts.
+     */
+    new eks.ServiceAccount(this, 'ServiceAccount', {
+      cluster: cluster,
+      name: 'test-service-account',
+      namespace: 'default',
+    });
+    new eks.AlbController(this, 'AlbController', {
+      cluster: cluster,
+      version: eks.AlbControllerVersion.V2_8_2,
+    });
+  }
+}
+const app = new App({
+  postCliContext: {
+    [EKS_USE_NATIVE_OIDC_PROVIDER]: true,
+  },
+});
+const stack = new EksClusterNativeOidcStack(app, 'aws-cdk-eks-cluster-native-oidc', {
+  env: { region: 'us-east-1' },
+});
+new integ.IntegTest(app, 'aws-cdk-eks-cluster-native-oidc-integ', {
+  testCases: [stack],
+  diffAssets: false,
+});
+app.synth();

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.eks-cluster.ts CHANGED Viewed

@@ -105,6 +105,7 @@ class EksClusterStack extends Stack {
   private assertServiceAccount() {
     // add a service account connected to a IAM role
     this.cluster.addServiceAccount('MyServiceAccount');
+    this.cluster.addServiceAccount('MyServiceAccountWithOverwrite', { overwriteServiceAccount: true });
   }
   private assertExtendedServiceAccount() {

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.eks-oidc-provider.ts CHANGED Viewed

@@ -2,6 +2,7 @@ import { App, Stack } from 'aws-cdk-lib';
 import * as integ from '@aws-cdk/integ-tests-alpha';
 import * as eks from 'aws-cdk-lib/aws-eks';
 import { IAM_OIDC_REJECT_UNAUTHORIZED_CONNECTIONS } from 'aws-cdk-lib/cx-api';
+import { getClusterVersionConfig } from './integ-tests-kubernetes-version';
 const app = new App({
   postCliContext: {
@@ -10,10 +11,28 @@ const app = new App({
 });
 const stack = new Stack(app, 'aws-eks-oidc-provider-test');
+// OpenIdConnectProvider uses a custom resource that only needs to extract SSL certificate
+// thumbprints via TLS connection. It works with fake cluster IDs (like test2) because
+// oidc.eks.us-east-1.amazonaws.com is a real AWS server with valid SSL certificates.
+// The Lambda doesn't validate OIDC configuration, only retrieves thumbprints when
+// the IAM_OIDC_REJECT_UNAUTHORIZED_CONNECTIONS flag is false.
 new eks.OpenIdConnectProvider(stack, 'NoClientsNoThumbprint', {
   url: `https://oidc.eks.${Stack.of(stack).region}.amazonaws.com/id/test2`,
 });
+const cluster = new eks.Cluster(stack, 'Cluster', {
+  ...getClusterVersionConfig(stack, eks.KubernetesVersion.V1_32),
+});
+// OidcProviderNative uses the native AWS::IAM::OIDCProvider CloudFormation resource
+// which validates OIDC providers by fetching /.well-known/openid-configuration.
+// Fake cluster IDs return 404 for this endpoint, causing validation to fail.
+// eks.OidcProviderNative doesn't expose thumbprints property (unlike iam.OidcProviderNative)
+// as there is no use case for using an invalid OIDC issuer URL,
+// so we must use a real cluster URL for CloudFormation to successfully validate.
+new eks.OidcProviderNative(stack, 'OidcProviderNative', {
+  url: cluster.clusterOpenIdConnectIssuerUrl,
+});
 new integ.IntegTest(app, 'aws-cdk-eks-oidc-provider', {
   testCases: [stack],
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda-event-sources/README.md CHANGED Viewed

