Release history

The following table describes important changes in each release of the AWS CloudFormation User Guide after May 2018. For notification about updates to this documentation, you can subscribe to an RSS feed.

Change	Description	Date
Updated resource	The following resource was updated: AWS::AutoScaling::AutoScalingGroup. AWS::AutoScaling::AutoScalingGroup Use the `AvailabilityZoneDistribution` property to specify `balanced-only` or `balanced-best-effort`.	November 8, 2024
Updated resources	The following resources were updated: `AWS::CleanRooms::AnalytisTemplate`, `AWS::CleanRooms::Collaboration`, and `AWS::CleanRooms::Membership`. AWS::CleanRooms::AnalysisTemplate Use the `Type` property in the `AnalysisParameter` to specify the type of parameter. AWS::CleanRooms::Collaboration Use the `AnalyticsEngine` property to specify the analytics engine for the collaboration. AWS::CleanRooms::Membership Use the `SingleFileOutput` property to indicate whether files should be output as a single file (`TRUE`) or output as multiple files (`FALSE`). This parameter is only supported for analyses with the Spark analytics engine.	November 7, 2024
New resources	The following resources were added: AWS::AppSync::Api AWS::AppSync::Api Use the `AWS::AppSync::Api` resource to create an AWS AppSync API that you can use for an AWS AppSync API with your preferred configuration,. The following resources were added: AWS::AppSync::ChannelNamespace AWS::AppSync::ChannelNamespace Use the `AWS::AppSync::ChannelNamespace` resource to creates a channel namespace associated with an `Api`.	November 4, 2024
Updated resource	The following resource was updated: `AWS::DataSync::Task`. AWS::DataSync::Task Use the `TaskMode` property to specify Enhanced or Basic mode for your transfer task.	November 1, 2024
Updated resources	The following resource was updated: AWS::NetworkFirewall::FirewallPolicy AWS::NetworkFirewall::FirewallPolicy Use the `FlowTimeouts` property to specify a TCP idle timeout.	October 30, 2024
New resource	The following resource was added: AWS::Backup::LogicallyAirGappedBackupVault AWS::Backup::LogicallyAirGappedBackupVault This resource was added for the feature Logically air-gapped vault.	October 24, 2024
Added support for email MFA	Added `EMAIL_OTP` to `EnabledMfas` in user pool resource. AWS::Cognito::UserPool EnabledMfas You can request or require email MFA in user pools. You must have an `EmailSendingAccount` of `DEVELOPER`.	October 15, 2024
Updated resource	The following resource was updated: AWS::IoT::DomainConfiguration. AWS::IoT::DomainConfiguration The AWS::IoT::DomainConfiguration resource adds three new parameters: `ClientCertificateConfig`, `ApplicationProtocol`, and `AuthenticationType` parameters.	October 4, 2024
New resources	The following resources were added: AWS::Wisdom::AIAgent, AWS::Wisdom::AIPrompt, AWS::Wisdom::AIAgentVersion, and AWS::Wisdom::AIPromptVersion. AWS::Wisdom::AIAgent Use the `AWS::Wisdom::AIAgent` resource to specify an Amazon Connect Wisdom AI agent. AWS::Wisdom::AIPrompt Use the `AWS::Wisdom::AIPrompt` resource to specify an Amazon Connect Wisdom AI prompt. AWS::Wisdom::AIAgentVersion Use the `AWS::Wisdom::AIAgentVersion` resource to specify an Amazon Connect Wisdom AI agent version. AWS::Wisdom::AIPromptVersion Use the `AWS::Wisdom::AIPromptVersion` resource to specify an Amazon Connect Wisdom AI prompt version.	October 4, 2024
New resource	The following resource was added: AWS::QuickSight::Folder. AWS::QuickSight::Folder Use the `AWS::QuickSight::Folder` resource to create a folder in Amazon QuickSight.	October 3, 2024
New resource	The following resource was added: `AWS::Bedrock::ApplicationInferenceProfile`. AWS::Bedrock::ApplicationInferenceProfile Use the AWS::Bedrock::ApplicationInferenceProfile resource to create an inference profile to route inference requests to multiple regions. For more information, see Improve resilience with cross-region inference..	September 30, 2024
Updated resource	The following resource was updated AWS::IoT::SoftwarePackageVersion AWS::IoT::DomainConfiguration The AWS::IoT::SoftwarePackageVersion resource adds artifact, recipe, and sbom parameters.	September 27, 2024
New resources	The following resources were added: AWS::MemoryDB::ParameterGroup::Tag, AWS::MemoryDB::ParameterGroup::Tag::Key, AWS::MemoryDB::ParameterGroup::Tag::Value, AWS::MemoryDB::Cluster::Tag, AWS::MemoryDB::Cluster::Tag::Key, AWS::MemoryDB::Cluster::Tag::Value, AWS::MemoryDB::Cluster::DataTiering, AWS::MemoryDB::ACL::Tag, AWS::MemoryDB::ACL::Tag::Key, AWS::MemoryDB::ACL::Tag::Value, AWS::MemoryDB::SubnetGroup::Tag, AWS::MemoryDB::SubnetGroup::Tag::Key, AWS::MemoryDB::SubnetGroup::Tag::Value, AWS::MemoryDB::User::Tag, AWS::MemoryDB::User::Tag:Key, AWS::MemoryDB::User::AuthenticationMode, AWS::MemoryDB::User::AuthenticationMode::Type, AWS::MemoryDB::User::AuthenticationMode::Passwords.	September 26, 2024
Updated resource	The following property was added to the AWS::SES::MailManagerRuleSet RuleStringToEvaluate resource: AWS::SES::MailManagerRuleSet RuleStringToEvaluate Use the `MimeHeaderAttribute` property as the email MIME X-Header attribute to evaluate in a string condition expression.	September 24, 2024
Updated resource	The following resource was updated: AWS::Synthetics::Canary. AWS::Synthetics::Canary The `ResourcesToReplicateTags` parameter was added. You can specify this parameter when you create or update a canary to have the tags that you apply to the canary also be replicated to the Lambda function that the canary uses.	September 19, 2024
Updated resource	The following resource was updated: AWS::S3Express::DirectoryBucket. AWS::S3Express::DirectoryBucket BucketEncryption Use the `AWS::S3Express::DirectoryBucket BucketEncryption` property to specify default encryption for a directory bucket. AWS::S3Express::DirectoryBucket ServerSideEncryptionRule Use the `AWS::S3Express::DirectoryBucket ServerSideEncryptionRule` resource to specify the default server-side encryption configuration for an S3 directory bucket. AWS::S3Express::DirectoryBucket ServerSideEncryptionByDefault Use the `AWS::S3Express::DirectoryBucket ServerSideEncryptionByDefault` property to apply the default server-side encryption to new objects in a directory bucket. AWS::S3Express::DirectoryBucket Use the `AvailabilityZoneName` property to return the code for the Availability Zone where the directory bucket was created.	September 18, 2024
Updated resources	The following resources were updated: AWS::Lambda::EventSourceMapping and AWS::Lambda::CodeSigningConfig. AWS::Lambda::EventSourceMapping Use the `Tags` property to specify tags for your event source mapping. AWS::Lambda::CodeSigningConfig Use the `Tags` property to specify tags for your code signing configuration.	September 17, 2024
New resource types	The following resources were added: `AWS::PCAConnectorSCEP::Challenge`, `AWS::PCAConnectorSCEP::Connector`. AWS::PCAConnectorSCEP::Challenge The `AWS::PCAConnectorSCEP::Challenge` resource is used to create challenge passwords for AWS Private Certificate Authority general-purpose SCEP connectors. The challenge passwords are used to authenticate a request before issuing a certificate from a certificate authority (CA). AWS::PCAConnectorSCEP::Connector The `AWS::PCAConnectorSCEP::Connector` resource type is used to link AWS Private Certificate Authority to your SCEP-enabled devices and mobile device management (MDM) systems.	September 16, 2024
New resource	The following resource was added: AWS::Connect::AgentStatus AWS::Connect::AgentStatus Use the `AWS::Connect::AgentStatus` resource to configure an AgentStatus in the specified instance.	September 13, 2024
New resource	The following resource was added: AWS::Connect::UserHierarchyStructure AWS::Connect::UserHierarchyStructure Use the `AWS::Connect::UserHierarchyStructure` resource to create a UserHierarchyStructure in the specified instance.	September 13, 2024
New resource	The following resource was added: `AWS::DataZone::EnvironmentActions`. AWS::DataZone::EnvironmentActions Use the `AWS::DataZone::EnvironmentActions` resource to specify the details about a particular action configured for an environment in Amazon DataZone.	September 13, 2024
Updated resource	The following resource was updated: AWS::Pipes::Pipe. AWS::Pipes::Pipe Use the `PipeTargetTimestreamParameters` property to specify the parameters for using a Timestream for LiveAnalytics table as a target.	September 10, 2024
New resource	The following resources were added: AWS::MSK::Replicator ReplicationTopicNameConfiguration. AWS::MSK::Replicator ReplicationTopicNameConfiguration Configuration for specifying replicated topic names will be the identical to their corresponding upstream topics or prefixed with source cluster alias.	September 10, 2024
New resource	The following structure was added: AWS::ApplicationSignals::ServiceLevelObjective RequestBasedSli AWS::ApplicationSignals::ServiceLevelObjective RequestBasedSli Use the `RequestBasedSli` structure to provide information about the service and the performance metric that a request-based SLO is to monitor. For more information, see Service level objectives.	September 6, 2024
New resource	The following structure was added: AWS::ApplicationSignals::ServiceLevelObjective RequestBasedSliMetric AWS::ApplicationSignals::ServiceLevelObjective RequestBasedSliMetric Use the `RequestBasedSliMetric` structure to provide information about the metric that the request-based SLO monitors. For more information, see Service level objectives.	September 6, 2024
Updated resource	The following resources were updated: AWS::AppSync::GraphQLApi AWS::AppSync::GraphQLApi Updated `LogConfig` property.	September 4, 2024
Updated resource	The following property was added to the AWS::SES::ReceiptRule S3Action resource: AWS::SES::ReceiptRule S3Action Use the `IamRoleArn` property to access the resources in the Deliver to S3 action (Amazon S3 bucket, SNS topic, and KMS key) and to write to an S3 bucket that exists in a region where SES Email receiving isn't available.	August 29, 2024
Updated resource	The following resource was updated: AWS::AutoScaling::AutoScalingGroup. AWS::AutoScaling::AutoScalingGroup Use the `HealthCheckType` property to specify `EBS` as the health check type for your Auto Scaling group.	August 27, 2024
New property	The following property was added: AWS::ECS::TaskDefinition RestartPolicy AWS::ECS::TaskDefinition RestartPolicy Use the `RestartPolicy` property to enable restart policies for individual containers in a task.	August 26, 2024
Visualize your scanned resources and generated templates	You can now streamline your Infrastructure as Code (IaC) generator workflows by visualizing scan summary details and previewing the generated templates before deploying your infrastructure stack. For more information, see View the scan summary in the CloudFormation console and Create a CloudFormation stack from scanned resources.	August 22, 2024
Updated resource	The following resource was updated: AWS::IVS::Stage AWS::IVS::Stage Use the `AutoParticipantRecordingConfiguration` property to specify a configuration for individual participant recording.	August 20, 2024
New resource	The following resource was added: AWS::IVS::PublicKey AWS::IVS::PublicKey Use the `PublicKey` to sign stage participant tokens.	August 20, 2024
Updated resource	The following resource was updated: AWS::Lambda::Function. AWS::Lambda::Function Use the `RecursiveLoop` property to allow Lambda functions to be invoked in a recursive loop.	August 19, 2024
Updated resource	The following resource was updated: AWS::Bedrock::Guardrail. AWS::Bedrock::Guardrail The AWS::Bedrock::Guardrail resource was updated to support the contextual grounding filter.	August 15, 2024
Added support for user log export	Added S3Configuration and FirehoseConfiguration to LogDeliveryConfiguration. Adds support for log export to Amazon S3 and Amazon Data Firehose. AWS::Cognito::UserPool PreTokenGenerationConfig You can update the version of your Lambda trigger event. Version 2 includes details to customize access tokens and ID tokens.	August 8, 2024
New resource	The following resource was added: AWS::SSMQuickSetup::ConfigurationManager AWS::SSMQuickSetup::ConfigurationManager Creates a Quick Setup configuration manager resource. This resource is a collection of desired state configurations for multiple configuration definitions and summaries describing the deployments of those definitions. Quick Setup is a capability of Systems Manager. For more information about Quick Setup, see Systems Manager Quick Setup in the Systems Manager User Guide.	July 31, 2024
Amazon EventBridge integration with AWS CloudFormation Git sync	AWS CloudFormation Git sync now publishes sync status changes as events to Amazon EventBridge. For more information, see Repository Sync Status Change event detail and Resource Sync Status Change event detail.	July 29, 2024
Updated resource	The following resource was updated: `AWS::CodeCommit::Repository` AWS::CodeCommit::Repository Code AWS CodeCommit is no longer available to new customers. Existing customers of AWS CodeCommit can continue to use the service as normal. Learn more"	July 25, 2024
Updated resource	The following resource was updated: AWS::KinesisFirehose::DeliveryStream. AWS::KinesisFirehose::DeliveryStream DestinationTableConfiguration Use the `DestinationTableConfiguration` property type to specify the configuration of a destination in Apache Iceberg Tables. AWS::KinesisFirehose::DeliveryStream IcebergDestinationConfiguration Use the `IcebergDestinationConfiguration` property type to specify the destination configure settings for Apache Iceberg Table. AWS::KinesisFirehose::DeliveryStream CatalogConfiguration Use the `CatalogConfiguration` property type to specify the containers where the destination Apache Iceberg Tables are persisted.	July 25, 2024
Updated resources	The following resources were updated: `AWS::CleanRooms::ConfiguredTable` and `AWS::CleanRooms::ConfiguredTableAssociation`. AWS::CleanRooms::ConfiguredTable Use the `AdditionalAnalyses` property to specify whether additional analyses can be applied to the output of the direct query. AWS::CleanRooms::ConfiguredTableAssociation Use the `ConfiguredTableAssociationAnalysisRule` property to specify how data from the table can be used within its associated collaboration.	July 24, 2024
Updated resources	The following resources were updated: `AWS::EntityResolution::MatchingWorkflow` and `AWS::EntityResolution::SchemaMapping`. AWS::EntityResolution::MatchingWorkflow RuleBasedProperties Use the `MatchPurpose` property to specify whether to generate IDs and index the data or index the data without generating IDs. AWS::EntityResolution::SchemaMapping SchemaInputAttribute Use the `Hashed` property to specify if the column values are hashed in the schema input.	July 23, 2024
New resources	The following resources were added: `AWS::CleanRooms::IDMappingTable` and `AWS::CleanRooms::IdNamespaceAssociation`. AWS::CleanRooms::IDMappingTable Use the `AWS::CleanRooms::IDMappingTable` resource to specify a new ID mapping table resource in AWS Clean Rooms. AWS::CleanRooms::IdNamespaceAssociation Use the `AWS::CleanRooms::IdNamespaceAssociation` resource to specify a new ID namespace association resource in AWS Clean Rooms.	July 23, 2024
Updated resource	The following resource was updated: `AWS::WorkSpacesWeb::UserSettings`. AWS::WorkSpacesWeb::UserSettings Use the `DeepLinkAllowed` property to specify whether the user can use deep links that open automatically when connecting to a session.	July 22, 2024
New resources	The following resources were added: `AWS::Bedrock::Prompt`, `AWS::Bedrock::PromptVersion`, `AWS::Bedrock::Flow`, `AWS::Bedrock::FlowVersion`, and `AWS::Bedrock::FlowAlias`. AWS::Bedrock::Prompt Use the `AWS::Bedrock::Prompt` resource to create a prompt in Amazon Bedrock to reuse in different workflows. For more information, see Construct and store reusable prompts with Prompt management in Amazon Bedrock. AWS::Bedrock::PromptVersion Use the `AWS::Bedrock::PromptVersion` resource to create a version of your prompt that acts as a static snapshot of a prompt configuration. For more information, see Construct and store reusable prompts with Prompt management in Amazon Bedrock. AWS::Bedrock::Flow Use the `AWS::Bedrock::Flow` resource to create a prompt flow in Amazon Bedrock so that you can chain resources from Amazon Bedrock and other AWS services to create complex workflows that take advantage of generative AI. For more information, see Build an end-to-end generative AI workflow with prompt flows in Amazon Bedrock. AWS::Bedrock::FlowVersion Use the `AWS::Bedrock::FlowVersion` resource to create a version of your prompt flow that acts as a static snapshot of a prompt flow. For more information, see Build an end-to-end generative AI workflow with prompt flows in Amazon Bedrock. AWS::Bedrock::FlowAlias Use the `AWS::Bedrock::FlowAlias` resource to create an alias of your prompt flow that points to a version of the prompt flow. For more information, see Build an end-to-end generative AI workflow with prompt flows in Amazon Bedrock.	July 10, 2024
Updated resource	The following resource was updated: AWS::MWAA::Environment AirflowVersion The `AirflowVersion` property has been updated to include a new valid value for Apache Airflow version 2.9.2.	July 9, 2024
New resource	The following resource was released: `AWS::LaunchWizard::Deployment`. Use `AWS::LaunchWizard::Deployment` to create a Launch Wizard deployment.	July 3, 2024
New resources	The following resources were added: `AWS::SES::MailManagerAddonInstance`, `AWS::SES::MailManagerAddonSubscription`, `AWS::SES::MailManagerArchive`, `AWS::SES::MailManagerIngressPoint`, `AWS::SES::MailManagerRelay`, `AWS::SES::MailManagerRuleSet`, and `AWS::SES::MailManagerTrafficPolicy`. `AWS::SES::MailManagerAddonInstance` Use the `AWS::SES::MailManagerAddonInstance` resource to create an Add On instance which represents the actual deployment and configuration of the Add On functionality within your Mail Manager environment. `AWS::SES::MailManagerAddonSubscription` Use the `AWS::SES::MailManagerAddonSubscription` resource to create an Add On subscription which represents the acceptance of the Add On's terms of use and any additional pricing. `AWS::SES::MailManagerArchive` Use the `AWS::SES::MailManagerArchive` resource to create a new email archive resource for storing and retaining emails. `AWS::SES::MailManagerIngressPoint` Use the `AWS::SES::MailManagerIngressPoint` resource to provision an ingress endpoint which serves as the entry point for incoming emails, allowing you to define how emails are received and processed within your AWS environment. `AWS::SES::MailManagerRelay` Use the `AWS::SES::MailManagerRelay` resource to create an SMTP relay which can be used within a Mail Manager rule set to forward incoming emails to defined relay destinations. `AWS::SES::MailManagerRuleSet` Use the `AWS::SES::MailManagerRuleSet` resource to create a rule set for a Mail Manager ingress endpoint which contains a list of rules that are evaluated sequentially for each email. `AWS::SES::MailManagerTrafficPolicy` Use the `AWS::SES::MailManagerTrafficPolicy` resource to create a traffic policy for a Mail Manager ingress endpoint which contains policy statements used to evaluate whether incoming emails should be allowed or denied.	June 30, 2024
New resource	The following resource was added: `AWS::WorkSpaces::WorkspacesPool` AWS::WorkSpaces::WorkspacesPool Use the `AWS::WorkSpaces::WorkspacesPool` resource to create a pool of WorkSpaces.	June 27, 2024
New resource type	The following resource type was added: `AWS::AppTest::TestCase`. `AWS::AppTest::TestCase` Use the `AWS::AppTest::TestCase` resource type to specify a test case.	June 26, 2024
New resource	The following resource was added: `AWS::GuardDuty::MalwareProtectionPlan` AWS::GuardDuty::MalwareProtectionPlan Use `AWS::GuardDuty::MalwareProtectionPlan` resource to configure Malware Protection for S3 that helps you detect potential malware in the newly uploaded objects in your selected S3 buckets.	June 13, 2024
New resource	The following resource was added: AWS::ApplicationSignals::ServiceLevelObjective AWS::ApplicationSignals::ServiceLevelObjective Use the AWS::ApplicationSignals::ServiceLevelObjective resource to create service level objective (SLO), which can help you ensure that your critical business operations are meeting customer expectations. For more information, see Service level objectives.	June 12, 2024
Updated resource	The following resource was updated: `AWS::CloudFormation::CustomResource`. `AWS::CloudFormation::CustomResource` Use the `ServiceTimeout` property to specify the maximum time, in seconds, that can elapse before a custom resource operation times out.	June 10, 2024
New resources	The following resources were added: AWS::ECS::Cluster ManagedStorageConfiguration AWS::ECS::Cluster ManagedStorageConfiguration Use the `AWS::ECS::Cluster ManagedStorageConfiguration` resource to represent the configuration for Managed Storage.	June 10, 2024
Updated resource	The following resource was updated: AWS::AutoScaling::ScalingPolicy. AWS::AutoScaling::ScalingPolicy Use the `AWS::AutoScaling::ScalingPolicy` property to use metric math to customize the metrics that you include in your target tracking policies.	June 6, 2024
Updated resource	The following resource was updated: AWS::Pipes::Pipe. AWS::Pipes::Pipe Use the `PipeTargetTimestreamParameters` property to specify the parameters for using a Timestream for LiveAnalytics table as a target.	June 4, 2024
Updated resource	The following resource was updated: AWS::Bedrock::Agent. AWS::Bedrock::Agent The AWS::Bedrock::Agent resource was updated to support the addition of a guardrail to an agent. For more information, see Implement safeguards for your application by associating a guardrail with your agent.	June 3, 2024
New resources	The following resources were added: `AWS::SecurityHub::ConfigurationPolicy`, `AWS::SecurityHub::FindingAggregator`, `AWS::SecurityHub::OrganizationConfiguration`, and `AWS::SecurityHub::PolicyAssociation`. AWS::SecurityHub::ConfigurationPolicy Use the `AWS::SecurityHub::ConfigurationPolicy` resource to create a Security Hub central configuration policy. AWS::SecurityHub::FindingAggregator Use the `AWS::SecurityHub::FindingAggregator` resource to enable Security Hub cross-Region aggregation and specify aggregation settings. AWS::SecurityHub::OrganizationConfiguration Use the `AWS::SecurityHub::OrganizationConfiguration` resource to specify how an AWS organization is configured in Security Hub. AWS::SecurityHub::PolicyAssociation Use the `AWS::SecurityHub::PolicyAssociation` resource to associate a Security Hub configuration policy or self-managed configuration with the organization root, an account, or an organizational unit (OU).	May 30, 2024
New resource	The following resource was added: `AWS::SecurityLake::SubscriptionNotification` `AWS::SecurityLake::SubscriptionNotification` Use the `AWS::SecurityLake::SubscriptionNotification` resource to add a notification method for the subscription (SQS or HTTPs) endpoint in Amazon Security Lake.	May 29, 2024
New resource	The following resources were added: `AWS::DataZone::GroupProfile`, `AWS::DataZone::ProjectMembership`, and `AWS::DataZone::UserProfile`. AWS::DataZone::GroupProfile Use the `AWS::DataZone::GroupProfile` resource to specify the details of a group profile in Amazon DataZone. AWS::DataZone::ProjectMembership Use the `AWS::DataZone::ProjectMembership` resource to specify the project membership information in Amazon DataZone. AWS::DataZone::UserProfile Use the `AWS::DataZone::UserProfile` resource to specify the user profile information in Amazon DataZone.	May 15, 2024
New resource	The following resource was added: `AWS::SecurityHub::SecurityControl`. AWS::SecurityHub::SecurityControl Use the `AWS::SecurityHub::SecurityControl` resource to specify control parameters for a Security Hub control.	May 15, 2024
AWS CloudTrail event stack operation root causes	AWS CloudFormation improves the troubleshooting experience for stack operations with a new AWS CloudTrail deep-link integration. This feature directly links stack operation events in the CloudFormation Console to relevant CloudTrail events For more information, see Determine the cause of a stack failure	May 15, 2024
Updated resource	The following resource was updated: AWS::Events::EventBus. AWS::Events::EventBus Use the `DeadLetterConfig` property to specify configuration details of the Amazon SQS queue for EventBridge to use as a dead-letter queue (DLQ). Use the `KmsKeyIdentifier` property to specify the AWS KMS customer managed key for EventBridge to use for event encryption.	May 14, 2024
Updated resource	The following resource was updated: AWS::Bedrock::Agent. AWS::Bedrock::Agent The AWS::Bedrock::Agent resource was updated to support the creation of action groups using a function schema, in addition to the configuring of action groups to return control to the agent developer instead of sending the information to a Lambda function. For more information, see Define function details and Return control to the agent developer.	May 9, 2024
New resource	The following resource was added: `AWS::Bedrock::GuardrailVersion`. AWS::Bedrock::GuardrailVersion Use the AWS::Bedrock::GuardrailVersion resource to create new versions for your guardrail. For more information, see Stop harmful content in models using Amazon Bedrock Guardrails.	May 6, 2024
New resource	The following resources were added: `AWS::SSO::Application`, `AWS::SSO::ApplicationAssignment`, and `AWS::SSO::Instance`. `AWS::SSO::Application` Use the `AWS::SSO::Application` resource to create an application in IAM Identity Center. `AWS::SSO::ApplicationAssignment` Use the `AWS::SSO::ApplicationAssignment` resource to describe an assignment of a principal of an application. `AWS::SSO::Instance` Use the `AWS::SSO::Instance` resource to create an instance of IAM Identity Center for a standalone AWS account that is not managed by or a member AWS account in an organization.	May 6, 2024
Updated resource	The following resource was updated: AWS::FMS::Policy. AWS::FMS::Policy The `AWS::FMS::Policy` resource now supports centralized management of Amazon Virtual Private Cloud network ACLs.	May 3, 2024
Updated resource	The following properties were added to the `AWS::DynamoDB::GlobalTable` resource: `ReadOnDemandThroughputSettings` and `WriteOnDemandThroughputSettings`. AWS::DynamoDB::GlobalTable ReadOnDemandThroughputSettings Use this property to set the read request settings for a replica table or a replica global secondary index if the `BillingMode` is `PAY_PER_REQUEST`. AWS::DynamoDB::GlobalTable WriteOnDemandThroughputSettings Use this property to set the write request settings for a global table or a global secondary index if the `BillingMode` is `PAY_PER_REQUEST`.	May 1, 2024
Updated resource	The following property was added to the `AWS::DynamoDB::Table` resource: `OnDemandThroughput`. AWS::DynamoDB::Table OnDemandThroughput Use this property to set the maximum number of read and write units for a specified on-demand table.	May 1, 2024
New resources	The following resources were added: `AWS::QBusiness::Application`, `AWS::QBusiness::DataSource`, `AWS::QBusiness::Index`, `AWS::QBusiness::Plugin`, `AWS::QBusiness::Retriever`, and `AWS::QBusiness::WebExperience`. AWS::QBusiness::Application Use the `AWS::QBusiness::Application` resource to create an Amazon Q Business application. For more information, see Configuring an Amazon Q Business application. AWS::QBusiness::DataSource Use the `AWS::QBusiness::DataSource` resource to create a data source connector for an Amazon Q Business application. For more information, see Configuring Amazon Q Business data source connectors. AWS::QBusiness::Index Use the `AWS::QBusiness::Index` resource to create an Amazon Q Business index. For more information, see Creating an Amazon Q Business index. AWS::QBusiness::Plugin Use the `AWS::QBusiness::Plugin` resource to create and configure an Amazon Q Business plugin. For more information, see Configuring plugins with Amazon Q Business. AWS::QBusiness::Retriever Use the `AWS::QBusiness::Retriever` resource to add a retriever to an Amazon Q Business application. For more information, see Selecting a retriever for Amazon Q Business. AWS::QBusiness::WebExperience Use the `AWS::QBusiness::WebExperience` resource to create an Amazon Q Business web experience. For more information, see Customizing an Amazon Q Business web experience .	April 30, 2024
New resources	The following property was updated: `AWS::Route53Resolver::FirewallRuleGroup FirewallRule`. AWS::Route53Resolver::FirewallRuleGroup FirewallRule Added a `FirewallDomainRedirectionAction` property to include a DNS redirection choice for the DNS Firewall rule to evaluate.	April 30, 2024
Updated resource	The following resources was updated: AWS::Oam::Link. AWS::Oam::Sink The `AWS::Oam::Link` resource was updated with a `LinkConfiguration` structure. You can use this structure to specify that only a subset of metric namespaces or log groups are to be shared with the monitoring account.	April 26, 2024
Updated resource	The following resource was updated: AWS::RDS::DBInstance AWS::RDS::DBInstance Use the `AutomaticBackupReplicationKmsKeyId` property to specify the AWS KMS key identifier for encryption of replicated automated backups.	April 26, 2024
Updated resource	The following resource was updated: `AWS::DataSync::Task`. AWS::DataSync::Task Use the `Status` property to enable or disable your task schedule.	April 24, 2024
New resource	The following resource was added: `AWS::Bedrock::Guardrail`. AWS::Bedrock::Guardrail Use the AWS::Bedrock::Guardrail resource to block topics and to filter out harmful content. For more information, see Stop harmful content in models using Amazon Bedrock Guardrails.	April 24, 2024
New resources	The following resources were added: `AWS::PaymentCryptography::Alias` and `AWS::PaymentCryptography::Key`. `AWS::PaymentCryptography::Alias` Use the `AWS::PaymentCryptography::Alias` resource to specify an alias. `AWS::PaymentCryptography::Key` Use the `AWS::PaymentCryptography::Key` resource to specify a key.	April 23, 2024
Updated resources	The following resources were updated: `AWS::WorkSpacesWeb::BrowserSettings`, `AWS::WorkSpacesWeb::IpAccessSettings`, `AWS::WorkSpacesWeb::Portal`, and `AWS::WorkSpacesWeb::UserSettings`. AWS::WorkSpacesWeb::BrowserSettings Use the `AdditionalEncryptionContext` property to specify the additional encryption context of the browser settings. Use the `CustomerManagedKey` property to specify the custom managed key of the browser settings. AWS::WorkSpacesWeb::IpAccessSettings Use the `AdditionalEncryptionContext` property to specify the additional encryption context of the IP access settings. Use the `CustomerManagedKey` property to specify the custom managed key of the IP access settings. AWS::WorkSpacesWeb::Portal Use the `AdditionalEncryptionContext` property to specify the additional encryption context of the portal. Use the `CustomerManagedKey` property to specify the custom managed key of the portal. Use the `InstanceType` property to specify the type and resources of the underlying instance. Use the `MaxConcurrentSessions` property to specify the maximum number of concurrent sessions for the portal. AWS::WorkSpacesWeb::UserSettings Use the `AdditionalEncryptionContext` property to specify the additional encryption context of the user settings. Use the `CustomerManagedKey` property to specify the custom managed key of the user settings.	April 22, 2024
New resource	The following resource was added: AWS::GlobalAccelerator::CrossAccountAttachment. AWS::GlobalAccelerator::CrossAccountAttachment Use the `AWS::GlobalAccelerator::CrossAccountAttachment` resource to create a cross-account attachment to specify the principals who have permission to work with resources in accelerators in their own account, and the resources that those principals can work with.	April 22, 2024
New resource	The following resources were added: `AWS::SecurityLake::AwsLogSource`, `AWS::SecurityLake::DataLake`, `AWS::SecurityLake::Subscriber`. `AWS::SecurityLake::AwsLogSource` Use the `AWS::SecurityLake::AWSLogSource` to add a natively supported AWS service as an Amazon Security Lake source. `AWS::SecurityLake::DataLake` Use the `AWS::SecurityLake::DataLake` resource to initialize an Amazon Security Lake instance with the provided (or default) configuration. `AWS::SecurityLake::Subscriber` Use the `AWS::SecurityLake::Subscriber` resource to create subscription permission for accounts that are already enabled in Amazon Security Lake.	April 12, 2024
Updated resource	The following resource was updated: AWS::CloudWatch::AnomalyDetector AWS::CloudWatch::AnomalyDetector In the AnomalyDetector resource, the `MetricCharacteristics` object was added to enable you to specify parameters to provide information about your metric to CloudWatch to help it build more accurate anomaly detection models. Currently, this object includes the `PeriodicSpikes` parameter. Use this parameter if values for this metric consistently include spikes that should not be considered to be anomalies.	April 11, 2024
Updated resource	The following resource was updated: `AWS::KMS::Key`. AWS::KMS::Key Added support to specify a custom rotation period for automatic key rotations.	April 11, 2024
Updated resource	The following resource was updated: `AWS::CleanRooms::ConfiguredTable`. `AWS::CleanRooms::PrivacyBudgetTemplate` AWS::CleanRooms::ConfiguredTable Use the `DifferentialPrivacy` property to specify the name of the column that contains the unique identifier of your users, whose privacy you want to protect.	April 10, 2024
New resource	The following resource was added: `AWS::CleanRooms::PrivacyBudgetTemplate`. AWS::CleanRooms::PrivacyBudgetTemplate Use the `PrivacyBudgetTemplate` to specify the differential privacy configuration.	April 10, 2024
New resources	The following resources were added: AWS::IVS::EncoderConfigration, AWS::IVS::PlaybackRestrictionPolicy, AWS::IVS::StorageConfigration AWS::IVS::EncoderConfiguration Use the `EncoderConfiguration` resource to describe a stream’s video configuration. AWS::IVS::PlaybackRestrictionPolicy Use the `PlaybackRestrictionPolicy` resource to constrain playback by country and/or origin sites. AWS::IVS::StorageConfiguration Use the `StorageConfiguration` resource to describe an S3 location where recorded videos will be stored.	April 9, 2024
Updated resource	The following resource was updated: AWS::CloudWatch::Alarm AWS::CloudWatch::Alarm The `Tags` property was added so that you can use AWS CloudFormation to apply tags to metric alarms.	April 5, 2024
Updated resource	The following resource was updated: AWS::CloudWatch::CompositeAlarm AWS::CloudWatch::CompositeAlarm The `Tags` property was added so that you can use AWS CloudFormation to apply tags to composite alarms.	April 5, 2024
New resources	The following resources were added: `AWS::Bedrock::Agent`, `AWS::Bedrock::AgentAlias`, `AWS::Bedrock::KnowledgeBase`, and `AWS::Bedrock::DataSource`. AWS::Bedrock::Agent Use the `AWS::Bedrock::Agent` resource to create an agent in Amazon Bedrock to help users fulfill tasks. For more information, see Automate tasks in your application using conversational agents. AWS::Bedrock::AgentAlias Use the `AWS::Bedrock::AgentAlias` resource to create an alias that points to a version of your Amazon Bedrock agent that your application can invoke during deployment. For more information, see Deploy an Amazon Bedrock Agent. AWS::Bedrock::KnowledgeBase Use the `AWS::Bedrock::KnowledgeBase` resource to create a knowledge base in Amazon Bedrock that can be queried and generate responses based on the retrieved results. For more information, see Retrieve data and generate AI responses with knowledge bases . AWS::Bedrock::DataSource Use the `AWS::Bedrock::DataSource` resource to create a data source in a knowledge base in Amazon Bedrock to manage the conversion of data from an Amazon S3 bucket into vector embeddings for a knowledge base. For more information, see Set up a data source for your knowledge base .	April 4, 2024
New resources	The following resources were added: `AWS::SecurityHub::DelegatedAdmin`, `AWS::SecurityHub::Insight`, and `AWS::SecurityHub::ProductSubscription`. AWS::SecurityHub::DelegatedAdmin Use the `AWS::SecurityHub::DelegatedAdmin` resource to specify the delegated Security Hub administrator for an organization. AWS::SecurityHub::Insight Use the `AWS::SecurityHub::Insight` resource to specify a custom Security Hub insight. AWS::SecurityHub::ProductSubscription Use the `AWS::SecurityHub::ProductSubscription` resource to specify a subscription to a third-party product that integrates with Security Hub.	April 3, 2024
New resource	The following resource was added: AWS::CleanRoomsML::TrainingDataset. AWS::CleanRoomsML::TrainingDataset Use the `AWS::CleanRoomsML::TrainingDataset` resource to specify the creation of a training dataset, which is metadata that points to a Glue table. For more information, see Import training data.	April 3, 2024
New resources	The following resources were added: AWS::Deadline::Farm Use the AWS::Deadline::Farm resource to create a farm that contains the queues and fleets that process you jobs. For more information, see AWS Deadline Cloud farms. AWS::Deadline::Fleet Use the AWS::Deadline::Fleet resource to define a fleet of worker hosts that process the tasks for your jobs. For more information, see Manage AWS Deadline Cloud fleets. AWS::Deadline::LicenseEndpoint Use the AWS::Deadline::LicenseEndpoint resource to integrate licensed software with your jobs. For more information, see Connect customer-managed fleets to a license endpoint. AWS::Deadline::MeteredProduct Use the AWS::Deadline::MeteredProduct resource to associate a licensed application with a license endpoint. AWS::Deadline::Queue Use the AWS::Deadline::Queue resource to create queues for your farm. Jobs are submitted to a queue, and the queue sends the tasks in the job to a worker fleet for processing. For more information, see Queues. AWS::Deadline::QueueEnvironment Use the AWS::Deadline::QueueEnvironment resource to create to create a processing environment for workers processing tasks from the queue. For more information, see Create a queue environment. AWS::Deadline::QueueFleetAssociation Use the AWS::Deadline::QueueFleetAssociation resource to associate a worker fleet with a queue. Workers in the fleet process tasks for the jobs in the queue. For more information, see Associate a queue and fleet. AWS::Deadline::StorageProfile Use the AWS::Deadline::StorageProfile resource to specify the operating system, file type, and file location of resources used by a farm. For more information, see Storage profiles in AWS Deadline Cloud .	April 2, 2024
New resource	The following new resource has been added: AWS::CodeConnections::Connection AWS::CodeConnections::Connection New resource.	April 2, 2024
New and updated resources	The following resources were added: `AWS::EntityResolution::IdNamespace` and `AWS::EntityResolution::PolicyStatement`. The following resource was updated: `AWS::EntityResolution::IdMappingWorkflow`. AWS::EntityResolution::IdNamespace Use the `AWS::EntityResolution::IdNamespace` resource to specify a new ID namespace resource in AWS Entity Resolution. AWS::EntityResolution::IdNamespace Use the `AWS::EntityResolution::PolicyStatement` resource to specify a new policy statement resource in AWS Entity Resolution. AWS::EntityResolution::IdMappingWorkflow Use the `AWS::EntityResolution::IdMappingWorkflow IdMappingWorkflowInputSource` property to specify type of ID namespace (source or target).	April 2, 2024
Updated resource	The following resource was updated: `AWS::InternetMonitor::Monitor`. AWS::InternetMonitor::Monitor Use `Monitor.IncludeLinkedAccounts` to located accounts that you've linked with this monitor.	March 29, 2024
New resource	The following resource was added: AWS::APS::Scraper. AWS::APS::Scraper Use the AWS::APS::Scraper resource to create or update an Amazon Managed Service for Prometheus scraper. A scraper is a metrics collector that pulls metrics from Amazon EKS and sends them to your Amazon Managed Service for Prometheus workspace. For more information, see Using an AWS managed collector in the Amazon Managed Service for Prometheus User Guide.	March 29, 2024
Updated resource	The following resource was updated: AWS::CloudWatch::AnomalyDetector SingleMetricAnomalyDetector AWS::CloudWatch::AnomalyDetector SingleMetricAnomalyDetector In the SingleMetricAnomalyDetector resource, the `AccountId` field was added to enable you to create an anomaly detector in a monitoring account that watches a metric in a source account.	March 28, 2024
New resource	The following resource was added: `AWS::BCMDataExports::Export`. AWS::BCMDataExports::Export Use the `Export` and `Tags` property to specify the data query, delivery preference, and any optional resource tags.	March 28, 2024
Updated resource	The following resource was updated: AWS::RDS::Integration AWS::RDS::Integration Use the `DataFilter` property to specify which tables from the source database are sent to the target Amazon Redshift data warehouse. Use the `Description` property to provide a description of the integration.	March 27, 2024
New resource	The following resource was added: AWS::AppIntegrations::Application AWS::AppIntegrations::Application Use the `AWS::AppIntegrations::Application` resource to create an Application.	March 25, 2024
Updated resources	The following resource was updated: AWS::WAFv2::WebACL. AWS::WAFv2::WebACL Use the `AssociationConfig` property to increase the body inspection size limit beyond the new default limit of 16 KB for some regional resources. Prior to this, you could only increase the limit for CloudFront distributions.	March 21, 2024
Updated resource	The following resource was updated: `AWS::DataSync::Task`. AWS::DataSync::Task Use the `ManifestConfig` property to configure a manifest that lists the files or objects that you want to transfer.	March 20, 2024
Updated resource	The following property was added to the `AWS::DynamoDB::GlobalTable.ReplicaSpecification` and `AWS::DynamoDB::GlobalTable.ReplicaStreamSpecification` resources: `ResourcePolicy`. AWS::DynamoDB::GlobalTable.ReplicaSpecification.ResourcePolicy Use this property to attach a resource-based policy to the replica of a DynamoDB global table. AWS::DynamoDB::GlobalTable.ReplicaStreamSpecification.ResourcePolicy Use this property to attach a resource-based policy to the stream of a DynamoDB global table replica.	March 20, 2024
Updated resource	The following property was added to the `AWS::DynamoDB::Table` and `AWS::DynamoDB::Table.StreamSpecification` resources: `ResourcePolicy`. AWS::DynamoDB::Table.ResourcePolicy Use this property to attach a resource-based policy to a DynamoDB resource, such as a table and its index. AWS::DynamoDB::Table.StreamSpecification.ResourcePolicy Use this property to attach a resource-based policy to a table's stream.	March 20, 2024
Updated resources	The following resources were updated: AWS::WAFv2::WebACL and AWS::WAFv2::RuleGroup. AWS::WAFv2::WebACL Use the `EvaluationWindowSec` property in `RateBasedStatement` to specify the amount of time to include in request counts. AWS::WAFv2::RuleGroup Use the `EvaluationWindowSec` property in `RateBasedStatement` to specify the amount of time to include in request counts.	March 19, 2024
AWS CloudFormation introduces the `CONFIGURATION_COMPLETE` event to enable faster workflows involving creation of resources	AWS CloudFormation added the `CONFIGURATION_COMPLETE` event to enable faster workflows involving the creation of resources.	March 11, 2024
Updated resources	The following resources were updated: AWS::WAFv2::WebACL and AWS::WAFv2::RuleGroup. AWS::WAFv2::WebACL Use the `JA3Fingerprint` property in `FieldToMatch` to perform an exact match against the web request's JA3 fingerprint. AWS::WAFv2::RuleGroup Use the `JA3Fingerprint` property in `FieldToMatch` to perform an exact match against the web request's JA3 fingerprint.	March 7, 2024
Updated resource	The following resources were updated: AWS::AppSync::GraphQLApi, AWS::AppSync::Resolver, AWS::AppSync::DataSource AWS::AppSync::GraphQLApi Added support for enhanced metrics logging. AWS::AppSync::Resolver Added support for enhanced metrics logging. AWS::AppSync::DataSource Added support for enhanced metrics logging.	March 7, 2024
Updated resource	The following resource was updated: AWS::Amplify::Domain AWS::Amplify::Domain Use the `Certificate` property to specify the SSL/TLS certificate for the domain association. Use the `CertificateSettings` property to specify the type of SSL/TLS certificate to use for your custom domain.	March 1, 2024
New resource	The following resource was added: AWS::Timestream::InfluxDBInstance. AWS::Timestream::InfluxDBInstance Use the `AWS::Timestream::InfluxDBInstance` resource to create a new InfluxDB instance.	March 1, 2024
Updated resources	The following resource was updated: `AWS::Batch:JobDefinition`. Use the support for multi-container jobs. The following resources were added or updated: AWS::Batch::JobDefinition AWS::Batch::JobDefinition EcsProperties AWS::Batch::JobDefinition EcsTaskProperties AWS::Batch::JobDefinition TaskContainerDependency AWS::Batch::JobDefinition TaskContainerProperties	February 29, 2024
Updated resource	The following resource was updated: AWS::APS::Workspace. AWS::APS::Workspace You can use the optional `KmsKeyArn` property to specify a customer-managed KMS key to use when encrypting data in your Amazon Managed Service for Prometheus workspace. For more information, see Encryption at rest in the Amazon Managed Service for Prometheus User Guide.	February 23, 2024
Updated resource	The following resources were updated: AWS::AppSync::GraphQLApi AWS::AppSync::GraphQLApi Added `EnvironmentVariables` property.	February 15, 2024
Updated resource	The following resource was updated: AWS::CodePipeline::Pipeline. AWS::CodePipeline::Pipeline Added new trigger filtering on branches, file paths, pull request status. Added new PARALLEL and QUEUED execution modes for V2 type pipelines. Added field for manual timeout configuration in minutes.	February 15, 2024
Updated resource	The following resources were updated: AWS::IoTSiteWise::Asset and AWS::IoTSiteWise::AssetModel. AWS::IoTSiteWise::Asset Added the following properties: `AssetExternalId`. AWS::IoTSiteWise::AssetModel Added the following property: `AssetModelExternalId` and `AssetModelType`.	February 15, 2024
New properties	The following properties were added: AWS::Route53::RecordSet GeoProximityLocation and AWS::Route53::RecordSetGroup GeoProximityLocation. AWS::Route53::RecordSet GeoProximityLocation Use the `AWS::Route53::RecordSet GeoProximityLocation` property to specify a geoproximity resource recordset. AWS::Route53::RecordSetGroup GeoProximityLocation Use the `AWS::Route53::RecordSetGroup GeoProximityLocation` property to specify croperty to specify a geoproximity resource recordset.	February 15, 2024
New resources	The following resources were added: `AWS::NeptuneGraph::Graph` and `AWS::NeptuneGraph::PrivateGraphEndpoint`. AWS::NeptuneGraph::Graph Use the `AWS::NeptuneGraph::Graph` resource to specify a graph in Amazon Neptune Analytics. AWS::NeptuneGraph::PrivateGraphEndpoint Use the `AWS::NeptuneGraph::PrivateGraphEndpoint` resource to specify a private graph endpoint in Amazon Neptune Analytics.	February 13, 2024
Updated resources	The following resources were updated: `AWS::FSx::Filesystem` and `AWS::FSx::Volume` AWS::FSx::Filesystem Use the `HAPairs` and `ThroughputCapacityPerHAPair` `AWS::FSx::FileSystem OntapConfiguration` properties to create a scale out FSx for ONTAP file system. AWS::FSx::Volume Use the `AggregateConfiguration`, `SizeInBytes`, and `VolumeStyle` `AWS::FSx::Volume OntapConfiguration` properties when creating FSx for ONTAP volumes.	February 9, 2024
Updated resource	The following resource was updated: AWS::IoT::DomainConfiguration. AWS::IoT::DomainConfiguration The AWS::IoT::DomainConfiguration resource adds server certificate configuration parameter.	February 9, 2024
Updated resource	The following resource was updated: `AWS::Cassandra::Table`. AWS::Cassandra::Table.AutoScalingSpecifications Use the `AWS::Cassandra::Table.AutoScalingSpecifications` property to specify auto scaling settings for a table in provisioned capacity mode in Amazon Keyspaces (for Apache Cassandra). AWS::Cassandra::Table.ReplicaSpecification The `AWS::Cassandra::Table.ReplicaSpecification` property allows you to define different settings for replicas of a multi-Region table in Amazon Keyspaces (for Apache Cassandra).	February 2, 2024
Generate AWS CloudFormation templates and AWS CDK applications from existing AWS resources	With the CloudFormation IaC generator, you can generate a template using resources provisioned in your account that are not already managed by CloudFormation.	February 2, 2024
Updated resource	The following resource was updated: AWS::AutoScaling::AutoScalingGroup. AWS::AutoScaling::AutoScalingGroup InstanceRequirements Use the `MaxSpotPriceAsPercentageOfOptimalOnDemandPrice` property when using attribute-based instance type selection.	January 29, 2024
Updated resource	The following resource was updated: AWS::GroundStation::MissionProfile. ContactPostPassDurationSeconds property Updated description of the ContactPostPassDurationSeconds property. ContactPrePassDurationSeconds property Updated description of the ContactPrePassDurationSeconds property.	January 29, 2024
New resource	The following resource was added: AWS::RDS::Integration AWS::RDS::Integration Use the `AdditionalEncryptionContext` property for an optional set of non-secret key–value pairs that contain additional contextual information about the data. Use the `IntegrationName` property for the name of the integration. Use the `KMSKeyId` property for the AWS KMS key identifier for the key to use to encrypt the integration. Use the `SourceArn` property for the ARN of the database to use as the source for replication. Use the `Tags` property for a list of tags. Use the `TargetArn` property for the ARN of the Redshift data warehouse to use as the target for replication.	January 29, 2024
New resource	The following resource was added: AWS::InspectorV2::CisScanConfiguration. AWS::InspectorV2::CisScanConfiguration Use the `AWS::InspectorV2::CisScanConfiguration` resource to specify a CIS scan configuration.	January 23, 2024
New property	The following property was added: AWS::ECS::Service TimeoutConfiguration. AWS::ECS::Service TimeoutConfiguration Use the `TimeoutConfiguration` property to specify the timeout for Service Connect	January 22, 2024
New properties	The following properties were added: AWS::ECS::Service ServiceConnectTlsConfiguration and AWS::ECS::Service ServiceConnectTlsCertificateAuthority. AWS::ECS::Service ServiceConnectTlsConfiguration Use the `ServiceConnectTlsConfiguration` property to specify the key that encrypts and decrypts your resources for Service Connect TLS. AWS::ECS::Service ServiceConnectTlsConfiguration Use the `ServiceConnectTlsCertificateAuthority` property to specify the AWS Private Certificate Authority certificate.	January 22, 2024
New resources	The following property was updated: `AWS::Route53Resolver::FirewallRuleGroup FirewallRule`. AWS::Route53Resolver::FirewallRuleGroup FirewallRule Added a `Qtype` property to include a DNS query type for the DNS Firewall rule to evaluate.	January 19, 2024
Updated resource	The following property was added to the `AWS::DynamoDB::GlobalTable` resource: `KinesisStreamSpecification` AWS::DynamoDB::GlobalTable.KinesisStreamSpecification Use the `KinesisStreamSpecification` property to set timestamp precision for Kinesis Data Streams.	January 18, 2024
Updated resource	The following property was added to the `AWS::DynamoDB::Table` resource: `KinesisStreamSpecification` AWS::DynamoDB::Table.KinesisStreamSpecification Use the `KinesisStreamSpecification` property to set timestamp precision for Kinesis Data Streams.	January 18, 2024
New resource	The following resources were added: `AWS::DataZone::DataSource`, `AWS::DataZone::Domain`, `AWS::DataZone::Environment`, `AWS::DataZone::EnvironmentBlueprintConfiguration`, `AWS::DataZone::EnvironmentProfile`, `AWS::DataZone::Project`, `AWS::DataZone::SubscriptionTarget`. AWS::DataZone::DataSource Use the `AWS::DataZone::DataSource` resource to specify an Amazon DataZone data source that is used to import technical metadata of assets (data) from the source databases or data warehouses into Amazon DataZone. AWS::DataZone::Domain Use the `AWS::DataZone::Domain` resource to specify an Amazon DataZone domain. You can use domains to organize your assets, users, and their projects. AWS::DataZone::Environment Use the `AWS::DataZone::Environment` resource to specify an Amazon DataZone environment, which is a collection of zero or more configured resources with a given set of IAM principals who can operate on those resources. AWS::DataZone::EnvironmentBlueprintConfiguration Use the `AWS::DataZone::EnvironmentBlueprintConfiguration` resource to specify the configuration details of an environment blueprint. AWS::DataZone::EnvironmentProfile Use the `AWS::DataZone::EnvironmentProfile` resource to specify the details of an environment profile. AWS::DataZone::Project Use the `AWS::DataZone::Project` resource to specify an Amazon DataZone project. Projects enable a group of users to collaborate on various business use cases that involve publishing, discovering, subscribing to, and consuming data in the Amazon DataZone catalog. Project members consume assets from the Amazon DataZone catalog and produce new assets using one or more analytical workflows. AWS::DataZone::SubscriptionTarget Use the `AWS::DataZone::SubscriptionTarget` resource to specify an Amazon DataZone subscription target. Subscription targets enable you to access the data to which you have subscribed in your projects. A subscription target specifies the location (for example, a database or a schema) and the required permissions (for example, an IAM role) that Amazon DataZone can use to establish a connection with the source data and to create the necessary grants so that members of the Amazon DataZone project can start querying the data to which they have subscribed.	January 18, 2024
New resource	The following resource was added: AWS::IVS::Stage AWS::IVS::Stage Use the `Stage` resource to specify a stage, a virtual space where participants can exchange video in real time.	January 18, 2024
Added properties	Added PreTokenGenerationConfig to AWS::Cognito::UserPool LambdaConfig and AWS::Cognito::UserPool PreTokenGenerationConfig. Adds support for access token customization Lambda functions. AWS::Cognito::UserPool PreTokenGenerationConfig You can update the version of your Lambda trigger event. Version 2 includes details to customize access tokens and ID tokens.	January 18, 2024
Updated resource	The following resource was updated: AWS::Logs::AccountPolicy. AWS::Logs::AccountPolicy The AWS::Logs::AccountPolicy resource was updated to support account-level subscription filter policies, in addition to account-level data protection policies. For more information, see Account-level subscription filters.	January 15, 2024
New resource	The following resource was added: AWS::NetworkFirewall::TLSInspectionConfiguration AWS::NetworkFirewall::TLSInspectionConfiguration Use the `AWS::NetworkFirewall::TLSInspectionConfiguration` resource to specify a TLS inspection configuration for Network Firewall to use to decrypt traffic for inspection. Network Firewall re-encrypts the traffic before sending it to its destination.	January 10, 2024
Updated resources	The following resource was added: AWS::MediaTailor::Channel.TimeShiftConfiguration AWS::MediaTailor::Channel Use the `AWS::MediaTailor::Channel.TimeShiftConfiguration` resource for configuration for time-shifted viewing.	December 27, 2023
updated resources	The following resources were added: `AWS::Pinpoint::GCMChannel DefaultAuthenticationMethod` and `AWS::Pinpoint::GCMChannel DefaultAuthenticationMethod ServiceJson`. AWS::Pinpoint::GCMChannel DefaultAuthenticationMethod Added the `DefaultAuthenticationMethod` property to specify the default authentication method used for GCM. AWS::Pinpoint::GCMChannel ServiceJson Added the `ServiceJson` property to generate an access token for authentication.	December 26, 2023
New resource	The following resource was added: AWS::Connect::PredefinedAttribute AWS::Connect::PredefinedAttribute Use the `AWS::Connect::PredefinedAttribute` resource to create a predefined attribute in the specified instance.	December 22, 2023
Updated resource	The following resource was updated: `AWS::CodeCommit::Repository` AWS::CodeCommit::Repository Code Use the `KmsKeyId` property to encrypt and decrypt the repository.	December 21, 2023
New resources	The following resources were updated: `AWS::Route53Resolver::ResolverEndpoint` and `AAWS::Route53Resolver::ResolverRule TargetAddress`. AWS::Route53Resolver::ResolverEndpoint Added a `Protocols` property to specify the protocols for an endpoint. AWS::Route53Resolver::ResolverRule TargetAddress Added a `Protocols` property to specify the protocols for an endpoint target address.	December 20, 2023
Updated resource	The following resources were updated: AWS::AppSync::GraphQLApi AWS::AppSync::GraphQLApi Use the `IntrospectionConfig` property to enable or disable introspection. Use the `ResolverCountLimit` property to set the maximum number of resolvers that can be invoked in a single request. Use the `QueryDepthLimit` property to set the maximum depth a query can have in a single request.	December 19, 2023
New resource	The following resource was added: AWS::IoT::CertificateProvider. AWS::IoT::CertificateProvider Use the AWS::IoT::CertificateProvider resource to create a certificate provider.	December 19, 2023
Updated resource	The following resource was updated: `AWS::EKS::Cluster` `AWS::EKS::Cluster` Use the `AccessConfig` property to enable access entries, the `aws-auth` ConfigMap, or both for the cluster. An access entry allows an IAM user or role to access your cluster. Access entries can replace the need to maintain the `aws-auth` `ConfigMap` for authentication. You have the following options for authorizing an IAM user or role to access Kubernetes objects on your cluster: Kubernetes role-based access control (RBAC), Amazon EKS API, or both.	December 15, 2023
New resource	The following resource was added: `AWS::EKS::AccessEntry` `AWS::EKS::AccessEntry` Use the `AccessEntry` resource to create an access entry on your cluster. Access entries allow: Amazon EC2 nodes and nodes created from Fargate profiles to join your cluster. IAMroles used for any other purpose or IAM users to authenticate to your cluster and access Kubernetes objects on your cluster.	December 15, 2023
Updated resource	The following resource was updated: AWS::EFS::FileSystem AWS::EFS::FileSystem Use the `ReplicationOverwriteProtection` property for the new `FileSystemProtection` property type to enable or disable a file system's replication overwrite protection. Use the `TransitionToArchive` property to define the lifecycle policy for transitioning files into Archive storage.	December 14, 2023
New resource	The following resources were added: AWS::B2BI::Capability AWS::B2BI::Capability Use the `Capability` resource to specify trading capabilities for the B2BI service. AWS::B2BI::Transformer Use the `Transformer` resource to describe how to process incoming EDI (electronic data interchange) for the B2BI service. AWS::B2BI::Profile Use the `Profile` resource to specify details about one of your private networks for the B2BI service. AWS::B2BI::Partnership Use the `Partnership` resource to specify the connection between a profile and a trading partner for the B2BI service.	December 14, 2023
Updated resource	The following resources were updated: AWS::AppSync::GraphQLApi AWS::AppSync::GraphQLApi Use the `GraphQLEndpointArn` return value to get the GraphQL endpoint ARN.	December 13, 2023
Updated resource	The following resource was updated: AWS::ApplicationAutoScaling::ScalingPolicy. AWS::ApplicationAutoScaling::ScalingPolicy CustomizedMetricSpecification Use the `Metrics` property to use metric math to customize the metrics that you include in your target tracking scaling policy.	December 7, 2023
Updated resource	The following resource was updated: AWS::CloudTrail::EventDataStore AWS::CloudTrail::EventDataStore Use the `FederationEnabled` property to specify whether you want to federate the event data store. Federating an event data store lets you view the metadata associated with the event data store in the AWS Glue Data Catalog and run SQL queries against your event data using Amazon Athena. The table metadata stored in the AWS Glue Data Catalog lets the Athena query engine know how to find, read, and process the data that you want to query. For more information about Lake query federation, see Federate an event data store. AWS::CloudTrail::EventDataStore If the `FederationEnabled` property is set to `true`, use the `FederationRoleArn` property to specify the ARN for the federation role. The federation role must exist in your account and provide the required minimum permissions.	December 7, 2023
Updated resource	The following resource was updated: AWS::SNS::Topic. DeliveryStatusLogging Use the `DeliveryStatusLogging` to log the delivery status of messages sent from your Amazon SNS topic to subscribed endpoints with the following supported delivery protocols: Amazon Kinesis Data Firehose Amazon Simple Queue Service AWS Lambda HTTP Platform application endpoint	December 7, 2023
New resource	The following resource was added: AWS::SNS::Topic LoggingConfig. LoggingConfig The `LoggingConfig` property type specifies the `Delivery` status logging configuration for an `AWS::SNS::Topic`.	December 7, 2023
Updated resources	The following resources were updated: `AWS::CleanRooms::AnalysisTemplate`, `AWS::CleanRooms::Collaboration`, `AWS::CleanRooms::ConfiguredTable`, `AWS::CleanRooms::Collaboration` and `AWS::CleanRooms::Membership`. AWS::CleanRooms::ConfiguredTableAssociation Use the `Tag` property to specify a key-value pair for a collaboration. AWS::CleanRooms::Collaboration Use the `QueryComputePaymentConfig` property to specify the collaboration member's payment responsibilities for query compute costs. Use the `Tag` property to specify a key-value pair for a collaboration. AWS::CleanRooms::ConfiguredTable Use the `Tag` property to specify a key-value pair for a collaboration. AWS::CleanRooms::ConfiguredTableAssociation Use the `Tag` property to specify a key-value pair for a collaboration. AWS::CleanRooms::Membership Use the `MembershipPaymentConfiguration` and `MembershipQueryComputePaymentConfig` properties to specify payment responsibilities accepted by the collaboration member.	December 5, 2023
Updated resource	The following resource was updated:AWS::BillingConductor::CustomLineItem AccountId. AWS::BillingConductor::CustomLineItem AccountId You can specify the AWS account in which a custom line item will be charged to.	December 5, 2023
New resource	The following resource was added: AWS::WorkSpacesThinClient::Environment. AWS::WorkSpacesThinClient::Environment Use the `AWS::WorkSpacesThinClient::Environment` resource to create an environment for the Amazon WorkSpaces Thin Client service.	December 5, 2023
Updated resource	The following resource was updated: `AWS::CodeDeploy::DeploymentConfig`. AWS::CodeDeploy::DeploymentConfig Use the `ZonalConfig` property if you want CodeDeploy to deploy your application to one Availability Zone at a time.	December 4, 2023
New resource	The following resource was released: AWS::ARCZonalShift::ZonalAutoshiftConfiguration. Use `AWS::ARCZonalShift::ZonalAutoshiftConfiguration` to authorize AWS to shift away resource traffic for an application from an Availability Zone during events, on your behalf, to help reduce time to recovery. In addition, configure options for required weekly practice runs in zonal autoshift. Practice runs test the safety of shifting away your application traffic from one Availability Zone in an AWS Region.	December 1, 2023
New resource	The following resources were added: AWS::S3Express::DirectoryBucket and AWS::S3Express::BucketPolicy. AWS::S3Express::DirectoryBucket Use the `AWS::S3Express::DirectoryBucket` resource to create an Amazon S3 directory bucket. AWS::S3Express::BucketPolicy Use the `AWS::S3Express::BucketPolicy` resource to apply an S3 bucket policy to an S3 directory bucket.	December 1, 2023
Updated resources	`AWS::ElastiCache::ServerlessCache`. `AWS::ElastiCache::ReplicationGroup.ClusterMode` ServerlessCache enables the creation of caches with a variety of features including automatic scaling and related capabilities. For more information see Serverless caching.	November 27, 2023
Updated resource	The following resources were updated: AWS::CodeStarConnections::RepositoryLink and SyncConfiguration AWS::CodeStarConnections::Connection Use a repository link with a sync configuration to use Git sync.	November 27, 2023
Updated resource	The following resource was updated: AWS::AccessAnalyzer::Analyzer AWS::AccessAnalyzer::Analyzer Use the `AnalyzerConfiguration` property to specify the configuration for an Unused Access Analyzer.	November 27, 2023
New resource	The following resource was added: AWS::Backup::RestoreTestingPlan AWS::Backup::RestoreTestingPlan This resource was added for the feature Restore Testing.	November 27, 2023
New resource	The following resource was added: AWS::Backup::RestoreTestingSelection AWS::Backup::RestoreTestingSelection This resource was added for the feature Restore Testing.	November 27, 2023
Updated resource	The following resource was updated: AWS::ManagedBlockchain::Accessor AWS::ManagedBlockchain::Accessor Use the `NetworkType` property to choose the blockchain network that you are creating the `Accessor` for.	November 26, 2023
New resource	The following resource was added: `AWS::EKS::PodIdentityAssociation` `AWS::EKS::PodIdentityAssociation` Use the `PodIdentityAssociation` to create an EKS Pod Identity association to give IAM credentials to pods through service accounts. The previous method to do the same, IAM roles for service accounts, could only be managed inside Kubernetes.	November 26, 2023
Updated resource	The following resource was updated: AWS::CodePipeline::Pipeline. AWS::CodePipeline::Pipeline Added trigger and variables for V2 type pipelines.	November 19, 2023
New resource	The following properties and return values have been added: EndpointManagement The `EndpointManagement` property has added, letting you choose how you want to manage the Amazon VPC endpoints associated with your environment. You can choose to manage your own endpoints or let Amazon MWAAmanage them on your behalf. Return values Amazon MWAA is adding `CeleryExecutorQueue`, `DatabaseVpcEndpointService`, and `WebserverVpcEndpointService` as return values you can use in your templates.	November 19, 2023
Updated resources	The AWS::Transfer::Server and AWS::Transfer::User resources have been updated. AWS::Transfer::Server S3StorageOptions Use the `S3StorageOptions` property to specify how Transfer Family works with Amazon S3. AWS::Transfer::User HomeDirectoryMapEntry Use the `Type` parameter to specify whether the target of a logical directory mapping is a directory or a file.	November 17, 2023
New resource	The following parameters were added to the AWS::IoT::SecurityProfile resource. SecurityProfile MetricsExportConfig Specifies the MQTT topic and role ARN required for metric export. SecurityProfile Behavior ExportMetric Value indicates exporting metrics related to the behavior when it is true. SecurityProfile MetricsExportConfig RoleArn This role ARN has permission to publish MQTT messages, after which Device Defender Detect can assume the role and publish messages on your behalf. SecurityProfile MetricToRetain ExportMetric Value added in both `Behavior` and `AdditionalMetricsToRetainV2` to indicate if Device Defender Detect should export the corresponding metrics.	November 17, 2023
New resources	The following resources were updated: AWS::ECR::PullThroughCacheRule AWS::ECR::PullThroughCacheRule The `AWS::ECR::PullThroughCacheRule` property was updated to include the required properties to create a pull through cache rule for an upstream registry that requires authentication.	November 16, 2023
Updated resource	The following resource was updated: AWS::CloudTrail::EventDataStore AWS::CloudTrail::EventDataStore Use the `BillingMode` property to specify the billing mode to use for the event data store. The billing mode determines the cost for ingesting events and storing events, and the default and maximum retention period for the event data store. For more information, see Event data store pricing options in the AWS CloudTrail User Guide.	November 15, 2023
Updated resource	The following resource was updated: AWS::AutoScaling::AutoScalingGroup. AWS::AutoScaling::AutoScalingGroup Use the `InstanceMaintenancePolicy` property to meet specific capacity requirements during events that lead to instance replacement, such as health check failures or an instance refresh.	November 15, 2023
Updated resource	The following resource was updated: `AWS::Grafana::Workspace`. AWS::Grafana::Workspace Use the `PluginAdminEnabled` property of the `AWS::Grafana::Workspace` resource to allow workspace admins to install, uninstall, or update plugins in the Amazon Managed Grafana workspace.	November 15, 2023
New resource	The following resource was added: AWS::OpenSearchServerless::LifecyclePolicy. AWS::OpenSearchServerless::LifecyclePolicy Use the `AWS::OpenSearchServerless::LifecyclePolicy` resource to create lifecycle access policies for Amazon OpenSearch Serverless.	November 15, 2023
Updated resource	The following resource was updated: AWS::Pipes::Pipe. AWS::Pipes::Pipe Use the `PipeLogConfiguration` property to specify the configuration settings for the logs to which the pipe should report events.	November 14, 2023
Updated resource	The following resource was updated: AWS::CloudTrail::EventDataStore AWS::CloudTrail::EventDataStore Use the `InsightsDestination` property to specify the ARN (or ID suffix of the ARN) of the destination event data store that logs Insights events. AWS::CloudTrail::EventDataStore InsightSelector Use the `AWS::CloudTrail::EventDataStore InsightSelector` property to specify the types of Insights events you want to collect in your destination event data store. `ApiCallRateInsight` and `ApiErrorRateInsight` are valid Insights types.	November 10, 2023
Updated resource	The following resource was updated: AWS::RDS::DBInstance AWS::RDS::DBInstance Use the `AutomaticBackupReplicationRegion` property for the destination Region for the backup replication of the DB instance.	November 9, 2023
Updated resource	The following resource was updated: AWS::EC2::IPAM. AWS::EC2::IPAM IPAM is now offered in a Free Tier and an Advanced Tier. For more information about the features available in each tier and the costs associated with the tiers, see Amazon VPC pricing > IPAM tab.'	November 8, 2023
Updated resource	The following resource was updated: AWS::MWAA::Environment AirflowVersion The `AirflowVersion` property has been updated to include a new valid value for Apache Airflow version 2.7.2.	November 6, 2023
Updated resource	The documentation for the following resource was updated: AWS::AppRunner::Service AWS::AppRunner::Service.Tag.Value The value assigned to the Tag property of the App Runner service.	November 3, 2023
Updated resource	The documentation for the following resource was updated: AWS::AppRunner::AutoScalingConfiguration AWS::AppRunner::AutoScalingConfiguration.Tag The `Tag` added for the autoscaling configuration resource.	November 3, 2023
Updated resource	The documentation for the following resource was updated: AWS::AppRunner::ObservabilityConfiguration AWS::AppRunner::ObservabilityConfiguration.Tag.Key The key assigned to `Tag` property of the AWS App Runner observability configuration.	November 3, 2023
Updated resource	The documentation for the following resource was updated: AWS::AppRunner::Service AWS::AppRunner::Service.Tag The Tag assigned to App Runner service.	November 3, 2023
Updated resource	The following resource was updated: AWS::AppRunner::Service AWS::AppRunner::Service.CodeRepository.SourceDirectory New property. The SourceDirectory of the App Runner service.	November 3, 2023
Updated resource	The documentation for the following resource was updated: AWS::AppRunner::VpcIngressConnection AWS::AppRunner::VpcIngressConnection.Tag.Key The key assigned to `Tag` property of the VpcIngressConnection resource of the App Runner service.	November 3, 2023
Updated resource	The documentation for the following resource was updated: AWS::AppRunner::VpcIngressConnection AWS::AppRunner::VpcIngressConnection.Tag The tag assigned to the VpcIngressConnection resource of the App Runner service.	November 3, 2023
Updated resource	The documentation for the following resource was updated: AWS::AppRunner::VpcConnector AWS::AppRunner::VpcConnector.Tag.Value The value added to the `Tag` property of the VpcConnector resource.	November 3, 2023
Updated resource	The documentation for the following resource was updated: AWS::AppRunner::AutoScalingConfiguration AWS::AppRunner::AutoScalingConfiguration.Tag.Key The key added for the `Tag` property of autoscaling configuration resource.	November 3, 2023
Updated resource	The documentation for the following resource was updated: AWS::AppRunner::VpcConnector AWS::AppRunner::VpcConnector.Tag.Key The key added for the VpcConnector resource.	November 3, 2023
Updated resource	The documentation for the following resource was updated: AWS::AppRunner::ObservabilityConfiguration AWS::AppRunner::ObservabilityConfiguration.Tag.Value The value added for the `Tag` property of the AWS App Runner observability configuration.	November 3, 2023
Updated resource	The documentation for the following resource was updated: AWS::AppRunner::AutoScalingConfiguration AWS::AppRunner::AutoScalingConfiguration.Tag.Value The value added for the `Tag` property of autoscaling configuration resource.	November 3, 2023
Updated resource	The documentation for the following resource was updated: AWS::AppRunner::VpcIngressConnection AWS::AppRunner::VpcIngressConnection.Tag.Value The value assigned to the VpcIngressConnection resource of the App Runner service.	November 3, 2023
Updated resource	The documentation for the following resource was updated: AWS::AppRunner::Service AWS::AppRunner::Service.Tag.Key The key assigned to App Runner service.	November 3, 2023
Updated resource	The documentation for the following resource was updated: AWS::AppRunner::ObservabilityConfiguration AWS::AppRunner::ObservabilityConfiguration.Tag Use the `Tag` parameter to add a key-value pair to AWS App Runner observability configuration.	November 3, 2023
Updated resource	The documentation for the following resource was updated: AWS::AppRunner::VpcConnector AWS::AppRunner::VpcConnector.Tag Use the `AWS::AppRunner::VpcConnector Tag` resource to assign a key-value pair.	November 3, 2023
Updated resource	The following resource was updated: AWS::AppRunner::Service AWS::AppRunner::Service.NetworkConfiguration.IpAddressType New property. Use the `IpAddressType` property to select either IP4 or dual stack for your incoming public traffic.	November 3, 2023
Updated resource	The following resource was updated: `AWS::EMRServerless::Application MonitoringConfiguration`. AWS::EMRServerless::Application MonitoringConfiguration Use the `MonitoringConfiguration` property to set the monitoring configuration.	November 3, 2023
New attribute	The following attribute was added: AWS::SNS::Topic.ArchivePolicy. AWS::SNS::Topic Use the `AWS::SNS::Topic.ArchivePolicy` attribute to archive messages to an SNS topic. Only supported for FIFO topics.	October 26, 2023
New resource	The following parameter was added: DestinationPackageVersions to the AWS::IoT::JobTemplate resource in the Ningxia (cn-northest-1) Region. It is still available in the Beijing (cn-north-1) Region and other Regions where Service Package Catalog has been deployed. DestinationPackageVersions Use the DestinationPackageVersions paremeter in the AWS::IoT::JobTemplate resource to indentify the package version Amazon Resource Names (ARNs) that are installed on the device’s reserved named shadow ($package) when the job successfully completes.	October 25, 2023
Updated resource	The following property was updated: `AWS::EKS::Cluster` `AWS::EKS::Cluster ResourcesVpcConfig` You can change the `SubnetIds` and `SecurityGroupIds` property values once the cluster is created without interruptions. Previously, changing these property values required replacement.	October 24, 2023
Updated resources	The following resources were updated: `AWS::EntityResolution::MatchingWorkflow` and `AWS::EntityResolution::SchemaMapping`. AWS::EntityResolution::MatchingWorkflow Use the `AWS::EntityResolution::MatchingWorkflow IntermediateSourceConfiguration` property to temporarily store your data while it processes. Use the `AWS::EntityResolution::MatchingWorkflow ProviderProperties` property to specify configuration parameters to use with a provider service. AWS::EntityResolution::SchemaMapping Use `SubType` to specify a subtype of the attribute, selected from a list of values.	October 19, 2023
Updated resource	The following resources were updated: AWS::MSK::Configuration and AWS::MSK::BatchScramSecret. AWS::MSK::Configuration Creates a new MSK configuration. AWS::MSK::BatchScramSecret Represents a secret stored in the Amazon Secrets Manager that can be used to authenticate with a cluster using a user name and a password.	October 19, 2023
Updated resource	The following resource was updated: AWS::WAFv2::WebACL. AWS::WAFv2::WebACL Use the `EnableMachineLearning` property in `AWSManagedRulesBotControlRuleSet` to indicate whether to use machine learning (ML) to analyze your web traffic for bot-related activity. This setting applies only to the targeted protection level of the Bot Control managed rule group.	October 19, 2023
New resource	The following resource was added: `AWS::EntityResolution::IdMappingWorkflow`. AWS::EntityResolution::IdMappingWorkflow Use the `AWS::EntityResolution::IdMappingWorkflow` resource to specify a new ID mapping workflow resource in AWS Entity Resolution.	October 19, 2023
New resource	The following resources were added: AWS::MSK::Replicator. AWS::MSK::Replicator Use the `Replicator` property to create an MSK Replicator to reliably replicate data across Amazon MSK clusters.	October 19, 2023
Added properties	Added AWS::Cognito::LogDeliveryConfiguration and associated parameters for CloudWatch Logs configuration in user pools. AWS::Cognito::LogDeliveryConfiguration You can configure a user pool to log detailed information about user errors to CloudWatch Logs.	October 19, 2023
Updated resource	The following resource was updated: AWS::IoT::TopicRule KafkaAction. AWS::IoT::TopicRule KafkaAction The AWS::IoT::TopicRule KafkaAction resource adds headers parameter.	October 12, 2023
Updated resource	The following resource was added: AWS::IoT::SoftwarePackageVersion. AWS::IoT::SoftwarePackageVersion Use the AWS::IoT::SoftwarePackageVersion resource to create a package version. Note: The software package must exist before creating the package version.	October 12, 2023
Updated resource	The following resource was updated: AWS::Lambda::Function. AWS::Lambda::Function VpcConfig Use the `Ipv6AllowedForDualStack` property to allow outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets.	October 12, 2023
New resource	The following resource was added: AWS::IoT::SoftwarePackage. AWS::IoT::SoftwarePackage Use the AWS::IoT::SoftwarePackage resource to create a software package.	October 12, 2023
New resource	The following paremeter was added: DestinationPackageVersions to the AWS::IoT::JobTemplate resource in the Beijing (cn-north-1) Region and other Regions where Service Package Catalog has been deployed except for the the Ningxia (cn-northest-1) Region. DestinationPackageVersions Use the DestinationPackageVersions paremeter in the AWS::IoT::JobTemplate resource to indentify the package version Amazon Resource Names (ARNs) that are installed on the device’s reserved named shadow ($package) when the job successfully completes.	October 12, 2023
Updated resource	The following resource was updated: `AWS::InternetMonitor::Monitor`. AWS::InternetMonitor::Monitor Use `Monitor.Resources` to add or remove resources when making an update. If `Monitor.Resources` is non-empty during an update, `Monitor.ResourcesToAdd` and `Monitor.ResourcesToRemove` must be empty.	October 6, 2023
Updated resource	The following resource was updated: AWS::ServiceCatalog::PortfolioPrincipalAssociation. AWS::ServiceCatalog::PortfolioPrincipalAssociation Use the PrincipalType property to specify the type of principal associated with the portfolio.	October 5, 2023
Updated resources	The following resources were updated: AWS::Lightsail::Disk and AWS::Lightsail::Container AWS::Lightsail::Disk Location Use the `location` property to specify the location of the disk, such as the AWS Region and Availability Zone. AWS::Lightsail::Container PrivateRegistryAccess Use the `PrivateRegistryAccess` property to describe the configuration for a Lightsail container service to access private container image repositories, such as Amazon Elastic Container Registry (Amazon ECR) private repositories.	September 28, 2023
Updated resource	The following resource was updated: AWS::EFS::FileSystem. AWS::EFS::FileSystem Use the `ReplicationConfiguration` property to specify a replication configuration for a file system. Use the `ReplicationDestination` property to specify the destination file system for a replication configuration.	September 21, 2023
Updated resource	The following resource was updated: AWS::RDS::DBInstance AWS::RDS::DBInstance Use the `DomainAuthSecretArn` property to find the ARN for the Secrets Manager with the details for the user joining the domain. Use the `DomainDnsIps` property for the IP addresses of the Active Directory domain controllers. Use the `DomainFqdn` property for the fully qualified domain name (FQDN) of an Active Directory domain. Use the `DomainOu` property for the Active Directory organizational unit for your DB instance to join.	September 21, 2023
New resource	The following resource was added: AWS::Connect::SecurityProfile AWS::Connect::SecurityProfile Use the `AWS::Connect::SecurityProfile` resource to create a security profile in the specified instance.	September 21, 2023
New resource	Use the following resource to create a data store in AWS HealthImaging. AWS::HealthImaging::Datastore Creates a data store in AWS HealthImaging.	September 21, 2023
Updated resources	The following resources were updated: `AWS::AppStream::Fleet` and `AWS::AppStream::Fleet ComputeCapacity`. AWS::AppStream::Fleet Use the `MaxSessionsPerInstance` property to specify the maximum number of user sessions on an instance. This is applicable only for multi-session fleets. AWS::AppStream::Fleet ComputeCapacity Use the `DesiredSessions` property to specify the desired capacity in terms of number of user sessions for a multi-session fleet. AWS::AppStream::ApplicationFleetAssociation Use the `AWS::AppStream::ApplicationFleetAssociation` resource to specify an association between an application and fleet.	September 14, 2023
Updated resources	The following resources were added: AWS::MediaPackageV2::Channel, AWS::MediaPackageV2::ChannelGroup, AWS::MediaPackageV2::ChannelPolicy, AWS::MediaPackageV2::OriginEndpoint, and AWS::MediaPackageV2::OriginEndpointPolicy. AWS::MediaPackageV2::Channel Use the `AWS::MediaPackageV2::ChannelGroup` resource to specify the configuration parameters for a channel. AWS::MediaPackageV2::ChannelGroup Use the `AWS::MediaPackageV2::ChannelGroup` resource to specify the configuration parameters for a channel group. AWS::MediaPackageV2::ChannelPolicy Use the `AWS::MediaPackageV2::ChannelPolicy` resource to specify the configuration parameters for a channel policy. AWS::MediaPackageV2::OriginEndpoint Use the `AWS::MediaPackageV2::OriginEndpoint` resource to specify the configuration parameters for an origin endpoint. AWS::MediaPackageV2::OriginEndpointPolicy Use the `AWS::MediaPackageV2::OriginEndpointPolicy` resource to specify the configuration parameters for an origin endpoint policy.	September 14, 2023
Updated resource	The following resource was updated: AWS::BillingConductor::CustomLineItem LineItemFilter. AWS::BillingConductor::CustomLineItem LineItemFilter You can use `LineItemFilter` for your `CustomLineItem` to customize the definition of a billing group's total cost when you include the billing group as a resource value for a percentage custom line item.	September 7, 2023
