Release History

The following table describes important changes in each release of the AWS CloudFormation User Guide after May 2018. For notification about updates to this documentation, you can subscribe to an RSS feed.

Change	Description	Date
Updated resource	The following resource was updated: AWS::CloudWatch::InsightRule. AWS::CloudWatch::InsightRule The AWS::CloudWatch::InsightRule resource now supports tags. Use the AWS::CloudWatch::InsightRule resource to create Contributor Insights rules. For more information, see Using Contributor Insights to Analyze High-Cardinality Data.	April 2, 2020
Updated resource	The following resource was updated: AWS::FSx::FileSystem AWS::FSx::FileSystem Use the `StorageType` property to specify the type of storage for the file system, either solid state drive, `SSD` or hard disk drive, `HDD`. In the WindowsConfiguration property type, use the `DeploymentType` property to specify a new Amazon FSx for Windows File Server file system deployment type, `SINGLE_AZ_2`, the latest generation of Single-AZ file systems.	April 2, 2020
Updated resource	The following resource was updated: AWS::ServiceCatalog::LaunchRoleConstraint. AWS::ServiceCatalog::LaunchRoleConstraint Use the `LocalRoleName` property to specify an IAM role to use when an account uses a launch constraint.	April 2, 2020
Updated resource	The following resource was updated: `AWS::ApiGatewayV2::Integration`. AWS::ApiGatewayV2::Integration Use the `AWS::ApiGatewayV2::Integration` resource to create a private integration for an HTTP API.	March 26, 2020
Updated resource	The following resource was updated: AWS::AutoScaling::AutoScalingGroup AWS::AutoScaling::AutoScalingGroup Use the `MaxInstanceLifetime` property to specify the maximum amount of time, in seconds, that an instance can be in service.	March 26, 2020
Updated resource	The following resource was updated: AWS::EC2::Volume AWS::EC2::Volume Use the `MultiAttachEnabled` property to indicate whether Amazon EBS Multi-Attach is enabled.	March 26, 2020
Updated resource	The following resource was updated: AWS::IoT::TopicRule AWS::IoT::TopicRule In the Action property type: Use the `Http` property to send data to an HTTPS endpoint. Use the `IotEvents` property to send an input to an AWS IoT Events detector. Use the `IotSiteWise` property to send data from the MQTT message that triggered the rule to AWS IoT SiteWise asset properties. In the RepublishAction property type, use the `Qos` property to specify the Quality of Service (QoS) level to use when republishing messages.	March 26, 2020
Updated resource	The following resource was updated: AWS::RDS::DBInstance AWS::RDS::DBInstance The `AWS::RDS::DBInstance` resource now supports Read Replica across multiple Availability Zone deployments.	March 26, 2020
New resources	The following resources were added: AWS::Detective::Graph and AWS::Detective::MemberInvitation AWS::Detective::Graph Use the `AWS::Detective::Graph` resource to specify a Detective behavior graph. AWS::Detective::MemberInvitation Use the `AWS::Detective::MemberInvitation` resource to send an invitation to join a Detective behavior graph.	March 26, 2020
Updated resource	The following resource was updated: AWS::DMS::Endpoint AWS::DMS::Endpoint Use the `KafkaSettings` property to indicate how to configure the connection to the Apache Kafka cluster specified for your Kafka target endpoint.	March 23, 2020
Updated resource	The following resource was updated: AWS::EC2::ClientVpnEndpoint. AWS::EC2::ClientVpnEndpoint Use the `VpcId` and `SecurityGroupIds` properties to assign security groups to your Client VPN endpoint.	March 19, 2020
New resources	The following resources were added: AWS::NetworkManager::CustomerGatewayAssociation, AWS::NetworkManager::Device, AWS::NetworkManager::GlobalNetwork, AWS::NetworkManager::Link, AWS::NetworkManager::LinkAssociation, AWS::NetworkManager::Site, and AWS::NetworkManager::TransitGatewayRegistration AWS::NetworkManager::CustomerGatewayAssociation Use the `AWS::NetworkManager::CustomerGatewayAssociation` resource to specify an association between a customer gateway, device, and link. AWS::NetworkManager::Device Use the `AWS::NetworkManager::Device` resource to specify a device in a global network. AWS::NetworkManager::GlobalNetwork Use the `AWS::NetworkManager::GlobalNetwork` resource to specify a global network. AWS::NetworkManager::Link Use the `AWS::NetworkManager::Link` resource to specify a link for a site. AWS::NetworkManager::LinkAssociation Use the `AWS::NetworkManager::LinkAssociation` resource to specify an association between a device and a link. AWS::NetworkManager::Site Use the `AWS::NetworkManager::Site` resource to specify a site in a global network. AWS::NetworkManager::TransitGatewayRegistration Use the `AWS::NetworkManager::TransitGatewayRegistration` resource to specify the registration of a transit gateway in a global network.	March 19, 2020
New resource	The following resource was added: `AWS::CodeGuruProfiler::ProfilingGroup`. AWS::CodeGuruProfiler::ProfilingGroup Use the `AWS::CodeGuruProfiler::ProfilingGroup` resource to create a profiling group.	March 19, 2020
New resource	The following resource was added: AWS::ResourceGroups::Group AWS::ResourceGroups::Group Use the `AWS::ResourceGroups::Group` resource to create a resource group with the specified name, description, and resource query.	March 19, 2020
New resources	The following resources were added: `AWS::Cassandra::Keyspace` and `AWS::Cassandra::Table`. AWS::Cassandra::Keyspace Use the `AWS::Cassandra::Keyspace` resource to create a new keyspace in Amazon Managed Apache Cassandra Service. AWS::Cassandra::Table Use the `AWS::Cassandra::Table` resource to create a new table in Amazon Managed Apache Cassandra Service.	March 16, 2020
Updated resource	The following resources were updated: AWS::AppMesh::VirtualNode, AWS::AppMesh::VirtualRouter, AWS::AppMesh::VirtualService, and AWS::AppMesh::Route AWS::AppMesh::VirtualNode Use the `MeshOwner` property to specify the account ID that owns a shared mesh. AWS::AppMesh::Route Use the `MeshOwner` property to specify the account ID that owns a shared mesh. AWS::AppMesh::VirtualRouter Use the `MeshOwner` property to specify the account ID that owns a shared mesh. AWS::AppMesh::VirtualService Use the `MeshOwner` property to specify the account ID that owns a shared mesh.	March 12, 2020
Updated resource	The following resource was udpated: AWS::MSK::Cluster AWS::MSK::Cluster Use the `LoggingInfo` to stream broker logs to one or more of the following destination types: Amazon CloudWatch Logs, Amazon S3, Amazon Kinesis Data Firehose.	March 12, 2020
New and updated resources	The following resources were added or updated: `AWS::ApiGatewayV2::ApiGatewayManagedOverrides`, `AWS::ApiGatewayV2::Integration`, and `AWS::ApiGatewayV2::VpcLink`. AWS::ApiGatewayV2::ApiGatewayManagedOverrides Use the `AWS::ApiGatewayV2::ApiGatewayManagedOverrides` resource to override the default properties of API Gateway managed resources. AWS::ApiGatewayV2::Integration Use the `AWS::ApiGatewayV2::Integration` resource to create a private integration for an HTTP API. AWS::ApiGatewayV2::VpcLink Use the `AWS::ApiGatewayV2::VpcLink` resource to create a VPC link for an HTTP API.	March 12, 2020