@@ -499,7 +499,76 @@ myFunction.addEventSource(new ManagedKafkaEventSource({
 }));
 ```
-Set configuration for provisioned pollers that read from the event source.
+### Kafka Observability Features
+AWS Lambda provides enhanced observability for Kafka event sources through logging and metrics configuration.
+**Important**: Observability features (`LogLevel` and `MetricsConfig`) are only available when using provisioned mode.
+#### Logging
+You can configure the verbosity of logs generated by the polling infrastructure.
+This is particularly useful for troubleshooting connection issues, monitoring
+polling behavior, and understanding the internal operations of your event
+source mapping.
+```ts
+import { ManagedKafkaEventSource } from 'aws-cdk-lib/aws-lambda-event-sources';
+// Your MSK cluster arn
+const clusterArn = 'arn:aws:kafka:us-east-1:0123456789019:cluster/SalesCluster/abcd1234-abcd-cafe-abab-9876543210ab-4';
+declare const myFunction: lambda.Function;
+// Configure INFO level logging for production monitoring
+myFunction.addEventSource(new ManagedKafkaEventSource({
+  clusterArn,
+  topic: 'production-events',
+  startingPosition: lambda.StartingPosition.LATEST,
+  // Provisioned mode is required for observability features
+  provisionedPollerConfig: {
+    minimumPollers: 1,
+    maximumPollers: 5,
+  },
+  logLevel: lambda.EventSourceMappingLogLevel.INFO
+}));
+```
+#### Metrics Configuration
+Enhanced metrics provide detailed insights into your Kafka event source performance.
+Metrics include event processing rates, error counts, and Kafka-specific metrics
+like consumer lag.
+```ts
+import { ManagedKafkaEventSource } from 'aws-cdk-lib/aws-lambda-event-sources';
+// Your MSK cluster arn
+const clusterArn = 'arn:aws:kafka:us-east-1:0123456789019:cluster/SalesCluster/abcd1234-abcd-cafe-abab-9876543210ab-4';
+declare const myFunction: lambda.Function;
+// Enable basic event and error metrics
+myFunction.addEventSource(new ManagedKafkaEventSource({
+  clusterArn,
+  topic: 'basic-monitoring',
+  startingPosition: lambda.StartingPosition.LATEST,
+  // Provisioned mode is required for observability features
+  provisionedPollerConfig: {
+    minimumPollers: 2,
+    maximumPollers: 10,
+  },
+  metricsConfig: {
+    metrics: [
+      lambda.MetricType.EVENT_COUNT,
+      lambda.MetricType.ERROR_COUNT
+    ]
+  }
+}));
+```
+Set configuration for provisioned pollers that read from the event source. When specified, allows control over
+the minimum and maximum number of pollers that can be provisioned to process events from the source.
 ```ts
 import { ManagedKafkaEventSource } from 'aws-cdk-lib/aws-lambda-event-sources';
@@ -544,7 +613,9 @@ ordersFunction.addEventSource(new ManagedKafkaEventSource({
 ```
-Set a confluent or self-managed schema registry to de-serialize events from the event source. Note, this will similarly work for `SelfManagedKafkaEventSource` but the example only shows setup for `ManagedKafkaEventSource`.
+Set a confluent or self-managed schema registry to de-serialize events from the event source.
+Note: This will also work for `SelfManagedKafkaEventSource`.
 ```ts
 import { ManagedKafkaEventSource, ConfluentSchemaRegistry } from 'aws-cdk-lib/aws-lambda-event-sources';
@@ -577,7 +648,9 @@ myFunction.addEventSource(new ManagedKafkaEventSource({
 }));
 ```
-Set Glue schema registry to de-serialize events from the event source. Note, this will similarly work for `SelfManagedKafkaEventSource` but the example only shows setup for `ManagedKafkaEventSource`.
+Set Glue schema registry to de-serialize events from the event source.
+Note: This will also work for `SelfManagedKafkaEventSource`.
 ```ts
 import { CfnRegistry } from 'aws-cdk-lib/aws-glue';

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda-event-sources/integ.kafka-observability.ts ADDED Viewed