Updated resource	The following resource was updated: `AWS::CleanRooms::Membership`. AWS::CleanRooms::Membership Use the `MembershipProtectedQueryOutputConfiguration`, `MembershipProtectedQueryResultConfiguration`, and `ProtectedQueryS3OutputConfiguration` properties to specify configurations for protected query results.	September 7, 2023
New resource	The following resource was added: AWS::Connect::View AWS::Connect::View Use the `AWS::Connect::View` resource to create a customer-managed view in the specified instance.	September 7, 2023
New resource	The following resource was added: AWS::Connect::ViewVersion AWS::Connect::ViewVersion Use the `AWS::Connect::ViewVersion` resource to create a version for the specified customer-managed view within the specified instance.	September 7, 2023
Updated resource	The following resource was updated: `AWS::CloudFormation::Stack`. `AWS::CloudFormation::Stack` The `Capabilities`, `ChangeSetId`, `CreationTime`, `Description`, `DisableRollback`, `EnableTerminationProtection`, `LastUpdateTime`, `Outputs`, `ParentId`, `RoleARN`, `RootId`, `StackId`, `StackName`, `StackPolicyBody`, `StackPolicyURL`, `StackStatus`, `StackStatusReason`, and `TemplateBody` properties can be accessed only when using AWS Cloud Control API.	August 31, 2023
Updated resource	The following resource was updated: `AWS::DataSync::Task`. AWS::DataSync::Task Use the `TaskReportConfig` property to configure task reports, which can help you monitor and audit your DataSync transfers.	August 31, 2023
New resource	The following resource was added: `AWS::CleanRooms::AnalysisTemplate` AWS::CleanRooms::AnalysisTemplate Use the `AWS::CleanRooms::AnalysisTemplate` resource to specify a new analysis template resource in AWS Clean Rooms.	August 31, 2023
New resource	The following resource was added: AWS::PCAConnectorAD::Connector AWS::PCAConnectorAD::Connector Creates and manage connector between AWS Private CA and an Active Directory.	August 31, 2023
New resource	The following resource was added: AWS::PCAConnectorAD::DirectoryRegistration AWS::PCAConnectorAD::DirectoryRegistration Create and manage a directory registration that authorizes communication between AWS Private CA and an Active Directory	August 31, 2023
New resource	The following resource was added: AWS::PCAConnectorAD::ServicePrincipalName AWS::PCAConnectorAD::ServicePrincipalName Create and manage service principal name (SPN) for the service account in Active Directory.	August 31, 2023
New resource	The following resource was added: AWS::PCAConnectorAD::TemplateGroupAccessControlEntry AWS::PCAConnectorAD::TemplateGroupAccessControlEntry Create and manage group access control entries from Active Directory groups.	August 31, 2023
New resource	The following resource was added: AWS::PCAConnectorAD::Template AWS::PCAConnectorAD::Template Create and manage an Active Directory compatible certificate template.	August 31, 2023
Updated resource	The following resource was updated: AWS::WAFv2::WebACL. AWS::WAFv2::WebACL Added guidance for managing web ACLs that you use with Shield Advanced automatic application layer DDoS mitigation.	August 30, 2023
Updated resource	The following resource was updated: `AWS::CleanRooms::ConfiguredTable`. AWS::CleanRooms::ConfiguredTable Use the `AnalysisRuleCustom` property to specify a configured table resource with the `custom` analysis rule type in AWS Clean Rooms.	August 24, 2023
Updated resource	The following resource was updated: `AWS::EMRServerless::Application`. AWS::EMRServerless::Application The `ReleaseLabel` property can now be modified.	August 24, 2023
New resources	The following resource was added: `AWS::EntityResolution::MatchingWorkflow`. AWS::EntityResolution::MatchingWorkflow Use the `AWS::EntityResolution::MatchingWorkflow` resource to specify a new matching workflow resource in AWS Entity Resolution.	August 24, 2023
New resources	The following resources were added: `AWS::WorkSpacesWeb::BrowserSettings`, `AWS::WorkSpacesWeb::IdentityProvider`, `AWS::WorkSpacesWeb::IpAccessSettings`, `AWS::WorkSpacesWeb::NetworkSettings`, `AWS::WorkSpacesWeb::Portal`, `AWS::WorkSpacesWeb::TrustStore`, `AWS::WorkSpacesWeb::UserAccessLoggingSettings`, and `AWS::WorkSpacesWeb::UserSettings`. AWS::WorkSpacesWeb::BrowserSettings Use the `AWS::WorkSpacesWeb::BrowserSettings` resource to specify browser settings that can be associated with a web portal. AWS::WorkSpacesWeb::IdentityProvider Use the `AWS::WorkSpacesWeb::IdentityProvider` resource to specify an identity provider that is then associated with a web portal. AWS::WorkSpacesWeb::IpAccessSettings Use the `AWS::WorkSpacesWeb::IpAccessSettings` resource to specify IP access settings that can be associated with a web portal. AWS::WorkSpacesWeb::NetworkSettings Use the `AWS::WorkSpacesWeb::NetworkSettings` resource to specify network settings that can be associated with a web portal. AWS::WorkSpacesWeb::Portal Use the `AWS::WorkSpacesWeb::Portal` resource to specify a web portal, which users use to start browsing sessions. AWS::WorkSpacesWeb::TrustStore Use the `AWS::WorkSpacesWeb::TrustStore` resource to specify a trust store that can be associated with a web portal. AWS::WorkSpacesWeb::UserAccessLoggingSettings Use the `AWS::WorkSpacesWeb::UserAccessLoggingSettings` resource to specify user access logging settings that can be associated with a web portal. AWS::WorkSpacesWeb::UserSettings Use the `AWS::WorkSpacesWeb::UserSettings` resource to specify user settings that can be associated with a web portal.	August 24, 2023
Updated resource	AWS::NetworkManager::ConnectPeer was updated. AWS::NetworkManager::ConnectPeer Use the `SubnetArn` property to specify the subnet ARN of a Connect peer.	August 23, 2023
New resource	The following resource was added: AWS::Kinesis::ResourcePolicy. AWS::Kinesis::ResourcePolicy Use the `ResourcePolicy` property to apply an Amazon resource policy to an Amazon Kinesis Data Streams stream or consumer.	August 23, 2023
Updated resources	The following resources were added: AWS::MediaTailor::Channel, AWS::MediaTailor::ChannelPolicy, AWS::MediaTailor::LiveSource, AWS::MediaTailor::SourceLocation, and AWS::MediaTailor::VodSource AWS::MediaTailor::Channel Use the `AWS::MediaTailor::Channel` resource to specify the configuration parameters for a channel. AWS::MediaTailor::ChannelPolicy Use the `AWS::MediaTailor::ChannelPolicy` resource to specify an IAM policy for the channel. AWS::MediaTailor::LiveSource Use the `AWS::MediaTailor::LiveSource` resource to specify configuration parameters for a live source. AWS::MediaTailor::SourceLocation Use the `AWS::MediaTailor::SourceLocation` resource to specify configuration parameters for a source location. AWS::MediaTailor::VodSource Use the `AWS::MediaTailor::VodSource` resource to specify configuration parameters for a VOD source.	August 17, 2023
Updated resource	The following resources were updated: AWS::AppSync::GraphQLApi AWS::AppSync::GraphQLApi Updated several properties to mutable values.	August 17, 2023
Updated resource	The following resource was updated: `AWS::FSx::Filesystem` AWS::FSx::Filesystem The `AWS::FSx::FileSystem OpenZFSConfiguration` and `AWS::FSx::FileSystem WindowsConfiguration` resources were updated.	August 17, 2023
New resources	The following resource was added: `AWS::EntityResolution::SchemaMapping`. AWS::EntityResolution::SchemaMapping Use the `AWS::EntityResolution::SchemaMapping` resource to specify a new schema mapping resource in AWS Entity Resolution.	August 17, 2023
New resource	The following resource was added: AWS::EC2::InstanceConnectEndpoint. AWS::EC2::InstanceConnectEndpoint Creates an EC2 Instance Connect Endpoint.	August 17, 2023
New resource	The following resource was added: AWS::Route53Resolver::OutpostResolver AWS::Route53Resolver::OutpostResolver Use the `AWS::Route53Resolver::OutpostResolver` resource to specify information about a Route 53 Resolver on an AWS Outposts.	August 17, 2023
Updated resource	The following resource was updated: AWS::EC2::LaunchTemplate NetworkInterface. AWS::EC2::LaunchTemplate NetworkInterface Use the `PrimaryIpv6` property to specify a primary IPv6 address on a network interface.	August 10, 2023
Updated resource	The following resource was updated: AWS::IVS::RecordingConfiguration AWS::IVS::RecordingConfiguration Use the `RecordingConfiguration` resource to configure a stream recording.	August 10, 2023
Updated resource	The following resource was updated: AWS::WAFv2::WebACL. AWS::WAFv2::WebACL Use the `AWSManagedRulesACFPRuleSet` property to configure your use of the account creation fraud prevention (ACFP) managed rule group, in a managed rule group reference statement. For protected CloudFront distributions, in addition to inspecting account registration and account creation requests, you can also use ACFP to block new account creation attempts from clients that have recently submitted too many failed account creation attempts. Use the `EnableRegexInPath` setting in the `AWSManagedRulesATPRuleSet` property to enable the use of regex in the login page path specification.	August 10, 2023
New resource	The following resource was added: AWS::Connect::TrafficDistributionGroup AWS::Connect::TrafficDistributionGroup Use the `AWS::Connect::TrafficDistributionGroup` resource to get information about a traffic distribution group.	August 10, 2023
New resource	The following resource was added: AWS::DataSync::LocationAzureBlob. AWS::DataSync::LocationAzureBlob Use the `AWS::DataSync::LocationAzureBlob` resource to create a transfer location for a Microsoft Azure Blob Storage container.	August 10, 2023
Updated resource	The following resource was updated: AWS::MWAA::Environment AirflowVersion The `AirflowVersion` property has been updated to include a new valid value for Apache Airflow version 2.6.3.	August 9, 2023
New resources	The following resource was updated: `AWS::Batch:JobDefinition`. AWS::Batch::JobDefinition RuntimePlatform Use the `RuntimePlatform` property to specify the `CpuArchitecture` and `OperatingSystemFamily` for AWS Batch jobs on AWS Fargate.	August 8, 2023
Updated resource	The following resource was updated: AWS::BillingConductor::BillingGroup AccountGrouping. AWS::BillingConductor::BillingGroup AccountGrouping You can use `AutoAssociate` so that your billing group will automatically associate newly added AWS accounts that join your consolidated billing family.	August 3, 2023
Updated resource	The following resources were added: `AWS::DMS::ReplicationConfig`, `AWS::DMS::ComputeConfig`. The following resources were updated: `AWS::DMS::RedshiftSettings`, `AWS::DMS::ComputeConfig`. AWS::DMS::Endpoint.ReplicationConfig Added `ReplicationConfig`. Use `ReplicationConfig` to configure a serverless replication. AWS::DMS::Endpoint.ReplicationConfig Added `ComputeConfig`. Use `ComputeConfig` to configure provisioning for a serverless replication. AWS::DMS::Endpoint.MongoDbSettings Added `MapBooleanAsBoolean` attributes to `RedshiftSettings`. Use `MapBooleanAsBoolean` to configure how DMS migrates boolean values. AWS::DMS::Endpoint.MongoDbSettings Added `MapBooleanAsBoolean` to `PostgreSQLSettings`. Use `MapBooleanAsBoolean` to configure how DMS migrates boolean values.	August 3, 2023
Updated resource	The following resource was updated: AWS::EC2::NetworkInterface. AWS::EC2::NetworkInterface Use the `EnablePrimaryIpv6` property to enable a primary IPv6 address on a network interface.	August 3, 2023
Updated resource	The following resource was updated: AWS::SQS::QueueInlinePolicy AWS::SQS::QueueInlinePolicy You can now associate one Amazon SQS policy with one queue.	August 3, 2023
New and updated resources	The AWS::Transfer::Connector As2Config resource has been updated with several new parameters. Also, the AWS::Transfer::Connector Sftp2Config resource has been added. AWS::Transfer::Connector As2Config Multiple parameters have been added for this resource. See the linked documentation for details. AWS::Transfer::Connector SftpConfig Use the `SftpConfig` resource to specify values for a connector. The connector establishes a relationship between your AWS storage and a partner's SFTP server.	August 3, 2023
New resource	The following resource was added: AWS::SNS::TopicInlinePolicy. AWS::SNS::TopicInlinePolicy Use the `AWS::SNS::TopicInlinePolicy` resource to associate one Amazon SNS topic with one policy.	August 2, 2023
Updated resources	The following resources were updated: AWS::WAFv2::WebACL and AWS::WAFv2::RuleGroup. AWS::WAFv2::WebACL Use the `AggregateKeyType` and `CustomKeys` properties in rate based rules to configure custom web request aggregation for rate limiting. AWS::WAFv2::RuleGroup Use the `AggregateKeyType` and `CustomKeys` properties in rate based rules to configure custom web request aggregation for rate limiting.	July 27, 2023
`Fn::ForEach` intrinsic function	The `Fn::ForEach` intrinsic function introduces looping capabilities to your AWS CloudFormation templates. With `Fn::ForEach`, you can replicate parts of your templates with minimal lines of code. You can use `Fn::ForEach` to simplify your template layout and make it easier and faster for you and your peers to review your code. For more information, see `Fn::ForEach`.	July 25, 2023
Detailed StackSet drift information	The following APIs allow users to see which stack instances have drifted from the StackSet template and which resources have drifted. `ListStackInstanceResourceDrifts` Returns drift information for resources in a stack instance. `StackInstanceResourceDriftsSummary` The structure containing summary information about resource drifts for a stack instance.	July 24, 2023
Updated resource	The following resource was updated: `AWS::FSx::Volume` AWS::FSx::Volume Use the `SnapLockConfiguration` resource to create an ONTAP SnapLock volume.	July 20, 2023
New resources	The following resources were added: `AWS::IAM::GroupPolicy`, `AWS::IAM::RolePolicy`, and `AWS::IAM::UserPolicy`. AWS::IAM::GroupPolicy Use the `AWS::IAM::GroupPolicy` resource to specify an inline policy document that is embedded in the IAM group. AWS::IAM::RolePolicy Use the `AWS::IAM::RolePolicy` resource to specify an inline policy document that is embedded in the IAM role. AWS::IAM::UserPolicy Use the `AWS::IAM::UserPolicy` resource to specify an inline policy document that is embedded in the IAM user.	July 20, 2023
New resource	The following resource was added: AWS::Logs::LogAnomalyDetector. AWS::Logs::LogAnomalyDetector Use the AWS::Logs::LogAnomalyDetector resource to create or update a log anomaly detector. A log anomaly detector anomaly scans the log events ingested into the log group and finds anomalies in the log data. For more information, see Log anomaly detection.	July 20, 2023
New resource	The following resource was added: AWS::Logs::AccountPolicy. AWS::Logs::AccountPolicy Use the AWS::Logs::AccountPolicy resource to create or update an account-level data protection policy that applies to all log groups in the account. A data protection policy can help safeguard sensitive data that's ingested by your log groups by auditing and masking the sensitive log data.. For more information, see Protect sensitive log data with masking.	July 20, 2023
New resource	The following resource was added: AWS::Connect::RoutingProfile AWS::Connect::RoutingProfile Use the `AWS::Connect::RoutingProfile` resource to create a routing profile for the specified Amazon Connect instance.	July 20, 2023
New resource	The following resource was added: AWS::Connect::Queue AWS::Connect::Queue Use the `AWS::Connect::Queue` resource to create a queue for the specified Amazon Connect instance.	July 20, 2023
Updated resource	The following resource was updated: `AWS::CleanRooms::ConfiguredTable` AWS::CleanRooms::ConfiguredTable Use the `AWS::CleanRooms::ConfiguredTable` resource to specify a new configured table resource in AWS Clean Rooms.	July 13, 2023
Updated resource	The following resource was updated: `AWS::InternetMonitor::Monitor`. AWS::InternetMonitor::Monitor Use `Monitor.HealthEventsConfig` to set the threshold for when Internet Monitor creates a health event. You can set the threshold for the availability score, performance score, or both.	July 13, 2023
Updated resource	The following resource was updated: AWS::IoT::JobTemplate. AWS::IoT::JobTemplate JobExecutionsRetryConfig The AWS::IoT::JobTemplate JobExecutionsRetryConfig resource adds a description for the RetryCriteriaList parameter.	July 13, 2023
Updated resource	The following resource was updated: AWS::IoT::JobTemplate. AWS::IoT::JobTemplate JobExecutionsRolloutConfig The AWS::IoT::JobTemplate JobExecutionsRolloutConfig resource adds a description for the ExponentialRolloutRate parameter.	July 13, 2023
Updated resource	The following resource was updated: AWS::SageMaker::Endpoint. AWS::SageMaker::Endpoint Use the `RollingUpdatePolicy` in the `AWS::SageMaker::Endpoint` resource to create a new rolling deployment for updating a SageMaker endpoint.	July 13, 2023
New resource	The following resource was added: AWS::Transfer::Server StructuredLogDestination AWS::Transfer::Server StructuredLogDestination Use the `StructuredLogDestination` resource to specify the log groups to which your AWS Transfer Family server logs are sent.	July 6, 2023
Updated resources	The following resource was updated: `AWS::AppStream::AppBlock` AWS::AppStream::AppBlock Use the `PackagingType` property to specify the packaging type of the app block. AWS::AppStream::AppBlock Use the `PostSetupScriptDetails` property to specify the post setup script details of the app block.	June 29, 2023
Updated resource	The following resource was updated: AWS::EC2::KeyPair. AWS::EC2::KeyPair Use the `KeyFormat` property to specify the format for the key pair.	June 29, 2023
Updated resource	The following resource was updated: AWS::WAFv2::WebACL. AWS::WAFv2::WebACL Use the `AssociationConfig` property to increase the body inspection size limit for CloudFront distributions beyond the new default size limit of 16 KB. This update doesn't affect protections for regional resources.	June 29, 2023
New resources	The following resource was added: `AWS::AppStream::AppBlockBuilder` AWS::AppStream::AppBlockBuilder Use the `AWS::AppStream::AppBlockBuilder` resource to create an app block builder.	June 29, 2023
New resources	The following resources were added: AWS::VerifiedPermissions::IdentitySource, AWS::VerifiedPermissions::Policy, AWS::VerifiedPermissions::PolicyStore, and AWS::VerifiedPermissions::PolicyTemplate. AWS::VerifiedPermissions::IdentitySource Use the `AWS::VerifiedPermissions::IdentitySource` resource to specify an identity source in Amazon Verified Permissions. AWS::VerifiedPermissions::Policy Use the `AWS::VerifiedPermissions::policy` resource to specify a static or template-linked policy in Amazon Verified Permissions. AWS::VerifiedPermissions::PolicyStore Use the `AWS::VerifiedPermissions::PolicyStore` resource to specify a policy store in Amazon Verified Permissions. AWS::VerifiedPermissions::PolicyTemplate Use the `AWS::VerifiedPermissions::PolicyTemplate` resource to specify a policy template in Amazon Verified Permissions.	June 29, 2023
New resource	The following new resource was added: AWS::Comprehend::DocumentClassifier. Use the AWS::Comprehend::DocumentClassifier resource to create and train custom document classifiers in Amazon Comprehend.	June 29, 2023
Updated resource	The following resource was updated: `AWS::Cassandra::Keyspace`. AWS::Cassandra::Keyspace.ReplicationSpecification Use the `AWS::Cassandra::Keyspace.ReplicationSpecification` property to create a multi-Region keyspace in Amazon Keyspaces (for Apache Cassandra).	June 26, 2023
New resources	The following resources were added: `AWS::StepFunctions::StateMachineAlias` and `AWS::StepFunctions::StateMachineVersion`. `AWS::StepFunctions::StateMachineAlias` Use the `AWS::StepFunctions::StateMachineAlias` resource to create an alias that routes traffic to one or two versions of the same state machine. `AWS::StepFunctions::StateMachineVersion` Use the `AWS::StepFunctions::StateMachineVersion` resource to create multiple versions of a state machine.	June 22, 2023
New resource	The following resource was added: AWS::AppRunner::AutoScalingConfiguration AWS::AppRunner::AutoScalingConfiguration Use the `AWS::AppRunner::AutoScalingConfiguration` resource to create or update an AWS App Runner automatic scaling configuration resource.	June 22, 2023
New resource	The following resource was added: `AWS::Organizations::Organization.` AWS::Organizations::Organization Use the `AWS::Organizations::Organization` resource to create an AWS organization. The account you use to create the organization automatically becomes the management account of the new organization.	June 22, 2023
New and updated resources	The following resource was updated: AWS::SecurityHub::Hub. The following resource was added: AWS::SecurityHub::Standard. AWS::SecurityHub::Hub Use the `AutoEnableControls` property to specify whether you want Security Hub to automatically enable new controls as they are added to your enabled standards. For more information, see Enabling new controls in enabled standards automatically. Use the `ControlFindingGenerator` property to specify whether you want Security Hub to generate a single finding or separate findings when a control applies to multiple standards. For more information, see Consolidated control findings. Use the `EnableDefaultStandards` property to specify whether you want to enable security standards that Security Hub has designated as default standards. For more information, see Automatically enabled security standards. AWS::SecurityHub::Standard Use the `AWS::SecurityHub::Standard` resource to enable a specified security standard in Security Hub.	June 22, 2023
Updated resources	The following resource was updated: AWS::WAFv2::WebACLAssociation. AWS::WAFv2::WebACLAssociation The `ResourceArn` property now accepts `AWS` Verified Access instance ARNs.	June 17, 2023
Updated resource	The following resource was updated: AWS::IVS::Channel AWS::IVS::Channel Use the `preset` property to set a transcode preset, based on bandwidth delivery, for the channel. Available only for advanced channel types.	June 15, 2023
Updated resource	The following resource was updated: AWS::S3::Bucket. AWS::S3::Bucket ServerSideEncryptionByDefault Updated `SSEAlgorithm` to add a new allowed value: `DSSE-KMS`. You can apply this setting to enable dual-layer server-side encryption with AWS KMS keys.	June 15, 2023
New resources	The following resources were added: `AWS::CleanRooms::Collaboration`, `AWS::CleanRooms::ConfiguredTable`, `AWS::CleanRooms::ConfiguredTableAssociation`, and `AWS::CleanRooms::Membership`. AWS::CleanRooms::Collaboration Use the `AWS::CleanRooms::Collaboration` resource to specify a new collaboration resource in AWS Clean Rooms. AWS::CleanRooms::ConfiguredTable Use the `AWS::CleanRooms::ConfiguredTable` resource to specify a new configured table resource in AWS Clean Rooms. AWS::CleanRooms::ConfiguredTableAssociation Use the `AWS::CleanRooms::ConfiguredTable` resource to specify a new configured association resource in AWS Clean Rooms. AWS::CleanRooms::Membership Use the `AWS::CleanRooms::Membership` resource to specify a membership for a specific collaboration identifier and join the collaboration in AWS Clean Rooms.	June 15, 2023
New resources	The following resources were added: `AWS::MediaConnect::Bridge`, `AWS::MediaConnect::BridgeOutput`, `AWS::MediaConnect::BridgeSource`, and `AWS::MediaConnect::Gateway`. AWS::MediaConnect::Bridge Use the `AWS::MediaConnect::Bridge` resource to create a connection between your data center instance and the cloud. AWS::MediaConnect::BridgeOutput Use the `AWS::MediaConnect::BridgeOutput` resource to add new outputs to an existing bridge. AWS::MediaConnect::BridgeSource Use the `AWS::MediaConnect::BridgeSource` resource to add new sources to an existing bridge. AWS::MediaConnect::Gateway Use the `AWS::MediaConnect::Gateway` resource to create a gateway. The gateway is a logical grouping of Instances and Bridges. Each gateway utilizes user-defined IP information for communication between data centers and the cloud.	June 15, 2023
New resource	The following resource was added: AWS::RDS::CustomDBEngineVersion AWS::RDS::CustomDBEngineVersion The `DatabaseInstallationFilesS3BucketName` property is the name of an Amazon S3 bucket that contains database installation files for your CEV. The `DatabaseInstallationFilesS3Prefix` property is the Amazon S3 directory that contains the database installation files for your CEV. Use the `Description` property to provide an optional description of your CEV. Use the `Engine` property to indicate the database engine to use for your custom engine version (CEV). Use the `EngineVersion` property to indicate the name of your CEV in the format `19.customized_string`. Use the `KMSKeyId` property for the AWS KMS key identifier for an encrypted CEV. The `Manifest` property is the CEV manifest, which is a JSON document that describes the installation .zip files stored in Amazon S3. The `Status` property provides the status of a custom engine version (CEV). The `Tags` property allows you to add metadata to your RDS resource.	June 15, 2023
New resource	The following resource was added: AWS::SecurityHub::AutomationRule. AWS::SecurityHub::AutomationRule Use the `AWS::SecurityHub::AutomationRule` resource to specify an automation rule based on criteria that you define.	June 15, 2023
Updated resource	The following resource was updated: AWS::CloudTrail::EventDataStore AWS::CloudTrail::EventDataStore Use the `IngestionEnabled` property to specify whether you want the event data store to ingest events.	June 8, 2023
Updated resource	The following resource was updated: AWS::CustomerProfiles::EventStream. AWS::CustomerProfiles::EventStream Use the `AWS::CustomerProfiles::EventStream` resource to create a new event stream in Amazon Connect Customer Profiles Service.	June 8, 2023
New resource	The following resource was added: AWS::Athena::CapacityReservation AWS::Athena::CapacityReservation Use the `AWS::Athena::CapacityReservation` resource to specify dedicated processing capacity for the queries you run in Athena. You can assign one or more workgroups to the reservation. Capacity is fully managed by Athena and held for you as long as you require.	June 8, 2023
New Properties	The following properties were added: AWS::Omics::Workflow.Accelerators, AWS::Omics::RunGroup.MaxGpus, AWS::Omics::AnnotationStore.SchemaItem, and AWS::Omics::SequenceStore.FallbackLocation. AWS::Omics::Workflow Use the `AWS::Omics::Workflow.Accelerators` property to specify the accelerator used for your workflow in Amazon Omics. AWS::Omics::RunGroup Use the `AWS::Omics::RunGroup.MaxGpus` property to specify the max GPUs for your run group in Amazon Omics. AWS::Omics::AnnotationStore Use the `AWS::Omics::AnnotationStore.SchemaItem` property to specify a schema item. Omics. AWS::Omics::SequenceStore Use the `AWS::Omics::SequenceStore.FallbackLocation` property update to specify a fallback location for files that don't upload successfully. Omics.	June 8, 2023
AWS CloudFormation StackSets APIs to control AWS Organizations trust access	AWS CloudFormation StackSets provides customers with the following APIs for managing AWS Organizations trust access: `ActivateOrganizationsAccess` Activate trusted access with AWS Organizations. With trusted access between StackSets and Organizations activated, the management account has permissions to create and manage StackSets for your organization. `DeactivateOrganizationsAccess` Deactivates trusted access with AWS Organizations. If trusted access is deactivated, the management account does not have permissions to create and manage service-managed StackSets for your organization. `DescribeOrganizationsAccess` Retrieves information about the account's `OrganizationAccess` status. This API can be called either by the management account or the delegated administrator by using the `CallAs` parameter. This API can also be called without the `CallAs` parameter by the management account.	June 5, 2023
Updated resource	The following resource was updated: AWS::GroundStation::DataflowEndpointGroup. ContactPostPassDurationSeconds property Updated description of the ContactPostPassDurationSeconds property. ContactPrePassDurationSeconds property Updated description of the ContactPrePassDurationSeconds property.	June 2, 2023
Updated resource	The following resource was updated: AWS::CustomerProfiles::CalculatedAttributeDefinition. AWS::CustomerProfiles::CalculatedAttributeDefinition Use the `AWS::CustomerProfiles::CalculatedAttributeDefinition` resource to create a new integration in Amazon Connect Customer Profiles Service.	June 1, 2023
Updated resource	The following resource was added: AWS::Detective::Graph AWS::Detective::Graph `AutoEnableMembers` indicates whether to automatically enable new organization accounts as member accounts in the organization behavior graph.	June 1, 2023
Updated resource	The following resource was updated: AWS::IoTFleetWise::Campaign AWS::IoTFleetWise::Campaign The `AWS::IoTFleetWise::Campaign` resource now supports sending vehicle data to Amazon S3 or Amazon Timestream.	June 1, 2023
Updated resource	The following resource was updated: AWS::RefactorSpaces::Route. AWS::RefactorSpaces::Route In the UriPathRouteInput property type, use the `AppendSourcePath` property to specify whether to append the source path to the service URL endpoint.	June 1, 2023
Updated resource	The following resource was updated: `AWS::WorkSpaces::ConnectionAlias` AWS::WorkSpaces::ConnectionAlias The `ConnectionAliasAssociation` property was removed from the `AWS::WorkSpaces::ConnectionAlias` resource.	June 1, 2023
New resource	The following resource was updated: AWS::Detective::OrganizationAdmin AWS::Detective::OrganizationAdmin Designates the Detective administrator account for the organization in the current region.	June 1, 2023
Added resource	The following resource was added: AWS::Cognito::IdentityPoolPrincipalTag AWS::Cognito::IdentityPoolPrincipalTag AWS::Cognito::IdentityPoolPrincipalTag is a map of identity pool user claims to principal tags that you want to apply to your user's temporary session.	May 26, 2023
Updated resource	The following resource was updated: `AWS::Grafana::Workspace`. AWS::Grafana::Workspace Use the `GrafanaVersion` property of the `AWS::Grafana::Workspace` resource to configure the version of Grafana to support in your Amazon Managed Grafana workspace.	May 25, 2023
Updated resource	The following resource was updated: AWS::OpenSearchService::Domain. AWS::OpenSearchService::Domain Use the `MultiAZWithStandbyEnabled` property within `ClusterConfig` to deploy a domain with the Multi-AZ with Standby option.	May 25, 2023
Updated resource	The `ScalingMode` property was revised for the AWS::SES::DedicatedIpPool resource: AWS::SES::DedicatedIpPool The `ScalingMode` property changed its Update requires: definition from Replacement to Some interruptions.	May 25, 2023
New resources	The following resources were updated: AWS::AppSync::GraphQLApi AWS::AppSync::GraphQLApi Use the `ApiType` property to specify whether the type of a GraphQL API is standard or merged. Use the `MergedApiExecutionRoleArn` property to specify the service role ARN for a merged API. Use the `OwnerContact` property to specify the owner contact information for an API resource. The following resources were added: AWS::AppSync::SourceApiAssociation AWS::AppSync::SourceApiAssociation Use the `AWS::AppSync::SourceApiAssociation` resource to describe the configuration of a source API.	May 25, 2023
New resources	The following resources were added: `AWS::Shield::DRTAccess`, `AWS::Shield::ProactiveEngagement`, `AWS::Shield::Protection`, and `AWS::Shield::ProtectionGroup`. AWS::Shield::DRTAccess Use the `AWS::Shield::DRTAccess` resource to give permissions to the Shield response team (SRT) to access your account and your resource protections. This permits them to help you mitigate distributed denial of service (DDoS) attacks. AWS::Shield::ProactiveEngagement Use the `AWS::Shield::ProactiveEngagement` resource to enable and disable authorization for the the Shield Response Team (SRT) to contact you and to initiate proactive support for potential attacks. AWS::Shield::Protection Use the `AWS::Shield::Protection` resource to enable Shield Advanced protections for a specific AWS resource. AWS::Shield::ProtectionGroup Use the `AWS::Shield::ProtectionGroup` resource to combine the management of selected protected resources, to improve the accuracy of detection and reduce false positives.	May 25, 2023
Updated resource	The following resource was added: AWS::Glue::DataQualityRuleset AWS::Glue::Ruleset Use `AWS::Glue::DataQualityRuleset` to specify data quality rulesets.	May 23, 2023
Updated resources	The following resource was updated: AWS::NetworkFirewall::FirewallPolicy AWS::NetworkFirewall::FirewallPolicy Use the `PolicyVariables` property to set your one or more CIDRs as your `HOME_NET` if your firewall uses a centralized deployment model. Use the `IPSet` property specify list of IP addresses and address ranges, in CIDR notation for use with `IPSets`.	May 18, 2023
Updated resource	The following resource was updated: AWS::Transfer::Server AWS::Transfer::Server IdentityProviderDetails Use the `SftpAuthenticationMethods` property to specify how to authenticate for SFTP-enabled servers that use a custom identity provider.	May 18, 2023
New resource	The following resource was added: AWS::Connect::Prompt AWS::Connect::Prompt Use the `AWS::Connect::Prompt` resource to create a prompt for the specified Amazon Connect instance.	May 18, 2023
New resource	The following resource was added: AWS::QuickSight::Topic. AWS::QuickSight::Topic Use the `AWS::QuickSight::Topic` resource to create a topic in Amazon QuickSight.	May 18, 2023
Updated resources	`AWS::ElastiCache::ReplicationGroup`. `AWS::ElastiCache::ReplicationGroup.ClusterMode` To modify cluster mode from Disabled to Enabled, you must first set the cluster mode to Compatible. Compatible mode allows your Valkey or Redis OSS clients to connect using both cluster mode enabled and cluster mode disabled. After you migrate all clients to use cluster mode enabled, you can then complete cluster mode configuration and set the cluster mode to Enabled. For more information, see Modify cluster mode.	May 11, 2023
Updated resources	Additional details were added for specifying resource-based policies and sampling rules. AWS::XRay::ResourcePolicy Use the `ResourcePolicy` resource to specify a resource-based policy which enables access to specific X-Ray resources. AWS::XRay::SamplingRule Use the `AWS::XRay::SamplingRule` resource to specify an X-Ray sampling rule.	May 11, 2023
Updated resource	The following resource was updated: AWS::AppRunner::Service AWS::AppRunner::Service.ImageConfiguration.RuntimeEnvironmentSecrets New property. Runtime environment secrets that can be reference when creating the App Runner service using an image configuration.	May 11, 2023
Updated resource	The following resource was updated: AWS::AppRunner::Service AWS::AppRunner::Service.CodeConfigurationValues.RuntimeEnvironmentSecrets New property. Runtime environment secrets that can be reference when creating the App Runner service using a code configuration.	May 11, 2023
New resources	The following resources were added:AWS::LakeFormation::DataLakeSettings.CreateDatabaseDefaultPermissions, AWS::LakeFormation::DataLakeSettings.CreateTableDefaultPermissions, AWS::LakeFormation::DataLakeSettings.DataLakePrincipal, AWS::LakeFormation::DataLakeSettings ExternalDataFilteringAllowList, AWS::LakeFormation::DataLakeSettings Permissions, AWS::LakeFormation::DataLakeSettings PrincipalPermissions AWS::LakeFormation::DataLakeSettings CreateDatabaseDefaultPermissions Use the `CreateDatabaseDefaultPermissions` resource to set the default permissions for a newly created database. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lakeformation-datalakesettings-createtabledefaultpermissions.html Use the `CreateTableDefaultPermissions` resource to set default permissions for a newly created table. AWS::LakeFormation::DataLakeSettings ExternalDataFilteringAllowList Use `ExternalDatafilteringAllowlist` resource to list account IDs of Amazon EMR clusters that are allowed to perform data filtering.	May 11, 2023
New resource	The following resource was added: AWS::IoT::ThingGroup. AWS::IoT::ThingGroup Use AWS::IoT::ThingGroup to create a thing group.	May 11, 2023
New resource	The following resource was added: AWS::IoT::BillingGroup. AWS::IoT::BillingGroup Use AWS::IoT::BillingGroup to create a new billing group.	May 11, 2023
New resource	The following resource was added: AWS::IoT::ThingType. AWS::IoT::ThingType Use AWS::IoT::ThingType to create a new thing type.	May 11, 2023
New resource	The following resource was added: AWS::OSIS::Pipeline. AWS::OSIS::Pipeline Use the `AWS::OSIS::Pipeline` resource to specify an Amazon OpenSearch Ingestion pipeline. For more information, see Amazon OpenSearch Ingestion.	May 11, 2023
Updated resources	The following resources were updated: AWS::DeviceFarm::Project. AWS::DeviceFarm::Project Use the `AWS::DeviceFarm::Project VpcConfig` resource to specify the VPC security groups and subnets that are attached to a project.	May 4, 2023
Updated resource	The following resources were updated: AWS::AppSync::GraphQLApi AWS::AppSync::GraphQLApi Use the `Visibility` property to specify the scoping of the GraphQL API.	May 4, 2023
Updated resource	The following resource was updated: AWS::CloudWatch::MetricStreamFilter AWS::CloudWatch::MetricStream MetricSTreamFilter In the MetricStreamFilter resource, use `MetricNames` to specify individual metrics to include or exclude from a metric stream.	May 4, 2023
New resources	The following resource was added: AWS::BackupGateway::Hypervisor. AWS::BackupGateway::Hypervisor Use the `AWS::BackupGateway::Hypervisor` resource to specify a hypervisor in AWS Backup;.	May 4, 2023
New resources	The following resources were added: `AWS::Proton::EnvironmentAccountConnection`, `AWS::Proton::EnvironmentTemplate` and `AWS::Proton::ServiceTemplate`. `AWS::Proton::ServiceTemplate` Use the `AWS::Proton::ServiceTemplate` resource to specify standardized infrastructure and an optional CI/CD service pipeline in AWS Proton. `AWS::Proton::EnvironmentTemplate` Use the `AWS::Proton::EnvironmentTemplate` resource to specify an environment template in AWS Proton. `AWS::Proton::EnvironmentAccountConnection` Use the `AWS::Proton::EnvironmentAccountConnection` resource to specify an environment account connection resource in AWS Proton.	May 4, 2023
New resource	The following resource was added: AWS::QuickSight::VPCConnection. AWS::QuickSight::VPCConnection Use the `AWS::QuickSight::VPCConnection` resource to create a new VPC connection in Amazon QuickSight.	May 4, 2023
New resources	The following resources were added: AWS::EC2::VerifiedAccessInstance, AWS::EC2::VerifiedAccessGroup, AWS::EC2::VerifiedAccessEndpoint and AWS::EC2::VerifiedAccessTrustProvider. AWS::EC2::VerifiedAccessInstance Use the `AWS::EC2::VerifiedAccessInstance` resource to create an instance. AWS::EC2::VerifiedAccessGroup Use the `AWS::EC2::VerifiedAccessGroup` resource to create a group. AWS::EC2::VerifiedAccessEndpoint Use the `AWS::EC2::VerifiedAccessEndpoint` resource to create an endpoint. AWS::EC2::VerifiedAccessTrustProvider Use the `AWS::EC2::VerifiedAccessTrustProvider` resource to create a trust provider.	April 28, 2023
Updated resource	The following resource was updated: AWS::MSK::Cluster. AWS::MSK::Cluster Use the `VpcConnectivity` property to specify VPC connection control settings for brokers. Use the `VpcConnectivityClientAuthentication` property to get all client authentication information for VpcConnectivity. Use the `VpcConnectivitySasl` property to get details for SASL client authentication for VpcConnectivity. Use the `VpcConnectivityIam` property to get details for IAM client authentication for VpcConnectivity. Use the `VpcConnectivity.Iam.Enabled` property get details about whether IAM authentication is on or off. Use the `VpcConnectivityTls` property to get details for TLS client authentication for VpcConnectivity. Use the `VpcConnectivityTls.Enabled` property get details about whether TLS authentication is on or off. Use the `VpcConnectivityScram` property to get details for SCRAM client authentication for VpcConnectivity. Use the `VpcConnectivityScram.Enabled` property get details about whether SCRAM authentication is on or off. Use the `ConnectivityInfo.VpcConnectivity` property to get details for VPC connection control settings for brokers.	April 27, 2023
New resource	The following resource was added: AWS::DataSync::StorageSystem. AWS::DataSync::StorageSystem Use the `AWS::DataSync::StorageSystem` resource to create an AWS resource for an on-premises storage system that DataSync Discovery can collect information about.	April 27, 2023
New resource	The following resource was added: AWS::IoT::DomainConfiguration TlsConfig. AWS::IoT::DomainConfiguration TlsConfig Use AWS::IoT::DomainConfiguration TlsConfig resource to specify security policy settings in domain configuration.	April 27, 2023
New resource	The following resources were added: AWS::MSK::ClusterPolicy and AWS::MSK::VpcConnection. AWS::MSK::ClusterPolicy You can now create or update cluster policy. AWS::MSK::VpcConnection You can now create a remote VPC connection.	April 27, 2023
New resource	The following resource was added: AWS::Connect::EvaluationForm AWS::Connect::EvaluationForm Use the `AWS::Connect::EvaluationForm` resource to create an evaluation form for the specified Amazon Connect instance.	April 25, 2023
Updated resource	The following resource was updated: `AWS::InternetMonitor::Monitor`. AWS::InternetMonitor::Monitor Use `Monitor.TrafficPercentageToMonitor` to set the percentage of your internet-facing traffic to monitor.	April 20, 2023
Updated resource	The following resources was updated: AWS::SSMContacts::Contact and AWS::SSMContacts::Rotation AWS::SSMContacts::Contacts `ONCALL_SCHEDULE` was added as a supported contact type. AWS::SSMContacts::Rotation Use the `AWS::SSMContacts::Rotation` resource to specify a rotation in an on-call schedule.	April 20, 2023
Updated resource	The following resource was updated: AWS::IVS::Channel AWS::IVS::Channel Use the `InsecureIngest` property to control whether a channel allows insecure RTMP ingest.	April 20, 2023
New resource	The following resource was added: AWS::FraudDetector::List. AWS::FraudDetector::List Use the `AWS::FraudDetector::List` resource to create a list of input data. After creating the list, use the list in a rule to allow or deny access or a transaction.	April 20, 2023
New resource	Added new resource type `AWS::RAM::Permission` AWS::RAM::Permission Creates a customer managed permission that you can then assign to resource shares and applies to resources of the specified resource type that are included in the share.	April 19, 2023
Updated resource	The AWS::GuardDuty::Detector resource was updated.	April 13, 2023
Updated resource	The following resource was updated: AWS::MWAA::Environment `StartupScriptS3Path` Amazon MWAA adds the `StartupScriptS3Path` property. This property specifies the relative path to a shell script that you upload to your environment's Amazon S3 bucket. `StartupScriptS3ObjectVersion` Amazon MWAA adds the `StartupScriptS3ObjectVersion` property. This property specifies the version ID for the shell script that you upload to your environment's Amazon S3 bucket. AirflowVersion The `AirflowVersion` property has been updated to include a new valid value for Apache Airflow version 2.5.1.	April 13, 2023
Updated resource	The following resource was updated: AWS::RDS::DBInstance AWS::RDS::DBInstance Use the `SourceDBClusterIdentifier` property as the identifier of the Multi-AZ DB cluster that will act as the source for the read replica.	April 13, 2023
New resource	The following resource was added: AWS::QuickSight::RefreshSchedule. AWS::QuickSight::RefreshSchedule Use the `AWS::QuickSight::RefreshSchedule` resource to create a refresh schedule for a dataset in Amazon QuickSight.	April 13, 2023
New resource	The following resource was added: AWS::AppConfig::Extension AWS::AppConfig::Extension This resource lets you creates an AWS AppConfig extension. An extension augments your ability to inject logic or behavior at different points during the AWS AppConfig workflow of creating or deploying a configuration.	April 12, 2023
New resource	The following resource was added: AWS::AppConfig::ExtensionAssociation AWS::AppConfig::ExtensionAssociation This resource lets you creates an AWS AppConfig extension association. An extension association is a specified relationship between an extension and an AWS AppConfig resource, such as an application or a configuration profile.	April 12, 2023
New resources	The following resources were added: AWS::IoTWireless::WirelessDeviceImportTask AWS::IoTWireless::WirelessDeviceImportTask Gets information about a wireless device import task.	April 7, 2023
Updated resource	The following resource was updated: `AWS::InternetMonitor::Monitor`. AWS::InternetMonitor::Monitor Use `Monitor.InternetMeasurementsLogDelivery` to publish internet measurements to another location in addition to CloudWatch Logs, such as an Amazon S3 bucket.	April 6, 2023
Updated resource	The following resource was updated: AWS::Lambda::Url. AWS::Lambda::Url Use the `InvokeMode` property to stream responses from your functions.	April 6, 2023
Updated resource	The following resource was updated: AWS::RDS::DBCluster AWS::RDS::DBCluster Use the `RestoreToTime` property for the date and time to restore the DB cluster to.	April 6, 2023
New resources	The following resources were added: `AWS::SSMContacts::Plan` and `AWS::SSMContacts::Rotation` AWS::SSMContacts::Plan Use the `AWS::SSMContacts::Plan` resource to specify the stages that an escalation plan or engagement plan engages contacts and contact methods in. AWS::SSMContacts::Rotation Use the `AWS::SSMContacts::Rotation` resource to specify a rotation in an on-call schedule.	April 6, 2023
Updated resources	The following resources were updated: AWS::RefactorSpaces::Application, AWS::RefactorSpaces::Environment, AWS::RefactorSpaces::Route, AWS::RefactorSpaces::Service. AWS::RefactorSpaces::Application The `EnvironmentIdentifier` property was changed to `Required: Yes`. The `Name` property was changed to `Required: Yes`. The `ProxyType` property was changed to `Required: Yes`. The `VpcId` property was changed to `Required: Yes`. AWS::RefactorSpaces::Environment The `Name` property was changed to `Required: Yes`. The `NetworkFabricType` property was changed to `Required: Yes`. AWS::RefactorSpaces::Route The `RouteType` property was changed to `Required: Yes`. In the DefaultRouteInput property type, the `ActivationState` property was changed to `Required: No`. In the UriPathRouteInput property type, the `SourcePath` property was changed to `Required: Yes`. AWS::RefactorSpaces::Service The `Name` property was changed to `Required: Yes`.	March 30, 2023
Updated resource	The resource AWS::GuardDuty::Detector was updated. AWS::GuardDuty::Detector Use `Features` property to configure a GuardDuty feature. For more information about `features`, see Feature activation in GuardDuty.	March 30, 2023
Updated resource	The following resource was added: AWS::SageMaker::InferenceExperiment. AWS::SageMaker::InferenceExperiment Use the `AWS::SageMaker::InferenceExperiment` resource to create a new inference experiment for comparing model variants on a SageMaker endpoint.	March 30, 2023
Updated resources	The following resources were updated: `AWS::Route53Resolver::ResolverEndpoint` `AWS::Route53Resolver::ResolverEndpoint IpAddressRequest`, and `AWS::Route53Resolver::ResolverRule TargetAddress` AWS::Route53Resolver::ResolverEndpoint Use the `ResolverEndpointType` property to specify Resolver endpoint IP address type. AWS::Route53Resolver::ResolverEndpoint IpAddressRequest Added the `Ipv6` property to support IPv6 IP addresses. AWS::Route53Resolver::ResolverRule TargetAddress Added the `Ipv6` property to support IPv6 IP addresses.	March 23, 2023
Updated resource	The following resource was updated: AWS::OpenSearchService::Domain. AWS::OpenSearchService::Domain Use the `SoftwareUpdateOptions`, `OffPeakWindowOptions`, `WindowStartTime`, and `OffPeakWindow` properties to configure an off-peak window for the domain.	March 23, 2023
Updated resource	The following resource was updated: AWS::S3ObjectLambda::AccessPoint. AWS::S3ObjectLambda::AccessPoint Add the `Alias` attribute to the return values. The `Alias` return value is the alias of the Object Lambda Access Point.	March 23, 2023
New resources	The following resources were added: AWS::VpcLattice::AccessLogSubscription, AWS::VpcLattice::AuthPolicy, AWS::VpcLattice::Listener, AWS::VpcLattice::ResourcePolicy, AWS::VpcLattice::Rule, AWS::VpcLattice::Service, AWS::VpcLattice::ServiceNetwork, AWS::VpcLattice::ServiceNetworkServiceAssociation, AWS::VpcLattice::ServiceNetworkVpcAssociation, AWS::VpcLattice::TargetGroup AWS::VpcLattice::AccessLogSubscription Enables access logs to be sent to Amazon CloudWatch, Amazon S3, and Amazon Kinesis Data Firehose. AWS::VpcLattice::AuthPolicy Creates or updates the auth policy. AWS::VpcLattice::Listener Creates a listener for a service. AWS::VpcLattice::ResourcePolicy Retrieves information about the resource policy. AWS::VpcLattice::Rule Creates a listener rule. AWS::VpcLattice::Service Creates a service. A service is any software application that can run on instances containers, or serverless functions within an account or virtual private cloud (VPC). AWS::VpcLattice::ServiceNetwork Creates a service network. A service network is a logical boundary for a collection of services. AWS::VpcLattice::ServiceNetworkServiceAssociation Associates a service with a service network. AWS::VpcLattice::ServiceNetworkVpcAssociation Associates a VPC with a service network. AWS::VpcLattice::TargetGroup Creates a target group.	March 22, 2023
Updated resource	The following resource was updated: `AWS::Cassandra::Table`. AWS::Cassandra::Table.ClientSideTimestampsEnabled Use the `AWS::Cassandra::Table.ClientSideTimestampsEnabled` property to turn on client-side timestamps for a table in Amazon Keyspaces (for Apache Cassandra).	March 16, 2023
Updated resource	The following resource was updated: AWS::RUM::AppMonitor. AWS::RUM::AppMonitor The `Namespace` property was added to the `AWS::RUM::AppMonitor` resource to support Amazon CloudWatch RUM custom metrics. For more information, see Custom metrics and extended metrics that you can send to CloudWatch and CloudWatch Evidently.	March 16, 2023
New resource	The following new resource was added: AWS::Comprehend::Flywheel. Use the AWS::Comprehend::Flywheel resource to create a flywheel for an Amazon Comprehend model.	March 16, 2023
Updated resource	The following resource was updated: AWS::Wisdom::KnowledgeBase. AWS::Wisdom::KnowledgeBase The `AppIntegrationsConfiguration:ObjectFields` parameter is optional if ObjectConfiguration is included in the provided DataIntegration.	March 13, 2023
updated resources	The following resources were updated: AWS::Pinpoint::ApplicationSettings Limits and AWS::Pinpoint::Campaign Limits. AWS::Pinpoint::ApplicationSettings Limits The MessagesPerSecond field minimum values was changed from 50 to 1. AWS::Pinpoint::Campaign Limits The MessagesPerSecond field minimum values was changed from 50 to 1.	March 9, 2023
Updated resource	The following resource was updated: AWS::ServiceCatalog::CloudFormationProduct. AWS::ServiceCatalog::CloudFormationProduct Use the `ProvisioningArtifactProperties` property to specify information about a provisioning artifact (also known as a version) for a product. Use the `SourceConnection` property to specify details about the product’s connection.	March 9, 2023
Updated resource	The following resource was updated: AWS::WAFv2::WebACLAssociation. AWS::WAFv2::WebACLAssociation The `ResourceArn` property now accepts `AWS::AppRunner::Service` ARNs.	March 6, 2023
Updated resource	The following resource was updated: AWS::Lambda::EventSourceMapping. AWS::Lambda::EventSourceMapping Use the `DocumentDBEventSourceConfig` property to define specific configuration settings for a DocumentDB event source, such as the database name.	March 2, 2023
Updated resource	The following resource was updated: AWS::WAFv2::WebACL. AWS::WAFv2::WebACL Use the `AWSManagedRulesATPRuleSet` property to configure your use of the Fraud Control account takeover prevention (ATP) managed rule group in a managed rule group reference statement. For protected CloudFront distributions, in addition to inspecting login requests, you can now use ATP to block new login attempts from clients that have recently submitted too many failed login attempts.	March 2, 2023
New resources	The following resources were added: AWS::IVSChat::Room and AWS::IVSChat::LoggingConfiguration AWS::IVSChat::Room Use the `AWS::IVSChat::Room` resource to specify and Amazon IVS Chat Room. AWS::IVSChat::LoggingConfiguration Use the `AWS::IVSChat::LoggingConfiguration` resource to specify and Amazon IVS Chat Logging Configuration, which stores configuration information related to loggin your chat session to a data store.	March 2, 2023
New resource	The following resource was released: `AWS::SystemsManagerSAP::Application`. Use `AWS::SystemsManagerSAP::Application` to register an SAP application with AWS Systems Manager for SAP.	March 2, 2023
New resource	The following resource was released: AWS::InternetMonitor::Monitor. Use `AWS::InternetMonitor::Monitor` to create a monitor in Amazon CloudWatch Internet Monitor to provide visibility into the performance and availability between your applications hosted on AWS and your end users, and to reduce the time it takes for you to diagnose internet issues.	February 28, 2023
Updated resource	The following resource was updated: AWS::IoT::JobTemplate. AWS::IoT::JobTemplate The AWS::IoT::JobTemplate resource adds MaintenaceWindows, StartTime, and DurationInMinutes properties.	February 23, 2023
New resource	A new resource was added to Network Manager: AWS::NetworkManager::TransitGatewayRouteTableAttachment AWS::NetworkManager::TransitGatewayRouteTableAttachment. Use `AWS::NetworkManager::TransitGatewayRouteTableAttachment` to create a transit gateway route table attachment.	February 23, 2023
New resource	The following resource was added: `AWS::Organizations::ResourcePolicy.` AWS::Organizations::ResourcePolicy Use the `AWS::Organizations::ResourcePolicy` resource to create or update a resource-based delegation policy that delegates policy management for AWS Organizations to specified member accounts to perform policy actions that are by default available only to the organization management account.	February 16, 2023
Updated resource	The following resource was updated: AWS::DataSync::LocationObjectStorage. AWS::DataSync::LocationObjectStorage Use the `ServerCertificate` property to specify a certificate for authenticating with an object storage system that uses a private or self-signed certificate authority (CA).	February 9, 2023
Updated resource	The following resource was added: AWS::SageMaker::Space. AWS::SageMaker::Space Use the `AWS::SageMaker::Space` resource to create a new shared space for use in a Domain.	February 9, 2023
Updated resource	The following resource was updated: AWS::SNS::Topic. AWS::SNS::Topic Use the `TracingConfig` property send X-Ray segment data to a topic owner account.	February 8, 2023
New resources	The following resources were added: AWS::Omics::Workflow, AWS::Omics::RunGroup, AWS::Omics::AnnotationStore, AWS::Omics::ReferenceStore, AWS::Omics::VariantStore, and AWS::Omics::SequenceStore. AWS::Omics::Workflow Use the `AWS::Omics::Workflow` resource to specify a workflow in Amazon Omics. AWS::Omics::RunGroup Use the `AWS::Omics::RunGroup` resource to specify a run group in Amazon Omics. AWS::Omics::ReferenceStore Use the `AWS::Omics::ReferenceStore` resource to specify a reference store in Amazon Omics. AWS::Omics::RunGroup Use the `AWS::Omics::SequenceStore` resource to specify a sequence store in Amazon Omics. AWS::Omics::ReferenceStore Use the `AWS::Omics::ReferenceStore` resource to specify a reference store in Amazon Omics. AWS::Omics::SequenceStore Use the `AWS::Omics::SequenceStore` resource to specify a sequence store in Amazon Omics.	February 3, 2023
Updated resources	The following resources were updated: AWS::NetworkFirewall::FirewallPolicy and AWS::NetworkFirewall::RuleGroup AWS::NetworkFirewall::FirewallPolicy Use the `IPAddressType` property to configure your firewall endpoint as IPv4,IPv6, or dualstack. AWS::NetworkFirewall::RuleGroup The `StatefulRule$Action` property now the `REJECT` option. With `REJECT`, Network Firewall drops TCP traffic that matches the conditions of the stateful rule, and sends a TCP reset packet back to sender of the packet.	February 2, 2023
Updated resource	The following resources were updated: AWS::AppSync::DataSource AWS::AppSync::DataSource Use the `EventBridgeConfig` property to add custom events to your Amazon EventBridge bus.	February 2, 2023
Updated resource	The following resource was updated: AWS::DataSync::LocationS3. AWS::DataSync::LocationS3 Use the `S3StorageClass` property to specify the S3 Glacier Instant Retrieval storage class (`GLACIER_INSTANT_RETRIEVAL`) for data transferred to your S3 bucket.	February 2, 2023
Updated resource	The following resource was updated: AWS::RDS::DBInstance AWS::RDS::DBInstance Use the `CertificateDetails` property for the details of the DB instance's server certificate.	February 2, 2023
Updated resource	The following resource was added: AWS::SageMaker::ModelCard. AWS::SageMaker::ModelCard Use the `AWS::SageMaker::ModelCard` resource to create an Amazon SageMaker Model Card.	February 2, 2023
New resources	The following new resources were added: AWS::CloudTrail::Channel and AWS::CloudTrail::ResourcePolicy AWS::CloudTrail::Channel Use the `Channel` resource to specify a channel for logging events from outside AWS in CloudTrail Lake. Channels are used by partner event sources, or your custom event sources, to send events to CloudTrail Lake. For more information, see Working with CloudTrail Lake in the AWS CloudTrail User Guide. AWS::CloudTrail::Channel.Channel Use the `Channel` property to specify the name and ARN of a channel that you use with integrations in CloudTrail Lake. For more information, see Working with CloudTrail Lake in the AWS CloudTrail User Guide. AWS::CloudTrail::Channel.Destination Use the `Destination` property to specify destination event data stores for events that arrive over a channel in CloudTrail Lake. For more information, see Working with CloudTrail Lake in the AWS CloudTrail User Guide. AWS::CloudTrail::ResourcePolicy Use the `ResourcePolicy` resource to attach a resource-based permission policy to a CloudTrail channel that is used for an integration with an event source outside of AWS. For more information about resource-based policies, see CloudTrail resource-based policy examples in the CloudTrail User Guide. AWS::CloudTrail::ResourcePolicy.ResourceArn Use the `ResourceArn` property to specify the Amazon Resource Name (ARN) of the CloudTrail channel attached to the resource-based policy. The following is the format of a resource ARN: `arn:aws:cloudtrail:us-east-2:123456789012:channel/MyChannel`. AWS::CloudTrail::ResourcePolicy.ResourcePolicy Use the `ResourcePolicy` property to specify the JSON-formatted string that contains the resource-based policy to attach to the CloudTrail channel.	February 2, 2023
New resource	The following resource was added: AWS::Connect::IntegrationAssociation AWS::Connect::IntegrationAssociation Use the `AWS::Connect::IntegrationAssociation` resource to associate Lex bots (both v1 and v2) and Lambda functions with an instance.	February 2, 2023
New resource	The following resource was added: AWS::Connect::ApprovedOrigin AWS::Connect::ApprovedOrigin Use the `AWS::Connect::ApprovedOrigin` resource to associate Approved Origin with an instance.	February 2, 2023
New resource	The following resource was added: AWS::Connect::SecurityKey AWS::Connect::SecurityKey Use the `AWS::Connect::SecurityKey` resource to associate Security Key with an instance.	February 2, 2023
New resource	The following resource was added: AWS::SimSpaceWeaver::Simulation. AWS::SimSpaceWeaver::Simulation Use the `AWS::SimSpaceWeaver::Simulation` resource to specify a simulation in the AWS Cloud, in your AWS account.	February 2, 2023
DescribeStackSet API	The DescribeStackSet API has a new parameter to the list of Regions where a given stack set is deployed. For more information, see `DescribeStackSet`.	February 1, 2023
Updated resource	The following resource was updated: AWS::Lambda::Function. AWS::Lambda::Function Use the `RuntimeManagementConfig` to define how your function gets runtime version updates. Lambda releases new runtime versions that include security updates, bug fixes, and new features. You can now control when your functions get updated to the new runtime versions.	January 26, 2023
Updated resource	The following resource was updated: AWS::OpenSearchService::Domain. AWS::OpenSearchService::Domain Use the `SAMLOptions` property within `AdvancedSecurityOptions` to configure SAML authentication for the domain.	January 26, 2023
New resource	A new resource was added to Network Manager: AWS::NetworkManager::TransitGatewayPeering AWS::NetworkManager::TransitGatewayPeering. Use `AWS::NetworkManager::TransitGatewayPeering` to create a transit gateway peering.	January 26, 2023
Updated resource	The following resource was updated: AWS::KendraRanking::ExecutionPlan AWS::KendraRanking::ExecutionPlan Create a rescore execution plan, which is an Amazon Kendra Intelligent Ranking resource used for provisioning the `Rescore` API. Amazon Kendra Intelligent Ranking rescores or re-ranks a search service's results using semantic search.	January 20, 2023
Updated resource	The following resource was updated: AWS::CloudWatch::MetricStream. AWS::CloudWatch::MetricStream In the MetricStream resource, use `IncludeLinkedAccountsMetrics` to specify whether the metric stream should metric streams from source accounts, if the metric stream is created in a monitoring account.	January 19, 2023
Updated resource	The following resource was updated: AWS::Lambda::EventSourceMapping. AWS::Lambda::EventSourceMapping Use the `ScalingConfig` property to specify a scaling configuration for an Amazon SQS event source.	January 19, 2023
Updated resource	The following resource was updated: `AWS::AuditManager::Assessment` AWS::AuditManager::Assessment Use the `Delegations` property to specify a delegation for an assessment.	January 12, 2023
Updated resource	The following resource was updated: AWS::RDS::DBCluster AWS::RDS::DBCluster The `ManageMasterUserPassword` property indicates whether to manage the master user password with AWS Secrets Manager. The `MasterUserSecret` property 4has the secret managed by RDS in AWS Secrets Manager for the master user password.	January 12, 2023
Updated resource	The following resource was updated: AWS::RDS::DBInstance AWS::RDS::DBInstance The `ManageMasterUserPassword` property indicates whether to manage the master user password with AWS Secrets Manager. The `MasterUserSecret` property 4has the secret managed by RDS in AWS Secrets Manager for the master user password.	January 12, 2023
Fn::FindInMap enhancements	Adding the `AWS::LanguageExtensions` transform in a AWS CloudFormation template allows you to use intrinsic functions to define the fields of Fn::FindInMap. You can also use a new optional field to return a default value if a mapping isn't found. For more information, see `Fn::FindInMap` enhancements.	January 11, 2023
Updated resource	The following resource was updated: AWS::CloudFront::ResponseHeadersPolicy. AWS::CloudFront::ResponseHeadersPolicy In the ResponseHeadersPolicyConfig use the `RemoveHeadersConfig` to specify a list of headers that CloudFront removes from HTTP responses that it sends to viewers. For more information, see Adding or removing response headers in the Amazon CloudFront Developer Guide.	January 5, 2023
Updated resource	The following resource was updated: AWS::MWAA::Environment AirflowVersion The `AirflowVersion` property has been updated to include a new valid value for Apache Airflow version 2.4.3.	January 5, 2023
Updated resource	The following resource was updated: `AWS::EMRServerless::Application`. AWS::EMRServerless::Application Use the `ImageConfigurationInput` property to specify your custom image configuration for all worker types. Use the `WorkerTypeSpecificationInput` property to specify the configuration for a worker type.	January 3, 2023
Updated resource	The following property type was updated: AWS::Lex::Bot. AWS::Lex::Bot Use the AllowedInputTypes property to specify the allowed input types. Use the AudioSpecification property to specify the audio input specifications. Use the AudioAndDTMFInputSpecification property to specify the audio and DTMF input specification. Use the Condition property to provide an expression that evaluates to true or false. Use the ConditionalBranch property to configure a set of actions that Amazon Lex should run if the condition is matched. Use the ConditionalSpecification property to provide a list of conditional branches. Use the DefaultConditionalBranch property to configure a set of actions that Amazon Lex should run if none of the other conditions are met. Use the DialogAction property to define the action that the bot executes at runtime. Use the DialogCodeHookInvocationSetting property to specify the dialog code hook that is called by Amazon Lex at a step of the conversation. Use the DialogState property to configure the current state of the conversation with the user. Use the DTMFSpecification property to specify the DTMF input specifications. Use the ElicitationCodeHookInvocationSetting property to specify the dialog code hook that is called by Amazon Lex between eliciting slot values. Use the InitialResponseSetting property to configure settings for a response sent to the user before Amazon Lex starts eliciting slots. Use the Intent property to configure how Amazon Lex handles intents. Use the IntentClosingSetting property to configure the statement that Amazon Lex conveys to the user when the intent is successfully fulfilled. Use the IntentConfirmationSetting property to provide a prompt for making sure that the user is ready for the intent to be fulfilled. Use the IntentOverride property to override settings to configure the intent state. Use the PostDialogCodeHookInvocationSpecification property to specify next steps to run after the dialog code hook finishes. Use the PostFulfillmentStatusSpecification property to configure the settings of the post-fulfillment response that is sent to the user. Use the PromptAttemptSpecification property to specify the settings on a prompt attempt. Use the PromptSpecification property to specify a list of message groups that Amazon Lex sends to a user to elicit a response. Use the SessionAttribute property to specify session-specific context information. Use the SlotCaptureSetting property to configure the settings that are used when Amazon Lex successfully captures a slot value from a user. Use the SlotValue property to set values in a slot. Use the SlotValueElicitationSetting property to specify the settings for eliciting a slot value. Use the SlotValueOverride property to set slot values in a dialog step. Use the SlotValueOverrideMap property to map slot names to a SlotValueOVerride object. Use the TextInputSpecification property to specify the text input specifications. Use the VoiceSettings property to specify the Amazon Polly voice used for audio interaction with the user.	December 30, 2022
Updated resource	The following resource was updated: `AWS::FSx::Filesystem` AWS::FSx::Filesystem The `AWS::FSx::FileSystem` resource returns a file system's Amazon Resource Name (ARN).	December 29, 2022
Updated resource	The following resource was updated: `AWS::FSx::Volume` AWS::FSx::Volume Use the `CopyTagsToBackups` `AWS::FSx::Volume OntapConfiguration` property to specify whether an ONTAP volume's tags get copied to backups.	December 29, 2022
Updated resource	The following resource was updated: `AWS::FSx::Volume` AWS::FSx::Volume Use the `OntapVolumeType` `AWS::FSx::Volume OntapConfiguration` property to specify the type of ONTAP volume to create.	December 29, 2022
Updated resource	The following resource was updated: `AWS::FSx::Volume` AWS::FSx::Volume Use the `SnapshotPolicy` `AWS::FSx::Volume OntapConfiguration` property to specify the snapshot policy for the volume you are creating.	December 29, 2022
Updated resources	The following resources were updated: AWS::NetworkFirewall::FirewallPolicy and AWS::NetworkFirewall::RuleGroup AWS::NetworkFirewall::FirewallPolicy Use the `StatefulDefaultActions` property to establish default actions to take on a packet that doesn't match any stateful rules when using strict rule ordering. Use the `StatefulEngineOptions` property to govern how Network Firewall handles stateful rules. AWS::NetworkFirewall::RuleGroup The `StatefulRuleGroupReference` property now includes `Priority` and `StatefulRuleGroupOverride` fields. Use the `StatefulRuleOptions` property to govern how Network Firewall handles stateful rules. Use the `ReferenceSets` property to configure IP set references for your stateful rules.	December 22, 2022
Updated resource	The following resource was updated: `AWS::Grafana::Workspace`. AWS::Grafana::Workspace Use the `vpcConfiguration` property of the `AWS::Grafana::Workspace` resource to configure a connection to a private VPC from your Amazon Managed Grafana workspace.	December 22, 2022
Updated resource	The following resource was updated: AWS::RDS::DBInstance AWS::RDS::DBInstance The `Endpoint` property specifies the connection endpoint. The `DBSystemId` return value is the Oracle system ID (Oracle SID) for a container database (CDB).	December 22, 2022
Updated resource	The following resource was added: AWS::SageMaker::Project. AWS::SageMaker::FeatureGroup Use the `AWS::SageMaker::FeatureGroup` resource to create a new feature group using either an Apache Iceberg or Glue table format.	December 22, 2022
Updated resource	The following resource was updated: AWS::Backup::ReportPlan AWS::Backup::BackupSelection This resource was updated to allow the report plan to include multiple Regions and multiple accounts.	December 21, 2022
Updated resources	The following resources were updated: AWS::M2::Application and AWS::M2::Environment. AWS::M2::Application Use the `KmsKeyId` property to specify a customer managed key. AWS::M2::Environment Use the `KmsKeyId` property to specify a customer managed key.	December 15, 2022
Updated resources	The following resources were updated: AWS::RefactorSpaces::Application, AWS::RefactorSpaces::Environment, AWS::RefactorSpaces::Route, AWS::RefactorSpaces::Service. AWS::RefactorSpaces::Application The `EnvironmentIdentifier` property was changed to `Required: Yes`. The `Name` property was changed to `Required: Yes`. The `ProxyType` property was changed to `Required: Yes`. The `VpcId` property was changed to `Required: Yes`. AWS::RefactorSpaces::Environment The `Name` property was changed to `Required: Yes`. The `NetworkFabricType` property was changed to `Required: Yes`. AWS::RefactorSpaces::Route The `RouteType` property was changed to `Required: Yes`. In the DefaultRouteInput property type, the `ActivationState` property was changed to `Required: No`. In the UriPathRouteInput property type, the `SourcePath` property was changed to `Required: Yes`. AWS::RefactorSpaces::Service The `Name` property was changed to `Required: Yes`. In the LambdaEndpointInput property type, the `Arn` property description was updated.	December 15, 2022
Updated resource	The following resource was updated: `AWS::SSMIncidents::AWS::SSMIncidents::ReplicationSet` AWS::SSMIncidents::ReplicationSet Use the `Tags` resource to add a list of tags to the replication set.	December 15, 2022
Updated resource	The following resource was updated: AWS::RDS::DBInstance AWS::RDS::DBInstance Use the `DBClusterSnapshotIdentifier` property as the identifier for the RDS for MySQL Multi-AZ DB cluster snapshot to restore from. Use the `RestoreTime` property to specify the date and time to restore from. Use the `SourceDbiResourceId` property to specify the resource ID of the source DB instance from which to restore. Use the `SourceDBInstanceAutomatedBackupsArn` property to specify the Amazon Resource Name (ARN) of the replicated automated backups from which to restore. Use the `UseLatestRestorableTime` property to specify a value that indicates whether the DB instance is restored from the latest backup time.	December 15, 2022
Updated resource	The following resource was updated: AWS::RDS::DBCluster AWS::RDS::DBCluster Use the `SecondsBeforeTimeout` value in `ScalingConfiguration` property syntax to define the amount of time (seconds) that Aurora Serverless v1 tries to find a scaling point to perform seamless scaling before enforcing the timeout action. The `DBSystemId` property is reserved for future use.	December 15, 2022
New resource	The following resources were added: AWS::DocDBElastic::Cluster. AWS::DocDBElastic::Cluster Use the `AWS::DocDBElastic::Cluster` resource to create an elastic cluster in the Amazon DocumentDB database service.	December 15, 2022
New resources	A property was added to `VpcOptions` in Network Manager: AWS::NetworkManager::VpcAttachment VpcOptions AWS::NetworkManager::VpcAttachment VpcOptions You can enable or disable appliance mode for VPC attachments in `VpcOptions` by using the `ApplianceModeSupport` Boolean.	December 14, 2022
New resource	The following resource was added: AWS::Connect::Rule AWS::Connect::Rule Use the `AWS::Connect::Rule` resource to create an instance.	December 12, 2022
Updated resource	The following resource was updated: AWS::FIS::ExperimentTemplate. The following resource was added: AWS::FIS::TargetAccountConfiguration. AWS::FIS::ExperimentTemplate Use the `ExperimentOptions` property to configure experiment options. AWS::FIS::TargetAccountConfiguration Use the `TargetAccountConfiguration` resource to add a target account to a multi-account experiment template.	December 11, 2022
Updated resources	The following resources were updated: AWS::WAFv2::WebACL and AWS::WAFv2::RuleGroup. AWS::WAFv2::WebACL Use the `ChallengeConfig` property to configure request evaluations for rules that use the `Challenge` action. Use the `TokenDomains` property to specify additional domains to accept in web request tokens. Use the `RuleActionOverride` property in rule group reference statements to override individual rule actions to any valid action. This replaces the `ExcludedRule` property, which only allows override to `Count`. Use the `AWSManagedRulesBotControlRuleSet` property to configure your use of the Bot Control managed rule group in a managed rule group reference statement. AWS::WAFv2::RuleGroup Use the `ChallengeConfig` property to configure request evaluations for rules that use the `Challenge` action.	December 8, 2022
New resources	The following resources were added: `AWS::Grafana::Workspace`. AWS::Grafana::Workspace Use the `AWS::Grafana::Workspace` resource to create an Amazon Managed Grafana workspace in your AWS account. An Amazon Managed Grafana workspace allows you to view and monitor metrics and alerts for your system.	December 8, 2022
New resource	The following resources were added: AWS::OpenSearchServerless::AccessPolicy, AWS::OpenSearchServerless::Collection, AWS::OpenSearchServerless::SecurityConfig, AWS::OpenSearchServerless::SecurityPolicy, AWS::OpenSearchServerless::VpcEndpoint. AWS::OpenSearchServerless::AccessPolicy Use the `AWS::OpenSearchServerless::AccessPolicy` resource to create data access policies for Amazon OpenSearch Serverless. AWS::OpenSearchServerless::Collection Use the `AWS::OpenSearchServerless::Collection` resource to create collections in Amazon OpenSearch Serverless. AWS::OpenSearchServerless::SecurityConfig Use the `AWS::OpenSearchServerless::SecurityConfig` resource to specify SAML providers for Amazon OpenSearch Serverless. AWS::OpenSearchServerless::SecurityPolicy Use the `AWS::OpenSearchServerless::SecurityPolicy` resource to specify network and encryption policies for Amazon OpenSearch Serverless. AWS::OpenSearchServerless::VpcEndpoint Use the `AWS::OpenSearchServerless::VpcEndpoint` resource to specify Amazon OpenSearch Serverless-managed VPC endpoints.	December 8, 2022
New resources	The following resource was added: AWS::IoTTwinMaker::SyncJob. AWS::IoTTwinMaker::SyncJob Use the `AWS::IoTTwinMaker::SyncJob` respurce to create a new sync job request.	December 6, 2022
Updated resources	The following resources were updated: AWS::ECS::TaskDefinition. AWS::ECS::TaskDefinition PortMappings Use the `Name` property to specify the port mapping name. Use the `AppProtocol` property to specify the port mapping's application protocol.	December 2, 2022
Updated resources	The following resources were updated: AWS::ECS::TaskDefinition. AWS::ECS::TaskDefinition PortMappings Use the `Name` property to specify the port mapping name. Use the `AppProtocol` property to specify the port mapping's application protocol.	December 2, 2022
Updated resource	The following resource was updated: AWS::Logs::LogGroup. AWS::Logs::LogGroup The AWS::Logs::LogGroup resource was updated with the `LogGroupClass` parameter. For more information, see Log classes.	December 2, 2022
Updated resource	The following resource was updated: AWS::Logs::LogGroup. AWS::Logs::LogGroup The AWS::Logs::LogGroup resource now supports the `DataProtectionPolicy` parameter, to support the masking of sensitive data in log events in the log group. For more information, see Protect sensitive log data with masking.	December 2, 2022
Updated resource	The following resource was updated: `AWS::SSMIncidents::ResponsePlan` AWS::SSMIncidents::ResponsePlan Use the `Integration` resource to specify information about third-party services integrated into the response plan, such as PagerDuty. Use the `PagerDuty` resource to provide details about the PagerDuty configuration for a response plan.	December 2, 2022
Updated resource	The following resource was updated: AWS::Lambda::Function. AWS::Lambda::Function Use the `SnapStart` property to specify the function's AWS Lambda SnapStart setting. SnapStart creates a snapshot of the initialized execution environment when you publish a function version.	December 2, 2022
New resources	The following properties were added: AWS::ECS::Cluster ServiceConnectDefaults, AWS::ECS::Service ServiceConnectClientAlias, and AWS::ECS::Service ServiceConnectConfiguration. AWS::ECS::Cluster ServiceConnectDefaults Use the `AWS::ECS::Cluster ServiceConnectDefaults` property to specify a default Service Connect namespace for new services in the cluster. AWS::ECS::Service ServiceConnectClientAlias Use the `AWS::ECS::Service ServiceConnectClientAlias` property to specify an endpoint in the Service Connect configuration for the service. AWS::ECS::Service ServiceConnectConfiguration Use the `AWS::ECS::Service ServiceConnectConfiguration` property to specify the Service Connect configuration for the service.	December 2, 2022
New resources	The following resources were added: AWS::Pipes::Pipe. AWS::Pipes::Pipe Use the `AWS::Pipes::Pipe` resource to specify a new Amazon EventBridge Pipes pipe.	December 2, 2022
New resources	The following resources were added: AWS::Oam::Sink and AWS::Oam::Link. AWS::Oam::Sink Use the `AWS::Oam::Sink` resource to specify a sink, which is an attachment point in a monitoring account that source accounts can create links to. Use the `AWS::Oam::Link` resource to specify a link from a source account to a monitoring account sink. For more information, see CloudWatch cross-account observability.	December 2, 2022
New resource	The following resource was added: AWS::EC2::NetworkPerformanceMetricSubscription. AWS::EC2::NetworkPerformanceMetricSubscription Returns a list of Infrastructure Performance subscriptions for AWS CloudWatch.	December 2, 2022
New resource	The following resource was added: AWS::IoT::TopicRule RepublishActionHeaders. AWS::IoT::TopicRule RepublishActionHeaders Use AWS::IoT::TopicRule RepublishActionHeaders to specify MQTT Version 5.0 headers information.	December 2, 2022
Updated resource	The following resource was updated: AWS::S3::AccessPoint. AWS::S3::AccessPoint Use `AWS::S3::AccessPoint BucketAccountId` to specify which AWS account is associated with the S3 bucket associated with an access point.	November 30, 2022
Updated resources	The following properties were added: AWS::IoTTwinMaker::ComponentType.PropertyGroups, and Entity.PropertyGroup. AWS::IoTTwinMaker::ComponentType.PropertyGroups Use the `AWS::IoTTwinMaker::ComponentType.PropertyGroups` property to declare a ComponentType propertyGroup. Entity.PropertyGroup Use the `AWS::IoTTwinMaker::Entity.PropertyGroup` to declare an entity PropertyGroup.	November 17, 2022
Updated resources	The following resources were updated: AWS::Amplify::App and AWS::Amplify::Branch AWS::Amplify::App Use the `Platform` property to specify the platform type for the Amplify app. AWS::Amplify::Branch Use the `Framework` property to specify the framework for the Amplify app.	November 17, 2022
Updated resource	The following resources were updated: AWS::AppSync::Resolver and AWS::AppSync::FunctionConfiguration AWS::AppSync::Resolver Use the `Code` property to specify the request and response functions. AWS::AppSync::Resolver Use the `Runtime` property to specify the runtime type to be used with a pipeline resolver or function AWS::AppSync::Resolver Use the `AppSyncRuntime` to specify the name and version of your runtime property. AWS::AppSync::FunctionConfiguration Use the `Code` property to specify the request and response functions. AWS::AppSync::FunctionConfiguration Use the `Runtime` property to specify the runtime type to be used with a pipeline resolver or function AWS::AppSync::FunctionConfiguration Use the `AppSyncRuntime` to specify the name and version of your runtime property.	November 17, 2022
Updated resource	The following resource was updated: AWS::CloudFront::Distribution. AWS::CloudFront::Distribution In the DistributionConfig use the `ContinuousDeploymentPolicyId` to specify a continuous deployment policy to associate with the distribution. For more information, see Using CloudFront continuous deployment to safely test CDN configuration changes in the Amazon CloudFront Developer Guide.	November 17, 2022
Updated resource	The following resource was updated: AWS::CloudTrail::EventDataStore AWS::CloudTrail::EventDataStore Use the `KmsKeyId` property to specify the AWS KMS key ID to use to encrypt the events delivered by CloudTrail.	November 17, 2022
Updated resource	The following resource was updated: AWS::AutoScaling::AutoScalingGroup. AWS::AutoScaling::AutoScalingGroup InstanceRequirements Use the `AllowedInstanceTypes` and `NetworkBandwidthGbpsRequest` properties when using attribute-based instance type selection.	November 17, 2022
Updated resource	The following resource was updated: `AWS::EMRServerless::Application`. AWS::EMRServerless::Application Use the `Architecture` property to specify the CPU architecture type of the application.	November 17, 2022
Updated resource	The following resource was updated: AWS::IVS::RecordingConfiguration AWS::IVS::RecordingConfiguration Use the `RecordingReconnectWindowSeconds` property to control when multiple streams from the same broadcast are merged together.	November 17, 2022
Updated resource	The following resource was updated: AWS::S3::StorageLens. AWS::S3::StorageLens AdvancedCostOptimizationMetrics Use `AWS::S3::StorageLens AdvancedCostOptimizationMetrics` to enable advanced cost optimization metrics for S3 Storage Lens. AWS::S3::StorageLens AdvancedDataProtectionMetrics Use `AWS::S3::StorageLens AdvancedDataProtectionMetrics` to enable advanced data protection metrics for S3 Storage Lens. AWS::S3::StorageLens DetailedStatusCodesMetrics Use `AWS::S3::StorageLens DetailedStatusCodesMetrics` to enable detailed status code metrics for S3 Storage Lens.	November 17, 2022