Updated resources	The following resources were updated: AWS::Greengrass::ResourceDefinition and AWS::Greengrass::ResourceDefinitionVersion AWS::Greengrass::ResourceDefinition In the S3MachineLearningModelResourceData property type that defines a resource instance, use the `OwnerSetting` property to specify the Linux OS group owner and permissions for the downloaded machine learning resource. In the SageMakerMachineLearningModelResourceData property type that defines a resource instance, use the `OwnerSetting` property to specify the Linux OS group owner and permissions for the downloaded machine learning resource. AWS::Greengrass::ResourceDefinitionVersion In the S3MachineLearningModelResourceData property type that defines a resource instance, use the `OwnerSetting` property to specify the Linux OS group owner and permissions for the downloaded machine learning resource. In the SageMakerMachineLearningModelResourceData property type that defines a resource instance, use the `OwnerSetting` property to specify the Linux OS group owner and permissions for the downloaded machine learning resource.	March 9, 2020
Updated resource	The following resource was updated: AWS::CloudFront::Distribution. AWS::CloudFront::Distribution In the DistributionConfig property type, use the `OriginGroups` property to specify information about origin groups for this distribution.	March 5, 2020
Updated resource	The following resource was updated: AWS::EKS::Cluster AWS::EKS::Cluster EncryptionConfig Use the `AWS::EKS::Cluster EncryptionConfig` property to specify the encryption configuration for a Amazon EKS cluster. AWS::EKS::Cluster Provider Use the `AWS::EKS::Cluster Provider` property to specify the AWS Key Management Service (AWS KMS) customer master key (CMK) used to encrypt the secrets for a Amazon EKS cluster.	March 5, 2020
New resource	The following resource was added: Workgroups AWS::Athena::WorkGroup Use the `WorkGroup` resource to separate users, teams, applications, or workloads, set limits on the amount of data the workgroup or its queries can process, and track costs.	March 5, 2020
New resource	The following resource was added: AWS::Chatbot::SlackChannelConfiguration AWS::Chatbot::SlackChannelConfiguration Use the `AWS::Chatbot::SlackChannelConfiguration` resource to configure a Slack channel with AWS Chatbot.	March 5, 2020
New resource	The following resource was added: AWS::CodeStarConnections::Connection AWS::CodeStarConnections::Connection Use the `AWS::CodeStarConnections::Connection` resource to connect external source providers with services such as AWS CodePipeline.	March 5, 2020
New resource	The following resource was added: AWS::CloudWatch::CompositeAlarm. AWS::CloudWatch::CompositeAlarm Use the `AWS::CloudWatch::CompositeAlarm` property to create a composite alarm. Composite alarms evaluate their alarm state based on the alarm states of other CloudWatch rules.	March 2, 2020
Updated resource	The following resource was updated: AWS::AppMesh::VirtualNode AWS::AppMesh::VirtualNode Use the `BackendDefaults` property to specify a client policy for a backend. Use the `ClientPolicy` property to specify a client policy. Use the `ClientPolicyTls` property to specify a Transport Layer Security (TLS) client policy. Use the `ListenerTls` property to specify a TLS listener. Use the `ListenerTlsCertificate` property to specify the type of certificate to use for a client policy. Use the `ListenerTlsAcmCertificate` property to specify an AWS Certificate Manager certificate. Use the `ListenerTlsFileCertificate` property to specify properties of a local file certificate. Use the `TlsValidationContext` property to specify a TLS validation context trust. Use the `TlsValidationContextAcmTrust` property to specify a context trust for an AWS Certificate Manager certificate. Use the `TlsValidationContextFileTrust` property to specify a file that contains the certificate trust chain for a local file certificate. Use the `TlsValidationContextTrust` property to specify a TLS validation context trust. Use the `VirtualNodeSpec` property to specify `BackendDefaults`. Use the `Listener` property to specify a `ListenerTls`.	February 27, 2020
Updated resource	The following resource was updated: AWS::FSx::FileSystem AWS::FSx::FileSystem In the LustreConfiguration property type: Use the `DeploymentType` property to specify the Amazon FSx for Lustre file system deployment type, either `PERSISTENT_1`, `SCRATCH_2`, or `SCRATCH_1`. Use the `PerUnitStorageThroughput` property to specify the throughput in MB/s/TiB for a `PERSISTENT_1` Amazon FSx for Lustre file system deployment type.	February 27, 2020
New resources	The following resources were added: AWS::GroundStation::Config, AWS::GroundStation::DataflowEndpointGroup, and AWS::GroundStation::MissionProfile AWS::GroundStation::Config Use the `AWS::GroundStation::Config` resource to specify a Config with the specified parameters. AWS::GroundStation::DataflowEndpointGroup Use the `AWS::GroundStation::DataflowEndpointGroup` resource to specify a Dataflow Endpoint Group request. AWS::GroundStation::MissionProfile Use the `AWS::GroundStation::MissionProfile` resource to specify parameters and provide references to config objects to define how Ground Station lists and executes contacts.	February 27, 2020
Updated resource	The following resources was updated: AWS::CodeBuild::Project AWS::CodeBuild::Project Use the `ProjectFileSystemLocation` property to specify a file system that your AWS CodeBuild build project mounts. You use Amazon Elastic File System (EFS) to create the file system. For more information, see Amazon Elastic File System Sample for CodeBuild.	February 20, 2020
Updated resource	The following resource was updated: AWS::Neptune::DBCluster AWS::Neptune::DBCluster Use the `DeletionProtection` property to help prevent inadvertent deletion of your DB cluster. Use the `EngineVersion` property to specify the engine version that your new DB cluster will use.	February 18, 2020
New resources	The following resources were added: AWS::EC2::LocalGatewayRoute and AWS::EC2::LocalGatewayRouteTableVPCAssociation. AWS::EC2::LocalGatewayRoute Use the `LocalGatewayRoute` resource to associate the specified VPC with the specified local gateway route table. AWS::EC2::LocalGatewayRouteTableVPCAssociation Use the `LocalGatewayRouteTableVPCAssociation` resource to associate the specified VPC with the specified local gateway route table.	February 14, 2020
Updated resources	The following resource were updated: AWS::ElasticLoadBalancingV2::Listener and AWS::ElasticLoadBalancingV2::ListenerRule AWS::ElasticLoadBalancingV2::Listener In the Action property type, use the `ForwardConfig` property to specify an action that distributes requests among one or more target groups. AWS::ElasticLoadBalancingV2::ListenerRule In the Action property type, use the `ForwardConfig` property to specify an action that distributes requests among one or more target groups.	February 13, 2020
Updated resources	The following resources were updated: AWS::Transfer::Server and AWS::Transfer::User. AWS::Transfer::Server In the EndpointDetails property type, use the `AddressAllocationIds` property to add a list of address allocation IDs that are required to attach an Elastic IP address to your SFTP server's endpoint. In the EndpointDetails property type, use the `SubnetIds` property to add a list of subnet IDs that are required to host your SFTP server endpoint in your virtual private cloud (VPC). In the EndpointDetails property type, use the `VpcId` property to add the VPC ID in which the SFTP server's endpoint will be hosted. AWS::Transfer::User Use the`HomeDirectoryMappings` property to set the logical directory mappings that specify what S3 paths and keys should be visible to your user and how to want to make them visible. Use the `HomeDirectoryType` property to set the type of landing directory (folder) you want your users' home directory to be when they log into the SFTP server.	February 13, 2020