@@ -0,0 +1,90 @@
+import * as lambda from 'aws-cdk-lib/aws-lambda';
+import * as secretsmanager from 'aws-cdk-lib/aws-secretsmanager';
+import * as cdk from 'aws-cdk-lib';
+import * as integ from '@aws-cdk/integ-tests-alpha';
+import { TestFunction } from './test-function';
+import { AuthenticationMethod, SelfManagedKafkaEventSource } from 'aws-cdk-lib/aws-lambda-event-sources';
+/**
+ * Integration test for Kafka observability features (LoggingConfig and MetricsConfig)
+ *
+ * This test validates that LoggingConfig and MetricsConfig generate correct CloudFormation
+ * templates with proper provisioned poller configuration.
+ *
+ * Test scenarios:
+ * 1. Self-managed Kafka with LoggingConfig only
+ * 2. Self-managed Kafka with MetricsConfig only
+ */
+class KafkaObservabilityTest extends cdk.Stack {
+  constructor(scope: cdk.App, id: string) {
+    super(scope, id);
+    // Create secret for authentication
+    const secret = new secretsmanager.Secret(this, 'KafkaSecret', {
+      secretObjectValue: {
+        username: cdk.SecretValue.unsafePlainText('testuser'),
+        password: cdk.SecretValue.unsafePlainText('testpass'),
+      },
+    });
+    // Scenario 1: Self-managed Kafka with LoggingConfig only
+    const smkLoggingFunction = new TestFunction(this, 'SMKLoggingFunction');
+    smkLoggingFunction.addEventSource(new SelfManagedKafkaEventSource({
+      bootstrapServers: ['kafka-broker-1:9092', 'kafka-broker-2:9092'],
+      topic: 'logging-topic',
+      secret: secret,
+      authenticationMethod: AuthenticationMethod.SASL_SCRAM_512_AUTH,
+      startingPosition: lambda.StartingPosition.LATEST,
+      consumerGroupId: 'logging-consumer-group',
+      // Provisioned mode is required for observability features
+      provisionedPollerConfig: {
+        minimumPollers: 1,
+        maximumPollers: 5,
+      },
+      // Configure DEBUG level logging for detailed troubleshooting
+      logLevel: lambda.EventSourceMappingLogLevel.DEBUG,
+    }));
+    // Scenario 2: Self-managed Kafka with MetricsConfig only
+    const smkMetricsFunction = new TestFunction(this, 'SMKMetricsFunction');
+    smkMetricsFunction.addEventSource(new SelfManagedKafkaEventSource({
+      bootstrapServers: ['kafka-broker-3:9092', 'kafka-broker-4:9092'],
+      topic: 'metrics-topic',
+      secret: secret,
+      authenticationMethod: AuthenticationMethod.SASL_SCRAM_256_AUTH,
+      startingPosition: lambda.StartingPosition.TRIM_HORIZON,
+      consumerGroupId: 'metrics-consumer-group',
+      batchSize: 100,
+      // Provisioned mode is required for observability features
+      provisionedPollerConfig: {
+        minimumPollers: 3,
+        maximumPollers: 15,
+      },
+      // Configure comprehensive metrics including Kafka-specific metrics
+      metricsConfig: {
+        metrics: [
+          lambda.MetricType.EVENT_COUNT,
+          lambda.MetricType.ERROR_COUNT,
+          lambda.MetricType.KAFKA_METRICS,
+        ],
+      },
+    }));
+  }
+}
+const app = new cdk.App({
+  postCliContext: {
+    '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
+  },
+});
+const stack = new KafkaObservabilityTest(
+  app,
+  'KafkaObservabilityTest',
+);
+new integ.IntegTest(app, 'KafkaObservabilityIntegTest', {
+  testCases: [stack],
+});
+app.synth();

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/core/integ.nested-stack-suppress-template-indentation.ts ADDED Viewed

@@ -0,0 +1,29 @@
+import * as cdk from 'aws-cdk-lib/core';
+import * as integ from '@aws-cdk/integ-tests-alpha';
+import * as s3 from 'aws-cdk-lib/aws-s3';
+const app = new cdk.App();
+const stack = new cdk.Stack(app, 'ParentStack');
+const nested = new cdk.NestedStack(stack, 'NestedSuppressIndentation', {
+  suppressTemplateIndentation: true,
+});
+new s3.Bucket(nested, 'Bucket'); // dummy
+const testCase = new integ.IntegTest(app, 'NestedSuppressIndentationTest', {
+  testCases: [stack],
+});
+const nestedChild = nested.node.defaultChild as cdk.CfnStack;
+const nestedTemplateUrl = nestedChild.templateUrl!; // Nested stacks must have the templateUrl
+const apiCall = testCase.assertions.awsApiCall('S3', 'getObject', {
+  Bucket: cdk.Fn.select(3, cdk.Fn.split('/', nestedTemplateUrl)),
+  Key: cdk.Fn.select(4, cdk.Fn.split('/', nestedTemplateUrl)),
+});
+apiCall.expect(
+  integ.ExpectedResult.objectLike({
+    Body: '{"Resources":{"Bucket83908E77":{"Type":"AWS::S3::Bucket","UpdateReplacePolicy":"Retain","DeletionPolicy":"Retain"}}}',
+  }),
+);

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/cx-api/FEATURE_FLAGS.md CHANGED Viewed