New resources	The following resources were added: `AWS::Organizations::Account`, `AWS::Organizations::OrganizationalUnit`, and `AWS::Organizations::Policy`. AWS::Organizations::Account Use the `AWS::Organizations::Account` resource to create an AWS account that is automatically a member of the organization whose credentials made the request. AWS::Organizations::OrganizationalUnit Use the `AWS::Organizations::OrganizationalUnit` resource to create an organizational unit (OU) within a root or parent OU in AWS Organizations. AWS::Organizations::Policy Use the `AWS::Organizations::Policy` resource to create a policy of a specified type that you can attach to a root, an organizational unit (OU), or an individual AWS account in AWS Organizations.	November 17, 2022
New resource	The following resource was added: AWS::XRay::ResourcePolicy. AWS::XRay::ResourcePolicy Use the `ResourcePolicy` resource to specify a resource-based policy which enables access to specific X-Ray resources.	November 17, 2022
New Resource	The following resource was added: AWS::CloudFront::ContinuousDeploymentPolicy. AWS::CloudFront::ContinuousDeploymentPolicy Use the `AWS::CloudFront::ContinuousDeploymentPolicy` resource in a CloudFront continuous deployment workflow. For more information, see Using CloudFront continuous deployment to safely test CDN configuration changes in the Amazon CloudFront Developer Guide.	November 17, 2022
Managing StackSets events with AWS CloudFormation and Amazon EventBridge	AWS CloudFormation StackSets launch event notifications via Amazon EventBridge. You can trigger event-driven actions after creating, updating, or deleting your CloudFormation stack sets For more information, see Managing events with AWS CloudFormation and Amazon EventBridge.	November 16, 2022
New property	The following property was added: AWS::GreengrassV2::Deployment.ParentTargetArn. AWS::GreengrassV2::Deployment Use the `AWS::GreengrassV2::Deployment.ParentTargetArn` property to set the parent deployment of a subdeployment.	November 15, 2022
New resources for Amazon EventBridge Scheduler	The following resources were added: `AWS::Scheduler::Schedule`, `AWS::Scheduler::ScheduleGroups`. AWS::Scheduler::Schedule Use the `Schedule` resource to create a new schedule. AWS::Scheduler::ScheduleGroups Use the `Schedule` resource to create a new schedule group to tag and organize your schedules.	November 11, 2022
Updated resources	The following resources were updated: `AWS::AppStream::DirectoryConfig` AWS::AppStream::DirectoryConfig RSS Use the `CertificateBasedAuthProperties` property to specify the certificate-based authentication properties used to authenticate SAML 2.0 Identity Provider (IdP) user identities to Active Directory domain-joined streaming instances.	November 10, 2022
Updated resources	The following resources were updated: AWS::Batch::ComputeEnvironment and AWS::Batch::JobDefinition AWS::Batch::ComputeEnvironment Use the `EksConfiguration` property to specify the details for the EKS cluster that supports the compute environment. AWS::Batch::JobDefinition Use the `EksProperty` property to specify properties for Amazon EKS based jobs.	November 10, 2022
Updated resources	The following resources were updated: AWS::EC2::SpotFleet, AWS::EC2::EC2Fleet, and AWS::EC2::LaunchTemplate. AWS::EC2::SpotFleet InstanceRequirementsRequest Use the `AllowedInstanceTypes` and `NetworkBandwidthGbps` properties when using attribute-based instance type selection. AWS::EC2::EC2Fleet InstanceRequirementsRequest Use the `AllowedInstanceTypes` and `NetworkBandwidthGbps` properties when using attribute-based instance type selection. AWS::EC2::LaunchTemplate InstanceRequirements Use the `AllowedInstanceTypes` and `NetworkBandwidthGbps` properties when using attribute-based instance type selection.	November 10, 2022
Updated resources	The following resource was updated: AWS::EC2::LaunchTemplate. AWS::EC2::LaunchTemplate MaintenanceOptions Use the `AutoRecovery` property to disable the automatic recovery of your instance or set it to default. AWS::EC2::LaunchTemplate Placement Use the `GroupId` property to launch an instance in a shared placement group.	November 10, 2022
Updated resource	The following resource was updated: AWS::AutoScaling::AutoScalingGroup. AWS::AutoScaling::AutoScalingGroup MixedInstancesPolicy Use the `SpotAllocationStrategy` property to specify `price-capacity-optimized` as the allocation strategy for your Spot capacity.	November 10, 2022
Updated resource	The following resource was updated: AWS::RDS::DBInstance AWS::RDS::DBInstance Use the `StorageThroughput` property to specify the storage throughput value for the DB instance. This setting is applicable only for `gp3` storage type.	November 10, 2022
Launch of Resource Explorer	Initially added the resources for AWS Resource Explorer. AWS::ResourceExplorer2::Index Use the `AWS::ResourceExplorer2::Index` resource to turn on Resource Explorer in an AWS Region by creating an index. AWS::ResourceExplorer2::View Use the `AWS::ResourceExplorer2::View` resource to create a view that your users can use to search. AWS::ResourceExplorer2::DefaultViewAssociation Use the `AWS::ResourceExplorer2::DefaultViewAssociation` resource to designate a view as the default for its AWS Region in the account.	November 7, 2022
Improved insights on stack instances for stack set operations	AWS CloudFormation StackSets provides more detailed information on stack instances for stack set operations: `DescribeStackSetOperation` You can now use `DescribeStackSetOperation` to provide the count of failed stack instances for stack set operations during deployment. `ListStackInstances` You can now use the filtering option `LastOperationID` to list stack instances for stack set operations.	November 4, 2022
Updated resource	The following resource was updated: AWS::RDS::DBCluster AWS::RDS::DBCluster Use the `TimeoutAction` value in `ScalingConfiguration` property syntax to define the action to take when the timeout is reached. The `DBClusterArn` return value is the Amazon Resource Name (ARN) for the DB cluster. The `DBClusterResourceId` return value is the AWS Region-unique, immutable identifier for the DB cluster.	November 3, 2022
Updated resource	The following resource was updated: AWS::RDS::DBInstance AWS::RDS::DBInstance Use the `ReplicaMode` property to define the open mode of an Oracle read replica. The `DBInstanceArn` return value is the Amazon Resource Name (ARN) for the your instance. The `DbiResourceId` return value is the AWS Region-unique, immutable identifier for the DB instance.	November 3, 2022
Updated resource	The following resource was updated: AWS::RDS::DBClusterParameterGroup AWS::RDS::DBClusterParameterGroup Use the `DBClusterParameterGroupName` property to specify the name of the DB cluster parameter group.	November 3, 2022
Updated resource	The following resource was updated: AWS::RDS::OptionGroup AWS::RDS::OptionGroup Use the `OptionGroupName` property to specify the name of the new option group.	November 3, 2022
Updated resource	The following resource was updated: AWS::RDS::DBInstance AWS::RDS::DBParameterGroup Use the `DBParameterGroupName` property to specify the name of the DB parameter group.	November 3, 2022
New resource	The following resource and properties were added: AWS::SES::VdmAttributes, AWS::SES::ConfigurationSet VdmOptions . AWS::SES::VdmAttributes Use the `VdmAttributes` resource to specify the Virtual Deliverability Manager (VDM) attributes that apply to your Amazon SES account. AWS::SES::ConfigurationSet VdmOptions Use the `VdmOptions` property to specify the VDM properties that apply to a configuration set.	November 3, 2022
New resource	The following resource was added: AWS::SupportApp::SlackWorkspaceConfiguration. AWS::SupportApp::SlackWorkspaceConfiguration Use the `AWS::SupportApp::SlackWorkspaceConfiguration` resource to specify your configuration for the AWS Support App in Slack.	November 3, 2022
Updated resource	The following resource was updated: AWS::AutoScaling::AutoScalingGroup. AWS::AutoScaling::AutoScalingGroup Use the `DefaultInstanceWarmup` property to unify all the warm-up and cooldown settings for an Auto Scaling group and optimize the performance of scaling policies that scale continuously, such as target tracking and step scaling policies.	November 2, 2022
Updated resource	The following resource was updated: AWS::AppRunner::Service AWS::AppRunner::Service.IngressConfiguration New property. The ingress configuration of the App Runner service.	October 31, 2022
New resource	The following resource was added: AWS::AppRunner::VpcIngressConnection AWS::AppRunner::VpcIngressConnection Use the `AWS::AppRunner::VpcIngressConnection` resource to create or update an AWS App Runner VPC Ingress Connection.	October 31, 2022
New resource	The following resource was added: AWS::IoT::TopicRule LocationAction. AWS::IoT::TopicRule LocationAction The AWS::IoT::TopicRule LocationAction resource to specify a Location Action.	October 31, 2022
Updated resource	The following resource was updated: AWS::Connect::User UserIdentityInfo AWS::Connect::User UserIdentityInfo Use the `Mobile` property to specify the user's mobile number. Use the `SecondaryEmail` property to specify the user's secondary email address.	October 27, 2022
Updated resource	The following resource was updated: AWS::RUM::AppMonitor. AWS::RUM::AppMonitor The `MetricDestination` and `MetricDefinition` properties were added to the `AWS::RUM::AppMonitor` resource to support Amazon CloudWatch extended metrics. For more information, see Custom metrics and extended metrics that you can send to CloudWatch and CloudWatch Evidently.	October 27, 2022
Updated resource	The following resource was updated: AWS::Cognito::UserPoolClient AWS::Cognito::UserPool The `DeletionProtection` property of a user pool prevents accidental deletion of user pools.	October 24, 2022
Updated resource	The following property was added to the AWS::SES::DedicatedIpPool resource: AWS::SES::DedicatedIpPool Use the `ScalingMode` property to specify the scaling mode of a dedicated IP pool.	October 20, 2022
New resources	The following resources were added: AWS::AmplifyUIBuilder::Form. AWS::AmplifyUIBuilder::Form Use the `AWS::AmplifyUIBuilder::Form` resource to specify a form within an Amplify app.	October 20, 2022
New resource	The following new resource was added: `AWS::FSx::DataRepositoryAssociation` AWS::FSx::DataRepositoryAssociation Use the `DataRepositoryAssociation` resource to link an FSx for Lustre file system to an Amazon S3 data repository.	October 20, 2022
Updated resource	The following resource was updated: AWS::RDS::DBCluster AWS::RDS::DBCluster Use the `Domain` property to specify the directory ID of the Active Directory to create the DB cluster. Use the `DomainIAMRoleName` property to specify the name of the IAM role to use when making API calls to the Directory Service. Use the `NetworkType` property to indicate the network type of the DB cluster. The following properties now supported for Multi-AZ DB clusters: AllocatedStorage, AutoMinorVersionUpgrade, BackupRetentionPeriod, CopyTagsToSnapshot, DatabaseName, DBClusterIdentifier, DBClusterInstanceClass, DBClusterParameterGroupName, DBSubnetGroupName, DeletionProtection, EnableCloudwatchLogsExports, Engine, EngineVersion, Iops, KmsKeyId, MasterUsername, MasterUserPassword, MonitoringInterval, MonitoringRoleArn, PerformanceInsightsEnabled, PerformanceInsightsKmsKeyId, PerformanceInsightsRetentionPeriod, Port, PreferredBackupWindow, PreferredMaintenanceWindow, PubliclyAccessible, StorageEncrypted, StorageType, Tags, and VpcSecurityGroupIds	October 13, 2022
Updated resource	The following resource was updated: AWS::RDS::DBInstance AWS::RDS::DBInstance Use the `NetworkType` property to indicate the network type of the DB cluster.	October 13, 2022
Updated resource	The following resource was updated: AWS::Connect::PhoneNumber AWS::Connect::PhoneNumber Use the `AWS::Connect::PhoneNumber` resource to claim a phone number to an Amazon Connect instance or traffic distribution group.	October 10, 2022
New resource	The following resources were added: AWS::GreengrassV2::Deployment. AWS::GreengrassV2::Deployment Use the `AWS::GreengrassV2::Deployment` resource to create a new deployment to your core devices in AWS IoT Greengrass.	October 6, 2022
New and updated resources	The following resources were added: AWS::Transfer::Agreement, AWS::Transfer::Connector, AWS::Transfer::Certificate, and AWS::Transfer::Profile. The following resource was updated: AWS::Transfer::Server WorkflowDetails AWS::Transfer::Agreement Use the `Agreement` resource to specify an agreement between trading partners in AWS Transfer Family. AWS::Transfer::Certificate Use the `Certificate` resource to import signing and encryption certificates for AS2 in AWS Transfer Family. AWS::Transfer::Connector Use the `Connector` resource to create an entity that captures the parameters for an outbound AS2 connection in AWS Transfer Family. AWS::Transfer::Profile Use the `Profile` resource to specify local and partner profiles for servers in AWS Transfer Family that use the AS2 protocol. AWS::Transfer::Server WorkflowDetails Use the `OnPartialUpload` parameter to trigger a workflow in the case a transfer is interrupted and does not complete.	October 6, 2022
Updated resource	The following resource was updated: `AWS::KMS::Key`. AWS::KMS::Key If you change the value of an immutable property of an existing `AWS::KMS::Key` resource, the request to update the resource fails. Previously, changing the value of an immutable property caused the existing `AWS::KMS::Key` to be deleted and replaced. This change does not affect the `AWS::KMS::Alias` or `AWS::KMS::ReplicaKey` resources. If you change an immutable property of these resources, the resource is deleted and replaced.	September 30, 2022
Updated resource	The following resource was updated: AWS::RDS::DBCluster AWS::RDS::DBCluster Use the `ServerlessV2ScalingConfiguration` property to specify the scaling configuration of an Aurora Serverless V2 DB cluster. The `DBClusterResourceId` return value is the AWS Region-unique, immutable identifier for the DB cluster. Use the `DBInstanceParameterGroupName` property to specify the name of the DB parameter group to apply to all instances of the DB cluster.	September 29, 2022
Updated resource	The following resource was updated: AWS::RDS::DBInstance AWS::RDS::DBInstance Use the `NcharCharacterSetName` property to specify the name of the NCHAR character set for the Oracle DB instance. Use the `CustomIAMInstanceProfile` property to specify the instance profile associated with the underlying Amazon EC2 instance of an RDS Custom DB instance.	September 29, 2022
New resources	The following resources were added: AWS::IdentityStore::Group and AWS::IdentityStore::GroupMembership. AWS::IdentityStore::Group Use the `AWS::IdentityStore::Group` resource to manage groups in an identity store. AWS::IdentityStore::GroupMembership Use the `AWS::IdentityStore::GroupMembership` resource to manage group membership in an identity store.	September 29, 2022
New resource	The following resource was added: AWS::CloudFront::MonitoringSubscription. AWS::CloudFront::MonitoringSubscription Use the `AWS::CloudFront::MonitoringSubscription` resource to enable additional CloudWatch metrics for the specified Amazon CloudFront distribution. For more information, see Viewing additional CloudFront distribution metrics in the Amazon CloudFront Developer Guide.	September 29, 2022
Updated resource	The following resource was updated: AWS::IoT::CACertificate. AWS::IoT::CACertificate The AWS::IoT::CACertificate resource adds RemoveAutoRegistration property.	September 22, 2022
New resource	The following resource was added: AWS::IoTFleetWise::Campaign AWS::IoTFleetWise::Campaign Use the `AWS::IoTFleetWise::Campaign` resource to specify a campaign in AWS IoT FleetWise.	September 22, 2022
New resource	The following resource was added: AWS::IoTFleetWise::DecoderManifest AWS::IoTFleetWise::DecoderManifest Use the `AWS::IoTFleetWise::DecoderManifest` resource to specify a decoder manifest in AWS IoT FleetWise.	September 22, 2022
New resource	The following resource was added: AWS::IoTFleetWise::Fleet AWS::IoTFleetWise::Fleet Use the `AWS::IoTFleetWise::Fleet` resource to specify a fleet in AWS IoT FleetWise.	September 22, 2022
New resource	The following resource was added: AWS::IoTFleetWise::ModelManifest AWS::IoTFleetWise::ModelManifest Use the `AWS::IoTFleetWise::ModelManifest` resource to specify a model manifest in AWS IoT FleetWise.	September 22, 2022
New resource	The following resource was added: AWS::IoTFleetWise::SignalCatalog AWS::IoTFleetWise::SignalCatalog Use the `AWS::IoTFleetWise::SignalCatalog` resource to specify a signal catalog in AWS IoT FleetWise.	September 22, 2022
New resource	The following resource was added: AWS::IoTFleetWise::Vehicle AWS::IoTFleetWise::Vehicle Use the `AWS::IoTFleetWise::Vehicle` resource to specify a vehicle in AWS IoT FleetWise.	September 22, 2022
Updated resource	The following resource was updated: AWS::Cognito::UserPoolClient AWS::Cognito::UserPoolClient The `AuthSessionValidity` property of a user pool client makes it possible to increase the duration of a prompt for authentication input like a password or MFA code.	September 15, 2022
Updated resource	The following property was updated: `AWS::EKS::Cluster` `AWS::EKS::Cluster` Use the `OutpostConfig` property to specify the configuration of your local Amazon EKS cluster on an Outpost.	September 15, 2022
New resource	A new parameter was added to the AWS::Evidently::Project. Evidently resource type reference The `AppConfigResource` property was added to the `AWS::Evidently::Project` resource to enable you to use Client-side evaluation - powered by AWS AppConfig in your projects. For more information, see Use client-side evaluation - powered by AWS AppConfig.	September 15, 2022
Updated resources	The following resource was updated: AWS::EC2::LaunchTemplate. AWS::EC2::LaunchTemplate A description for the first version of the launch template.	September 8, 2022
Updated resource	The following resource was updated: `AWS::KMS::Key`. AWS::KMS::Key Add full `AWS::KMS::Key` support to Middle East (UAE) Region (me-central-1), including support for using a CloudFormation template to create and manage asymmetric KMS keys and multi-Region KMS keys (primary or replica).	September 8, 2022
Updated resource	The following resource was updated: AWS::OpenSearchService::Domain. AWS::OpenSearchService::Domain Use the `Throughput` property to specify the throughput of the EBS volumes attached to data nodes. This propertly applies only to the `gp3` volume type.	September 8, 2022
Updated resource	The following resource was updated: AWS::SNS::Topic. AWS::SNS::Topic Use the `DataProtectionPolicy` property to attach a DataProtectionPolicy to an SNS topic.	September 8, 2022
New resource	The following resource was added: AWS::CloudFront::OriginAccessControl. AWS::CloudFront::OriginAccessControl Use the `AWS::CloudFront::OriginAccessControl` resource to create a new origin access control in Amazon CloudFront. For more information, see Restricting access to an Amazon S3 origin in the Amazon CloudFront Developer Guide.	September 8, 2022
New resource	The following resource was added: AWS::Connect::InstanceStorageConfig AWS::Connect::InstanceStorageConfig Use the `AWS::Connect::InstanceStorageConfig` resource to configure instance storage.	September 1, 2022
New resource	The following resource was added: AWS::ControlTower::EnabledControl. AWS::ControlTower::EnabledControl Use the `AWS::ControlTower::EnabledControl` resource to specify an asynchronous operation that manages a control.	September 1, 2022
New resource	The following resource was added: `AWS::Macie::AllowList`. AWS::Macie::AllowList Use the `AWS::Macie::AllowList` resource to specify text or a text pattern for Amazon Macie to ignore when it inspects data sources for sensitive data.	September 1, 2022
Updated resource	The following resource was updated: AWS::APS::Workspace. AWS::APS::Workspace Use the `LoggingConfiguration` property to specify Amazon Managed Service for Prometheus workspace logging configuration.	August 30, 2022
Updated resources	The following resources were updated: AWS::AppMesh::VirtualNode, AWS::AppMesh::VirtualGateway, AWS::AppMesh::GatewayRoute and AWS::AppMesh::Route AWS::AppMesh::VirtualNode Use the `Format` property to represent the specified format for the logs. The format is either `json_format` or `text_format`. Use the `JsonFormatRef` resource to represent object that represents the key value pairs for the JSON. Use the `LoggingFormat` resource to represent object that represents the format for the logs. AWS::AppMesh::VirtualGateway Use the `VirtualGatewayFileAccessLogFormat` property to represent the specified format for the logs. The format is either `json_format` or `text_format`. Use the `JsonFormatRef` resource to represent object that represents the key value pairs for the JSON. Use the `LoggingFormat` resource to represent object that represents the format for the logs. AWS::AppMesh::GatewayRoute Use the `Port` property to represent the port number of the gateway route target. AWS::AppMesh::Route Use the `Port` property to represent the port number of the gateway route target. Use the `Port` property to represent an object that is the criteria for determining a request match. Use the `TcpRouteMatch` resource to represent an object that is the TCP route to match.	August 25, 2022
Updated resource	The following resource was updated: AWS::MediaPackage::OriginEndpoint. AWS::MediaPackage::OriginEndpoint. Use the `DVB_DASH_2014` property to select the DVB_DASH_2014 profile for the output.	August 25, 2022
New resource	The following resource was added: AWS::Connect::Instance AWS::Connect::Instance Use the `AWS::Connect::Instance` resource to create an instance.	August 25, 2022
New resource	The following resource was added: AWS::SupportApp::SlackChannelConfiguration. AWS::SupportApp::SlackChannelConfiguration Use the `AWS::SupportApp::SlackChannelConfiguration` resource to specify your configuration for the AWS Support App in Slack.	August 25, 2022
New resource	The following resource was added: AWS::SupportApp::AccountAlias. AWS::SupportApp::AccountAlias Use the `AWS::SupportApp::AccountAlias` resource to specify your alias name. You can use this alias to identify your AWS account in the AWS Support App.	August 25, 2022
Fn::ToJsonString intrinsic function	The `Fn::ToJsonString` intrinsic function converts an object or array to its corresponding JSON string. For more information, see `Fn::ToJsonString`.	August 24, 2022
Fn::Length intrinsic function	The `Fn::Length` intrinsic function returns the number of elements within an array or an intrinsic function that returns an array. For more information, see `Fn::Length`.	August 24, 2022
AWS::LanguageExtensions transform	The `AWS::LanguageExtensions` transform is a macro hosted by AWS CloudFormation that lets you use intrinsic functions and other functionalities not included by default in AWS CloudFormation. For more information, see `AWS::LanguageExtensions` transform.	August 24, 2022
Updated resources	The following resource was updated: AWS::WAFv2::WebACLAssociation. AWS::WAFv2::WebACLAssociation The `ResourceArn` property now accepts `AWS::Cognito::UserPool` ARNs.	August 23, 2022
Updated resource	The following resource was updated: AWS::FMS::Policy. AWS::FMS::Policy The `AWS::FMS::Policy` resource now allows you to manage third-party firewalls, as well as AWS Network Firewall policies that use centralized or distributed deployment models.	August 18, 2022
Updated resource	The following resource was updated: AWS::Lambda::EventSourceMapping. AWS::Lambda::EventSourceMapping Use the `SelfManagedKafkaEventSourceConfig` property to define specific configuration settings for a self-managed Kafka event source, such as the consumer group ID. Use the `AmazonManagedKafkaEventSourceConfig` property to define specific configuration settings for an MSK event source, such as the consumer group ID.	August 18, 2022
New resource	The following resource was added: AWS::DynamoDB::Table.ImportSourceSpecification AWS::DynamoDB::Table.ImportSourceSpecification Use the `AWS::DynamoDB::Table.ImportSourceSpecification` resource to import from S3 into DynamoDB.	August 18, 2022
Updated resource	The following resource was updated: AWS::CloudFront::Distribution. AWS::CloudFront::Distribution In the HttpVersion property, use the `http2and3` and `http3` values to specify the HTTP version(s) that you want viewers to use to communicate with Amazon CloudFront. For more information, see Supported HTTP versions in the Amazon CloudFront Developer Guide.	August 15, 2022
Updated resource	The following resources were updated: AWS::GuardDuty::Filter, AWS::GuardDuty::IPSet, and AWS::GuardDuty::ThreatIntelSet AWS::GuardDuty::Filter Use `Tags` property to specify metadata to add to a new filter resource. Use `Rank` property to specify position of the filter in the list of the current filters. AWS::GuardDuty::IPSet Use `Tags` property to specify metadata to add to a new IP set resource. AWS::GuardDuty::ThreatIntelSet Use `Tags` property to specify metadata to add to a new threat list resource.	August 15, 2022
New resources	The following resources were added: AWS::M2::Application and AWS::M2::Environment. AWS::M2::Application Use the `AWS::M2::Application` resource to specify an application in the AWS Mainframe Modernization service. AWS::M2::Environment Use the `AWS::M2::Environment` resource to specify a runtime environment in the AWS Mainframe Modernization service.	August 11, 2022
Updated resources	The following resources were updated: AWS::WAFv2::WebACL and AWS::WAFv2::RuleGroup. AWS::WAFv2::WebACL In the SqliMatchStatement property type, use the `SensitivityLevel` property to specify the sensitivity that you want to use to inspect for SQL injection attacks. AWS::WAFv2::RuleGroup In the SqliMatchStatement property type, use the `SensitivityLevel` property to specify the sensitivity that you want to use to inspect for SQL injection attacks.	August 4, 2022
Updated resource	The following resource was updated: AWS::GuardDuty::Detector AWS::GuardDuty::Detector Use the `CFNDataSourceConfigurations` property to specify the data source when detector is created. Use the `CFNMalwareProtectionConfiguration` property to specify enabling Malware Protection data source. Use the `CFNScanEc2InstanceWithFindingsConfiguration` property to specify enabling data source as Malware Protection for EC2 findings.	August 4, 2022
Updated resource	The following resource was updated: AWS::IoT::CACertificate. AWS::IoT::CACertificate The AWS::IoT::CACertificate resource adds RegistrationConfig type in RegistrationConfig property.	August 4, 2022
Updated resource	The following resource was updated: AWS::IoT::ProvisioningTemplate. AWS::IoT::ProvisioningTemplate The AWS::IoT::ProvisioningTemplate resource now supports TemplateType property.	August 4, 2022
Updated resource	The following resource was updated: AWS::RedshiftServerless::Workgroup AWS::RedshiftServerless::Workgroup The `additionalinfo` parameter was removed from `AWS::RedshiftServerless::Workgroup`.	July 28, 2022
Updated resource	The following resource was updated: AWS::Transfer::Server ProtocolDetails Use the `As2Transports` property to indicate the transport method for the AS2 messages.	July 28, 2022
Updates to resource	The following resource was updated: `AWS::SSO::PermissionSet`. `AWS::SSO::PermissionSet` Use the `CustomerManagedPolicyReferences` and `PermissionsBoundary` properties of the `AWS::SSO::PermissionSet` resource to assign customer managed policies and permissions boundaries in IAM Identity Center.	July 21, 2022
Updated resources	The following resource was updated: AWS::EC2::PlacementGroup. AWS::EC2::PlacementGroup Use the `SpreadLevel` parameter to determine how placement groups spread instances.	July 21, 2022
Updated resource	The following resource was updated: AWS::MediaPackage::OriginEndpoint. AWS::MediaPackage::OriginEndpoint. Updated the `presetSpeke20Audio` and `presetSpeke20Video`properties.	July 21, 2022
New resource	The AWS::Evidently::Segment resource was added. Evidently resource type reference Use a segment to define a portion of your audience that share one or more characteristics. For more information, see Use segments to focus your audience.	July 21, 2022
New resource	The following resource was added: AWS::Synthetics::Group. AWS::Synthetics::Group Use the `AWS::Synthetics::Group` resource to create a group. You can use groups to associate canaries with each other, including cross-Region canaries. Using groups can help you with managing and automating your canaries, and you can also view aggregated run results and statistics for all canaries in a group.	July 21, 2022
Managing events with AWS CloudFormation and Amazon EventBridge	Receive notifications when specific AWS CloudFormation events such as object creation or deletion occur in an AWS CloudFormation with EventBridge. For more information, see Managing events with Amazon EventBridge.	July 20, 2022
Updated resource	The following resource was updated: `AWS::KMS::Key`. AWS::KMS::Key Added support for SM2 key pairs (China Regions only), including the SM2 value for the `KeySpec` property.	July 14, 2022
Updated resource	The following resource was updated: AWS::SageMaker::NotebookInstance AWS::SageMaker::NotebookInstance Use the `InstanceMetadataServiceConfiguration` property to specify information about the IMDS configuration of the notebook instance. Use the `InstanceMetadataServiceConfiguration.MinimumInstanceMetadataServiceVersion` property to specify the minimum IMDS version that the notebook instance supports.	July 14, 2022
New resources	Use these resources to manage your Amazon Redshift Serverless instance. AWS::RedshiftServerless::Workgroup Use the `AWS::RedshiftServerless::Workgroup` resource to manage compute resources in Amazon Redshift Serverless. AWS::RedshiftServerless::Namespace Use the `AWS::RedshiftServerless::Namespace` resource to manage database objects and users in Amazon Redshift Serverless.	July 12, 2022
Account level	AWS CloudFormation announces the general availability of account filter type, a feature that allows customers to limit deployment targets to individual accounts or include additional accounts with provided OUs. For more information, see Account level targets.	July 7, 2022
Updated resource	The following resource was updated: AWS::RefactorSpaces::Route. AWS::RefactorSpaces::Route In the DefaultRouteInput property type, use the `ActivationState` property to specify the activation state of the route. In the UriPathRouteInput property type, use the `ActivationState` property to specify the activation state of the route.	June 30, 2022
New resources	The following resources were added: AWS::LakeFormation::DataCellsFilter, AWS::LakeFormation::TagAssociation, documentation target="AWS::LakeFormation::Tag, AWS::LakeFormation::PrincipalPermissions AWS::LakeFormation::DataCellsfilter Use the `DataCellsFilter` resource to specify a structure for a data cell filter. AWS::LakeFormation::PrincipalPermissions Use the `AWS::LakeFormation::PrincipalPermissions` resource to specify the permissions that a principal has on an resource. AWS::LakeFormation::Tag Use the `AWS::LakeFormation::Tag` resource to specify an LF-tag, which consists of a key and one or more possible values for the key. AWS::LakeFormation::TagAssociation Use the `AWS::LakeFormation::TagAssociation` resource to assign an LF-tag to a Data Catalog resource.	June 30, 2022
New resource	The following resource was added: AWS::DataSync::LocationFSxONTAP. AWS::DataSync::LocationFSxONTAP Use the `AWS::DataSync::LocationFSxONTAP` resource to create a location for an Amazon FSx for ONTAP file system.	June 30, 2022
New resource	The following resource was added: AWS::IoT::CACertificate AWS::IoT::CACertificate Use the `AWS::IoT::CACertificate`to specify a CA certificate.	June 30, 2022
New resource	The following resource was added: AWS::SES::DedicatedIpPool. AWS::SES::DedicatedIpPool Use the `DedicatedIpPool` resource to create a new pool of dedicated IP addresses.	June 30, 2022
New resource	The following resource and properties were added: AWS::SES::EmailIdentity, AWS::SES::EmailIdentity ConfigurationSetAttributes, AWS::SES::EmailIdentity DkimAttributes, AWS::SES::EmailIdentity DkimSigningAttributes, AWS::SES::EmailIdentity FeedbackAttributes, and AWS::SES::EmailIdentity MailFromAttributes. AWS::SES::EmailIdentity Use the `EmailIdentity` resource to specify an identity, such as an email address or domain, for using within SES. AWS::SES::EmailIdentity ConfigurationSetAttributes Use the `ConfigurationSetAttributes` property to associate a configuration set with an email identity. AWS::SES::EmailIdentity DkimAttributes Use the `DkimAttributes` property to enable or disable DKIM authentication for an email identity. AWS::SES::EmailIdentity DkimSigningAttributes Use the `DkimSigningAttributes` property to configure or change the DKIM authentication settings for an email domain identity. AWS::SES::EmailIdentity FeedbackAttributes Use the `FeedbackAttributes` property to enable or disable feedback forwarding for an identity. AWS::SES::EmailIdentity MailFromAttributes Use the `MailFromAttributes` property to enable or disable the custom Mail-From domain configuration for an email identity.	June 30, 2022
Updated resources	The following resources were updated: `AWS::AppStream::Stack` AWS::AppStream::Stack Use the `StreamingExperienceSettings` property to specify the streaming protocol you want your stack to prefer. This can be UDP or TCP. Currently, UDP is only supported in the Windows native client.	June 28, 2022
New resource	The following resource was added: AWS::CloudTrail::EventDataStore AWS::CloudTrail::EventDataStore Use the `EventDataStore` resource to specify an event data store in CloudTrail Lake. Event data stores are immutable collections of events based on criteria that you select by applying advanced event selectors. For more information, see Working with CloudTrail Lake in the AWS CloudTrail User Guide. AWS::CloudTrail::EventDataStore.AdvancedEventSelector Use the `AdvancedEventSelector` property to specify fine-grained event properties for data events that you want to log to an event data store. For more information, see Data events in the AWS CloudTrail User Guide. AWS::CloudTrail::EventDataStore.AdvancedFieldSelector Use the `AdvancedFieldSelector` property to specify fine-grained event properties for data events that you want to log to an event data store. An `AdvancedFieldSelector` is a single selector statement within an advanced event selector. For more information, see Data events in the AWS CloudTrail User Guide.	June 23, 2022
New resource	The following resources were added: AWS::ConnectCampaigns::Campaign AWS::ConnectCampaigns::Campaign Use the `AWS::ConnectCampaigns::Campaign` resource to create a high-volume outbound campaign.	June 23, 2022
Updated resources	The following resources were updated: AWS::MediaTailor::Channel, AWS::MediaTailor::LiveSource, AWS::MediaTailor::SourceLocation, and AWS::MediaTailor::VodSource. AWS::MediaTailor::Channel Added `DashPlaylistSettings`, `HlsPlaylistSettings`, `LogConfigurationForChannel`, `RequestOutputItem`, and `SlateSource` properties. AWS::MediaTailor::ChannelPolicy Added `ChannelName`and `Policy` properties. AWS::MediaTailor::LiveSource Added `HttpPackageConfiguration` property. AWS::MediaTailor::SourceLocation Added `AccessConfiguration`, `DefaultSegmentDeliveryConfiguration`, `HttpConfiguration`, `SecretsManagerAccessTokenConfiguration`, and `SegmentDeliveryConfiguration` properties. AWS::MediaTailor::VodSource Added `HttpPackageConfiguration` property.	June 22, 2022
Updated resources	The following resource was updated: AWS::MediaTailor::PlaybackConfiguration. AWS::MediaTailor::PlaybackConfiguration Added `DashConfiguration.ManifestEndpointPrefix`, `HlsConfiguration.ManifestEndpointPrefix`, `PlaybackConfigurationArn`, `PlaybackEndpointPrefix`, and `SessionInitializationEndpointPrefix` return values.	June 16, 2022
New resources	The following resource and properties were added: AWS::Route53::CidrCollection, AWS::Route53::RecordSet.CidrRoutingConfig, and AWS::Route53::RecordSetGroup CidrRoutingConfig AWS::Route53::CidrCollection Use the `AWS::Route53::CidrCollection` resource to create a CIDR collection for IP-based DNS routing. AWS::Route53::RecordSet.CidrRoutingConfig Use the `AWS::Route53::RecordSet.CidrRoutingConfig` property to update IP-routing information for the DNS record that you want to create. AWS::Route53::RecordSetGroup CidrRoutingConfig Use the `AWS::Route53::RecordSetGroup CidrRoutingConfig` property to link a resource record set to a CIDR location.	June 16, 2022
Updated resources	The following resource was updated: AWS::EC2::LaunchTemplate. AWS::EC2::LaunchTemplate LaunchTemplateData Use the `DisableApiStop` parameter to enable or disable an instance for stop protection.	June 9, 2022
Updated resource	The following resource was updated: AWS::DataSync::LocationEFS. AWS::DataSync::LocationEFS Use the `AccessPointArn` property to specify an access point for your Amazon EFS file system. Use the `FileSystemAccessRoleArn` property to specify an IAM role that DataSync assumes when mounting your file system. Use the `InTransitEncryption` property to specify whether you want DataSync to use Transport Layer Security (TLS) 1.2 encryption when it copies data to or from your file system.	June 9, 2022
Updated resource	The following property was added to the AWS::SES::ConfigurationSetEventDestination resource: AWS::SES::ConfigurationSetEventDestination SnsDestination Use the `SnsDestination` property to specify an Amazon Simple Notification Service (Amazon SNS) event destination to publish email sending events.	June 9, 2022
Updated resource	The following properties were updated to SES API v2 for the AWS::SES::ConfigurationSet resource: AWS::SES::ConfigurationSet DeliveryOptions Use the `DeliveryOptions` property to assign a dedicated IP pool to this configuration set. AWS::SES::ConfigurationSet ReputationOptions Use the `ReputationOptions` property to enable or disable collection of reputation metrics for emails sent with this configuration set. AWS::SES::ConfigurationSet SendingOptions Use the `SendingOptions` property to enable or disable email sending for messages that use this configuration set. AWS::SES::ConfigurationSet SuppressionOptions Use the `SuppressionOptions` property to specify a list that contains the reasons that email addresses are automatically added to the suppression list. AWS::SES::ConfigurationSet TrackingOptions Use the `TrackingOptions` property to specify a custom domain to use for open and click tracking elements in emails that you send from this configuration set.	June 9, 2022
New resource	The following resources were added: AWS::Connect::TaskTemplate AWS::Connect::TaskTemplate Use the `AWS::Connect::TaskTemplate` resource to create a task template.	June 9, 2022
Updated resource	The following resource was updated: AWS::Transfer::Server ProtocolDetails Use the `SetStatOption` to ignore the error that is generated when the client attempts to use SETSTAT on a file you are uploading to an S3 bucket.	May 26, 2022
New resource	The following resource was added: `AWS::EMRServerless::Application`. AWS::EMRServerless::Application Use the `AWS::EMRServerless::Application` resource to specify an EMR Serverless application.	May 26, 2022
New resources	The following resources were added: AWS::IoTWireless::NetworkAnalyzerConfiguration AWS::IoTWireless::NetworkAnalyzerConfiguration Gets information about a network analyzer configuration.	May 25, 2022
Updated resource	The following resource was updated: AWS::Cognito::UserPoolClient AWS::Cognito::UserPoolClient The `EnablePropagateAdditionalUserContextData` property of a user pool client makes it possible to pass IP address information to advanced security features with unauthenticated API requests.	May 20, 2022
Updated resources	The following resources were updated: AWS::AppMesh::VirtualNode and AWS::AppMesh::Mesh AWS::AppMesh::VirtualNode Use the `DnsServiceDiscovery` property to represent the DNS service discovery information for your virtual node. Use the `AwsCloudMapServiceDiscovery` property to represent the AWS Cloud Map service discovery information for your virtual node. AWS::AppMesh::Mesh Use the `MeshServiceDiscovery` resource to represent the service discovery information for a service mesh.	May 19, 2022
Updated resources	The following resources were updated: AWS::Lightsail::LoadBalancer and AWS::Lightsail::LoadBalancerTlsCertificate AWS::Lightsail::LoadBalancer Use the `tlsPolicyName` property to specify a TLS security policy for the load balancer. AWS::Lightsail::LoadBalancerTlsCertificate Use the `httpsRedirectionEnabled` property to indicate whether HTTPS redirection is enabled for the load balancer that the TLS certificate is attached to.	May 19, 2022
Updated resource	The following resource was updated: AWS::Synthetics::Canary. AWS::Synthetics::Canary The `DeleteLambdaResourcesOnCanaryDeletion` parameter was added. You can specify this parameter when you create or update a canary to have the canary's Lambda resources deleted when the canary is deleted.	May 12, 2022
Updated resource	The following resource was updated: AWS::DataSync::Task. AWS::DataSync::Task In the `Options` property type, use the `ObjectTags` property to specify whether object tags are maintained when transferring between object storage systems.	May 12, 2022
New resource	The following resource was added: AWS::IoT::RoleAlias AWS::IoT::RoleAlias Use the `AWS::IoT::RoleAlias`to specify a role alias.	May 12, 2022
New resources	New resources were added to Network Manager: AWS::NetworkManager::CoreNetwork, AWS::NetworkManager::ConnectAttachment, AWS::NetworkManager::ConnectPeer, AWS::NetworkManager::SiteToSiteVpnAttachment, and AWS::NetworkManager::VpcAttachment. AWS::NetworkManager::CoreNetwork Use the `AWS::NetworkManager::CoreNetwork` to create a core network. AWS::NetworkManager::ConnectAttachment Use the `AWS::NetworkManager::CoreNetwork.ConnectAttachment` to create a Connect attachment. AWS::NetworkManager::ConnectPeer Use the `AWS::NetworkManager::ConnectPeer` to create a Connect peer attachment. AWS::NetworkManager::SiteToSiteVpnAttachment Use the `AWS::NetworkManager::SiteToSiteVpnAttachment` to create a site-to-site VPN attachment. AWS::NetworkManager::VpcAttachment Use the `AWS::NetworkManager::VpcAttachment` to create a VPC attachment.	May 11, 2022
Updated resources	The following resources were updated: AWS::WAFv2::WebACL and AWS::WAFv2::RuleGroup. AWS::WAFv2::WebACL Use the `Cookies` property to specify that a rule statement should inspect the cookies in web requests. Use the `CookieMatchPattern` property to specify a subset of all cookies for inspection. Use the `Headers` property to specify that a rule statement should inspect the headers in web requests. Use the `HeaderMatchPattern` property to specify a subset of all headers for inspection. In the Body property type, use the `OversizeHandling` property to specify how to handle web requests that have oversize body contents. In the JsonBody property type, use the `OversizeHandling` property to specify how to handle web requests that have oversize body contents. AWS::WAFv2::RuleGroup Use the `Cookies` property to specify that a rule statement should inspect the cookies in web requests. Use the `CookieMatchPattern` property to specify a subset of all cookies for inspection. Use the `Headers` property to specify that a rule statement should inspect the headers in web requests. Use the `HeaderMatchPattern` property to specify a subset of all headers for inspection. In the Body property type, use the `OversizeHandling` property to specify how to handle web requests that have oversize body contents. In the JsonBody property type, use the `OversizeHandling` property to specify how to handle web requests that have oversize body contents.	May 5, 2022
New resource	The following resource was added: AWS::Rekognition::StreamProcessor. AWS::Rekognition::StreamProcessor The `AWS::Rekognition::StreamProcessor` type creates a stream processor used to detect and recognize faces or to detect connected home labels in a streaming video.	May 5, 2022
New resource	The following resources were added: AWS::VoiceID::Domain AWS::VoiceID::Domain Use the `AWS::VoiceID::Domain` resource to create a Voice ID domain.	May 5, 2022
New resource	The following resource was added: AWS::EC2::KeyPair. AWS::EC2::KeyPair Use the `KeyPair` resource to create or import a key pair.	April 28, 2022
New resource	The following resource was added: `AWS::Route53Profiles::Profile`. AWS::Route53Profiles::Profile Added the `AWS::Route53Profiles::Profile` resource was added to support the shareing of Route 53 configurations across VPCs and AWS accounts.	April 24, 2022
New resource	The following resource was added: `AWS::Route53Profiles::ProfileAssociation`. AWS::Route53Profiles::ProfileAssociation Added the `AWS::Route53Profiles::ProfileAssociation` resource was added to support associating a Route 53 Profile to a VPC.	April 24, 2022
New resource	The following resource was added: `AWS::Route53Profiles::ProfileAssociation`. AWS::Route53Profiles::ProfileResourceAssociation Added the `AWS::Route53Profiles::ProfileResourceAssociation` resource was added to support associating resources to a Route 53 Profile.	April 24, 2022
Updated resources	The following resource was updated: AWS::Batch::ComputeEnvironment AWS::Batch::ComputeEnvironment Use the `ReplaceComputeEnvironment` property to specify whether the compute environment should be replaced if an update is made that requires replacing the instances in the compute environment. Use the `UpdatePolicy` property to specify the infrastructure update policy for the compute environment. AWS::Batch::JobDefinition Added a `JobQueueArn` attribute to the return values.	April 21, 2022
Updated resource	New parameters were added to AWS::Evidently::Experiment and AWS::Evidently::Launch Evidently resource type reference New parameters were added to AWS::Evidently::Experiment and AWS::Evidently::Launch to allow you to use AWS CloudFormation to start and stop experiments and launches.	April 21, 2022
New resources	The following resources were added: AWS::IoTTwinMaker::ComponentType, AWS::IoTTwinMaker::Entity, AWS::IoTTwinMaker::Scene, and AWS::IoTTwinMaker::Workspace AWS::IoTTwinMaker::ComponentType Use the `AWS::IoTTwinMaker::ComponentType` resource to declare a component type. AWS::IoTTwinMaker::Entity Use the `AWS::IoTTwinMaker::Entity` resource to declare an entity. AWS::IoTTwinMaker::Scene Use the `AWS::IoTTwinMaker::Scene` resource to declare a scene. CFNResource Use the `AWS::IoTTwinMaker::Workspace` resource to declare a workspace.	April 21, 2022
New resource	The following resources were added: AWS::Connect::PhoneNumber AWS::Connect::PhoneNumber Use the `AWS::Connect::PhoneNumber` resource to create a phone number.	April 21, 2022
Updated resource	The following resource was updated: `AWS::KMS::Key`. AWS::KMS::Key Added support for HMAC KMS keys, including new HMAC values for the `KeySpec` property and the `GENERATE_VERIFY_MAC` value for the `KeyUsage` property. You can also use the `AWS::KMS::ReplicaKey` resource to create a replica of a multi-Region HMAC key. However, the properties of this resource did not change.	April 19, 2022
Updated resources	The following resources were updated: `AWS::AppStream::Fleet` AWS::AppStream::Fleet Use the `SessionScriptS3Location` property to specify the S3 location of the session scripts configuration zip file. This only applies to Elastic fleets.	April 14, 2022
Updated resource	The following resource was updated: AWS::CloudWatch::MetricStream. AWS::CloudWatch::MetricStream In the MetricStream resource, use the `MetricStreamStatisticsConfiguration` to have the metric stream include additional statistics such as percentile statistics in the stream.	April 14, 2022
Updated resource	The following resource was updated: AWS::AppRunner::Service AWS::AppRunner::Service.ObservabilityConfiguration New property. The observability configuration of the App Runner service.	April 12, 2022
New resource	The following resource was added: AWS::AppRunner::ObservabilityConfiguration AWS::AppRunner::ObservabilityConfiguration Use the `AWS::AppRunner::ObservabilityConfiguration` resource to create or update an AWS App Runner observability configuration.	April 12, 2022
Updated resources	The following resource was updated: AWS::EC2::LaunchTemplate. AWS::EC2::LaunchTemplate NetworkInterface Use the `Ipv4PrefixCount` or `Ipv4Prefixes` properties to assign IPv4 prefixes to a network interface. Use the `Ipv6PrefixCount` or `Ipv6Prefixes` properties to assign IPv6 prefixes to a network interface.	April 7, 2022
New resource	The following resource was added: AWS::Events::Endpoint. AWS::Events::Endpoint Use the `AWS::Events::Endpoint` resource to create a Amazon EventBridge global endpoint and mae your application Regional-fault tolerant.	April 7, 2022
New resource	The following resource was added: AWS::Lambda::Url. AWS::Lambda::Url Use the `Url` resource to add a function URL endpoint to your Lambda function.	April 7, 2022
Updated resource	The following resources were updated: AWS::SageMaker::Domain, AWS::SageMaker::UserProfile AWS::SageMaker::Domain Use the `UserSettings.RStudioServerProAppSettings` property to configure user interaction with the `RStudioServerPro` app. Use the `RStudioServerProAppSettings` property to configure user interaction with the `RStudioServerPro` app. Use the `RStudioServerProAppSettings.AccessStatus` property to indicate whether the current user has access to the `RStudioServerPro` app. Use the `RStudioServerProAppSettings.UserGroup` property to indicate the level of permissions that the user has within the `RStudioServerPro` app. Use the `RStudioServerProDomainSettings` property to configure the `RStudioServerPro` Domain-level app. Use the `RStudioServerProDomainSettings.DefaultResourceSpec` property to define the default `InstanceType`, `SageMakerImageArn` and `SageMakerImageVersionArn` for the Domain. Use the `RStudioServerProDomainSettings.DomainExecutionRoleArn` property to indicate the ARN of the execution role for the `RStudioServerPro` Domain-level app. Use the `RStudioServerProDomainSettings.RStudioConnectUrl` property to indicate a URL pointing to an RStudio Connect server. Use the `RStudioServerProDomainSettings.RStudioPackageManagerUrl` property to indicate a URL pointing to an RStudio Package Manager server. Use the `DomainSettings` property to indicate a collection of settings that apply to the `SageMaker Domain`. Use the `DomainSettings.RStudioServerProDomainSettings` property to configure the `RStudioServerPro` Domain-level app. Use the `DomainSettings.SecurityGroupIds` property to indicate security groups for the Amazon Virtual Private Cloud (Amazon VPC) that the `Domain` uses for communication between Domain-level apps and user apps. AWS::SageMaker::UserProfile Use the `UserSettings.RStudioServerProAppSettings` property to configure user interaction with the `RStudioServerPro` app. Use the `RStudioServerProAppSettings` property to configure user interaction with the `RStudioServerPro` app. Use the `RStudioServerProAppSettings.AccessStatus` property to indicate whether the current user has access to the `RStudioServerPro` app. Use the `RStudioServerProAppSettings.UserGroup` property to indicate the level of permissions that the user has within the `RStudioServerPro` app.	March 31, 2022
New resource	The following resource was added: AWS::DataSync::LocationFSxOpenZFS. AWS::DataSync::LocationFSxOpenZFS Use the `AWS::DataSync::LocationFSxOpenZFS` resource to specify an Amazon FSx for OpenZFS file system.	March 31, 2022
Updated resource	The following resource was updated: AWS::ServiceCatalog::CloudFormationProduct ProvisioningArtifactProperties. AWS::ServiceCatalog::CloudFormationProduct ProvisioningArtifactProperties The AWS::ServiceCatalog::CloudFormationProduct ProvisioningArtifactProperties resource now supports the Type property.	March 30, 2022
Updated resource	The following resource was updated: AWS::Lambda::Function. AWS::Lambda::Function Use the `EphemeralStorage` property to set the function's ephemeral (/tmp) storage to any any whole number between 512 and 10240 MB.	March 24, 2022
Updated resource	The following property type was updated: AWS::Lex::Bot. AWS::Lex::Bot Use the AudioLogSetting property to configure logging of audio conversation with your users. Use the AudioLogSetting property to configure the Lambda functions used for each of your bot's locales. Use the ConversationLogsSettings property to manage logging that saves audio, text, and metadata of the conversations with your users. Use the CustomVocabulary property to define custom vocabularies for your slot types. Use the LambdaCodeHook property to specify a Lambda function that verifies requests to the bot or fulfills the user's request. Use the S3BucketLogDestination property to configure the Amazon S3 bucket to hold audio conversation logs. Use the SlotValueSelectionSetting property to configure advanced settings for recognizing slot values. Use the TestBotAliasSettings property to configure the alias used for testing a bot. Use the TextLogSetting property to configure text logs for conversations.	March 24, 2022
New resource	The following resource was added: AWS::IoTEvents::AlarmModel. AWS::IoTEvents::AlarmModel Use the `AlarmModel` resource to monitor an AWS IoT Events input attribute.	March 24, 2022
Updated resource	The following resource was updated: `AWS::FSx::Filesystem` AWS::FSx::Filesystem FSx for OpenZFS file system root volumes now support the LZ4 `DataCompressionType`.	March 17, 2022
Updated resource	The following resource was updated: `AWS::FSx::Volume` AWS::FSx::Volume FSx for OpenZFS volumes now support the LZ4 `DataCompressionType`.	March 17, 2022
Updated resource	The following resource was updated: `AWS::FSx::Volume` AWS::FSx::Volume FSx for OpenZFS volumes now support using the value `0` to un-set the `StorageCapacityQuotaGiB` for a volume.	March 17, 2022
Updated resource	The following resource was updated: `AWS::FSx::Volume` AWS::FSx::Volume FSx for OpenZFS volumes now support using the value `0` to un-set the `StorageCapacityReservationGiB` for a volume.	March 17, 2022
Updated resource	The following resource was updated: `AWS::FSx::Volume` AWS::FSx::Volume FSx for OpenZFS volumes now support setting the suggested block size for a volume.	March 17, 2022
Updated resource	The following resource was updated: AWS::FSx::Filesystem AWS::FSx::FileSystem FSx for ONTAP file systems now support lower ThroughputCapacity settings.	March 17, 2022
Updated resource	The following resource was updated: AWS::FIS::ExperimentTemplate. AWS::FIS::ExperimentTemplate Use the `LogConfiguration` property to configure experiment logging. Use the `Parameters` property to specify criteria used to identify target resources.	March 11, 2022
Updated resource	The following resource was updated: AWS::AutoScaling::ScalingPolicy. AWS::AutoScaling::ScalingPolicy Use the `AWS::AutoScaling::ScalingPolicy` property to specify custom metrics when you create predictive scaling policies. You can also use metric math to further customize the metrics that you include in your policy.	March 10, 2022
Updated resource	The following resource was updated: `AWS::StepFunctions::StateMachine` AWS::StepFunctions::StateMachine The `StateMachineType` attribute is now `IMMUTABLE`.	March 10, 2022
New resources	The following resources were added: `AWS::Personalize::Dataset`, `AWS::Personalize::Dataset DatasetImportJob`, `AWS::Personalize::DatasetGroup`, `AWS::Personalize::Schema`, `AWS::Personalize::Solution`, and `AWS::Personalize::Solution SolutionConfig`. AWS::Personalize::Dataset Use the `AWS::Personalize::Dataset` resource to specify a dataset in Amazon Personalize. AWS::Personalize::Dataset DatasetImportJob Use the `AWS::Personalize::Dataset DatasetImportJob` resource to specify a dataset import job in Amazon Personalize. AWS::Personalize::DatasetGroup Use the `AWS::Personalize::DatasetGroup` resource to specify a dataset group in Amazon Personalize. AWS::Personalize::Schema Use the `AWS::Personalize::Schema` resource to specify a schema in Amazon Personalize. AWS::Personalize::Solution Use the `AWS::Personalize::Solution` resource to specify a solution in Amazon Personalize. AWS::Personalize::Solution SolutionConfig Use the `AWS::Personalize::Solution SolutionConfig` resource to specify a solution configuration in Amazon Personalize.	March 10, 2022
Updated resources	The following resources were updated: AWS::RedshiftServerless::Workgroup and AWS::RedshiftServerless::Namespace AWS::RedshiftServerless::Workgroup Added a number of return values to the `AWS::RedshiftServerless::Workgroup` resource. AWS::RedshiftServerless::Namespace Added a number of return values to the `AWS::RedshiftServerless::Namespace` resource.	March 9, 2022
New resource	The following resource was added: `AWS::EKS::IdentityProviderConfig` `AWS::EKS::IdentityProviderConfig` Use the `OidcIdentityProviderConfig` resources to specify an identity provider config and `RequiredClaim` to specify required claims.	March 7, 2022
Updated resources	The following resources were updated: AWS::DataBrew::Job AWS::DataBrew::Job Add MaxOutputFiles parameter to the Output data type to specify the maximum number of files to be generated by a profile job and written to the output folder.	March 3, 2022
Added resource	The following resource was added: AWS::ManagedBlockchain::Accessor AWS::ManagedBlockchain::Accessor Use the `Accessor` to create a new accessor for use with Managed Blockchain Ethereum nodes.	March 2, 2022
Updated resources	The following resources were updated: AWS::Batch::ComputeEnvironment, and AWS::Batch::JobQueue AWS::Batch::ComputeEnvironment Added a `ComputeEnvironmentArn` attribute to the return values. AWS::Batch::JobQueue Added a `JobQueueArn` attribute to the return values.	February 24, 2022
Updated resource	The following resource was updated: AWS::AutoScaling::WarmPool. AWS::AutoScaling::WarmPool Use the `PoolState` property to specify `Hibernated` to stop instances in a warm pool without deleting their RAM contents. Use the `InstanceReusePolicy` property to return instances to the warm pool on scale in, instead of always terminating instance capacity that you will need later.	February 24, 2022
Updated resource	The following resource was updated: AWS::Transfer::Server Use the `PreAuthenticationLoginBanner` property to specify a string to display when users connect to a server, before they authenticate. Use the `PostAuthenticationLoginBanner` property to specify a string to display when users connect to a server, after they authenticate.	February 24, 2022
New resource	The following resource was added: AWS::DataSync::LocationFSxLustre. AWS::DataSync::LocationFSxLustre Use the `AWS::DataSync::LocationFSxLustre` resource to specify an Amazon FSx for Lustre file system.	February 24, 2022
Updated resource	The following resource was updated: AWS::WAFv2::WebACL. AWS::WAFv2::WebACL You can now define `ManagedRuleGroupConfigs` for a `ManagedRuleGroupStatement`, to provide configuration specific to the managed rule group. This is required to use the managed rule group, `AWSManagedRulesATPRuleSet`.	February 17, 2022
New resources	The following new resources were added to Network Manager: AWS::NetworkManager::ConnectAttachment, AWS::NetworkManager::ConnectPeer, AWS::NetworkManager::CoreNetwork, AWS::NetworkManager::SiteToSiteVPNAttachment, and AWS::NetworkManager::VPCAttachment. AWS::NetworkManager::ConnectAttachment Use the `AWS::NetworkManager::ConnectAttachment` to create a core network Connect attachment. AWS::NetworkManager::ConnectPeer Use the `AWS::NetworkManager::ConnectPeer` create a core network Connect Peer attachment. AWS::NetworkManager::CoreNetwork Use the `AWS::NetworkManager::CoreNetwork` to create a core network. AWS::NetworkManager::SiteToSiteVPNAttachment Use the `AWS::NetworkManager::SiteToSiteVPNAttachment` create a core network site-to-site VPN attachment. AWS::NetworkManager::VPCAttachment Use the `AWS::NetworkManager::VPCAttachment` create a core network VPC attachment.	February 17, 2022
Updated resources	The following resource was updated: AWS::EC2::LaunchTemplate. AWS::EC2::LaunchTemplate PrivateDnsNameOptions Use the `PrivateDnsNameOptions` property to set options for instance hostnames. AWS::EC2::LaunchTemplate MetadataOptions Use the `InstanceMetadataTags` property to allow access to instance tags from the instance metadata.	February 10, 2022
New resources	The following resources were added: `AWS::CloudFormation::HookDefaultVersion`, `AWS::CloudFormation::HookTypeConfig`, and `AWS::CloudFormation::HookVersion`. `AWS::CloudFormation::HookDefaultVersion` Use the `AWS::CloudFormation::HookDefaultVersion` resource to specify the default version of the hook. `AWS::CloudFormation::HookTypeConfig` Use the `AWS::CloudFormation::HookTypeConfig` resource to specify the configuration of a hook. `AWS::CloudFormation::HookVersion` Use the `AWS::CloudFormation::HookVersion` resource to publish the hook version in the AWS CloudFormation registry.	February 10, 2022
New resources	The following resources were added: AWS::ECR::PullThroughCacheRule AWS::ECR::PullThroughCacheRule Use the `AWS::ECR::PullThroughCacheRule` property to create a pull through cache rule for your private registry. Pull through cache rules provide a way to cache images from an external public registry in your private registry	February 10, 2022
CloudFormation registry	AWS CloudFormation announces the general availability of hooks, a feature that allows customers to invoke custom logic to automate actions or inspect resource configurations prior to a create, update or delete stack operation. For more information, see Developing hooks in the User Guide for Extension Development.	February 10, 2022
Updated resource	The following resource was updated: AWS::AppRunner::Service AWS::AppRunner::Service.NetworkConfiguration New property. Configuration settings related to network traffic of the web application that the App Runner service runs.	February 8, 2022
New resource	The following resource was added: AWS::AppRunner::VpcConnector AWS::AppRunner::VpcConnector Use the `AWS::AppRunner::VpcConnector` resource to create or update an AWS App Runner VPC connector.	February 8, 2022
Updated resource	The following resource was updated: AWS::Events::Rule. AWS::Events::Rule The Rule.SageMakerPipelineParameter.PipelineParameterList is a list of parameter names and values for SageMaker Model Building Pipeline execution. The Rule.SageMakerPipelineParameter.Name is the name of parameter to start execution of a SageMaker Model Building Pipeline. The Rule.SageMakerPipelineParameter.Value is the value of parameter to start execution of a SageMaker Model Building Pipeline.	February 3, 2022
New properties	The following properties were added under AWS::ApplicationInsights::Application.ConfigurationDetails: HANAPrometheusExporter Use the `HANAPrometheusExporter` property of the `AWS::ApplicationInsights::Application` resource to define the HANA DB Prometheus Exporter settings. HAClusterPrometheusExporter Use the `HAClusterPrometheusExporter` property of the `AWS::ApplicationInsights::Application` resource to define the HA Cluster Prometheus Exporter settings.	February 3, 2022
Updated resource	The following resource was updated: `RotationRules` AWS::SecretsManager::RotationSchedule RotationRules Use `RotationRules` to set a detailed schedule to rotate your secret.	January 31, 2022
Updated resources	The following resource was updated: AWS::CustomerProfiles::Integration. AWS::CustomerProfiles::Integration Use the `AWS::CustomerProfiles::Integration` resource to create a new integration in Amazon Connect Customer Profiles Service.	January 27, 2022
Updated resources	The following resources were updated: `AWS::Location::GeofenceCollection`, `AWS::Location::Map`, `AWS::Location::PlaceIndex`, `AWS::Location::RouteCalculator`, and `AWS::Location::Tracker`. AWS::Location::GeofenceCollection Updated the `AWS::Location::GeofenceCollection` resource to no longer use `PricingPlan` or `PricingPlanDataSource`. AWS::Location::Map Updated the `AWS::Location::Map` resource to no longer use `PricingPlan`. AWS::Location::PlaceIndex Updated the `AWS::Location::PlaceIndex` resource to no longer use `PricingPlan`. AWS::Location::RouteCalculator Update the `AWS::Location::RouteCalculator` resource to no longer use `PricingPlan`. AWS::Location::Tracker Update the `AWS::Location::Tracker` resource to no longer use `PricingPlan` or `PricingPlanDataSource`.	January 27, 2022
Updated resource	The following resource was updated: AWS::IVS::RecordingConfiguration AWS::IVS::RecordingConfiguration Use the `ThumbnailConfiguration` property to specify an Amazon IVS ThumbnailConfiguration, which stores configuration information related to generating thumbnail images for your live stream.	January 27, 2022
New resource	The following resource was added: AWS::AppIntegrations::DataIntegration AWS::AppIntegrations::DataIntegration Use the `AWS::AppIntegrations::DataIntegration` resource to create a DataIntegration.	January 27, 2022
New collection resource	The following resource was added: AWS::Rekognition::Collection. AWS::Rekognition::Collection The `AWS::Rekognition::Collection` type creates a server-side container called a collection. You can use a collection to store information about detected faces and search for known faces in images, stored videos, and streaming videos.	January 27, 2022
New resources	The following resources were added: AWS::Forecast::Dataset and AWS::Forecast::DatasetGroup. AWS::Forecast::Dataset Use the `AWS::Forecast::Dataset` resource to import a new or updated dataset in Amazon Forecast. AWS::Forecast::DatasetGroup Use the `AWS::Forecast::DatasetGroup` resource to create a Dataset Group in Amazon Forecast.	January 23, 2022
Updated resources	The following resources were updated: AWS::DataBrew::Job AWS::DataBrew::Job Add BucketOwner parameter to the S3Location data type to define the owner of the specified S3 bucket.	January 20, 2022
Updated resource	The following resources were updated: `AWS::Location::Tracker`, AWS::Location::Tracker Added `AccuracyBased` as a new value for `PositionFiltering` for trackers.	January 20, 2022
New resources	The following resources were added: AWS::Lightsail::Certificate, AWS::Lightsail::Container, and AWS::Lightsail::Distribution AWS::Lightsail::Certificate Use the `AWS::Lightsail::Certificate` resource to specify an Amazon Lightsail certificate that you can use with a Lightsail content delivery network (CDN) distribution and a Lightsail container service. AWS::Lightsail::Container Use the `AWS::Lightsail::Container` resource to specify an Amazon Lightsail container service. AWS::Lightsail::Distribution Use the `AWS::Lightsail::Distribution` resource to specify an Amazon Lightsail CDN distribution.	January 20, 2022
New resource	The following resource was added: AWS::KafkaConnect::Connector AWS::KafkaConnect::Connector Creates an MSK Connect connector.	January 20, 2022
Updated resource	The following resources were updated: AWS::AppSync::Resolver and AWS::AppSync::FunctionConfiguration AWS::AppSync::Resolver Use the `MaxBatchSize` property to specify the maximum number of resolver request inputs that will be sent to a single AWS Lambda function in a `BatchInvoke` operation. AWS::AppSync::FunctionConfiguration Use the `MaxBatchSize` property to specify the maximum number of resolver request inputs that will be sent to a single AWS Lambda function in a `BatchInvoke` operation.	January 13, 2022
Updated resource	The following resource was updated: AWS::FMS::Policy. AWS::FMS::Policy The `AWS::FMS::Policy` resource now allows you to manage Shield Advanced automatic application layer DDoS mitigation for Shield Advanced policies that you use for Amazon CloudFront distributions.	January 7, 2022
Updated resource	The following property was updated: `AWS::EKS::Cluster KubernetesNetworkConfig` `AWS::EKS::Cluster KubernetesNetworkConfig` Use the `IpFamily` property to specify whether you want your version 1.21 or later cluster to assign IPv4 or IPv6 addresses to pods and services.	January 6, 2022
Updated resource	The following property type was updated: AWS::Lex::Bot. AWS::Lex::Bot In the ExternalSourceSetting property type, use the `GrammarSlotTypeSetting` property to specify that the slot type is defined by an external grammar. In the GrammarSlotTypeSetting property type, use the `Source` property to specify the location of a file that contains a grammar defining the slot type. In the GrammarSlotTypeSource property type, use the `KmsKeyArn`, `S3BucketName`, and `S3ObjectKey` properties to specify the S3 bucket location of a file that contains a grammar defining the slot type.	January 6, 2022
New resources	The following resources were added: AWS::Lightsail::Alarm, AWS::Lightsail::Bucket, AWS::Lightsail::LoadBalancer, and AWS::Lightsail::LoadBalancerTlsCertificate AWS::Lightsail::Alarm Use the `AWS::Lightsail::Alarm` resource to specify an Amazon Lightsail alarm. AWS::Lightsail::Bucket Use the `AWS::Lightsail::Bucket` resource to specify an Amazon Lightsail bucket. AWS::Lightsail::LoadBalancer Use the `AWS::Lightsail::LoadBalancer` resource to specify an Amazon Lightsail load balancer. AWS::Lightsail::LoadBalancerTlsCertificate Use the `AWS::Lightsail::LoadBalancerTlsCertificate` resource to specify a certificate that you can use with an Amazon Lightsail load balancer that is in the same AWS Region and Availability Zone.	January 6, 2022
New resource	The following resource was added: AWS::InspectorV2::Filter. AWS::InspectorV2::Filter Use the `AWS::InspectorV2::Filter` resource to specify a filter.	January 6, 2022
New resource	The following resource is new: AWS::IoT::JobTemplate AWS::IoT::JobTemplate Use the `AWS::IoT::JobTemplate` resource to specify a job template.	January 6, 2022
New resources	The following resources were added: `AWS::AppStream::ApplicationEntitlementAssociation` and `AWS::AppStream::Entitlement` AWS::AppStream::ApplicationEntitlementAssociation Use the `AWS::AppStream::ApplicationEntitlementAssociation` resource to specify an association between an application and entitlement. AWS::AppStream::Entitlement Use the `AWS::AppStream::Entitlement` resource to specify an entitlement.	January 5, 2022
Updated resources	The following resources were updated: AWS::WAFv2::WebACL and AWS::WAFv2::RuleGroup. AWS::WAFv2::WebACL You can now use single regular expression (regex) match statements with `RegexMatchStatement`. You can now specify a `CAPTCHA` rule action. AWS::WAFv2::RuleGroup You can now use single regular expression (regex) match statements with `RegexMatchStatement`. You can now specify a `CAPTCHA` rule action.	December 9, 2021
Updated resource	The following resource was updated: AWS::Kinesis::Stream. AWS::Kinesis::Stream Use the `StreamModeDetails` property to specify the capacity mode to which you want to set your data stream. Currently, in Kinesis Data Streams, you can choose between an on-demand capacity mode and a provisioned capacity mode for your data streams.	December 9, 2021
Properties updated	For the `AWS::Chatbot::SlackChannelConfiguration` resource, the GuardrailPolicies property was updated and the UserRoleRequired property was added. AWS::Chatbot::SlackChannelConfiguration Use the `GuardrailPolicies` property to list policy ARNs applied as channel guardrails for AWS Chatbot. AWS::Chatbot::SlackChannelConfiguration Use the `UserRoleRequired` property to enable the use of a user role requirement in AWS Chatbot configurations.	December 9, 2021
New resources	The following resources were added: AWS::Lex:Bot, AWS::Lex::BotAlias, AWS::Lex::BotVersion, and AWS::Lex::ResourcePolicy. AWS::Lex::Bot Use the `AWS::Lex::Bot` resource to specify an Amazon Lex chatbot. AWS::Lex::BotAlias Use the `AWS::Lex::BotAlias` resource to specify an alias for an Amazon Lex chatbot. AWS::Lex::BotVersion Use the `AWS::Lex::BotVersion` resource to specify a version of an Amazon Lex chatbot. AWS::Lex::ResourcePolicy Use the `AWS::Lex::ResourcePolicy` resource to specify a new resource policy for an Amazon Lex chatbot.	December 9, 2021
Updated resource	The following resources were updated: AWS::GameLift::GameSessionQueue, AWS::GameLift::MatchmakingConfiguration, AWS::GameLift::MatchmakingRuleSet, AWS::GameLift::Script AWS::GameLift::GameSessionQueue Use the `Tags` property to add a list of labels to new game session queue resources. AWS::GameLift::MatchmakingConfiguration Use the `Tags` property to add a list of labels to new matchmaking configurations. AWS::GameLift::MatchmakingRuleSet Use the `Tags` property to add a list of labels to new matchmaking rule sets. AWS::GameLift::Script Use the `Tags` property to add a list of labels to new scripts.	December 8, 2021
New resources	The following resources were added: AWS::AppSync::DomainName and AWS::AppSync::DomainNameApiAssociation AWS::AppSync::DomainName Use the `AWS::AppSync::DomainName` resource to specify the configuration for a custom domain. AWS::AppSync::DomainNameApiAssociation Use the `AWS::AppSync::DomainNameApiAssociation` property to specify the mapping of a custom domain name to an assigned API URL.	December 6, 2021
Updated resources	The following resource was updated: AWS::WAFv2::LoggingConfiguration. AWS::WAFv2::LoggingConfiguration You can now log web ACL traffic to an Amazon CloudWatch Logs log group or an Amazon Simple Storage Service (Amazon S3) bucket. These options are in addition to the existing option of logging to an Amazon Data Firehose.	December 3, 2021
Updated resource	The following resource was updated: AWS::S3::StorageLens. AWS::S3::StorageLens CloudWatchMetrics Use the `AWS::S3::StorageLens CloudWatchMetrics` resource to enable the Amazon CloudWatch publishing option for S3 Storage Lens metrics.	December 3, 2021
Updated resource	The following resource was updated: AWS::S3::Bucket OwnershipControlsRule. AWS::S3::Bucket OwnershipControlsRule Updated `ObjectOwnership` property to add a new allowed value: `BucketOwnerEnforced`. You can apply this S3 Object Ownership setting to disable access control lists (ACLs) and take ownership of all the objects in your bucket.	December 3, 2021
Updated resource	The following resource was updated: AWS::SageMaker::EndpointConfig AWS::SageMaker::EndpointConfig Use the `ServerlessConfig` property to specify a serverless configuration for a serverless endpoint. Use the `MaxConcurrency` property to specify the maximum concurrent invocations for a serverless endpoint. Use the `MemorySizeInMB` property to specify the memory size (in MB) for a serverless endpoint.	December 3, 2021
New resources	The following resources were added: AWS::AmplifyUIBuilder::Component and AWS::AmplifyUIBuilder::Theme. AWS::AmplifyUIBuilder::Component Use the `AWS::AmplifyUIBuilder::Component` resource to specify a component within an Amplify app. AWS::AmplifyUIBuilder::Theme Use the `AWS::AmplifyUIBuilder::Theme` resource to specify a collection of style settings to apply globally to the components in an Amplify app.	December 3, 2021
New resources	The following resources were added: AWS::ResilienceHub::App Creates an AWS Resilience Hub application. AWS::ResilienceHub::ResiliencyPolicy Defines a resiliency policy.	December 3, 2021
New resource	The following resources were added: AWS::Evidently::Experiment, AWS::Evidently::Feature, AWS::Evidently::Launch, and AWS::Evidently::Project Evidently resource type reference Use Amazon CloudWatch Evidently to safely validate new features by serving them to a specified percentage of your users while you roll out the feature. You can monitor the performance of the new feature to help you decide when to ramp up traffic to your users. This helps you reduce risk and identify unintended consequences before you fully launch the feature. You can also conduct A/B experiments to make feature design decisions based on evidence and data. For more information, see Perform launches and A/B experiments with CloudWatch Evidently.	December 3, 2021
New resource	The following resources were added: AWS::Connect::ContactFlow and AWS::Connect::ContactFlowModule AWS::Connect::ContactFlow Use the `AWS::Connect::ContactFlow` resource to create a flow. AWS::Connect::ContactFlowModule Use the `AWS::Connect::ContactFlowModule` resource to create a flow module.	December 3, 2021
New resource	The following new resource was added: AWS::FSx::Snapshot AWS::FSx::Snapshot Use the `Snapshot` resource to create a snapshot of an FSx for ONTAP or Amazon FSx for OpenZFS volume.	December 3, 2021
New resource	The following new resource was added: AWS::FSx::StorageVirtualMachine AWS::FSx::StorageVirtualMachine Use the `StorageVirtualMachine` resource to create an FSx for ONTAP storage virtual machine.	December 3, 2021
New resource	The following new resource was added: AWS::FSx::Volume AWS::FSx::Volume Use the `Volume` resource to create an FSx for ONTAP or Amazon FSx for OpenZFS volume.	December 3, 2021
New resource	The following resource was added: AWS::RUM::AppMonitor. AWS::RUM::AppMonitor Use the AWS::RUM::AppMonitor resource to create or update an Amazon CloudWatch RUM app monitor. For more information, see Set up an application to use CloudWatch RUM.	December 3, 2021
New resource	The following resource was added: AWS::Timestream::ScheduledQuery. AWS::Timestream::ScheduledQuery Use the `AWS::Timestream::ScheduledQuery` resource to create a new scheduled query for an existing table in Amazon Timestream.	December 3, 2021
Updated resource	The following resource was updated: AWS::SES::ConfigurationSetEventDestination AWS::SES::ConfigurationSetEventDestination Use the new property SnsDestination with the `ConfigurationSetEventDestination` resource as an event destination associated with a configuration set which enables you to publish email sending events. In the property type EventDestination, new property `SnsDestination` specifies the topic ARN associated with an Amazon Simple Notification Service (Amazon SNS) event destination.	November 25, 2021
Updated resources	`AWS::ElastiCache::ReplicationGroup.` `AWS::ElastiCache::ReplicationGroup` The `data-tiering-enabled` parameter enables data tiering. Data tiering is only supported for replication groups using the r6gd node type. If you elect not to use data-tiering, set the parameter to `no-data-tiering-enabled.` For more information, see Data tiering.	November 23, 2021
Updated resource	The following resource was updated: AWS::Logs::LogGroup. AWS::Logs::LogGroup The AWS::Logs::LogGroup resource now supports tags.	November 22, 2021
Updated resources	The following resources were updated: `AWS::AppStream::Fleet` AWS::AppStream::Fleet Use the `FleetType` property to specify an ELASTIC fleet. Use the `Platform` property to specify platform of the fleet. Use the `MaxConcurrentSessions` property to specify the maximum concurrent sessions of an Elastic fleet. Use the `UsbDeviceFilterStrings` property to specify the USB device filter strings for an Elastic fleet..	November 18, 2021
Updated resources	The following resources were updated: AWS::DataBrew::Job, AWS::DataBrew::Ruleset AWS::DataBrew::Job Updates to support the following features: handling personally identifiable information (PII), data quality rules, and custom SQL queries.	November 18, 2021
Updated resources	The following resources were updated: AWS::Transfer::Server Use the `IdentityProviderType` resource to specify a the identity provider to use with your AWS Transfer Family server. A new type, `LAMBDA`, was added.	November 18, 2021
Updated resource	The following resource was updated: AWS::FinSpace::Environment AWS::FinSpace::Environment Use the `DataBundles` property to specify a list of data bundles to install. Use the `SuperuserParameters` property to specify configuration information of the superuser.	November 18, 2021
Updated resource	The following resource was updated: AWS::FSx::FileSystem AWS::FSx::FileSystem Use ONTAP for the FileSystemType, to use an ONTAP file system. Use `OntapConfiguration` parameter to configure an Amazon FSx ONTAP file system.	November 18, 2021
New resources	The following resources were added: `AWS::AppStream::Application`, `AWS::AppStream::AppBlock`, and `AWS::AppStream::ApplicationFleetAssociation` AWS::AppStream::Application Use the `AWS::AppStream::Application` resource to specify an application. AWS::AppStream::AppBlock Use the `AWS::AppStream::AppBlock` resource to specify an app block. AWS::AppStream::ApplicationFleetAssociation Use the `AWS::AppStream::ApplicationFleetAssociation` resource to specify an association between an application and fleet.	November 18, 2021
New resource	The following resource was updated: AWS::FSx::FileSystem AWS::FSx::FileSystem Use the `FileSystemTypeVersion` attribute to specify the file system version of an Amazon FSx for Lustre file system.	November 18, 2021
New resource	The following resource was added: AWS::Transfer::Workflow Use the `Workflow` resource to specify a managed workflow for file processing using AWS Transfer Family.	November 18, 2021
New resource	The following resource was added: AWS::SSM::ResourcePolicy AWS::SSM::ResourcePolicy Creates or updates a Systems Manager resource policy. A resource policy helps you to define the IAM entity (for example, an AWS account) that can manage your Systems Manager resources. Currently, `OpsItemGroup` is the only resource that supports Systems Manager resource policies. The resource policy for `OpsItemGroup` enables AWS accounts to view and interact with OpsCenter operational work items (OpsItems). OpsCenter is a capability of Systems Manager. For more information about OpsCenter, see Systems Manager OpsCenter in the Systems Manager User Guide.	November 17, 2021
Updated resource	The following resource was updated: AWS::Location::Tracker AWS::Location::Tracker Use the `PositionFiltering` property to specify how you want positions in your tracker to be filtered.	November 12, 2021
Updated resources	The following resources were updated: AWS::Batch::ComputeEnvironment, AWS::Batch::JobDefinition, and AWS::Batch::JobQueue AWS::Batch::ComputeEnvironment Use the `UnmanagedvCpus` property to specify the maximum number of vCPUs for an unmanaged compute environment. AWS::Batch::JobDefinition Use the `SchedulingPriority` property to specify the scheduling priority for job definition. AWS::Batch::JobQueue Use the `SchedulingPolicyArn` property to specify the scheduling policy for a job queue.	November 11, 2021
Updated resources	The following resource was updated: AWS::SageMaker::Endpoint AWS::SageMaker::Endpoint Use the `DeploymentConfig` property to specify the deployment configuration for an endpoint, which contains the desired deployment strategy and rollback configurations. Use the `AutoRollbackConfig` property to specify the the automatic rollback configuration for handling endpoint deployment failures and recovery. Use the `Alarm` property to specify a list of CloudWatch alarms that are configured to monitor metrics on an endpoint. Use the `AlarmName` property to specify the name of a CloudWatch alarm in your account. Use the `BlueGreenUpdatePolicy` property to specify the update policy for a blue/green deployment. Use the `MaximumExecutionTimeoutInSeconds` property to specify the maximum execution timeout for a blue/green deployment. Use the `TerminationWaitInSeconds` property to specify additional waiting time in seconds after the completion of an endpoint deployment before terminating the old endpoint fleet Use the `TrafficRoutingConfig` property to specify the traffic routing strategy during a blue/green endpoint deployment. Use the `CanarySize` property to specify the batch size for the first step to turn on traffic on the new endpoint fleet. Use the `LinearStepSize` property to specify the batch size for each step to turn on traffic on the new endpoint fleet Use the `Type` property to specify the traffic routing strategy type (all at once, canary, or linear). Use the `WaitIntervalInSeconds` property to specify the waiting time (in seconds) between incremental steps to turn on traffic on the new endpoint fleet. Use the `CapacitySize` property to specify the endpoint capacity to activate for production. Use the `Type` property to specify the endpoint capacity type to use (instance count or capacity percent). Use the `Value` property to specify the capacity size, either as a number of instances or a capacity percentage. Use the `RetainDeploymentConfig` property to specify whether to reuse the last deployment configuration. The default value is false (the configuration is not reused)	November 11, 2021
New resources	The following resource was added: AWS::Batch::SchedulingPolicy AWS::Batch::SchedulingPolicy Use the `AWS::Batch::SchedulingPriority` resource to specify a scheduling policy.	November 11, 2021