New resource	The following resources was added: AWS::Config::ConformancePack AWS::Config::ConformancePack Use the `AWS::Config::ConformancePack` resource to create a Conformance Pack that is a collection of AWS Config rules that can be easily deployed in an account and a region and across AWS Organization.	February 13, 2020
New resource	The following resources was added: AWS::Config::OrganizationConformancePack AWS::Config::OrganizationConformancePack Use the `AWS::Config::OrganizationConformancePack` resource to create an OrganizationConformancePack that has information about conformance packs that AWS Config creates in the member accounts.	February 13, 2020
New resource	The following resources were added: AWS::FMS::NotificationChannel and AWS::FMS::Policy AWS::FMS::NotificationChannel Use the `AWS::FMS::NotificationChannel` resource to designate the IAM role and Amazon Simple Notification Service (SNS) topic that AWS Firewall Manager uses to record SNS logs. AWS::FMS::Policy Use the `AWS::FMS::Policy` resource to specify an AWS Firewall Manager policy.	February 13, 2020
AWS CloudFormation StackSets integrates with AWS Organizations	Use StackSets to centrally manage deployments to all the accounts in your organization or specific organizational units (OUs) in AWS Organizations. You can enable automatic deployments to any new accounts added to your organization or OUs. The permissions needed to deploy across accounts will automatically be handled by StackSets. For more information, see Working with AWS CloudFormation StackSets.	February 11, 2020
Updated resources	The following resources were updated: AWS::EC2::LaunchTemplate and AWS::EC2::ClientVpnEndpoint AWS::EC2::LaunchTemplate Use the `MetadataOptions` property to configure the Instance Metadata Service (IMDS) for the instance. Use the `HostResourceGroupArn` property to specify the ARN of the host resource group in which to launch the instances. Use the `PartitionNumber` property to specify a target partition in a partition placement group. Use the `LaunchTemplateElasticInferenceAccelerator` property to specify the number of elastic inference accelerators to attach to the instance. AWS::EC2::ClientVpnEndpoint Use the `VpnPort` property to assign a port number for TCP and UDP traffic.	February 6, 2020
Updated resource	The following resource was updated: AWS::AppSync::GraphQLApi. AWS::AppSync::GraphQLApi When the property `xrayEnabled` is set to `TRUE`, X-Ray tracing is enabled for this `GraphqlApi`.	February 6, 2020
Updated resource	The following resource was updated: AWS::Cognito::UserPool AWS::Cognito::UserPool Added `AccountRecoverySetting` parameter to define which verified available method a user can use to recover their password.	February 6, 2020
Updated resource	The following resource was updated: AWS::OpsWorksCM::Server AWS::OpsWorksCM::Server Use the `Tags` property to add tag keys and values to an AWS OpsWorks for Chef Automate or AWS OpsWorks for Puppet Enterprise server.	February 6, 2020
New resource	The following resource was added: AWS::WAFv2::WebACLAssociation. AWS WAFv2 Use the web ACL association to define an association between a Web ACL and a regional application resource, to protect the resource. A regional application can be an Application Load Balancer (ALB) or an API Gateway stage. For CloudFront distributions, you use AWS::CloudFront::Distribution to manage the association.	February 6, 2020
Updated resources	The following resources were updated: AWS::Pinpoint::EmailTemplate, AWS::Pinpoint::PushTemplate, and AWS::Pinpoint::SmsTemplate AWS::Pinpoint::EmailTemplate Use the `DefaultSubstitutions` property to specify the default values to use for message variables in a message template. Use the `TemplateDescription` property to specify a custom description of a message template. AWS::Pinpoint::PushTemplate Use the `DefaultSubstitutions` property to specify the default values to use for message variables in a message template. Use the `TemplateDescription` property to specify a custom description of a message template. AWS::Pinpoint::SmsTemplate Use the `DefaultSubstitutions` property to specify the default values to use for message variables in a message template. Use the `TemplateDescription` property to specify a custom description of a message template.	January 23, 2020
New resources	The following resources were added: AWS::ACMPCA::Certificate, AWS::ACMPCA::CertificateAuthority, and AWS::ACMPCA::CertificateAuthorityActivation. AWS::ACMPCA::Certificate The `AWS::ACMPCA::Certificate` resource is used to issue a certificate using your private certificate authority. AWS::ACMPCA::CertificateAuthority Use the `AWS::ACMPCA::CertificateAuthority` resource to create a private CA. AWS::ACMPCA::CertificateAuthorityActivation The `AWS::ACMPCA::CertificateAuthorityActivation` resource creates and installs a CA certificate on a CA.	January 23, 2020
New resource	The following resource was added: AWS::AppConfig::Application AWS::AppConfig::Application The `AWS::AppConfig::Application` resource creates an application, which is a logical unit of code that provides capabilities for your customers.	January 23, 2020
New resource	The following resource was added: AWS::AppConfig::ConfigurationProfile AWS::AppConfig::ConfigurationProfile The `AWS::AppConfig::ConfigurationProfile` resource creates a configuration profile that enables AppConfig to access the configuration source. Valid configuration sources include Systems Manager (SSM) documents and SSM Parameter Store parameters.	January 23, 2020
New resource	The following resource was added: AWS::AppConfig::Deployment AWS::AppConfig::Deployment The `AWS::AppConfig::Deployment` resource starts a deployment. Starting a deployment in AWS AppConfig calls the `StartDeployment` API action. This call includes the IDs of the AppConfig application, the environment, the configuration profile, and (optionally) the configuration data version to deploy. The call also includes the ID of the deployment strategy to use, which determines how the configuration data is deployed.	January 23, 2020
New resource	The following resource was added: AWS::AppConfig::Environment AWS::AppConfig::Environment The `AWS::AppConfig::Environment` resource creates an environment, which is a logical deployment group of AppConfig targets, such as applications in a `Beta` or `Production` environment. You define one or more environments for each AppConfig application. You can also define environments for application subcomponents such as the `Web`, `Mobile` and `Back-end` components for your application. You can configure Amazon CloudWatch alarms for each environment. The system monitors alarms during a configuration deployment. If an alarm is triggered, the system rolls back the configuration.	January 23, 2020