@@ -109,6 +109,7 @@ Flags come in three types:
 | [@aws-cdk/aws-stepfunctions-tasks:httpInvokeDynamicJsonPathEndpoint](#aws-cdkaws-stepfunctions-taskshttpinvokedynamicjsonpathendpoint) | When enabled, allows using a dynamic apiEndpoint with JSONPath format in HttpInvoke tasks. | 2.221.0 | fix |
 | [@aws-cdk/aws-elasticloadbalancingv2:networkLoadBalancerWithSecurityGroupByDefault](#aws-cdkaws-elasticloadbalancingv2networkloadbalancerwithsecuritygroupbydefault) | When enabled, Network Load Balancer will be created with a security group by default. | 2.222.0 | new default |
 | [@aws-cdk/aws-route53-patterns:useDistribution](#aws-cdkaws-route53-patternsusedistribution) | Use the `Distribution` resource instead of `CloudFrontWebDistribution` | 2.233.0 | new default |
+| [@aws-cdk/aws-eks:useNativeOidcProvider](#aws-cdkaws-eksusenativeoidcprovider) | When enabled, EKS V2 clusters will use the native OIDC provider resource AWS::IAM::OIDCProvider instead of creating the OIDCProvider with a custom resource (iam.OpenIDConnectProvider). | V2NEXT | fix |
 <!-- END table -->
@@ -170,6 +171,7 @@ The following json shows the current recommended set of flags, as `cdk init` wou
     "@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2": true,
     "@aws-cdk/aws-kms:reduceCrossAccountRegionPolicyScope": true,
     "@aws-cdk/aws-eks:nodegroupNameAttribute": true,
+    "@aws-cdk/aws-eks:useNativeOidcProvider": true,
     "@aws-cdk/aws-ec2:ebsDefaultGp3Volume": true,
     "@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm": true,
     "@aws-cdk/custom-resources:logApiResponseDataPropertyTrueDefault": false,
@@ -2311,4 +2313,27 @@ of the deprecated `CloudFrontWebDistribution` construct.
 **Compatibility with old behavior:** Define a `CloudFrontWebDistribution` explicitly
+### @aws-cdk/aws-eks:useNativeOidcProvider
+*When enabled, EKS V2 clusters will use the native OIDC provider resource AWS::IAM::OIDCProvider instead of creating the OIDCProvider with a custom resource (iam.OpenIDConnectProvider).*
+Flag type: Backwards incompatible bugfix
+When this feature flag is enabled, EKS clusters will use the native AWS::IAM::OIDCProvider
+      CloudFormation resource instead of the custom resource provider for creating OIDC providers.
+			WARNING: Enabling this flag on a cluster with an existing OIDC provider created by the custom resource (iam.OpenIDConnectProvider)
+			will cause the OIDC provider to be replaced with the native resource, which may lead to disruption.
+			To migrate in place without disruption, follow the guide at: https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-eks/README.md#migrating-from-the-deprecated-eksopenidconnectprovider-to-eksoidcprovidernative
+| Since | Unset behaves like | Recommended value |
+| ----- | ----- | ----- |
+| (not in v1) |  |  |
+| V2NEXT | `false` | `true` |
+**Compatibility with old behavior:** Disable the feature flag to use the custom resource provider.
 <!-- END details -->

{konokenj_cdk_api_mcp_server-0.71.0.dist-info → konokenj_cdk_api_mcp_server-0.72.0.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: konokenj.cdk-api-mcp-server
-Version: 0.71.0
+Version: 0.72.0
 Summary: An MCP server provides AWS CDK API Reference
 Project-URL: Documentation, https://github.com/konokenj/cdk-api-mcp-server#readme
 Project-URL: Issues, https://github.com/konokenj/cdk-api-mcp-server/issues
@@ -26,7 +26,7 @@ Description-Content-Type: text/markdown
 [![PyPI - Python Version](https://img.shields.io/pypi/pyversions/konokenj.cdk-api-mcp-server.svg)](https://pypi.org/project/konokenj.cdk-api-mcp-server)
 <!-- DEP-VERSIONS-START -->
-[![aws-cdk](https://img.shields.io/badge/aws%20cdk-v2.235.1-blue.svg)](https://github.com/konokenj/cdk-api-mcp-server/blob/main/current-versions/aws-cdk.txt)
+[![aws-cdk](https://img.shields.io/badge/aws%20cdk-v2.236.0-blue.svg)](https://github.com/konokenj/cdk-api-mcp-server/blob/main/current-versions/aws-cdk.txt)
 <!-- DEP-VERSIONS-END -->
 ---

{konokenj_cdk_api_mcp_server-0.71.0.dist-info → konokenj_cdk_api_mcp_server-0.72.0.dist-info}/RECORD RENAMED Viewed