New resources	The following resources were added: AWS::IoTWireless::FuotaTask, AWS::IoTWireless::MulticastGroup AWS::IoTWireless::FuotaTask Gets information about a FUOTA task. AWS::IoTWireless::MulticastGroup Gets information about a multicast group.	November 11, 2021
Updated resource	The following resource was updated: AWS::Backup::BackupSelection AWS::Backup::BackupSelection The `BackupSelection` resource type supports a number of new resource assignment options, including `StringLike` and the ability to exclude resources from your backup plans.	November 10, 2021
Updated resource	The following resource was updated: `AWS::EKS::Cluster` `AWS::EKS::Cluster ClusterLogging` Use the `ClusterLogging` property to specify the cluster control plane configuration for your cluster. `AWS::EKS::Cluster Logging` Use the `Logging` property to enable or disable exporting the Kubernetes control plane logs for your cluster to CloudWatch Log. `AWS::EKS::Cluster LoggingTypeConfig` Use the `LoggingTypeConfig` property to specify the enabled logging type. `AWS::EKS::Cluster ResourcesVpcConfig` Use the `EndpointPrivateAccess` property to enable or disable private access for your cluster's Kubernetes API server endpoint. Use the `EndpointPublicAccess` property to enable or disable public access to your cluster's Kubernetes API server endpoint. Use the `PublicAccessCidrs` property to specify the CIDR blocks that are allowed access to your cluster's public Kubernetes API server endpoint.	November 10, 2021
Updated resources	The following resources were updated: AWS::EC2::SpotFleet and AWS::EC2::EC2Fleet. AWS::EC2::SpotFleet.SpotCapacityRebalance Use the `TerminationDelay` property type to specify a delay in termination of your Spot Instances that receive a rebalance notification. AWS::EC2::EC2Fleet.SpotOptionsRequest Use the `MaintenanceStrategies` property type to manage your Spot Instances that are at an elevated risk of being interrupted. AWS::EC2::EC2Fleet.CapacityRebalance Use the `CapacityRebalance` property to proactively augment your fleet with a new Spot Instance before a running Spot Instance is interrupted by Amazon EC2.	November 4, 2021
Updated resources	The following resources were updated: AWS::NetworkFirewall::FirewallPolicy and AWS::NetworkFirewall::RuleGroup AWS::NetworkFirewall::FirewallPolicy Use the `StatefulDefaultActions` property to establish default actions to take on a packet that doesn't match any stateful rules when using strict rule ordering. Use the `StatefulEngineOptions` property to govern how Network Firewall handles stateful rules. AWS::NetworkFirewall::RuleGroup Use the `StatefulRuleOptions` property to govern how Network Firewall handles stateful rules.	November 4, 2021
Updated resources	The following resource was updated: AWS::Pinpoint::Campaign. AWS::Pinpoint::Campaign InAppMessageBodyConfig Specifies the configuration of main body text of the in-app message. AWS::Pinpoint::Campaign InAppMessageButton Specifies the configuration of a button that appears in an in-app message. AWS::Pinpoint::Campaign InAppMessageContent Specifies the configuration and contents of an in-app message. AWS::Pinpoint::Campaign InAppMessageHeaderConfig Specifies the configuration and content of the header or title text of the in-app message.	November 4, 2021
Updated resource	The following resource was updated: AWS::CloudFront::Distribution. AWS::CloudFront::Distribution In the CacheBehavior and DefaultCacheBehavior property types, use the `ResponseHeadersPolicyId` property to specify a response headers policy to associate with the cache behavior. For more information, see Adding HTTP headers to CloudFront responses in the Amazon CloudFront Developer Guide.	November 4, 2021
Updated resource	The following resource was updated: AWS::MWAA::Environment TagMap The `TagMap` property has been removed the service resource specification.	November 4, 2021
Updated resource	The following resource was updated: AWS::Redshift. Amazon Redshift resource type reference AWS::Redshift::EndpointAccess to create a Amazon Redshift-managed VPC endpoint. Amazon Redshift resource type reference AWS::Redshift::EndpointAuthorization to describe an endpoint authorization for authorizing Amazon Redshift-managed VPC endpoint access to a cluster across AWS accounts. Amazon Redshift resource type reference AWS::Redshift::EventSubscription to create an event notification subscription. Amazon Redshift resource type reference AWS::Redshift::ScheduledAction to create a scheduled action to run an API operation.	November 4, 2021
New resources	The following resource was added: AWS::Pinpoint::InAppTemplate. AWS::Pinpoint::InAppTemplate Creates a message template that you can use to send in-app messages.	November 4, 2021
New resource	The following resource was added: AWS::CloudFront::ResponseHeadersPolicy. AWS::CloudFront::ResponseHeadersPolicy Use the `AWS::CloudFront::ResponseHeadersPolicy` resource to create a new response headers policy in Amazon CloudFront. For more information, see Adding HTTP headers to CloudFront responses in the Amazon CloudFront Developer Guide.	November 4, 2021
New resource	The following resource was added: AWS::DataSync::LocationHDFS. AWS::DataSync::LocationHDFS Use the `AWS::DataSync::LocationHDFS` resource to specify an endpoint for a Hadoop Distributed File System (HDFS).	November 4, 2021
New resource	The following resource was added: AWS::EC2::CapacityReservationFleet. AWS::EC2::CapacityReservationFleet Use the `CapacityReservationFleet` property to create a Capacity Reservation Fleet.	November 4, 2021
Updated resource	The following resource was updated: AWS::EC2::EC2Fleet. InstanceRequirementsRequest Use the `InstanceRequirementsRequest` property to specify instance attributes, which Amazon EC2 uses to identify instance types.	October 28, 2021
Updated resource	The following resource was updated: AWS::EC2::SpotFleet. InstanceRequirementsRequest Use the `InstanceRequirementsRequest` property to specify instance attributes, which Amazon EC2 uses to identify instance types.	October 28, 2021
Updated resource	The following resource was updated: AWS::AutoScaling::AutoScalingGroup. AWS::AutoScaling::AutoScalingGroup MixedInstancesPolicy Use the `OnDemandAllocationStrategy` property to specify `lowest-price` as the allocation strategy for your On-Demand capacity. AWS::AutoScaling::AutoScalingGroup MixedInstancesPolicy Use the `InstanceRequirements` property to specify the instance attributes that Amazon EC2 Auto Scaling uses for selecting instance types to fulfill your On-Demand and Spot capacities.	October 28, 2021
New resources	The following resources were added: AWS::Lightsail::Database and AWS::Lightsail::StaticIp AWS::Lightsail::Database Use the `AWS::Lightsail::Database` resource to specify an Amazon Lightsail database. AWS::Lightsail::StaticIp Use the `AWS::Lightsail::StaticIp` resource to specify a static IP that can be attached to an Amazon Lightsail instance that is in the same AWS Region and Availability Zone.	October 28, 2021
Updated resource	The following resources were updated: `AWS::MediaConnect::Flow.Source`, `AWS::MediaConnect::FlowOutput` AWS::MediaConnect::Flow Source Use the `AWS::MediaConnect::Flow.Source` resource to specify the details of the sources of the flow. AWS::MediaConnect::FlowOutput Use the `AWS::MediaConnect::FlowOutput` resource to specify the destination address, protocol, and port to send the ingested video to.	October 27, 2021
Updated resource	The following resource was updated: AWS::FMS::Policy. AWS::FMS::Policy The `AWS::FMS::Policy` resource now allows you to automatically remove protections from resources that leave policy scope.	October 21, 2021
Updated resource	The following resource was updated: `AWS::Cassandra::Table`. AWS::Cassandra::Table.DefaultTimeToLive Use the `AWS::Cassandra::Table.DefaultTimeToLive` property to set a default Time to Live (TTL) value for a table in Amazon Keyspaces (for Apache Cassandra).	October 21, 2021
Updated resource	The following resource was updated: AWS::SageMaker::NotebookInstance AWS::SageMaker::NotebookInstance Use the `PlatformIdentifier` property to set the platform identifier of the notebook instance runtime environment.	October 21, 2021
New resources	Use these resources to deploy computer vision applications to an AWS Panorama Appliance. AWS::Panorama::ApplicationInstance Creates and deploys an application instance. AWS::Panorama::Package Creates an application package. AWS::Panorama::PackageVersion Registers an application version.	October 21, 2021
New resource	The following resource was added: AWS::Rekognition:Project. AWS::Rekognition:Project Use the `Project` resource to create an Amazon Rekognition Custom Labels project.	October 21, 2021
New resources	The following resources were added: AWS::DeviceFarm::DevicePool, AWS::DeviceFarm::InstanceProfile, AWS::DeviceFarm::NetworkProfile, AWS::DeviceFarm::Project AWS::DeviceFarm::TestGridProject, and AWS::DeviceFarm::VPCEConfiguration. AWS::DeviceFarm::DevicePool Use the `AWS::DeviceFarm::DevicePool` resource to specify a device pool operation. AWS::DeviceFarm::InstanceProfile Use the `AWS::DeviceFarm::InstanceProfile` resource to specify a profile that can be applied to one or more private fleet device instances. AWS::DeviceFarm::NetworkProfile Use the `AWS::DeviceFarm::NetworkProfile` resource to specify a network profile. AWS::DeviceFarm::Project Use the `AWS::DeviceFarm::Project` resource to specify a project. AWS::DeviceFarm::TestGridProject Use the `AWS::DeviceFarm::TestGridProject` resource to specify a Selenium testing project. AWS::DeviceFarm::VPCEConfiguration Use the `AWS::DeviceFarm::VPCEConfiguration` resource to specify a configuration record in Device Farm for your Amazon Virtual Private Cloud (VPC) endpoint service.	October 14, 2021
New resource	The following resources were added: `AWS::Wisdom::Assistant`, `AWS::Wisdom::AssistantAssociation`, and `AWS::Wisdom::KnowledgeBase` AWS::Wisdom::Assistant Use the `AWS::Wisdom::Assistant` resource to specify an Amazon Connect Wisdom assistant. AWS::Wisdom::AssistantAssociation Use the `AWS::Wisdom::AssistantAssociation` resource to specify an association between an Amazon Connect Wisdom assistant and another resource. AWS::Wisdom::KnowledgeBase Use the `AWS::Wisdom::KnowledgeBase` resource to specify a knowledge base.	October 14, 2021
Updated resource	The following resource was updated: AWS::CodeBuild::Project ProjectBuildBatchConfig AWS::CodeBuild::Project ProjectBuildBatchConfig The `BatchReportMode` property was added to specify the how batch build reports are sent to the source provider.	October 13, 2021
New resource	The following resources were added: AWS::Connect::HoursOfOperation, AWS::Connect::User, AWS::Connect::UserHierarchyGroup AWS::Connect::HoursOfOperation Use the `AWS::Connect::HoursOfOperation` resource to create an hours of operation. AWS::Connect::User Use the `AWS::Connect::User` resource to create a user. AWS::Connect::UserHierarchyGroup Use the `AWS::Connect::UserHierarchyGroup` resource to create a user hierarchy group.	October 12, 2021
Updated resource	The following resource was updated: AWS::Backup::BackupVault AWS::Backup::BackupVault Use the `LockConfiguration` property to specify the configuration of AWS Backup; Vault Lock. AWS::Backup::Framework Use the `Framework` property to specify the configuration of an AWS Backup; Audit Manager framework. AWS::Backup::ReportPlan Use the `Report Plan` property to specify the configuration of an AWS Backup; Audit Manager report plan.	October 7, 2021
New resources	The following resources were added: AWS::Lightsail::Disk and AWS::Lightsail::Instance AWS::Lightsail::Instance Use the `AWS::Lightsail::Instance` resource to specify an Amazon Lightsail instance. AWS::Lightsail::Disk Use the `AWS::Lightsail::Disk` resource to specify a disk that can be attached to an Amazon Lightsail instance that is in the same AWS Region and Availability Zone.	October 7, 2021
New resource	The following resource was added: AWS::IoT::JobTemplate. AWS::IoT::JobTemplate Use the `AWS::IoT::DomainConfJobTemplateiguration` resource to specify a job template in AWS IoT Core.	October 7, 2021
New resource	The following resource was added: `AWS::Route53Resolver::ResolverConfig` AWS::Route53Resolver::ResolverConfig Use the `AWS::Route53Resolver::ResolverConfig` resource to specify information about a Route 53 Resolver configuration for a VPC.	October 7, 2021
Updated resources	The following resources were updated: AWS::ECR::ReplicationConfiguration AWS::ECR::ReplicationConfiguration Use the `AWS::ECR::ReplicationConfiguration` property to configure replication for the contents of a private repository. Support has been added to specify repository filters on a replication rule.	September 30, 2021
Updated resource	The following resource was updated: AWS::KinesisFirehose::DeliveryStream. AWS::KinesisFirehose::DeliveryStream Use the `AmazonopensearchserviceDestinationConfiguration` property type to specify the destination in Amazon OpenSearch Service. You can specify only one destination.	September 30, 2021
Updated resource	The following resources were updated: AWS::Lambda::LayerVersion and AWS::Lambda::Function. AWS::Lambda::Function Use the `Architectures` property to set the instruction set architecture for the function.	September 30, 2021
Updated resource	The following resource was updated: AWS::APS::Workspace. AWS::APS::Workspace The AWS::APS::Workspace resource was updated to include the `AlertManagerDefinition` property. For more information, see Alert manager and templating.	September 30, 2021
New resource	The following resource was added: AWS::APS::RuleGroupsNamespace. AWS::APS::RuleGroupsNamespace Use the AWS::APS::RuleGroupsNamespace resource to create or update an Amazon Managed Service for Prometheus rule groups namespace. A rule groups namespace contains Prometheus recording rules and alerting rules. For more information, see Recording rules and alerting rules.	September 30, 2021
Updated resource	The following resource was updated: AWS::AppSync::DataSource AWS::AppSync::DataSource Use the `OpenSearchServiceConfig` property to specify the configuration for an Amazon OpenSearch Service domain for an AWS AppSync data source.	September 23, 2021
New resources	The following resources were added: AWS::MemoryDB::Cluster, AWS::MemoryDB::ACL, AWS::MemoryDB::ParameterGroup, AWS::MemoryDB::SubnetGroup, and AWS::MemoryDB::User. AWS::MemoryDB::Cluster Use the `Cluster` resource to specify a MemoryDB cluster. AWS::MemoryDB::ACL Use the `ACL` resource to specify a MemoryDB access control list and associate it with a cluster. AWS::MemoryDB::ParameterGroup Use the `ParameterGroup` resource to specify a MemoryDB parameter group and associate it with a cluster. AWS::MemoryDB::SubnetGroup Use the `SubnetGroup` resource to specify a MemoryDB subnet group and associate it with a cluster. AWS::MemoryDB::User Use the `User` resource to specify a MemoryDB user and add it to an access control list.	September 23, 2021
Updated resources	The following resource was updated: AWS::EMR::Studio. AWS::EMR::Studio Use the `IdpAuthUrl` property to specify the authentication endpoint of your identity provider (IdP) when you use IAM authentication and want to let federated users log in to an Amazon EMR Studio with the Studio URL and credentials from your IdP. Use the `IdpRelayStateParameterName` property to specify the name that your identity provider uses for its RelayState parameter. Use the `UserRole` property only when you set `AuthMode` to `SSO`.	September 17, 2021
Updated resource	The following resource was updated: AWS::S3::Bucket. Monitoring metrics with Amazon CloudWatch Use the `AccessPointArn` property in `AWS::S3::Bucket MetricsConfiguration` to filter CloudWatch request metrics by access point.	September 17, 2021
Updated resource	The following resource was added: AWS::ACMPCA::Permission. AWS::ACMPCA::Permission Use the `AWS::ACMPCA::Permission` object to grant permissions on a private CA to the AWS Certificate Manager (ACM) service principal (acm.amazonaws.com). These permissions allow ACM to issue and renew ACM certificates that reside in the same AWS account as the CA.	September 16, 2021
New resources	The following resource was added: AWS::OpenSearchService::Domain. AWS::OpenSearchService::Domain Use the `AWS::OpenSearchService::Domain` resource to create an Amazon OpenSearch Service domain.	September 16, 2021
New resource	The following resource was added: AWS::APS::Workspace. AWS::APS::Workspace Use the AWS::APS::Workspace resource to create an Amazon Managed Service for Prometheus workspace. For more information, see Create a workspace.	September 16, 2021
Updated resource	The following resource was updated: AWS::SQS::Queue `RedriveAllowPolicy` includes the parameters for the dead-letter queue redrive permission. It defines which source queues can specify dead-letter queues as a JSON object.	September 9, 2021
Updated resource	The following resource was updated: `AWS::Cassandra::Table`. AWS::Cassandra::Table Use the `AWS::Cassandra::Table` resource to add new regular columns to existing tables in Amazon Keyspaces (for Apache Cassandra).	September 3, 2021
Updated resources	The following resource was updated: AWS::Transfer::Server AWS::Transfer::Server WorkflowDetail Use the `WorkflowDetail` property to specify the steps and other details for a workflow. AWS::Transfer::Server WorkflowDetails Use the `WorkflowDetails` property as a container for the `WorkflowDetails` property.	September 2, 2021
Updated resource	The following resource was updated: AWS::DataSync::Task. AWS::DataSync::Task Use the `Includes` property to specify files to include in a task.	September 2, 2021
Updated resource	The following resource was Updated: `AWS::EventSchemas::Discoverer`. AWS::EventSchemas::Discoverer Use the `CrossAccount` property to allow event schemas from other accounts to be discovered.	September 2, 2021
Updated resource	The following resource was updated: AWS::KinesisFirehose::DeliveryStream. AWS::KinesisFirehose::DeliveryStream DynamicPartitioningConfiguration property type is now supported for the delivery streams in CloudFormation.	September 2, 2021
Updated resource	The following resource was added: AWS::ACMPCA::CertificateAuthority OcspConfiguration. The following resource was updated: AWS::ACMPCA::CertificateAuthority RevocationConfiguration. AWS::ACMPCA::CertificateAuthority OcspConfiguration Use the `AWS::ACMPCA::CertificateAuthority OcspConfiguration` object to configure Online Certificate Status Protocol (OCSP) support on a CA.	September 2, 2021
New resource	The following resource is new: AWS::IoT::FleetMetric AWS::IoT::FleetMetric Use the `AWS::IoT::FleetMetric` resource to specify a fleet metric.	September 2, 2021
New resource	The following resources were added: AWS::S3::MultiRegionAccessPoint and AWS::S3::MultiRegionAccessPointPolicy. AWS::S3::MultiRegionAccessPoint Use the `AWS::S3::MultiRegionAccessPoint` resource to create an S3 Multi-Region Access Point configuration. AWS::S3::MultiRegionAccessPointPolicy Use the `AWS::S3::MultiRegionAccessPointPolicy` resource to create an S3 Multi-Region Access Point Policy configuration.	September 2, 2021
Terminology change	AWS KMS is replacing the term customer master key (CMK) with AWS KMS key and KMS key. The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations of this term.	August 30, 2021
Stack failure options	You can iteratively develop your applications when provisioning failures are encountered by starting from the point of failure without rolling back successfully provisioned resources. By specifying stack failure options, you can troubleshoot resources in a `CREATE_FAILED` or `UPDATE_FAILED` status. You can provision failure options for all stack deployments and change set operations. For more information, see Stack failure options.	August 30, 2021
Updated resource	The following resource was updated: AWS::CodeBuild::Project AWS::CodeBuild::Project The `ResourceAccessRole` and `Visibility` properties were added to support public builds.	August 19, 2021
Updated resource	The following resource was updated: AWS::AutoScaling::ScalingPolicy. AWS::AutoScaling::ScalingPolicy Use the `PredictiveScalingConfiguration` property to specify a predictive scaling policy configuration for an Auto Scaling group.	August 19, 2021
Updated resource	The following resource was updated: AWS::SageMaker::EndpointConfig AWS::SageMaker::EndpointConfig In the AsyncInferenceClientConfig property type, use the `MaxConcurrentInvocationsPerInstance` property to set the maximum number of concurent requests. In the AsyncInferenceConfig property type, use the `ClientConfig` to configure the behavior of the client SageMaker uses. Use `OutputConfig` to spcify invocation outputs. In the AsyncInferenceNotificationConfig property, use the `ErrorTopic` and `SuccessTopic` to define Amazon SNS topics to post a notification if the inference fails or completes successfully, respectively. In the OutputConfig property type use the `KmsKeyId` to encrypt the asynchronous inference output. Use `NotificationConfig` to specify the notification configuration and `S3OutputPath` to specify the output location in S3.	August 19, 2021
Updated resource	The following resource was updated: AWS::Elasticsearch::Domain. AWS::Elasticsearch::Domain Use the `ColdStorageOptions` property to specify whether to enable cold storage for the cluster.	August 17, 2021
Updated resources	The following resource was updated: AWS::WAFv2::WebACL. AWS::WAFv2::WebACL You can now specify the version to use for managed rule groups. For information, see `ManagedRuleGroupStatement`.	August 12, 2021
Updated resource	The following resource was updated: AWS::ApiGateway::DomainName. AWS::ApiGateway::DomainName Use the `OwnershipVerificationCertificateArn` property to specify the certificate ARN used to verify ownership of the domain using mutual TLS.	August 12, 2021
Updated resource	The following resource was updated: AWS::LookoutEquipment::InferenceScheduler AWS::LookoutEquipment::InferenceScheduler The ModelName property has changed so that an update requires replacement. The ServerSideKmsKeyId property has changed so that an update requires replacement.	August 12, 2021
Updated resource	The following resource was updated: AWS::SageMaker::Model. AWS::SageMaker::Model In the ImageConfig property type, use the `RepositoryAuthConfig` property to specify an authentication configuration for the private docker registry where your model image is hosted.	August 12, 2021
Updated resource	The following resource was added: AWS::WAFv2::LoggingConfiguration. AWS::WAFv2::LoggingConfiguration You can now define an association between Amazon Kinesis Data Firehose destinations and a web ACL resource, for logging.	August 12, 2021
Updated resource	The following resource was updated: AWS::AppSync::GraphQLApi AWS::AppSync::GraphQLApi Use the `LambdaAuthorizerConfig` property to specify the configuration for AWS Lambda function authorization.	August 5, 2021
Updated resource	The following resource was updated: AWS::FSx::FileSystem AWS::FSx::FileSystem In the WindowsConfiguration property type, use the `AuditLogConfiguration` property to enable audit event logging of end-user accesses of files, folders, and file shares on an Amazon FSx Windows File Server instance.	August 5, 2021
New resource	The following resource was added: AWS::Athena::PreparedStatement AWS::Athena::PreparedStatement Use the `AWS::Athena::PreparedStatement` resource to specify a prepared statement for use with SQL queries in Athena. Use prepared statements for repeated execution of the same query with different query parameters. A prepared statement contains parameter placeholders whose values are supplied at execution time.	August 5, 2021
Updated resource	The following resource was updated: AWS::DataBrew::Job AWS::DataBrew::Job Use the `AWS::DataBrew::Job.DatabaseOutputs` property type to define the output destination for a DataBrew job to be written into. Use the `AWS::DataBrew::Job.ProfileConfiguration` property type to configure which statistics to include when running DataBrew profile jobs.	July 29, 2021
Updated resource	The following resource was updated: AWS::S3Outposts::EndPoint AWS::S3Outposts::EndPoint Use the `AWS::S3Outposts::EndPoint.AccessType` property to create an endpoint using customer owned IP (CoIP) addresses and access your Amazon S3 on AWS Outposts objects by creating a local gateway from your on-premises network.	July 29, 2021
New resource	The following resources were released: AWS::Route53RecoveryControl::Cluster, AWS::Route53RecoveryControl::ControlPanel, AWS::Route53RecoveryControl::RoutingControl, AWS::Route53RecoveryControl::SafetyRule AWS::Route53RecoveryControl::Cluster Use the `AWS::Route53RecoveryControl::Cluster` to host routing controls, which are simple on/off switches for routing traffic. AWS::Route53RecoveryControl::ControlPanel Use the `AWS::Route53RecoveryControl::ControlPanel` to define a group of routing controls that can be updated together in a single transaction. AWS::Route53RecoveryControl::RoutingControl Use the `AWS::Route53RecoveryControl::RoutingControl` to fail over traffic to an application replica, to recover your application across Availability Zones or Regions. AWS::Route53RecoveryControl::SafetyRule Use the `AWS::Route53RecoveryControl::SafetyRule` to configure safeguards for routing controls, to avoid a scenario like stopping all traffic flow by setting all routing controls to off.	July 29, 2021
New resource	The following resources were released: AWS::Route53RecoveryReadiness::Cell, AWS::Route53RecoveryReadiness::ReadinessCheck, AWS::Route53RecoveryReadiness::RecoveryGroup, AWS::Route53RecoveryReadiness::ResourceSet AWS::Route53RecoveryReadiness::Cell Use the `AWS::Route53RecoveryReadiness::Cell` to define a single cell for an application. AWS::Route53RecoveryReadiness::ReadinessCheck Use the `AWS::Route53RecoveryReadiness::ReadinessCheck` to check application readiness for failover. Amazon Route 53 Application Recovery Controller uses readiness checks to determine the readiness of the resources in a resource set. AWS::Route53RecoveryReadiness::RecoveryGroup Use the `AWS::Route53RecoveryReadiness::RecoveryGroup` to define a recovery group for an application. A recovery group models an application and includes cells that represent application replicas. AWS::Route53RecoveryReadiness::ResourceSet Use the `AWS::Route53RecoveryReadiness::ResourceSet` to define a group of resources of a single type that you can associate with a readiness check.	July 29, 2021
Import stacks to stack set	The AWS CloudFormation stack import operation can import existing stacks into new or existing stack sets, so that you can migrate existing stacks to a stack set in one operation. For more information, see Importing stacks into a stack set.	July 28, 2021
Updated resource	The following resource was updated: AWS::CloudWatch::Alarm. AWS::CloudWatch::Alarm In the MetricDataQuery property type, use the `AccountId` property to specify the ID of the account where the metrics are located, if this is a cross-account alarm.	July 22, 2021
Updated resource	The following resource was updated: AWS::QLDB::Ledger AWS::QLDB::Ledger Use the `KmsKey` property to specify a customer managed AWS KMS key to use for encryption at rest in the ledger.	July 22, 2021
New resources	The following resources were added: AWS::LookoutEquipment::InferenceScheduler AWS::LookoutEquipment::InferenceScheduler Use the `AWS::LookoutEquipment::InferenceScheduler` resource to set up a continuous real-time inference plan to analyze new measurement data.	July 22, 2021
Updated resource	The following resource was updated: AWS::EC2::VPCCidrBlock. AWS::EC2::VPCCidrBlock Use the `Ipv6CidrBlock` property to specify an IPv6 CIDR block from the IPv6 address pool. Use the `Ipv6Pool` property to specify the ID of an IPv6 address pool from which to allocate the IPv6 CIDR block.	July 21, 2021
Updated resource	The following resource was updated: `AWS::Cassandra::Table`. AWS::Cassandra::Table.EncryptionSpecification Use the `AWS::Cassandra::Table.EncryptionSpecification` property to choose the encryption option for new or existing tables in Amazon Keyspaces (for Apache Cassandra).	July 21, 2021
New resource	The following resource was added : AWS::Logs::ResourcePolicy AWS::Logs::ResourcePolicy Use the `AWS::Logs::ResourcePolicy` resource to create a IAM policy that allows other AWS services to write log events to this account. For more information, see Logs sent to CloudWatch Logs .	July 15, 2021
Increased quota	The following AWS CloudFormation quota has been updated. You can now declare a defaulted maximum of `2000` stacks in your AWS CloudFormation account. For more information, see AWS CloudFormation quotas.	July 15, 2021
Updated resource	The following resource was updated: AWS::DataBrew::Job AWS::DataBrew::Job Use the `AWS::DataBrew::Job.DataCatalogOutput` property type to define outputs from DataBrew recipe jobs to the AWS Glue Data Catalog.	July 9, 2021
Updated resources	The following resources were updated: `AWS::ServiceDiscovery::PrivateDnsNamespace` and `AWS::ServiceDiscovery::PublicDnsNamespace`. AWS::ServiceDiscovery::PrivateDnsNamespace Use the `Properties` property to specify DNS properties for an AWS Cloud Map private DNS namespace. AWS::ServiceDiscovery::PublicDnsNamespace Use the `Properties` property to specify DNS properties for an AWS Cloud Map public DNS namespace.	July 8, 2021
Updated resources	The following resources were updated: AWS::CodeDeploy::Application, AWS::CodeDeploy::DeploymentConfig, and AWS::CodeDeploy::DeploymentGroup AWS::CodeDeploy::Application Use the `Tags` property to specify metadata to add to CodeDeploy applications. AWS::CodeDeploy::DeploymentConfig Use the `TrafficRoutingConfig` property to specify how deployment traffic is routed. Use the `ComputePlatform` property to specify the destination platform type for the deployment (`Lambda`, `Server`, or `ECS`). AWS::CodeDeploy::DeploymentGroup Use the `BlueGreenDeploymentConfiguration` property to specify information about blue/green deployment options for a deployment group. Use the `ECSServices` property to specify the target Amazon ECS services in the deployment group.	July 8, 2021
Updated resource	The following resource was updated: AWS::AutoScaling::LaunchConfiguration. AWS::AutoScaling::LaunchConfiguration Use the `BlockDevice` property to specify GP3 volumes in the block device mappings for launch configurations.	July 8, 2021
Updated resources	The following resources were updated: AWS::ImageBuilder::ContainerRecipe and AWS::ImageBuilder::DistributionConfiguration. AWS::ImageBuilder::DistributionConfiguration Use the `LaunchTemplateConfiguration` property to use an Amazon EC2 launch template for specified accounts where you distribute your Image Builder image. AWS::ImageBuilder::ContainerRecipe Retrieve the container recipe `Name` attribute with the `GN::GetAtt` function. Use the `InstanceBlockDeviceMapping` property to define block device mappings for the build instance used to configure your image.	July 1, 2021
China Rebrand Update	China rebrand updates	June 29, 2021
Updated resources	The following resource was updated: AWS::Transfer::Server ProtocolDetails AWS::Transfer::Server ProtocolDetails Use the `ProtocolDetails` property to specify the `PassiveIp` address for FTP and FTPS protocols.	June 24, 2021
Updated resource	The following resource was updated: AWS::DAX::Cluster AWS::DAX::Cluster Use the `ClusterEndpointEncryptionType` to specify the encryption type of the cluster's endpoint.	June 24, 2021
New resources	The following resources were added: `AWS::CloudFormation::PublicTypeVersion`, `AWS::CloudFormation::Publisher`, and `AWS::CloudFormation::TypeActivation`. `AWS::CloudFormation::PublicTypeVersion` Use the `AWS::CloudFormation::PublicTypeVersion` resource to test and publish a registered extension as a public, third-party extension. `AWS::CloudFormation::Publisher` Use the `AWS::CloudFormation::Publisher` resource to register your account as a publisher of public extensions in the CloudFormation registry. `AWS::CloudFormation::TypeActivation` Use the `AWS::CloudFormation::TypeActivation` resource to activate a public third-party extension, making it available for use in CloudFormation operations.	June 24, 2021
New resource	The following resource was added: AWS::Connect::QuickConnect AWS::Connect::QuickConnect Use the `AWS::Connect::QuickConnect` resource to create a quick connect.	June 24, 2021
Updated resource	The following resource was updated: AWS::MWAA::Environment Schedulers Use the `Schedulers` property to specify the number of Apache Airflow schedulers that run in an environment.	June 21, 2021
Publish public third-party extensions	Use public extensions provided by third-party publishers, just as you would extensions from AWS. For more information, see Using public extensions. For information about publishing third-party public extensions, see Publishing extensions in the CloudFormation CLI User Guide.	June 21, 2021
Updated resource	The following resource was updated: AWS::AutoScaling::ScheduledAction. AWS::AutoScaling::ScheduledAction Use the `TimeZone` property to create recurring scheduled actions in the local time zone. If your time zone observes Daylight Saving Time (DST), the recurring action automatically adjusts for Daylight Saving Time.	June 18, 2021
Updated resources	The following resources were updated: AWS::AppMesh::VirtualNode, AWS::AppMesh::GatewayRoute, and AWS::AppMesh::Route AWS::AppMesh::VirtualNode Use the `DnsServiceDiscovery` property to represent the DNS service discovery information for your virtual node. AWS::AppMesh::GatewayRoute Use the `GatewayRouteHostnameMatch` property to represent the gateway route hostname to match. Use the `GatewayRouteHostnameRewrite` property to represent the gateway route host name to rewrite. Use the `GrpcGatewayRouteMetadata` property to represent the metadata of the gateway route. Use the `GrpcGatewayRouteRewrite` property to represent the the gateway route to rewrite. Use the `GrpcMetadataMatchMethod` property to represent the method header to be matched. Use the `HttpGatewayRouteHeader` property to represent the HTTP header in the gateway route. Use the `HttpGatewayRoutePathRewrite` property to represent the path to rewrite. Use the `HttpGatewayRoutePrefixRewrite` property to represent the beginning characters of the route to rewrite. Use the `HttpGatewayRouteRewrite` property to represent the beginning characters of the route to rewrite. Use the `HttpGatewayRoutePathRewrite` property to represent the beginning characters of the route to rewrite. AWS::AppMesh::Route Use the `HttpQueryParameter` property to represent the query parameter in the request.	June 17, 2021
Updated resource	The following resource was updated: AWS::KMS::Key. AWS::KMS::Key Use the `MultiRegionKey` property to specify multi-Region primary keys.	June 17, 2021
New resource	The following resource was added: AWS::KMS::ReplicaKey. AWS::KMS::ReplicaKey Use the `AWS::KMS::ReplicaKey` resource to specify a replica of a specified multi-Region primary key.	June 17, 2021
Parallel Node Upgrade and Scale to Zero	In the NodegroupUpdateConfig, use either the MaxUnavailable and MaxUnavailablePercentage values to define the number of nodes to upgrade in parallel. In the scalingconfig, the minsize and desiredsize values can both be set to zero.	June 16, 2021
Updated resource	The following resource was updated: AWS::EC2::NatGateway AWS::EC2::NatGateway Use the `ConnectivityType` property to indicate whether the NAT gateway supports public or private connectivity.	June 11, 2021
Updated resources	The following resource was updated: `AWS::RAM:ResourceShare` AWS::RAM::ResourceShare Use the `PermissionArns` property to specify the Amazon Resource Names (ARNs) of the permissions to associate with the resource share.	June 10, 2021
Updated resource	The following resource was updated: AWS::KinesisAnalyticsV2::Application AWS::KinesisAnalyticsV2::Application ApplicationConfiguration You can use the ZeppelinApplicationConfiguration property to create Studio notebook applications that use Apache Zeppelin. You can use the notebook interactively, and you can deploy it as a continuously running streaming application with durable state and autoscaling features.	June 10, 2021
Updated resource	The following resource was updated: AWS::SQS::Queue AWS::SQS::Queue You can now use the `DeduplicationScope` and `FifoThroughputLimit`properties to enable higher throughput for FIFO queues.	June 10, 2021
Updated resource	The following resource was updated: AWS::SSM::Document AWS::SSM::Document Use the `Attachments` property to specify a list of key and value pairs that describe attachments to a version of a document. Use the `Requires` property to specify a list of SSM documents required by a document. This parameter is used exclusively by AWS AppConfig. When a user creates an AWS AppConfig configuration in an SSM document, the user must also specify a required document for validation purposes. In this case, an ApplicationConfiguration document requires an ApplicationConfigurationSchema document for validation purposes. For more information, see Creating a configuration and a configuration profile in the AWS AppConfig User Guide.	June 10, 2021
Updated resource	The following resource was updated: AWS::FSx::FileSystem AWS::FSx::FileSystem Use the `DNSName` attribute to access the DNS name of your Amazon FSx file system.	June 7, 2021
New resource	The following resources were added: `AWS::Location::GeofenceCollection`, `AWS::Location::Map`, `AWS::Location::PlaceIndex`, `AWS::Location::RouteCalculator`, `AWS::Location::Tracker`, and `AWS::Location::TrackerConsumer`. AWS::Location::GeofenceCollection Use the `AWS::Location::GeofenceCollection` resource to specify the ability to detect and act when a tracked device enters or exits a defined geographical boundary. AWS::Location::Map Use the `AWS::Location::Map` resource to specify a map resource in your AWS account, which provides map tiles of different styles sourced from available data providers. AWS::Location::PlaceIndex Use the `AWS::Location::PlaceIndex` resource to specify a place index resource in your AWS account, which supports Places functions with geospatial data sourced from your chosen data provider. AWS::Location::RouteCalculator Use the `AWS::Location::RouteCalculator` resource to specify a route calculator resource in your AWS account. AWS::Location::Tracker Use the `AWS::Location::Tracker` resource to specify a tracker resource in your AWS account, which lets you receive current and historical location of devices. AWS::Location::TrackerConsumer Use the `AWS::Location::TrackerConsumer` resource to specify an association between a geofence collection and a tracker resource.	June 7, 2021
Updated resources	The following resources were updated: AWS::MediaPackage::Channel, AWS::MediaPackage::OriginEndpoint, AWS::MediaPackage::PackagingConfiguration, and AWS::MediaPackage::PackagingGroup. AWS::MediaPackage::Channel. Use the `EgressAccessLogs` property to specify egress access logs for your channel. Use the `IngressAccessLogs` property to specify ingress access logs for your channel. AWS::MediaPackage::OriginEndpoint. Use the `CmafEncryption.ConstantInitializationVector` property to specify an optional 128-bit, 16-byte hex value represented by a 32-character string, used in conjunction with the key for encrypting blocks. If you don't specify a value, then AWS Elemental MediaPackage creates the constant initialization vector (IV). AWS::MediaPackage::PackagingConfiguration. Use the `CmafPackage.IncludeEncoderConfigurationInSegments` property to place your encoder's metadata into every video segment instead of the init fragment, which is the default behavior. This lets you use different SPS/PPS/VPS settings for your assets during content playback. AWS::MediaPackage::PackagingGroup. Use the `EgressAccessLogs` property to configure egress access logs for your packaging group.	May 27, 2021
Updated resources	The following resources were updated: AWS::WAFv2::WebACL and AWS::WAFv2::RuleGroup. AWS::WAFv2::WebACL You now have additional text transformation options. AWS::WAFv2::RuleGroup You now have additional text transformation options.	May 27, 2021
Updated resource	The following resource was updated: AWS::FraudDetector::Detector. AWS::FraudDetector::Detector Use the `AssociatedModels` property to associate models with the detector.	May 27, 2021
Updated resource	The following resource was updated: AWS::FSx::FileSystem AWS::FSx::FileSystem In the LustreConfiguration property type, use `DataCompressionType` to specify the type of data compression used by an Amazon FSx for Lustre file system.	May 27, 2021
Updated resource	The following resource was updated: AWS::MWAA::Environment ModuleLoggingConfiguration In the `ModuleLoggingConfiguration` property type, the `CloudWatchLogGroupArn` response property type for the CloudWatch Logs ARN where Apache Airflow DAG logs are published was removed from the request to enable logs, and is being returned in the response. AirflowConfigurationOptions In the `AirflowConfigurationOptions` property type, use a `PrimitiveType` of `Json` to add an Apache Airflow configuration option. MinWorkers Use the `MinWorkers` property to specify the minimum number of Apache Airflow workers that run in an environment.	May 27, 2021
Updated resource	The following resource was updated: AWS::ACMPCA::CertificateAuthority. AWS::ACMPCA::CertificateAuthority Use the `S3ObjectAcl` property to restrict public access to your CRLs.	May 27, 2021
Updated resource	The following resource was updated: AWS::QLDB::Ledger AWS::QLDB::Ledger The `PermissionsMode` property has changed so that an update requires no interruption.	May 27, 2021
New resource	The following resource was added: AWS::CUR::ReportDefinition AWS::CUR::ReportDefinition Use the `AWS::CUR::ReportDefinition` resource to define AWS Cost and Usage Report.	May 27, 2021
Region availability	The following resources were updated: AWS::AmazonMQ::Broker AWS::AmazonMQ::Broker Amazon MQ for RabbitMQ is now available in the Amazon Web Services China (Bejing) and the Amazon Web Services China (Ningxia) Regions.	May 26, 2021
New resources	The following resource was added: AWS::EC2::TransitGatewayPeeringAttachment. AWS::EC2::TransitGatewayPeeringAttachment Use the `TransitGatewayPeeringAttachment` resource to request transit gateway peering attachment between the specified transit gateway (requester) and a peer transit gateway (accepter).	May 20, 2021
New resource	The following resource was added: AWS::AppRunner::Service AWS::AppRunner::Service Use the `AWS::AppRunner::Service` resource to create or update an AWS App Runner service.	May 20, 2021
New resource	The following resource was added: AWS::IoTCoreDeviceAdvisor::SuiteDefinition SuiteDefinition Use the `SuiteDefinition` resource to create a new test suite configuration for Device Advisor.	May 20, 2021
Updated resources	The following resource was updated: `AWS::CloudFormation::StackSet`. `AWS::CloudFormation::StackSet` Use the `CallAs` property type to specify whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account.	May 14, 2021
Updated resource	The following resource was updated: AWS::ECS::TaskDefinition. AWS::ECS::TaskDefinition EphemeralStorage Use the `AWS::ECS::TaskDefinition EphemeralStorage` resource to define a custom ephemeral storage setting for your Amazon ECS tasks that are hosted on AWS Fargate.	May 14, 2021
Updated resource	The following resource was updated: AWS::ECS::CapacityProvider. AWS::ECS::CapacityProvider ManagedScaling Use the `AWS::ECS::CapacityProvider ManagedScaling.InstanceWarmupPeriod` property to set an instance warmup period for newly launched Amazon EC2 instances.	May 14, 2021
Updated resource	The following resource was updated: `AWS::EKS::Nodegroup` `AWS::EKS::Nodegroup` Use the `Taints` property to specify whether you want to have the effect of `No_Schedule`, `Prefer_No_Schedule`, or `No_Execute` applied to your node group.	May 14, 2021
Updated resource	The following resource was updated: AWS::Elasticsearch::Domain. AWS::Elasticsearch::Domain Use the `EncryptionAtRestOptions` property to specify whether the domain should encrypt data at rest, and if so, the AWS Key Management Service (KMS) key to use. Use the `NodeToNodeEncryptionOptions` property to specify whether node-to-node encryption is enabled.	May 14, 2021
New resources	The following resources were added: `AWS::SSMContacts::Contact` and `AWS::SSMContacts::ContactChannel` AWS::SSMContacts::Contact Use the `AWS::SSMContacts::Contact` resource to specify an Incident Manager contact or escalation plan. AWS::SSMContacts::ContactChannel Use the `AWS::SSMContacts::ContactChannel` resource to specify a contact channel as the method that Incident Manager uses to engage your contact.	May 14, 2021
New resource	The following resource was added: AWS::DynamoDB::GlobalTable AWS::DynamoDB::GlobalTable Use the `AWS::DynamoDB::GlobalTable` resource to create DynamoDB global tables.	May 14, 2021
New resource	The following resources were added: `AWS::SSMIncidents::ReplicationSet` and `AWS::SSMIncidents::ResponsePlan` AWS::SSMIncidents::ReplicationSet Use the `ReplicationSet` resource to specify a set of Regions that Incident Manager data is replicated to and the AWS KMS key used to encrypt the data. AWS::SSMIncidents::ResponsePlan Use the `ResponsePlan` resource to specify the details of the response plan that are used when creating an incident.	May 14, 2021
Updated resources	The following resources were updated: AWS::ECR::Repository AWS::ECR::Repository Use the `AWS::ECR::Repository.EncryptionConfiguration` property to configure encryption for the contents of a private repository.	May 13, 2021
Updated resource	The following resource was updated: AWS::S3::Bucket. AWS::S3::Bucket Use the `ExpiredObjectDeleteMarker` property to specify whether Amazon S3 will remove a delete marker with no noncurrent versions.	May 13, 2021
Updated resource	The following resource was updated: AWS::CloudFront::Distribution. AWS::CloudFront::Distribution In the CacheBehavior and DefaultCacheBehavior property types, use the `FunctionAssociations` property to specify the CloudFront functions associated with the cache behavior. For more information, see Customizing with CloudFront Functions in the Amazon CloudFront Developer Guide.	May 6, 2021
Updated resource	The following resources were updated: AWS::GameLift:Fleet, AWS::GameLift::GameSessionQueue. AWS::GameLift::Fleet In the `LocationCapacity` property type, use `DesiredEc2Instance` to specify the number of desired EC2 instance and `MinSize` and `MaxSize` to specify the minimum and maximum capacity size. In the `LocationConfiguration` property type, use location `Location` to specify an AWS Region code and `LocationConfiguration` to specify resource capacity settings in a specified fleet. AWS::GameLift::GameSessionQueue Use the `PriorityConfiguration` property to specify priority destinations and locations for game session placements. Use the `FilterConfiguration` property to specify a list of locations where a queue is allowed to place new game sessions.	May 6, 2021
Updated resource	The following resource was updated: AWS::IoT::TopicRule AWS::IoT::TopicRule Use the `CloudwatchLogsAction` property to specify a Cloudwatch logs action. Use the `TimestreamAction` property to specify a timestream action. Use the `KafkaAction` property to specify a kafka action. In the `S3Action` property, use the `CannedAcl` value to specify a canned ACL action.	May 6, 2021
Updated resource	The following resource was updated: AWS::ACMPCA::CertificateAuthority. AWS::ACMPCA::CertificateAuthority Use the `KeyStorageSecurityStandard` property to specify the minimum FIPS key security standard.	May 6, 2021
New resources	The following resources were added: AWS::FraudDetector::Detector, AWS::FraudDetector::EntityType, AWS::FraudDetector::EventType, AWS::FraudDetector::Label, AWS::FraudDetector::Outcome, and AWS::FraudDetector::Variable AWS::FraudDetector::Detector Use the `AWS::FraudDetector::Detector` resource to manage a detector or associated detector versions in Amazon Fraud Detector. AWS::FraudDetector::EntityType Use the `AWS::FraudDetector::EntityType` resource to create or update an entity type in Amazon Fraud Detector. AWS::FraudDetector::EventType Use the `AWS::FraudDetector::EventType` resource to create or update an event type in Amazon Fraud Detector. AWS::FraudDetector::Label Use the `AWS::FraudDetector::Label` resource to create or update label in Amazon Fraud Detector. AWS::FraudDetector::Outcome Use the `AWS::FraudDetector::Outcome` resource to create or update an outcome in Amazon Fraud Detector. AWS::FraudDetector::Variable Use the `AWS::FraudDetector::Variable` resource to create a variable in Amazon Fraud Detector.	May 6, 2021
New resources	The following resources were added: AWS::XRay::Group and AWS::XRay::SamplingRule. AWS::XRay::Group Use the `AWS::XRay::Group` resource to specify an X-Ray group. AWS::XRay::SamplingRule Use the `AWS::XRay::SamplingRule` resource to specify an X-Ray sampling rule.	May 6, 2021
New resource	The following resource was added: AWS::CloudFront::Function. AWS::CloudFront::Function Use the `AWS::CloudFront::Function` resource to create a function in CloudFront Functions. For more information, see Customizing with CloudFront Functions in the Amazon CloudFront Developer Guide.	May 6, 2021
New resource	The following resource was added: AWS::FinSpace::Environment AWS::FinSpace::Environment Use the `AWS::FinSpace::Environment` resource to specify an Amazon FinSpace environment.	May 6, 2021
Updated resource	The following resource was updated: AWS::Detective::Graph AWS::Detective::Graph Use the `Tags` property to assign tag values to the behavior graph.	April 29, 2021
New resource	The following resource was added: AWS::IoTFleetHub::Application AWS::IoTFleetHub::Application Use the `AWS::IoTFleetHub::Application` resource to create a Fleet Hub for AWS IoT Device Management web application.	April 29, 2021
New resource	The following resource was added: AWS::SES::ContactList AWS::SES::ContactList Use the `AWS::SES::ContactList` resource to create a list that contains contacts that have subscribed to a particular topic or topics.	April 29, 2021
Updated resources	The following resources were updated: `AWS::IAM::InstanceProfile` and `AWS::IAM::ManagedPolicy`. AWS::IAM::InstanceProfile Use the `Tags` property to specify a list of tags that you want to attach to the newly created instance profile. AWS::IAM::ManagedPolicy Use the `Tags` property to specify a list of tags that you want to attach to the newly created managed policy.	April 27, 2021
New resources	The following resources were added: AWS::IoTWireless::PartnerAccount, AWS::IoTWireless::TaskDefinition AWS::IoTWireless::PartnerAccount Gets information about a partner account. If `PartnerAccountId` and `PartnerType` are `null`, returns all partner accounts. AWS::IoTWireless::TaskDefinition Gets information about the gateway task definition for a wireless gateway.	April 26, 2021
New resources	The following resources were added: AWS::NimbleStudio::Studio, AWS::NimbleStudio::StudioComponent, AWS::NimbleStudio::StreamingImage, and AWS::NimbleStudio::LaunchProfile. AWS::NimbleStudio::Studio Use the `AWS::NimbleStudio::Studio` resource to specify a studio resource. AWS::NimbleStudio::StudioComponent Use the `AWS::NimbleStudio::StudioComponent` resource to configure studio components, including types of workstations, render farms, license servers, and shared file systems. AWS::NimbleStudio::StreamingImage Use the `AWS::NimbleStudio::StreamingImage` resource to configure a machine image, including operating system and software, that can be launched as a virtual workstation in a streaming session. AWS::NimbleStudio::LaunchProfile Use the `AWS::NimbleStudio::LaunchProfile` resource to specify user access permissions to studio components.	April 26, 2021
Updated resources	`AWS::ElastiCache::CacheCluster`, `AWS::ElastiCache::ReplicationGroup.` `AWS::ElastiCache::CacheCluster` You can now specify log delivery to a CloudWatch Logs or Kinesis Data Firehose destination. `AWS::ElastiCache::ReplicationGroup` You can now specify log delivery to a CloudWatch Logs or Kinesis Data Firehose destination.	April 22, 2021
Updated resources	The following resources were updated: AWS::WAFv2::WebACL and AWS::WAFv2::RuleGroup. AWS::WAFv2::WebACL You can now nest rule statements without using different names for statements at different levels. For example, instead of using `AndStatementOne` and `AndStatementTwo` to nest an `AND` rule statement inside another `AND` rule statement, you can use `AndStatement` for both. The new statement properties are `AndStatement`, `NotStatement`, `OrStatement`, `RateBasedStatement`, and `Statement`. AWS::WAFv2::RuleGroup You can now nest rule statements without using different names for statements at different levels. For example, instead of using `AndStatementOne` and `AndStatementTwo` to nest an `AND` rule statement inside another `AND` rule statement, you can use `AndStatement` for both. The new statement properties are `AndStatement`, `NotStatement`, `OrStatement`, `RateBasedStatement`, and `Statement`.	April 22, 2021
Updated resource	The following resource was updated: AWS::ResourceGroups::Group AWS::ResourceGroups::Group Use the `Configuration` property to specify settings for an AWS service that automatically apply to members of the resource group.	April 22, 2021
New resource	The following resource was added: AWS::AutoScaling::WarmPool. AWS::AutoScaling::WarmPool Use the `AWS::AutoScaling::WarmPool` resource to specify a warm pool for an Auto Scaling group.	April 22, 2021
Updated resources	The following resource was updated: `AWS::CloudFormation::StackSet`. `AWS::CloudFormation::StackSet` Use the `RegionConcurrencyType` property type to specify the concurrency type of deploying StackSets operations in Regions.	April 15, 2021
Updated resource	The following resource was updated: AWS::ApiGateway::RestApi. AWS::ApiGateway::RestApi Use the `Mode` property to specify how API Gateway handles resource updates when you use OpenAPI to define your REST API.	April 15, 2021
Updated resource	The following resource was updated: AWS::IVS::Channel AWS::IVS::Channel Use the `RecordingConfiguration` property to specify an Amazon IVS RecordingConfiguration, which stores configuration information related to recording your live stream to a data store.	April 15, 2021
New resources	The following resource was added: AWS::EC2::EnclaveCertificateIamRoleAssociation. AWS::EC2::EnclaveCertificateIamRoleAssociation Use the `EnclaveCertificateIamRoleAssociation` resource to associate an AWS Identity and Access Management (IAM) role with an AWS Certificate Manager (ACM) certificate.	April 15, 2021
New resource	The following resource was added: AWS::IVS::RecordingConfiguration AWS::IVS::RecordingConfiguration Use the `AWS::IVS::RecordingConfiguration` resource to specify an Amazon IVS RecordingConfiguration, which stores configuration information related to recording your live stream to a data store.	April 15, 2021
Reference macros in stack set templates	StackSets now supports creating or updating stack sets with self-managed permissions from templates that reference macros. For more information about macros, see Using AWS CloudFormation macros to perform custom processing on templates.	April 14, 2021
Use the latest value of an SSM parameter in a dynamic reference	When using dynamic references, you can now have CloudFormation use the latest version of an SSM parameter whenever you create or update a stack. You are no longer required to specify a specific version. For more details, see SSM parameters.	April 13, 2021
Updated resources	`AWS::ElastiCache::ParameterGroup`, `AWS::ElastiCache::SecurityGroup`, `AWS::ElastiCache::SubnetGroup.` `AWS::ElastiCache::ParameterGroup` You can now add tags to the `AWS::ElastiCache::ParameterGroup` type. `AWS::ElastiCache::SecurityGroup` You can now add tags to the `AWS::ElastiCache::SecurityGroup` resource. `AWS::ElastiCache::SubnetGroup` You can now add tags to the `AWS::ElastiCache::SubnetGroup` resource.	April 8, 2021
Updated resource	The following resource was updated: AWS::DynamoDB::Table. AWS::DynamoDB::Table Use the `KinesisStreamSpecification` property to specify the Kinesis Data Streams configuration for a table.	April 8, 2021
Modules support using period delimiters in resource names	You can now use a period as a delimiter in specifying the fully-qualified logical name for a resource contained in a module. For more information, see Referencing resources in a module.	April 8, 2021
AWS CloudFormation StackSets now supports parallel region deployment	You can now choose to deploy StackSets into Regions sequentially or in parallel. For more information, see Stack set operation options.	April 6, 2021
Updated resources	The following resources were updated: AWS::DataBrew::Dataset and AWS::DataBrew::Job AWS::DataBrew::Dataset Use the `CsvOptions` property to define how DataBrew will read a comma-separated value (CSV) file when creating a dataset from that file. Use the `DatabaseInputDefinition` property to define connection information for dataset input files stored in a database. Use the `DataCatalogInputDefinition` property to define how metadata stored in the AWS Glue Data Catalog is defined in a DataBrew dataset. Use the `DatasetParameter` property to define the type and conditions for a parameter in the Amazon S3 path of the dataset. Use the `DatetimeOptions` property to define the correct interpretation of datetime parameters used in the Amazon S3 path of a dataset. Use the `ExcelOptions` property to define how DataBrew will interpret a Microsoft Excel file when creating a dataset from that file. Use the `FilesLimit` property to limit the number of Amazon S3 files that should be selected for a dataset from a connected Amazon S3 path. Use the `FilterExpression` property to define parameter conditions. Use the `FilterValue` property to define a single entry in the `ValuesMap` of a `FilterExpression`. Use the `FormatOptions` property to define the structure of either comma-separated value (CSV), Excel, or JSON input. Use the `Input` property to define how DataBrew can find data, in either the AWS Glue Data Catalog or Amazon S3. Use the `JsonOptions` property to define how input is to be interpreted by AWS Glue DataBrew. Use the `PathOptions` property to define how DataBrew selects files for a given Amazon S3 path in a dataset. Use the `PathParameter` property to define the file format of a dataset. Use the `S3Location` property to define a single entry in the path parameters of a dataset. AWS::DataBrew::Job Use the `JobSample` property to define the number of rows on which a profile job is run. Use the `OutputLocation` property to define the location in Amazon S3 where the job writes its output. Use the `Recipe` property to define the actions to be performed on a dataset.	April 1, 2021
Updated resources	The following resources were updated: AWS::WAFv2::WebACL and AWS::WAFv2::RuleGroup. AWS::WAFv2::WebACL You can now inspect a web request body as JSON. You can now add custom request and response handling to web ACL default action and rule action settings. You can now define labels for rules, which are added automatically to matching requests and that persist with requests during web ACL evaluation. You can match against labels using the new rule `LabelMatchStatement`. You can now add a scope-down statement to managed rule group statements. AWS::WAFv2::RuleGroup You can now inspect a web request body as JSON. You can now add custom request and response handling to rule action settings. You can now define labels for rules, which are added automatically to matching requests and that persist with requests during web ACL evaluation. You can match against labels using the new rule `LabelMatchStatement`.	April 1, 2021
Updated resource	The following resource was updated: AWS::Config::DeliveryChannel. AWS::Config::DeliveryChannel Use the `S3KmsKeyArn` property to specify the Amazon Resource Name (ARN) of the AWS Key Management Service (KMS) customer managed key (CMK) used to encrypt objects delivered by AWS Config.	April 1, 2021
Updated resource	The following resource was updated: AWS::ApiGateway::RestApi. AWS::ApiGateway::RestApi Use the `DisableExecuteApiEndpoint` property to disable the default endpoint for a REST API.	April 1, 2021
Updated resource	The following resource was updated: AWS::Budgets::BudgetsAction AWS::Budgets::BudgetsAction Use the `AWS::Budgets::BudgetsAction` resource to take predefined actions that are initiated when a budget threshold has been exceeded.	April 1, 2021
Updated resource	The following resource was updated: AWS::Cloud9::EnvironmentEC2 AWS::Cloud9::EnvironmentEC2 Use the `ImageId` property to specify the Amazon Machine Image (AMI) that's used to create the EC2 instance.	April 1, 2021
Updated resource	The following resource was updated: AWS::EC2::LaunchTemplate. AWS::EC2::LaunchTemplate Use the `TagSpecifications` property to tag a launch template on creation.	April 1, 2021
Updated resource	The following resource was updated: AWS::ElasticBeanstalk::Environment. AWS::ElasticBeanstalk::Environment Use the `OperationsRole` property to specify the Amazon Resource Name (ARN) of an existing IAM role to be used as the environment's operations role.	April 1, 2021
Updated resource	The following resource was updated: AWS::Events::Rule. AWS::Events::Rule The SageMakerPipelineParameter property is a Name / Value pair of a parameter to start execution of a SageMaker Model Building Pipeline to create an API destination. An API destination defines an HTTP invocation endpoint to use as the target of a rule. The SageMakerPipelineParameters contains the SageMaker Model Building Pipeline parameters to start execution of a SageMaker Model Building Pipeline.	April 1, 2021
Updated resource	The following resource was updated: AWS::FMS::Policy. AWS::FMS::Policy The `AWS::FMS::Policy` resource now allows you to manage DNS Firewall policies for Amazon Route 53 Resolver DNS Firewall.	April 1, 2021
Updated resource	The following resource was updated: AWS::GameLift::GameSessionQueue. AWS::GameLift::GameSessionQueue Use the `NotificationTarget` property to specify an SNS topic ARN to publish game session placement events that are emitted by the queue. Use the `CustomEventData` property to specify a string value to add to all game session placement events that are emitted by the queue.	April 1, 2021
New resources	The following resources were added: `AWS::Route53Resolver::FirewallDomainList`, `AWS::Route53Resolver::FirewallRuleGroup`, `AWS::Route53Resolver::FirewallRuleGroupAssociation` AWS::Route53Resolver::FirewallDomainList Use the `AWS::Route53Resolver::FirewallDomainList` resource to specify a domain list configuration for Route 53 Resolver DNS Firewall. AWS::Route53Resolver::FirewallRuleGroup Use the `AWS::Route53Resolver::FirewallRuleGroup` resource to specify a rule group configuration for Route 53 Resolver DNS Firewall. AWS::Route53Resolver::FirewallRuleGroupAssociation Use the `AWS::Route53Resolver::FirewallRuleGroupAssociation` resource to specify an association between a firewall rule group and a VPC.	April 1, 2021
New resource	The following resource was added: AWS::CloudWatch::MetricStream. AWS::CloudWatch::MetricStream Use the AWS::CloudWatch::MetricStream resource to create a metric stream of CloudWatch metric data to a destination of your choice. For more information, see Metric streams.	April 1, 2021
New resource	The following resource was added : AWS::Logs::QueryDefinition AWS::Logs::QueryDefinition Use the `AWS::Logs::QueryDefinition` resource to create a CloudWatch Logs Insights query definition. For more information, see Analyzing Log Data with CloudWatch Logs Insights.	April 1, 2021
Updated resource	The following resource was updated: AWS::Batch::JobDefinition AWS::Batch::JobDefinition In the Volumes property type, use the EfsVolumeConfiguration property to specify the Amazon EFS configuration for a job definition.	March 31, 2021
New resources	The following resources were added: AWS::LookoutMetrics::Alert AWS::LookoutMetrics::Alert Use the `AWS::LookoutMetrics::Alert` resource to specify an alert for an anomaly detector. AWS::LookoutMetrics::AnomalyDetector Use the `AWS::LookoutMetrics::AnomalyDetector` resource to specify an anomaly detector.	March 25, 2021
New resource	The following resource was added: AWS::AppIntegrations::EventIntegration AWS::AppIntegrations::EventIntegration Use the `AWS::AppIntegrations::EventIntegration` resource to create an EventIntegration.	March 25, 2021
New resources	The following resources were added: AWS::CustomerProfiles::Domain, AWS::CustomerProfiles::Integration and AWS::CustomerProfiles::ObjectType. AWS::CustomerProfiles::Domain Use the `AWS::CustomerProfiles::Domain` resource to create a new domain in Amazon Connect Customer Profiles Service. AWS::CustomerProfiles::Integration Use the `AWS::CustomerProfiles::Integration` resource to create a new integration in Amazon Connect Customer Profiles Service. AWS::CustomerProfiles::ObjectType Use the `AWS::CustomerProfiles::ObjectType` resource to create a new object type in Amazon Connect Customer Profiles Service.	March 24, 2021
Updated resource	The following resource was updated: `AWS::ServiceDiscovery::Service`. AWS::ServiceDiscovery::Service Use the `Type` property to allow service instances in a service in a public or private DNS namespace to only be discovered with the `DiscoverInstances` API operation.	March 18, 2021
New resource	The following resource was added: AWS::FIS::ExperimentTemplate. AWS::FIS::ExperimentTemplate Use the `AWS::FIS::ExperimentTemplate` resource to create an experiment template in AWS Fault Injection Service.	March 18, 2021
New resource	The following resources were added: AWS::S3ObjectLambda::AccessPoint and AWS::S3ObjectLambda::AccessPointPolicy AWS::S3ObjectLambda::AccessPoint Use the `AWS::S3ObjectLambda::AccessPoint` resource to create a S3 Object Lambda access point. AWS::S3ObjectLambda::AccessPointPolicy Use the `AWS::S3ObjectLambda::AccessPointPolicy` resource to create a policy for your S3 Object Lambda access point.	March 18, 2021
New resources	The following resources were updated: AWS::ECS::Service. AWS::ECS::Service Use the `AWS::ECS::Service` resource and the `EnableExecuteCommand` property to turn on ECS Exec for the tasks in a service.	March 16, 2021
New resources	The following resources were updated: AWS::ECS::Cluster ExecuteCommandLogConfiguration. AWS::ECS::Cluster ExecuteCommandLogConfiguration Use the `AWS::ECS::Cluster ExecuteCommandLogConfiguration` resource to define a logging configuration for the ECS Exec actions on the tasks in a cluster.	March 16, 2021
New resources	The following resources were updated: AWS::ECS::Cluster ExecuteCommandConfiguration. AWS::ECS::Cluster ExecuteCommandConfiguration Use the `AWS::ECS::Cluster ExecuteCommandConfiguration` resource to turn on ECS Exec for a cluster.	March 16, 2021
Updated resource	The following resource was updated: AWS::Detective::MemberInvitation AWS::Detective::MemberInvitation Use the `DisableEmailNotification` property to prevent the sending of invitation emails to member accounts. The term "master account" is changed to "administrator account."	March 15, 2021
Updated resources	The following resources were updated: AWS::ECR::PublicRepository AWS::ECR::PublicRepository Use the `AWS::ECR::PublicRepository.Tags` property to add tags to your public repositories.	March 11, 2021
Updated resource	The following resource was updated: AWS::CertificateManager::Account AWS::CertificateManager::Account Use the `ExpiryEventsConfiguration` property to specify options for certificate expiration events associated with an AWS account.	March 11, 2021
Updated resource	The following resource was updated: AWS::EFS::FileSystem AWS::EFS::FileSystem Use the `AvailabilityZoneName` property to create a file system that uses One Zone storage, which stores data redundantly within a single Availability Zone within an AWS Region.	March 11, 2021
New resources	The following resources were added: AWS::CE::AnomalySubscription and AWS::CE::AnomalyMonitor. AWS::CE::AnomalySubscription Use the `AWS::CE::AnomalySubscription` resource to deliver notifications about anomalies detected by a monitor that exceeds a threshold. AWS::CE::AnomalyMonitor Use the `AWS::CE::AnomalyMonitor` resource to continuously inspect your account's cost data for anomalies, based on `MonitorType` and `MonitorSpecification`.	March 11, 2021
New resources	The following resources were updated: AWS::ECS::ClusterCapacityProviderAssociations. AWS::ECS::ClusterCapacityProviderAssociations Use the `AWS::ECS::ClusterCapacityProviderAssociations` resource to associate capacity providers with a cluster.	March 11, 2021
New resource	The following resource was added: AWS::RDS::DBProxyEndpoint. AWS::RDS::DBProxyEndpoint Use the `AWS::RDS::DBProxyEndpoint` resource to create or update a custom DB proxy endpoint.	March 11, 2021
Updated resource	The following resource was updated: `AWS::StepFunctions::StateMachine`. AWS::StepFunctions::StateMachine The `AWS::StepFunctions::StateMachine` has a new `Definition` property that lets you define your state machine in the language of your template file.	March 10, 2021
Updated resource	The following resource was updated: AWS::AutoScaling::AutoScalingGroup. AWS::AutoScaling::AutoScalingGroup MixedInstancesPolicy Use the `SpotAllocationStrategy` property to specify `capacity-optimized-prioritized` as the allocation strategy for your Spot capacity when you use a mixed instances policy.	March 8, 2021
Updated resource	The following new resource was updated: `AWS::SecretsManager::Secret` AWS::SecretsManager::Secret Use the `ReplicaRegions` property to replicate secrets into additional Regions for resiliency and disaster recovery.	March 4, 2021
New resource	The following resource was added: AWS::Events::ApiDestination. AWS::Events::ApiDestination Use the `ApiDestination` resource to create an API destination. An API destination defines an HTTP invocation endpoint to use as the target of a rule.	March 4, 2021
New resource	The following resource was added: AWS::Events::Connection. AWS::Events::Connection Use the `Connection` resource to create a connection to use with Api destinations. A connection defines the authorization method and parameters to use to connect to the HTTP invocation endpoint for an Api destination.	March 4, 2021
New resource	The following resources were added: AWS::IoT::AccountAuditConfiguration,AWS::IoT::CustomMetric, AWS::IoT::Dimension, AWS::IoT::MitigationAction, AWS::IoT::ScheduledAudit, AWS::IoT::SecurityProfile. AWS::IoT::AccountAuditConfiguration Use the `AWS::IoT::AccountAuditConfiguration` resource to specify an account audit configuration in AWS IoT Core. AWS::IoT::CustomMetric Use the `AWS::IoT::CustomMetric` resource to specify a custom metric in AWS IoT Core. AWS::IoT::Dimension Use the `AWS::IoT::Dimension` resource to specify a dimension in AWS IoT Core. AWS::IoT::MitigationAction Use the `AWS::IoT::MitigationAction` resource to specify a mitigation action in AWS IoT Core. AWS::IoT::ScheduledAudit Use the `AWS::IoT::ScheduledAudit` resource to specify a Scheduled Audit in AWS IoT Core. AWS::IoT::SecurityProfile Use the `AWS::IoT::SecurityProfile` resource to specify a security profile in AWS IoT Core.	March 4, 2021
New resource	The following resources were added: AWS::S3Outposts::Bucket, AWS::S3Outposts::BucketPolicy, AWS::S3Outposts::AccessPoint, and AWS::S3Outposts::EndPoint AWS::S3Outposts::Bucket Use the `AWS::S3Outposts::Bucket` resource to create an S3 on Outposts bucket. AWS::S3Outposts::BucketPolicy Use the `AWS::S3Outposts::BucketPolicy` resource to create a bucket policy for your S3 on Outposts bucket. AWS::S3Outposts::AccessPoint Use the `AWS::S3Outposts::AccessPoint` resource to create an access point for your S3 on Outposts bucket. AWS::S3Outposts::EndPoint Use the `AWS::S3Outposts::EndPoint` resource to create an endpoint for Amazon S3 on AWS Outposts.	March 4, 2021
Updated resource	The following resources were updated: AWS::IoTSiteWise::AccessPolicy and AWS::IoTSiteWise::Portal. AWS::IoTSiteWise::AccessPolicy Added the following properties: `IamRole` and `IamUser`. AWS::IoTSiteWise::Portal Added the following property: `PortalAuthMode`.	March 2, 2021
Updated resource	The following resource was updated: AWS::IoTSiteWise::AssetModel. AWS::IoTSiteWise::AssetModel Added the following property: `AssetModelCompositeModel`. You can use this property to define an alarm in AWS IoT SiteWise. For more information, see Monitoring data with alarms in the AWS IoT SiteWise User Guide.	March 1, 2021
Updated resource	The following resource was updated: AWS::DataBrew::Dataset Format. AWS::DataBrew::Dataset Format Use the `Format` property to define the file format of a dataset.	February 25, 2021
Updated resource	The following resource was updated: AWS::ManagedBlockchain::Node AWS::ManagedBlockchain::Node Use the `NodeConfiguration` property to create a node on an Ethereum network.	February 25, 2021
Updated resource	The following resource was updated: AWS::SageMaker::Model AWS::SageMaker::Model Use the `InferenceExecutionConfig` property to specify details of how containers in a multi-container endpoint are called.	February 25, 2021
New resources	The following resource was added: AWS::EC2::TransitGatewayConnect. AWS::EC2::TransitGatewayConnect Use the `TransitGatewayConnect` resource to create a Connect attachment from a specified transit gateway attachment.	February 25, 2021
New resources	The following resources were added: AWS::EMR::Studio and AWS::EMR::StudioSessionMapping. AWS::EMR::Studio Use the `AWS::EMR::Studio` resource to create a new Amazon EMR Studio. AWS::EMR::StudioSessionMapping Use the `AWS::EMR::StudioSessionMapping` resource to assign a user or group to an Amazon EMR Studio, and apply an IAM session policy to refine Studio permissions for that user or group.	February 25, 2021
New resources	The following resources were added: `AWS::IAM::OIDCProvider`, `AWS::IAM::SAMLProvider`, `AWS::IAM::ServerCertificate`, and `AWS::IAM::VirtualMFADevice`. AWS::IAM::OIDCProvider Use the `AWS::IAM::OIDCProvider` resource to create an IAM entity to describe an identity provider (IdP) that supports OpenID Connect (OIDC). AWS::IAM::SAMLProvider Use the `AWS::IAM::SAMLProvider` resource to create an IAM resource that describes an identity provider (IdP) that supports SAML 2.0. AWS::IAM::ServerCertificate Use the `AWS::IAM::ServerCertificate` resource to retrieve information about the specified server certificate stored in IAM. AWS::IAM::VirtualMFADevice Use the `AWS::IAM::VirtualMFADevice` resource to create a new virtual MFA device for the AWS account.	February 25, 2021
New resources	The following resources were added: AWS::SageMaker::Image, AWS::SageMaker::ImageVersion. AWS::SageMaker::Image Use the `AWS::SageMaker::Image` resource to create a new Image in Amazon SageMaker. AWS::SageMaker::ImageVersion Use the `AWS::SageMaker::ImageVersion` resource to create a new ImageVersion in Amazon SageMaker.	February 25, 2021
New resource	The following resource was added: `AWS::EKS::Addon`. `AWS::EKS::Addon` Use the `AWS::EKS::Addon` resource to create an Amazon EKS add-on.	February 25, 2021
New attributes	The following parameters were added for 10DLC support: EntityId, TemplateId, OriginationNumber. AWS::Pinpoint::Campaign CampaignSmsMessage Specifies the content and settings for an SMS message that's sent to recipients of a campaign.	February 24, 2021
Updated resource	The following resource was updated: AWS::DynamoDB::Table AWS::DynamoDB::Table Use the `ContributorInsightsSpecification` property to enable or disable CloudWatch Contributor Insights on a table or global secondary index.	February 22, 2021
Updated resource	The following resource was updated: AWS::CodeCommit::Repository Code AWS::CodeCommit::Repository Code The behavior of the `BranchName` property on update has changed to be consistent with all other aspects of `AWS:CodeCommit:Repository Code`. All properties of `AWS:CodeCommit:Repository Code` are ignored on update, as they only apply to initial resource creation.	February 19, 2021
Updated resources	The following resources were updated: AWS::AppMesh::VirtualNode and AWS::AppMesh::VirtualGateway AWS::AppMesh::VirtualNode Use the `ClientTlsCertificate` property to represent the client's certificate. Use the `SubjectAlternativeNames` property to represent the subject alternative names secured by the certificate. Use the `TlsValidationContextSdsTrust` property to represent a Transport Layer Security (TLS) Secret Discovery Service validation context trust. Use the `ListenerTlsValidationContextTrust` property to represent a listener's Transport Layer Security (TLS) validation context trust. Use the `SubjectAlternativeNameMatchers` property to represent the methods by which a subject alternative name on a peer Transport Layer Security (TLS) certificate can be matched. Use the `ListenerTlsSdsCertificate` property to represent the listener's Secret Discovery Service certificate. Use the `ListenerTlsValidationContext` property to represent a listener's Transport Layer Security (TLS) validation context. AWS::AppMesh::VirtualGateway Use the `VirtualGatewayListenerTlsValidationContextTrust` property to specify validation context trust. Use the `VirtualGatewayTlsValidationContextSdsTrust` property to represent a virtual gateway's listener's Transport Layer Security (TLS) Secret Discovery Service validation context trust. Use the `SubjectAlternativeNames` property represents the subject alternative names secured by the certificate. Use the `VirtualGatewayListenerTlsSdsCertificate` property to represent the virtual gateway's listener's Secret Discovery Service certificate. Use the `VirtualGatewayClientTlsCertificate` property to represent the virtual gateway's client's Transport Layer Security (TLS) certificate. Use the `VirtualGatewayListenerTlsValidationContext` property to represent a virtual gateway's listener's Transport Layer Security (TLS) validation context. Use the `SubjectAlternativeNameMatchers` property to represent the methods by which a subject alternative name on a peer Transport Layer Security (TLS) certificate can be matched.	February 18, 2021
Updated resources	The following resource was updated: AWS::IoTWireless::ServiceProfile AWS::IoTWireless::ServiceProfile Use the attributes of `LoRaWANGetServiceProfileInfo` with `LoRaWANServiceProfile` instead as `ReadOnly` properties that you can return using `Fn::GetAtt`.	February 18, 2021
Updated resources	The following resources were updated: AWS::Kendra::DataSource, AWS::Kendra::Index. AWS::Kendra::DataSource Use the `ConfluenceConfiguration` property of the resource to specify configuration information for indexing a Confluence data source. AWS::Kendra::DataSource Use the `GoogleDriveConfiguration` property of the resource to specify configuration information for indexing a Google Drive data source. AWS::Kendra::Index Use the `UserContextPolicy` and `UserTokenConfiguration` properties of the resource to specify how Amazon Kendra uses user tokens for access to the index.	February 18, 2021
Updated resource	The following resource was updated: AWS::FSx::FileSystem AWS::FSx::FileSystem In the WindowsConfiguration property type, use `Aliases` to specify one or more DNS alias names that you want to associate with the Amazon FSx file system.	February 18, 2021
Updated resource	The following resource was updated: AWS::DataBrew::Job JobSample. AWS::DataBrew::Job JobSample Use the `JobSample` property to define the sample configuration for profile jobs.	February 18, 2021
Updated resource	The following resource was updated: AWS::IoTAnalytics::Dataset. AWS::IoTAnalytics::Dataset Added the following properties: `LateDataRule` and `LateDataRuleConfiguration`. You can use these properties to specify a late data rule for your dataset. The late data rule enables AWS IoT Analytics to send notifications through Amazon CloudWatch when late data arrives. For more information, see Getting late data notifications in the AWS IoT Analytics User Guide.	February 18, 2021
AWS CloudFormation StackSets now supports delegated administrator with AWS Organizations	In addition to the organization's management account, delegated administrator accounts can create and manage stack sets with service-managed permissions for their organization. For more information, see Register a delegated administrator and Create a stack set with service-managed permissions.	February 18, 2021
New resources	The following resources were added: AWS::EC2::TransitGatewayMulticastDomain, AWS::EC2::TransitGatewayMulticastDomainAssociation, AWS::EC2::TransitGatewayMulticastGroupMembers and AWS::EC2::TransitGatewayMulticastGroupSource. AWS::EC2::TransitGatewayMulticastDomain Use the `TransitGatewayMulticastDomain` resource to create a transit gateway multicast domain. AWS::EC2::TransitGatewayMulticastDomainAssociation Use the `TransitGatewayMulticastDomainAssociation` resource to associate the specified subnets and transit gateway attachments with the specified transit gateway multicast domain. AWS::EC2::TransitGatewayMulticastGroupMember Use the `TransitGatewayMulticastGroupMembers` resource to register members (network interfaces) with the transit gateway multicast group. AWS::EC2::TransitGatewayMulticastGroupSource Use the `TransitGatewayMulticastGroupSource` resource to register sources (network interfaces) with the specified transit gateway multicast group.	February 12, 2021
Updated resources	The following resources were updated: AWS::IoTWireless::Destination, AWS::IoTWireless::DeviceProfile, AWS::IoTWireless::ServiceProfile, AWS::IoTWireless::WirelessDevice, and AWS::IoTWireless::WirelessGateway. AWS::IoTWireless::Destination Use the `ExpressionType` property of the resource to specify whether to use a new value `MqttTopic` or to use `RuleName`. In addition, the property descriptions now list any maximum values, minimum values, and patterns. AWS::IoTWireless::DeviceProfile Use the new `LoRaWAN` property which is a renaming of the `LoRaWANDeviceProfile` property. The property type has not changed from `LoRaWANDeviceProfile`. In addition, the property descriptions now list any maximum values, minimum values, and patterns. AWS::IoTWireless::ServiceProfile Use the new `LoRaWAN` property which is a renaming of the `LoRaWANServiceProfile` property. The property type has not changed from `LoRaWANServiceProfile`. In addition, the property descriptions now list any maximum values, minimum values, and patterns. AWS::IoTWireless::WirelessDevice Use the new `LoRaWAN` property which is a renaming of the `LoRaWANDevice` property. The property type has not changed from `LoRaWANDevice`. In addition, the property descriptions now list any maximum values, minimum values, and patterns. AWS::IoTWireless::WirelessGateway Use the new `LoRaWAN` property which is a renaming of the `LoRaWANGateway` property. The property type has not changed from `LoRaWANGateway`. In addition, the property descriptions now list any maximum values, minimum values, and patterns.	February 11, 2021
Updated resource	The following resource was updated: `AWS::DMS::Endpoint`. AWS::DMS::Endpoint.MongoDbSettings Added `SecretsManager` attributes to `MongoDbSettings`. AWS::DMS::Endpoint.MySqlSettings Added `SecretsManager` attributes to `MySqlSettings`. AWS::DMS::Endpoint.RedshiftSettings Added `SecretsManager` attributes to `RedshiftSettings`. AWS::DMS::Endpoint.SybaseSettings Added `SecretsManager` attributes to `SybaseSettings`. AWS::DMS::Endpoint.PostgreSqlSettings Added `SecretsManager` attributes to `PostgreSqlSettings`. AWS::DMS::Endpoint.MicrosoftSqlServerSettings Added `SecretsManager` attributes to `MicorsoftSqlServerSettings`. AWS::DMS::Endpoint.IbmDb2Settings Added `SecretsManager` attributes to `IbmDb2Settings`. AWS::DMS::Endpoint.DocDbSettings Added `SecretsManager` attributes to `DocDbSettings`. AWS::DMS::Endpoint.OracleSettings Added `SecretsManager` attributes to `OracleSettings`.	February 11, 2021
Updated resource	The following resource was updated: AWS::GroundStation::Config. AWS::GroundStation::Config S3RecordingConfig CloudFormation property The `S3RecordingConfig` property sets the information for a S3 recording config object.	February 11, 2021
New resources	The following resources were added: `AWS::CloudFormation::ResourceDefaultVersion` and `AWS::CloudFormation::ResourceVersion`. `AWS::CloudFormation::ResourceDefaultVersion` Use the `AWS::CloudFormation::ResourceDefaultVersion` resource to specify the default resource version to be used in CloudFormation operations. `AWS::CloudFormation::ResourceVersion` Use the `AWS::CloudFormation::ResourceVersion` resource to specify a resource version with the CloudFormation service, making it available for use in CloudFormation operations.	February 11, 2021