New resource	The following resource was added: AWS::AppConfig::DeploymentStrategy AWS::AppConfig::DeploymentStrategy The `AWS::AppConfig::DeploymentStrategy` resource creates an AppConfig deployment strategy. A deployment strategy defines important criteria for rolling out your configuration to the designated targets. A deployment strategy includes: the overall duration required, a percentage of targets to receive the deployment during each interval, an algorithm that defines how percentage grows, and bake time.	January 23, 2020
Updated resources	The following resource was updated: AWS::Lambda::Function. AWS::Lambda::Function In the Code property type, `ZipFile` supports `nodejs12.x` for `RunTime`.	January 16, 2020
Updated resource	The following resource was updated: AWS::AutoScaling::AutoScalingGroup. AWS::AutoScaling::AutoScalingGroup Use the `WeightedCapacity` property to specify the number of capacity units, which gives the instance type a proportional weight to other instance types.	January 16, 2020
Updated resource	The following resource was updated: AWS::EC2::Instance. AWS::EC2::Instance Use the `HibernationOptions` property to indicate whether the instance is enabled for hibernation. Use the `HostResourceGroupArn` property to specify the ARN of the host resource group in which to launch the instances.	January 16, 2020
Updated resource	The following resource was updated: AWS::LakeFormation::Permissions AWS::LakeFormation::Permissions Use the `DataLocationResource` property to specify a structure for a data location object where permissions are granted or revoked. Use the `TableWithColumnsResource` property to specify a structure for a table with columns object. This object is only used when granting a SELECT permission.	January 16, 2020
Updated resource	The following resource was updated: AWS::RDS::DBInstance. AWS::RDS::DBInstance Use the `CACertificateIdentifier` property to specify the identifier of the CA certificate for this DB instance.	January 16, 2020
Updated resource	The following resource was updated: AWS::SSM::ResourceDataSync AWS::SSM::ResourceDataSync Use the `SyncType` property with `SyncFromSource` to synchronize Systems Manager Explorer OpsItems and OpsData from AWS Organizations or from multiple AWS Regions.	January 16, 2020
Updated resources	The following resources were updated: AWS::MSK::Cluster, AWS::RDS::DBInstance, and AWS::SSM::Document AWS::MSK::Cluster Use the `OpenMonitoring` property to enable monitoring with Prometheus, an open-source monitoring system for time-series metric data. You can also use tools that are compatible with Prometheus-formatted metrics or tools that integrate with Amazon MSK Open Monitoring. AWS::SSM::Document Use the `Name` property to specify a name for the Systems Manager document. AWS::RDS::DBInstance Use the `MaxAllocatedStorage` property to specify the upper limit to which Amazon RDS can automatically scale the storage of the DB instance.	December 20, 2019
New resource	The following resource was added: AWS::CodeBuild::ReportGroup AWS::CodeBuild::ReportGroup Use the `AWS::CodeBuild::ReportGroup` resource to specify information about a report group. When you specify a report group in a CodeBuild project, a build of the project creates reports in the report group that contain results from running test cases.	December 20, 2019
New resource	The following resource was added: AWS::EC2::GatewayRouteTableAssociation. AWS::EC2::GatewayRouteTableAssociation Use the `AWS::EC2::GatewayRouteTableAssociation` property to associate a virtual private gateway or internet gateway with a route table.	December 20, 2019
Updated resources	The following resource was updated: AWS::RDS::DBInstance. AWS::RDS::DBInstance Use the `MaxAllocatedStorage` property to specify the upper limit to which Amazon RDS can automatically scale the storage of the DB instance.	December 19, 2019
Updated resource	The following resource was updated: AWS::FSx::FileSystem AWS::FSx::FileSystem In the WindowsConfiguration property type: Use the `DeploymentType` property to specify the Amazon FSx Windows file system deployment type. Use the `PreferredSubnetId` property to specify the subnet in which you want the preferred file server to be located for a `MULTI_AZ_1` Amazon FSx for Windows file system deployment type.	December 19, 2019
Updated resource	The following resource was updated: AWS::FSx::FileSystem AWS::FSx::FileSystem In the WindowsConfiguration property type: Use the `DeploymentType` property to specify the file system deployment type. Use the `PreferredSubnetId` property to specify the subnet in which you want the preferred file server to be located.	December 19, 2019
New resource	The following resource was added: AWS::EC2::GatewayRouteTableAssociation. AWS::EC2::GatewayRouteTableAssociation Use the `AWS::EC2::GatewayRouteTableAssociation` property to associate a virtual private gateway or internet gateway with a route table.	December 19, 2019
Updated resource	The following resource was updated: AWS::EC2::Instance. AWS::EC2::Instance In the ElasticInferenceAccelerator property type, use the `Count` property to specify the number of elastic inference accelerators to attach to the instance.	December 12, 2019
New resource	The following resource was added: AWS::CodeBuild::ReportGroup AWS::CodeBuild::ReportGroup Use the `AWS::CodeBuild::ReportGroup` resource to specify information about a report group. When you specify a report group in a CodeBuild project, a build of the project creates reports in the report group that contain results from running test cases.	December 12, 2019
Updated resources	The following resources were updated: `AWS::ApiGatewayV2::Api`, `AWS::ApiGatewayV2::Authorizer`, `AWS::ApiGatewayV2::Integration`, `AWS::ApiGatewayV2::Stage`. AWS::ApiGatewayV2::Api Use the `AWS::ApiGatewayV2::Api` resource to create an HTTP API (beta). AWS::ApiGatewayV2::Authorizer Use the `AWS::ApiGatewayV2::Authorizer` resource to create a JWT authorizer for an HTTP API (beta). AWS::ApiGatewayV2::Integration Use the `AWS::ApiGatewayV2::Integration` resource to create an integration for an HTTP API (beta). AWS::ApiGatewayV2::Stage Use the `AWS::ApiGatewayV2::Stage` resource to create a stage for an HTTP API (beta).	December 4, 2019
Updated resources	The following resources were updated: AWS::Lambda::Alias and AWS::Lambda::Version. AWS::Lambda::Alias Use the `ProvisionedConcurrencyConfiguration` property to specify a provisioned concurrency configuration for a function's alias. AWS::Lambda::Version Use the `ProvisionedConcurrencyConfiguration` property to specify a provisioned concurrency configuration for a function's version.	December 3, 2019
Updated resource	The following resource was updated: `AWS::StepFunctions::StateMachine`. AWS::StepFunctions::StateMachine The `AWS::StepFunctions::StateMachine` now supports Express workflows using the new `StateMachineType` parameter. you can also configure CloudWatch Logging information for Express workflows using `LoggingConfiguration`, `LogDestination`, and `CloudWatchLogsLogGroup`.	December 3, 2019
New resource	The following resource was added: AWS::S3::AccessPoint Access Points Use the `AWS::S3::AccessPoint` resource to specify an S3 access point.	December 3, 2019
New resource	The following resource was added: AWS::AccessAnalyzer::Analyzer AWS::AccessAnalyzer::Analyzer Use the `AWS::AccessAnalyzer::Analyzer` resource to create an analyzer for IAM Access Analyzer.	December 2, 2019