@@ -1,4 +1,4 @@
-cdk_api_mcp_server/__about__.py,sha256=ELmDLx0jcVxvUyMP4Isrouontr0IHXk9V4M1xQJuxV0,129
+cdk_api_mcp_server/__about__.py,sha256=2oMIczUBxCme8q2q88d0eo9LorBD-fEQrwtwSHvpdmk,129
 cdk_api_mcp_server/__init__.py,sha256=yJA6yIEhJviC-qNlB-nC6UR1JblQci_d84i-viHZkc0,187
 cdk_api_mcp_server/models.py,sha256=cMS1Hi29M41YjuBxqqrzNrNvyG3MgnUBb1SqYpMCJ30,692
 cdk_api_mcp_server/resources.py,sha256=R7LVwn29I4BJzU5XAwKbX8j6uy-3ZxcB1b0HzZ_Z2PI,6689
@@ -9,14 +9,14 @@ cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/app-staging-synthesizer
 cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-amplify-alpha/README.md,sha256=OIdszebPa0EqMIaHhqWgH6A64AcwQioIKC-NHDyZKrI,12636
 cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-applicationsignals-alpha/README.md,sha256=6nqc-WbHB1iFE3vXDr6hyQs8tYS6wwnWutXePY4EF4w,10873
 cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-apprunner-alpha/README.md,sha256=Jtm3RbnP4jQy8BYXwHvaRbMKizUjr4SqvimVMYhu6WQ,11982
-cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-bedrock-agentcore-alpha/README.md,sha256=neg1NHrIY4VKi9XAIx-q7aKoeHKQvG2FckZsStXkOQg,104221
+cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-bedrock-agentcore-alpha/README.md,sha256=oYzxpBQv_7OMaU-drsElqjdUpbtBIb_nuFGLl-qyyDs,111421
 cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-bedrock-alpha/README.md,sha256=ZFThRraeK0rx1CF2foaEDzKsWxL1Qb9yqpCFM8eKvIo,65269
 cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-cloud9-alpha/README.md,sha256=0N8kldvHAKsNQHKtsj8PaQywiDUVrd6rEwVNQV0equY,7718
 cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-codestar-alpha/README.md,sha256=J-c-thqWwZFQT3Exjr_AY95BBgTA14Wb9aJ32gmEizQ,1509
 cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-custom-resource-sdk-adapter/README.md,sha256=FepYs6-FkeqX8jOohrPByOvzecIOBjd1c1AegNpRYNc,6310
 cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-ec2-alpha/README.md,sha256=ZySzpPJ4eUj3ZJ_jWF6YFOX4J9a7F-GU3o6QT_zJggQ,36094
 cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-eks-v2-alpha/MANUAL_TEST.md,sha256=uObwqDllAUYBGkoNEAQGioL6JuKqh5ScVbq9KC3x89Q,1862
-cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-eks-v2-alpha/README.md,sha256=QaTmJ96HpXe5Iu32NOzqzHWi85jD73aCfo9Rks9za28,46202
+cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-eks-v2-alpha/README.md,sha256=yM9cSEn0NrzR7nKWSEmcQQwNQ-KTeHmFUlVgnFrG18Q,53713
 cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-elasticache-alpha/README.md,sha256=V2xDEBsWH7oxb4mO9I8Wfs74jzYqeUwxFpHp_N6NMtg,15215
 cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-gamelift-alpha/README.md,sha256=pZqlGXpIekT05CmRYo99QPI-7S1iGtKoNESGryLQFxQ,28324
 cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-glue-alpha/README.md,sha256=0DUUl5AU9qy-x3P4cCIStFMcav2hSQMwZuI3aTq9Q2Q,32235
@@ -46,8 +46,8 @@ cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/cfnspec/README.md,sha25
 cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/custom-resource-handlers/README.md,sha256=QctOoyGt6AqVWeFhRwpkCSxHZ1XFWj_nCKlkJHDFock,965
 cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/example-construct-library/README.md,sha256=vnVXyvtN9ICph68sw2y6gkdD_gmas0PiUa9TkwNckWQ,4501
 cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/integ-tests-alpha/README.md,sha256=VifKLrR404_yLVT0E3ai8f3R5K0h22VNwQplpSUSZqc,17489
-cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/mixins-preview/README.md,sha256=EXijwUEfn9GyyBrfvxrRmovdNifT828FihwO1tanPdA,10182
-cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/README.md/README.md,sha256=fDaQqPonfLmfQpukU4aAJcjQI5xHI40D3Li0I056Q7s,76468
+cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/mixins-preview/README.md,sha256=ENKpdCDBEV5Fkg0kuEbbfEyNpeREk1r9gpp_DHIob7w,10194
+cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/README.md/README.md,sha256=mup1_wX6WKTVqszieqdWb9nY1XF30JkxiqgMyrALwoA,76687
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/assertions/MIGRATING.md,sha256=SYGX8QNB1Pm_rVYDBp4QRWkqwnxOb3CHzeFglUy_53k,3347