New resources	The following resources were added: AWS::SageMaker::App, AWS::SageMaker::AppImageConfig, AWS::SageMaker::Domain, AWS::SageMaker::UserProfile. AWS::SageMaker::App Use the `AWS::SageMaker::App` resource to create a running app for a user profile in SageMaker Studio. AWS::SageMaker::AppImageConfig Use the `AWS::SageMaker::AppImageConfig` resource to create a configuration for running a SageMaker image as a KernelGateway app in SageMaker Studio. AWS::SageMaker::Domain Use the `AWS::SageMaker::Domain` resource to create a Domain used by SageMaker Studio. AWS::SageMaker::UserProfile Use the `AWS::SageMaker::UserProfile` resource to create a user profile used by SageMaker Studio.	February 11, 2021
New resources	The following resources were added: AWS::ServiceCatalog::ServiceAction and AWS::ServiceCatalog::ServiceActionAssociation. AWS::ServiceCatalog::ServiceAction Use this self-service action feature to create CloudFormation templates that create Service Actions. AWS::ServiceCatalog::ServiceActionAssociation Use this self-service action association feature to create AWS CloudFormation templates that create Service Actions.	February 11, 2021
AWS CloudFormation StackSets Region availability	AWS CloudFormation StackSets is now available in the Asia Pacific (Osaka) Region. For more information, see Working with AWS CloudFormation StackSets.	February 10, 2021
Updated resource	The following resource was updated: AWS::IoTAnalytics::Datastore. AWS::IoTAnalytics::Datastore Added the following properties: `Column`, `FileFormatConfiguration`, `JsonConfiguration`, `ParquetConfiguration`, and `SchemaDefinition`. You can use these properties to specify JSON or Parquet file format for your data store. For more information, see File formats in the AWS IoT Analytics User Guide.	February 5, 2021
Updated resources	The following resources were updated: AWS::ECR::ReplicationConfiguration AWS::ECR::ReplicationConfiguration Use the `ReplicationConfiguration` property to create or update the replication configuration for a private repository.	February 4, 2021
Updated resources	The following resources were updated: AWS::IoTWireless::DeviceProfile, AWS::IoTWireless::ServiceProfile, AWS::IoTWireless::WirelessDevice, and AWS::IoTWireless::WirelessGateway. AWS::IoTWireless::DeviceProfile Use the `DeviceProfile` resource to specify a device profile for a wireless device to use. AWS::IoTWireless::ServiceProfile Use the `ServiceProfile` resource to specify a service profile for a wireless device to use. AWS::IoTWireless::WirelessDevice Use the `WirelessDevice` resource to specify a wireless device in an AWS IoT Core for LoRaWAN solution. AWS::IoTWireless::WirelessGateway Use the `WirelessGateway` resource to specify a wireless gateway in an AWS IoT Core for LoRaWAN solution.	February 4, 2021
Updated resources	The following resources were updated: `AWS::Cassandra::Keyspace` and `AWS::Cassandra::Table`. AWS::Cassandra::Keyspace.Tags Use the `AWS::Cassandra::Keyspace.Tags` property to add tags to new or existing keyspaces in Amazon Keyspaces (for Apache Cassandra). AWS::Cassandra::Table.Tags Use the `AWS::Cassandra::Table.Tags` property to create and add tags to new or existing tables in Amazon Keyspaces (for Apache Cassandra). AWS::Cassandra::Table.PointInTimeRecoveryEnabled Use the `AWS::Cassandra::Table.PointInTimeRecoveryEnabled` property to enable point-in-time recovery in Amazon Keyspaces (for Apache Cassandra).	February 4, 2021
Updated resource	The following resource was updated: `AWS::ElastiCache::GlobalReplicationGroup.` `AWS::ElastiCache::GlobalReplicationGroup` Consists of a primary cluster that accepts writes and an associated secondary cluster that resides in a different Region. The secondary cluster accepts only reads. The primary cluster automatically replicates updates to the secondary cluster.	February 4, 2021
Updated resource	The following resource was updated: AWS::DataBrew::Job. AWS::DataBrew::Job Use the `CsvOutputOptions` property to define how DataBrew will write a CSV file. Use the `OutputFormatOptions` property to define the structure of CSV job output.	February 4, 2021
New resource	Added the following resource: AWS::ImageBuilder::ContainerRecipe. AWS::ImageBuilder::ContainerRecipe Use the `AWS::ImageBuilder::ContainerRecipe` resource to create a container recipe in the Image Builder service.	February 4, 2021
Updated resource	The following resource was updated: `AWS::ApiGatewayV2::Stage`. AWS::ApiGatewayV2::Stage Added the attribute `AccessPolicyId` for internal use only.	January 28, 2021
New resource	The following resource was added: AWS::LookoutVision:Project. AWS::LookoutVision:Project Use the `Project` resource to create an Amazon Lookout for Vision project.	January 28, 2021
Updated resource	The following resource was updated: `AWS::MediaConnect::FlowVpcInterface`. AWS::MediaConnect::FlowVpcInterface Use the `FlowArn` property to specify the ARN of the flow. Use the `Name` property to specify the name of the VPC Interface.	January 21, 2021
Updated resource	The following resource was updated: AWS::ACMPCA::Certificate. AWS::ACMPCA::Certificate Use the `ApiPassthrough` property to include parameters in certificates during issuance. Use the `ValidityNotBefore` property to customize the start of certificate validity.	January 21, 2021
Updated resource	The following resources were updated: AWS::SageMaker::Device, AWS::SageMaker::DeviceFleet, and AWS::SageMaker::Model. AWS::SageMaker::Device Use the `DeviceFleetName` property to get the name of the fleet the device belongs to. Use the `Device` property to make the edge device you want to create. Use the `Tags` property to get the tags registered to a specific device. Use the `Device.Device` property/resource to get information about a particular device. Use the `Device.Device.Description` property/resource to get a description of the device. Use the `Device.Device.DeviceName` property/resource to get the device name. Use the `Device.Device.IotThingName` property/resource to get the IoT object name. AWS::SageMaker::DeviceFleet Use the `DeviceFleet.Description` property to get information about a fleet. Use the `OutputConfig` property to get the output configuration for the fleet. Use the `RoleArn` property to get the ARN of the IoT thing. Use the `Tags` property to get the tags registered to a specific fleet. Use the `EdgeOutputConfig.KmsKeyId` property/resource to set the KMS key ID. Use the `EdgeOutputConfig.S3OutputLocation` property/resource to set the S3 bucket URI. AWS::SageMaker::Model Use the `MultiModelConfiguration` property to specify configuration details for a multi-model endpoint.	January 21, 2021
New resources	The following resource was added: AWS::SageMaker::Project. AWS::SageMaker::Project Use the `AWS::SageMaker::Project` resource to create a new project in Amazon SageMaker.	January 21, 2021
Updated resource	The following resource was updated with examples: AWS::S3::AccessPoint Access Points Use the `AWS::S3::AccessPoint` resource to specify an S3 access point.	January 20, 2021
New resource	The AWS::EMRContainers::VirtualCluster resource was added. AWS::EMRContainers::VirtualCluster The `AWS::EMRContainers::VirtualCluster` resource specifies a virtual cluster.	January 14, 2021
New resource	The following resource was added: AWS::QuickSight::DataSet and AWS::QuickSight::DataSource. AWS::QuickSight::DataSet Use the `AWS::QuickSight::DataSet` resource to create a dataset in Amazon QuickSight. AWS::QuickSight::DataSource Use the `AWS::QuickSight::DataSource` resource to create a data source in Amazon QuickSight.	January 14, 2021
New resource	The following resource was added: AWS::QuickSight::Analysis, AWS::QuickSight::Dashboard, AWS::QuickSight::Template, and AWS::QuickSight::Theme. AWS::QuickSight::Analysis Use the `AWS::QuickSight::Analysis` resource to create an analysis in Amazon QuickSight. AWS::QuickSight::Dashboard Use the `AWS::QuickSight::Dashboard` resource to create a dashboard from a template in Amazon QuickSight. AWS::QuickSight::Template Use the `AWS::QuickSight::Template` resource to create a template from an existing Amazon QuickSight analysis or template. AWS::QuickSight::Theme Use the `AWS::QuickSight::Theme` resource to create a theme in Amazon QuickSight.	January 14, 2021
Updates to resource	The following resource was updated: `AWS::SSO::InstanceAccessControlAttributeConfiguration`. `AWS::SSO::InstanceAccessControlAttributeConfiguration` Use the `AWS::SSO::InstanceAccessControlAttributeConfiguration` resource to configure attribute-based access control (ABAC) in IAM Identity Center.	January 7, 2021
Updated resources	The following resources were updated: AWS::IoTWireless::Destination, AWS::IoTWireless::DeviceProfile, AWS::IoTWireless::ServiceProfile, AWS::IoTWireless::WirelessDevice, and AWS::IoTWireless::WirelessGateway. AWS::IoTWireless::Destination Use the `Destination` resource to specify a destination for a wireless device to use. AWS::IoTWireless::DeviceProfile Use the `DeviceProfile` resource to specify a device profile for a wireless device to use. AWS::IoTWireless::ServiceProfile Use the `ServiceProfile` resource to specify a service profile for a wireless device to use. AWS::IoTWireless::WirelessDevice Use the `WirelessDevice` resource to specify a wireless device in an AWS IoT Core for LoRaWAN solution. AWS::IoTWireless::WirelessGateway Use the `WirelessGateway` resource to specify a wireless gateway in an AWS IoT Core for LoRaWAN solution.	January 7, 2021
Updated resource	The following resource was updated: `AWS::ApiGatewayV2::Integration`. AWS::ApiGatewayV2::Integration Use the `AWS::ApiGatewayV2::Integration` resource to configure request and response parameter mapping for an HTTP API.	January 7, 2021
Updated resource	The following resource was updated: AWS::EC2::LaunchTemplate AWS::EC2::LaunchTemplate Use the `Throughput` property to specify the throughput to provision for gp3 volumes.	January 7, 2021
Updated resource	The following resources were updated: AWS::FMS::Policy. AWS::FMS::Policy The `AWS::FMS::Policy` resource now allows you to manage AWS Network Firewall policies.	January 7, 2021
New resources	The following resources were added: `AWS::MediaConnect::Flow`, `AWS::MediaConnect::FlowEntitlement`, `AWS::MediaConnect::FlowOutput`, `AWS::MediaConnect::FlowSource`, and `AWS::MediaConnect::FlowVpcInterface`. AWS::MediaConnect::Flow Use the `AWS::MediaConnect::Flow` resource to create a connection between one or more video sources and one or more outputs. AWS::MediaConnect::FlowEntitlement Use the `AWS::MediaConnect::FlowEntitlement` resource to grant permission to another AWS account to allow access to the content in a specific AWS Elemental MediaConnect flow. AWS::MediaConnect::FlowOutput Use the `AWS::MediaConnect::FlowOutput` resource to define the destination address, protocol, and port that you want MediaConnect to send the ingested video to. AWS::MediaConnect::FlowSource Use the `AWS::MediaConnect::FlowSource` resource to define where the external video content comes from. AWS::MediaConnect::FlowVpcInterface Use the `AWS::MediaConnect::FlowVpcInterface` resource to create a connection between your MediaConnect flow and a virtual private cloud (VPC) that you created using the Amazon Virtual Private Cloud service.	January 7, 2021
New resources	The following resources were added: AWS::Route53::DNSSEC and AWS::Route53::KeySigningKey. AWS::Route53::DNSSEC Use the `AWS::Route53::DNSSEC` resource to enable DNSSEC signing for a hosted zone. AWS::Route53::KeySigningKey Use the `AWS::Route53::KeySigningKey` resource to specify configuration settings for a key-signing key (KSK) that's associated with a hosted zone.	January 7, 2021
New Resources	The following resources were added: AWS::DataSync::Agent, AWS::DataSync::LocationEFS, AWS::DataSync::LocationFSxWindows, AWS::DataSync::LocationNFS, AWS::DataSync::LocationObjectStorage, AWS::DataSync::LocationS3, AWS::DataSync::LocationSMB, and AWS::DataSync::Task. AWS::DataSync::Agent Use the `AWS::DataSync::Agent` resource to specify an AWS DataSync agent. AWS::DataSync::LocationEFS Use the `AWS::DataSync::LocationEFS` resource to specify a location for an Amazon EFS location. AWS::DataSync::LocationFSxWindows Use the `AWS::DataSync::LocationFSxWindows` resource to specify an Amazon FSx for Windows Server file system. AWS::DataSync::LocationNFS Use the `AWS::DataSync::LocationNFS` resource to specify a file system on a Network File System (NFS) server. AWS::DataSync::LocationObjectStorage Use the `AWS::DataSync::LocationObjectStorage` resource to specify an endpoint for a self-managed object storage bucket. AWS::DataSync::LocationS3 Use the `AWS::DataSync::LocationS3` resource to specify an endpoint for an Amazon S3 bucket. AWS::DataSync::LocationSMB Use the `AWS::DataSync::LocationSMB` resource to specify a Server Message Block (SMB) location. AWS::DataSync::Task Use the `AWS::DataSync::Task` resource to specify a task.	January 7, 2021
Updated resource	The following resource was updated: AWS::Glue::Table AWS::Glue::Table Use the `SchemaReference` property to specify an object that references a schema stored in the AWS Glue Schema Registry. Use the `TableInput.TargetTable` property to specify a `TableIdentifier` structure that describes a target table for resource linking. Use the `Table.TableIdentifier` property to specify a target table for resource linking.	December 22, 2020
Updated resource	The following resource was updated: AWS::Glue::Partition AWS::Glue::Partition Use the `SchemaReference` property to specify an object that references a schema stored in the AWS Glue Schema Registry.	December 22, 2020
Updated resource	The following resource was updated: AWS::Glue::Database AWS::Glue::Database Use the `DatabaseInput.TargetDatabase` property to specify a `TableIdentifier` structure that describes a target table for resource linking. Use the `Database.DatabaseIdentifier` property to specify a target database for resource linking.	December 22, 2020
Updated resource	The following resource was updated: AWS::Glue::MLTransform AWS::Glue::MLTransform Use the `TransformEncryption` property to specify the encryption-at-rest settings of the transform that apply to accessing user data. Use the `MLUserDataEncryption` property to specify the encryption mode and customer-provided KMS key ID.	December 22, 2020
Updated resource	The following resource was updated: AWS::NimbleStudio::LaunchProfile. AWS::NimbleStudio::LaunchProfile In the StreamConfiguration property type, use the `MaxStoppedSessionLengthInMinutes` property to specify if you can stop your sessions, and use the `SessionStorage` property to specify the upload storage for a streaming session. Use the `StreamConfigurationSessionStorage` property to specify a configuration for a streaming session’s upload storage. Use the `StreamingSessionStorageRoot` property to specify the upload storage root location that is a folder on streaming workstations where files are uploaded.	December 22, 2020
New resource	The following resource was added: AWS::MWAA::Environment AWS::MWAA::Environment Use the `AWS::MWAA::Environment` resource to create an Amazon Managed Workflows for Apache Airflow (MWAA) environment.	December 21, 2020
Updated resources	The following resources were updated: AWS::EC2::Instance, AWS::EC2::SpotFleet, AWS::EC2::Volume. AWS::EC2::Instance Use the `EnclaveOptions` property to indicate whether the instance is enabled for AWS Nitro Enclaves. AWS::EC2::SpotFleet SpotCapacityRebalance Use the `SpotCapacityRebalance` property when Amazon EC2 emits a signal that your Spot Instance is at an elevated risk of being interrupted. AWS::EC2::SpotFleet SpotMaintenanceStrategies Use the `SpotMaintenanceStrategies` property to manage your Spot Instances that are at an elevated risk of being interrupted. . AWS::EC2::Volume Use the `Throughput` property to specify the throughput that the volume supports, in MiB/s.	December 18, 2020
Updated resources	The following resources were updated: AWS::ECS::Service. AWS::ECS::Service Use the `DeploymentCircuitBreaker` property to turn on the deployment circuit breaker for a service.	December 18, 2020
Updated resources	The following resources were updated: `AWS::ElastiCache::User` `AWS::ElastiCache::UserGroup` and `AWS::ElastiCache::ReplicationGroup.` `AWS::ElastiCache::User` For Valkey 7.2 and onwards, and Redis OSS engine version 6.0 onwards: Creates a user. For more information, see Using Role Based Access Control (RBAC) `AWS::ElastiCache::UserGroup` For Valkey 7.2 and onwards, and Redis OSS engine version 6.0 onwards: Creates a user group. For more information, see Using Role Based Access Control (RBAC) `AWS::ElastiCache::ReplicationGroup` Use the `UserGroupIds` property to associate a list of user groups with the replication group.	December 18, 2020
Updated resource	The following resource was updated: AWS::Batch::JobDefinition AWS::Batch::JobDefinition Use the `PlatformCapabilities` property to specify whether the job requires `EC2` or `FARGATE` resources. Use the `PropagateTags` property to specify whether to propagate tags from the job definition to the corresponding Amazon ECS task. In the ContainerProperties property type: Use the `FargatePlatformConfiguration` property to specify the Fargate platform version to use for jobs running on Fargate resources. Use the `NetworkConfiguration` property to specify the network configuration for jobs running on Fargate resources. AWS::Batch::JobDefinition In the ContainerProperties property type, use the FargatePlatformConfiguration property to define the version of the Fargate platform used for the job.	December 18, 2020
Updated resource	The following resource was updated: AWS::FSx::FileSystem AWS::FSx::FileSystem The `StorageCapacity` property was updated to `"Required": conditional`. In the WindowsConfiguration property type, the `ThroughputCapacity` property was updated to `"Required": true`.	December 18, 2020
Updated resource	The following resources were updated: AWS::S3::Bucket SourceSelectionCriteria Use the `ReplicaModifications` property in `AWS::S3::Bucket SourceSelectionCriteria` to filter modifications on replicas. Amazon S3 Bucket Keys Use the `BucketKeyEnabled` property to specify an S3 Bucket Key with default encryption using AWS Key Management Service.	December 18, 2020
New resources	The following resources were added: `AWS::CloudFormation::ModuleDefaultVersion` and `AWS::CloudFormation::ModuleVersion`. `AWS::CloudFormation::ModuleDefaultVersion` Use the `AWS::CloudFormation::ModuleDefaultVersion` resource to specify the default version of a module, which will be used in CloudFormation operations for this account and Region. `AWS::CloudFormation::ModuleVersion` Use the `AWS::CloudFormation::ModuleVersion` resource to register the specified version of the module with the CloudFormation service, making it available for use in CloudFormation templates in this account and Region.	December 18, 2020
New resources	The following resources were added: `AWS::DevOpsGuru::NotificationChannel`, `AWS::DevOpsGuru::ResourceCollection` AWS::DevOpsGuru::NotificationChannel Use the `AWS::DevOpsGuru::NotificationChannel` resource to add a notification channel to Amazon DevOps Guru. The notification channel is used to notify you about important events. For example, the creation of an insight or a change in an insight's severity. AWS::DevOpsGuru::ResourceCollection Use the `AWS::DevOpsGuru::ResourceCollection` resource to specify a collection of resources in your account that you want Amazon DevOps Guru to analyze. The specified resources are analyzed to generate insights that contain recommendations, related metrics, and operational data to help you improve the performance of your operational solutions.	December 18, 2020
New resources	The following resources were added: AWS::EC2::NetworkInsightsPath and AWS::EC2::NetworkInsightsAnalysis. AWS::EC2::NetworkInsightsPath Use the `NetworkInsightsPath` property to specify a path to analyze for reachability. AWS::EC2::NetworkInsightsAnalysis Use the `NetworkInsightsAnalysis` property to specify a network insights analysis.	December 18, 2020
New resources	The following resources were added: AWS::ECR::PublicRepository AWS::ECR::PublicRepository Use the `PublicRepository` property to create or update a public repository.	December 18, 2020
New resources	The following resources were added: AWS::LicenseManager::Grant and AWS::LicenseManager::License. AWS::LicenseManager::Grant Use the `AWS::LicenseManager::Grant` resource to specify a grant in the AWS License Manager service. AWS::LicenseManager::License Use the `AWS::LicenseManager::License` resource to specify a granted license in the AWS License Manager service.	December 18, 2020
New resources	The following resources were added: AWS::SageMaker::DataQualityJobDefinition, AWS::SageMaker::Device, AWS::SageMaker::DeviceFleet, AWS::SageMaker::ModelBiasJobDefinition, AWS::SageMaker::ModelExplainabilityJobDefinition, AWS::SageMaker::ModelQualityJobDefinition, AWS::SageMaker::ModelPackageGroup, and AWS::SageMaker::Pipeline. AWS::SageMaker::DataQualityJobDefinition Use the `AWS::SageMaker::DataQualityJobDefinition` resource to create a monitoring job that monitors drift in data quality. AWS::SageMaker::Device Use the `AWS::SageMaker::Device` resource to register your Devices against an existing SageMaker Edge Manager DeviceFleet. Each device must be listed individually in the CFN specification. AWS::SageMaker::DeviceFleet Use the `AWS::SageMaker::DeviceFleet` resource to create a DeviceFleet that manages your SageMaker Edge Manager Devices. You must register your devices against the `DeviceFleet` separately. AWS::SageMaker::ModelBiasJobDefinition Use the `AWS::SageMaker::ModelBiasJobDefinition` resource to create a monitoring job that monitors potential bias in your model. AWS::SageMaker::ModelExplainabilityJobDefinition Use the `AWS::SageMaker::ModelExplainabilityJobDefinition` resource to create a monitoring job that monitors feature attribution drift in your model. AWS::SageMaker::ModelQualityJobDefinition Use the `AWS::SageMaker::ModelQualityJobDefinition` resource to create a monitoring job that monitors quality drift in your model. AWS::SageMaker::ModelPackageGroup Use the `AWS::SageMaker::ModelPackageGroup` resource to create a group of related models. AWS::SageMaker::Pipeline Use the `AWS::SageMaker::Pipeline` resource to specify shell scripts that run when you create and/or start a SageMaker Pipeline. For information about SageMaker Pipelines, see SageMaker Pipelines in the Amazon SageMaker Developer Guide.	December 18, 2020
New resource	The following resource was added: `AWS::AuditManager::Assessment` AWS::AuditManager::Assessment Use the `AWS::AuditManager::Assessment` resource to specify a new assessment in AWS Audit Manager.	December 18, 2020
New resource	The following resource was added: `AWS::SSO::InstanceAccessControlAttributeConfiguration`. `AWS::SSO::InstanceAccessControlAttributeConfiguration` Use the `AWS::SSO::InstanceAccessControlAttributeConfiguration` resource to configure attribute-based access control (ABAC) in IAM Identity Center.	December 18, 2020
New resource	The following resources were added: AWS::GreengrassV2::ComponentVersion. AWS::GreengrassV2::ComponentVersion Use the `AWS::GreengrassV2::ComponentVersion` resource to create a new component version in AWS IoT Greengrass.	December 18, 2020
New resource	The following resources were added: AWS::IoTSitewise::AccessPolicy, AWS::IoTSiteWise::Dasboard, AWS::IoTSiteWise::Portal, and AWS::IoTSiteWise::Project. AWS::IoTSiteWise::AccessPolicy Use the `AWS::IoTSiteWise::AccessPolicy` resource to create a new access policy in AWS IoT SiteWise. AWS::IoTSiteWise::Dasboard Use the `AWS::IoTSiteWise::Dasboard` resource to create a new dashboard in AWS IoT SiteWise. AWS::IoTSiteWise::Portal Use the `AWS::IoTSiteWise::Portal` resource to create a new portal in AWS IoT SiteWise. AWS::IoTSiteWise::Project Use the `AWS::IoTSiteWise::Project` resource to create a new project in AWS IoT SiteWise.	December 18, 2020
New resource	The following resources were updated: AWS::Lambda::CreateEventSourceMapping and AWS::Lambda::Function. AWS::Lambda::EventSourceMapping Use the `TumblingWindowInSeconds` property to set the window size for SQS event sources. Lambda now supports a Self-Managed Apache Kafka cluster as an event source. AWS::Lambda::Function Lambda now supports functions deployed as container images. Use the ImageUri property to specify the container image location. In the Code property type, new property `ImageUri` specifies the image to associate with your Lambda function.	December 18, 2020
Updated resource	The following resource was updated to support specifying a capacity type for a node group: `AWS::EKS::Nodegroup`. `AWS::EKS::Nodegroup` Use the `CapacityType` property to specify whether you want to use Spot or On-Demand instance types for your node group.	December 17, 2020
Updated resource	The following resource was updated: AWS::GameLift::MatchmakingConfiguration. AWS::GameLift::MatchmakingConfiguration Use the `FlexMatchMode` property to specify that the matchmaker is for a standalone FlexMatch solution or for matchmaking with GameLift managed hosting.	November 24, 2020
Updated resource	The following resource was updated: AWS::Lambda::CreateEventSourceMapping. AWS::Lambda::EventSourceMapping.BatchSize The `BatchSize` has been increased for standard SQS queues, and allows for the use of a `MaximumBatchingWindowInSeconds`.	November 24, 2020
Modules	Modules are a way for you to package resource configurations for inclusion across stack templates, in a transparent, manageable, and repeatable way. Modules can encapsulate common service configurations and best practices as modular, customizable building blocks for you to include in your stack templates. For more information, see Using modules to encapsulate and reuse resource configurations.	November 24, 2020
New resource	The following resource was added: AWS::Lambda::CodeSigningConfig. AWS::Lambda::CodeSigningConfig Use the `CodeSigningConfig` resource to specify code-signing capability to your Lambda functions.	November 23, 2020
Updated resource	The following resource was updated: AWS::CloudFront::Distribution. AWS::CloudFront::Distribution In the CacheBehavior and DefaultCacheBehavior property types, use the `TrustedKeyGroups` property to specify a list of the key groups that CloudFront can use to verify signed URLs or signed cookies. For more information, see Serving private content in the Amazon CloudFront Developer Guide.	November 19, 2020
Updated resource	The following resources were updated: AWS::EC2::LaunchTemplate and AWS::EC2::ClientVpnEndpoint. AWS::EC2::ClientVpnEndpoint Use the `ClientConnectOptions` property to indicate whether client connect options are used for Client VPN. AWS::EC2::LaunchTemplate Use the `AssociateCarrierIpAddress` property to indicates whether to associate a Carrier IP address with eth0 for a new network interface. AWS::EC2::LaunchTemplate Use the `EnclaveOptions` property to indicate whether the instance is enabled for AWS Nitro Enclaves. AWS::EC2::LaunchTemplate Use the `NetworkCardIndex` property to specify the network card index.	November 19, 2020
Updated resource	The following resource was updated: AWS::Events::EventBusPolicy. AWS::Events::EventBusPolicy Added the `Statement` property. Use the `Statement` property to add a statement to the policy attached to an event bus.	November 19, 2020
Updated resource	The following resource was updated: AWS::KMS::Key. AWS::KMS::Key Added support for asymmetric KMS keys, including the `KeySpec` property and the SIGN_VERIFY value for the `KeyUsage` property.	November 19, 2020
New resources	The following resources were added: AWS::CloudFront::KeyGroup and AWS::CloudFront::PublicKey. AWS::CloudFront::KeyGroup Use the `AWS::CloudFront::KeyGroup` resource to create a key group in Amazon CloudFront to use with CloudFront signed URLs and signed cookies. For more information, see Serving private content in the Amazon CloudFront Developer Guide. AWS::CloudFront::PublicKey Use the `AWS::CloudFront::PublicKey` resource to create a public key in Amazon CloudFront to use with CloudFront signed URLs and signed cookies, or with field-level encryption. For more information, see Serving private content or Using field-level encryption to help protect sensitive data in the Amazon CloudFront Developer Guide.	November 19, 2020
New resource	The following resource was added: AWS::Glue::Registry AWS::Glue::Registry Use the `AWS::Glue::Registry` resource to manage registries in the AWS Glue Schema Registry.	November 19, 2020
New resource	The following resource was added: AWS::Glue::Schema AWS::Glue::Schema Use the `AWS::Glue::Schema` resource to manage schemas in the AWS Glue Schema Registry.	November 19, 2020
New resource	The following resource was added: AWS::Glue::SchemaVersion AWS::Glue::SchemaVersion Use the `AWS::Glue::SchemaVersion` resource to manage schema versions in the AWS Glue Schema Registry.	November 19, 2020
New resource	The following resource was added: AWS::Glue::SchemaVersionMetadata AWS::Glue::SchemaVersionMetadata Use the `AWS::Glue::SchemaVersionMetadata` resource to manage schema version metadata in the AWS Glue Schema Registry.	November 19, 2020
New resource	The following resource is new: AWS::IoT::TopicRuleDestination AWS::IoT::TopicRuleDestination Use the `AWS::IoT::TopicRuleDestination` to specify a topic rule destination.	November 19, 2020
New resource	The following resources were added: AWS::NetworkFirewall::Firewall, AWS::NetworkFirewall::FirewallPolicy, AWS::NetworkFirewall::LoggingConfiguration, and AWS::NetworkFirewall::RuleGroup AWS::NetworkFirewall::Firewall Use the `AWS::NetworkFirewall::Firewall` resource to specify stateful, managed, network firewall and intrusion detection and prevention for your VPCs in Amazon VPC. AWS::NetworkFirewall::FirewallPolicy Use the `AWS::NetworkFirewall::FirewallPolicy` resource to specify the stateless and stateful network traffic filtering behavior for your `AWS::NetworkFirewall::Firewall`. AWS::NetworkFirewall::LoggingConfiguration Use the `AWS::NetworkFirewall::LoggingConfiguration` resource to specify the destinations and logging options for an `AWS::NetworkFirewall::Firewall`. AWS::NetworkFirewall::RuleGroup Use the `AWS::NetworkFirewall::RuleGroup` resource to specify a reusable collection of stateless or stateful network traffic filtering rules for use in your `AWS::NetworkFirewall::FirewallPolicy`.	November 19, 2020
New resource	The following resource was added: AWS::S3::StorageLens S3 Storage Lens Use the `AWS::S3::StorageLens` resource to create a S3 Storage Lens configuration in the Amazon Simple Storage Service.	November 19, 2020
Change sets for nested stacks	With change sets for nested stacks you can preview the changes to your application and infrastructure resources across the entire nested stack hierarchy and proceed with updates when you've confirmed that all the changes are as intended. For more information, see Change sets for nested stacks.	November 18, 2020
Updated resources	The following resources were updated: AWS::AppMesh::VirtualNode and AWS::AppMesh::VirtualGateway AWS::AppMesh::VirtualNode Use the `ConnectionPool` property to specify the type of connection pool for the listener. Use the `VirtualNodeHttp2ConnectionPool` property to specify an http2 type of connection pool. Use the `VirtualNodeGrpcConnectionPool` property to specify a grpc type of connection pool. Use the `VirtualNodeConnectionPool` property to specify the type of virtual node connection pool. Use the `VirtualNodeHttpConnectionPool` property to specify an http type of connection pool. Use the `OutlierDetection` property to specify the type of outlier detection for the listener. Use the `VirtualNodeTcpConnectionPool` property to specify an http2 type of connection pool. AWS::AppMesh::VirtualGateway Use the `ConnectionPool` property to specify the type of connection pool for the listener. Use the `VirtualGatewayHttpConnectionPool` property to specify an http type of connection pool. Use the `VirtualGatewayHttp2ConnectionPool` property to specify an http2 type of connection pool. Use the `VirtualGatewayConnectionPool` property to specify the type of virtual gateway connection pool. Use the `VirtualGatewayGrpcConnectionPool` property to specify a grpc type of connection pool.	November 12, 2020
Updated resource	The following resources were updated: AWS::EC2::Route and AWS::EC2::VPCEndpointService. AWS::EC2::Route Use the `VpcEndpointId` property to create a route to a Gateway Load Balancer endpoint. AWS::EC2::VPCEndpointService Use the `GatewayLoadBalancerArns` property to specify a Gateway Load Balancer for your VPC endpoint service.	November 12, 2020
Updated resource	The following resource was updated: AWS::Kendra::DataSource. AWS::Kendra::DataSource Use the new `CUSTOM` value to specify the custom data sources.	November 12, 2020
New resources:	This is the first release of AWS Glue DataBrew.	November 12, 2020
Updated resource	The following resources were updated: AWS::S3::Bucket IntelligentTieringConfiguration Use the `IntelligentTieringConfiguration` property to specify an S3 Intelligent-Tiering configuration. OwnershipControls Use the `OwnershipControls` property to specify object ownership on a bucket.	November 9, 2020
Updated resources	The following resources were updated: AWS::CodeArtifact::Domain and AWS::CodeArtifact::Repository. AWS::CodeArtifact::Domain The `AWS::CodeArtifact::Domain` resource now supports tags. AWS::CodeArtifact::Repository The `AWS::CodeArtifact::Repository` resource now supports tags.	November 5, 2020
Updated resource	The following resource was updated: AWS::Batch::JobDefinition AWS::Batch::JobDefinition In the RetryStrategy property type, use the EvaluateOnExit property to specify a set of conditions to be met, and an action to take (`RETRY` or `EXIT`) if all conditions are met.	November 5, 2020
Updated resource	The following resource was updated: AWS::EC2::Route. AWS::EC2::Route Use the `CarrierGatewayId` property to create a route to a carrier gateway.	November 5, 2020
Updated resource	The following resource was updated: AWS::AutoScaling::AutoScalingGroup. AWS::AutoScaling::AutoScalingGroup Use the `CapacityRebalance` property to indicate whether Capacity Rebalancing is enabled.	November 5, 2020
Updated resource	The following resource was updated: AWS::Lambda::EventSourceMapping. AWS::Lambda::EventSourceMapping Use the `Queues` property to specify the Amazon MQ queue to stream to a Lambda function. Use the `Source access configuration` property to specify the Secrets Manager secret that stores your MQ broker credentials.	November 5, 2020
New resource	The following new resource was added: AWS::Events::Archive. AWS::Events::Archive Use the `Archive` resource to create an EventBridge archive to store events in.	November 5, 2020
New resource	The following resource was added: AWS::IoT::DomainConfiguration. AWS::IoT::DomainConfiguration Use the `AWS::IoT::DomainConfiguration` resource to specify a domain configuration in AWS IoT Core.	November 5, 2020
New resource	The following resource was added: AWS::RDS::GlobalCluster. AWS::RDS::GlobalCluster Use the `AWS::RDS::GlobalCluster` resource to create or update an Aurora global database cluster.	November 5, 2020
Updated resource	The following resources were updated: AWS::AmazonMQ::Broker, AWS::AmazonMQ::Configuration, AWS::AmazonMQ::ConfigurationAssociation AWS::AmazonMQ::Broker Amazon MQ now supports RabbitMQ broker engine.	November 4, 2020
Updated resource	The following resource was updated: AWS::GlobalAccelerator::EndpointGroup. AWS::GlobalAccelerator::EndpointGroup Use the `PortOverride` property to override the listener port used for routing traffic to endpoints.	October 29, 2020
New resources	The following resources were added: AWS::IVS::Channel, AWS::IVS::StreamKey, and AWS::IVS::PlaybackKeyPair AWS::IVS::Channel Use the `AWS::IVS::Channel` resource to specify an Amazon IVS Channel, which stores configuration information related to your live stream. AWS::IVS::StreamKey Use the `AWS::IVS::StreamKey` resource to specify an Amazon IVS Stream Key, which creates a stream key for the specified IVS Channel. Use a stream key to initiate a live stream. AWS::IVS::PlaybackKeyPair Use the `AWS::IVS::PlaybackKeyPair` resource to specify an Amazon IVS PlaybackKeyPair, which is used to sign and validate a playback authorization token for a private channel.	October 29, 2020
New resource	The following resources were added: AWS::IoTSitewise::Asset, AWS::IoTSiteWise::AssetModel, and AWS::IoTSiteWise::Gateway. AWS::IoTSiteWise::Asset Use the `AWS::IoTSiteWise::Asset` resource to create a new asset in AWS IoT SiteWise. AWS::IoTSiteWise::AssetModel Use the `AWS::IoTSiteWise::AssetModel` resource to create a new asset model in AWS IoT SiteWise. AWS::IoTSiteWise::Gateway Use the `AWS::IoTSiteWise::Gateway` resource to create a new gateway in AWS IoT SiteWise.	October 28, 2020
Updated resource	The following resource was updated: AWS::AutoScaling::AutoScalingGroup. AWS::AutoScaling::AutoScalingGroup Use the `NewInstancesProtectedFromScaleIn` property to specify whether newly launched instances are protected from termination by Amazon EC2 Auto Scaling when scaling in.	October 26, 2020
Updated resources	The following resources were updated: AWS::Batch::ComputeEnvironment, AWS::Batch::JobDefinition, and AWS::Batch::JobQueue. AWS::Batch::ComputeEnvironment Use the `Tags` property to specify tags for the compute environment. AWS::Batch::JobDefinition Use the `Tags` property to specify tags for the job definition. AWS::Batch::JobQueue Use the `Tags` property to specify tags for the job queue.	October 22, 2020
Updated resource	The following resource was updated: AWS::AppSync::ApiKey. AWS::AppSync::ApiKey Use the `ApiKeyId` property to specify the API key ID.	October 22, 2020
Updated resource	The following resource was updated: AWS::CloudFront::Distribution. AWS::CloudFront::Distribution In the Origin property type, use the `OriginShield` property to enable CloudFront Origin Shield. For more information, see Using Origin Shield in the Amazon CloudFront Developer Guide.	October 22, 2020
Updated resource	The following resource was updated: AWS::EMR::Cluster. AWS::EMR::Cluster Use the `LogEncryptionKmsKeyId` property to specify the AWS KMS key used for encrypting log files. Use the `ManagedScalingPolicy` property to create a managed scaling policy for an Amazon EMR cluster. Use the `StepConcurrencyLevel` property to specify the number of steps that can be executed concurrently.	October 22, 2020
Updated resource	The following resource was updated: AWS::Events::Rule. AWS::Events::Rule Added AWS::Events::Rule DeadLetterConfig Added AWS::Events::Rule RetryPolicy AWS::Events::Rule Target Added the DeadLetterConfig property of the Target property type. Added the RetryPolicy property of the Target property type.	October 22, 2020
Updated resource	Added a new property, `FileFormat`, to the FAQ resource. For more information, see https://docs.aws.amazon.com/kendra/latest/dg/in-creating-faq.html	October 22, 2020
Updated resource	The following resource was updated: AWS::KinesisFirehose::DeliveryStream. AWS::KinesisFirehose::DeliveryStream DeliveryStreamEncryptionConfigurationInput property type is now supported for the delivery streams in CloudFormation.	October 22, 2020
Updated resource	The following resource was updated: AWS::Elasticsearch::Domain. AWS::Elasticsearch::Domain In the ElasticsearchClusterConfig property type: Use the `WarmCount` property to specify the number of warm nodes in the cluster. Use the `WarmEnabled` property to specify whether to enable warm storage for the cluster. Use the `WarmType` property to specify the instance type for the cluster's warm nodes.	October 22, 2020
New resources	The following resources were added: AWS::MediaPackage::Asset, AWS::MediaPackage::Channel, AWS::MediaPackage::OriginEndpoint, AWS::MediaPackage::PackagingConfiguration, and AWS::MediaPackage::PackagingGroup. AWS::MediaPackage::Asset. Use the `AWS::MediaPackage::Asset` to specify an asset to ingest VOD content. AWS::MediaPackage::Channel. Use the `AWS::MediaPackage::Channel` to specify a channel to receive content. AWS::MediaPackage::OriginEndpoint. Use the `AWS::MediaPackage::OriginEndpoint` to specify an endpoint on an AWS Elemental MediaPackage channel. AWS::MediaPackage::PackagingConfiguration. Use the `AWS::MediaPackage::PackagingConfiguration` to specify a packaging configuration in a packaging group. AWS::MediaPackage::PackagingGroup. Use the `AWS::MediaPackage::PackagingGroup` to specify a packaging group.	October 22, 2020
New resource	The following updated resource was added: `BlockPublicPolicy` AWS::SecretsManager::Resource Policies.BlockPublicPolicy Use the `BlockPublicPolicy` when adding resource policies to Secrets Manager.	October 22, 2020
Increased quotas	The following AWS CloudFormation quotas have been updated. You can now declare a maximum of `200` mappings in your AWS CloudFormation template. You can now declare a maximum of `200` mapping attributes for each mapping in your AWS CloudFormation template. You can now declare a maximum of `200` outputs in your AWS CloudFormation template. You can now declare a maximum of `200` parameters in your AWS CloudFormation template. You can now declare a maximum of `500` resources in your AWS CloudFormation template. You can now pass a template body with a maximum size of `1 MB` in an Amazon S3 object.	October 22, 2020
Updated resource	The following resource was updated: AWS::Synthetics::Canary. AWS::Synthetics::Canary The ArtifactConfig and S3Encryption parameters were added.	October 21, 2020
Updated resource	The following resource was updated: AWS::AmazonMQ::Broker. AWS::AmazonMQ::Broker Use the `LdapServerMetadata` property to to authenticate and authorize connections to a broker.	October 9, 2020
New resources	The following resources were added: AWS::CodeArtifact::Domain and AWS::CodeArtifact::Repository. AWS::CodeArtifact::Domain Use the `AWS::CodeArtifact::Domain` resource to create an AWS CodeArtifact domain. AWS::CodeArtifact::Repository Use the `AWS::CodeArtifact::Repository` resource to create an AWS CodeArtifact repository.	October 8, 2020
New resources	The following resources were added: AWS::Timestream::Table and AWS::Timestream::Database. AWS::Timestream::Table Use the `AWS::Timestream::Table` resource to create a new table in an existing database in Amazon Timestream. AWS::Timestream::Database Use the `AWS::Timestream::Database` resource to create a new database in Amazon Timestream.	October 8, 2020
Updated resources	The following resources were updated: AWS::ECS::Service. AWS::ECS::Service Use the `CapacityProviderStrategy` property to specify a custom capacity provider strategy when creating a service.	October 1, 2020
Updated resource	The following resource was updated: AWS::Batch::JobDefinition. These property types were added. LogConfiguration Use the LogConfiguration property type to specify the log configuration options to send to a custom log driver for the container. Secrets Use the Secrets property type to specify a secret to expose to the container. Tmpfs Use the Tmpfs property type to specify the details of a `tmpfs` mount. These property types were updated. ContainerProperties These properties were added. ExecutionRoleArn Specifies the execution role to be assumed for the job. LogConfiguration Specifies the log configuration for a custom log driver for the job. Secrets Specifies the secrets provided for the job. LinuxParameters These properties were added. InitProcessEnabled Indicates that an init process should be enabled inside the container that forwards signals and reaps processes. MaxSwap Specifies the total amount of swap memory (in MiB) a job can use. SharedMemorySize Specifies the size (in MiB) of the `/dev/shm` volume. Swappiness Specifies the job container's memory swappiness behavior. Tmpfs Specifies the details of the job's `tmpfs` mount.	October 1, 2020
Updated resource	The following resource was updated: AWS::CloudFront::CachePolicy. AWS::CloudFront::CachePolicy In the `AWS::CloudFront::CachePolicy` resource, some properties are now required that previously were not required. In the AWS::CloudFront::CachePolicy ParametersInCacheKeyAndForwardedToOrigin property type, use the `EnableAcceptEncodingBrotli` property to enable CloudFront to serve compressed objects to viewers that support the Brotli compression format. For more information, see Compression support in the Amazon CloudFront Developer Guide.	October 1, 2020
Updated resource	The following resource was updated to support specifying a custom CIDR for Kubernetes service IP address assignment: `AWS::EKS::Cluster`. `AWS::EKS::Cluster` Use the `KubernetesNetworkConfig` property to specify a Kubernetes network configuration. `AWS::EKS::Cluster KubernetesNetworkConfig` Use the `ServiceIpv4Cidr` property to specify the CIDR block that you want Kubernetes to assign service IP addresses from.	October 1, 2020
New resource	The following resource was added: `AWS::WorkSpaces::ConnectionAlias` AWS::WorkSpaces::ConnectionAlias Use the `AWS::WorkSpaces::ConnectionAlias` resource to specify a connection alias. Connection aliases are used for cross-Region redirection.	October 1, 2020
Drift detection for private resources	CloudFormation supports drift detection operations on an expanded list of AWS resources, as well as private resources that are defined as provisonable. In addition to the resources that previously supported drift detection, CloudFormation now supports drift detection on all resources defined as provisionable in the CloudFormation registry. For more information, see Resources that support import and drift detection operations.	October 1, 2020
Updated resource	The following resource was updated: `AWS::ApiGateway::DomainName`. AWS::ApiGateway::DomainName Use the `AWS::ApiGateway::DomainName` resource to configure mutual TLS authentication for an API.	September 17, 2020
Updated resource	The following resource was updated: `AWS::ApiGatewayV2::DomainName`. AWS::ApiGatewayV2::DomainName Use the `AWS::ApiGatewayV2::DomainName` resource to configure mutual TLS authentication for an API.	September 17, 2020
Updated resource	The following resource was updated: `AWS::ApiGatewayV2::Api`. AWS::ApiGatewayV2::Api Use the `AWS::ApiGatewayV2::Api` resource to disable the default endpoint for an HTTP API.	September 17, 2020
New resources	The following resources were added: AWS::AppFlow::Flow and AWS::AppFlow::ConnectorProfile. AWS::AppFlow::Flow Use the `AWS::AppFlow::Flow` resource to specify a new flow in Amazon AppFlow. AWS::AppFlow::ConnectorProfile Use the `AWS::AppFlow::ConnectorProfile` describe an instance of a connector in Amazon AppFlow.	September 17, 2020
New resource	The following resource was added: `AWS::CloudFormation::StackSet`. `AWS::CloudFormation::StackSet` Use the `AWS::CloudFormation::StackSet` resource to provision stacks into AWS accounts and across Regions by using a single CloudFormation template.	September 17, 2020
Updated resource	The following resource was updated: `AWS::ApiGatewayV2::Authorizer`. AWS::ApiGatewayV2::Authorizer Use the `AWS::ApiGatewayV2::Authorizer` resource to create a Lambda authorizer for an HTTP API.	September 10, 2020
Updated resource	The following resource was updated: AWS::CodeBuild::ReportGroup AWS::CodeBuild::ReportGroup Use the `DeleteReports` property to specify if any reports that belong to the report group should be deleted when the report group is deleted.	September 10, 2020
Updated resource	The following resource was updated: `AWS::StepFunctions::StateMachine`. AWS::StepFunctions::StateMachine The `AWS::StepFunctions::StateMachine` now supports X-Ray tracing. You can use the `TracingConfiguration` property to enable X-Ray tracing for your state machines.	September 10, 2020
New resources	The following resources were added: `AWS::SSO::Assignment`, `AWS::SSO::PermissionSet`. `AWS::SSO::Assignment` Use the `AWS::SSO::Assignment` resource to assign access to a principal for a specified AWS account using a specified permission set. `AWS::SSO::PermissionSet` Use the `AWS::SSO::PermissionSet` resource to create a permission set within a specified IAM Identity Center instance.	September 10, 2020
New resources	This is the first release of Amazon Kendra in AWS CloudFormation.	September 10, 2020
Update resource	The following resource was updated: AWS::CloudFront::Distribution. AWS::CloudFront::Distribution In the CacheBehavior and DefaultCacheBehavior property types, use the `RealtimeLogConfigArn` property to specify the Amazon Resource Name (ARN) of the real-time log configuration for the cache behavior. For more information, see Real-time logs in the Amazon CloudFront Developer Guide.	September 3, 2020
New resources	The following resources were added: AWS::CloudFront::CachePolicy, AWS::CloudFront::OriginRequestPolicy, and AWS::CloudFront::RealtimeLogConfig. AWS::CloudFront::CachePolicy Use the `AWS::CloudFront::CachePolicy` resource to create a new cache policy in Amazon CloudFront. AWS::CloudFront::OriginRequestPolicy Use the `AWS::CloudFront::OriginRequestPolicy` resource to create a new origin request policy in Amazon CloudFront. AWS::CloudFront::RealtimeLogConfig Use the `AWS::CloudFront::RealtimeLogConfig` resource to create a new real-time log configuration in Amazon CloudFront.	September 3, 2020
New resource	The following resource was added: AWS::CodeGuruReviewer::RepositoryAssociation AWS::CodeGuruReviewer::RepositoryAssociation The `AWS::CodeGuruReviewer::RepositoryAssociation` resource describes an associated repository that contains source code to be analyzed by AWS CodeGuru Reviewer. For more information, see RespositoryAssociation in the AWS CodeGuru Reviewer API Reference.	September 3, 2020
New resource	The following resource was added: `AWS::EKS::FargateProfile`. `AWS::EKS::FargateProfile` Use the `AWS::EKS::FargateProfile` resource to create an AWS Fargate profile.	September 3, 2020
Updated resource	The following resource was updated: `AWS::CodeCommit::Repository Code` AWS::CodeCommit::Repository Code Use the `BranchName` property to specify a branch name to be used as the default branch when importing code into a repository.	August 31, 2020
Updated resource	The following resource was updated: AWS::ServiceCatalog::CloudFormationProvisionedProduct. AWS::ServiceCatalog::CloudFormationProvisionedProduct The `PathName` property is now available as an alternative to `PathId`.	August 27, 2020
New resources	The following resources were added: AWS::GameLift::GameServerGroup AWS::GameLift::GameServerGroup Use the `AWS::GameLift::GameServerGroup` resource to create a GameLift FleetIQ game server group to run low-cost game hosting on your Amazon EC2 instances.	August 27, 2020
New resources	The following resources were added: `AWS::Route53Resolver::ResolverQueryLoggingConfig` and `AWS::Route53Resolver::ResolverQueryLoggingConfigAssociation`. AWS::Route53Resolver::ResolverQueryLoggingConfig Use the `AWS::Route53Resolver::ResolverQueryLoggingConfig` resource to specify settings for a query logging configuration. AWS::Route53Resolver::ResolverQueryLoggingConfigAssociation Use the `AWS::Route53Resolver::ResolverQueryLoggingConfigAssociation` resource to configure DNS query logging.	August 27, 2020
Updated resource	The following resource was updated: AWS::KMS::Key. AWS::KMS::Key Added a `KeyId` attribute to the return values.	August 26, 2020
Updated resource	The following resource was updated to support use of a launch template: `AWS::EKS::Nodegroup`. `AWS::EKS::Nodegroup` Use the `LaunchTemplate` property to specify a launch template specification that can be used to deploy or update a managed node group. If you use a launch template to deploy a node group, some settings that you normally set for a node group must be moved into the launch template. The text for affected settings has been updated to note that.	August 20, 2020
Updated resources	The following resources were updated: AWS::ECS::TaskDefinition. AWS::ECS::TaskDefinition Use the `EnvironmentFiles` property to specify a list of files containing the environment variables to pass to a container.	August 13, 2020
Updated resource	The following resource was updated: AWS::FSx::FileSystem AWS::FSx::FileSystem In the LustreConfiguration property type, use `DriveCacheType` to specify the type of drive cache used by `PERSISTENT_1` file systems that are provisioned with HDD storage devices.	August 13, 2020
Updated resource	The following resource was updated: AWS::Lambda::EventSourceMapping. AWS::Lambda::EventSourceMapping Use the `Topics` property to specify the Amazon MSK topics to stream to a Lambda function.	August 13, 2020
New resource	The following resource was added: AWS::ApplicationInsights::Application AWS::ApplicationInsights::Application Use the `AWS::ApplicationInsights::Application` resource to add an application that is created from a resource group.	August 13, 2020
New resource	The following resource was added: AWS::EC2::CarrierGateway. AWS::EC2::CarrierGateway Use the `CarrierGateway` resource to create a carrier gateway.	August 13, 2020
Updated permissions required for registering resource providers	Registering a resource provider in your account now requires you have permission to access the schema handler package uploaded to an S3 bucket for that resource provider. For more information, see Registering resource providers in CloudFormation.	August 7, 2020
Updated resource	The following resource was updated: AWS::CodeBuild::Project AWS::CodeBuild::Project Use the `BuildBatchConfig` property to specify configuration information for a batch build.	August 6, 2020
Updated resource	The following resource was updated: AWS::FSx::FileSystem AWS::FSx::FileSystem In the LustreConfiguration property type, `AutoImportPolicyType` was changed to `AutoImportPolicy`. Use `AutoImportPolicy` to configure your Amazon FSx for Lustre file system to automatically import metadata of objects that are added to or changed in your linked S3 bucket after file system creation.	August 6, 2020
Updated resources	The following resources were updated: AWS::ECS::TaskDefinition. AWS::ECS::TaskDefinition Use the `EFSVolumeConfiguration` property to specify an Amazon Elastic File System file system for task storage.	July 30, 2020
Updated resource	The following resource was updated: AWS::EC2::FlowLog. AWS::EC2::FlowLog Use the `LogFormat` property to specify the fields for the flow log record. Use the `MaxAggregationInterval` property to specify the maximum interval for capturing and aggregating flows. Use the `Tags` property to specify tags for the flow log.	July 30, 2020
Updated resource	The following resource was updated: AWS::GroundStation::DataflowEndpointGroup. MTU property The `MTU` property sets the maximum transmission unit used for a dataflow endpoint.	July 30, 2020
New resources	The following resources were added: AWS::AppMesh::VirtualGateway and AWS::AppMesh::GatewayRoute AWS::AppMesh::VirtualGateway Use the `AWS::AppMesh::VirtualGateway` resource to create a virtual gateway that allows resources outside of your mesh to communicate to resources that are inside of your mesh. AWS::AppMesh::GatewayRoute Use the `AWS::AppMesh::GatewayRoute` resource to create a gateway route that routes traffic to a virtual service.	July 30, 2020
New resources	The following resource was added: AWS::SageMaker::MonitoringSchedule AWS::SageMaker::MonitoringSchedule Use the `AWS::SageMaker::MonitoringSchedule` resource to create a monitoring schedule to regularly start an Amazon SageMaker processing job to monitor the data captured for a SageMaker endpoint.	July 30, 2020
New property	The following properties were added: `AWS::CodeGuruProfiler::ProfilingGroup.AnomalyDetectionNotificationConfiguration` and `AWS::CodeGuruProfiler::ProfilingGroup.Tags`. AWS::CodeGuruProfiler::ProfilingGroup.AnomalyDetectionNotificationConfiguration Use the `AWS::CodeGuruProfiler::ProfilingGroup.AnomalyDetectionNotificationConfiguration` property to configure notifications for your profiling group. AWS::CodeGuruProfiler::ProfilingGroup.Tags Use the `AWS::CodeGuruProfiler::ProfilingGroup.Tags` property to add tags to a profiling group.	July 30, 2020
Updated resources	The following resources were updated: AWS::WAFv2::WebACL and AWS::WAFv2::RuleGroup. AWS::WAFv2::WebACL Rule statements that use IP addresses now support using IP addresses that are forwarded in an HTTP header in the web request, instead of using the IP address that's reported by the web request origin. This option is available for all rule statements that use an IP address: `GeoMatchStatement`, `RateBasedStatement`, and `IPSetReferenceStatement`. The following new properties support this functionality: `IPSetForwardedIPConfiguration` and `ForwardedIPConfiguration`. AWS::WAFv2::RuleGroup Rule statements that use IP addresses now support using IP addresses that are forwarded in an HTTP header in the web request, instead of using the IP address that's reported by the web request origin. This option is available for all rule statements that use an IP address: `GeoMatchStatement`, `RateBasedStatement`, and `IPSetReferenceStatement`. The following new properties support this functionality: `IPSetForwardedIPConfiguration` and `ForwardedIPConfiguration`.	July 23, 2020
Updated resource	The following resource was updated: AWS::EFS::FileSystem AWS::EFS::FileSystem Use the `BackupPolicy` property to turn automatic backups on or off for your Amazon EFS file system.	July 23, 2020
Updated resource	The following resource was updated: AWS::CloudFront::Distribution. AWS::CloudFront::Distribution In the CacheBehavior and DefaultCacheBehavior property types: Use the `CachePolicyId` property to specify the ID of the cache policy for the cache behavior. Use the `OriginRequestPolicyId` property to specify the ID of the origin request policy for the cache behavior. For more information, see Working with policies in the Amazon CloudFront Developer Guide.	July 23, 2020
Updated resource	The following resource was updated: AWS::CodeStarConnections::Connection AWS::CodeStarConnections::Connection Use the `HostArn` property to specify the host associated with connections you want to make to an installed provider.	July 23, 2020
Updated resource	The following resource was updated: AWS::FSx::FileSystem AWS::FSx::FileSystem In the LustreConfiguration property type, use `AutoImportPolicyType` to configure how FSx imports new files and file changes in the linked data repository into the file system.	July 23, 2020
Updated resource	The following resource was updated: EndpointConfig AWS::SageMaker::EndpointConfig Use the `CaptureContentTypeHeader` property to specify content types (JSON and/or CSV) to capture. Use the `CaptureOption` property to specify whether to capture input data, output data, or both. Use the `DataCaptureConfig` resource/property to configure how the endpoint captures data.	July 23, 2020
New resource	The following resource was added: AWS::SecretsManager::RotationSchedule.HostedRotationLambda. AWS::SecretsManager::RotationSchedule Use the `HostedRotationLambda` property type to create a rotation Lambda.	July 23, 2020
Updated resource	The following resource was updated: AWS::Amplify::App AWS::Amplify::App Use the `EnableBranchAutoDeletion` property to automatically disconnect a branch in the Amplify Console when you delete a branch from your Git repository.	July 9, 2020
Updated resource	The following resource was updated: AWS::Amplify::Domain AWS::Amplify::Domain Use the `AutoSubDomainCreationPatterns` property to set branch patterns for automatic subdomain creation. Use the `AutoSubDomainIAMRole` property to specify the required AWS Identity and Access Management (IAM) service role for the Amazon Resource Name (ARN) for automatically creating subdomains. Use the `EnableAutoSubDomain` property to enable the automated creation of subdomains for branches.	July 9, 2020
Updated resource	The following resource was updated: AWS::Synthetics::Canary. AWS::Synthetics::Canary The MemoryInMB parameter was added. Also, the RunConfig parameter is no longer required, and DurationInSeconds is no longer required.	July 9, 2020
Updated resource	The following resource was updated: AWS::ElasticLoadBalancingV2::Listener. AWS::ElasticLoadBalancingV2::Listener Use the `AlpnPolicy` property to specify the name of the Application-Layer Protocol Negotiation (ALPN) policy for TLS listeners.	July 9, 2020
Updated resource	The following resource was updated: AWS::FSx::FileSystem AWS::FSx::FileSystem The `StorageCapacity` property has changed so that an update requires no interruption. In the WindowsConfiguration property type, the `ThroughputCapacity` property has changed so that an update requires no interruption. In the LustreConfiguration property type: Use the `DailyAutomaticBackupStartTime` property to specify the time that the daily automatic backup window starts. Use the `CopyTagsToBackups` boolean property to copy file system tags to its backups. Use the `AutomaticBackupRetentionDays` property to set the number of days to retain file system backups.	July 9, 2020
Updated resource	The following resource was updated: AWS::ServiceCatalog::CloudFormationProvisionedProduct. AWS::ServiceCatalog::CloudFormationProvisionedProduct Use the `Outputs` property to view the output of the product you are provisioning.	July 9, 2020
New resource	The following resource was added: AWS::Athena::DataCatalog AWS::Athena::DataCatalog Use the `AWS::Athena::DataCatalog` resource to register external data sources with Athena.	July 9, 2020
New resource	The following resource was added: AWS::EC2::PrefixList. AWS::EC2::PrefixList Use the `PrefixList` resource to create a prefix list.	July 9, 2020
New resource	The following resource was added: AWS::QLDB::Stream AWS::QLDB::Stream Use the `AWS::QLDB::Stream` resource to specify a new journal stream for a given Amazon Quantum Ledger Database (Amazon QLDB) ledger.	July 9, 2020
New property	The following property was added to AWS::CodeBuild::Project Source: BuildStatusConfig AWS::CodeBuild::Project Source Use the `buildStatusConfig` property to specify build status information to the source provider.	July 9, 2020
New property	The following resource was added: `AWS::CodeGuruProfiler::ProfilingGroup.ComputePlatform`. AWS::CodeGuruProfiler::ProfilingGroup.ComputePlatform Use `AWS::CodeGuruProfiler::ProfilingGroup.ComputePlatform` to specify the compute platform of the profiling group.	July 9, 2020
Updated resource	The following resource was updated: AWS::Events::Rule. AWS::Events::Rule In the Target property type, use the `HttpParameters` property to specify the HTTP parameters to use when the target is a API Gateway REST endpoint.	July 6, 2020
Updated resource	The following resource was updated: AWS::ApplicationAutoScaling::ScalableTarget. AWS::ApplicationAutoScaling::ScalableTarget In the ScheduledAction property type, use the `Timezone` property to create scheduled actions in the local time zone. If your time zone observes Daylight Saving Time (DST), it automatically adjusts for Daylight Saving Time.	July 1, 2020
New resource	The following resource was added: AWS::AppConfig::HostedConfigurationVersion AWS::AppConfig::HostedConfigurationVersion This resource lets you create a new configuration in the AWS AppConfig hosted configuration store.	June 25, 2020
Updated resources	The following resources were updated: `AWS::ServiceDiscovery::HttpNamespace`, `AWS::ServiceDiscovery::PrivateDnsNamespace`, `AWS::ServiceDiscovery::PublicDnsNamespace`, `AWS::ServiceDiscovery::Service`. AWS::ServiceDiscovery::HttpNamespace Use the `Tags` property to add tag keys and values to an AWS Cloud Map HTTP namespace. AWS::ServiceDiscovery::PrivateDnsNamespace Use the `Tags` property to add tag keys and values to an AWS Cloud Map private DNS namespace. AWS::ServiceDiscovery::PublicDnsNamespace Use the `Tags` property to add tag keys and values to an AWS Cloud Map public DNS namespace. AWS::ServiceDiscovery::Service Use the `Tags` property to add tag keys and values to an AWS Cloud Map service.	June 22, 2020
Updated resources	The following resources were updated: AWS::ECS::Cluster. AWS::ECS::Cluster Use the `CapacityProviderStrategyItem` property to specify the capacity provider strategy when creating a cluster.	June 18, 2020
Updated resource	The following resources were updated: AWS::FMS::Policy IEMap. AWS::FMS::Policy IEMap The `AWS::FMS::Policy IEMap` resource now allows you to specify accounts using AWS Organizations organizational units (OUs), in addition to account IDs.	June 18, 2020
New resources	The following resources were added: AWS::ECS::CapacityProvider. AWS::ECS::CapacityProvider Use the `AWS::ECS::CapacityProvider` resource to create a new capacity provider.	June 18, 2020
Updated resource	The following resource was updated: AWS::EFS::FileSystem AWS::EFS::FileSystem Use the `FileSystemPolicy` property to create a new resource policy to control NFS access to your Amazon EFS file system.	June 16, 2020
Updated resource	The following resource was updated: AWS::EFS::AccessPoint AWS::EFS::AccessPoint Fn::GetAtt now returns the `AccessPointId` and `Arn` attributes.	June 16, 2020
Updated resource	The following resource was updated: AWS::Lambda::Function. AWS::Lambda::Function Use the `FileSystemConfigs` property to specify connection settings for an Amazon EFS file system.	June 16, 2020
Updated resources	The following resource was updated: AWS::EC2::Volume. AWS::EC2::Volume Use the `OutpostArn` property to specify the Amazon Resource Name (ARN) of the Outpost.	June 11, 2020
Updated resource	The following resource was updated: AWS::CertificateManager::Certificate AWS::CertificateManager::Certificate Use the `CertificateAuthorityArn` property to specify the Amazon Resource Name (ARN) of the private certificate authority (CA) that will be used to issue the certificate. Use the `CertificateTransparencyLoggingPreference` property to enable or disable certificate transparency logging.	June 11, 2020
Updated resource	The following resource was updated: AWS::CloudFront::Distribution. AWS::CloudFront::Distribution In the Origin property type, use the `ConnectionAttempts` property to specify the number of times that CloudFront attempts to connect to the origin. In the Origin property type, use the `ConnectionTimeout` property to specify the number of seconds that CloudFront waits when trying to establish a connection to the origin.	June 11, 2020
Updated resource	The following resource was updated: AWS::ElasticLoadBalancingV2::LoadBalancer. AWS::ElasticLoadBalancingV2::LoadBalancer Use the `SubnetMapping` attribute to specify a subnet to attach to a load balancer.	June 11, 2020
Updated resource	The following resource was updated: `AWS::ElastiCache::ReplicationGroup.` `AWS::ElastiCache::ReplicationGroup` Use the `MultiAZEnabled` attribute to indicate if you have Multi-AZ enabled.	June 11, 2020
New resource	The following resources were added: AWS::RDS::DBProxy and AWS::RDS::DBProxyTargetGroup. AWS::RDS::DBProxy Use the `AWS::RDS::DBProxy` resource to create or update a DB proxy. Use the `AWS::RDS::DBProxyTargetGroup` resource to specify a set of RDS DB instances, Aurora DB clusters, or both that a proxy can connect to.	June 4, 2020
Resource import supports provisionable private resource types	Import operations now support private resource types that are provisionable; that is, whose provisioning type is either `FULLY_MUTABLE` or `IMMUTABLE`. For more information, see Resources that support import operations.	June 3, 2020
New property	The following property was added: `AWS::CodeGuruProfiler::ProfilingGroup.AgentPermissions`. AWS::CodeGuruProfiler::ProfilingGroup.AgentPermissions The `AWS::CodeGuruProfiler::ProfilingGroup.AgentPermissions` property shows the agent permissions attached to this profiling group.	June 3, 2020
Updated resource	The following resource was updated: AWS::EC2::ClientVpnEndpoint AWS::EC2::ClientVpnEndpoint ClientAuthenticationRequest Use the `FederatedAuthentication` property to specify an IAM SAML identity provider for your Client VPN endpoint.	May 28, 2020
Updated resource	The following resource was updated: AWS::CodeBuild::ReportGroup AWS::CodeBuild::ReportGroup Use the `tags` property to specify the name and value of any tags that you want supporting AWS services to use for a report group.	May 21, 2020
Updated resource	The following resource was updated: `AWS::StepFunctions::StateMachine`. AWS::StepFunctions::StateMachine The `AWS::StepFunctions::StateMachine` has two new properties. You can use the `DefinitionS3Location` property to reference a state machine JSON definition file stored in an S3 bucket. You can use the `DefinitionSubstitutions` property to pass variables into the state machine definition file referenced by `DefinitionS3Location`.	May 21, 2020
Updated resource	The following resource was updated: `AWS::SSM::Parameter` AWS::SSM::Parameter When you create a `String` parameter, you can now specify a DataType value as `aws:ec2:image` to ensure that the parameter value you enter is a valid Amazon Machine Image (AMI) ID format. Support for AMI ID formats lets you avoid updating all your scripts and templates with a new ID each time the AMI that you want to use in your processes changes. You can create a parameter with the data type `aws:ec2:image`, and for its value, enter the ID of an AMI. This is the AMI from which you currently want new instances to be created. You then reference this parameter in your templates and commands. When you’re ready to use a different AMI, update the parameter value. Parameter Store validates the new AMI ID, and you don’t need to update your scripts and templates.	May 21, 2020
ECS blue/green deployments through CodeDeploy	You can now use CloudFormation to perform ECS blue/green deployments through CodeDeploy. Blue/green deployments are a safe deployment strategy provided by AWS CodeDeploy for minimizing interruptions caused by changing application versions. For more information, see Performing ECS blue/green deployments through CodeDeploy using AWS CloudFormation.	May 19, 2020
AWS CloudFormation StackSets Region availability	AWS CloudFormation StackSets is now available in the AWS GovCloud (US-West) Region.	May 18, 2020
Updated resource	The following resource was updated: AWS::Synthetics::Canary. AWS::Synthetics::Canary The RunConfig parameter is required.	May 14, 2020
Updated resource	The following resource was updated: AWS::CodeStarConnections::Connection AWS::CodeStarConnections::Connection Use the `Tags` property to specify the tags applied to your connections resource.	May 14, 2020
Updated resource	The following resource was updated: AWS::ServiceCatalog::CloudFormationProduct. AWS::ServiceCatalog::CloudFormationProduct Use the `ReplaceProvisioningArtifacts` property to choose whether provisioning artifact identifiers are replaced when you update a product.	May 14, 2020
New resources	The following resources were added: AWS::GlobalAccelerator::Accelerator, AWS::GlobalAccelerator::EndpointGroup, and AWS::GlobalAccelerator::Listener AWS::GlobalAccelerator::Accelerator Use the `AWS::GlobalAccelerator::Accelerator` resource to create or update an accelerator for AWS Global Accelerator. AWS::GlobalAccelerator::EndpointGroup Use the `AWS::GlobalAccelerator::EndpointGroup` resource to create or update an endpoint group for AWS Global Accelerator. AWS::GlobalAccelerator::Listener Use the `AWS::GlobalAccelerator::Listener` resource to create or update a listener for AWS Global Accelerator.	May 14, 2020
New resources	The following resources were added: `AWS::Macie::CustomDataIdentifier`, `AWS::Macie::FindingsFilter`, and `AWS::Macie::Session` AWS::Macie::CustomDataIdentifier Use the `AWS::Macie::CustomDataIdentifier` resource to create a custom data identifier in Amazon Macie. AWS::Macie::FindingsFilter Use the `AWS::Macie::FindingsFilter` resource to create a custom filter for findings in Amazon Macie. AWS::Macie::Session Use the `AWS::Macie::Session` resource to enable Amazon Macie.	May 14, 2020
Updated resource	The following resource was updated: AWS::IoTEvents::DetectorModel. AWS::IoTEvents::DetectorModel Added the following properties: `AssetPropertyTimestamp`, `AssetPropertyValue`, `AssetPropertyVariant`, `DynamoDB`, `DynamoDBv2`, `IotSiteWise`, and `Payload`. Updated the following property: `SetTimer`.	May 7, 2020
Updated resource	The following resource was updated: `AWS::SSM::Association` AWS::SSM::Association Use the `WaitForSuccessTimeoutSeconds` property to specify the number of seconds the service should wait for the association status to show "Success" before proceeding with the stack execution. If the association status doesn't show "Success" after the specified number of seconds, then stack creation fails.	May 7, 2020
New resource	The following resource was added: AWS::ImageBuilder::Image. AWS::ImageBuilder::Image Use the `AWS::ImageBuilder::Image` resource to create an image in the Image Builder service.	May 7, 2020
Updated resource	The following resource was updated: AWS::Synthetics::Canary. AWS::Synthetics::Canary Use the `Name` property to specify the name for this canary.	April 30, 2020
New resource	The following resource was added: `AWS::EventSchemas::RegistryPolicy`. AWS::EventSchemas::RegistryPolicy Use the `AWS::EventSchemas::RegistryPolicy` resource to specify a resource-based policy associated with a schema registry.	April 30, 2020
Updated resource	The following resource was updated: AWS::FSx::FileSystem AWS::FSx::FileSystem Use the `LustreMountName` attribute when mounting an Amazon FSx for Lustre file system.	April 23, 2020
New resources	The following resources were added: AWS::ImageBuilder::Component, AWS::ImageBuilder::DistributionConfiguration, AWS::ImageBuilder::ImagePipeline, AWS::ImageBuilder::ImageRecipe, and AWS::ImageBuilder::InfrastructureConfiguration. AWS::ImageBuilder::Component Use the `AWS::ImageBuilder::Component` resource to create a component in the Image Builder service. AWS::ImageBuilder::DistributionConfiguration Use the `AWS::ImageBuilder::DistributionConfiguration` resource to create a distribution configuration in the Image Builder service. AWS::ImageBuilder::ImagePipeline Use the `AWS::ImageBuilder::ImagePipeline` resource to create an image pipeline in the Image Builder service. AWS::ImageBuilder::ImageRecipe Use the `AWS::ImageBuilder::ImageRecipe` resource to create an image recipe in the Image Builder service. AWS::ImageBuilder::InfrastructureConfiguration Use the `AWS::ImageBuilder::InfrastructureConfiguration` resource to create an infrastructure configuration in the Image Builder service.	April 23, 2020
New resource	The following resource was added: AWS::Synthetics::Canary. AWS::Synthetics::Canary Use the `AWS::Synthetics::Canary` resource to create a canary. Canaries are configurable scripts that run on a schedule and monitor your endpoints and APIs. By using canaries, you can discover issues before your customers do.	April 23, 2020
New resource	The following resource was added: AWS::CE::CostCategory AWS::CE::CostCategory Use the `AWS::CE::CostCategory` resource to create groupings of costs that you can use across products in the AWS Billing and Cost Management console.	April 23, 2020
Updated resource	The following resource was updated: AWS::Glue::DevEndpoint AWS::Glue::DevEndpoint Use the `PublicKeys` property to specify a list of public keys to be used by a development endpoint for authentication.	April 16, 2020
Updated resource	The following resource was updated: AWS::Glue::MLTransform AWS::Glue::MLTransform Use the `Tags` property to specify the AWS resource tags to use to manage access to a machine learning transform.	April 16, 2020
New resource	The following resource was added: AWS::ResourceGroups::Group AWS::ResourceGroups::Group Use the `AWS::ResourceGroups::Group` resource to create a resource group with the specified name, description, and resource query.	April 16, 2020
Updated resource	The following resource was updated: AWS::CloudWatch::InsightRule. AWS::CloudWatch::InsightRule The AWS::CloudWatch::InsightRule resource now supports tags. Use the AWS::CloudWatch::InsightRule resource to create Contributor Insights rules. For more information, see Using Contributor Insights to Analyze High-Cardinality Data.	April 2, 2020
Updated resource	The following resource was updated: AWS::FSx::FileSystem AWS::FSx::FileSystem Use the `StorageType` property to specify the type of storage for the file system, either solid state drive, `SSD` or hard disk drive, `HDD`. In the WindowsConfiguration property type, use the `DeploymentType` property to specify a new Amazon FSx for Windows File Server file system deployment type, `SINGLE_AZ_2`, the latest generation of Single-AZ file systems.	April 2, 2020
Updated resource	The following resource was updated: AWS::ServiceCatalog::LaunchRoleConstraint. AWS::ServiceCatalog::LaunchRoleConstraint Use the `LocalRoleName` property to specify an IAM role to use when an account uses a launch constraint.	April 2, 2020
Updated resource	The following resource was updated: `AWS::ApiGatewayV2::Integration`. AWS::ApiGatewayV2::Integration Use the `AWS::ApiGatewayV2::Integration` resource to create a private integration for an HTTP API.	March 26, 2020
Updated resource	The following resource was updated: AWS::Cognito::UserPool AWS::Cognito::UserPool Use the `UsernameConfiguration` property to set case sensitivity on the username input for the selected sign-in option.	March 26, 2020
Updated resource	The following resource was updated: AWS::EC2::Volume AWS::EC2::Volume Use the `MultiAttachEnabled` property to indicate whether Amazon EBS Multi-Attach is enabled.	March 26, 2020
Updated resource	The following resource was updated: AWS::AutoScaling::AutoScalingGroup. AWS::AutoScaling::AutoScalingGroup Use the `MaxInstanceLifetime` property to specify the maximum amount of time, in seconds, that an instance can be in service.	March 26, 2020
Updated resource	The following resource was updated: AWS::RDS::DBInstance AWS::RDS::DBInstance The `AWS::RDS::DBInstance` resource now supports Read Replica across multiple Availability Zone deployments.	March 26, 2020
New resources	The following resources were added: AWS::Detective::Graph and AWS::Detective::MemberInvitation AWS::Detective::Graph Use the `AWS::Detective::Graph` resource to specify a Detective behavior graph. AWS::Detective::MemberInvitation Use the `AWS::Detective::MemberInvitation` resource to send an invitation to join a Detective behavior graph.	March 26, 2020
Updated resource	The following resource was updated: AWS::EC2::ClientVpnEndpoint. AWS::EC2::ClientVpnEndpoint Use the `VpcId` and `SecurityGroupIds` properties to assign security groups to your Client VPN endpoint.	March 19, 2020
New resources	The following resources were added: AWS::NetworkManager::CustomerGatewayAssociation, AWS::NetworkManager::Device, AWS::NetworkManager::GlobalNetwork, AWS::NetworkManager::Link, AWS::NetworkManager::LinkAssociation, AWS::NetworkManager::Site, and AWS::NetworkManager::TransitGatewayRegistration AWS::NetworkManager::CustomerGatewayAssociation Use the `AWS::NetworkManager::CustomerGatewayAssociation` resource to specify an association between a customer gateway, device, and link. AWS::NetworkManager::Device Use the `AWS::NetworkManager::Device` resource to specify a device in a global network. AWS::NetworkManager::GlobalNetwork Use the `AWS::NetworkManager::GlobalNetwork` resource to specify a global network. AWS::NetworkManager::Link Use the `AWS::NetworkManager::Link` resource to specify a link for a site. AWS::NetworkManager::LinkAssociation Use the `AWS::NetworkManager::LinkAssociation` resource to specify an association between a device and a link. AWS::NetworkManager::Site Use the `AWS::NetworkManager::Site` resource to specify a site in a global network. AWS::NetworkManager::TransitGatewayRegistration Use the `AWS::NetworkManager::TransitGatewayRegistration` resource to specify the registration of a transit gateway in a global network.	March 19, 2020
New resource	The following resource was added: `AWS::CodeGuruProfiler::ProfilingGroup`. AWS::CodeGuruProfiler::ProfilingGroup Use the `AWS::CodeGuruProfiler::ProfilingGroup` resource to create a profiling group.	March 19, 2020
New resources	The following resources were added: `AWS::Cassandra::Keyspace` and `AWS::Cassandra::Table`. AWS::Cassandra::Keyspace Use the `AWS::Cassandra::Keyspace` resource to create a new keyspace in Amazon Keyspaces (for Apache Cassandra). AWS::Cassandra::Table Use the `AWS::Cassandra::Table` resource to create a new table in Amazon Keyspaces (for Apache Cassandra).	March 16, 2020
Updated resource	The following resources were updated: AWS::AppMesh::VirtualNode, AWS::AppMesh::VirtualRouter, AWS::AppMesh::VirtualService, and AWS::AppMesh::Route AWS::AppMesh::VirtualNode Use the `MeshOwner` property to specify the account ID that owns a shared mesh. AWS::AppMesh::Route Use the `MeshOwner` property to specify the account ID that owns a shared mesh. AWS::AppMesh::VirtualRouter Use the `MeshOwner` property to specify the account ID that owns a shared mesh. AWS::AppMesh::VirtualService Use the `MeshOwner` property to specify the account ID that owns a shared mesh.	March 12, 2020
New and updated resources	The following resources were added or updated: `AWS::ApiGatewayV2::ApiGatewayManagedOverrides`, `AWS::ApiGatewayV2::Integration`, and `AWS::ApiGatewayV2::VpcLink`. AWS::ApiGatewayV2::ApiGatewayManagedOverrides Use the `AWS::ApiGatewayV2::ApiGatewayManagedOverrides` resource to override the default properties of API Gateway managed resources. AWS::ApiGatewayV2::Integration Use the `AWS::ApiGatewayV2::Integration` resource to create a private integration for an HTTP API. AWS::ApiGatewayV2::VpcLink Use the `AWS::ApiGatewayV2::VpcLink` resource to create a VPC link for an HTTP API.	March 12, 2020
Updated resources	The following resources were updated: AWS::Greengrass::ResourceDefinition and AWS::Greengrass::ResourceDefinitionVersion AWS::Greengrass::ResourceDefinition In the S3MachineLearningModelResourceData property type that defines a resource instance, use the `OwnerSetting` property to specify the Linux OS group owner and permissions for the downloaded machine learning resource. In the SageMakerMachineLearningModelResourceData property type that defines a resource instance, use the `OwnerSetting` property to specify the Linux OS group owner and permissions for the downloaded machine learning resource. AWS::Greengrass::ResourceDefinitionVersion In the S3MachineLearningModelResourceData property type that defines a resource instance, use the `OwnerSetting` property to specify the Linux OS group owner and permissions for the downloaded machine learning resource. In the SageMakerMachineLearningModelResourceData property type that defines a resource instance, use the `OwnerSetting` property to specify the Linux OS group owner and permissions for the downloaded machine learning resource.	March 9, 2020
Updated resource	The following resource was updated: AWS::CloudFront::Distribution. AWS::CloudFront::Distribution In the DistributionConfig property type, use the `OriginGroups` property to specify information about origin groups for this distribution.	March 5, 2020
Updated resource	The following resource was updated to support envelope encryption of secrets with AWS Key Management Service: `AWS::EKS::Cluster` `AWS::EKS::Cluster EncryptionConfig` Use the `AWS::EKS::Cluster EncryptionConfig` property to specify the encryption configuration for an Amazon EKS cluster. `AWS::EKS::Cluster Provider` Use the `AWS::EKS::Cluster Provider` property to specify the AWS Key Management Service customer master key (CMK) used to encrypt the secrets for an Amazon EKS cluster.	March 5, 2020
New resource	The following resource was added: AWS::Athena::WorkGroup AWS::Athena::WorkGroup Use the `AWS::Athena::WorkGroup` resource to separate users, teams, applications, or workloads, set limits on the amount of data the workgroup or its queries can process, and track costs.	March 5, 2020
New resource	The following resource was added: AWS::Chatbot::SlackChannelConfiguration AWS::Chatbot::SlackChannelConfiguration Use the `AWS::Chatbot::SlackChannelConfiguration` resource to configure a Slack channel with AWS Chatbot.	March 5, 2020
New resource	The following resource was added: AWS::CodeStarConnections::Connection AWS::CodeStarConnections::Connection Use the `AWS::CodeStarConnections::Connection` resource to specify Connection.	March 5, 2020