New resource	The following resources were added: `AWS::EventSchemas::Discoverer`, `AWS::EventSchemas::Registry`, and `AWS::EventSchemas::Schema`. AWS::EventSchemas::Discoverer Use the `AWS::EventSchemas::Discoverer` resource to specify a discoverer that is associated with an event bus. A discoverer allows the Amazon EventBridge Schema Registry to automatically generate schemas based on events on an event bus. AWS::EventSchemas::Registry Use the `AWS::EventSchemas::Registry` to specify a schema registry. Schema registries are containers for Schemas. Registries collect and organize schemas so that your schemas are in logical groups. AWS::EventSchemas::Schema Use the `AWS::EventSchemas::Schema` resource to specify an event schema.	December 1, 2019
New resource	The following resource was added: AWS::Lambda::EventInvokeConfig AWS::Lambda::EventInvokeConfig Use the `EventInvokeConfig` resource to configure destinations and error handling for asynchronous invocation.	November 26, 2019
Updated resource	The following resource was updated: AWS::CloudWatch::Alarm. AWS::CloudWatch::Alarm In the MetricDataQuery property type, use the `Period` property to specify the granularity, in seconds, of the returned data points.	November 25, 2019
Updated resource	The following resource was updated: AWS::CodePipeline::Pipeline. AWS::CodePipeline::Pipeline In the ActionDeclaration property type, use the `Namespace` property to specify the variable namespace associated with the action. All variables produced as output by this action fall under this namespace.	November 25, 2019
Updated resource	The following resource was updated: AWS::Lambda::EventSourceMapping. AWS::Lambda::EventSourceMapping For stream sources (DynamoDB and Kinesis), use the `BisectBatchOnFunctionError` property to split the batch in two and retry if the function returns an error. For stream sources (DynamoDB and Kinesis), use the `DestinationConfig` property to specify an Amazon SQS queue or Amazon SNS topic destination for discarded records. For stream sources (DynamoDB and Kinesis), use the `MaximumRecordAgeInSeconds` property to specify the maximum age of a record that Lambda sends to a function for processing. For stream sources (DynamoDB and Kinesis), use the `MaximumRetryAttempts` property to specify the maximum number of times to retry when the function returns an error. For stream sources (DynamoDB and Kinesis), use the `ParallelizationFactor` property to specify the number of batches to process from each shard concurrently.	November 25, 2019
Updated resource	The following resource was updated: AWS::CloudWatch::Alarm. AWS::CloudWatch::Alarm In the MetricDataQuery property type, use the `Period` property to specify the granularity, in seconds, of the returned data points.	November 25, 2019
New resources	The following resources were added: AWS::ECS::PrimaryTaskSet, AWS::ECS::TaskSet. AWS::ECS::PrimaryTaskSet Use the `AWS::ECS::PrimaryTaskSet` resource to specify which task set in a service is the primary task set. Any parameters that are updated on the primary task set in a service will transition to the service. This is used when a service uses the `EXTERNAL` deployment controller type. AWS::ECS::TaskSet Use the `AWS::ECS::TaskSet` resource to create a task set in the specified cluster and service. This is used when a service uses the `EXTERNAL` deployment controller type.	November 25, 2019
New resource	The following resource was added: AWS::CloudWatch::InsightRule. AWS::CloudWatch::InsightRule Use the `AWS::CloudWatch::InsightRule` property to create a Contributor Insights rule. Rules evaluate log events in a CloudWatch Logs log group, enabling you to find contributor data for the log events in that log group.	November 25, 2019
New resource	The following resource was added: AWS WAFv2 AWS WAFv2 This is the latest version of AWS WAF, a web application firewall that lets you monitor HTTP(S) requests that are forwarded to an Amazon API Gateway API, Amazon CloudFront, or an Application Load Balancer. AWS WAF also lets you control access to your content.	November 25, 2019
Updated resources	The following resource were updated: AWS::AppSync::Resolver, AWS::AppSync::DataSource. AWS::AppSync::Resolver Use the `CachingConfig` property to specify the caching behavior of your AWS AppSync resolver. AWS::AppSync::Resolver Use the `SyncConfig` property to specify the conflict detection and resolution strategy of your AWS AppSync resolver. AWS::AppSync::Resolver Use the `LambdaConflictHandlerConfig` property to specify the ARN of the lambda that is used for handling conflicts in your AWS AppSync resolver. AWS::AppSync::DataSource Use the `DeltaSyncConfig` property to specify the delta sync configurations for your versioned AWS AppSync data source.	November 21, 2019
Updated resources	The following resources were updated: AWS::ECS::Cluster, AWS::ECS::Service, and AWS::ECS::TaskDefinition. AWS::ECS::Cluster Use the `ClusterSettings` property to specify the setting to use when creating a cluster. This parameter is used to enable CloudWatch Container Insights for a cluster. AWS::ECS::Service Use the `DeploymentController` property to specify the deployment controller to use for the service. AWS::ECS::TaskDefinition In the ContainerDefinition property type, use the `FirelensConfiguration` property to specify the FireLens configuration for the container. This is used to specify and configure a log router for container logs. In the LinuxParameters property type: use the `MaxSwap` property to specify the total amount of swap memory (in MiB) a container can use. use the `Swappiness` property to tune a container's memory swappiness behavior. A `swappiness` value of `0` will cause swapping to not happen unless absolutely necessary. A `swappiness` value of `100` will cause pages to be swapped very aggressively.	November 21, 2019
Updated resources	The following resources were updated: AWS::RDS::DBCluster and AWS::RDS::DBInstance. AWS::RDS::DBCluster Use the `EnableHttpEndpoint` property to indicate whether to enable the HTTP endpoint for an Aurora Serverless DB cluster. By default, the HTTP endpoint is disabled. When enabled, the HTTP endpoint provides a connectionless web service API for running SQL queries on the Aurora Serverless DB cluster. You can also query your database from inside the RDS console with the query editor. AWS::RDS::DBInstance For Oracle DB instances, Amazon RDS can use Kerberos Authentication to authenticate users that connect to the DB instance.	November 21, 2019
Updated resource	The following resource was updated: AWS::ApiGateway::RestApi. AWS::ApiGateway::RestApi Use the `VpcEndpointIds` property to specify VPC endpoint IDs of an API (AWS::ApiGateway::RestApi) against which to create Route53 ALIASes. It is only supported for `PRIVATE` endpoint type.	November 21, 2019
Updated resource	The following resource was updated: AWS::CertificateManager::Certificate AWS::CertificateManager::Certificate Use the `CertificateTransparencyLoggingPreference` property to enable or disable certificate transparency logging. Use the `PrivateCertificateAuthorityArn` property to specify an ACM Private CA as certificate issuer. Use the `GetAtt` function to retrieve the `CertificateARN` of the `AWS::CertificateManager::Certificate` resource. Use the `GetAtt` function to retrieve the `CertificateStatus` of the `AWS::CertificateManager::Certificate` resource. In the DomainValidationOption property type, use the `HostedZoneId` property to validate a domain with a Route 53 hosted zone ID.	November 21, 2019