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/assertions/README.md,sha256=3yo3D05n5explTIgnuF-vkk01MTYeAYe7_3rcsD2baE,18299
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/assets/README.md,sha256=kL56RlfxBa5LwV0cRseybeKIRKHhEXPjUo0HWPZqdO8,53
@@ -219,7 +219,8 @@ cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-batch/integ.mana
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-batch/integ.managed-compute-environment.ts,sha256=5EFbUtn2vivyhT-vLGbXgYSjsC0VDcWFOs1wg_rDtZo,3196
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-batch/integ.multinode-job-definition.ts,sha256=Pq7iWINv6l5S8rG1b1bGcg7313HRNee7vL_IPGsn0l8,1516
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-batch/integ.unmanaged-compute-environment.ts,sha256=o5_ft9zLQXu9TTJqYTT0phaLt7AdqLgHMIO2r4Wh8T0,856
-cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-bedrock/README.md,sha256=KvYAx_cPnhtqCPSsri3WKj3BIgko2C3fIPjMteQc9uw,1486
+cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-bedrock/README.md,sha256=b7lyhaB_ZRpKsweIGAgUykIp6yZhe-8O5w3R2EZS8Js,1334
+cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-bedrockagentcore/README.md,sha256=kjpYFBQD8GptshFY4k_f9xP-47U6D26Cuu88tAZoqFo,1110
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-certificatemanager/README.md,sha256=bhDI32VownDtCcTkarNK7oMabEcUUdjVTK095IYfmFM,8421
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-certificatemanager/integ.certificate-key-algorithm.ts,sha256=3JUtIlshjCtU6yqTZx2UXL9tRd4jom71WhqKXC6Bmxc,1881
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-certificatemanager/integ.certificate-name.ts,sha256=pzjlGsHvNGr4czBPdbckXzCCcN3tAUEhk2Q_lnjvC5Q,1617
@@ -727,7 +728,7 @@ cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-efs/integ.efs-tr
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-efs/integ.efs.permission.ts,sha256=bzH7koi5t2FgkDhEp-6ZtXgoteiCDTNd2igab4bXytA,3338
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-efs/integ.efs.ts,sha256=E9gP8v2MxNerg_EwkAc-4o6ikO08pLjZfDMI0M34_44,776
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/MANUAL_TEST.md,sha256=uObwqDllAUYBGkoNEAQGioL6JuKqh5ScVbq9KC3x89Q,1862
-cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/README.md,sha256=9ZwSCK4SBdRPGcI_9nol9dJncmtBGWwXm6dX2g9bJM4,82374
+cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/README.md,sha256=0RB4Id3CDNgJf12HxE_UJQHVsTJNzaAo4JjUnH9zxDs,87224
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.alb-controller-authapi.ts,sha256=L9dF26-F2Fw-O1iGAnT-AYnkq4JmO_IQoQn0RsOhLVY,1355
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.alb-controller.ts,sha256=cbL2kY-t0LAWLkK1Lb3RUPBeMUpw8xHWjDhkroD_Rb4,3314
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.custom-addons.ts,sha256=ZXsXljCokHOA_JubQ7ZsLT-tGy-28mg1gZ_bmNX_F-k,1475
@@ -737,15 +738,16 @@ cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.eks-bo
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.eks-cluster-handlers-vpc.ts,sha256=5ziP_cDA4Gvc0ZTEYsezSIw1XRi-JY3bIXB4MS9RP3c,1142
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.eks-cluster-imported.ts,sha256=VcOdMfU2jCukU63bL1DJ03npPLyI8Xwr-vAtO3xFNMA,7448
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.eks-cluster-ipv6.ts,sha256=wZ6dCJQzyJDYQEI6nfZDD2i8WGNdw4o8sIX5Rjiy4fk,13024
+cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.eks-cluster-native-oidc.ts,sha256=L4Kvy08W-KUDh5jNH2Y-yKSNrPnFOLxyj_Q9oM9On1I,1418
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.eks-cluster-private-endpoint.ts,sha256=kktgfPNMy7xPy9zJTcaSxbvAQZF3tPHJJ_K4kVZYofA,1825
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.eks-cluster-removal-policy.ts,sha256=AOvKvS8aWzh4Vb4WqWB58y7hCwabLJk4mJM316j-ZWc,1070
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.eks-cluster-tags.ts,sha256=dsPOuZv-3zKtgCmsYmxd2MJxzrwH1QAziJZHKs_GfjA,1321
-cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.eks-cluster.ts,sha256=uO4jfIQJb-zvcle-osXELtS6Y-Y3MCJBKiNAtYd7_9o,12876
+cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.eks-cluster.ts,sha256=T1cjz-_466u-GNqccUaJ4jaqAl_P9CRTGsX27xkvLfY,12980
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.eks-helm-asset.ts,sha256=oK98kChrQxAY4PK5K8t7E9K36GqYhTyFA0Yj6MS_xos,5075
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.eks-hybrid-nodes.ts,sha256=OnKPvJnEfz3NXetcPmCxEQntgU_QeXKTLD-H8m3amyo,1604
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.eks-inference-nodegroup.ts,sha256=-D1R2-_zrVHL5GP6c3ouAW_PAc_Ys2VMWDJNzN5KY20,1768
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.eks-inference.ts,sha256=RJ_Pv2TL2QlfI7KzmDV-YJ883c3yTM9DleRr94AfYAU,1800
-cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.eks-oidc-provider.ts,sha256=8C4nuKmVBcbPF8NO57ulMr9W6qMi63lFZoSOV4t-hUM,627
+cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.eks-oidc-provider.ts,sha256=OuH-WpWPux5mTlOqjK4U47KLD2OmSwFs06ArQeC4uOo,1829
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.eks-pod-identities.ts,sha256=VG-mZgZBxXftXCkH3xlvOr8r2Meb1iC1JUszpZoFOyc,2441
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.eks-service-account-sdk-call.ts,sha256=7Hm7jkdA2af-GMys-__f-xLXEt8RwAq_z9HRUZyzxzI,3292
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.eks-standard-access-entry.ts,sha256=upWuIZ41tsmF0n80W0jo82GYV7jXXYe8LBFTyUgON0k,1864
@@ -954,12 +956,13 @@ cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda/integ.vpc
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda-destinations/README.md,sha256=_6ZqM3kbkZCmN-9BtU3FbERs82Shv4D2QiWuq47T_VI,5453
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda-destinations/integ.destinations.ts,sha256=bCxe7DTOSIRyxe2iStWRdl0_J-tQZ8n-715uo9gMHvE,4187
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda-destinations/integ.lambda-chain.ts,sha256=vqRxTBuBaAZqeN1AQ4l0Z9b4dsOVTkYMXKIlil_yyCg,3381
-cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda-event-sources/README.md,sha256=AC1foN2OcEPMPuLsIxecdDJgY_fG1p9aZmazw4_FRvI,27199
+cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda-event-sources/README.md,sha256=OUoyx7bwSyd0lNA3d_qoebrBwlmHrjWMxz1zCSmrXyE,29375
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda-event-sources/integ.dynamodb-with-boolean-filter.ts,sha256=bGvfF5RgMbK9W2DO0HsKVoAK5KV5a0kLKYZKeOOFcx0,1217
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda-event-sources/integ.dynamodb-with-filter-criteria.ts,sha256=7RrxbpLll7YIY-sNFp4reML6mA5ptC05K6DRmww32rY,1897
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda-event-sources/integ.dynamodb-with-metrics-config.ts,sha256=_HEgmdb8iDBNWqDWo8RJHbbRtacdPp4V8LkS2U3DkI8,1286
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda-event-sources/integ.dynamodb.ts,sha256=5Qas_PPDvTb8sHl3AiNnv-k7XaazG5nDNVNbmJ6Wwfo,1205
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda-event-sources/integ.kafka-dlq.ts,sha256=PSv9cxqyEMq2Sa6WxhaD2Qq_OrBpZR07ePjG8sYmTrM,2897
+cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda-event-sources/integ.kafka-observability.ts,sha256=JGCU_YH2KurY4qxb8uCEoi2BG7UXG6AZuVx_tLJtU9E,3198
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda-event-sources/integ.kafka-poller-group-name.ts,sha256=_skHFN8P5MSzdgGF9pGQU1MOBPsz9rlr_pt7MMkHfTs,2670
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda-event-sources/integ.kafka-schema-registry.ts,sha256=mN1-eMpDDvEjqRqFB3WwDMAWtr1JhFt61ndeYMw3XlI,6640
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda-event-sources/integ.kafka-selfmanaged-error-handling.ts,sha256=nO4Q2SJx2JQdPlLE93icXYWfTp6NphKUzjuadZsZBXg,2807
@@ -1429,6 +1432,7 @@ cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/core/integ.cfn-mappi
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/core/integ.cross-region-references.ts,sha256=y2pFmosq88fvO5XdL1t1DhQFcNBzslTbEiJuSnnBLjA,1900
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/core/integ.logical-id.ts,sha256=97xr5IDwLJ6O2c4-P3uGFdoSTNtJ7FalFTLr1eiTi7s,521
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/core/integ.nested-stack-references.ts,sha256=qS2cw7f8LDkS0KxeTBGBKgUV6rpzExjeyFU8qkU1-J0,1796
+cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/core/integ.nested-stack-suppress-template-indentation.ts,sha256=FhiHoGS83kUSfh3-igcTazBROBqpqRPr5TIWyDPDJUA,1026
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/core/integ.prop-injectors.ts,sha256=7XxFP_6aronk1inj9NPLkNwdRnMnV956_ifMoSBOxDI,6068
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/core/integ.removal-policies.ts,sha256=b6ePZkMn5IyTizPV2VnxSR2X8RP2Obh8i7P1b7-S68o,1541
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/core/integ.stack.ts,sha256=xf24TLT1li9lQtn7LMTd0hPfiWPpBym8OMYD4cTiw-o,666
@@ -1457,7 +1461,7 @@ cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/custom-resources/int
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/custom-resources/integ.provider-with-waiter-state-machine-custom-role.ts,sha256=60mjzf_2NI9zO30B2Guye5sA7kxIl4yrLMXUEWIDO9I,2401
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/custom-resources/integ.provider-with-waiter-state-machine.ts,sha256=6Ci2_ABcu5azSj1f0EzY1VD4lQUg9KI5l1Q7ieejI-0,2058
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/custom-resources/integ.provider.ts,sha256=u_YVV0YZk6hyIxo5JOOSwwUORbqS3BVbJU6DIAwxuk0,1814
-cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/cx-api/FEATURE_FLAGS.md,sha256=9OIwfmum3NvUatQg-B58shP-9sLKVDepMye2D8bWRUU,109013
+cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/cx-api/FEATURE_FLAGS.md,sha256=0nNbXbM-uzk38rZNmw5eYjqKvLDYMkxq7uxw00WA4GQ,110510
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/cx-api/NESTED_ASSEMBLIES.md,sha256=P8PNyr4hIC_i-9aUxa301-5-N4tLcoHYnELBp3C6SQQ,4949
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/cx-api/README.md,sha256=i37TV0RjG95gwV2Uesbx98JGbN3W12rbBRcCK9IXlqs,25543
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/interfaces/README.md,sha256=8UUDA_SWB_K_3AKpzwsj1h-_PgyrIAToZXRew_opfU0,710
@@ -1489,8 +1493,8 @@ cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/pipelines/integ.pipe
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/region-info/README.md,sha256=vewWkV3ds9o9iyyYaJBNTkaKJ2XA6K2yF17tAxUnujg,2718
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/triggers/README.md,sha256=hYIx7DbG_7p4LYLUfxDwgIQjw9UNdz1GLrqDe8_Dbko,4132
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/triggers/integ.triggers.ts,sha256=LfeVru_CggiFXKPVa8vwt6Uv43SV3oAioDGmd8PyMHc,2859
-konokenj_cdk_api_mcp_server-0.71.0.dist-info/METADATA,sha256=db6fYQgN-LZstHtQQSfe_ZVp6UVHFX4-G48bfMlnsEs,2646
-konokenj_cdk_api_mcp_server-0.71.0.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
-konokenj_cdk_api_mcp_server-0.71.0.dist-info/entry_points.txt,sha256=bVDhMdyCC1WNMPOMbmB82jvWII2CIrwTZDygdCf0cYQ,79
-konokenj_cdk_api_mcp_server-0.71.0.dist-info/licenses/LICENSE.txt,sha256=5OIAASeg1HM22mVZ1enz9bgZ7TlsGfWXnj02P9OgFyk,1098
-konokenj_cdk_api_mcp_server-0.71.0.dist-info/RECORD,,
+konokenj_cdk_api_mcp_server-0.72.0.dist-info/METADATA,sha256=nE73bQHSN3nlbtdG-P6bGlTKtNadTGPymamZ4V5Uwxw,2646
+konokenj_cdk_api_mcp_server-0.72.0.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
+konokenj_cdk_api_mcp_server-0.72.0.dist-info/entry_points.txt,sha256=bVDhMdyCC1WNMPOMbmB82jvWII2CIrwTZDygdCf0cYQ,79
+konokenj_cdk_api_mcp_server-0.72.0.dist-info/licenses/LICENSE.txt,sha256=5OIAASeg1HM22mVZ1enz9bgZ7TlsGfWXnj02P9OgFyk,1098
+konokenj_cdk_api_mcp_server-0.72.0.dist-info/RECORD,,

{konokenj_cdk_api_mcp_server-0.71.0.dist-info → konokenj_cdk_api_mcp_server-0.72.0.dist-info}/WHEEL RENAMED Viewed

File without changes

{konokenj_cdk_api_mcp_server-0.71.0.dist-info → konokenj_cdk_api_mcp_server-0.72.0.dist-info}/entry_points.txt RENAMED Viewed

File without changes

{konokenj_cdk_api_mcp_server-0.71.0.dist-info → konokenj_cdk_api_mcp_server-0.72.0.dist-info}/licenses/LICENSE.txt RENAMED Viewed

File without changes

konokenj.cdk-api-mcp-server 0.71.0__py3-none-any.whl → 0.72.0__py3-none-any.whl

konokenj.cdk-api-mcp-server 0.71.0py3-none-any.whl → 0.72.0py3-none-any.whl