New resource	The following resource was added: AWS::CloudWatch::CompositeAlarm. AWS::CloudWatch::CompositeAlarm Use the `AWS::CloudWatch::CompositeAlarm` property to create a composite alarm. Composite alarms evaluate their alarm state based on the alarm states of other CloudWatchrules.	March 2, 2020
Updated resource	The following resource was updated: AWS::AppMesh::VirtualNode AWS::AppMesh::VirtualNode Use the `BackendDefaults` property to specify a client policy for a backend. Use the `ClientPolicy` property to specify a client policy. Use the `ClientPolicyTls` property to specify a Transport Layer Security (TLS) client policy. Use the `ListenerTls` property to specify a TLS listener. Use the `ListenerTlsCertificate` property to specify the type of certificate to use for a client policy. Use the `ListenerTlsAcmCertificate` property to specify an AWS Certificate Manager certificate. Use the `ListenerTlsFileCertificate` property to specify properties of a local file certificate. Use the `TlsValidationContext` property to specify a TLS validation context trust. Use the `TlsValidationContextAcmTrust` property to specify a context trust for an AWS Certificate Manager certificate. Use the `TlsValidationContextFileTrust` property to specify a file that contains the certificate trust chain for a local file certificate. Use the `TlsValidationContextTrust` property to specify a TLS validation context trust. Use the `VirtualNodeSpec` property to specify `BackendDefaults`. Use the `Listener` property to specify a `ListenerTls`.	February 27, 2020
Updated resource	The following resource was updated: AWS::FSx::FileSystem AWS::FSx::FileSystem In the LustreConfiguration property type: Use the `DeploymentType` property to specify the Amazon FSx for Lustre file system deployment type, either `PERSISTENT_1`, `SCRATCH_2`, or `SCRATCH_1`. Use the `PerUnitStorageThroughput` property to specify the throughput in MB/s/TiB for a `PERSISTENT_1` Amazon FSx for Lustre file system deployment type.	February 27, 2020
New resources	The following resources were added: AWS::GroundStation::Config, AWS::GroundStation::DataflowEndpointGroup, and AWS::GroundStation::MissionProfile AWS::GroundStation::Config Use the `AWS::GroundStation::Config` resource to specify a Config with the specified parameters. AWS::GroundStation::DataflowEndpointGroup Use the `AWS::GroundStation::DataflowEndpointGroup` resource to specify a Dataflow Endpoint Group request. AWS::GroundStation::MissionProfile Use the `AWS::GroundStation::MissionProfile` resource to specify parameters and provide references to config objects to define how Ground Station lists and executes contacts.	February 27, 2020
Updated resource	The following resources was updated: AWS::CodeBuild::Project AWS::CodeBuild::Project Use the `ProjectFileSystemLocation` property to specify a file system that your AWS CodeBuild build project mounts. You use Amazon Elastic File System (EFS) to create the file system. For more information, see Amazon Elastic File System Sample for CodeBuild.	February 20, 2020
Updated resource	The following resource was updated: AWS::Neptune::DBCluster AWS::Neptune::DBCluster Use the `DeletionProtection` property to help prevent inadvertent deletion of your DB cluster. Use the `EngineVersion` property to specify the engine version that your new DB cluster will use. Warning When you change this parameter for an existing DB cluster, CloudFormation will replace your existing DB cluster with a new, empty one that uses the engine version you specified.	February 18, 2020
New resources	The following resources were added: AWS::EC2::LocalGatewayRoute and AWS::EC2::LocalGatewayRouteTableVPCAssociation. AWS::EC2::LocalGatewayRoute Use the `LocalGatewayRoute` resource to associate the specified VPC with the specified local gateway route table. AWS::EC2::LocalGatewayRouteTableVPCAssociation Use the `LocalGatewayRouteTableVPCAssociation` resource to associate the specified VPC with the specified local gateway route table.	February 14, 2020
Updated resources	The following resource were updated: AWS::ElasticLoadBalancingV2::Listener and AWS::ElasticLoadBalancingV2::ListenerRule AWS::ElasticLoadBalancingV2::Listener In the Action property type, use the `ForwardConfig` property to specify an action that distributes requests among one or more target groups. AWS::ElasticLoadBalancingV2::ListenerRule In the Action property type, use the `ForwardConfig` property to specify an action that distributes requests among one or more target groups.	February 13, 2020
New resource	The following resource was added: AWS::Config::ConformancePack AWS::Config::ConformancePack Use the `AWS::Config::ConformancePack` resource to create a Conformance Pack that is a collection of AWS rules that can be easily deployed in an account and a region and across AWS Organizations.	February 13, 2020
New resource	The following resource was added: AWS::Config::OrganizationConformancePack AWS::Config::OrganizationConformancePack Use the `AWS::Config::OrganizationConformancePack` resource to create an OrganizationConformancePack that has information about conformance packs that AWS Config creates in the member accounts.	February 13, 2020
New resource	The following resources were added: AWS::FMS::NotificationChannel and AWS::FMS::Policy. AWS::FMS::NotificationChannel Use the `AWS::FMS::NotificationChannel` resource to designate the IAM role and Amazon Simple Notification Service (SNS) topic that AWS Firewall Manager uses to record SNS logs. AWS::FMS::Policy Use the `AWS::FMS::Policy` resource to specify an AWS Firewall Manager policy.	February 13, 2020
AWS CloudFormation StackSets integrates with AWS Organizations	Use StackSets to centrally manage deployments to all the accounts in your organization or specific organizational units (OUs) in AWS Organizations. You can enable automatic deployments to any new accounts added to your organization or OUs. The permissions needed to deploy across accounts will automatically be handled by StackSets. For more information, see Working with AWS CloudFormation StackSets.	February 11, 2020
Updated resources	The following resources were updated: AWS::EC2::LaunchTemplate and AWS::EC2::ClientVpnEndpoint AWS::EC2::LaunchTemplate Use the `MetadataOptions` property to configure the Instance Metadata Service (IMDS) for the instance. Use the `HostResourceGroupArn` property to specify the ARN of the host resource group in which to launch the instances. Use the `PartitionNumber` property to specify a target partition in a partition placement group. Use the `LaunchTemplateElasticInferenceAccelerator` property to specify the number of elastic inference accelerators to attach to the instance. AWS::EC2::ClientVpnEndpoint Use the `VpnPort` property to assign a port number for TCP and UDP traffic.	February 6, 2020
Updated resource	The following resource was updated: AWS::AppSync::GraphQLApi. AWS::AppSync::GraphQLApi When the property `XrayEnabled` is set to `TRUE`, X-Ray tracing is enabled for this `GraphqlApi`.	February 6, 2020
Updated resource	The following resource was updated: AWS::Cognito::UserPool AWS::Cognito::UserPool Added `AccountRecoverySetting` parameter to define which verified available method a user can use to recover their password.	February 6, 2020
Updated resource	The following resource was updated: `AWS::OpsWorksCM::Server` `AWS::OpsWorksCM::Server` Use the `Tags` property to add tag keys and values to an AWS OpsWorks for Chef Automate or OpsWorks for Puppet Enterprise server.	February 6, 2020
New resource	The following resource was added: AWS::WAFv2::WebACLAssociation. AWS WAFv2 Use the web ACL association to define an association between a web ACL and a regional application resource, to protect the resource. A regional application can be an Application Load Balancer (ALB), Amazon API Gateway REST API, an AWS AppSync GraphQL API, or an Amazon Cognito user pool. For Amazon CloudFront distributions, you use `AWS::CloudFront::Distribution` to manage the association.	February 6, 2020
New resources	The following resources were added: AWS::ACMPCA::Certificate, AWS::ACMPCA::CertificateAuthority, AWS::ACMPCA::CertificateAuthorityActivation. AWS::ACMPCA::Certificate The `AWS::ACMPCA::Certificate` resource is used to issue a certificate using your private certificate authority. AWS::ACMPCA::CertificateAuthority Use the `AWS::ACMPCA::CertificateAuthority` resource to create a private CA. AWS::ACMPCA::CertificateAuthorityActivation The `AWS::ACMPCA::CertificateAuthorityActivation` resource creates and installs a CA certificate on a CA.	January 23, 2020
New resource	The following resources were added: AWS::AppConfig::Application, AWS::AppConfig::ConfigurationProfile, AWS::AppConfig::Deployment, AWS::AppConfig::Environment, and AWS::AppConfig::DeploymentStrategy AWS::AppConfig::Application The `AWS::AppConfig::Application` resource creates an application, which is a logical unit of code that provides capabilities for your customers. AWS::AppConfig::ConfigurationProfile The `AWS::AppConfig::ConfigurationProfile` resource creates a configuration profile that enables AWS AppConfig to access the configuration source. AWS::AppConfig::Deployment The `AWS::AppConfig::Deployment` resource starts a deployment. AWS::AppConfig::Environment The `AWS::AppConfig::Environment` resource creates an environment, which is a logical deployment group of AWS AppConfig targets, such as applications in a `Beta` or `Production` environment. AWS::AppConfig::DeploymentStrategy The `AWS::AppConfig::DeploymentStrategy` resource creates an AWS AppConfig deployment strategy.	January 23, 2020
Updated resource	The following resource was updated: AWS::Glue::Crawler AWS::Glue::Crawler Use the `MongoDBTarget` property to specify an Amazon DocumentDB or MongoDB data store to crawl. Use the `RecrawlPolicy.RecrawlBehavior` property to specify a new `CRAWL_EVENT_MODE` that specifies crawling only the changes identified by Amazon S3 events. Use the `S3Target.SampleSize` property to specify the number of files in each leaf folder to be crawled when crawling sample files in a dataset. Use the `S3Target.EventQueueArn` property to specify a valid Amazon SQS ARN. Use the `S3Target.DlqEventQueueArn` property to specify a valid Amazon dead-letter SQS ARN.	January 20, 2020
Updated resources	The following resource was updated: AWS::Lambda::Function. AWS::Lambda::Function In the Code property type, `ZipFile` supports `nodejs12.x` for `RunTime`.	January 16, 2020
Updated resource	The following resource was updated: AWS::EC2::Instance. AWS::EC2::Instance Use the `HibernationOptions` property to indicate whether the instance is enabled for hibernation. Use the `HostResourceGroupArn` property to specify the ARN of the host resource group in which to launch the instances.	January 16, 2020
Updated resource	The following resource was updated: AWS::AutoScaling::AutoScalingGroup. AWS::AutoScaling::AutoScalingGroup Use the `WeightedCapacity` property to specify the number of capacity units, which gives the instance type a proportional weight to other instance types.	January 16, 2020
Updated resource	The following resource was updated: AWS::LakeFormation::Permissions AWS::LakeFormation::Permissions Use the `DataLocationResource` property to specify a structure for a data location object where permissions are granted or revoked. Use the `TableWithColumnsResource` property to specify a structure for a table with columns object. This object is only used when granting a SELECT permission.	January 16, 2020
Updated resource	The following resource was updated: AWS::RDS::DBInstance. AWS::RDS::DBInstance Use the `CACertificateIdentifier` property to specify the identifier of the CA certificate for this DB instance.	January 16, 2020
Updated resource	The following resource was updated: `AWS::SSM::ResourceDataSync` AWS::SSM::ResourceDataSync Use the `SyncType` property with `SyncFromSource` to synchronize Systems Manager Explorer OpsItems and OpsData from AWS Organizations or from multiple AWS Regions.	January 16, 2020
Updated resources	The following resources were updated: `AWS::MSK::Cluster`, `AWS::RDS::DBInstance`, and `AWS::SSM::Document` `AWS::MSK::Cluster` Use the `OpenMonitoring` property to enable monitoring with Prometheus, an open-source monitoring system for time-series metric data. You can also use tools that are compatible with Prometheus-formatted metrics or tools that integrate with Amazon MSK Open Monitoring. `AWS::SSM::Document` Use the `Name` property to specify a name for the Systems Manager document. `AWS::RDS::DBInstance` Use the `MaxAllocatedStorage` property to specify the upper limit to which Amazon RDS can automatically scale the storage of the DB instance.	December 20, 2019
New resource	The following resource was added: `AWS::CodeBuild::ReportGroup` `AWS::CodeBuild::ReportGroup` Use the `AWS::CodeBuild::ReportGroup` resource to specify information about a report group. When you specify a report group in a CodeBuild project, a build of the project creates reports in the report group that contain results from running test cases.	December 20, 2019
New resource	The following resource was added: `AWS::EC2::GatewayRouteTableAssociation`. `AWS::EC2::GatewayRouteTableAssociation` Use the `AWS::EC2::GatewayRouteTableAssociation` property to associate a virtual private gateway or internet gateway with a route table.	December 20, 2019
Updated resources	The following resource was updated: AWS::RDS::DBInstance. AWS::RDS::DBInstance Use the `MaxAllocatedStorage` property to specify the upper limit to which Amazon RDS can automatically scale the storage of the DB instance.	December 19, 2019
Updated resource	The following resource was updated: AWS::FSx::FileSystem AWS::FSx::FileSystem In the WindowsConfiguration property type: Use the `DeploymentType` property to specify the Amazon FSx Windows file system deployment type. Use the `PreferredSubnetId` property to specify the subnet in which you want the preferred file server to be located for a `MULTI_AZ_1` Amazon FSx for Windows file system deployment type.	December 19, 2019
Updated resource	The following resource was updated: `AWS::FSx::FileSystem` `AWS::FSx::FileSystem` In the WindowsConfiguration property type: Use the `DeploymentType` property to specify the file system deployment type. Use the `PreferredSubnetId` property to specify the subnet in which you want the preferred file server to be located.	December 19, 2019
New resource	The following resource was added: AWS::EC2::GatewayRouteTableAssociation. AWS::EC2::GatewayRouteTableAssociation Use the `AWS::EC2::GatewayRouteTableAssociation` property to associate a virtual private gateway or internet gateway with a route table.	December 19, 2019
Updated resource	The following resource was updated: `AWS::EC2::Instance`. `AWS::EC2::Instance` In the ElasticInferenceAccelerator property type, use the `Count` property to specify the number of elastic inference accelerators to attach to the instance.	December 12, 2019
New resource	The following resource was added: AWS::CodeBuild::ReportGroup AWS::CodeBuild::ReportGroup Use the `AWS::CodeBuild::ReportGroup` resource to specify information about a report group. When you specify a report group in a CodeBuild project, a build of the project creates reports in the report group that contain results from running test cases.	December 12, 2019
Updated resources	The following resources were updated: `AWS::ApiGatewayV2::Api`, `AWS::ApiGatewayV2::Authorizer`, `AWS::ApiGatewayV2::Integration`, `AWS::ApiGatewayV2::Stage`. AWS::ApiGatewayV2::Api Use the `AWS::ApiGatewayV2::Api` resource to create an HTTP API (beta). AWS::ApiGatewayV2::Authorizer Use the `AWS::ApiGatewayV2::Authorizer` resource to create a JWT authorizer for an HTTP API (beta). AWS::ApiGatewayV2::Integration Use the `AWS::ApiGatewayV2::Integration` resource to create an integration for an HTTP API (beta). AWS::ApiGatewayV2::Stage Use the `AWS::ApiGatewayV2::Stage` resource to create a stage for an HTTP API (beta).	December 4, 2019
Updated resources	The following resources were updated: AWS::Lambda::Alias and AWS::Lambda::Version. AWS::Lambda::Alias Use the `ProvisionedConcurrencyConfiguration` property to specify a provisioned concurrency configuration for a function's alias. AWS::Lambda::Version Use the `ProvisionedConcurrencyConfiguration` property to specify a provisioned concurrency configuration for a function's version.	December 3, 2019
Updated resource	The following resource was updated: `AWS::StepFunctions::StateMachine`. AWS::StepFunctions::StateMachine The `AWS::StepFunctions::StateMachine` now supports Express workflows using the new `StateMachineType` parameter. You can also configure CloudWatch Logging information for Express workflows using `LoggingConfiguration`, `LogDestination`, and `CloudWatchLogsLogGroup`.	December 3, 2019
New resource	The following resource was added: AWS::S3::AccessPoint Access Points Use the `AWS::S3::AccessPoint` resource to specify an S3 access point.	December 3, 2019
New resource	The following resource was added: AWS::AccessAnalyzer::Analyzer AWS::AccessAnalyzer::Analyzer Use the `AWS::AccessAnalyzer::Analyzer` resource to create an analyzer for IAM Access Analyzer.	December 2, 2019
New resource	The following resources were added: `AWS::EventSchemas::Discoverer`, `AWS::EventSchemas::Registry`, and `AWS::EventSchemas::Schema`. AWS::EventSchemas::Discoverer Use the `AWS::EventSchemas::Discoverer` resource to specify a discoverer that is associated with an event bus. A discoverer allows the Amazon EventBridge Schema Registry to automatically generate schemas based on events on an event bus. AWS::EventSchemas::Registry Use the `AWS::EventSchemas::Registry` to specify a schema registry. Schema registries are containers for Schemas. Registries collect and organize schemas so that your schemas are in logical groups. AWS::EventSchemas::Schema Use the `AWS::EventSchemas::Schema` resource to specify an event schema.	December 1, 2019
New resource	The following resource was added: AWS::Lambda::EventInvokeConfig AWS::Lambda::EventInvokeConfig Use the `EventInvokeConfig` resource to configure destinations and error handling for asynchronous invocation.	November 26, 2019
Updated resource	The following resource was updated: AWS::CloudWatch::Alarm. AWS::CloudWatch::Alarm In the MetricDataQuery property type, use the `Period` property to specify the granularity, in seconds, of the returned data points.	November 25, 2019
Updated resource	The following resource was updated: AWS::CodePipeline::Pipeline. AWS::CodePipeline::Pipeline In the ActionDeclaration property type, use the `Namespace` property to specify the variable namespace associated with the action. All variables produced as output by this action fall under this namespace.	November 25, 2019
Updated resource	The following resource was updated: AWS::Lambda::EventSourceMapping. AWS::Lambda::EventSourceMapping For stream sources (DynamoDB and Kinesis), use the `BisectBatchOnFunctionError` property to split the batch in two and retry if the function returns an error. For stream sources (DynamoDB and Kinesis), use the `DestinationConfig` property to specify an Amazon SQS queue or Amazon SNS topic destination for discarded records. For stream sources (DynamoDB and Kinesis), use the `MaximumRecordAgeInSeconds` property to specify the maximum age of a record that Lambda sends to a function for processing. For stream sources (DynamoDB and Kinesis), use the `MaximumRetryAttempts` property to specify the maximum number of times to retry when the function returns an error. For stream sources (DynamoDB and Kinesis), use the `ParallelizationFactor` property to specify the number of batches to process from each shard concurrently.	November 25, 2019
Updated resource	The following resource was updated: `AWS::CloudWatch::Alarm`. `AWS::CloudWatch::Alarm` In the MetricDataQuery property type, use the `Period` property to specify the granularity, in seconds, of the returned data points.	November 25, 2019
New resources	The following resources were added: AWS::ECS::PrimaryTaskSet, AWS::ECS::TaskSet. AWS::ECS::PrimaryTaskSet Use the `AWS::ECS::PrimaryTaskSet` resource to specify which task set in a service is the primary task set. Any parameters that are updated on the primary task set in a service will transition to the service. This is used when a service uses the `EXTERNAL` deployment controller type. AWS::ECS::TaskSet Use the `AWS::ECS::TaskSet` resource to create a task set in the specified cluster and service. This is used when a service uses the `EXTERNAL` deployment controller type.	November 25, 2019
New resource	The following resource was added: AWS::CloudWatch::InsightRule. AWS::CloudWatch::InsightRule Use the `AWS::CloudWatch::InsightRule` property to create a Contributor Insights rule. Rules evaluate log events in a CloudWatch Logs log group, enabling you to find contributor data for the log events in that log group.	November 25, 2019
New resource	The following resource was added: AWS WAFv2. AWS WAFv2 This is the latest version of AWS WAF, a web application firewall that lets you monitor HTTP(S) requests that are forwarded to an Amazon API Gateway REST API, Amazon CloudFront, Application Load Balancer, an AWS AppSync GraphQL API, or an Amazon Cognito user pool. AWS WAF also lets you control access to your content.	November 25, 2019
Updated resources	The following resources were updated: AWS::AppSync::Resolver, AWS::AppSync::DataSource. AWS::AppSync::Resolver Use the `CachingConfig` property to specify the caching behavior of your AWS AppSync resolver. AWS::AppSync::Resolver Use the `SyncConfig` property to specify the conflict detection and resolution strategy of your AWS AppSync resolver. AWS::AppSync::Resolver Use the `LambdaConflictHandlerConfig` property to specify the ARN of the lambda that is used for handling conflicts in your AWS AppSync resolver. AWS::AppSync::DataSource Use the `DeltaSyncConfig` property to specify the delta sync configurations for your versioned AWS AppSync data source.	November 21, 2019
Updated resources	The following resources were updated: AWS::ECS::Cluster, AWS::ECS::Service, and AWS::ECS::TaskDefinition. AWS::ECS::Cluster Use the `ClusterSettings` property to specify the setting to use when creating a cluster. This parameter is used to use CloudWatch Container Insights for a cluster. AWS::ECS::Service Use the `DeploymentController` property to specify the deployment controller to use for the service. AWS::ECS::TaskDefinition In the ContainerDefinition property type, use the `FirelensConfiguration` property to specify the FireLens configuration for the container. This is used to specify and configure a log router for container logs. In the LinuxParameters property type: use the `MaxSwap` property to specify the total amount of swap memory (in MiB) a container can use. use the `Swappiness` property to tune a container's memory swappiness behavior. A `swappiness` value of `0` will cause swapping to not happen unless absolutely necessary. A `swappiness` value of `100` will cause pages to be swapped very aggressively.	November 21, 2019
Updated resources	The following resources were updated: AWS::RDS::DBCluster and AWS::RDS::DBInstance. AWS::RDS::DBCluster Use the `EnableHttpEndpoint` property to indicate whether to enable the HTTP endpoint for an Aurora Serverless DB cluster. By default, the HTTP endpoint is disabled. When enabled, the HTTP endpoint provides a connectionless web service API for running SQL queries on the Aurora Serverless DB cluster. You can also query your database from inside the RDS console with the query editor. AWS::RDS::DBInstance For Oracle DB instances, Amazon RDS can use Kerberos Authentication to authenticate users that connect to the DB instance.	November 21, 2019
Updated resource	The following resource was updated: AWS::ApiGateway::RestApi. AWS::ApiGateway::RestApi Use the `VpcEndpointIds` property to specify VPC endpoint IDs of an API (AWS::ApiGateway::RestApi) against which to create Route53 ALIASes. It is only supported for `PRIVATE` endpoint type.	November 21, 2019
Updated resource	The following resource was updated: AWS::CertificateManager::Certificate AWS::CertificateManager::Certificate Use the `CertificateTransparencyLoggingPreference` property to enable or disable certificate transparency logging. Use the `PrivateCertificateAuthorityArn` property to specify a private certificate authority (CA) from AWS Private CA as certificate issuer. Use the `GetAtt` function to retrieve the `CertificateARN` of the `AWS::CertificateManager::Certificate` resource. Use the `GetAtt` function to retrieve the `CertificateStatus` of the `AWS::CertificateManager::Certificate` resource. In the DomainValidationOption property type, use the `HostedZoneId` property to validate a domain with a Route 53 hosted zone ID.	November 21, 2019
Updated resource	The following resources were updated: AWS::Cognito::UserPool AWS::Cognito::UserPool Added `ConfigurationSet` and `From` properties to the `EmailConfiguration` parameter. AWS::Cognito::UserPoolClient Added `PreventUserExistenceErrors` parameter to help manage errors and responses when a user does not exist in the user pool. AWS::Cognito::UserPoolUser Use the `ClientMetadata` parameter to provide input to the AWS Lambda function that is invoked by the pre sign-up trigger.	November 21, 2019
Updated resource	The following resource was updated: AWS::EC2::EIP. AWS::EC2::EIP Use the `Tags` property to specify any tags for the Elastic IP address.	November 21, 2019
Updated resource	The following resource was updated: AWS::Glue::MLTransform AWS::Glue::MLTransform Use the `GlueVersion` property to specify which version of AWS Glue this machine learning transform is compatible with.	November 21, 2019
Updated resource	The following resource was updated: AWS::IAM::User. AWS::IAM::User Use the `Tags` property to specify a list of tags that you want to attach to the newly created user.	November 21, 2019
Updated resource	The following resource was updated: AWS::Elasticsearch::Domain. AWS::Elasticsearch::Domain Use the `CognitoOptions` property to configure OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards. Use the EnableVersionUpgrade update policy to update the `ElasticsearchVersion` property without replacing the `AWS::Elasticsearch::Domain` resource.	November 21, 2019
Updated resource	The following resource was updated: `AWS::OpsWorksCM::Server` `AWS::OpsWorksCM::Server` Use the `CustomDomain` property to specify a custom domain on an AWS OpsWorks for Chef Automate Server running Chef Automate 2.0. Use the `CustomCertificate` property to specify a PEM-formatted HTTPS certificate for a server with a custom domain. Use the `CustomPrivateKey` property to specify a private key in PEM format for connecting to a server that uses a custom domain.	November 21, 2019
Updated resource	The following resource was updated: `AWS::S3::Bucket`. `AWS::S3::Bucket` In the Transition property type, the `StorageClass` property supports `DEEP_ARCHIVE`.	November 21, 2019
Updated resource	The following resource was updated: `AWS::Lambda::Function`. `AWS::Lambda::Function` In the Code property type, `ZipFile` supports `nodejs10.x` for `RunTime`.	November 21, 2019
New resource	The following resource was added: AWS::AppSync::ApiCache. AWS::AppSync::ApiCache Use the `AWS::AppSync::ApiCache` resource to enable resolver caching with AWS AppSync.	November 21, 2019
Drift Detection for Stack Sets	You can now run drift detection on a stack set and all the stack instances it includes. When CloudFormation performs drift detection on a stack set, it performs drift detection on the stack associated with each stack instance in the stack set. For more details, see Detecting Unmanaged Configuration Changes in Stack Sets.	November 19, 2019
Updated resource	The following resource was updated to support Amazon EKS managed node groups: `AWS::EKS::Cluster` `AWS::EKS::Cluster` Use the `AWS::EKS::Cluster` resource to create a new Amazon EKS cluster.	November 18, 2019
New resource	The following resource was added: `AWS::EKS::Nodegroup` `AWS::EKS::Nodegroup` Use the `AWS::EKS::Nodegroup` resource to create a new Amazon EKS managed node group.	November 18, 2019
CloudFormation registry now available	Use the CloudFormation registry to view private and public resources that are available for use in your CloudFormation account. For more information, see Using the CloudFormation Registry	November 18, 2019
CloudFormation registry API actions	The following API actions for managing types in the CloudFormation registry are now available. For more information about the CloudFormation registry, see Using the CloudFormation Registry `DeregisterType` Removes a type or type version from active use in the CloudFormation registry. `DescribeType` Returns detailed information about a registered type. `DescribeTypeRegistration` Returns information about a type's registration, including its current status and type and version identifiers. `ListTypeRegistrations` Returns a list of registration request identifiers for the specified type. `ListTypes` Returns summary information about types that have been registered with CloudFormation. `ListTypeVersions` Returns summary information about the versions of a type. `RegisterType` Registers a type with the CloudFormation service. Registering a type makes it available for use in CloudFormation templates in your AWS account. `SetTypeDefaultVersion` Specify the default version of a type. The default version of a type will be used in CloudFormation operations.	November 18, 2019
Updated resources	The following resources were updated: AWS::GameLift::Build, AWS::GameLift::Fleet. AWS::GameLift::Build Use the `OperatingSystem` property to specify the operating system that the build files run on. AWS::GameLift::Fleet Use the `CertificateConfiguration` property to generate a TLS/SSL certificate for the new fleet. Use the `FleetType` property to specify use of On-Demand or Spot instances in the fleet. Use the `InstanceRoleArn` property to manage access to your non-GameLift AWS resources from GameLift fleet instances. Use the `MetricGroups` property to add fleet metrics to a CloudWatch metric group. Use the `NewGameSessionProtectionPolicy` property to prevent the fleet's active game sessions from being terminated during a scale down event. Use the `PeerVpcAwsAccountId` property when setting up VPC peering for the fleet. Use the `PeerVpcId` property when setting up VPC peering for the fleet. Use the `ResourceCreationLimitPolicy` property to limit an individual player's ability to use the fleet's available hosting resources. Use the `RuntimeConfiguration` property to configure what processes are run on each instance in the fleet. Use the `ScriptId` property to create a Realtime Servers fleet and configure it with a Realtime script.	November 14, 2019
New resources	The following resources were added: AWS::GameLift::Script, AWS::GameLift::GameSessionQueue, AWS::GameLift::MatchmakingConfiguration, AWS::GameLift::MatchmakingRuleSet. AWS::GameLift::Script Use the `Script` resource to upload a configuration script for a Realtime Servers fleet. AWS::GameLift::GameSessionQueue Use the `GameSessionQueue` resource to create a game session queue that processes player requests for new game sessions. AWS::GameLift::MatchmakingConfiguration Use the `MatchmakingConfiguration` resource to create a matchmaker that processes player requests for new matched game sessions. AWS::GameLift::MatchmakingRuleSet Use the `MatchmakingRuleSet` resource to create rules that specify how to form matches and evaluate players for inclusion in a match.	November 14, 2019
Resource import added	If you created an AWS resource outside of AWS CloudFormation management, you can bring this existing resource into CloudFormation management using `resource import`. For more information, see Bringing Existing Resources Into CloudFormation Management.	November 11, 2019
New resource	The following resource was added: AWS::CodeStarNotifications::NotificationRule AWS::CodeStarNotifications::NotificationRule Use the `AWS::CodeStarNotifications::NotificationRule` resource to create notification rules for resources in AWS CodeBuild, AWS CodeCommit, AWS CodeDeploy, and AWS CodePipeline.	November 7, 2019
New resource	The following resources were added: `AWS::MediaConvert::JobTemplate`, `AWS::MediaConvert::Preset`, `AWS::MediaConvert::Queue` `AWS::MediaConvert::JobTemplate` Use the `AWS::MediaConvert::JobTemplate` resource to specify a job template for transcoding jobs. `AWS::MediaConvert::Preset` Use the `AWS::MediaConvert::Preset` resource to specify an output preset as part of a transcoding job. `AWS::MediaConvert::Queue` Use the `AWS::MediaConvert::Queue` resource to specify an on-demand transcoding queue.	November 6, 2019
Updated resource	The following resource was updated: AWS::Glue::Crawler AWS::Glue::Crawler Use the `DynamoDBTargets` property to specify a list of Amazon DynamoDB targets. Use the `CatalogTargets` property to specify a list of AWS Glue Data Catalog targets.	November 4, 2019
Updated resources	The following resources were updated: AWS::ApiGateway::ApiKey, AWS::ApiGateway::ClientCertificate, AWS::ApiGateway::DomainName, AWS::ApiGateway::RestApi, and AWS::ApiGateway::UsagePlan. AWS::ApiGateway::ApiKey Use the `Tags` property to specify an array of arbitrary tags (key-value pairs) to associate with the API key. AWS::ApiGateway::ClientCertificate Use the `Tags` property to specify an array of arbitrary tags (key-value pairs) to associate with the client certificate. AWS::ApiGateway::DomainName Use the `SecurityPolicy` property to the Transport Layer Security (TLS) version + cipher suite for this domain name. Use the `Tags` property to specify an array of arbitrary tags (key-value pairs) to associate with the domain name. AWS::ApiGateway::RestApi Use the `Tags` property to specify an array of arbitrary tags (key-value pairs) to associate with the API. AWS::ApiGateway::UsagePlan Use the `Tags` property to specify an array of arbitrary tags (key-value pairs) to associate with the usage plan.	October 31, 2019
Updated resources	The following resources were updated: AWS::CodePipeline::CustomActionType, AWS::CodePipeline::Pipeline. AWS::CodePipeline::CustomActionType Use the `Tags` property to specify the tags for the custom action. AWS::CodePipeline::Pipeline Use the `Tags` property to specify the tags for the pipeline.	October 31, 2019
Updated resource	The following resource was updated: AWS::Amplify::App AWS::Amplify::App Use the `EnablePullRequestPreview` property to specify whether pull request previews are enabled for each branch that Amplify Console automatically creates for your app. Use the `PullRequestEnvironmentName` property to specify a dedicated backend environment for your pull request previews.	October 31, 2019
Updated resource	The following resource was updated: AWS::ECS::TaskDefinition. AWS::ECS::TaskDefinition Use the `InferenceAccelerator` property to specify the Elastic Inference accelerators to use for the containers in the task.	October 31, 2019
Updated resource	The following resource was updated: AWS::Events::Rule. AWS::Events::Rule In the Target property type, use the `BatchParameters` property to specify the job definition, job name, and other parameters, if the event target is an AWS Batch job.	October 31, 2019
Updated resource	The following resource was updated: AWS::Elasticsearch::Domain. AWS::Elasticsearch::Domain Use the `LogPublishingOptions` property to configure slow log publishing.	October 31, 2019
New resources	The following resources were added: AWS::Pinpoint::EmailTemplate, AWS::Pinpoint::PushTemplate, and AWS::Pinpoint::SmsTemplate. AWS::Pinpoint::EmailTemplate Use the `AWS::Pinpoint::EmailTemplate` resource to create a message template that you can use in messages that are sent through the email channel. AWS::Pinpoint::PushTemplate Use the `AWS::Pinpoint::PushTemplate` resource to create a message template that you can use in messages that are sent through a push notification channel. AWS::Pinpoint::SmsTemplate Use the `AWS::Pinpoint::SmsTemplate` resource to create a message template that you can use in messages that are sent through the SMS channel.	October 31, 2019
Updated resource	The following resource was updated: AWS::Amplify::Branch AWS::Amplify::Branch Use the `EnablePullRequestPreview` property to specify whether Amplify Console creates a preview for each pull request that is made for the branch. Use the `PullRequestEnvironmentName` property to specify a dedicated backend environment for your pull request previews.	October 24, 2019
Updated resource	The following resource was updated: AWS::Cognito::UserPool AWS::Cognito::UserPool Use the `Schema` parameter to add or update schema attributes. AWS::Cognito::UserPool Use the `AliasAttributes` parameter to add or update an alias for the user pool. AWS::Cognito::UserPool Use the `UsernameAttributes` parameter to determine if email addresses or phone numbers can be used as user names when a user signs up.	October 24, 2019
Updated resources	The following resource was updated: `AWS::MSK::Cluster`. `AWS::MSK::Cluster` Use the `NumberOfBrokerNodes` property to submit an update to change the number of broker nodes in the cluster.	October 17, 2019
Updated resource	The following resource was updated: AWS::Cognito::IdentityPoolRoleAttachment AWS::Cognito::IdentityPoolRoleAttachment Use the `IdentityProvider` parameter to specify the identity provider for which the role is mapped.	October 17, 2019
Updated resource	The following resource was updated: AWS::FSx::FileSystem AWS::FSx::FileSystem In the WindowsConfiguration property type, use the `SelfManagedActiveDirectoryConfiguration` property to join an Amazon FSx Windows File Server instance to your self-managed (including on-premises) Microsoft Active Directory (AD) directory.	October 17, 2019
Updated Resource	The following resource was updated: `AWS::Batch::ComputeEnvironment` ComputeResources In the ComputeResources property type, use the `AllocationStrategy` property to specify the strategy to use to select instance types.	October 17, 2019
Updated resources	The following resource were updated: AWS::Events::EventBusPolicy, AWS::Events::Rule AWS::Events::EventBusPolicy Use the `EventBusName` property to specify the name of the event bus to associate with this policy. AWS::Events::Rule Use the `EventBusName` property to specify the name of the event bus to associate with this rule.	October 3, 2019
Updated resources	The following resource was updated: AWS::Pinpoint::App, AWS::Pinpoint::Campaign, and AWS::Pinpoint::Segment. AWS::Pinpoint::App The `ARN` attribute returns the Amazon Resource Name (ARN) of the application. Use the `Tags` property to specify a string-to-string map of key-value pairs that defines the tags to associate with the application. AWS::Pinpoint::Campaign The `ARN` attribute returns the Amazon Resource Name (ARN) of the campaign. Use the `Tags` property to specify a string-to-string map of key-value pairs that defines the tags to associate with the campaign. AWS::Pinpoint::Segment The `ARN` attribute returns the Amazon Resource Name (ARN) of the segment. Use the `Tags` property to specify a string-to-string map of key-value pairs that defines the tags to associate with the segment.	October 3, 2019
Updated resource	The following resource was updated: AWS::Budgets::Budget AWS::Budgets::Budget In the BudgetData property type, use the `PlannedBudgetLimits` property to specify a map containing multiple budget limits, including current or future limits.	October 3, 2019
Updated resource	The following resource was updated: AWS::Cognito::UserPool AWS::Cognito::UserPool Use the `EnabledMfas` parameter to enable MFA on a specified user pool.	October 3, 2019
New resources	The following resources were added: AWS::Cognito::UserPoolDomain, AWS::Cognito::UserPoolResourceServer, AWS::Cognito::UserPoolIdentityProvider, AWS::Cognito::RiskConfigurationAttachment, AWS::Cognito::UICustomizationAttachment. AWS::Cognito::UserPoolDomain Use the `AWS::Cognito::UserPoolDomain` resource to create a new domain for a user pool. AWS::Cognito::UserPoolResourceServer Use the `AWS::Cognito::UserPoolResourceServer` resource to create a new OAuth2.0 resource server and define custom scopes in it. AWS::Cognito::UserPoolIdentityProvider Use the `AWS::Cognito::UserPoolIdentityProvider` resource to create an identity provider for a user pool. AWS::Cognito::UserPoolRiskConfigurationAttachment Use the `AWS::Cognito::UserPoolRiskConfigurationAttachment` resource to set the risk configuration that is used for Amazon Cognito advanced security features. AWS::Cognito::UserPoolUICustomizationAttachment Use the `AWS::Cognito::UserPoolUICustomizationAttachment` resource to set the UI customization information for a user pool's built-in app UI.	October 3, 2019
New resources	The following resource were added: AWS::EC2::TrafficMirrorFilter, AWS::EC2::TrafficMirrorFilterRule, AWS::EC2::TrafficMirrorSession, and AWS::EC2::TrafficMirrorTarget AWS::EC2::TrafficMirrorFilter Use the `AWS::EC2::TrafficMirrorFilter` resource to specify a traffic mirror filter. AWS::EC2::TrafficMirrorFilterRule Use the `AWS::EC2::TrafficMirrorFilterRule` resource to manage traffic mirror filter rules. AWS::EC2::TrafficMirrorSession Use the `AWS::EC2::TrafficMirrorSession` resource to specify a traffic mirror session. AWS::EC2::TrafficMirrorTarget Use the `AWS::EC2::TrafficMirrorTarget` resource to specify a traffic mirror target.	October 3, 2019
New resource	The following resource was added: AWS::Events::EventBus AWS::Events::EventBus Use the `EventBus` resource to create or update a custom event bus or a partner event bus.	October 3, 2019
Updated resource	The following resource was updated: AWS::Glue::DevEndpoint AWS::Glue::DevEndpoint Use the `WorkerType` property to specify a type of predefined worked allocated to the development endpoint. Use the `NumberOfWorkers` property to specify the number of workers of a defined `workerType` that are allocated to the development endpoint. Use the `GlueVersion` property to specify the versions of Apache Spark and Python that AWS Glue supports for the development endpoint. Use the `Arguments` property to specify a map of arguments used to configure the `DevEndpoint`.	September 27, 2019
Updated resource	The following resource was updated: AWS::Glue::Job AWS::Glue::Job Use the `Timeout` property to specify the job timeout in minutes. Use the `NotificationProperty` property to specify the configuration properties of a notification. Use the `NotifyDelayAfter` property to specify the number of minutes to wait before sending a job run delay notification after a job run starts.	September 26, 2019
Updated resource	The following resource was updated: AWS::Glue::Trigger AWS::Glue::Trigger Use the `StartOnCreation` property to specify starting `SCHEDULED` and `CONDITIONAL` triggers when created. Use the `WorkflowName` property to specify the name of the workflow associated with the trigger.	September 26, 2019
Updated resource	The following resource was updated: `AWS::DocDB::DBCluster`. `AWS::DocDB::DBCluster` Use the `EnableCloudwatchLogsExports` property to specify the list of log types that need to be enabled for exporting to CloudWatch Logs.	September 26, 2019
New resource	The following resource was added: AWS::Glue::Workflow AWS::Glue::Workflow Use the AWS::Glue::Workflow resource to manage AWS Glue workflows.	September 26, 2019
Updated resource	The following resource was updated: `AWS::Config::RemediationConfiguration`. `AWS::Config::RemediationConfiguration` Use the `ExecutionControls` property to specify an `ExecutionControls` object.	September 12, 2019
New resource	The following resource was added: AWS::QLDB::Ledger AWS::QLDB::Ledger Use the `AWS::QLDB::Ledger` resource to specify a new Amazon Quantum Ledger Database (Amazon QLDB) ledger.	September 12, 2019
Updated resources	The following resources were updated: `AWS::ApplicationAutoScaling::ScalableTarget`, `AWS::DynamoDB::Table`, `AWS::EC2::Instance`, `AWS::ECS::TaskDefinition`, `AWS::ElastiCache::ReplicationGroup`, `AWS::Events::Rule`, `AWS::IAM::Role`, and `AWS::Lambda::EventSourceMapping`. `AWS::ApplicationAutoScaling::ScalableTarget` Use the `SuspendedState` property to suspend and resume automatic scaling. Setting the value of an attribute to `true` suspends the specified scaling activities. Setting it to `false` (default) resumes the specified scaling activities. `AWS::DynamoDB::Table` In the SSESpecification property type, use the `SSEType` property to specify server-side encryption type. `AWS::EC2::Instance` Use the `CpuOptions` property to specify the CPU options for the instance. In the Ebs property type, use the `KmsKeyId` property to specify an identifier (key ID, key alias, ID ARN, or alias ARN) for a customer managed key under which the EBS volume is encrypted. `AWS::ECS::TaskDefinition` Use the `IpcMode` property to specify the IPC resource namespace to use for the containers in the task. The valid values are `host`, `task`, or `none`. Use the `PidMode` property to specify the process namespace to use for the containers in the task. The valid values are `host` or `task`. In the ContainerDefinition property type: When the `Interactive` property is set to `true`, this allows you to deploy containerized applications that require `stdin` or a `tty` to be allocated. When the `PseudoTerminal` proprety is set to `true`, a TTY is allocated. Use the `SystemControls` property to specify a list of namespaced kernel parameters to set in the container. In the LogConfiguration property type, use the `SecretOptions` property to specify the secrets to pass to the log configuration. `AWS::ElastiCache::ReplicationGroup` Use the `KmsKeyId` property to specify the ID of the KMS key used to encrypt the disk on the cluster. `AWS::Events::Rule` In the EcsParameters property type: Use the `Group` property to specify an ECS task group for the task. Use the `LaunchType` property to specify the launch type on which your task is running. If the ECS task uses the `awsvpc` network mode, use the `NetworkConfiguration` property to specify the VPC subnets and security groups associated with the task and whether a public IP address is to be used. Use the `PlatformVersion` property to specify the platform version for the task. `AWS::IAM::Role` Use the `Description` property to provide a description for the role. Use the `Tags` property to specify a list of tags that are attached to the specified role. `AWS::Lambda::EventSourceMapping` Use the `MaximumBatchingWindowInSeconds` property to specify the maximum amount of time to gather records before invoking the function, in seconds.	August 29, 2019
Updated resources	The following resources were updated: AWS::RDS::DBCluster and AWS::RDS::DBInstance AWS::RDS::DBCluster Use the `AssociatedRoles` property to specify the AWS Identity and Access Management (IAM) roles associated with the DB instance. Use the `RestoreType` property to specify the type of restore to be performed. Use the `SourceDBClusterIdentifier` property to specify the identifier of the source DB cluster from which to restore. Use the `UseLatestRestorableTime` property to specify whether to restore the DB cluster to the latest restorable backup time. AWS::RDS::DBInstance Use the `AssociatedRoles` property to specify the AWS Identity and Access Management (IAM) roles associated with the DB instance.	August 29, 2019
Updated resource	The following resource was updated: AWS::CloudWatch::Alarm AWS::CloudWatch::Alarm Use the `ThresholdMetricId` property to specify the ID of the ANOMALY_DETECTION_BAND function used as the threshold for the alarm.	August 29, 2019
Updated resource	The following resource was updated: AWS::Elasticsearch::Domain. AWS::Elasticsearch::Domain In the ElasticsearchClusterConfig property type, use the `ZoneAwarenessConfig` property to specify zone awareness configuration options.	August 29, 2019
New resource	The following resource was added: AWS::Config::OrganizationConfigRule AWS::Config::OrganizationConfigRule Use the `AWS::Config::OrganizationConfigRule` resource to create an OrganizationConfigRule that has information about config rules that AWS Config creates in the member accounts.	August 29, 2019
Updated resource	The following resource was updated: `AWS::Neptune::DBCluster`. `AWS::Neptune::DBCluster` Use the `EnableCloudwatchLogsExports` property to specify a list of log types that are enabled for export to CloudWatch Logs.	August 22, 2019
Updated resource	The following resource was updated: AWS::DMS::ReplicationTask AWS::DMS::ReplicationTask Use the `CdcStartPosition` property to indicate when you want a change data capture (CDC) operation to start. Use the `CdcStopPosition` property to indicate when you want a change data capture (CDC) operation to stop.	August 16, 2019
Updated resources	The following resources were updated: `AWS::EC2::ClientVpnEndpoint`, `AWS::Greengrass::Group`, `AWS::Greengrass::ConnectorDefinition`, `AWS::Greengrass::CoreDefinition`, `AWS::Greengrass::DeviceDefinition`, `AWS::Greengrass::FunctionDefinition`, `AWS::Greengrass::LoggerDefinition`, `AWS::Greengrass::ResourceDefinition`, and `AWS::Greengrass::SubscriptionDefinition`. `AWS::EC2::ClientVpnEndpoint` Use the `SplitTunnel` parameter to specify whether split-tunnel is enabled on the AWS Client VPN endpoint. `AWS::Greengrass::ConnectorDefinition` Use the `Tags` property to attach metadata to the `AWS::Greengrass::ConnectorDefinition` resource. `AWS::Greengrass::CoreDefinition` Use the `Tags` property to attach metadata to the `AWS::Greengrass::CoreDefinition` resource. `AWS::Greengrass::DeviceDefinition` Use the `Tags` property to attach metadata to the `AWS::Greengrass::DeviceDefinition` resource. `AWS::Greengrass::FunctionDefinition` Use the `Tags` property to attach metadata to the `AWS::Greengrass::FunctionDefinition` resource. `AWS::Greengrass::Group` Use the `Tags` property to attach metadata to the `AWS::Greengrass::Group` resource. `AWS::Greengrass::LoggerDefinition` Use the `Tags` property to attach metadata to the `AWS::Greengrass::LoggerDefinition` resource. `AWS::Greengrass::ResourceDefinition` Use the `Tags` property to attach metadata to the `AWS::Greengrass::ResourceDefinition` resource. `AWS::Greengrass::SubscriptionDefinition` Use the `Tags` property to attach metadata to the `AWS::Greengrass::SubscriptionDefinition` resource.	August 8, 2019
Updated resource	The following resource was updated: AWS::AppSync::GraphQLApi. AWS::AppSync::GraphQLApi In the LogConfig property type, when set to `TRUE`, the `excludeVerboseContent` property excludes sections that contain information such as headers, context, and evaluated mapping templates, regardless of logging level.	August 8, 2019
New resources	The following resources were added: `AWS::ManagedBlockchain::Member` and `AWS::ManagedBlockchain::Node`. `AWS::ManagedBlockchain::Member` Use the `Member` resource to create the first member or an additional member of an Amazon Managed Blockchain network. `AWS::ManagedBlockchain::Node` Use the `Node` resource to create a peer node in a member of an Amazon Managed Blockchain network.	August 8, 2019
New resource	The following resource was added: AWS::Glue::MLTransform AWS::Glue::MLTransform Use the `AWS::Glue::MLTransform` resource to manage machine learning transforms.	August 8, 2019
New resource	The following resource was added: AWS::LakeFormation::DataLakeSettings AWS::LakeFormation::DataLakeSettings Use the `AWS::LakeFormation::DataLakeSettings` resource to manage data lake settings.	August 8, 2019
New resource	The following resource was added: AWS::LakeFormation::Permissions AWS::LakeFormation::Permissions Use the `AWS::LakeFormation:Permissions` resource to grant or revoke Lake Formation permissions.	August 8, 2019
New resource	The following resource was added: AWS::LakeFormation::Resource AWS::LakeFormation::Resource Use the `AWS::LakeFormation::Resource` resource to define the resources to which permissions are to be granted.	August 8, 2019
New resource	The following resource was added: AWS::CodeBuild::SourceCredential AWS::CodeBuild::SourceCredential Use the `AWS::CodeBuild::SourceCredential` resource to specify information about the credentials for a GitHub, GitHub Enterprise, or Bitbucket repository used in an AWS CodeBuild build project.	August 7, 2019
Updated resources	The following resources were updated: `AWS::Batch::JobDefinition`, `AWS::Cognito::UserPool`, `AWS::Cognito::UserPoolClient`, and `AWS::Glue::Job`. `AWS::Batch::JobDefinition` In the ContainerProperties property type, use the `LinuxParameters` property to specify Linux-specific modifications that are applied to the container, such as details for device mappings. `AWS::Cognito::UserPool` Use the `UserPoolAddOns` property to enable advanced security risk detection. Use the `VerificationMessageTemplate` property to define the template for verification messages. `AWS::Cognito::UserPoolClient` Use the `AnalyticsConfiguration` property to define the Amazon Pinpoint analytics configuration for collecting metrics for this user pool. `AWS::Glue::Job` Use the `GlueVersion` property to determine the versions of Apache Spark and Python that AWS Glue supports. The Python version indicates the version supported for jobs of type Spark. Use the `MaxCapacity` property to specify the number of AWS Glue data processing units (DPUs) that can be allocated when this job runs. A DPU is a relative measure of processing power that consists of 4 vCPUs of compute capacity and 16 GB of memory. For the `NumberofWorkers` property, when you specify a Python shell job (`JobCommand.Name`="pythonshell"), you can allocate either 0.0625 or 1 DPU. The default is 0.0625 DPU. When you specify an Apache Spark ETL job (`JobCommand.Name`="glueetl"), you can allocate from 2 to 100 DPUs. The default is 10 DPUs. This job type can't have a fractional DPU allocation. Use the `WorkerType` property to specify the type of predefined worker that is allocated when a job runs. In the JobCommand property type, use the `PythonVersion` property to specify the Python version being used to execute a Python shell job.	August 2, 2019
Stack set limit increases	You can now create a maximum of 100 stack sets in your administrator account, create a maximum of 2000 stack instances per stack set, and run a maximum of 3500 stack instance operations in each region at the same time, per administrator account. For more details, see Understand CloudFormation quotas.	August 2, 2019
New resource	The following resource was added: `AWS::CodeStar::GitHubRepository`. `AWS::CodeStar::GitHubRepository` Use the `AWS::CodeStar::GitHubRepository` resource to create a GitHub repository where you can store source code for use with AWS workflows. If provided, your source code is uploaded to the repository after it is created.	August 2, 2019
Updated resource	You can now add tags to a CodeCommit repository in your AWS CloudFormation template. `AWS::CodeCommit::Repository` Use the `Tags` property to provide information about one or more tag key-value pairs to use when tagging a repository.	July 25, 2019
Updated resources	The following resource was updated: `AWS::AmazonMQ::Broker`. `AWS::AmazonMQ::Broker` Use the `encryptionOptions` property to specify an AWS owned key or a customer managed key.	July 22, 2019
Updated resources	The following resources were updated: `AWS::Amplify::App` and `AWS::Amplify::Branch`. `AWS::Amplify::App` Use the `AutoBranchCreationConfig` property type to automatically create branches that match a certain pattern. `AWS::Amplify::Branch` Use the `EnableAutoBuild` property to enable automatic builds for a branch.	July 18, 2019
New resources	The following resources were added: `AWS::IoTEvents::DetectorModel` and `AWS::IoTEvents::Input`. `AWS::IoTEvents::DetectorModel` Use the `DetectorModel` resource to create a detector model. `AWS::IoTEvents::Input` Use the `Input` resource to create an input.	July 18, 2019
New resource	The following resource was added: `AWS::CloudWatch::AnomalyDetector`. `AWS::CloudWatch::AnomalyDetector` Use the `AWS::CloudWatch::AnomalyDetector` resource to specify an anomaly detection band for a certain metric and statistic. The band represents the expected "normal" range for the metric values.	July 12, 2019
Updated resources	The following resources were updated: `AWS::IoTAnalytics::Channel` and `AWS::IoTAnalytics::Datastore`. `AWS::IoTAnalytics::Channel` Use the `ChannelStorage` property to specify channel data is stored. `AWS::IoTAnalytics::Datastore` Use the `DatastoreStorage` property to specify where data store data is stored.	June 27, 2019
New resources	The following resources were added: `AWS::MediaLive::Channel`, `AWS::MediaLive::Input`, and `AWS::MediaLive::InputSecurityGroup`. `AWS::MediaLive::Channel` The `AWS::MediaLive::Channel` resource creates a channel. A MediaLive channel ingests and transcodes (decodes and encodes) source content from the inputs that are attached to that channel, and packages the new content into outputs. `AWS::MediaLive::Input` The `AWS::MediaLive::Input` resource creates an input. A MediaLive input holds information that describes how the MediaLive channel is connected to the upstream system that is providing the source content that is to be transcoded. `AWS::MediaLive::InputSecurityGroup` The `AWS::MediaLive::InputSecurityGroup` resource creates an input security group. A MediaLive input security group is associated with a MediaLive input. The input security group is an "allow list" of IP addresses that controls whether an external IP address can push content to the associated MediaLive input.	June 27, 2019
Updated resource	The following resource was updated: `AWS::EC2::LaunchTemplate` `AWS::EC2::LaunchTemplate` In the SpotOptions property type, use `BlockDurationMinutes` to specify the required duration for the Spot Instances, and use `ValidUntil` to specify the end date for the Spot request.	June 25, 2019
New resource	The following resource was added: `AWS::SecurityHub::Hub` `AWS::SecurityHub::Hub` Use the `AWS::SecurityHub::Hub` resource to specify the implementation of the AWS Security Hub service in your account.	June 25, 2019
Updated resources	The following resource were updated: `AWS::AppStream::Fleet`, `AWS::ServiceCatalog::CloudFormationProvisionedProduct` `AWS::ServiceCatalog::CloudFormationProvisionedProduct` Use the `ProvisioningPreferences` property to specify user-defined preferences that will be applied when updating a provisioned product. `AWS::AppStream::Fleet` Use the `IdleDisconnectTimeoutInSeconds` property to specify the amount of time that users can be idle (inactive) before they are disconnected from their streaming session and the `DisconnectTimeoutInSeconds` time interval begins.	June 20, 2019
New resources	The following resource was added: `AWS::Config::RemediationConfiguration`, `AWS::ServiceCatalog::StackSetConstraint` `AWS::Config::RemediationConfiguration` Use the `AWS::Config::RemediationConfiguration` resource to specify the details about the remediation configuration, including the remediation action, parameters, and data to execute the action. `AWS::ServiceCatalog::StackSetConstraint` Use the `AWS::ServiceCatalog::StackSetConstraint` resource to specify a stack set constraint.	June 20, 2019
Updated resources	The following resources were updated: `AWS::AppMesh::VirtualNode`, `AWS::CodeBuild::Project`, `AWS::EC2::Host`, `AWS::EC2::Route`, `AWS::EC2::VPNConnection`, `AWS::ECS::Cluster`, `AWS::ECS::Service`, `AWS::ECS::TaskDefinition`, `AWS::EFS::MountTarget`, `AWS::ElasticLoadBalancingV2::ListenerRule`, `AWS::EMR::Cluster`, `AWS::IoTAnalytics::Dataset`, `AWS::KinesisFirehose::DeliveryStream`, `AWS::S3::Bucket`. `AWS::AppMesh::VirtualNode` Use `ServiceDiscovery` to specify whether to use `AWSCloudMap` or `DNS` for service discovery. If using AWS Cloud Map for service discovery, use `AwsCloudMapServiceDiscovery` to specify `ServiceName`, `NamespaceName`, and `Attributes` properties. Use `AwsCloudMapInstanceAttribute` to specify key-value pairs for `AwsCloudMapServiceDiscovery`. `AWS::CodeBuild::Project` Use the `SecondarySourceVersions` property to specify an array of `ProjectSourceVersion` objects. If `secondarySourceVersions` is specified at the build level, then they take over these `secondarySourceVersions` (at the project level). `AWS::DLM::LifecyclePolicy` In the PolicyDetails property type: Use the `PolicyType` property to determine the valid target resource types and actions a policy can manage. This field defaults to EBS_SNAPSHOT_MANAGEMENT if not present. Use the `Parameters` property to specify a set of optional parameters that can be provided by the policy. In the Schedule property type, use the `VariableTags` property to specify a collection of key-value pairs with values determined dynamically when the policy is executed. Keys may be any valid Amazon EC2 tag key. Values must be in one of the two following formats: `$(instance-id)` or `$(timestamp)`. Variable tags are only valid for EBS Snapshot Management Instance policies. `AWS::EC2::Host` Use the `HostRecovery` property to indicates whether to enable or disable host recovery for the Dedicated Host. `AWS::EC2::Route` Use the `TransitGatewayId` property to specify the ID of a transit gateway. `AWS::EC2::VPNConnection` Use the `TransitGatewayId` property to specify the ID of the transit gateway associated with the VPN connection. Use the `VpnGatewayId` property to specify the ID of the virtual private gateway at the AWS side of the VPN connection. `AWS::ECR::Repository` Use the `Tags` property to specify an array of key-value pairs to apply to this resource. `AWS::ECS::Cluster` Use the `Tags` property to apply metadata to clusters to help you categorize and organize them. `AWS::ECS::Service` Use the `EnableECSManagedTags` property to specify whether to enable Amazon ECS managed tags for the tasks within the service. Use the `PropagateTags` property to specify whether to propagate the tags from the task definition or the service to the tasks in the service. Use the `Tags` property to apply metadata to services to help you categorize and organize them. `AWS::ECS::TaskDefinition` In the ContainerDefinition property type: Use the `ResourceRequirements` property to specify the type and amount of a resource to assign to a container. The only supported resource is a GPU. Use the `Secrets` property to specify the secrets to pass to the container. Use the `Tags` property to apply metadata to task definitions to help you categorize and organize them. `AWS::EFS::FileSystem` Use the `LifecyclePolicies` property to specify a list of policies used by EFS lifecycle management to transition files to the Infrequent Access (IA) storage class. `AWS::EFS::MountTarget` Use the `IpAddress` attribute to return the IPv4 address of the mount target. `AWS::ElasticLoadBalancingV2::ListenerRule` In the RuleCondition property type: Use the `HostHeaderConfig` property to specify information for a host header condition. Use the `HttpHeaderConfig` property to specify information for an HTTP header condition. Use the `HttpRequestMethodConfig` property to specify information for an HTTP method condition. Use the `PathPatternConfig` property to specify information for a path pattern condition. Use the `QueryStringConfig` property to specify information for a query string condition. Use the `SourceIpConfig` property to specify information for a source IP condition. `AWS::EMR::Cluster` In the JobFlowInstancesConfig property type, use the `Ec2SubnetIds` property to specify multiple EC2 subnet IDs. `AWS::IoTAnalytics::Dataset` When data set contents are created they are delivered to destinations specified in the `ContentDeliveryRules` property. Use the `VersioningConfiguration` property to specify how many versions of data set contents are kept. If not specified or set to null, only the latest version plus the latest succeeded version (if they are different) are kept for the time period specified by the "retentionPeriod" parameter. `AWS::KinesisFirehose::DeliveryStream` In the ExtendedS3DestinationConfiguration property type: Use the `DataFormatConversionConfiguration` property to specify the serializer, deserializer, and schema for converting data from the JSON format to the Parquet or ORC format before writing it to Amazon S3. Use the `ErrorOutputPrefix` property to specify a prefix that Amazon Data Firehose evaluates and adds to failed records before writing them to S3. The `Prefix` property is no longer required. In the S3DestinationConfiguration property type, use the `ErrorOutputPrefix` property to specify a prefix that Amazon Data Firehose evaluates and adds to failed records before writing them to S3. `AWS::S3::Bucket` Use the `ObjectLockConfiguration` property to specify an object lock configuration for the specified bucket. Use the `ObjectLockEnabled` property to specify whether this bucket has an object lock configuration enabled.	June 13, 2019
New resources	The following resources were added: `AWS::Amplify::App`, `AWS::Amplify::Branch`, `AWS::Amplify::Domain`, `AWS::EC2::ClientVpnAuthorizationRule`, `AWS::EC2::ClientVpnEndpoint`, `AWS::EC2::ClientVpnRoute`, `AWS::EC2::ClientVpnTargetNetworkAssociation`, `AWS::MSK::Cluster`. `AWS::Amplify::App` Creates apps in AWS Amplify Console. An app is a collection of branches. `AWS::Amplify::Branch` Creates a new branch within an AWS Amplify Console app. `AWS::Amplify::Domain` Allows you to connect a custom domain to your AWS Amplify Console app. `AWS::EC2::ClientVpnAuthorizationRule` Specifies an ingress authorization rule to add to a Client VPN endpoint. Ingress authorization rules act as firewall rules that grant access to networks. `AWS::EC2::ClientVpnEndpoint` Specifies a Client VPN endpoint. A Client VPN endpoint is the resource you create and configure to enable and manage Client VPN sessions. It is the destination endpoint at which all Client VPN sessions are terminated. `AWS::EC2::ClientVpnRoute` Specifies a network route to add to a Client VPN endpoint. Each Client VPN endpoint has a route table that describes the available destination network routes. Each route in the route table specifies the path for traﬃc to speciﬁc resources or networks. `AWS::EC2::ClientVpnTargetNetworkAssociation` Specifies a target network to associate with a Client VPN endpoint. A target network is a subnet in a VPC. You can associate multiple subnets from the same VPC with a Client VPN endpoint. `AWS::MSK::Cluster` Use the `AWS::MSK::Cluster` resource to create an Amazon MSK cluster.	June 13, 2019
Updated resources	The following resource was updated: `AWS::SageMaker::NotebookInstance`. `AWS::SageMaker::NotebookInstance` Use the `AcceleratorTypes` property to specify a list of Amazon Elastic Inference (EI) instance types to associate with this notebook instance. Use the `AdditionalCodeRepositories` property to specify an array of up to three Git repositories associated with the notebook instance. Use the `DefaultCodeRepository` property to specify the Git repository associated with the notebook instance as its default code repository.	June 3, 2019
New resources	The following resources were added: `AWS::IoTThingsGraph::FlowTemplate`, `AWS::Pinpoint::ADMChannel`, `AWS::Pinpoint::APNSChannel`, `AWS::Pinpoint::APNSSandboxChannel`, `AWS::Pinpoint::APNSVoipChannel`, `AWS::Pinpoint::APNSVoipSandboxChannel`, `AWS::Pinpoint::App`, `AWS::Pinpoint::ApplicationSettings`, `AWS::Pinpoint::BaiduChannel`, `AWS::Pinpoint::Campaign`, `AWS::Pinpoint::EmailChannel`, `AWS::Pinpoint::EventStream`, `AWS::Pinpoint::GCMChannel`, `AWS::Pinpoint::SMSChannel`, `AWS::Pinpoint::Segment`, `AWS::Pinpoint::VoiceChannel`, `AWS::SageMaker::CodeRepository`, and `AWS::MSK::Cluster`. `AWS::IoTThingsGraph::FlowTemplate` Use the `AWS::IoTThingsGraph::FlowTemplate` resource to specify a workflow template. `AWS::Pinpoint::ADMChannel` Use the `AWS::Pinpoint::ADMChannel` resource to specify an ADM channel. You can use the ADM channel to send push notifications through the Amazon Device Messaging (ADM) service to apps that run on Amazon devices, such as Kindle Fire tablets. `AWS::Pinpoint::APNSChannel` Use the `AWS::Pinpoint::APNSChannel` resource to specify an APNs channel. You can use the APNs channel to send push notification messages to the Apple Push Notification service (APNs). `AWS::Pinpoint::APNSSandboxChannel` Use the `AWS::Pinpoint::APNSSandboxChannel` resource to specify an APNs sandbox channel. You can use the APNs sandbox channel to send push notification messages to the sandbox environment of the Apple Push Notification service (APNs). `AWS::Pinpoint::APNSVoipChannel` Use the `AWS::Pinpoint::APNSVoipChannel` resource to specify an APNs VoIP channel. You can use the APNs VoIP channel to send VoIP notification messages to the Apple Push Notification service (APNs). `AWS::Pinpoint::APNSVoipSandboxChannel` Use the `AWS::Pinpoint::APNSVoipSandboxChannel` resource to specify an APNs VoIP sandbox channel. You can use the APNs VoIP sandbox channel to send VoIP notification messages to the sandbox environment of the Apple Push Notification service (APNs). `AWS::Pinpoint::App` Use the `AWS::Pinpoint::App` resource to specify an app. `AWS::Pinpoint::ApplicationSettings` Use the `AWS::Pinpoint::ApplicationSettings` resource to specify the settings for an Amazon Pinpoint app. `AWS::Pinpoint::BaiduChannel` Use the `AWS::Pinpoint::BaiduChannel` resource to update the settings of the Baidu channel for an application. `AWS::Pinpoint::Campaign` Use the `AWS::Pinpoint::Campaign` resource to update the settings for a campaign. `AWS::Pinpoint::EmailChannel` Use the `AWS::Pinpoint::EmailChannel` resource to update the status and settings of the email channel for an application. `AWS::Pinpoint::EventStream` Use the `AWS::Pinpoint::EventStream` resource to create a new event stream for an application or update the settings of an existing event stream for an application. `AWS::Pinpoint::GCMChannel` Use the `AWS::Pinpoint::GCMChannel` resource to specify a GCM channel. You can use the GCM channel to send push notification messages to the Firebase Cloud Messaging (FCM) service, which replaced the Google Cloud Messaging (GCM) service. `AWS::Pinpoint::SMSChannel` Use the `AWS::Pinpoint::SMSChannel` resource to specify an SMS channel. To send an SMS text message, you send the message through the SMS channel. `AWS::Pinpoint::Segment` Use the `AWS::Pinpoint::Segment` resource to create a new segment for an application or update the configuration, dimension, and other settings for an existing segment that's associated with an application. `AWS::Pinpoint::VoiceChannel` Use the `AWS::Pinpoint::VoiceChannel` resource to update the status and settings of the voice channel for an application. `AWS::SageMaker::CodeRepository` Use the `AWS::SageMaker::CodeRepository` resource to specify a Git repository as a resource in your SageMaker account.	June 3, 2019
Updated resources	The following resources were updated: `AWS::CodeCommit::Repository` and `AWS::EC2::LaunchTemplate`. Code Use the `Code` resource to provide information about code to be committed. S3 Use the `S3` resource to provide information about the Amazon S3 bucket that contains the code that will be committed to the new repository. `AWS::EC2::LaunchTemplate` In the NetworkInterface property, use `InterfaceType` to specify the type of network interface.	May 23, 2019
New resources	The following resources were added: `AWS::Backup::BackupPlan`, `AWS::Backup::BackupSelection`, `AWS::Backup::BackupVault`, `AWS::PinpointEmail::ConfigurationSet`, `AWS::PinpointEmail::ConfigurationSetEventDestination`, `AWS::PinpointEmail::DedicatedIpPool`, `AWS::PinpointEmail::Identity`, `AWS::Transfer::Server`, `AWS::Transfer::User`, `AWS::WAFRegional::GeoMatchSet`, `AWS::WAFRegional::RateBasedRule`, and `AWS::WAFRegional::RegexPatternSet`. `AWS::Backup::BackupPlan` Contains an optional backup plan display name and an array of BackupRule objects, each of which specifies a backup rule. Each rule in a backup plan is a separate scheduled task and can back up a different selection of AWS resources. `AWS::Backup::BackupSelection` Specifies a set of resources to assign to a backup plan. `AWS::Backup::BackupVault` Creates a logical container where backups are stored. A CreateBackupVault request includes a name, optionally one or more resource tags, an encryption key, and a request ID. `AWS::PinpointEmail::ConfigurationSet` Use the `AWS::PinpointEmail::ConfigurationSet` resource to specify configuration sets for the Amazon Pinpoint Email API. `AWS::PinpointEmail::ConfigurationSetEventDestination` Use the `AWS::PinpointEmail::ConfigurationSetEventDestination` resource to specify destinations for events related to sending email in the Amazon Pinpoint Email API. `AWS::PinpointEmail::DedicatedIpPool` Use the `AWS::PinpointEmail::DedicatedIpPool` resource to specify groups of dedicated IP addresses in the Amazon Pinpoint Email API. `AWS::PinpointEmail::Identity` Use the `AWS::PinpointEmail::Identity` resource to specify identities (email addresses or domains) for sending email through the Amazon Pinpoint Email API. `AWS::Transfer::Server` Creates an autoscaling virtual server based on Secure File Transfer Protocol (SFTP) in AWS. `AWS::Transfer::User` Creates a user and associates them with an existing Secure File Transfer Protocol (SFTP) server. `AWS::WafRegional::GeoMatchSet` The `AWS::WAFRegional::GeoMatchSet` resource contains one or more countries that AWS WAF will search for. `AWS::WafRegional::RateBasedRule` The `AWS::WAFRegional::RateBasedRule` resource is identical to a regular Rule, with one addition: a RateBasedRule counts the number of requests that arrive from a specified IP address every 5 minutes. `AWS::WafRegional::RegexPatternSet` The `AWS::WAFRegional::RegexPatternSet` resource specifies the regular expression (regex) pattern that you want AWS WAF to search for.	May 23, 2019
Updated resources	The following resources were updated: `AWS::AppSync::GraphQLApi`, `AWS::Cognito::UserPool`, `AWS::Glue::Classifier`, `AWS::Glue::Crawler`, `AWS::Glue::DevEndpoint`, `AWS::Glue::Job`, and `AWS::Glue::Trigger`. `AWS::AppSync::GraphQLApi` Use the `AdditionalAuthenticationProviders` property to specify a list of additional authentication providers for the GraphqlApi API. Use the `Tags` property to specify an arbitrary set of tags (key-value pairs) for this GraphQL API. `AWS::Cognito::UserPool` In the PasswordPolicy property type, use the `TemporaryPasswordValidityDays` property to specify the number of days a temporary password is valid. If the user does not sign-in during this time, their password will need to be reset by an administrator. Note When you set `TemporaryPasswordValidityDays` for a user pool, you will no longer be able to set the deprecated `UnusedAccountValidityDays` value for that user pool. `AWS::Glue::Classifier` Use the `CsvClassifier` property to specify a classifier for comma-separated values (CSV). `AWS::Glue::Crawler` Use the `CrawlerSecurityConfiguration` property to specify the name of the `SecurityConfiguration` structure to be used by this crawler. Use the `Tags` property to specify the tags to use with this crawler request. You can use tags to limit access to the crawler. `AWS::Glue::DevEndpoint` Use the `SecurityConfiguration` property to specify the name of the `SecurityConfiguration` structure to be used by this `DevEndpoint`. Use the `Tags` property to specify the tags to use with this `DevEndpoint`. You can use tags to limit access to the `DevEndpoint`. `AWS::Glue::Job` Use the `SecurityConfiguration` property to specify the name of the `SecurityConfiguration` structure to be used with this job. Use the `Tags` property to specify the tags to use with this job. You can use tags to limit access to the job. `AWS::Glue::Trigger` Use the `Tags` property to specify the tags to use with this trigger. You can use tags to limit access to the trigger.	May 17, 2019
New resources	The following resources were added: `AWS::Glue::DataCatalogEncryptionSettings`, `AWS::Glue::SecurityConfiguration`, and `AWS::MediaStore::Container`. `AWS::Glue::DataCatalogEncryptionSettings` Sets the security configuration for a specified catalog. After the configuration has been set, the specified encryption is applied to every catalog write thereafter. `AWS::Glue::SecurityConfiguration` Creates a new security configuration. `AWS::MediaStore::Container` The `AWS::MediaStore::Container` resource specifies a storage container to hold objects. A container is similar to a bucket in Amazon S3. When you create a container using AWS CloudFormation, the template manages data for five API actions: creating a container, setting access logging, updating the default container policy, adding a cross-origin resource sharing (CORS) policy, and adding an object lifecycle policy.	May 17, 2019
Updated resource	The following resource was updated: `AWS::ServiceCatalog::CloudFormationProduct`. `AWS::ServiceCatalog::CloudFormationProduct` In the ProvisioningArtifactProperties property type, if `DisableTemplateValidation` is set to `true`, Service Catalog stops validating the specified provisioning artifact even if it is invalid.	May 3, 2019
New resources	The following resources were added: `AWS::ApiGatewayV2::ApiMapping` and `AWS::ApiGatewayV2::DomainName`. `AWS::ApiGatewayV2::ApiMapping` The AWS CloudFormation `AWS::ApiGatewayV2::ApiMapping` resource contains an API mapping. `AWS::ApiGatewayV2::DomainName` Use the AWS CloudFormation `AWS::ApiGatewayV2::DomainName` resource to specify a custom, friendly URL for your API in API Gateway.	May 3, 2019
Limit for resources in concurrent stack operations	AWS CloudFormation now enforces an account limit for the number of resources in concurrent stack operations. This limit is determined by region. For more information, see Understand CloudFormation quotas	April 30, 2019
Updated resources	The following resources were updated: `AWS::Greengrass::FunctionDefinition` and `AWS::Greengrass::FunctionDefinitionVersion`. `AWS::Greengrass::FunctionDefinition` In the `FunctionConfiguration` property type, the `MemorySize` and `Timeout` properties are no longer required. `AWS::Greengrass::FunctionDefinitionVersion` In the `FunctionConfiguration` property type, the `MemorySize` and `Timeout` properties are no longer required.	April 25, 2019
Updated resources	The following resources were updated: `AWS::ECS::TaskDefinition`, `AWS::ElasticLoadBalancingV2::TargetGroup` `AWS::ECS::TaskDefinition` Use the `ProxyConfiguration` property to specify the configuration details for an App Mesh proxy. In the `ContainerDefinition` property type: Use the `DependsOn` property to specify the dependencies defined for container startup and shutdown. Use the `StartTimeout` property to specify the time duration to wait before giving up on resolving dependencies for a container. Use the `StopTimeout` property to specify the time duration to wait before the container is forcefully killed if it doesn't exit normally on its own. `AWS::ElasticLoadBalancingV2::TargetGroup` Use the `HealthCheckEnabled` property to indicate whether health checks are enabled. The `Port`, `Protocol`, and `VpcId` properties are now required only if the target type is `instance` or `ip`.	April 18, 2019
New resource	The following resource was added: `AWS::EC2::CapacityReservation`. `AWS::EC2::CapacityReservation` Use the `AWS::EC2::CapacityReservation` resource to create a Capacity Reservation.	April 18, 2019
Updated resources	The following resource was updated: `AWS::Batch::JobDefinition` and `AWS::ServiceCatalog::CloudFormationProvisionedProduct`. `AWS::Batch::JobDefinition` Use the ResourceRequirement property type to specify the type and amount of a resource to assign to a container. Currently, the only supported resource type is `GPU`. `AWS::ServiceCatalog::CloudFormationProvisionedProduct` The `Tags` property requires the provisioned product to have a `RESOURCE_UPDATE` constraint with `TagUpdatesOnProvisionedProduct` set to `ALLOWED` to allow tag updates. The `Tags` property now requires no interruption upon update.	April 4, 2019
New resource	The following resource was added: `AWS::ServiceCatalog::ResourceUpdateConstraint`. `AWS::ServiceCatalog::ResourceUpdateConstraint` Use the `AWS::ServiceCatalog::ResourceUpdateConstraint` resource to create a RESOURCE_UPDATE constraint for AWS Service Catalog.	April 4, 2019
Updated resources	The following resources were updated: `AWS::AppStream::Fleet`, `AWS::AppStream::ImageBuilder`, `AWS::AppStream::Stack`, and `AWS::EKS::Cluster`. `AWS::AppStream::Fleet`, `AWS::AppStream::ImageBuilder`, and `AWS::AppStream::Stack` Use the `Tags` property to add or overwrite one or more tags for an Amazon AppStream 2.0 fleet, stack, or image builder. `AWS::EKS::Cluster` Updates to the `Version` property no longer require replacement.	March 28, 2019
New resources	The following resources were added: `AWS::AppMesh::Mesh`, `AWS::AppMesh::Route`, `AWS::AppMesh::VirtualNode`, `AWS::AppMesh::VirtualRouter`, and `AWS::AppMesh::VirtualService`. `AWS::AppMesh::Mesh` The `AWS::AppMesh::Mesh` resource to specify a service mesh. A service mesh is a logical boundary for network traffic between the services that reside within it. `AWS::AppMesh::Route` Use the `AWS::AppMesh::Route` resource to specify a route that's associated with a virtual router. `AWS::AppMesh::VirtualNode` Use the `AWS::AppMesh::VirtualNode` resource to specify a virtual node within a service mesh. `AWS::AppMesh::VirtualRouter` Use the `AWS::AppMesh::VirtualRouter` resource to specify a virtual router within a service mesh. `AWS::AppMesh::VirtualService` Use the `AWS::AppMesh::VirtualService` resource to specify a virtual service within a service mesh.	March 27, 2019
New resources	The following resources were added: `AWS::Greengrass::ConnectorDefinition`, `AWS::Greengrass::ConnectorDefinitionVersion`, `AWS::Greengrass::CoreDefinition`, `AWS::Greengrass::CoreDefinitionVersion`, `AWS::Greengrass::DeviceDefinition`, `AWS::Greengrass::DeviceDefinitionVersion`, `AWS::Greengrass::FunctionDefinition`, `AWS::Greengrass::FunctionDefinitionVersion`, `AWS::Greengrass::Group`, `AWS::Greengrass::GroupVersion`, `AWS::Greengrass::LoggerDefinition`, `AWS::Greengrass::LoggerDefinitionVersion`, `AWS::Greengrass::ResourceDefinition`, `AWS::Greengrass::ResourceDefinitionVersion`, `AWS::Greengrass::SubscriptionDefinition`, and `AWS::Greengrass::SubscriptionDefinitionVersion`. `AWS::Greengrass::ConnectorDefinition` and `AWS::Greengrass::ConnectorDefinitionVersion` Use the `AWS::Greengrass::ConnectorDefinition` and `AWS::Greengrass::ConnectorDefinitionVersion` resources to create and manage your connectors. `AWS::Greengrass::CoreDefinition` and `AWS::Greengrass::CoreDefinitionVersion` Use the `AWS::Greengrass::CoreDefinition` and `AWS::Greengrass::CoreDefinitionVersion` resources to create and manage your cores. `AWS::Greengrass::DeviceDefinition` and `AWS::Greengrass::DeviceDefinitionVersion` Use the `AWS::Greengrass::DeviceDefinition` and `AWS::Greengrass::DeviceDefinitionVersion` resources to create and manage your devices. `AWS::Greengrass::FunctionDefinition` and `AWS::Greengrass::FunctionDefinitionVersion` Use the `AWS::Greengrass::FunctionDefinition` and `AWS::Greengrass::FunctionDefinitionVersion` resources to create and manage your functions. `AWS::Greengrass::Group` and `AWS::Greengrass::GroupVersion` Use the `AWS::Greengrass::Group` and `AWS::Greengrass::GroupVersion` resources to create and manage your Greengrass groups. `AWS::Greengrass::LoggerDefinitionVersion` and `AWS::Greengrass::LoggerDefinition` Use the `AWS::Greengrass::LoggerDefinition` and `AWS::Greengrass::LoggerDefinitionVersion` resources to create and manage your logging configuration. `AWS::Greengrass::ResourceDefinition` and `AWS::Greengrass::ResourceDefinitionVersion` Use the `AWS::Greengrass::ResourceDefinition` and `AWS::Greengrass::ResourceDefinitionVersion` resources to create and manage your local, machine learning, and secret resources. `AWS::Greengrass::SubscriptionDefinition` and `AWS::Greengrass::SubscriptionDefinitionVersion` Use the `AWS::Greengrass::SubscriptionDefinition` and `AWS::Greengrass::SubscriptionDefinitionVersion` resources to create and manage your subscriptions.	March 15, 2019
Updated resources	The following resources were updated: `AWS::CodeBuild::Project`, `AWS::OpsWorksCM::Server`, and `AWS::SageMaker::NotebookInstance`. `AWS::CodeBuild::Project` In the Project Source property type, use the `GitSubmodulesConfig` property to get information about Git submodules for a project. In the Project S3Logs property type, use the `EncryptionDisabled` property to disable encryption on S3 build logs. `AWS::OpsWorksCM::Server` Use the `AssociatePublicIpAddress` property to associate a public IP address with the server. `AWS::SageMaker::NotebookInstance` Use the `RootAccess` property to specify whether root access is enabled or disabled for users of the notebook instance.	March 14, 2019