Updated resource	The following resources were updated: AWS::Cognito::UserPool AWS::Cognito::UserPool Added `ConfigurationSet` and `From` properties to the `EmailConfiguration` parameter. AWS::Cognito::UserPoolClient Added `PreventUserExistenceErrors` parameter to help manage errors and responses when a user does not exist in the user pool. AWS::Cognito::UserPoolUser Use the `ClientMetadata` parameter to provide input to the AWS Lambda function that is invoked by the pre sign-up trigger.	November 21, 2019
Updated resource	The following resource was updated: AWS::EC2::EIP. AWS::EC2::EIP Use the `Tags` property to specify any tags for the Elastic IP address.	November 21, 2019
Updated resource	The following resource was updated: AWS::Elasticsearch::Domain. AWS::Elasticsearch::Domain Use the `CognitoOptions` property to configure Amazon ES to use Amazon Cognito authentication for Kibana. Use the UpgradeElasticsearchVersion update policy to update the `ElasticsearchVersion` property without replacing the `AWS::Elasticsearch::Domain` resource.	November 21, 2019
Updated resource	The following resource was updated: AWS::Glue::MLTransform AWS::Glue::MLTransform Use the `GlueVersion` property to specify which version of AWS Glue this machine learning transform is compatible with.	November 21, 2019
Updated resource	The following resource was updated: AWS::IAM::User. AWS::IAM::User Use the `Tags` property to specify a list of tags that you want to attach to the newly created user.	November 21, 2019
Updated resource	The following resource was updated: AWS::OpsWorksCM::Server AWS::OpsWorksCM::Server Use the `CustomDomain` property to specify a custom domain on an OpsWorks for Chef Automate Server running Chef Automate 2.0. Use the `CustomCertificate` property to specify a PEM-formatted HTTPS certificate for a server with a custom domain. Use the `CustomPrivateKey` property to specify a private key in PEM format for connecting to a server that uses a custom domain.	November 21, 2019
Updated resource	The following resource was updated: AWS::S3::Bucket. AWS::S3::Bucket In the Transition property type, the `StorageClass` property supports `DEEP_ARCHIVE`.	November 21, 2019
Updated resource	The following resource was updated: AWS::Lambda::Function. AWS::Lambda::Function In the Code property type, `ZipFile` supports `nodejs10.x` for `RunTime`.	November 21, 2019
New resource	The following resource was added: AWS::AppSync::ApiCache. AWS::AppSync::ApiCache Use the `AWS::AppSync::ApiCache` resource to enable resolver caching with AWS AppSync.	November 21, 2019
Drift Detection for Stack Sets	You can now run drift detection on a stack set and all the stack instances it includes. When CloudFormation performs drift detection on a stack set, it performs drift detection on the stack associated with each stack instance in the stack set. For more details, see Detecting Unmanaged Configuration Changes in Stack Sets.	November 19, 2019
Updated resource	The following resource was updated to support Amazon EKS managed node groups: AWS::EKS::Cluster AWS::EKS::Cluster Use the `AWS::EKS::Cluster` resource to create a new Amazon EKS cluster.	November 18, 2019
New resource	The following resource was added: AWS::EKS::Nodegroup AWS::EKS::Nodegroup Use the `AWS::EKS::Nodegroup` resource to create a new Amazon EKS managed node group.	November 18, 2019
CloudFormation registry now available	Use the CloudFormation registry to view private and public resources that are available for use in your CloudFormation account. For more information, see Using the CloudFormation Registry	November 18, 2019
CloudFormation registry API actions	The following API actions for managing types in the CloudFormation registry are now available. For more information about the CloudFormation registry, see Using the CloudFormation Registry DeregisterType Removes a type or type version from active use in the CloudFormation registry. DescribeType Returns detailed information about a registered type. DescribeTypeRegistration Returns information about a type's registration, including its current status and type and version identifiers. ListTypeRegistrations Returns a list of registration request identifiers for the specified type. ListTypes Returns summary information about types that have been registered with CloudFormation. ListTypeVersions Returns summary information about the versions of a type. RegisterType Registers a type with the CloudFormation service. Registering a type makes it available for use in CloudFormation templates in your AWS account. SetTypeDefaultVersion Specify the default version of a type. The default version of a type will be used in CloudFormation operations.	November 18, 2019
Updated resources	The following resources were updated: AWS::GameLift::Build, AWS::GameLift::Fleet. AWS::GameLift::Build Use the `OperatingSystem` property to specify the operating system that the build files run on. AWS::GameLift::Fleet Use the `CertificateConfiguration` property to generate a TLS/SSL certificate for the new fleet. Use the `FleetType` property to specify use of On-Demand or Spot instances in the fleet. Use the `InstanceRoleArn` property to manage access to your non-GameLift AWS resources from GameLift fleet instances. Use the `MetricGroups` property to add fleet metrics to a CoudWatch metric group. Use the `NewGameSessionProtectionPolicy` property to prevent the fleet's active game sessions from being terminated during a scaledown event. Use the `PeerVpcAwsAccountId` property when setting up VPC peering for the fleet. Use the `PeerVpcId` property when setting up VPC peering for the fleet. Use the `ResourceCreationLimitPolicy` property to limit an individual player's ability to use the fleet's available hosting resources. Use the `RuntimeConfiguration` property to configure what processes are run on each instance in the fleet. Use the `ScriptId` property to create a Realtime Servers fleet and configure it with a Realtime script.	November 14, 2019
New resources	The following resources were added: AWS::GameLift::Script, AWS::GameLift::GameSessionQueue, AWS::GameLift::MatchmakingConfiguration, AWS::GameLift::MatchmakingRuleSet. AWS::GameLift::Script Use the `Script` resource to upload a configuration script for a Realtime Servers fleet. AWS::GameLift::GameSessionQueue Use the `GameSessionQueue` resource to create a game session queue that processes player requests for new game sessions. AWS::GameLift::MatchmakingConfiguration Use the `MatchmakingConfiguration` resource to create a matchmaker that processes player requests for new matched game sessions. AWS::GameLift::MatchmakingRuleSet Use the `MatchmakingRuleSet` resource to create rules that specify how to form matches and evaluate players for inclusion in a match.	November 14, 2019
Resource import added	If you created an AWS resource outside of AWS CloudFormation management, you can bring this existing resource into CloudFormation management using `resource import`. For more information, see Bringing Existing Resources Into CloudFormation Management.	November 11, 2019
Updated resource	The following resources were updated: AWS::AppStream::ImageBuilder, AWS::AppStream::Stack AWS::AppStream::ImageBuilder In the AccessEndpoint property type: Use the `EndpointType` property to specify the type of interface VPC endpoint (interface endpoint). Use the `VpceId` property to specify the identifier (ID) of the VPC in which the interface endpoint is used. AWS::AppStream::Stack In the AccessEndpoint property type: Use the `EndpointType` property to specify the type of interface VPC endpoint (interface endpoint). Use the `VpceId` property to specify the identifier (ID) of the VPC in which the interface endpoint is used. Use the `EmbedHostDomains` property to specify the domains where AppStream 2.0 streaming sessions can be embedded in an iframe.	November 7, 2019
New resource	The following resource was added: AWS::CodeStarNotifications::NotificationRule AWS::CodeStarNotifications::NotificationRule Use the `AWS::CodeStarNotifications::NotificationRule` resource to create notification rules for resources in AWS CodeBuild, AWS CodeCommit, AWS CodeDeploy, and AWS CodePipeline.	November 7, 2019
New resource	The following resources were added: AWS::MediaConvert::JobTemplate, AWS::MediaConvert::Preset, AWS::MediaConvert::Queue AWS::MediaConvert::JobTemplate Use the `AWS::MediaConvert::JobTemplate` resource to specify a job template for transcoding jobs. AWS::MediaConvert::Preset Use the `AWS::MediaConvert::Preset` resource to specify an output preset as part of a transcoding job. AWS::MediaConvert::Queue Use the `AWS::MediaConvert::Queue` resource to specify an on-demand transcoding queue.	November 6, 2019
Updated resource	The following resource was updated: AWS::Glue::Crawler AWS::Glue::Crawler Use the `DynamoDBTargets` property to specify a list of Amazon DynamoDB taragets. Use the `CatalogTargets` property to specify a list of AWS Glue Data Catalog targets.	November 4, 2019
Updated resources	The following resources were updated: AWS::ApiGateway::ApiKey, AWS::ApiGateway::ClientCertificate, AWS::ApiGateway::DomainName, AWS::ApiGateway::RestApi, and AWS::ApiGateway::UsagePlan. AWS::ApiGateway::ApiKey Use the `Tags` property to specify an array of arbitrary tags (key-value pairs) to associate with the API key. AWS::ApiGateway::ClientCertificate Use the `Tags` property to specify an array of arbitrary tags (key-value pairs) to associate with the client certificate. AWS::ApiGateway::DomainName Use the `SecurityPolicy` property to the Transport Layer Security (TLS) version + cipher suite for this domain name. Use the `Tags` property to specify an array of arbitrary tags (key-value pairs) to associate with the domain name. AWS::ApiGateway::RestApi Use the `Tags` property to specify an array of arbitrary tags (key-value pairs) to associate with the API. AWS::ApiGateway::UsagePlan Use the `Tags` property to specify an array of arbitrary tags (key-value pairs) to associate with the usage plan.	October 31, 2019
Updated resources	The following resources were updated: AWS::CodePipeline::CustomActionType, AWS::CodePipeline::Pipeline. AWS::CodePipeline::CustomActionType Use the `Tags` property to specify the tags for the custom action. AWS::CodePipeline::Pipeline Use the `Tags` property to specify the tags for the pipeline.	October 31, 2019
Updated resource	The following resource was updated: AWS::Amplify::App AWS::Amplify::App Use the `EnablePullRequestPreview` property to specify whether pull request previews are enabled for each branch that Amplify Console automatically creates for your app. Use the `PullRequestEnvironmentName` property to specify a dedicated backend environment for your pull request previews.	October 31, 2019
Updated resource	The following resource was updated: AWS::Events::Rule. AWS::Events::Rule In the Target property type, use the `BatchParameters` property to specify the job definition, job name, and other parameters, if the event target is an AWS Batch job.	October 31, 2019
Updated resource	The following resource was updated: AWS::ECS::TaskDefinition. AWS::ECS::TaskDefinition Use the `InferenceAccelerator` property to specify the Elastic Inference accelerators to use for the containers in the task.	October 31, 2019
Updated resource	The following resource was updated: AWS::Elasticsearch::Domain. AWS::Elasticsearch::Domain Use the `LogPublishingOptions` property to configure slow log publishing.	October 31, 2019
New resources	The following resources were added: AWS::Pinpoint::EmailTemplate, AWS::Pinpoint::PushTemplate, and AWS::Pinpoint::SmsTemplate AWS::Pinpoint::EmailTemplate Use the `AWS::Pinpoint::EmailTemplate` resource to create a message template that you can use in messages that are sent through the email channel. AWS::Pinpoint::PushTemplate Use the `AWS::Pinpoint::PushTemplate` resource to create a message template that you can use in messages that are sent through a push notification channel. AWS::Pinpoint::SmsTemplate Use the `AWS::Pinpoint::SmsTemplate` resource to create a message template that you can use in messages that are sent through the SMS channel.	October 31, 2019
Updated resource	The following resource was updated: AWS::Amplify::Branch AWS::Amplify::Branch Use the `EnablePullRequestPreview` property to specify whether Amplify Console creates a preview for each pull request that is made for the branch. Use the `PullRequestEnvironmentName` property to specify a dedicated backend environment for your pull request previews.	October 24, 2019
Updated resource	The following resource was updated: AWS::Cognito::UserPool AWS::Cognito::UserPool Use the `Schema` parameter to add or update schema attributes. AWS::Cognito::UserPool Use the `AliasAttributes` parameter to add or update an alias for the user pool. AWS::Cognito::UserPool Use the `UsernameAttributes` parameter to determine if email addresses or phone numbers can be used as user names when a user signs up.	October 24, 2019
Updated resources	The following resource was updated: AWS::MSK::Cluster. AWS::MSK::Cluster Use the `NumberOfBrokerNodes` property to submit an update to change the number of broker nodes in the cluster.	October 17, 2019
Updated resource	The following resource was updated: AWS::Cognito::IdentityPoolRoleAttachment AWS::Cognito::IdentityPoolRoleAttachment Use the `IdentityProvider` parameter to specify the identity provider for which the role is mapped.	October 17, 2019
Updated resource	The following resource was updated: AWS::FSx::FileSystem AWS::FSx::FileSystem In the WindowsConfiguration property type, use the `SelfManagedActiveDirectoryConfiguration` property to join an Amazon FSx Windows File Server instance to your self-managed (including on-premises) Microsoft Active Directory (AD) directory.	October 17, 2019
Updated Resource	The following resource was updated: AWS::Batch::ComputeEnvironment ComputeResources In the ComputeResources property type, use the `AllocationStrategy` property to specify the strategy to use to select instance types.	October 17, 2019
Updated resources	The following resource were updated: AWS::Events::EventBusPolicy, AWS::Events::Rule AWS::Events::EventBusPolicy Use the `EventBusName` property to specify the name of the event bus to associate with this policy. AWS::Events::Rule Use the `EventBusName` property to specify the name of the event bus to associate with this rule.	October 3, 2019
Updated resources	The following resources were updated: AWS::Pinpoint::App, AWS::Pinpoint::Campaign, and AWS::Pinpoint::Segment AWS::Pinpoint::App The `ARN` attribute returns the Amazon Resource Name (ARN) of the application. Use the `Tags` property to specify a string-to-string map of key-value pairs that defines the tags to associate with the application. AWS::Pinpoint::Campaign The `ARN` attribute returns the Amazon Resource Name (ARN) of the campaign. Use the `Tags` property to specify a string-to-string map of key-value pairs that defines the tags to associate with the campaign. AWS::Pinpoint::Segment The `ARN` attribute returns the Amazon Resource Name (ARN) of the segment. Use the `Tags` property to specify a string-to-string map of key-value pairs that defines the tags to associate with the segment.	October 3, 2019