Updated resources	The following resources were updated: `AWS::StepFunctions::Activity` and `AWS::StepFunctions::StateMachine`. `AWS::StepFunctions::Activity` Use the `Tags` property to specify the tags (key-value pairs) that you want to attach to the Step Functions activity. `AWS::StepFunctions::StateMachine` Use the `Tags` property to specify the tags (key-value pairs) that you want to attach to the Step Functions state machine.	March 7, 2019
Updated resource	The following resource was updated: `AWS::SageMaker::NotebookInstance`. `AWS::SageMaker::NotebookInstance` Use the `VolumeSizeInGB` property to specify the size in GB of the persisted machine learning storage volume that is provisioned and attached to the SageMaker notebook instance.	February 28, 2019
Updated resources	The following resources were updated: `AWS::ApiGateway::ApiKey`, `AWS::CodeBuild::Project`, `AWS::Elasticsearch::Domain`, `AWS::RDS::DBCluster`, and `AWS::RDS::DBInstance`. `AWS::ApiGateway::ApiKey` Use the `Value` property to specify the value of the API key. `AWS::CodeBuild::Project` In the ProjectCache property type, you can use the `Modes` property to specify the type cache an AWS CodeBuild project uses. `AWS::Elasticsearch::Domain` Use the `NodeToNodeEncryptionOptions` property to specify whether node-to-node encryption is enabled. `AWS::RDS::DBCluster` Use the `SourceRegion` property to specify the AWS Region which contains the source DB cluster when replicating a DB cluster. `AWS::RDS::DBInstance` Use the `UseDefaultProcessorFeatures` property to specify that the DB instance class of the DB instance uses its default processor features.	February 21, 2019
New resources	The following resources were added: `AWS::RAM::ResourceShare`, `AWS::RoboMaker::Fleet`, `AWS::RoboMaker::Robot`, `AWS::RoboMaker::RobotApplication`, `AWS::RoboMaker::RobotApplicationVersion`, `AWS::RoboMaker::SimulationApplication`, and `AWS::RoboMaker::SimulationApplicationVersion`. `AWS::RAM::ResourceShare` Use the `AWS::RAM::ResourceShare` resource to create, update, and delete an Amazon ResourceShare. `AWS::RoboMaker::Fleet` Use the `AWS::RoboMaker::Fleet` resource to create an AWS RoboMaker fleet. `AWS::RoboMaker::Robot` Use the `AWS::RoboMaker::Robot` resource to create an AWS RoboMaker robot. `AWS::RoboMaker::RobotApplication` Use the `AWS::RoboMaker::RobotApplication` resource to create an AWS RoboMaker robot application. `AWS::RoboMaker::RobotApplicationVersion` Use the `AWS::RoboMaker::RobotApplicationVersion` resource to create a version of an AWS RoboMaker robot application. `AWS::RoboMaker::SimulationApplication` Use the `AWS::RoboMaker::SimulationApplication` resource to create an AWS RoboMaker simulation application. `AWS::RoboMaker::SimulationApplicationVersion` Use the `AWS::RoboMaker::SimulationApplicationVersion` resource to create a version of an AWS RoboMaker simulation application.	February 21, 2019
Updated resource	The following resource was updated: `AWS::CodeBuild::Project`. `AWS::CodeBuild::Project` In the ProjectTriggers property type, you can use the `WebhookFilters` property to specify the webhook events that trigger a new CodeBuild build.	February 15, 2019
New resources	The following resources were added: `AWS::FSx::FileSystem`, `AWS::KinesisAnalyticsv2::Application`, `AWS::KinesisAnalyticsv2::ApplicationCloudWatchLoggingOption`, `AWS::KinesisAnalyticsv2::ApplicationOutput`, and `AWS::KinesisAnalyticsv2::ApplicationReferenceDataSource`. `AWS::FSx::FileSystem` Use the `AWS::FSx::FileSystem` resource to create a new FSx for Lustre or FSx for Windows File Server file system. `AWS::KinesisAnalyticsV2::Application` Use the `AWS::KinesisAnalyticsV2::Application` resource to create an Amazon Managed Service for Apache Flink application. `AWS::KinesisAnalyticsV2::ApplicationCloudWatchLoggingOption` Use the `AWS::KinesisAnalyticsV2::ApplicationCloudWatchLoggingOption` resource to add an Amazon CloudWatch log stream to monitor application configuration errors. `AWS::KinesisAnalyticsV2::ApplicationOutput` Use the `AWS::KinesisAnalyticsV2::ApplicationOutput` resource to describe a SQL-based Amazon Managed Service for Apache Flink application's output configuration. `AWS::KinesisAnalyticsV2::ApplicationReferenceDataSource` Use the `AWS::KinesisAnalyticsV2::ApplicationReferenceDataSource` resource to describe a reference data source for a SQL-based Amazon Managed Service for Apache Flink application.	February 15, 2019
Updated resources	The following resources were updated: `AWS::OpsWorksCM::Server`, `AWS::ServiceDiscovery::Instance`, and `AWS::ServiceDiscovery::Service`. `AWS::OpsWorksCM::Server` `EngineAttributes` were updated to include additional attributes that you can use to create an AWS OpsWorks for Puppet Enterprise master server. `AWS::ServiceDiscovery::Instance` The `InstanceAttributes` property now takes a `String map` value. `AWS::ServiceDiscovery::Service` The `DNSConfig` property is no longer required. An update to the `HealthCheckCustomConfig` property now requires replacement.	February 8, 2019
New resources	The following resources were added: `AWS::ApiGatewayV2::Api`, `AWS::ApiGatewayV2::Authorizer`, `AWS::ApiGatewayV2::Deployment`, `AWS::ApiGatewayV2::Integration`, `AWS::ApiGatewayV2::IntegrationResponse`, `AWS::ApiGatewayV2::Model`, `AWS::ApiGatewayV2::Route`, `AWS::ApiGatewayV2::RouteResponse`, and `AWS::ApiGatewayV2::Stage`. `AWS::ApiGatewayV2::Api` Use the `AWS::ApiGatewayV2::Api` resource to manage an API Gateway WebSocket API. `AWS::ApiGatewayV2::Authorizer` Use the `AWS::ApiGatewayV2::Authorizer` resource to represent an API Gateway authorizer function. `AWS::ApiGatewayV2::Deployment` Use the `AWS::ApiGatewayV2::Deployment` resource to create an API Gateway WebSocket API deployment. `AWS::ApiGatewayV2::Integration` Use the `AWS::ApiGatewayV2::Integration` resource to specify information about the target backend that an API Gateway route calls. `AWS::ApiGatewayV2::IntegrationResponse` Use the `AWS::ApiGatewayV2::IntegrationResponse` resource to specify the response that API Gateway sends after a route's backend finishes processing a WebSocket message. `AWS::ApiGatewayV2::Model` Use the `AWS::ApiGatewayV2::Model` resource to define the structure of a route request or response payload for an API Gateway WebSocket API. `AWS::ApiGatewayV2::Route` Use the `AWS::ApiGatewayV2::Route` resource to specify information that is expected to be present in a WebSocket message payload. `AWS::ApiGatewayV2::RouteResponse` Use the `AWS::ApiGatewayV2::RouteResponse` resource to define the responses that can be sent to the client that sends a message to an API Gateway WebSocket API. `AWS::ApiGatewayV2::Stage` Use the `AWS::ApiGatewayV2::Stage` resource to create a stage for an API Gateway WebSocket API deployment.	February 8, 2019
Updated resources	The following resources were updated: `AWS::CodeBuild::Project` and `AWS::ElasticLoadBalancingV2::Listener`. `AWS::CodeBuild::Project` In the Environment property type, you can use the `ImagePullCredentialsType` property to specify the type of credentials CodeBuild uses to pull images in your build. In the Environment property type, you can use the `RegistryCredential` property to provide information about credentials that provide access to a private Docker registry. `AWS::ElasticLoadBalancingV2::Listener` Create TLS listeners for your Network Load Balancers.	January 24, 2019
New resource	The following resource was added: `AWS::OpsWorksCM::Server`. `AWS::OpsWorksCM::Server` Use the `AWS::OpsWorksCM::Server` resource to create an AWS OpsWorks for Chef Automate or AWS OpsWorks for Puppet Enterprise server.	January 24, 2019
UpdateReplacePolicy attribute added	Use the UpdateReplacePolicy attribute to retain or (in some cases) backup the existing physical instance of a resource when it is replaced during a stack update operation. For more information, see UpdateReplacePolicy Attribute.	January 23, 2019
Updated resource	The following resource was updated: `AWS::Inspector::AssessmentTarget` `AWS::Inspector::AssessmentTarget` The `ResourceGroupArn` property is no longer required. If unspecified, all Amazon EC2 instances in your AWS account in the current region will be included in the assessment target.	January 17, 2019
Updated resource	The following resource was updated: `AWS::ServiceCatalog::CloudFormationProvisionedProduct`. `AWS::ServiceCatalog::CloudFormationProvisionedProduct` The `ProductId` property now requires no interruption upon update. The `ProductName` property now requires no interruption upon update. Each time a stack is created or updated, if `ProductName` is provided it will successfully resolve to `ProductId` as long as only one product exists in the account/region with that `ProductName`.	January 10, 2019
New resources	The following resources were added: `AWS::DocDB::DBCluster`, `AWS::DocDB::DBClusterParameterGroup`, `AWS::DocDB::DBInstance`, and `AWS::DocDB::DBSubnetGroup`. `AWS::DocDB::DBCluster` Use the `AWS::DocDB::DBCluster` resource to manage an Amazon DocumentDB cluster. `AWS::DocDB::DBClusterParameterGroup` Use the `AWS::DocDB::DBClusterParameterGroup` resource to manage an Amazon DocumentDB cluster parameter group. `AWS::DocDB::DBInstance` Use the `AWS::DocDB::DBInstance` resource to manage an Amazon DocumentDB instance. `AWS::DocDB::DBSubnetGroup` Use the `AWS::DocDB::DBSubnetGroup` resource to describe an Amazon DocumentDB subnet group.	January 10, 2019
Updated resources	The following resources were updated: `AWS::AmazonMQ::Broker`, `AWS::AmazonMQ::Configuration`, and `AWS::SageMaker::Model`. `AWS::AmazonMQ::Broker` Use the `Tags` property to specify an array of key-value pairs for cost allocation tagging. `AWS::AmazonMQ::Configuration` Use the `Tags` property to specify an array of key-value pairs for cost allocation tagging. `AWS::SageMaker::Model` Use the `Containers` property to specify the list of containers in the inference pipeline.	January 3, 2019
New resource	The following resource was added: `AWS::Route53Resolver::ResolverRuleAssociation`. `AWS::Route53Resolver::ResolverRuleAssociation` Use the `AWS::Route53Resolver::ResolverRuleAssociation` resource to associate an Amazon Route 53 Resolver rule and a VPC that you created using Amazon Virtual Private Cloud (Amazon VPC).	January 3, 2019
Updated resource	The following resource was updated: `AWS::AmazonMQ::Broker`. `AWS::AmazonMQ::Broker` The following attributes are now available using the `Fn::Getatt` intrinsic function: `IpAddresses` `MqttEndpoints` `OpenWireEndpoints` `AmqpEndpoints` `StompEndpoints` `WssEndpoints`	December 13, 2018
Stack instance operation limit	For StackSets, you can have a maximum of 1500 stack instance operations running in a given region at the same time, per administrator account. For more information, see Understand CloudFormation quotas.	December 13, 2018
New resources	The following resources were added: `AWS::AmazonMQ::ConfigurationAssociation`, `AWS::IoTAnalytics::Channel`, `AWS::IoTAnalytics::Dataset`, `AWS::IoTAnalytics::Datastore`, and `AWS::IoTAnalytics::Pipeline`. `AWS::AmazonMQ::ConfigurationAssociation` Use the `AWS::AmazonMQ::ConfigurationAssociation` resource to associate a configuration with a broker, or return information about the specified configuration association. `AWS::IoTAnalytics::Channel` Use the `AWS::IoTAnalytics::Channel` resource to create a channel. A channel collects data from an MQTT topic and archives the raw, unprocessed messages before publishing the data to a pipeline. `AWS::IoTAnalytics::Dataset` Use the `AWS::IoTAnalytics::Dataset` resource to create a data set. A data set retrieves data from a data store and allows you to explore and analyze your data using machine learning tools. `AWS::IoTAnalytics::Datastore` Use the `AWS::IoTAnalytics::Datastore` resource to create a data store. A data store holds messages from a channel which have been processed through a pipeline. `AWS::IoTAnalytics::Pipeline` Use the `AWS::IoTAnalytics::Pipeline` resource to create a pipeline. A pipeline consumes messages from one or more channels and allows you to process the messages before storing them in a data store.	December 13, 2018
The CAPABILITY_AUTO_EXPAND capability is now available	Use the `CAPABILITY_AUTO_EXPAND` capability to create or update a stack directly from a stack template that contains macros, without first reviewing the resulting changes in a change set first. For more information, see `CreateStack` or `UpdateStack` in AWS CloudFormation API Reference.	December 7, 2018
Updated resource	The following resource was updated: `AWS::CodeBuild::Project`. `AWS::CodeBuild::Project` In the Environment property type, you can use the `Certificate` property to specify a certificate to use with your build project. In the Artifacts property type, you can use the `ArtifactIdentifier` property to identify the project artifact. In the Source property type, you can use the `SourceIdentifier` property to identify the project source.	December 6, 2018
Updated resource	The following resource was updated: `AWS::Lambda::Function` `AWS::Lambda::Function` Use the `Layers` property to specify a list of Amazon Resource Names (ARNs) for the function layers to add to the function's execution environment.	November 29, 2018
New resources	The following resources were added: `AWS::Lambda::LayerVersion`, `AWS::Lambda::LayerVersionPermission`. `AWS::Lambda::LayerVersion` Use the AWS CloudFormation `AWS::Lambda::LayerVersion` resource to create a layer version in AWS Lambda. `AWS::Lambda::LayerVersionPermission` Use the AWS CloudFormation `AWS::Lambda::LayerVersionPermission` resource to give other accounts permission to use a layer version in AWS Lambda.	November 29, 2018
Updated resources	The following resources were updated: `AWS::DynamoDB::Table`, `AWS::EC2::Instance`, and `AWS::ServiceDiscovery::Service`. `AWS::DynamoDB::Table` Use the `BillingMode` property to specify how you are charged for read and write throughput and how you manage capacity. The `ProvisionedThroughput` property is now conditional. In the GlobalSecondaryIndex property type, the `ProvisionedThroughput` property is now conditional. `AWS::EC2::Instance` Use the `ElasticInferenceAccelerators` property to specify a list of elastic inference accelerators for an instance. Use the `LicenseSpecifications` property to associate a list of license configuration with an instance. `AWS::ServiceDiscovery::Service` Use the `NamespaceId` property to specify the ID of the namespace that you want to use to create the service. In the DnsConfig property type, use the `RoutingPolicy` property to specify the routing policy that you want to apply to all DNS records that AWS Cloud Map creates when you register an instance and specify this service.	November 28, 2018
New resource	The following resource was added: `AWS::ServiceDiscovery::HttpNamespace`. `AWS::ServiceDiscovery::HttpNamespace` Use the `HttpNamespace` resource to create an HTTP namespace for Cloud Map.	November 28, 2018
New resources	The following resources were added: `AWS::EC2::TransitGateway`, `AWS::EC2::TransitGatewayAttachment`, `AWS::EC2::TransitGatewayRoute`, `AWS::EC2::TransitGatewayRouteTable`, `AWS::EC2::TransitGatewayRouteTableAssociation`, and `AWS::EC2::TransitGatewayRouteTablePropagation`. `AWS::EC2::TransitGateway` Use the `AWS::EC2::TransitGateway` resource to create a transit gateway. `AWS::EC2::TransitGatewayAttachment` Use the `AWS::EC2::TransitGatewayAttachment` resource to create an attachment between a VPC and a transit gateway. `AWS::EC2::TransitGatewayRoute` Use the `AWS::EC2::TransitGatewayRoute` resource to create a static route for a transit gateway route table. `AWS::EC2::TransitGatewayRouteTable` Use the `AWS::EC2::TransitGatewayRouteTable` resource to create a route table for a transit gateway. `AWS::EC2::TransitGatewayRouteTableAssociation` Use the `AWS::EC2::TransitGatewayRouteTableAssociation` resource to associate an attachment with a transit gateway route table. `AWS::EC2::TransitGatewayRouteTablePropagation` Use the `AWS::EC2::TransitGatewayRouteTablePropagation` resource to enable an attachment to propagate routes.	November 26, 2018
New resources	The following resources were added: `Alexa::ASK::Skill`, `AWS::AppSync::FunctionConfiguration`, `AWS::EC2::EC2Fleet`, `AWS::Kinesis::StreamConsumer`, `AWS::Route53Resolver:ResolverEndpoint`, and `AWS::Route53Resolver::ResolverRule`. `Alexa::ASK::Skill` Use the `Alexa::ASK::Skill` resource to create an Alexa skill. `AWS::AppSync::FunctionConfiguration` Use the `AWS::AppSync::FunctionConfiguration` resource to describe the functions defined with appsync datasource in AWS AppSync. `AWS::EC2::EC2Fleet` Use the `AWS::EC2::EC2Fleet` resource to launch an EC2 Fleet that can include multiple launch specifications that vary by instance type, AMI, Availability Zone, or subnet. `AWS::Kinesis::StreamConsumer` Use the `AWS::Kinesis::StreamConsumer` resource to register a consumer with a Kinesis data stream. `AWS::Route53Resolver::ResolverEndpoint` Use the `AWS::Route53Resolver::ResolverEndpoint` resource to specify settings for inbound or outbound endpoints for Amazon Route 53. `AWS::Route53Resolver::ResolverRule` Use the `AWS::Route53Resolver::ResolverRule` resource to specify detailed information about a resolver rule, which specifies how to route DNS queries out of a VPC for Amazon Route 53.	November 20, 2018
Updated resources	The following resources were updated: `AWS::ApiGateway::Deployment`, `AWS::ApiGateway::Stage`, `AWS::AutoScaling::AutoScalingGroup`, `AWS::EC2::EIP`, `AWS::ElasticLoadBalancingV2::Listener`, `AWS::EMR::Cluster`, `AWS::OpsWorks::Layer`, `AWS::RDS::DBCluster`, `AWS::RDS::DBInstance`, `AWS::S3::Bucket`, and `AWS::SNS::Topic`. `AWS::ApiGateway::Deployment` In the StageDescription property type, use the `Tags` property to specify the AWS CloudFormation resource tags to associate with the stage. `AWS::ApiGateway::Stage` Use the `Tags` property to specify the AWS CloudFormation resource tags to associate with the stage. `AWS::AutoScaling::AutoScalingGroup` Use the `MixedInstancesPolicy` property to provision a combination of On-Demand Instances and Spot Instances across multiple instance types. When you create your Auto Scaling group, you can specify a launch configuration or template as a parameter for the top-level object, or you can specify a mixed instances policy, but not both at the same time. `AWS::EC2::EIP` Use the `PublicIpv4Pool` property to specify the ID of an address pool that you own to let Amazon EC2 select an address from the address pool. `AWS::ElasticLoadBalancingV2::Listener` In the Action property type: Use the `AuthenticateCognitoConfig` property to specify request parameters to use when integrating with Amazon Cognito to authenticate users. Use the `AuthenticateOidcConfig` property to request parameters when using an identity provider (IdP) that is compliant with OpenID Connect (OIDC) to authenticate users. Use the `FixedResponseConfig` property to specify information about an action that returns a custom HTTP response. Use the `RedirectConfig` property to specify information about a redirect action. `AWS::ElasticLoadBalancingV2::ListenerRule` In the Actions property type: Use the `AuthenticateCognitoConfig` property to specify request parameters to use when integrating with Amazon Cognito to authenticate users. Use the `AuthenticateOidcConfig` property to request parameters when using an identity provider (IdP) that is compliant with OpenID Connect (OIDC) to authenticate users. Use the `FixedResponseConfig` property to specify information about an action that returns a custom HTTP response. Use the `RedirectConfig` property to specify information about a redirect action. `AWS::EMR::Cluster` Use the HadoopJarStepConfig property type to specify a job flow step consisting of a JAR file whose main function will be executed. Use the StepConfig property type to specify a cluster (job flow) step. Use the KeyValue property type to specify a key value pair. In the JobFlowInstancesConfig property type, use `KeepJobFlowAliveWhenNoSteps` property to specify whether the cluster should remain available after completing all steps. `AWS::OpsWorks::Layer` In the VolumeConfiguration property type, use the `Encrypted` property to specify whether an Amazon EBS volume is encrypted. `AWS::RDS::DBCluster` Use the `DeletionProtection` property to indicate whether the DB cluster should have deletion protection enabled. The database can't be deleted when this value is set to `true`. If you want to delete a stack with a protected cluster, update this value to `false` before you delete the stack. `AWS::RDS::DBInstance` Use the `DeleteAutomatedBackups` property to indicate whether automated backups should be deleted (`true`) or retained (`false`) when you delete a DB instance. The default is `true`. Use the `DeletionProtection` property to indicate whether the DB instance should have deletion protection enabled. The database can't be deleted when this value is set to `true`. If you want to delete a stack with a protected instance, update this value to `false` before you delete the stack. `AWS::S3::Bucket` Use the `PublicAccessBlockConfiguration` property to specify the public access configuration for an Amazon S3 bucket. `AWS::SNS::Topic` Use the `KmsMasterKeyId` property to specify an AWS KMS key identifier. This can be a key ID, key ARN, or key alias.	November 19, 2018
Updated resource	The following resource was updated: `AWS::CodePipeline::Pipeline`. `AWS::CodePipeline::Pipeline` Use the `ArtifactStores` property to specify a list of `ArtifactStoreMap` mappings. There must be an artifact store for the pipeline region and for each cross-region action within the pipeline. You can only use either `ArtifactStore` or `ArtifactStores`, not both. In the Actions property type, use the `Region` property to specify the action's AWS Region, such as `us-east-1`.	November 13, 2018
Stack drift detection added	Drift detection enables you to detect whether a stack's actual configuration differs, or has drifted, from its expected template configuration as defined within AWS CloudFormation. You can have AWS CloudFormation detect drift on an entire stack, or individual stack resources. For more information, see Detecting Unmanaged Configuration Changes to Stacks and Resources.	November 13, 2018
Updated resources	The following resources have been updated: `AWS::ApiGateway::Deployment`, `AWS::ApiGateway::Stage`, `AWS::CloudWatch::Alarm`, `AWS::EC2::SecurityGroupIngress`, `AWS::IAM::Role`, `AWS::IAM::User`, `AWS::IoT::TopicRule`, `AWS::KMS::Key`, `AWS::RDS::DBCluster`, `AWS::RDS::DBInstance`, `AWS::Route53::RecordSet`, `AWS::S3::Bucket`, and `AWS::Workspaces::Workspace`. `AWS::ApiGateway::Deployment` In the StageDescription property type, use the `TracingEnabled` property to specify whether active tracing with X-Ray is enabled for this stage. `AWS::ApiGateway::Stage` Use the `TracingEnabled` property to specify whether active tracing with X-Ray is enabled for this stage. `AWS::CloudWatch::Alarm` Use the `DatapointsToAlarm` property to specify the number of datapoints that must be breaching to trigger the alarm. This is used only if you are setting an "M out of N" alarm. In that case, this value is the M. `AWS::EC2::SecurityGroupIngress` Use the `SourcePrefixListId` property to specify the AWS service prefix of an Amazon VPC endpoint. `AWS::IAM::Role` Use the `PermissionsBoundary` property to specify the policy that is used to set the permissions boundary for the role. `AWS::IAM::User` Use the `PermissionsBoundary` property to specify the policy that is used to set the permissions boundary for the user. `AWS::IoT::TopicRule` In the TopicRulePayload property type, use the `ErrorActions` property to specify the action to take when an error occurs. In the Action property type: Use the `IoTAnalytics` property to send message data to an AWS IoT Analytics channel. Use the `StepFunctionsAction` property to start execution of a Step Functions state machine. `AWS::KMS::Key` Use the `PendingWindowInDays` property to specify the waiting period, specified in number of days, after which AWS Key Management Service deletes the AWS KMS key. `AWS::RDS::DBInstance` Use the `EnableCloudwatchLogsExports` property to specify the list of log types that need to be enabled for exporting to CloudWatch Logs. Use the `EnableIAMDatabaseAuthentication` property to enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts. Use the `EnablePerformanceInsights` property to enable Performance Insights for the DB instance. Use the `PerformanceInsightsKMSKeyId` property to specify the KMS key identifier for encryption of Performance Insights data. The KMS key ID is the Amazon Resource Name (ARN), KMS key identifier, or the KMS key alias for the AWS KMS encryption key. Use the `PerformanceInsightsRetentionPeriod` property to specify the amount of time, in days, to retain Performance Insights data. Use the `ProcessorFeatures` property to specify the number of CPU cores and the number of threads per core for the DB instance class of the DB instance. Use the `PromotionTier` property to specify the order in which an Aurora Replica is promoted to the primary instance after a failure of the existing primary instance. `AWS::RDS::DBCluster` Use the `EnableCloudwatchLogsExports` property to specify the list of log types that need to be enabled for exporting to CloudWatch Logs. Use the `EnableIAMDatabaseAuthentication` property to enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts. Use the `BacktrackWindow` property to specify the target backtrack window, in seconds. To disable backtracking, specify 0. If specified, this property must be set to a number from 0 to 259,200 (72 hours). `AWS::Route53::RecordSet` Use the `MultiValueAnswer` property to route traffic approximately randomly to multiple resources, such as web servers. Create one multivalue answer record for each resource and specify true for `MultiValueAnswer`. `AWS::S3::Bucket` Use the `RegionalDomainName` attribute with the `Fn::GetAtt` function to return the regional domain name of the specified bucket. `AWS::Workspaces::Workspace` Use the `Tags` property to specify the tags (key-value pairs) that you want to attach to the WorkSpace. Use the `WorkspaceProperties` property to specify information about a WorkSpace.	November 9, 2018
The secretsmanager dynamic reference is now available	Use the `secretsmanager` dynamic reference to retrieve entire secrets or secret values that are stored in AWS Secrets Manager for use in your templates. Secrets can be database credentials, passwords, third-party API keys, and even arbitrary text. Using the `secretsmanager` dynamic reference guarantees that neither Secrets Manager nor CloudFormation logs or persists any resolved secret value. For more information, see Using Dynamic References to Specify Template Values.	November 9, 2018
New resources	The following resources were added: `AWS::DLM::LifecyclePolicy`, `AWS::SecretsManager::ResourcePolicy`, `AWS::SecretsManager::RotationSchedule`, `AWS::SecretsManager::Secret`, and `AWS::SecretsManager::SecretTargetAttachment`. `AWS::DLM::LifecyclePolicy` The `AWS::DLM::LifecyclePolicy` resource creates a lifecycle policy for Amazon Data Lifecycle Manager. `AWS::SecretsManager::ResourcePolicy` Use the `AWS::SecretsManager::ResourcePolicy` resource to define a resource-based policy and attach it to a secret that's stored in Secrets Manager. `AWS::SecretsManager::RotationSchedule` Use the `AWS::SecretsManager::RotationSchedule` resource to configure rotation for a secret. `AWS::SecretsManager::Secret` Use the `AWS::SecretsManager::Secret` resource to create a secret and stores it in Secrets Manager. `AWS::SecretsManager::SecretTargetAttachment` Use the `AWS::SecretsManager::SecretTargetAttachment` resource to complete the final link between a Secrets Manager secret and its associated database.	November 9, 2018
Updated resource	The following resource was updated: `AWS::SSM:MaintenanceWindow`. `AWS::SSM:MaintenanceWindow` Use the `StartDate` and `StartDate` property types to specify when you want the Maintenance Window to become active or inactive. Use the `ScheduleTimezone` property type to specify the time zone to base scheduled Maintenance Window executions on, in Internet Assigned Numbers Authority (IANA) format.	November 1, 2018
Updated resources	The following resources were updated: `AWS::AppSync::DataSource`, `AWS::AppSync::Resolver`, `AWS::AutoScalingPlans::ScalingPlan`, `AWS::Batch::JobDefinition`, `AWS::Batch::ComputeEnvironment`, `AWS::CloudWatch::Alarm`, `AWS::IoT1Click::Placement`, and `AWS::IoT1Click::Project`. `AWS::AppSync::DataSource` Use the `RelationalDatabaseConfig` property type to specify RelationalDatabaseConfig for an AWS AppSync data source. In the `HttpConfig` property type, use the `AuthorizationConfig` property to specify the authorization type and configurations for an AWS AppSync http data source. `AWS::AppSync::Resolver` Use the `PipelineConfig` property type to specify PipelineConfig for an AWS AppSync data source to connect with functions. `AWS::AutoScalingPlans::ScalingPlan` Use the `ScalingInstruction` property type to configure predictive scaling as part of the scaling configuration for an Amazon EC2 Auto Scaling group in an AWS Auto Scaling scaling plan. Use the `PredefinedLoadMetricSpecification` property type to specify a predefined load metric for predictive scaling to use with AWS Auto Scaling. Use the `CustomizedLoadMetricSpecification` property type to specify a customized load metric for predictive scaling to use with AWS Auto Scaling. `AWS::Batch::JobDefinition` The `AWS::Batch::JobDefinition` resource was updated to support AWS Batch multi-node parallel jobs. `AWS::Batch::ComputeEnvironment` The `AWS::Batch::ComputeEnvironment` resource was updated to support Amazon EC2 launch templates and placement groups. `AWS::CloudWatch::Alarm` Use the `Metrics` property to specify the metric data to return. The `MetricName`, `Namespace`, and `Period` properties are now optional. `AWS::IoT1Click::Placement` The `PlacementName` property is now optional. `AWS::IoT1Click::Project` The `ProjectName` property is now optional.	October 25, 2018
New resources	The following resources were added: `AWS::AppStream::DirectoryConfig`, `AWS::AppStream::Fleet`, `AWS::AppStream::ImageBuilder`, `AWS::AppStream::Stack`, `AWS::AppStream::StackFleetAssociation`, `AWS::AppStream::StackUserAssociation`, `AWS::AppStream::User`. `AWS::AppStream::DirectoryConfig` Use the `AWS::AppStream::DirectoryConfig` resource to describe the configuration information required to join Amazon AppStream 2.0 fleets and image builders to Microsoft Active Directory domains. `AWS::AppStream::Fleet` Use the `AWS::AppStream::Fleet` resource to create a fleet for Amazon AppStream 2.0. A fleet consists of streaming instances that run a specified image. `AWS::AppStream::ImageBuilder` Use the `AWS::AppStream::ImageBuilder` resource to create an image builder for Amazon AppStream 2.0. `AWS::AppStream::Stack` Use the `AWS::AppStream::Stack` resource to create a stack to start streaming applications to Amazon AppStream 2.0 users. `AWS::AppStream::StackFleetAssociation` Use the `AWS::AppStream::StackFleetAssociation` resource to associate a fleet with a stack for Amazon AppStream 2.0. `AWS::AppStream::StackUserAssociation` Use the `AWS::AppStream::StackUserAssociation` resource to associate the specified stacks with the specified users for Amazon AppStream 2.0. Users in a user pool cannot be assigned to stacks with fleets that are joined to an Active Directory domain. `AWS::AppStream::User` Use the `AWS::AppStream::User` resource to create a new user in the user pool for Amazon AppStream 2.0.	October 25, 2018
Updated resource	Updated the following resources: `AWS::AmazonMQ::Broker`, `AWS::GuardDuty::Detector`, and `AWS::SSM::PatchBaseline`. `AWS::AmazonMQ::Broker` Amazon MQ now supports engine versions 5.15.6 and 5.15.0. Property changes include: The `EngineVersion` property now requires some interruptions upon update. The `AutoMinorVersionUpgrade` property now requires no interruption upon update. `AWS::GuardDuty::Detector` Use the `FindingPublishingFrequency` property to specify the frequency of notifications sent about the subsequent finding occurrences. `AWS::SSM::PatchBaseline` Use the `PatchSource` property type to provide information about the patches to use to update target instances.	October 18, 2018
New resource	Added the `AWS::Events::EventBusPolicy` resource. `AWS::Events::EventBusPolicy` Use the `AWS::Events::EventBusPolicy` resource to grant permission to other AWS accounts that send events to your account.	October 18, 2018
UseOnlineResharding update policy now available	To modify a replication group's shards by adding or removing shards, rather than replacing the entire `AWS::ElastiCache::ReplicationGroup` resource, use the `UseOnlineResharding` update policy. For more information, see UseOnlineResharding Policy.	September 20, 2018
Updated resources	The following resources have been updated: `AWS::ApiGateway::Deployment`, `AWS::ApiGateway::Method`, `AWS::ApiGateway::Stage`, `AWS::ApiGateway::UsagePlan`, `AWS::CodeBuild::Project`, `AWS::CodeDeploy::DeploymentGroup`, `AWS::EC2::FlowLog`, `AWS::EC2::SpotFleet`, `AWS::EC2::VPCEndpoint`, `AWS::ECS::Service`, `AWS::ECS::TaskDefinition`, and `AWS::RDS::DBCluster`. `AWS::ApiGateway::Deployment` Use the `DeploymentCanarySettings` property to specify settings for the canary deployment. In the StageDescription property type: Use the `AccessLogSetting` property to specify settings for logging access in this stage. Use the `CanarySetting` property to specify settings for the canary deployment in this stage. `AWS::ApiGateway::Method` Use the `AuthorizationScopes` property to specify a list of authorization scopes configured on the method. In the Integration: Use the `ConnectionId` property to specify the ID of the VpcLink used for the integration when `connectionType=VPC_LINK`. Use the `ConnectionType` property to specify the type of the network connection to the integration endpoint. Use the `TimeoutInMillis` property to specify a custom timeout between 50 and 29,000 milliseconds. `AWS::ApiGateway::Stage` Use the `AccessLogSetting` property to specify settings for logging access in this stage. Use the `CanarySetting` property to specify settings for the canary deployment in this stage. `AWS::ApiGateway::UsagePlan` In the ApiStage property type, use the `Throttle` property to specify a map containing method-level throttling information for API stage in a usage plan. `AWS::CodeBuild::Project` Use the `LogsConfig` property specify logs for a project. Logs can be CloudWatch Logs, uploaded to a specified S3 bucket, or both. In the LogsConfig property type: Use the `CloudWatchLogs` property to specify details about CloudWatch Logs. Use the `S3Logs` property to specify details about logs that are uploaded to an S3 bucket. `AWS::CodeDeploy::DeploymentGroup` Use the `Ec2TagSet` property to specify information about groups of tags applied to EC2 instances. The deployment group will include only EC2 instances identified by all the tag groups. Use the `OnPremisesInstanceTagSet` property to specify information about groups of tags applied to on-premises instances. The deployment group will include only on-premises instances identified by all the tag groups. The `DeliverLogsPermissionArn` and `LogGroupName` properties are no longer required. `AWS::EC2::FlowLog` Use the `LogDestination` property to specify the destination to which the flow log data is to be published. Use the `LogDestinationType` property to specify the type of destination to which the flow log data is to be published. Flow log data can be published to Amazon CloudWatch Logs or Amazon S3. `AWS::EC2::SpotFleet` In the `SpotFleetRequestConfigData` property type, use the `InstanceInterruptionBehavior` property to specify the behavior when a Spot Instance is interrupted. In the `SpotFleetRequestConfigData` property type, use the `LoadBalancersConfig` property to specify one or more Classic Load Balancers and target groups to attach to the Spot Fleet request. Spot Fleet registers the running Spot Instances with the specified Classic Load Balancers and target groups. In the `Placement` property type, use the `Tenancy` property to specify the tenancy of the instance (if the instance is running in a VPC). An instance with a tenancy of dedicated runs on single-tenant hardware. The host tenancy isn't supported for Spot Instances. `AWS::EC2::VPCEndpoint` Use the following attributes with the `Fn::GetAtt` function to return attribute values. Use `CreationTimestamp` to return the date and time the VPC endpoint was created. Use `DnsEntries` to return the DNS entries for the endpoint. Use `NetworkInterfaceIds` to return the network interfaces for the endpoint. `AWS::ECS::Service` The `ServiceRegistries` property now requires replacement upon update. Use the `SchedulingStrategy` property to specify the scheduling strategy to use for the service. In the ServiceRegistry property type: Use the `ContainerName` property to specify the container name value, already specified in the task definition, to be used for your service discovery service. Use the `ContainerPort` property to specify the port value, already specified in the task definition, to be used for your service discovery service. `AWS::ECS::TaskDefinition` In the LinuxParameters property type: Use the `Tmpfs` property to specify the container path, mount options, and size of the tmpfs mount. Use the `SharedMemorySize` property to specify the size (in MiB) of the `/dev/shm` volume. In the Volumes property type, use the `DockerVolumeConfiguration` property to specify the configuration of a Docker volume. In the ContainerDefinition property type, use the `RepositoryCredentials` property to specify the repository credentials for private registry authentication. `AWS::ElastiCache::ReplicationGroup` The `NodeGroupConfiguration` and `NumNodeGroups` properties are now conditional for some update operations. In the NodeGroupConfiguration property type, use the `NodeGroupId` property to specify either the ElastiCache (Redis OSS) supplied 4-digit id or a user supplied id for the node group these configuration values apply to. `AWS::RDS::DBCluster` Use the `EngineMode` property to specify the DB engine mode of the DB cluster. Use the `ScalingConfiguration` property to specify the scaling properties of the DB cluster, for DB clusters in `serverless` DB engine mode.	September 20, 2018
New resources	The following resources were added: `AWS::IoT1Click::Device`, `AWS::IoT1Click::Placement`, and `AWS::IoT1Click::Project`. `AWS::IoT1Click::Device` Use the `AWS::IoT1Click::Device` resource to change the enabled state of an AWS IoT 1-Click compatible device. `AWS::IoT1Click::Placement` Use the `AWS::IoT1Click::Placement` resource to create an empty AWS IoT 1-Click placement. `AWS::IoT1Click::Project` Use the `AWS::IoT1Click::Project` resource to create an empty project with a placement template.	September 20, 2018
New resource	Added the `AWS::CloudFormation::Macro` resource. `AWS::CloudFormation::Macro` Use the `AWS::CloudFormation::Macro` resource to create a template macro to perform custom processing on AWS CloudFormation templates.	September 6, 2018
Macros now available	Use macros to perform custom processing on templates, from simple actions like find-and-replace operations to extensive transformations of entire templates. See Using AWS CloudFormation Macros to Perform Custom Processing on Templates for more information.	September 6, 2018
Updated resources	Added the Logs property to `AWS::AmazonMQ::Broker`. Added the SecondaryArtifacts and SecondarySources properties to `AWS::CodeBuild::Project`. `AWS::AmazonMQ::Broker` Use the `Logs` property to enable general or audit logging for an Amazon MQ broker. `AWS::CodeBuild::Project` In the Artifacts property type, you can use the `SecondaryArtifacts` property to specify secondary artifacts for a build project. You can use the `SecondarySources` property to specify secondary inputs for a build project.	August 30, 2018
Updated resources	Added the Configuration property to `AWS::Glue::Crawler`. Added the JsonClassifier and XMLClassifier properties to `AWS::Glue::Classifier`. `AWS::Glue::Crawler` Use the `Configuration` property to specify crawler configuration information. This versioned JSON string allows users to specify aspects of a crawler's behavior. `AWS::Glue::Classifier` Use the `JsonClassifier` property to specify AWS Glue classifier for JSON. Use the `XMLClassifier` property to specify AWS Glue classifier for XML content.	August 23, 2018
AWS CloudFormation now supports VPC endpoints powered by PrivateLink	You can use a VPC endpoint to create a private connection between your VPC and AWS CloudFormation without requiring access over the Internet, through a NAT instance, a VPN connection, or AWS Direct Connect. For more information, see Setting Up VPC Endpoints for AWS CloudFormation.	August 22, 2018
Dynamic references support secure strings	Use new dynamic references to specify values that are stored and managed in other services, including Systems Manager Parameter Store SecureString type parameters, in your stack templates. For more information, see Using Dynamic References to Specify Template Values.	August 16, 2018
Updated resources	The following resources were updated: `AWS::ApiGateway::DomainName`, `AWS::CertificateManager::Certificate`, `AWS::EC2::VPCPeeringConnection`, `AWS::EFS::FileSystem`, `AWS::EMR::Cluster`, `AWS::RDS::DBClusterParameterGroup`, `AWS::SNS::Subscription`, and `AWS::SQS::Queue`. `AWS::ApiGateway::DomainName` Use the following attributes with the `Fn::GetAtt` intrinsic function: The `DistributionHostedZoneId` attribute returns the region-agnostic Route 53 Hosted Zone ID of the edge-optimized endpoint. The `RegionalDomainName` attribute returns the domain name associated with the regional endpoint for this custom domain name. The `RegionalHostedZoneId` attribute returns the region-specific Route 53 Hosted Zone ID of the regional endpoint. `AWS::CertificateManager::Certificate` Use the `ValidationMethod` property to specify the method you want to use if you are requesting a public certificate to validate that you own or control a domain. `AWS::EC2::VPCPeeringConnection` Use the `PeerRegion` property to specify the region code for the accepter VPC, if the accepter VPC is located in a region other than the region in which you make the request. `AWS::EFS::FileSystem` Use the `ProvisionedThroughputInMibps` property to specify the throughput, measured in MiB/s, that you want to provision for a file system that you're creating. Use the `ThroughputMode` property to specify the throughput mode for the file system to be created. `AWS::EMR::Cluster` Use the `KerberosAttributes` property to specify attributes for Kerberos configuration when Kerberos authentication is enabled using a security configuration. `AWS::RDS::DBClusterParameterGroup` The `Tags` property now requires no interruption to update. `AWS::SNS::Subscription` Use the `DeliveryPolicy` property to specify the JSON serialization of the subscription's delivery policy. Use the `FilterPolicy` property to specify the filter policy JSON that is assigned to the subscription. Use the `RawMessageDelivery` property to specify if raw message delivery is enabled for the subscription. Use the `Region` property to specify the region in which the topic resides. `AWS::SQS::Queue` Use the `Tags` property to specify the tags that you want to attach to this queue.	August 15, 2018
Updated resource	Added the SSESpecification property to `AWS::DAX::Cluster`. `AWS::DAX::Cluster` Use the `SSESpecification` property to specify the settings to enable server-side encryption.	August 9, 2018
New resource	Added the `AWS::EC2::VPCEndpointServicePermissions` resource. `AWS::EC2::VPCEndpointServicePermissions` Grant or revoke permissions for service consumers to connect the VPC endpoint service.	August 9, 2018
Updated resource	Added the OverrideArtifactName property to `AWS::CodeBuild::Project`. `AWS::CodeBuild::Project` In the Artifacts property type, set the `OverrideArtifactName` property to true to override the artifact name with a name specified in the buildspec file. The name specified in a buildspec file is calculated at build time and uses the Shell command language. For example, you can append a date and time to your artifact name so that it is always unique.	August 7, 2018
Updated resource	Added the EncryptionDisabled property to `AWS::CodeBuild::Project`. `AWS::CodeBuild::Project` In the Artifacts property type, set the `EncryptionDisabled` property to true to disable encryption for build output artifacts. This option is only valid if your artifact type is Amazon S3. If this is set to true with another artifact type, an invalidInputException will be thrown.	July 26, 2018
Updated resource	Added the Timeout property to `AWS::Batch::JobDefinition`. `AWS::Batch::JobDefinition` Use the `Timeout` property type to specify a job timeout configuration.	July 19, 2018
New resource	The following resource was added: `AWS::IAM::ServiceLinkedRole`. `AWS::IAM::ServiceLinkedRole` Use the `AWS::IAM::ServiceLinkedRole` resource to create a service-linked role in IAM. A service-linked role is a unique type of IAM role that is linked directly to an AWS service. Service-linked roles are predefined by the service and include all the permissions that the service requires to call other AWS services on your behalf.	July 19, 2018
Updated resources	Added the FieldLevelEncryptionId property to `AWS::CloudFront::Distribution` property types. `AWS::CloudFront::Distribution` In the CacheBehavior and DefaultCacheBehavior property types, use the `FieldLevelEncryptionId` property to specify the ID for the field-level encryption configuration that you want CloudFront to use for encrypting specific fields of data for a cache behavior or for the default cache behavior.	July 18, 2018
Updated resource	Added the HttpConfig property to `AWS::AppSync::DataSource`. `AWS::AppSync::DataSource` Use the `HttpConfig` property type to specify HttpConfig for an AWS AppSync data source.	July 12, 2018
Updated resource	Added the ReportBuildStatus property to `AWS::CodeBuild::Project`. `AWS::CodeBuild::Project` In the Source property type, use the `ReportBuildStatus` property to specify whether to send your source provider the status of a build's start and completion.	July 10, 2018
New resource	The following resource was added: `AWS::CodePipeline::Webhook`. `AWS::CodePipeline::Webhook` Use the `AWS::CodePipeline::Webhook` resource to create a webhook that connects your pipeline to an external event, such as a GitHub source repository change, which triggers your pipeline to start every time the external event occurs.	July 5, 2018
Updated resource	Added the following properties to `AWS::EC2::VPCEndpoint`: PrivateDnsEnabled, SecurityGroupIds, SubnetIds, and VpcEndpointType. `AWS::EC2::VPCEndpoint` Use the `PrivateDnsEnabled` property to indicate whether to associate a private hosted zone with the specified VPC. Use the `SecurityGroupIds` property to specify the ID of one or more security groups to associate with the endpoint network interface. Use the `SubnetIds` property to specify the ID of one or more subnets in which to create an endpoint network interface. Use the `VpcEndpointType` property to specify the type of endpoint.	June 21, 2018
New resources	The following resources were added: `AWS::EC2::VPCEndpointConnectionNotification` and `AWS::EC2::VPCEndpointService`. `AWS::EC2::VPCEndpointConnectionNotification` Use the `AWS::EC2::VPCEndpointConnectionNotification` resource to create a connection notification for the specified VPC endpoint or VPC endpoint service. `AWS::EC2::VPCEndpointService` Use the `AWS::EC2::VPCEndpointService` resource to create a VPC endpoint service configuration to which service consumers (AWS accounts, IAM users, and IAM roles) can connect.	June 21, 2018
Updated resource	Added the following property to `AWS::ServiceDiscovery::Service`: HealthCheckCustomConfig. `AWS::ServiceDiscovery::Service` Use the `HealthCheckCustomConfig` property to specify information about an optional custom health check.	June 14, 2018
New resources	The following new resources were released: `AWS::AmazonMQ::Broker` and `AWS::AmazonMQ::Configuration`. `AWS::AmazonMQ::Broker` Use the `AWS::AmazonMQ::Broker` resource to create a broker, add configuration changes or modify users for the specified broker, return information about the specified broker, or delete the specified broker. `AWS::AmazonMQ::Configuration` Use the `AWS::AmazonMQ::Configuration` resource to create a configuration, update the specified configuration, or return information about the specified configuration.	June 14, 2018
New resource	The following resource was added: `AWS::SSM::ResourceDataSync`. `AWS::SSM::ResourceDataSync` Use the `AWS::SSM::ResourceDataSync` resource to create or delete a Resource Data Sync for Systems Manager Inventory. You can use Resource Data Sync to send Inventory data collected from all your Systems Manager managed instances to a single Amazon S3 bucket.	June 11, 2018
New resource	The following resource was released: `AWS::EKS::Cluster`. `AWS::EKS::Cluster` Use the `AWS::EKS::Cluster` resource to create Amazon EKS clusters.	June 5, 2018
Updated resource	For the `AWS::GuardDuty::Master` resource, the InvitationId property is now optional. `AWS::GuardDuty::Master` The `InvitationId` property is now optional.	May 31, 2018
New resources	The following new resources were released: `AWS::SageMaker::Endpoint`, `AWS::SageMaker::EndpointConfig`, `AWS::SageMaker::Model`, `AWS::SageMaker::NotebookInstance`, and `AWS::SageMaker::NotebookInstanceLifecycleConfig`. `AWS::SageMaker::Endpoint` Use the `AWS::SageMaker::Endpoint` resource to create a Amazon SageMaker endpoint to host trained models. `AWS::SageMaker::EndpointConfig` Use the `AWS::SageMaker::EndpointConfig` resource to create a configuration for an endpoint. `AWS::SageMaker::Model` Use the `AWS::SageMaker::Model` resource to create a model to host at an Amazon SageMaker endpoint. `AWS::SageMaker::NotebookInstance` Use the `AWS::SageMaker::NotebookInstance` resource to create an Amazon SageMaker notebook instance. `AWS::SageMaker::NotebookInstanceLifecycleConfig` Use the `AWS::SageMaker::NotebookInstanceLifecycleConfig` resource to specify shell scripts that run when you create or start a notebook instance.	May 31, 2018
Stack sets now support customized execution roles	Use customized execution roles in target accounts to control the stack resources that users or groups can include in their stack sets. For more information, see Granting Permissions for Stack Set Operations.	May 30, 2018
Selective updates of stack instances	Use the optional Accounts and Regions parameters to specify the accounts and regions in which to update stack instances during a stack set update operation. For more information, see `UpdateStackSet` in the AWS CloudFormation API Reference.	May 30, 2018
New resources	The following new resources were released: `AWS::Neptune::DBCluster`, `AWS::Neptune::DBClusterParameterGroup`, `AWS::Neptune::DBInstance`, `AWS::Neptune::DBParameterGroup`, and `AWS::Neptune::DBSubnetGroup`. `AWS::Neptune::DBCluster` Use the `AWS::Neptune::DBCluster` resource to create an Amazon Neptune DB cluster. `AWS::Neptune::DBClusterParameterGroup` Use the `AWS::Neptune::DBClusterParameterGroup` resource to create a DB cluster parameter group. `AWS::Neptune::DBInstance` Use the `AWS::Neptune::DBInstance` resource to create an Amazon Neptune database instance. `AWS::Neptune::DBParameterGroup` Use the `AWS::Neptune::DBParameterGroup` resource to create a custom parameter group for Amazon Neptune. `AWS::Neptune::DBSubnetGroup` Use the `AWS::Neptune::DBSubnetGroup` resource to create an Amazon Neptune database subnet group that contains subnets.	May 30, 2018
Updated resources	The following resources were updated: `AWS::ApiGateway::RestApi`, `AWS::AutoScaling::AutoScalingGroup`, `AWS::AutoScaling::LaunchConfiguration`, `AWS::DirectoryService::MicrosoftAD`, `AWS::DynamoDB::Table`, `AWS::EC2::Instance`, `AWS::ECS::Service`, `AWS::ECS::TaskDefinition`, `AWS::Elasticsearch::Domain`, `AWS::IAM::Role`, `AWS::KinesisFirehose::DeliveryStream`, `AWS::Lambda::EventSourceMapping`, `AWS::Logs::MetricFilter`, and `AWS::SSM::Association`. `AWS::ApiGateway::RestApi` Use the `Policy` property to specify a policy document that contains the permissions for the specified RestAPI. `AWS::AutoScaling::AutoScalingGroup` Use the `ServiceLinkedRoleARN` property to specify the Amazon Resource Name (ARN) of the service-linked role that the Auto Scaling group uses to call other AWS services on your behalf. `AWS::AutoScaling::LaunchConfiguration` Use the `LaunchConfigurationName` property to specify the name of the launch configuration. `AWS::DirectoryService::MicrosoftAD` Use the `Edition` property to specify the AWS Microsoft AD edition to use. `AWS::DynamoDB::Table` Use the `PointInTimeRecoverySpecification` property to specify the settings used to enable point in time recovery. `AWS::EC2::Instance` Use the `LaunchTemplate` property to specify the launch template to use for an Amazon EC2 instance. `AWS::ECS::Service` Use the `ServiceRegistry` property type to specify the details of the service registry. `AWS::ECS::TaskDefinition` Use the `HealthCheck` property type to specify a container health check. `AWS::Elasticsearch::Domain` Use the `EncryptionAtRestOptions` property type to specify whether the domain should encrypt data at rest, and if so, the AWS Key Management Service key to use. `AWS::IAM::Role` Use the `RoleId` attribute to have `Fn::GetAtt` return the stable and unique string identifying the role. Use the `MaxSessionDuration` property to specify the maximum session duration (in seconds) for the specified role. `AWS::KinesisFirehose::DeliveryStream` Use the `SplunkDestinationConfiguration` property to specify the configuration of a destination in Splunk for a Firehose delivery stream. `AWS::Lambda::EventSourceMapping` The `StartingPosition` property is no longer required. `AWS::Logs::MetricFilter` In the MetricTransformation property type, use the `DefaultValue` property to specify the value to emit when a filter pattern doesn't match a log event. `AWS::SSM::Association` Use the `OutputLocation` property to specify an Amazon S3 bucket where you want to store the results of an association request.	May 24, 2018
New resources	The following new resources were released: `AWS::ServiceCatalog::AcceptedPortfolioShare`, `AWS::ServiceCatalog::CloudFormationProduct`, `AWS::ServiceCatalog::LaunchNotificationConstraint`, `AWS::ServiceCatalog::LaunchRoleConstraint`, `AWS::ServiceCatalog::LaunchTemplateConstraint`, `AWS::ServiceCatalog::Portfolio`, `AWS::ServiceCatalog::PortfolioPrincipalAssociation`, `AWS::ServiceCatalog::PortfolioProductAssociation`, `AWS::ServiceCatalog::PortfolioShare`, `AWS::ServiceCatalog::TagOption`, and `AWS::ServiceCatalog::TagOptionAssociation`. `AWS::ServiceCatalog::AcceptedPortfolioShare` Use the `AWS::ServiceCatalog::AcceptedPortfolioShare` resource to accept an offer to share the specified portfolio for Service Catalog. `AWS::ServiceCatalog::CloudFormationProduct` Use the `AWS::ServiceCatalog::CloudFormationProduct` resource to create a product for Service Catalog. `AWS::ServiceCatalog::LaunchNotificationConstraint` Use the `AWS::ServiceCatalog::LaunchNotificationConstraint` resource to create a notification constraint for Service Catalog. `AWS::ServiceCatalog::LaunchRoleConstraint` Use the `AWS::ServiceCatalog::LaunchRoleConstraint` resource to create a launch constraint for Service Catalog. `AWS::ServiceCatalog::LaunchTemplateConstraint` Use the `AWS::ServiceCatalog::LaunchTemplateConstraint` resource to create a template constraint for Service Catalog. `AWS::ServiceCatalog::Portfolio` Use the `AWS::ServiceCatalog::Portfolio` resource to create a portfolio for Service Catalog. `AWS::ServiceCatalog::PortfolioPrincipalAssociation` Use the `AWS::ServiceCatalog::PortfolioPrincipalAssociation` resource to associate a principal with a portfolio for Service Catalog. `AWS::ServiceCatalog::PortfolioProductAssociation` Use the `AWS::ServiceCatalog::PortfolioProductAssociation` resource to associate a product with a portfolio for Service Catalog. `AWS::ServiceCatalog::PortfolioShare` Use the `AWS::ServiceCatalog::PortfolioShare` resource to share a portfolio for Service Catalog. `AWS::ServiceCatalog::TagOption` Use the `AWS::ServiceCatalog::TagOption` resource to create a TagOption. `AWS::ServiceCatalog::TagOptionAssociation` Use the `AWS::ServiceCatalog::TagOptionAssociation` resource to associate a TagOption with a resource for Service Catalog.	May 24, 2018
AWS CloudFormation now creates S3 buckets with encryption enabled	For Amazon S3 buckets that AWS CloudFormation creates to store uploaded stack templates, server-side encryption is now enabled by default, thereby encrypting all objects stored in those buckets. For more information, see Selecting a Stack Template.	May 24, 2018
New resource	The following resource was released: `AWS::Budgets::Budget`. `AWS::Budgets::Budget` Use the `AWS::Budgets::Budget` resource to create a budget.	May 22, 2018
FIPS endpoints added	AWS CloudFormation now offers new endpoints which use FIPS 140-2 validated cryptographic modules in the following public US regions: US-East-1, US-East-2, US-West-1, and US-West-2. See Regions and Endpoints in the Amazon Web Services General Reference for the new FIPS-compliant endpoint URLs.	May 17, 2018
New resource	The following resource was released: `AWS::AutoScalingPlans::ScalingPlan`. `AWS::AutoScalingPlans::ScalingPlan` Use the `AWS::AutoScalingPlans::ScalingPlan` resource to create a scaling plan for the scalable resources for your application.	May 9, 2018
New resource	The following resource was released: `AWS::GuardDuty::Filter`. `AWS::GuardDuty::Filter` Use the `AWS::GuardDuty::Filter` resource to create a filter for your GuardDuty findings.	May 8, 2018
Updated resources	The following resources were updated: `AWS::AppSync::GraphQLApi` and `AWS::GuardDuty::Member`. `AWS::AppSync::GraphQLApi` Use the `OpenIDConnectConfig` property to specify the authorization configuration for using an OpenId Connect compliant service with your GraphQL endpoint. `AWS::GuardDuty::Member` Use the `DisableEmailNotification` property to specify whether an email notification is to be sent to the accounts that you want to invite to GuardDuty as members. When set to 'True', email notification is not sent to the invitees.	May 1, 2018
New resource	The following resource was released: `AWS::ServiceCatalog::CloudFormationProvisionedProduct`. `AWS::ServiceCatalog::CloudFormationProvisionedProduct` Use the `AWS::ServiceCatalog::CloudFormationProvisionedProduct` resource to provision the specified product for Service Catalog.	May 1, 2018

Earlier updates

The following table describes important changes in each release of the AWS CloudFormation User Guide before May 2018.

Change	Release Date	Description	API Version
Updated resources	July 22, 2019	Use the `encryptionOptions` property to specify an AWS owned key or a customer managed key for Amazon MQ brokers.	2010-05-15
Stack set naming convention	April 10, 2018	AWS CloudFormation stacks created using stack sets now follow a new naming convention, in which the stack name contains the stack set name.	2010-05-15
New resources	April 10, 2018	`AWS::AppSync::ApiKey` Use the `AWS::AppSync::ApiKey` resource to create a unique key that you can distribute to clients who are executing GraphQL operations with AWS AppSync. `AWS::AppSync::DataSource` Use the `AWS::AppSync::DataSource` resource to create data sources for resolvers in AWS AppSync. `AWS::AppSync::GraphQLApi` Use the `AWS::AppSync::GraphQLApi` resource to create a new AWS AppSync GraphQL API. `AWS::AppSync::GraphQLSchema` Use the `AWS::AppSync::GraphQLSchema` resource to create the data model for your AWS AppSync GraphQL API. `AWS::AppSync::Resolver` Use the `AWS::AppSync::Resolver` resource to define the logical GraphQL resolver that you will attach to fields in a schema.	2010-05-15
Updated resource	April 10, 2018	`AWS::Config::ConfigurationAggregator` Use the `OrganizationAggregationSource` property type to specify the regions of AWS Config data to aggregate into an AWS Config configuration aggregator and the IAM role to use to retrieve AWS Organizations details.	2010-05-15
New resources	April 4, 2018	`AWS::Config::AggregationAuthorization` Use the `AWS::Config::AggregationAuthorization` resource to grant permission to an aggregator account to collect your AWS Config data. `AWS::Config::ConfigurationAggregator` Use the `AWS::Config::ConfigurationAggregator` resource to create a configuration aggregator for AWS Config.	2010-05-15
Stack sets now support customized administrator roles	March 29, 2018	Use customized administrator roles to control which users or groups can manage specific stack sets within the same administrator account. For more information, see Granting Permissions for Stack Set Operations.	2010-05-15
New resource	March 29, 2018	`AWS::EC2::LaunchTemplate` Use the `AWS::EC2::LaunchTemplate` resource to create a launch template for an Amazon EC2 instance.	2010-05-15
Updated resources	March 29, 2018	`AWS::AutoScaling::AutoScalingGroup` Use the `LaunchTemplate` property to specify the launch template to use to launch instances. `AWS::EC2::SpotFleet` In the SpotFleetRequestConfigData property type, use the `LaunchTemplateConfigs` property to describe a launch template and overrides.	2010-05-15
New `Fn::Cidr` intrinsic function	March 6, 2018	Returns the specified Cidr address block. For more information, see `Fn::Cidr`.	2010-05-15
New resources	March 6, 2018	`AWS::ApiGateway::VpcLink` Use the `AWS::ApiGateway::VpcLink` resource to specify an API Gateway VPC link for a `AWS::ApiGateway::RestApi` to access resources in an Amazon Virtual Private Cloud (VPC). `AWS::GuardDuty::Master` Use the `AWS::GuardDuty::Master` resource to create a GuardDuty primary account. `AWS::GuardDuty::Member` Use the `AWS::GuardDuty::Member` resource to create a GuardDuty member account. `AWS::SES::ConfigurationSet` Use the `AWS::SES::ConfigurationSet` resource to create groups of rules that you can apply to the emails you send. `AWS::SES::ConfigurationSetEventDestination` Use the `AWS::SES::ConfigurationSetEventDestination` resource to specify a configuration set event destination. `AWS::SES::ReceiptFilter` Use the `AWS::SES::ReceiptFilter` resource to specify whether to accept or reject mail originating from an IP address or range of IP addresses. `AWS::SES::ReceiptRule` Use the `AWS::SES::ReceiptRule` resource to specify which actions Amazon SES should take when it receives mail on behalf of one or more email addresses or domains that you own. `AWS::SES::ReceiptRuleSet` Use the `AWS::SES::ReceiptRuleSet` resource to specify an empty rule set for Amazon SES. `AWS::SES::Template` Use the `AWS::SES::Template` resource to specify the content of the email, composed of a subject line, an HTML part, and a text-only part.	2010-05-15
Updated resources	March 6, 2018	`AWS::AutoScaling::AutoScalingGroup` Use the `AutoScalingGroupName` property to specify the name of the Auto Scaling group. `AWS::ApiGateway::RestApi` Use the `ApiKeySourceType` property to specify the source of the API key for metering requests according to a usage plan. Use the `MinimumCompressionSize` property to specify a nullable integer that's used to enable compression or disable compression on an API. `AWS::ApplicationAutoScaling::ScalingPolicy` In the TargetTrackingScalingPolicyConfiguration property type, use the `DisableScaleIn` property to specify whether scale in by the target tracking policy is disabled. `AWS::EC2::SpotFleet` In the LaunchSpecifications property type, use the `TagSpecifications` property to specify the tags to apply during SpotFleet creation. `AWS::Elasticsearch::Domain` Use the `Arn` attribute to have `Fn::GetAtt` return the Amazon Resource Name (ARN) of the domain. The `DomainArn` attribute of `Fn::GetAtt` has been deprecated. `AWS::RDS::DBCluster` Use the `DBClusterIdentifier` property to specify the DB cluster identifier. `AWS::RDS::DBCluster` Use the `DBClusterIdentifier` property to specify the DB cluster identifier. `AWS::Redshift::Cluster` Use the `ClusterIdentifier` property to specify the unique identifier of the cluster. `AWS::Route53::HealthCheck` In the HealthCheckConfig property type, use the `Regions` property to specify the regions from which you want Route 53 health checkers to check the specified endpoint. `AWS::SSM::Document` Use the `Tags` property to specify the AWS CloudFormation resource tags to apply to the document.	2010-05-15
Updated resource	February 19, 2018	`AWS::CodeBuild::Project` Use the `Triggers` property to configure a webhook for the project to begin to automatically rebuild the source code every time a code change is pushed to the repository. This is available only for GitHub projects in AWS CloudFormation. It's not available for GitHub Enterprise projects.	2010-05-15
Updated resource	February 8, 2018	`AWS::DynamoDB::Table` Use the `SSESpecification` property to specify the settings to enable server-side encryption.	2010-05-15
Updated resource	February 5, 2018	`AWS::CodeBuild::Project` In the Source `CodeBuild Project Source` property type: Use the `GitCloneDepth` property to specify the depth of history to download. Use the `InsecureSsl` property to specify whether to ignore SSL warnings while connecting to your GitHub Enterprise project repository.	2010-05-15
Updated resources	January 23, 2018	`AWS::AutoScaling::LifecycleHook` Use the `LifecycleHookName` property to specify the name of the lifecycle hook. `AWS::DynamoDB::Table` The `AttributeDefinitions` property now requires replacement when updated. `AWS::EC2::Instance` Use the `CreditSpecification` property to specify the credit option for CPU usage of a T2 instance. Use the `ElasticGpuSpecifications` property to specify Elastic GPUs, GPU resources that you can attach to your instance to accelerate the graphics performance of your applications. `AWS::EC2::VPC` The `InstanceTenancy` property now requires no interruption when updated from `"dedicated"` to `"default"`. `AWS::ECS::Service` Use the `HealthCheckGracePeriodSeconds` property to specify the period of time, in seconds, that the Amazon ECS service scheduler ignores unhealthy Elastic Load Balancing target health checks after a task has first started. `AWS::IoT::TopicRule` In the `DynamoDBAction` property type, the `RangeKeyField` and `RangeKeyValue` properties are no longer required. `AWS::KinesisAnalytics::ApplicationOutput` In the `ApplicationOutput` property type, use the `LambdaOutput` property to identify a Lambda function as the destination when configuring application output. `AWS::Kinesis::Stream` Use the `StreamEncryption` property to enable or update server-side encryption using an AWS KMS key for a specified stream. `AWS::Lambda::Function` Use the `ReservedConcurrentExecutions` property to specify the maximum of concurrent executions you want reserved for the function. `AWS::RDS::DBSubnetGroup` Use the `DBSubnetGroupName` property to specify the name for the DB Subnet Group. `AWS::S3::Bucket` Use the `BucketEncryption` property to specify default encryption for a bucket using server-side encryption with Amazon S3-managed keys SSE-S3 or AWS KMS keys (SSE-KMS) bucket. In the `ReplicationRule` property type, use the `SourceSelectionCriteria` property to specify additional filters in identifying source objects that you want to replicate. In the `ReplicationDestination` property type: Use the `AccessControlTranslation` property to specify replica ownership of the AWS account that owns the destination bucket. Use the `Account` property to specify destination bucket owner account ID. Use the `EncryptionConfiguration` property to specify encryption-related information for a bucket that is a destination for replicated objects. `AWS::SSM::Association` Use the `AssociationName` property to specify the name of the association between an SSM document and EC2 instances that contain a configuration agent to process the document.	2010-05-15
Rollback triggers added to the AWS CloudFormation console.	January 15, 2018	Rollback triggers enable you to have AWS CloudFormation monitor the state of your application during stack creation and updating, and to roll back that operation if the application breaches the threshold of any of the alarms you've specified. For more information, see Monitor and Roll Back Stack Operations.	2010-05-15
Updated resource	January 12, 2018	`AWS::SSM::Parameter` Use the `AllowedPattern` property to specify a regular expression used to validate the parameter value.	2010-05-15
New resources	December 5, 2017	`AWS::Inspector::AsssmentTarget` Use the `AWS::Inspector::AsssmentTarget` resource to create an Amazon Inspector assessment target. `AWS::Inspector::AssessmentTemplate` Use the `AWS::Inspector::AssessmentTemplate` resource to create an Amazon Inspector assessment template. `AWS::Inspector::ResourceGroup` Use the `AWS::Inspector::ResourceGroup` resource to create an Amazon Inspector resource group, which defines tags that identify AWS resources that make up an Amazon Inspector assessment target. `AWS::ServiceDiscovery::Instance` Use the `AWS::ServiceDiscovery::Instance` resource to specify information about an instance that Amazon Route 53 creates. `AWS::ServiceDiscovery::PrivateDnsNamespace` Use the `AWS::ServiceDiscovery::PrivateDnsNamespace` resource to specify information about a private namespace for Amazon Route 53. `AWS::ServiceDiscovery::PublicDnsNamespace` Use the `AWS::ServiceDiscovery::PublicDnsNamespace` resource to specify information about a public namespace for Amazon Route 53. `AWS::ServiceDiscovery::Service` Use the `AWS::ServiceDiscovery::Service` resource to define a template for up to five records and an optional health check that you want Amazon Route 53 to create when you register an instance.	2010-05-15
Updated resource	December 5, 2017	`AWS::KinesisAnalytics::Application` In the `Input` property type, use the `InputProcessingConfiguration` property to transform records as they're received from the stream.	2010-05-15
Updated resource	December 1, 2017	`AWS::CodeBuild::Project` Use the `BadgeEnabled` property to generate a publicly accessible URL for a project's build badge. Use the `Cache` property to configure cache settings for build dependencies. Use the `VpcConfig` property to enable CodeBuild to access resources in an Amazon VPC. In the `EnvironmentVariable` property type, use the `Type` property to specify the type of environment variable.	2010-05-15
New resource	November 30, 2017	`AWS::Cloud9::EnvironmentEC2` Use the `AWS::Cloud9::EnvironmentEC2` resource to create an Amazon EC2 development environment in AWS Cloud9.	2010-05-15
Updated resources	November 29, 2017	`AWS::ECS::TaskDefinition` Use the `Cpu` property to specify the number of cpu units needed for the task. Use the `ExecutionRoleArn` property to specify the ARN of the execution role. Use the `Memory` property to specify the amount (in MiB) of memory needed for the task. Use the `RequiresCompatibilities` property to specify the launch type the task requires. `AWS::ECS::Service` Use the `LaunchType` property to specify the launch type on which to run your service. Use the `NetworkConfiguration` property to specify the network configuration for the service. Use the `PlatformVersion` property to specify the platform version on which to run your service.	2010-05-15
New resources	November 28, 2017	`AWS::GuardDuty::Detector` Use the `AWS::GuardDuty::Detector` resource to create a single Amazon GuardDuty detector. `AWS::GuardDuty::IPSet` Use the `AWS::GuardDuty::IPSet` resource to create an Amazon GuardDutyIP set. `AWS::GuardDuty::ThreatIntelSet` Use the `AWS::GuardDuty::ThreatIntelSet` resource to create a ThreatIntelSet.	2010-05-15
Updated resources	November 28, 2017	`AWS::CodeDeploy::Application` Use the `ComputePlatform` property to specify an AWS Lambda compute platform for CodeDeploy to deploy an application to. `AWS::CodeDeploy::DeploymentGroup` In the `DeploymentStyle` property type, use the `DeploymentType` property to specify a blue/green deployment on a Lambda compute platform. `AWS::EC2::SpotFleet` In the `SpotFleetRequestConfigData` property type, the `SpotPrice` property is now optional. `AWS::Lambda::Alias` Use the `RoutingConfig` property to specify two different versions of an AWS Lambda function, allowing you to dictate what percentage of traffic will invoke each version.	2010-05-15
New `CodeDeployLambdaAliasUpdate` update policy	November 28, 2017	Use the `CodeDeployLambdaAliasUpdate` update policy to perform an CodeDeploy deployment when the version changes on an `AWS::Lambda::Alias` resource. For more information, see UpdatePolicy Attribute.	2010-05-15
New `SSM` parameter types	November 21, 2017	Use `SSM` parameter types to use existing parameters from Systems Manager Parameter Store. Note: AWS CloudFormation doesn't currently support the `SecureString` type. For more information, see SSM Parameter Types.	2010-05-15
New `ResolvedValue` field for `Parameter` data type	November 21, 2017	The `ResolvedValue` field returns the value that's used in the stack definition for an `SSM` parameter. For more information, see the `Parameter` data type in the AWS CloudFormation API Reference.	2010-05-15
Updated resources	November 20, 2017	`AWS::ApiGateway::ApiKey` Use the `CustomerId` property to specify an AWS Marketplace customer identifier. Use the `GenerateDistinctId` property to specify whether the key identifier is distinct from the created API key value. `AWS::ApiGateway::Authorizer` Use the `AuthType` property to specify a customer-defined field that's used in Swagger imports and exports without functional impact. `AWS::ApiGateway::DomainName` Use the `EndpointConfiguration` property to specify the endpoint types of an API Gateway domain name. Use the `RegionalCertificateArn` property to reference a certificate for use by the regional endpoint for a domain name. `AWS::ApiGateway::Method` In the `Integration` and `IntegrationResponse` property types, use the `ContentHandling` property to specify how to handle request payload content type conversions. `AWS::ApiGateway::RestApi` Use the `EndpointConfiguration` property to specify the endpoint types of an API Gateway REST API. `AWS::ApplicationAutoScaling::ScalableTarget` Use the `ScheduledActions` property to specify scheduled actions for an Application Auto Scaling scalable target. `AWS::ECR::Repository` Use the `LifecyclePolicy` property to specify a lifecycle policy for an Amazon ECR repository. `AWS::ECS::TaskDefinition` In the `ContainerDefinition` property type, use the `LinuxParameters` property to specify Linux-specific options for an Amazon ECS container. `AWS::ElastiCache::ReplicationGroup` Use the `AtRestEncryptionEnabled` property to enable encryption at rest. Use the `AuthToken` property to specify a password that's used to access a password-protected server. Use the `TransitEncryptionEnabled` property to enable in-transit encryption. `AWS::ElasticLoadBalancingV2::TargetGroup` Use the `TargetGroupName` attribute with the `Fn::GetAtt` function to get the name of an Elastic Load Balancing target group. `AWS::Elasticsearch::Domain` Use the `VPCOptions` property to specify a VPC configuration for the OpenSearch Service domain. `AWS::EMR::Cluster` Use the `EbsRootVolumeSize` property to specify the size of the EBS root volume for an Amazon EMR cluster. `AWS::RDS::DBInstance` Use the `SourceRegion` and `KmsKeyId` properties to create an encrypted read replica from a cross-region source DB instance. `AWS::Route53::HostedZone` Use the `QueryLoggingConfig` property to specify a configuration for DNS query logging.	2010-05-15
New `NoEcho` field for custom resource `Response` objects	November 20, 2017	You can now use the optional `NoEcho` field to mask the output of a custom resource. For more information, see Custom Resource Response Objects. The corresponding `noEcho` parameter is supported by the `send` method. For more information, see cfn-response Module.	2010-05-15
Stack instance overrides added for stack sets.	November 17, 2017	AWS CloudFormation StackSets allows you to override parameter values in stack instances by account and region. You can override parameter values when you create the stack instances, or when updating existing stack instances. For more information, see Override Parameters on Stack Instances.	2010-05-15
Updated resource	November 15, 2017	`AWS::StepFunctions::StateMachine` You can use `AWS::StepFunctions::StateMachine` to specify a `StateMachineName` when creating a state machine, and both `DefinitionString` and `RoleArn` can be updated without replacing the state machine.	2010-05-15
StackSets now supports a maximum of 500 stack instances per stack set.	November 6, 2017	You can now create up to a maximum of 500 stack instances per stack set. For more information about AWS CloudFormation limits, see AWS CloudFormation Limits.	2010-05-15
New resources	November 2, 2017	`AWS::CloudFront::CloudFrontOriginAccessIdentity` Use the `AWS::CloudFront::CloudFrontOriginAccessIdentity` resource to specify the Amazon CloudFront origin access identity to associate with the origin of a CloudFront distribution. `AWS::CloudFront::StreamingDistribution` Use the `AWS::CloudFront::StreamingDistribution` resource to specify an Adobe Real-Time Messaging Protocol (RTMP) streaming distribution for CloudFront.	2010-05-15
Updated resources	November 2, 2017	`AWS::ApiGateway::Deployment` The `StageName` property has been deprecated on the `StageDescription` property type. `AWS::ApiGateway::Method` Use the `OperationName` property to assign a friendly name to an API Gateway method. Use the `RequestValidatorId` property to associate a request validator with a method. `AWS::AutoScaling::AutoScalingGroup` Use the `LifecycleHookSpecificationList` property to specify actions to perform when Auto Scaling launches or terminates instances. `AWS::CloudFront::Distribution` Use the `Tags` property to specify an arbitrary set of tags (key–value pairs) to associate with a CloudFront distribution. In the `CacheBehavior` and `DefaultCacheBehavior` property types, use the `LambdaFunctionAssociations` property to specify Lambda function associations for a CloudFront distribution. In the `CustomOriginConfig` property type, use the `OriginKeepaliveTimeout` property to specify a custom keep-alive timeout, and use the `OriginReadTimeout` property to specify a custom origin read timeout. In the `DistributionConfig` property type, use the `IPV6Enabled` property to specify whether CloudFront responds to IPv6 DNS requests with an IPv6 address for your distribution. `AWS::CodeDeploy::DeploymentGroup` In the `LoadBalancerInfo` property type, use the `TargetGroupInfoList` property to specify information about a target group in Elastic Load Balancing to use in a deployment. `AWS::EC2::SecurityGroup`, `AWS::EC2::SecurityGroupEgress`, and `AWS::EC2::SecurityGroupIngress` Use the `Description` property to specify the description of a security group rule. `AWS::EC2::Subnet` The `Ipv6CidrBlock` property now supports `No interruption` updates. `AWS::EC2::VPNGateway` Use the `AmazonSideAsn` property to specify a private Autonomous System Number (ASN) for the Amazon side of a BGP session. `AWS::EC2::VPNConnection` Use the `VpnTunnelOptionsSpecifications` property to configure tunnel options for a VPN connection. `AWS::ElasticBeanstalk::ConfigurationTemplate` and `AWS::ElasticBeanstalk::Environment` In the `ConfigurationOptionSetting` and `OptionSetting` property types, use the `ResourceName` property to specify a resource name for a time-based scaling configuration option. `AWS::EMR::Cluster` Use the `CustomAmiId` property to specify a custom Amazon Linux AMI for a cluster. `AWS::KinesisFirehose::DeliveryStream` Use the `Arn` attribute with the `Fn::GetAtt` function to get the Amazon Resource Name (ARN) of the delivery stream. `AWS::KMS::Key` Use the `Tags` property to specify an arbitrary set of tags (key–value pairs) to associate with a customer managed key. `AWS::OpsWorks::Layer` and `AWS::OpsWorks::Stack` Use the `Tags` property to specify an arbitrary set of tags (key–value pairs) to associate with an AWS OpsWorks layer or stack. `AWS::RDS::OptionGroup` In the `OptionConfiguration` property type, use the `OptionVersion` property to specify a version for the option. `AWS::S3::Bucket` Use the `AnalyticsConfigurations` property to configure an analysis filter for an Amazon S3 bucket.	2010-05-15
New resources	October 24, 2017	`AWS::Glue::Classifier` Use the `AWS::Glue::Classifier` resource to create an AWS Glue classifier. `AWS::Glue::Connection` Use the `AWS::Glue::Connection` resource to specify an AWS Glue connection to a data source. `AWS::Glue::Crawler` Use the `AWS::Glue::Crawler` resource to specify an AWS Glue crawler. `AWS::Glue::Database` Use the `AWS::Glue::Database` resource to create an AWS Glue database. `AWS::Glue::DevEndpoint` Use the `AWS::Glue::DevEndpoint` resource to specify a development endpoint for remotely debugging ETL scripts. `AWS::Glue::Job` Use the `AWS::Glue::Job` resource to specify an AWS Glue job in the data catalog. `AWS::Glue::Partition` Use the `AWS::Glue::Partition` resource to create an AWS Glue partition, which represents a slice of table data. `AWS::Glue::Table` Use the `AWS::Glue::Table` resource to create an AWS Glue table. `AWS::Glue::Trigger` Use the `AWS::Glue::Trigger` resource to specify triggers that run AWS Glue jobs.	2010-05-15
New resources	October 11, 2017	`AWS::SSM::MaintenanceWindow` Use the `AWS::SSM::MaintenanceWindow` resource to create an AWS Systems Manager Maintenance Window. `AWS::SSM::MaintenanceWindowTarget` Use the `AWS::SSM::MaintenanceWindowTarget` resource to register a target with a Maintenance Window. `AWS::SSM::MaintenanceWindowTask` Use the `AWS::SSM::MaintenanceWindowTask` resource to define a Maintenance Window task. `AWS::SSM::PatchBaseline` Use the `AWS::SSM::PatchBaseline` resource to define a Systems Manager patch baseline.	2010-05-15
New resource	October 10, 2017	`AWS::ElasticLoadBalancingV2::ListenerCertificate` Use the `AWS::ElasticLoadBalancingV2::ListenerCertificate` resource to specify certificates for an Elastic Load Balancing listener.	2010-05-15
New resource	September 27, 2017	`AWS::Athena::NamedQuery` Use the `AWS::Athena::NamedQuery` resource to create an Amazon Athena query.	2010-05-15
Updated resources	September 27, 2017	`AWS::EC2::NatGateway` Use the `Tags` property to specify resource tags for a NAT gateway. `AWS::ElasticBeanstalk::Application` Use the `ResourceLifecycleConfig` property to define lifecycle settings for resources that belong to the application, and the service role that Elastic Beanstalk assumes in order to apply lifecycle settings. `AWS::ElasticBeanstalk::ConfigurationTemplate` and `AWS::ElasticBeanstalk::Environment` Use the `PlatformArn` property to specify a custom platform for Elastic Beanstalk. `AWS::ElasticLoadBalancingV2::TargetGroup` In the TargetDescription property type, use the `AvailabilityZone` property to specify the Availability Zone where the IP address is to be registered. `AWS::Events::Rule` In the Target property type, use the following properties for input transformation of events and setting Amazon ECS task and Kinesis stream targets. `EcsParameters` `InputTransformer` `KinesisParameters` `RunCommandParameters` `AWS::KinesisFirehose::DeliveryStream` Use the `DeliveryStreamType` property to specify the stream type and the `KinesisStreamSourceConfiguration` property to specify the stream and role ARNs for a Kinesis stream used as the source for a delivery stream. `AWS::RDS::DBInstance` For the `Engine` property, if you have specified `oracle-se` or `oracle-se1`, you can update to `oracle-se2` without the database instance being replaced. `AWS::S3::Bucket` Use the `AccelerateConfiguration` property to configure the transfer acceleration state for an Amazon S3 bucket.	2010-05-15
Termination protection added for stacks.	September 26, 2017	Enabling termination protection on a stack prevents it from being accidentally deleted. A user can't delete a stack with termination protection enabled. For more information, see Protecting a Stack From Being Deleted.	2010-05-15
Changed default `umask` value from version 1.4-22 onwards	September 14, 2017	The default `umask` parameter value for the cfn-hup.conf configuration file is now `022`. For more information, see cfn-hup .
Updated resources	September 7, 2017	`AWS::ElasticLoadBalancingV2::LoadBalancer` Use the `SubnetMappings` property to specify the IDs of the subnets to attach to the load balancer. Use the `Type` property to specify the type of load balancer to create. `AWS::ElasticLoadBalancingV2::TargetGroup` Use the `TargetType` property to specify the registration type of the targets in this target group.	2010-05-15
Rollback triggers added to the AWS CloudFormation API	August 31, 2017	Rollback triggers enable you to have AWS CloudFormation monitor the state of your application during stack creation and updating, and to roll back that operation if the application breaches the threshold of any of the alarms you've specified. For more information, see `RollbackConfiguration` in the AWS CloudFormation API Reference.	2010-05-15
New `umask` parameter for cfn-hup.conf file	August 31, 2017	Use the `umask` parameter in the cfn-hup.conf configuration file to control file permissions used by the cfn-hup daemon (version 1.4-21). For more information, see cfn-hup.
Updated resources for VPC Sizing support	August 29, 2017	`AWS::EC2::VPCCidrBlock` Use the `CidrBlock` property to associate an IPv4 CIDR block with a VPC. `AWS::EC2::VPC` Use the `CidrBlockAssociations` attribute with the `Fn::GetAtt` function to get a list of IPv4 CIDR block association IDs associated with the VPC.	2010-05-15
Updated resources	August 23, 2017	`AWS::S3::Bucket` In the `Rule` property type, use the `TagFilters` property to specify tags to use in identifying a subset of objects for an Amazon S3 bucket. Use the `MetricsConfiguration` property to specify a metrics configuration for the CloudWatch request metrics from an Amazon S3 bucket. `AWS::IoT::TopicRule` In the `Action` property type, use the `DynamoDBv2Action` property to describe an AWS IoT action that writes data to a DynamoDB table. In the `Action` property type, the `DynamoDBAction` property now supports the `HashKeyType` and `RangeKeyType` properties. `AWS::Lambda::Permission` Use the `EventSourceToken` property to specify a unique token that must be supplied by the principal invoking the function.	2010-05-15
New pseudo parameters	August 23, 2017	Use the `AWS::Partition` pseudo parameter to return the partition that a resource is in. Use the `AWS::URLSuffix` pseudo parameter to return the suffix for a domain. For more information, see Pseudo Parameters Reference.	2010-05-15
New resources for DAX support	August 22, 2017	`AWS::DAX::Cluster` Use the `AWS::DAX::Cluster` resource to create a DAX cluster for use with Amazon DynamoDB. `AWS::DAX::ParameterGroup` Use the `AWS::DAX::ParameterGroup` resource to create a parameter group for use with Amazon DynamoDB. `AWS::DAX::SubnetGroup` Use the `AWS::DAX::SubnetGroup` resource to create a subnet group for use with DAX (DynamoDB Accelerator).	2010-05-15
New resources	August 18, 2017	`AWS::ApiGateway::DocumentationPart` and `AWS::ApiGateway::DocumentationPart` Use the `AWS::ApiGateway::DocumentationPart` and `AWS::ApiGateway::DocumentationVersion` resources to create documentation for your API Gateway API. `AWS::ApiGateway::GatewayResponse` Use the `AWS::ApiGateway::GatewayResponse` resource to create a custom response for your API Gateway API. `AWS::ApiGateway::RequestValidator` Use the `AWS::ApiGateway::RequestValidator` resource to set up validation rules for incoming requests to your API Gateway API. `AWS::EC2::NetworkInterfacePermission` Use the `AWS::EC2::NetworkInterfacePermission` resource to grant an AWS account permission to a network interface.	2010-05-15
Updated resources	August 18, 2017	`AWS::ApiGateway::Stage` Use the `DocumentationVersion` property to specify a versioned snapshot of the API documentation. `AWS::AutoScaling::ScalingPolicy` Use the `TargetTrackingConfiguration` property to specify an Auto Scaling target tracking scaling policy configuration. `AWS::CloudTrail::Trail` Use the `EventSelectors` property for Amazon S3 Data Events support. `AWS::CodeDeploy::DeploymentGroup` Use the `LoadBalancerInfo` and `DeploymentStyle` properties to specify an Elastic Load Balancing load balancer for an in-place deployment. Use the `AutoRollbackConfiguration` property to configure automatic rollback for the deployment. `AWS::EC2::SpotFleet` In the `SpotFleetRequestConfigData` property type, use the `ReplaceUnhealthyInstances` property to indicate whether the Spot fleet should replace unhealthy instances and the `Type` property to specify the type of request. `AWS::EC2::Subnet` Use the `AssignIpv6AddressOnCreation` and `Ipv6CidrBlock` properties to create a subnet with an IPv6 CIDR block. `AWS::KinesisFirehose::DeliveryStream` Use the `ExtendedS3DestinationConfiguration` property to configure a destination in Amazon S3. Use the `ProcessingConfiguration` subproperty within each destination configuration to invoke Lambda functions that transform incoming source data and deliver the transformed data to destinations. `AWS::RDS::DBCluster` and `AWS::RDS::DBInstance` The default DeletionPolicy is now `Snapshot` for `AWS::RDS::DBCluster` resources and for `AWS::RDS::DBInstance` resources that don't specify the `DBClusterIdentifier` property. For more information about how AWS CloudFormation deletes resources, see DeletionPolicy Attribute. `AWS::S3::Bucket` In the `Rule` property type, use the `AbortIncompleteMultipartUpload` property to specify a lifecycle rule that aborts incomplete multipart uploads to an Amazon S3 bucket. `AWS::SQS::Queue` Use the `KmsMasterKeyId` and `KmsDataKeyReusePeriodSeconds` properties to configure server-side encryption for Amazon SQS. Added the `Arn` attribute to the `Fn::GetAtt` intrinsic function for the following resources: `AWS::CloudTrail::Trail`. Also added `SnsTopicArn`. `AWS::CloudWatch::Alarm` `AWS::DynamoDB::Table` `AWS::ECS::Cluster` `AWS::IoT::Policy` `AWS::IoT::TopicRule` `AWS::Logs::Destination`	2010-05-15
Support for stack tags in CodePipeline artifacts	August 18, 2017	You can now specify tags for stacks in template configuration files for use as artifacts for CodePipeline pipelines. Specified tags are applied to stacks created using the template configuration file. For more information, see AWS CloudFormation Artifacts.	2010-05-15
Create encrypted file systems	August 14, 2017	`AWS::EFS::FileSystem` Use the `Encrypted` property to encrypt an Amazon EFS file system during creation. Use the `KmsKeyId` property to optionally specify a custom customer managed key to use to protect the encrypted file system.	2010-05-15
New resources for AWS Batch support	August 8, 2017	`AWS::Batch::ComputeEnvironment` Use the `AWS::Batch::ComputeEnvironment` resource to define your AWS Batch compute environment. `AWS::Batch::JobDefinition` Use the `AWS::Batch::JobDefinition` resource to specify the parameters for an AWS Batch job definition. `AWS::Batch::JobQueue` Use the `AWS::Batch::JobQueue` resource to define your AWS Batch job queue.	2010-05-15
New resources for Amazon Managed Service for Apache Flink support	July 28, 2017	`AWS::KinesisAnalytics::Application` Use the `AWS::KinesisAnalytics::Application` resource to create an Amazon Managed Service for Apache Flink application. `AWS::KinesisAnalytics::ApplicationOutput` Use the `AWS::KinesisAnalytics::ApplicationOutput` resource to add an external destination to your Amazon Managed Service for Apache Flink application. `AWS::KinesisAnalytics::ApplicationReferenceDataSource` Use the `AWS::KinesisAnalytics::ApplicationReferenceDataSource` resource to add a reference data source to an existing Amazon Managed Service for Apache Flink application.	2010-05-15
Use StackSets to centrally manage stacks across accounts and regions	July 25, 2017	StackSets enables you to create, update, or delete stacks across multiple accounts and regions in a single operation. Using an administrator account, you define and manage an AWS CloudFormation template, and use the template as the basis for provisioning stacks into selected target accounts across specified regions. For more information about StackSets, see Working with AWS CloudFormation StackSets.	2010-05-15
View stack events by client request token	July 14, 2017	In the console, stack operations display the client request token on the Events tab. All events triggered by a given stack operation are assigned the same client request token, which you can use to track operations. For more information, see Viewing AWS CloudFormation Stack Data and Resources on the AWS Management Console and `StackEvent` in the AWS CloudFormation API Reference.	2010-05-15
Use stack quick-create links	July 14, 2017	Use quick-create links to get stacks up and running quickly. You can specify the template URL, stack name, and template parameters to prepopulate a single Create Stack Wizard page. For more information, see Creating Quick-Create Links for Stacks.	2010-05-15
New resources for AWS Database Migration Service support	July 12, 2017	`AWS::DMS::Certificate` Use the `AWS::DMS::Certificate` resource to create an SSL certificate that encrypts connections between AWS DMS endpoints and the replication instance. `AWS::DMS::Endpoint` Use the `AWS::DMS::Endpoint` resource to create an AWS DMS endpoint. `AWS::DMS::EventSubscription` Use the `AWS::DMS::EventSubscription` resource to get notifications for AWS DMS events through the Amazon Simple Notification Service. `AWS::DMS::ReplicationInstance` Use the `AWS::DMS::ReplicationInstance` resource to create an AWS DMS replication instance. `AWS::DMS::ReplicationSubnetGroup` Use the `AWS::DMS::ReplicationSubnetGroup` resource to create an AWS DMS replication subnet group. `AWS::DMS::ReplicationTask` Use the `AWS::DMS::ReplicationTask` resource to create an AWS DMS replication task.	2010-05-15
New resources	July 5, 2017	`AWS::CloudWatch::Dashboard` Use the `AWS::CloudWatch::Dashboard` resource to specify a custom CloudWatch dashboard for your CloudWatch console. `AWS::ApiGateway::DomainName` Use the `AWS::ApiGateway::DomainName` resource to specify a custom, friendly URL for your API that's deployed to Amazon API Gateway. `AWS::EC2::EgressOnlyInternetGateway` Use the `AWS::EC2::EgressOnlyInternetGateway` resource to create an egress-only internet gateway for your VPC. InstanceFleetConfig Use the `InstanceFleetConfig` resource to configure a Spot Instance fleet for an Amazon EMR cluster.	2010-05-15
Updated resources	July 5, 2017	`AWS::ApiGateway::RestApi` Use the `BinaryMediaTypes` property to specify supported binary media types. `AWS::ApplicationAutoScaling::ScalingPolicy` Use the `TargetTrackingScalingPolicyConfiguration` property to specify a target tracking scaling policy configuration. `AWS::CloudTrail::Trail` Use the `TrailName` property to specify a custom name for an AWS CloudTrail resource. Use the `Tags` property to specify resource tags. `AWS::CodeDeploy::DeploymentGroup` Use the `AlarmConfiguration` property to configure alarms for the deployment group. Use the `TriggerConfigurations` property to configure notification triggers for the deployment group. `AWS::EMR::Cluster` Use the `CoreInstanceFleet` property and the `MasterInstanceFleet` property in the JobFlowInstancesConfig property type to configure the Spot Instance fleet for an Amazon EMR cluster. `AWS::DynamoDB::Table` Use the `TimeToLiveSpecification` property to specify the Time to Live (TTL) settings for an Amazon DynamoDB table. Use the `Tags` property to specify resource tags for a DynamoDB table. `AWS::EC2::Instance` The `IamInstanceProfile` property now supports `No interruption` updates. `AWS::EC2::Route` Use the `EgressOnlyInternetGatewayId` property to specify an egress-only Internet gateway for an EC2 route. `AWS::Kinesis::Stream` Use the `RetentionPeriodHours` property to specify the number of hours that data records stored in shards remain accessible. `AWS::RDS::DBCluster` Use the `ReplicationSourceIdentifier` property to create a DB cluster as a Read Replica of another DB cluster or an Amazon RDS MySQL DB instance. `AWS::Redshift::Cluster` Use the `LoggingProperties` property to create audit log files and store them in Amazon S3.	2010-05-15
New resources	June 6, 2017	`AWS::EMR::SecurityConfiguration` Use the `AWS::EMR::SecurityConfiguration` resource to create a security configuration, which is stored in the service and can be specified when a cluster is created.	2010-05-15
Updated resources	June 6, 2017	`AWS::AutoScaling::LifecycleHook` The `NotificationTargetARN` and `RoleARN` properties are now optional. `AWS::CloudWatch::Alarm` You can now use the `EvaluateLowSampleCountPercentile`, `ExtendedStatistic`, and `TreatMissingData` properties when creating `AWS::CloudWatch::Alarm` resources. `AWS::EC2::SpotFleet` AWS CloudFormation supports mutable changes to Spot fleet properties. The following properties of the `SpotFleetRequestConfigData` property support `Replacement` updates: `AllocationStrategy` `IamFleetRole` `LaunchSpecifications` `SpotPrice` `TerminateInstancesWithExpiration` `ValidFrom` `ValidUntil` The following properties of the `SpotFleetRequestConfigData` property support `No interruption` updates: `ExcessCapacityTerminationPolicy` `TargetCapacity` `AWS::EMR::InstanceGroupConfig` AWS CloudFormation now supports Auto Scaling for Amazon EMR task instance groups. `AWS::Events::Rule` The `RoleArn` property is deprecated on the `Rule` resource. Use the `RoleArn` property on the `Target` property type to specify the IAM role to use for a target. `AWS::Kinesis::Stream` The `ShardCount` property now supports `No interruption` updates. `AWS::Lambda::Function` Use the `TracingConfig` property to configure tracing settings for Lambda functions. `AWS::Redshift::Cluster`, `AWS::Redshift::ClusterParameterGroup`, `AWS::Redshift::ClusterSecurityGroup`, and `AWS::Redshift::ClusterSubnetGroup` Use the `Tags` property to specify resource tags. `AWS::RDS::DBCluster` Added the `ReadEndpoint.Address` attribute to the `Fn::GetAtt` intrinsic function. `AWS::S3::Bucket` Added the `Arn` attribute to the `Fn::GetAtt` intrinsic function.	2010-05-15
New resources	May 11, 2017	The following new resources support using AWS WAF with Elastic Load Balancing (ELB) Application Load Balancers. `AWS::WAFRegional::ByteMatchSet` Use the `AWS::WAFRegional::ByteMatchSet` resource to identify a part of a web request that you want to inspect. `AWS::WAFRegional::IPSet` Use the `AWS::WAFRegional::IPSet` resource to specify which web requests to permit or block based on the IP addresses from which the requests originate. `AWS::WAFRegional::Rule` Use the `AWS::WAFRegional::Rule` resource to specify a combination of `IPSet`, `ByteMatchSet`, and `SqlInjectionMatchSet` objects that identify the web requests to allow, block, or count. `AWS::WAFRegional::SizeConstraintSet` Use the `AWS::WAFRegional::SizeConstraintSet` resource to specify a size constraint used to check the size of a web request and which parts of the request to check. `AWS::WAFRegional::SqlInjectionMatchSet` Use the `AWS::WAFRegional::SqlInjectionMatchSet` resource to allow, block, or count requests that contain malicious SQL code in a specific part of web requests. `AWS::WAFRegional::WebACL` Use the `AWS::WAFRegional::WebACL` resource to identify the web requests that you want to allow, block, or count. `AWS::WAFRegional::WebACLAssociation` Use the `AWS::WAFRegional::WebACLAssociation` resource to associate a web access control group (ACL) with a resource. `AWS::WAFRegional::XssMatchSet` Use the `AWS::WAFRegional::XssMatchSet` resource to specify the parts of web requests that you want AWS WAF to inspect for cross-site scripting attacks and the name of the header to inspect.	2010-05-15
New resources	April 28, 2017	`AWS::Cognito::IdentityPool` Use the `AWS::Cognito::IdentityPool` resource to create an Amazon Cognito identity pool. `AWS::Cognito::IdentityPoolRoleAttachment` Use the `AWS::Cognito::IdentityPoolRoleAttachment` resource to manage the role configuration for an Amazon Cognito identity pool. `AWS::Cognito::UserPool` Use the `AWS::Cognito::UserPool` resource to create an Amazon Cognito user pool. `AWS::Cognito::UserPoolClient` Use the `AWS::Cognito::UserPoolClient` resource to create a user pool client. `AWS::Cognito::UserPoolGroup` Use the `AWS::Cognito::UserPoolGroup` resource to create a user group in an Amazon Cognito user pool. `AWS::Cognito::UserPoolUser` Use the `AWS::Cognito::UserPoolUser` resource to create an Amazon Cognito user pool user. `AWS::Cognito::UserPoolUserToGroupAttachment` Use the `AWS::Cognito::UserPoolUserToGroupAttachment` resource to attach a user to an Amazon Cognito user pool group.	2010-05-15
Updated resources	April 28, 2017	SourceDetails Use the `MaximumExecutionFrequency` subproperty of the `AWS::Config::ConfigRule` resource to run evaluations for a custom rule using a periodic trigger. `AWS::EC2::Volume` We now support Elastic Volumes for Amazon Elastic Block Store (Amazon EBS) in AWS CloudFormation. We now support `No interruption` updates on three properties: `VolumeType`, `Size`, and `Iops`. `AWS::EC2::SecurityGroup` Use the `GroupName` property to specify a name for your Amazon EC2 security group. `AWS::ECS::Service` There are three new properties for `AWS::ECS::Service`: `PlacementConstraints`, `PlacementStrategies`, and `ServiceName`. `AWS::ECS::TaskDefinition` Use the `PlacementConstraints` property to define placement constraints for tasks in the service. `AWS::ElastiCache::ReplicationGroup` Added the `ConfigurationEndPoint.Address` attribute and the `ConfigurationEndPoint.Port` attribute to the `Fn::GetAtt` intrinsic function. `AWS::ElasticLoadBalancingV2::LoadBalancer` Use the `IpAddressType` property to specify the type of IP addresses that are used by the load balancer's subnets. `AWS::EMR::Cluster` AWS CloudFormation now supports Auto Scaling for Amazon EMR clusters. `AWS::IAM::ManagedPolicy` Use the `ManagedPolicyName` property to specify a custom name for your IAM managed policy. `AWS::Lambda::Function` Use the `Tags` property to add tags to your Lambda function. `AWS::OpsWorks::Instance` Added the following attributes to the `Fn::GetAtt` intrinsic function: `AvailabilityZone`, `PrivateDnsName`, `PrivateIp`, and `PublicDnsName`. `AWS::OpsWorks::UserProfile` Use the `SshUsername` property to specify a user's SSH name. Added the `SshUsername` attribute to the `Fn::GetAtt` intrinsic function. `AWS::Redshift::Cluster` Use the `IamRoles` property to provide a list of one or more AWS Identity and Access Management roles that the Amazon Redshift cluster can use to access other AWS services.	2010-05-15
Edit templates in YAML and JSON using AWS CloudFormation Designer	April 6, 2017	When you create AWS CloudFormation templates using Designer, you can now edit your template in both YAML and JSON in the integrated editor. You can also convert JSON templates to YAML and vice-versa, depending on your preferred template authoring language. For more information, see What Is AWS CloudFormation Designer?.	2010-05-15
New resource	April 6, 2017	`AWS::SSM::Parameter` Use the `AWS::SSM::Parameter` resource to create an SSM parameter in Parameter Store.	2010-05-15
`AWS::Include` transform	March 28, 2017	Use the `AWS::Include` transform to reference reusable snippets stored in an Amazon S3 bucket. For more information, see `AWS::Include` Transform.	2010-05-15
Peer your Amazon VPC with another account	March 28, 2017	You can now use AWS CloudFormation to peer your Amazon VPC with a VPC in another AWS account. For more information, see Peer with an Amazon VPC in Another AWS Account.	2010-05-15
New resource	March 28, 2017	`AWS::ApiGateway::UsagePlanKey` Use the `AWS::ApiGateway::UsagePlanKey` resource to associate a usage plan key and determine which users the usage plan is applied to.	2010-05-15
Updated resources	March 28, 2017	`AWS::EC2::VPCPeeringConnection` Use the `PeerOwnerId` property and the `PeerRoleArn` property to peer with a VPC in another AWS account. For more information, see Peer with an Amazon VPC in Another AWS Account. `AWS::IAM::InstanceProfile` Use the `InstanceProfileName` property to configure an instance profile. `AWS::Lambda::Function` Use the `DeadLetterConfig` property to configure how AWS Lambda handles events that it can't process. Node.js v0.10 is no longer supported for the `Runtime` property. `AWS::Route53::HealthCheck` There are seven new resource subproperty types for the HealthCheckConfig `HealthCheckConfig` property: `AlarmIdentifier`, `ChildHealthChecks`, `EnableSNI`, `HealthThreshold`, `InsufficientDataHealthStatus`, `Inverted`, and `MeasureLatency`. `AWS::SQS::Queue` Use the `ContentBasedDeduplication` and `FifoQueue` properties to create First-In-First-Out (FIFO) Amazon Simple Queue Service queues. `AWS::S3::Bucket` You can now specify IPv6 domain names for your Amazon S3 buckets.	2010-05-15
New resources	February 10, 2017	`AWS::StepFunctions::Activity` Use the `AWS::StepFunctions::Activity` resource to create an AWS Step Functions activity. `AWS::StepFunctions::StateMachine` Use the `AWS::StepFunctions::StateMachine` resource to create a Step Functions state machine.	2010-05-15
New intrinsic function	January 17, 2017	Use the `Fn::Split` function to split a string into a list of string values. For more information, see `Fn::Split`.	2010-05-15
Console support for listing imports	January 17, 2017	Use the AWS CloudFormation console to see all of the stacks that are importing an exported output value. For more information, see Listing Stacks That Import an Exported Output Value.	2010-05-15
Updated resources	January 17, 2017	`AWS::AutoScaling::AutoScalingGroup` The `LoadBalancerNames` property can be updated without replacing the Auto Scaling group. `AWS::ECS::TaskDefinition` Added the `NetworkMode` and `MemoryReservation` properties. `AWS::RDS::DBCluster` AWS CloudFormation supports updates to the `Tags` property. `AWS::RDS::DBInstance` Added the `Timezone` property. FirehoseAction Added the `Separator` property. `AWS::OpsWorks::Instance` Added the `PublicIp` attribute for the `Fn::GetAtt` intrinsic function.	2010-05-15
New resources	December 01, 2016	`AWS::CodeBuild::Project` Use the `AWS::CodeBuild::Project` resource to create an AWS CodeBuild project that defines how CodeBuild builds your source code. `AWS::SSM::Association` Use the `AWS::SSM::Association` resource to associate an Amazon EC2 Systems Manager document with EC2 instances. `AWS::EC2::SubnetCidrBlock` Use the `AWS::EC2::SubnetCidrBlock` resource to associate a single IPv6 CIDR block with an Amazon VPC subnet. `AWS::EC2::VPCCidrBlock` Use the `AWS::EC2::VPCCidrBlock` resource to associate a single Amazon-provided IPv6 CIDR block with an Amazon VPC.	2010-05-15
Updated resources for IPv6 support	December 01, 2016	`AWS::EC2::Instance` Added the `Ipv6AddressCount` and `Ipv6Addresses` properties. `AWS::EC2::NetworkAclEntry` Added the `Ipv6CidrBlock` property. `AWS::EC2::NetworkInterface` Added the `Ipv6AddressCount` and `Ipv6Addresses` properties. `AWS::EC2::Route` Added the `DestinationIpv6CidrBlock` property. `AWS::EC2::SecurityGroupEgress` Added the `CidrIpv6` property. `AWS::EC2::SecurityGroupIngress` Added the `CidrIpv6` property. `AWS::EC2::SpotFleet` Added the `Ipv6AddressCount` and `Ipv6Addresses` properties for the launch specification network interfaces. `AWS::EC2::Subnet` Added the `Ipv6CidrBlocks` attribute for the `Fn::GetAtt` function. `AWS::EC2::VPC` Added the `Ipv6CidrBlocks` attribute for the `Fn::GetAtt` function. `AWS::SSM::Document` Added the `DocumentType` property.	2010-05-15
Resource specification	November 22, 2016	Use the AWS CloudFormation resource specification to builds tools that help you create AWS CloudFormation templates. The specification is a machine-readable, JSON-formatted text file. For more information, see AWS CloudFormation Resource Specification.	2010-05-15
New resources	November 22, 2016	`AWS::OpsWorks::UserProfile` Use the `AWS::OpsWorks::UserProfile` resource to configure SSH access for users who require access to instances in an AWS OpsWorks stack. `AWS::OpsWorks::Volume` Use the `AWS::OpsWorks::Volume` resource to register an Amazon Elastic Block Store volume with an AWS OpsWorks stack.	2010-05-15
Updated resources	November 22, 2016	`AWS::OpsWorks::App` Added the `DataSources` property. `AWS::OpsWorks::Instance` Added the `BlockDeviceMappings`, `AgentVersion`, `ElasticIps`, `Hostname`, `Tenancy`, and `Volumes` properties. `AWS::OpsWorks::Layer` Added the `CustomJson` and `VolumeConfigurations` properties. `AWS::OpsWorks::Stack` Added the `ElasticIps`, `EcsClusterArn`, `RdsDbInstances`, `CloneAppIds`, `ClonePermissions`, and `SourceStackId` properties. `AWS::RDS::DBInstance` Added the `CopyTagsToSnapshot` property.	2010-05-15
List imports	November 22, 2016	List imports of an exported output value to track which AWS CloudFormation stacks are importing the value. For more information, see Listing Stacks That Import an Exported Output Value.	2010-05-15
Transforms	November 17, 2016	Specify the AWS Serverless Application Model (AWS SAM) that AWS CloudFormation uses to process AWS SAM syntax for serverless applications. For more information, see Transform.	2010-05-15
New resource	November 17, 2016	`AWS::SNS::Subscription` Use the `AWS::SNS::Subscription` resource to subscribe an endpoint to an Amazon Simple Notification Service topic.	2010-05-15
Updated resource	November 17, 2016	`AWS::Lambda::Function` Use the `Environment` property to specify key-value pairs (environment variables) that your AWS Lambda function can access. Use the `KmsKeyArn` property to specify an KMS key that AWS Lambda uses to encrypt and decrypt environment variables.	2010-05-15
New CLI commands	November 17, 2016	Uploading Local Artifacts to an S3 Bucket Use the `aws cloudformation package` command to upload local artifacts that are referenced in an AWS CloudFormation template to an S3 bucket. Quickly Deploying Templates with Transforms Use the `aws cloudformation deploy` command to combine the create and execute change set actions into a single command. This command is useful for quickly creating or updating stacks that contain transforms.	2010-05-15
Updated resource	November 03, 2016	`AWS::CloudFront::Distribution` For the DistributionConfig property, use the `HttpVersion` property to specify the latest HTTP version that viewers can use to communicate with Amazon CloudFront. For the ForwardedValues property, use the `QueryStringCacheKeys` property to specify the query string parameters that CloudFront uses to determine which content to cache.	2010-05-15
List stack exports	November 03, 2016	Use the AWS CloudFormation console, API, or AWS CLI to see a list of all the exported output values for a region. For more information, see Exporting Stack Output Values.	2010-05-15
Continuous delivery with stacks	November 03, 2016	Use AWS CodePipeline to build continuous delivery workflows with AWS CloudFormation stacks. For more information, see Continuous Delivery with CodePipeline.	2010-05-15
Skip resources during rollback	November 03, 2016	If you have a stack in the `UPDATE_ROLLBACK_FAILED` state, use the `ResourcesToSkip` parameter for the `ContinueUpdateRollback` action to skip resources that AWS CloudFormation can't rollback. For more information, see the Troubleshooting section in Update Rollback Failed.	2010-05-15
Change sets enhancement	November 03, 2016	You can create a new stack using a change set.	2010-05-15
Updated resource	October 12, 2016	`AWS::ElastiCache::CacheCluster` Update the `CacheNodeType` property without replacing the cluster. `AWS::ElastiCache::ReplicationGroup` You can create a Redis (cluster mode enabled) replication group that can contain multiple node groups (shards), each with a primary cluster and read replicas. `AWS::ElastiCache::SubnetGroup` Use the `CacheSubnetGroupName` property to specify a name for an Amazon ElastiCache subnet group.	2010-05-15
New resources	October 06, 2016	`AWS::ApiGateway::UsagePlan` Use the `AWS::ApiGateway::UsagePlan` resource to specify a usage plan for deployed Amazon API Gateway APIs. `AWS::CodeCommit::Repository` Use the `AWS::CodeCommit::Repository` resource to create an CodeCommit repository that's hosted by Amazon Web Services.	2010-05-15
Updated resources	October 06, 2016	`AWS::ApiGateway::Authorizer` Use the `ProviderARNs` property to use Amazon Cognito user pools as Amazon API Gateway API authorizers. `AWS::ApiGateway::Deployment` The `StageName` property is no longer required. `AWS::ElasticLoadBalancingV2::TargetGroup` For the `GetAtt` function, use the `LoadBalancerArns` attribute to retrieve the Amazon Resource Names (ARNs) of the load balancers that route traffic to the target group. `AWS::RDS::DBInstance` Use the `Domain` and `DomainIAMRoleName` properties to use Windows Authentication when users connect to the RDS DB instance. `AWS::EC2::SecurityGroupEgress` Use the `DestinationPrefixListId` property to specify the AWS service prefix of an Amazon VPC endpoint.	2010-05-15
Cross-stack reference enhancement	October 06, 2016	Use intrinsic functions to customize the `Name` value of an export or to refer to a value in the `ImportValue` function.	2010-05-15
AWS CloudFormation service role	September 26, 2016	Use an AWS Identity and Access Management (IAM) service role for AWS CloudFormation stack operations. AWS CloudFormation uses the role's credentials to make calls to stack resources on your behalf. For more information, see AWS CloudFormation Service Role.	2010-05-15
New feature	September 19, 2016	You can use the `Export` output field and the `Fn::ImportValue` intrinsic function to have one stack refer to resource outputs in another stack. For more information, see Outputs, `Fn::ImportValue`, and Walkthrough: Refer to Resource Outputs in Another AWS CloudFormation Stack.	2010-05-15
YAML support	September 19, 2016	You can use the YAML format to author AWS CloudFormation templates. YAML also allows you to, for example, add comments to your templates or use the short form for intrinsic functions. For more information, see AWS CloudFormation Template Formats.	2010-05-15
New intrinsic function	September 19, 2016	Use the `Fn::Sub` function to substitute variables in an input string with values that you specify. For more information, see `Fn::Sub`.	2010-05-15
New resources	September 19, 2016	`AWS::KMS::Alias` Use the `AWS::KMS::Alias` resource to create an alias for an AWS KMS key.
Updated resources	September 19, 2016	`AWS::EC2::SpotFleet` For the `LaunchSpecifications` property, use the `SpotPrice` property to specify a bid price for a specific instance type. `AWS::ECS::Cluster` Use the `ClusterName` property to specify a name for an Amazon Elastic Container Service cluster. `AWS::ECS::TaskDefinition` Use the `TaskRoleArn` property to specify an AWS Identity and Access Management role that Amazon Elastic Container Service containers use to make AWS calls on your behalf. Use the `Family` property to register a task definition to a specific family. `AWS::Elasticsearch::Domain` Use the `ElasticsearchVersion` property to specify which version of Elasticsearch to use.	2010-05-15
New resources	August 11, 2016	Use the following Elastic Load Balancing Application Load Balancer resources to distribute incoming application traffic to multiple targets, such as EC2 instances, in multiple Availability Zones: `AWS::ElasticLoadBalancingV2::Listener` `AWS::ElasticLoadBalancingV2::ListenerRule` `AWS::ElasticLoadBalancingV2::LoadBalancer` `AWS::ElasticLoadBalancingV2::TargetGroup`	2010-05-15
Updated resource	August 11, 2016	`AWS::AutoScaling::AutoScalingGroup` Use the `TargetGroupARNs` property to associate the Auto Scaling group with one or more Application Load Balancer target groups. `AWS::ECS::Service` For the load `LoadBalancers` property, use the `TargetGroupArn` property to associate an Amazon Elastic Container Service service with an Application Load Balancer target group.	2010-05-15
New resources	August 09, 2016	AWS CloudFormation added the following resources: `AWS::ApplicationAutoScaling::ScalableTarget` and `AWS::ApplicationAutoScaling::ScalingPolicy` Use an Application Auto Scaling scaling policy to define when and how a target resource scales. `AWS::CertificateManager::Certificate` Provision an AWS Certificate Manager certificate that you can use with other AWS services to enable secure connections.	2010-05-15
Updated resources	August 09, 2016	AWS CloudFormation updated the following resources: `AWS::CloudFront::Distribution` For the distribution configuration `ViewerCertificate` property, you can specify an AWS Certificate Manager certificate. For the distribution configuration `Origin` property, you can specify custom headers and the SSL protocols for custom origins. `AWS::EFS::FileSystem` You can specify the performance mode for an Amazon Elastic File System file system.	2010-05-15
New resources	July 20, 2016	AWS IoT Use AWS IoT to declare an AWS IoT policy, an X.509 certificate, an association between a policy and a principal (an X.509 certificate or other credential), an AWS IoT thing, an association between a principal and a thing, or an AWS IoT rule. `AWS::IoT::Certificate` `AWS::IoT::Policy` `AWS::IoT::PolicyPrincipalAttachment` `AWS::IoT::Thing` `AWS::IoT::ThingPrincipalAttachment` `AWS::IoT::TopicRule`	2010-05-15
Updated resources	July 20, 2016	AWS CloudFormation updated the following resources: `AWS::IAM::Group`, `AWS::IAM::Role`, `AWS::IAM::User` Use the name properties to specify a custom name for AWS Identity and Access Management (IAM) resources. `AWS::ApiGateway::Method` For the `Integration` property, you can use the `PassthroughBehavior` property to specify when Amazon API Gateway passes requests to the targeted back end. `AWS::ApiGateway::Model` and `AWS::ApiGateway::RestApi` You can specify JSON objects for the `Schema` and `Body` properties.	2010-05-15
Auto Scaling group UpdatePolicy	June 9, 2016	For the `UpdatePolicy` attribute, use the `AutoScalingReplacingUpdate` property to specify whether an Auto Scaling group and the instances it contains are replaced when you update the Auto Scaling group. During a replacement, AWS CloudFormation retains the old Auto Scaling group until it creates the new one successfully so that AWS CloudFormation can roll back to the old Auto Scaling group if the update fails. For more information, see UpdatePolicy Attribute.	2010-05-15
New resource	June 9, 2016	AWS CloudFormation added the following resources: `AWS::EC2::FlowLog` Creates an Amazon Elastic Compute Cloud flow log that captures IP traffic for a specified network interface, subnet, or VPC. `AWS::KinesisFirehose::DeliveryStream` Creates a delivery stream that delivers real-time streaming data to a destination, such as Amazon Simple Storage Service, Amazon Redshift, or Amazon OpenSearch Service.	2010-05-15
Updated resources	June 9, 2016	AWS CloudFormation updated the following resources: `AWS::Kinesis::Stream` Use the `Name` property to specify a name for an Amazon Kinesis stream. `AWS::Lambda::Function` For the `Code` property, you can use the `ZipFile` property and cfn response module for `nodejs4.3` runtime environments. `AWS::SNS::Topic` AWS CloudFormation enabled updates for the Amazon Simple Notification Service topic resource.	2010-05-15
New resource	April 25, 2016	Use the `AWS::EC2::Host` resource to allocate a fully dedicated physical server for launching EC2 instances.	2010-05-15
Updated resources	April 25, 2016	`AWS::EC2::Instance` Use the `Affinity` and `HostId` properties to launch instances onto an Amazon Elastic Compute Cloud dedicated host. `AWS::ECS::Service` Use the `DeploymentConfiguration` property to configure how many tasks can run during a deployment. `AWS::ECS::TaskDefinition` AWS CloudFormation added support for additional Amazon Elastic Container Service container definition properties. `AWS::GameLift::Fleet` Use the `MaxSize` and `MinSize` properties to specify the maximum and minimum number of EC2 instances allowed in your Amazon GameLift fleet. `AWS::Lambda::Function` Use the `FunctionName` property to specify a name for your AWS Lambda function. You can also use Python 2.7 to specify an inline function.	2010-05-15
New resources	April 18, 2016	Amazon API Gateway Use the Amazon API Gateway resources to publish, maintain, and monitor APIs at any scale. You can create APIs that clients can call to access your back-end services, such as applications running EC2 instances or code running on AWS Lambda. `AWS::ApiGateway::Account` `AWS::ApiGateway::ApiKey` `AWS::ApiGateway::Authorizer` `AWS::ApiGateway::BasePathMapping` `AWS::ApiGateway::ClientCertificate` `AWS::ApiGateway::Deployment` `AWS::ApiGateway::Method` `AWS::ApiGateway::Model` `AWS::ApiGateway::Resource` `AWS::ApiGateway::RestApi` `AWS::ApiGateway::Stage` `AWS::Events::Rule` Create an Amazon CloudWatch Events rule that monitors changes to AWS resources in your account (events). If an incoming event matches the conditions that you described in the rule, Amazon CloudWatch Events sends messages to and activates your specified targets, such as AWS Lambda functions or Amazon Simple Notification Service topics. `AWS::WAF::SizeConstraintSet` and `AWS::WAF::XssMatchSet` Use the two AWS WAF rules to check the size of a web request or to prevent cross-site scripting attacks.	2010-05-15
New resources	March 31, 2016	Use the `AWS::Lambda::Alias` resource to create aliases for your AWS Lambda functions and the `AWS::Lambda::Version` resource to create versions of your functions.	2010-05-15
Updated resources	March 31, 2016	AWS CloudFormation updated the following resources: `AWS::EMR::Cluster` and `AWS::EMR::InstanceGroupConfig` Use the `EbsConfiguration` property to configure Amazon Elastic Block Store storage volumes for your Amazon EMR clusters or instance groups. `AWS::Lambda::Function` Use the `VpcConfig` property to enable AWS Lambda functions to access resources in a VPC. `AWS::S3::Bucket` For the Amazon Simple Storage Service life cycle rules, you can specify multiple transition rules that specify when objects transition to a specified storage class.	2010-05-15
Change sets	March 29, 2016	Before updating stacks, use change sets to see how your changes might affect your running resources. For more information, see Updating Stacks Using Change Sets.	2010-05-15
New resources	March 15, 2016	Use the `AWS::GameLift::Alias`, `AWS::GameLift::Build`, and `AWS::GameLift::Fleet` resources to deploy multiplayer game servers in AWS.	2010-05-15
New resources	February 26, 2016	AWS CloudFormation added the following resources: `AWS::ECR::Repository` Create Amazon Elastic Container Registry repositories where users can push and pull Docker images. `AWS::EC2::NatGateway` Use the network address translator (NAT) gateway to enable EC2 instances in a private subnet to connect to the Internet. `AWS::Elasticsearch::Domain` Create Amazon OpenSearch Service domains that run legacy Elasticsearch OSS clusters. `AWS::EMR::Cluster`, `AWS::EMR::InstanceGroupConfig`, `AWS::EMR::Step` Use the Amazon EMR resources to assist you analyze and process vast amounts of data. You can create clusters and then run jobs on them.	2010-05-15
Updated resources	February 26, 2016	AWS CloudFormation updated the following resources: `AWS::CloudTrail::Trail` Use the `IsMultiRegionTrail` property to specify whether to create an AWS CloudTrail trail in the region in which you create a stack or in all regions. `AWS::Config::ConfigurationRecorder` For the recording group, use the `IncludeGlobalResourceTypes` property to record all global resource types. `AWS::RDS::DBCluster` Use the `KmsKeyId` and `StorageEncrypted` properties to encrypt database instances in the cluster.	2010-05-15
Retain resources	February 26, 2016	For stacks in the `DELETE_FAILED` state, use the `RetainResources` parameter to retain resources that AWS CloudFormation can't delete. For more information, see Delete Stack Fails.	2010-05-15
Update stack tags	February 26, 2016	You can add, modify, or remove stack tags when you update a stack. For more information, see AWS CloudFormation Stacks Updates.	2010-05-15
Continue rolling back failed update rollbacks	January 25, 2016	For a stack in the `UPDATE_ROLLBACK_FAILED` state, you can continue rolling back the update to get your stack in a working state. That way, you can return the stack to its original settings and try to update it again. For more information, see Continue Rolling Back an Update.	2010-05-15
New sample templates available for the Asia Pacific (Seoul) region.	January 7, 2016	The following collection of AWS CloudFormation sample templates are for the ap-northeast-2 region: Sample Solutions Application Frameworks Services For more information, see Sample Templates.	2010-05-15
New resources	December 28, 2015	AWS CloudFormation added the following resources: `AWS::DirectoryService::MicrosoftAD` Use the Microsoft Active Directory resource to create a Microsoft Active Directory directory in AWS. `AWS::Logs::Destination` and `AWS::Logs::LogStream` Use the Amazon CloudWatch Logs resources to create a destination for real-time processing of log data or to create log streams, respectively. `AWS::WAF::ByteMatchSet`, `AWS::WAF::IPSet`, `AWS::WAF::Rule`, `AWS::WAF::SqlInjectionMatchSet`, and `AWS::WAF::WebACL` Use the AWS WAF resources to control and monitor web requests to your content.	2010-05-15
Resource updates	December 28, 2015	AWS CloudFormation updated the following resources: `AWS::CloudFront::Distribution` For the distribution configuration, use the `WebACLId` property to associate an AWS WAF web access control list (ACL) with an Amazon CloudFront distribution. For the cache behavior and default cache behavior, you can specify a default and maximum Time to Live (TTL) value. `AWS::DynamoDB::Table` You can create, update, or delete a global secondary index without replacing your Amazon DynamoDB table. `AWS::S3::Bucket` Use the `ReplicationConfiguration` property to specify which objects to replicate and where they are stored. Use the properties in the `NotificationConfiguration` property to specify filters so that Amazon Simple Storage Service sends notifications for objects that you specify.	2010-05-15
Parameter grouping and sorting	December 3, 2015	Use the `AWS::CloudFormation::Interface` metadata key to group and sort parameters in the AWS CloudFormation console when users create or update a stack with your template.	2010-05-15
Update policy attribute	December 3, 2015	For an Auto Scaling update policy attribute, use the `MinSuccessfulInstancesPercent` property to specify the percentage of instances that must signal success for a successful update.	2010-05-15
New resources	December 3, 2015	AWS CloudFormation added the following resources: `AWS::CodePipeline::Pipeline` and `AWS::CodePipeline::CustomActionType` Use the CodePipeline resources to create a pipeline that describes how software changes go through a release process. `AWS::Config::ConfigurationRecorder`, `AWS::Config::DeliveryChannel`, and `AWS::Config::ConfigRule` Use the AWS Config resources to monitor configuration changes to specific AWS resources. `AWS::KMS::Key` Use the AWS Key Management Service (AWS KMS) resource to create customer managed keys in AWS KMS that users can use to encrypt small amounts of data. `AWS::SSM::Document` Use the Amazon EC2 Systems Manager to create a document that specifies on-instance configurations.	2010-05-15
Resources update	December 3, 2015	AWS CloudFormation updated the following resources: `AWS::AutoScaling::LaunchConfiguration` Specify whether EBS volumes are encrypted. `AWS::AutoScaling::ScalingPolicy` You can use two different policy types (simple and step scaling) to specify how an Auto Scaling group scales when an Amazon CloudWatch (CloudWatch) alarm is breached. `AWS::CloudTrail::Trail` Use the CloudWatch properties to send logs to a CloudWatch log group. You can add tags to a trail and specify an AWS KMS key that you want to use to encrypt logs. `AWS::CodeDeploy::Application`, `AWS::CodeDeploy::DeploymentConfig`, and `AWS::CodeDeploy::DeploymentGroup` Use the `ApplicationName`, `DeploymentConfigName`, and `DeploymentGroupName` properties to specify custom names for CodeDeploy resources. `AWS::DynamoDB::Table` Use the `StreamSpecification` property to specify settings for capturing changes to items stored in an Amazon DynamoDB (DynamoDB) table. `AWS::EC2::Instance` Use the `SsmAssociations` property to associate an Amazon EC2 Systems Manager document with an instance. `AWS::EC2::SpotFleet` Use the `AllocationStrategy` property to specify how to allocate target capacity across Spot pools. Use the `ExcessCapacityTerminationPolicy` property to specify how instances are terminated if the target capacity is below the size of the Spot fleet. `AWS::Redshift::Cluster` Use the `KmsKeyId` property to specify an AWS KMS key to encrypt data in an Amazon Redshift cluster. `AWS::WorkSpaces::Workspace` Use the encryption properties to encrypt data stored on volumes.	2010-05-15
Resource update	November 4, 2015	For the `AWS::EC2::Volume` resource, use the `AutoEnableIO` property to automatically resume I/O operations if a volume's data becomes inconsistent.	2010-05-15
New resources	October 1, 2015	AWS CloudFormation added the following resources: `AWS::CodeDeploy::Application`, `AWS::CodeDeploy::DeploymentGroup`, and `AWS::CodeDeploy::DeploymentConfig` Use the CodeDeploy resources to create and apply deployments to EC2 or on-premises instances. `AWS::DirectoryService::SimpleAD` Use the Simple Active Directory resource to create an AWS Directory Service Simple AD, which is a Microsoft Active Directory-compatible directory. `AWS::EC2::PlacementGroup` Use a placement group to create a cluster of instances in a low-latency network. `AWS::EC2::SpotFleet` Use a Spot fleet to launch a collection of Spot instances that run interruptible tasks. `AWS::Lambda::EventSourceMapping` Use the event source mapping resource to specify a stream as an event source for an AWS Lambda (Lambda) function. `AWS::Lambda::Permission` Use a Lambda permission to add a statement to a Lambda function's policy. `AWS::Logs::SubscriptionFilter` Use the subscription filter to define which log events are delivered to your Kinesis stream. `AWS::RDS::DBCluster` and `AWS::RDS::DBClusterParameterGroup` Use the cluster and cluster parameter group resources to create an Amazon Aurora DB cluster. `AWS::WorkSpaces::Workspace` Use WorkSpaces to create cloud-based desktop experiences.	2010-05-15
Resource updates	October 1, 2015	AWS CloudFormation updated the following resources: `AWS::ElastiCache::ReplicationGroup` Use the `Fn::GetAtt` intrinsic function to get a list of read-only replica addresses and ports. `AWS::OpsWorks::Stack` Use the `AgentVersion` property to specify a particular AWS OpsWorks agent. `AWS::OpsWorks::App` Use the `Environment` property to specify environment variables for an AWS OpsWorks app. `AWS::S3::Bucket` For the NotificationConfiguration property, you can configure notification settings for Lambda functions and Amazon Simple Queue Service (Amazon SQS) queues.	2010-05-15
IAM condition keys	October 1, 2015	For AWS Identity and Access Management (IAM) policies, use AWS CloudFormation-specific condition keys to specify when an IAM policy takes effect. For more information, see Controlling Access with AWS Identity and Access Management.	2010-05-15
AWS CloudFormation Designer	October 1, 2015	Use AWS CloudFormation Designer to create and modify templates using a drag-and-drop interface.	2010-05-15
New resource	August 24, 2015	Use the `AWS::EC2::VPCEndpoint` resource to establish a private connection between your VPC and another AWS service.	2010-05-15
Resource updates	August 24, 2015	AWS CloudFormation updated the following resources: `AWS::ElasticBeanstalk::Environment` Use the `Tags` property to specify tags (key-value pairs) for an AWS Elastic Beanstalk (Elastic Beanstalk) environment. `AWS::Lambda::Function` For the `Code` property, use the `ZipFile` property to write the source code of your Lambda function directly in a template. Currently, you can use the `ZipFile` property only for `nodejs` runtime environments. You can still point to a file in an S3 bucket for all runtime environments, such as `java8` and `nodejs`. `AWS::OpsWorks::Instance` Use the `EbsOptimized` property to indicate whether an instance is optimized for Amazon Elastic Block Store (Amazon EBS) I/O. `AWS::RDS::DBInstance` For the `SourceDBInstanceIdentifier` property, you can specify a database instance in another region to create a cross-region read replica.	2010-05-15
Amazon S3 template URL	August 24, 2015	For versioning-enabled buckets, you can specify a version ID in an Amazon S3 template URL when you create or update a stack, such as `https://s3.amazonaws.com/templates/myTemplate.template?versionId=123ab1cdeKdOW5IH4GAcYbEngcpTJTDW`.	2010-05-15
New resource	August 3, 2015	Use the `AWS::EFS::FileSystem` resource to create an Amazon Elastic File System (Amazon EFS) file system and the `AWS::EFS::MountTarget` resource to create a mount point for a file system.	2010-05-15
Permission requirement change	June 11, 2015	When you create or update an `AWS::RDS::DBInstance` resource, you must now also have permission to call the `ec2:DescribeAccountAttributes` action.	2010-05-15
New resources	June 11, 2015	AWS CloudFormation added the following resources: `AWS::DataPipeline::Pipeline` Use data pipelines to automate the movement and transformation of data. Amazon Elastic Container Service resources Use the `AWS::ECS::Service`, `AWS::ECS::Cluster`, and `AWS::ECS::TaskDefinition` resources to create Docker containers on a cluster of EC2 instances. `AWS::ElastiCache::ReplicationGroup` Use replication groups to create a collection of nodes with one primary read-write cluster and a maximum of five secondary read-only clusters. `AWS::IAM::ManagedPolicy` Use managed policies to create policies in your AWS account that you can use to apply permissions to IAM users, groups, and roles. `AWS::Lambda::Function` Use Lambda functions to run code in response to events. `AWS::RDS::OptionGroup` Use option groups to help you create and manage Amazon Relational Database Service (Amazon RDS) databases.	2010-05-15
Resource updates	June 11, 2015	AWS CloudFormation updated the following resources: `AWS::EC2::Subnet` Use the `MapPublicIpOnLaunch` property to automatically assign public IP addresses to instances in a subnet. `AWS::ElastiCache::CacheCluster` Use the `SnapshotName` property to restore snapshot data into a new Redis cache cluster. `AWS::IAM::User` For the `LoginProfile` property, use the `PasswordResetRequired` property so that users are required to set a new password when they log in to the AWS Management Console. `AWS::OpsWorks::Layer` Use the `LifecycleEventConfiguration` property to configure lifecycle events for an AWS OpsWorks layer. `AWS::S3::Bucket` For the `LifecycleConfiguration` property, use the `NoncurrentVersionExpirationInDays` and `NoncurrentVersionTransition` properties to specify lifecycle rules for non-current object versions.	2010-05-15
New parameter types	May 19, 2015	Whenever you use the AWS CloudFormation console to create or update a stack, you can search for AWS-specific parameter type values by ID, name, or Name tag value. AWS CloudFormation also added support for the following AWS-specific parameter types. For more information, see Parameters. `AWS::EC2::AvailabilityZone::Name` `List<AWS::EC2::AvailabilityZone::Name>` `AWS::EC2::Instance::Id` `List<AWS::EC2::Instance::Id>` `AWS::EC2::Image::Id` List<`AWS::EC2::Image::Id`> `AWS::EC2::SecurityGroup::GroupName` List<`AWS::EC2::SecurityGroup::GroupName`> `AWS::EC2::Volume::Id` List<`AWS::EC2::Volume::Id`> `AWS::Route53::HostedZone::Id` `List<AWS::Route53::HostedZone::Id>`	2010-05-15
New resources	April 16, 2015	AWS CloudFormation added the following resources: `AWS::AutoScaling::LifecycleHook` Use Auto Scaling lifecycle hooks to control the state of an instance after it is launched or terminated. `AWS::RDS::EventSubscription` Use event subscriptions to get notifications about Amazon RDS events.	2010-05-15
Resource updates	April 16, 2015	AWS CloudFormation updated the following resources: `AWS::AutoScaling::AutoScalingGroup` Use the `NotificationConfigurations` property to specify multiple notifications. `AWS::AutoScaling::LaunchConfiguration` Use the `PlacementTenancy` property to specify the tenancy of instances. Use the `ClassicLinkVPCId` and `ClassicLinkVPCSecurityGroups` properties to link EC2-Classic instances to a ClassicLink-enabled VPC. `AWS::AutoScaling::ScalingPolicy` Use the `MinAdjustmentStep` property to specify the minimum number of instances that are added or removed during a scaling event. `AWS::CloudFront::Distribution` For viewer certificates, use the `MinimumProtocolVersion` property to specify a minimum protocol version. For cache behaviors, use the `CachedMethods` property to specify which methods Amazon CloudFront (CloudFront) caches responses for. For origins, use the `OriginPath` to specify a path that CloudFront uses to request content. `AWS::ElastiCache::CacheCluster` For Memcached cache clusters, use the `AZMode` and `PreferredAvailabilityZones` properties to specify nodes in multiple Availability Zones (AZs). `AWS::EC2::Volume` Use the `KmsKeyId` property to specify a customer managed key for encrypted volumes. `AWS::OpsWorks::Instance` Use the `TimeBasedAutoScaling` property to automatically scale instances based on a schedule that you specify. `AWS::OpsWorks::Layer` Use the `LoadBasedAutoScaling` property to specify load-based scaling policies. For volume configurations, use the `VolumeType` and `Iops` properties to specify a volume type and the number of I/O operations per second, respectively. `AWS::RDS::DBInstance` Use the `CharacterSetName` property to specify a character set for supported database engines. Use the `StorageEncrypted` property to indicate whether database instances will be encrypted and the `KmsKeyId` to specify a customer managed key for encrypted database instances. `AWS::Route53::HealthCheck` Use the `HealthCheckTags` property to associate tags with health checks. `AWS::Route53::HostedZone` Use the `VPCs` property to create private hosted zones. Use the `HostedZoneTags` property to associate tags with hosted zones.	2010-05-15
New template section	April 16, 2015	Add the Metadata section to your templates to include arbitrary JSON objects that describe your templates, such as the design or implementation details.	2010-05-15
Resource update	April 8, 2015	For the `AWS::CloudFormation::CustomResource` resource, you can specify Lambda function Amazon Resource Names (ARNs) in the `ServiceToken` property.	2010-05-15
Amazon RDS update	December 24, 2014	AWS CloudFormation added two new properties for RDS DB instances. You can associate an option group with a DB instance and specify the DB instance storage type. For more information, see `AWS::RDS::DBInstance`.	2010-05-15
Elastic Load Balancing update	December 24, 2014	You can use the `ConnectionSettings` property to specify how long connections can remain idle. For more information, see `AWS::ElasticLoadBalancing::LoadBalancer`.	2010-05-15
Route 53 update	November 6, 2014	You can now provision and manage Route 53 hosted zones , health checks, failover record sets , and geolocation record sets .	2010-05-15
Auto Scaling rolling update enhancement	November 6, 2014	During an update, you can use the `WaitOnResourceSignals` flag to instruct AWS CloudFormation to wait for instances to signal success. That way, AWS CloudFormation won't update the next batch of instances until the current batch is ready. For more information, see UpdatePolicy Attribute.	2010-05-15
New VPC Fn:GetAtt attributes	November 6, 2014	Given a VPC ID, you can retrieve the default security group and network ACL for that VPC. For more information, see `Fn::GetAtt`.	2010-05-15
New AWS-specific parameter types	November 6, 2014	You can specify AWS-specific parameter types in your AWS CloudFormation templates. In the AWS CloudFormation console, these parameter types provide a drop-down list of valid values. With the API or AWS CLI, AWS CloudFormation can quickly validate values for these parameter types before creating or updating a stack. For more information, see Parameters.	2010-05-15
CreationPolicy attribute	November 6, 2014	With the CreationPolicy attribute, you can instruct AWS CloudFormation to wait until applications are ready on EC2 instances before proceeding with stack creation. You can use a creation policy instead of a wait condition and wait condition handle. For more information, see CreationPolicy Attribute.	2010-05-15
Amazon CloudFront forwarded values	September 29, 2014	For cache behaviors, you can forward headers to the origin. See ForwardedValues.	2010-05-15
AWS OpsWorks update	September 29, 2014	For Chef 11.10, you can use the `ChefConfiguration` property to enable Berkshelf. You can also use the AWS OpsWorks built-in security groups with your AWS OpsWorks stacks. For more information, see `AWS::OpsWorks::Stack`.	2010-05-15
Elastic Load Balancing tagging support	September 29, 2014	AWS CloudFormation tags Elastic Load Balancing load balancers with stack-level tags. You can also add your own tags to a load balancer. See `AWS::ElasticLoadBalancing::LoadBalancer`.	2010-05-15
Amazon Simple Notification Service topic policy update	September 29, 2014	You can now update Amazon SNS topic policies. For more information, see `AWS::SNS::TopicPolicy`.	2010-05-15
RDS DB instance update	September 5, 2014	You can specify whether a DB instance is Internet-facing by using the `PubliclyAccessible` property in the `AWS::RDS::DBInstance` resource.	2010-05-15
UpdatePolicy attribute update	September 05, 2014	You can specify an update policy for an Auto Scaling group that has an associated scheduled action. For more information, see UpdatePolicy Attribute.	2010-05-15
Amazon CloudWatch support	July 10, 2014	You can use AWS CloudFormation to provision and manage Amazon CloudWatch Logs (CloudWatch Logs) log groups and metric filters. For more information, see `AWS::Logs::LogGroup` or `AWS::Logs::MetricFilter`.	2010-05-15
Amazon CloudFront distribution configuration update	June 17, 2014	You can specify additional CloudFront distribution configuration properties: Custom error responses define custom error messages for 4xx and 5xx HTTP status codes. Price class defines the maximum price that you want to pay for the CloudFront service. Restrictions define who can view your content. Viewer certificate specifies the certificate to use when viewers use HTTPS. For cache behaviors, you can specify allowed HTTP methods and indicate whether to forward cookies. For more information, see `AWS::CloudFront::Distribution`.	2010-05-15
EC2 instance update	June 17, 2014	You can specify whether an instance stops or terminates when you invoke the instance's operating system shutdown command. For more information, see `AWS::EC2::Instance`.	2010-05-15
EBS volume update	June 17, 2014	You can use encrypted EBS volumes with supported instance types. For more information, see `AWS::EC2::Volume`.	2010-05-15
New Amazon VPC peering connection	June 17, 2014	You can use AWS CloudFormation to create an Amazon Virtual Private Cloud (Amazon VPC) peering connection, which establishes a network connection between two VPCs. For more information, see `AWS::EC2::VPCPeeringConnection`.	2010-05-15
Amazon EC2 Auto Scaling group update	June 17, 2014	You can specify an existing cluster placement group in which to launch instances for an Amazon EC2 Auto Scaling group. For more information, see `AWS::AutoScaling::AutoScalingGroup`.	2010-05-15
AWS CloudTrail support	June 17, 2014	AWS CloudFormation supports AWS CloudTrail, which can capture API calls made from your AWS account and publish the logs at a location you designate. For more information, see `AWS::CloudTrail::Trail`.	2010-05-15
Update stack enhancements	May 12, 2014	AWS CloudFormation supports additional features for updating stacks: You can update AWS CloudFormation stack parameters without resubmitting the stack's template. You can add or remove Amazon SNS notification topics for an AWS CloudFormation stack. For more information, see AWS CloudFormation Stacks Updates.	2010-05-15
Amazon Kinesis support	May 6, 2014	You can use AWS CloudFormation to create Amazon Kinesis streams that capture and transport data records from data sources. For more information, see `AWS::Kinesis::Stream`.	2010-05-15
New S3 bucket properties	May 5, 2014	AWS CloudFormation supports additional S3 bucket properties: Cross-origin resource sharing (CORS) defines cross-origin resource sharing of objects in a bucket. Lifecycle defines how Amazon S3 manages objects during their lifetime. Access logging policy captures information about requests made to your bucket. Notifications define which events to report and which Amazon SNS topic to send messages to. Versioning enables multiple variants of all objects in a bucket. Redirect and routing rules govern redirect behavior for requests made to a bucket's website endpoint. For more information, see `AWS::S3::Bucket`.	2010-05-15
Amazon EC2 Auto Scaling support	May 5, 2014	AWS CloudFormation supports metrics collection for an Auto Scaling group. For more information, see `AWS::AutoScaling::AutoScalingGroup`.	2010-05-15
`Fn::If` update	May 5, 2014	You can use the `Fn::If` intrinsic function in the output section of a template. For more information, see Condition Functions.	2010-05-15
API logging with AWS CloudTrail	April 2, 2014	You can use AWS CloudTrail (CloudTrail) to log AWS CloudFormation requests. With CloudTrail you can get a history of AWS CloudFormation API calls for your account. For more information, see Logging AWS CloudFormation API Calls with AWS CloudTrail.	2010-05-15
Elastic Load Balancing update	March 20, 2014	You can specify an access logging policy to capture information about requests made to your load balancer. You can also specify a connection draining policy that describes how to handle in-flight requests when instances are deregistered or become unhealthy. For more information, see `AWS::ElasticLoadBalancing::LoadBalancer`.	2010-05-15
AWS OpsWorks support	March 3, 2014	You can use AWS CloudFormation to provision and manage AWS OpsWorks stacks. For more information, see `AWS::OpsWorks::Stack` or AWS OpsWorks Template Snippets.	2010-05-15
Amazon S3 template size limit increase	February 18, 2014	You can specify template sizes up to 460,800 bytes in Amazon S3.	2010-05-15
Amazon Redshift support	February 10, 2014	You can use AWS CloudFormation to provision and manage Amazon Redshift clusters. For more information, see Amazon Redshift Template Snippets or `AWS::Redshift::Cluster`.	2010-05-15
S3 buckets and bucket policies update	February 10, 2014	You can update some properties of the S3 bucket and bucket policy resources. For more information, see `AWS::S3::Bucket` or `AWS::S3::BucketPolicy`.	2010-05-15
Elastic Beanstalk environments and application versions update	February 10, 2014	You can update Elastic Beanstalk environment configurations and application versions. For more information, see `AWS::ElasticBeanstalk::Environment`, `AWS::ElasticBeanstalk::ConfigurationTemplate`, or `AWS::ElasticBeanstalk::ApplicationVersion`.	2010-05-15
Amazon SQS update	January 29, 2014	You can specify a dead letter queue for an Amazon SQS queue. For more information, see `AWS::SQS::Queue`.	2010-05-15
Auto Scaling scheduled actions	January 27, 2014	You can scale the number of EC2 instances in an Auto Scaling group based on a schedule. By using a schedule, you can scale applications in response to predictable load changes. For more information, see `AWS::AutoScaling::ScheduledAction`.	2010-05-15
DynamoDB secondary indexes	January 27, 2014	You can create local and global secondary indexes for DynamoDB databases. By using secondary indexes, you can efficiently access data with attributes other than the primary key. For more information, see `AWS::DynamoDB::Table`.	2010-05-15
Auto Scaling update	January 2, 2014	You can specify an instance ID for an Auto Scaling group or launch configuration. You can also specify additional Auto Scaling block device properties. For more information, see `AWS::AutoScaling::AutoScalingGroup` or `AWS::AutoScaling::LaunchConfiguration`.	2010-05-15
Amazon SQS update	January 2, 2014	You can update SQS queues and specify additional properties. For more information, see `AWS::SQS::Queue`.	2010-05-15
Limit increases	January 2, 2014	You can specify up to 60 parameters and 60 outputs in your AWS CloudFormation templates.	2010-05-15
New console	December 19, 2013	The new AWS CloudFormation console adds features like auto-refreshing stack events and alphabetical ordering of stack parameters.	2010-05-15
Cross-zone load balancing	December 19, 2013	With cross-zone load balancing, you can route traffic to back-end instances across all Availability Zones (AZs). For more information, see `AWS::ElasticLoadBalancing::LoadBalancer`.	2010-05-15
AWS Elastic Beanstalk environment tiers	December 19, 2013	You can specify whether AWS Elastic Beanstalk provisions resources to support a web server or to handle background processing tasks. For more information, see `AWS::ElasticBeanstalk::Environment`.	2010-05-15
Resource names	December 19, 2013	You can assign names (physical IDs) to the following resources: ElastiCache clusters Elastic Load Balancing load balancers RDS DB instances For more information, see Name Type.	2010-05-15
VPN support	November 22, 2013	You can enable a virtual private gateway (VGW) to propagate routes to the routing tables of a VPC. For more information, see `AWS::EC2::VPNGatewayRoutePropagation`.	2010-05-15
Conditionally create resources and assign properties	November 8, 2013	Using input parameters, you can control the creation and settings of designated stack resources by defining conditions in your AWS CloudFormation templates. For example, you can use conditions to create stack resources for a production environment. Using the same template, you can create similar stack resources with lower capacity for a test environment. For more information, see Condition Functions.	2010-05-15
Prevent accidental updates to stack resources	November 8, 2013	You can prevent stack updates that might result in unintentional changes to stack resources. For example, if you have a stack with a database layer that should rarely be updated, you can set a stack policy that prevents most users from updating that database layer. For more information, see Prevent Updates to Stack Resources.	2010-05-15
Name resources	November 8, 2013	Instead of using AWS CloudFormation-generated physical IDs, you can assign names to certain resources. The following AWS CloudFormation resources support naming Amazon CloudWatch alarms DynamoDB tables AWS Elastic Beanstalk applications and environments Amazon S3 buckets Amazon SNS topics Amazon SQS queues For more information, see Name Type.	2010-05-15
Assign custom resource types	November 8, 2013	In your templates, you can specify your own resource type for AWS CloudFormation custom resources (`AWS::CloudFormation::CustomResource`). By using your own custom resource type name, you can quickly identify the type of custom resources that you have in your stack. For example, you can specify `"Type": "Custom::MyCustomResource"`. For more information, see `AWS::CloudFormation::CustomResource`.	2010-05-15
Add pseudo parameter	November 8, 2013	You can now refer to the AWS AccountID inside AWS CloudFormation templates by referring to the `AWS::AccountID` pseudo parameter. For more information, see Pseudo Parameters Reference.	2010-05-15
Specify stacks in IAM policies	November 8, 2013	You can allow or deny IAM users, groups, or roles to operate on specific AWS CloudFormation stacks. For example, you can deny the delete stack action on a specific stack ID. For more information, see Controlling Access with AWS Identity and Access Management.	2010-05-15
Federation support	October 14, 2013	AWS CloudFormation supports temporary security credentials from IAM roles, which enable scenarios such as federation and single sign-on to the AWS Management Console. You can also make calls to AWS CloudFormation from EC2 instances without embedding long-term security credentials by using IAM roles. For more information about AWS CloudFormation and IAM, see Controlling Access with AWS Identity and Access Management.	2010-05-15
Amazon RDS read replica support	September 24, 2013	You can now create Amazon RDS read replicas from a source DB instance. For more information, see the `SourceDBInstanceIdentifier` property in the `AWS::RDS::DBInstance` resource.	2010-05-15
Associate public IP address with instances in an Auto Scaling group	September 19, 2013	You can now associate public IP addresses with instances in an Auto Scaling group. For more information, see `AWS::AutoScaling::LaunchConfiguration`.	2010-05-15
Additional VPC support	September 17, 2013	AWS CloudFormation adds several enhancements to support VPC and VPN functionality You can associate a public IP address and multiple private IP addresses to Amazon EC2 network interfaces. For more information, see `AWS::EC2::NetworkInterface`. You can also associate a primary private IP address to an elastic IP address (EIP). You can enable DNS support and specify DNS host names. For more information, see `AWS::EC2::VPC`. You can specify a static route between a virtual private gateway to your VPN gateway. For more information, see `AWS::EC2::VPNConnectionRoute`.	2010-05-15
Redis and VPC security groups support for Amazon ElastiCache	September 3, 2013	You can now specify Redis as the cache engine for an Amazon ElastiCache (ElastiCache) cluster. You can also now assign VPC security groups to ElastiCache clusters. For more information, see `AWS::ElastiCache::CacheCluster`.	2010-05-15
Parallel stack creation, update and deletion, and nested stack updates	August 12, 2013	AWS CloudFormation now creates, updates, and deletes resources in parallel, improving the operations' performance. If you update a top-level template, AWS CloudFormation automatically updates nested stacks that have changed. For more information, see AWS CloudFormation Stacks Updates.	2010-05-15
VPC security groups can now be set in RDS DB instances	February 28, 2013	You can now assign VPC security groups to an RDS DB instance with AWS CloudFormation. For more information, see the VPCSecurityGroups property in `AWS::RDS::DBInstance`.	2010-05-15
Rolling deployments for Amazon EC2 Auto Scaling groups	February 20, 2013	AWS CloudFormation now supports update policies on Amazon EC2 Auto Scaling groups, which describe how instances in the Amazon EC2 Auto Scaling group are replaced or modified when the Amazon EC2 Auto Scaling group adds or removes instances. You can modify these settings at stack creation or during a stack update. For more information and an example, see UpdatePolicy Attribute.	2010-05-15
Cancel and rollback action for stack updates	February 20, 2013	AWS CloudFormation supports the ability to cancel a stack update. The stack must be in the UPDATE_IN_PROGRESS state when the update request is made. More information is available in the following topics: Canceling a Stack Update `aws cloudformation cancel-update-stack` `CancelUpdateStack` in the AWS CloudFormation API Reference	2010-05-15
EBS-optimized instances for Amazon EC2 Auto Scaling groups	February 20, 2013	You can now provision EBS-optimized instances in Amazon EC2 Auto Scaling groups for dedicated throughput to Amazon Elastic Block Store (Amazon EBS) in autoscaled instances. The implementation is similar to that of the previously released support for optimized Amazon EBS EC2 instances. For more information, see the new `EbsOptimized` property in `AWS::AutoScaling::LaunchConfiguration`.	2010-05-15
New documentation	December 21, 2012	`AWS::EC2::Instance` now provides a `BlockDeviceMappings` property to allow you to set block device mappings for your EC2 instance. With this change, two new types have been added: BlockDeviceMapping Block Device	2010-05-15
New documentation	December 21, 2012	New sections have been added to describe the procedures for creating and viewing stacks using the recently redesigned AWS Management Console. You can find them here: Creating a Stack on the AWS CloudFormation Console Viewing AWS CloudFormation Stack Data and Resources on the AWS Management Console	2010-05-15
New documentation	November 15, 2012	Information about custom resources is provided in the following topics: Custom Resources `AWS::CloudFormation::CustomResource` Custom Resource Reference	2010-05-15
Updated documentation	November 15, 2012	AWS CloudFormation now supports specifying provisioned I/O operations per second (IOPS) for RDS DB instances. You can set this value from 1000–10,000 in 1000 IOPS increments by using the new Iops property in `AWS::RDS::DBInstance` . For more information about specifying IOPS for RDS DB instances, see Provisioned IOPS in the Amazon Relational Database Service User Guide.	2010-05-15
New and updated documentation	August 27, 2012	Topics have been reorganized to more clearly provide specific information about using the AWS Management Console and using the AWS CloudFormation command line interface (CLI). Information about tagging AWS CloudFormation stacks has been added, including new guides and updated reference topics: New topic in Using the Console: Setting AWS CloudFormation Stack Options. New information about tags in the AWS CloudFormation API reference: `CreateStack`, `Stack`, and `Tag`. New information about working with Windows stacks: Microsoft Windows Amazon Machine Images (AMIs) and AWS CloudFormation Templates Bootstrapping AWS CloudFormation Windows Stacks New topic: Using Regular Expressions in AWS CloudFormation Templates.	2010-05-15
New feature	April 25, 2012	AWS CloudFormation now provides full support for Virtual Private Cloud (VPC) security with Amazon EC2. You can now create and populate an entire VPC with every type of VPC resource (subnets, gateways, network ACLs, route tables, and so forth) using a single AWS CloudFormation template. Documentation for the following resource types has been updated: `AWS::EC2::SecurityGroup` `AWS::EC2::SecurityGroupIngress` `AWS::EC2::SecurityGroupEgress` `AWS::EC2::Instance` `AWS::AutoScaling::AutoScalingGroup` `AWS::EC2::EIP` `AWS::EC2::EIPAssociation` `AWS::ElasticLoadBalancing::LoadBalancer` New resource types have been added to the documentation: `AWS::EC2::VPC` `AWS::EC2::InternetGateway` `AWS::EC2::DHCPOptions` `AWS::EC2::DHCPOptions` `AWS::EC2::RouteTable` `AWS::EC2::NetworkAcl` `AWS::EC2::NetworkAclEntry` `AWS::EC2::Subnet` `AWS::EC2::VPNGateway` `AWS::EC2::CustomerGateway`	2010-05-15
New feature	April 13, 2012	AWS CloudFormation now allows you to add or remove elements from a stack when updating it. AWS CloudFormation Stacks Updates has been updated, and a new section has been added to the walkthrough: Change the Stack's Resources, which describes how to add and remove resources when updating the stack.	2010-05-15
New feature	February 2, 2012	AWS CloudFormation now provides support for resources in an existing Amazon Virtual Private Cloud (Amazon VPC). With this release, you can: Launch an EC2 Dedicated instance into an existing Amazon VPC. For more information, see `AWS::EC2::Instance`. Set the `SourceDestCheck` attribute of an EC2 instance that resides in an existing Amazon VPC. For more information, see `AWS::EC2::Instance`. Create Elastic IP addresses in an existing Amazon VPC. For more information, see `AWS::EC2::EIP`. Use AWS CloudFormation to create Amazon VPC security groups and ingress/egress rules in an existing VPC. For more information, see `AWS::EC2::SecurityGroup`. Associate an Auto Scaling group with an existing Amazon VPC by setting the `VPCZoneIdentifier` property of your `AWS::AutoScaling::AutoScalingGroup` resource. For more information, see `AWS::AutoScaling::AutoScalingGroup`. Attach an Elastic Load Balancing load balancer to a Amazon VPC subnet and create security groups for the load balancer. For more information, see `AWS::ElasticLoadBalancing::LoadBalancer`. Create an RDS DB instance in an existing Amazon VPC. For more information, see `AWS::RDS::DBInstance`.	2010-05-15
New feature	February 2, 2012	You can now update properties for the following resources in an existing stack: `AWS::EC2::SecurityGroupIngress` `AWS::EC2::SecurityGroupEgress` `AWS::EC2::EIPAssociation` `AWS::RDS::DBSubnetGroup` `AWS::RDS::DBSecurityGroup` `AWS::RDS::DBSecurityGroupIngress` `AWS::Route53::RecordSetGroup` For a complete list of updatable resources and details about what to consider when updating a stack, see AWS CloudFormation Stacks Updates.	2010-05-15
Restructured guide	February 2, 2012	Reorganized existing sections into new sections: Working with AWS CloudFormation Templates and Managing Stacks. Moved Template Reference to the top level of the Table of Contents. Moved Estimating the Cost of Your AWS CloudFormation Stack to the Getting Started section.	2010-05-15
New content	February 2, 2012	Added three new sections: Walkthrough: Updating a Stack is a tutorial that walks through the process of updating a LAMP stack. Deploying Applications on Amazon EC2 with AWS CloudFormation describes how to use AWS CloudFormation helper scripts to deploy applications using metadata stored in your template. CloudFormation Helper Scripts Reference provides reference material for the AWS CloudFormation helper scripts (cfn-init, cfn-get-metadata, cfn-signal, and cfn-hup).	2010-05-15
New feature	May 26, 2011	AWS CloudFormation now provides the `aws cloudformation list-stacks` command, which enables you to list stacks filtered by stack status. Deleted stacks can be listed for up to 90 days after they have been deleted. For more information, see Describing and Listing Your Stacks.	2010-05-15
New features	May 26, 2011	The `aws cloudformation describe-stack-resources` and `aws cloudformation get-template` commands now enable you to get information from stacks that have been deleted for 90 days after they have been deleted. For more information, see Listing Resources and Retrieving a Template.	2010-05-15
New link	March 1, 2011	AWS CloudFormation endpoint information is now located in the AWS General Reference. For more information, go to Regions and Endpoints in Amazon Web Services General Reference.	2010-05-15
Initial release	February 25, 2011	The initial public release of AWS CloudFormation.	2010-05-15

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Troubleshooting

Release history for helper scripts

Release history

Warning

Note

Earlier updates