Updated resource	The following resource was updated: AWS::Budgets::Budget AWS::Budgets::Budget In the BudgetData property type, use the `PlannedBudgetLimits` property to specify a map containing multiple budget limits, including current or future limits.	October 3, 2019
Updated resource	The following resource was updated: AWS::Cognito::UserPool AWS::Cognito::UserPool Use the `EnabledMfas` parameter to enable MFA on a specified user pool.	October 3, 2019
New resources	The following resources were added: AWS::Cognito::UserPoolDomain, AWS::Cognito::UserPoolResourceServer, AWS::Cognito::UserPoolIdentityProvider, AWS::Cognito::RiskConfigurationAttachment, AWS::Cognito::UICustomizationAttachment. AWS::Cognito::UserPoolDomain Use the `AWS::Cognito::UserPoolDomain` resource to create a new domain for a user pool. AWS::Cognito::UserPoolResourceServer Use the `AWS::Cognito::UserPoolResourceServer` resource to create a new OAuth2.0 resource server and define custom scopes in it. AWS::Cognito::UserPoolIdentityProvider Use the `AWS::Cognito::UserPoolIdentityProvider` resource to create an identity provider for a user pool. AWS::Cognito::UserPoolRiskConfigurationAttachment Use the `AWS::Cognito::UserPoolRiskConfigurationAttachment` resource to set the risk configuration that is used for Amazon Cognito advanced security features. AWS::Cognito::UserPoolUICustomizationAttachment Use the `AWS::Cognito::UserPoolUICustomizationAttachment` resource to set the UI customization information for a user pool's built-in app UI.	October 3, 2019
New resources	The following resource were added: AWS::EC2::TrafficMirrorFilter, AWS::EC2::TrafficMirrorFilterRule, AWS::EC2::TrafficMirrorSession, and AWS::EC2::TrafficMirrorTarget AWS::EC2::TrafficMirrorFilter Use the `AWS::EC2::TrafficMirrorFilter` resource to specify a traffic mirror filter. AWS::EC2::TrafficMirrorFilterRule Use the `AWS::EC2::TrafficMirrorFilterRule` resource to manage traffic mirror filter rules. AWS::EC2::TrafficMirrorSession Use the `AWS::EC2::TrafficMirrorSession` resource to specify a traffic mirror session. AWS::EC2::TrafficMirrorTarget Use the `AWS::EC2::TrafficMirrorTarget` resource to specify a traffic mirror target.	October 3, 2019
New resource	The following resource was added: AWS::Events::EventBus AWS::Events::EventBus Use the `EventBus` resource to create or update a custom event bus or a partner event bus.	October 3, 2019
Updated resource	The following resource was updated: AWS::Glue::DevEndpoint AWS::Glue::DevEndpoint Use the `WorkerType` property to specify a type of predefined worked allocated to the development endpoint. Use the `NumberOfWorkers` property to specify the number of workers of a defined `workerType` that are allocated to the development endpoint. Use the `GlueVersion` property to specify the versions of Apache Spark and Python that AWS Glue supports for the development endpoint. Use the `Arguments` property to specify a map of arguments used to configure the `DevEndpoint`.	September 27, 2019
Updated resource	The following resource was updated: AWS::Glue::Job AWS::Glue::Job Use the `Timeout` property to specify the job timeout in minutes. Use the `NotificationProperty` property to specify the configuration properties of a notification. Use the `NotifyDelayAfter` property to specify the number of minutes to wait before sending a job run delay notification after a job run starts.	September 26, 2019
Updated resource	The following resource was updated: AWS::Glue::Trigger AWS::Glue::Trigger Use the `StartOnCreation` property to specify starting `SCHEDULED` and `CONDITIONAL` triggers when created. Use the `WorkflowName` property to specify the name of the workflow associated with the trigger.	September 26, 2019
Updated resource	The following resource was updated: AWS::DocDB::DBCluster. AWS::DocDB::DBCluster Use the `EnableCloudwatchLogsExports` property to specify the list of log types that need to be enabled for exporting to CloudWatch Logs.	September 26, 2019
New resource	The following resource was added: AWS::Glue::Workflow AWS::Glue::Workflow Use the `AWS::Glue::Workflow` resource to manage AWS Glue workflows.	September 26, 2019
Updated resource	The following resource was updated: AWS::Config::RemediationConfiguration. AWS::Config::RemediationConfiguration Use the `ExecutionControls` property to specify an `ExecutionControls` object.	September 12, 2019
New resource	The following resource was added: AWS::QLDB::Ledger AWS::QLDB::Ledger Use the `AWS::QLDB::Ledger` resource to create a new Amazon Quantum Ledger Database (Amazon QLDB) ledger.	September 10, 2019
Updated resources	The following resources were updated: AWS::ApplicationAutoScaling::ScalableTarget, AWS::DynamoDB::Table, AWS::EC2::Instance, AWS::ECS::TaskDefinition, AWS::ElastiCache::ReplicationGroup, AWS::Events::Rule, AWS::IAM::Role, and AWS::Lambda::EventSourceMapping. AWS::ApplicationAutoScaling::ScalableTarget Use the `SuspendedState` property to suspend and resume automatic scaling. Setting the value of an attribute to `true` suspends the specified scaling activities. Setting it to `false` (default) resumes the specified scaling activities. AWS::DynamoDB::Table In the SSESpecification property type, use the `SSEType` property to specify server-side encryption type. AWS::EC2::Instance Use the `CpuOptions` property to specify the CPU options for the instance. In the Ebs property type, use the `KmsKeyId` property to specify an identifier (key ID, key alias, ID ARN, or alias ARN) for a customer managed CMK under which the EBS volume is encrypted. AWS::ECS::TaskDefinition Use the `IpcMode` property to specify the IPC resource namespace to use for the containers in the task. The valid values are `host`, `task`, or `none`. Use the `PidMode` property to specify the process namespace to use for the containers in the task. The valid values are `host` or `task`. In the ContainerDefinition property type: When the `Interactive` property is set to `true`, this allows you to deploy containerized applications that require `stdin` or a `tty` to be allocated. When the `PseudoTerminal` proprety is set to `true`, a TTY is allocated. Use the `SystemControls` property to specify a list of namespaced kernel parameters to set in the container. In the LogConfiguration property type, use the `SecretOptions` property to specify the secrets to pass to the log configuration. AWS::ElastiCache::ReplicationGroup Use the `KmsKeyId` property to specify the ID of the KMS key used to encrypt the disk on the cluster. AWS::Events::Rule In the EcsParameters property type: Use the `Group` property to specify an ECS task group for the task. Use the `LaunchType` property to specify the launch type on which your task is running. If the ECS task uses the `awsvpc` network mode, use the `NetworkConfiguration` property to specify the VPC subnets and security groups associated with the task and whether a public IP address is to be used. Use the `PlatformVersion` property to specify the platform version for the task. AWS::IAM::Role Use the `Description` property to provide a description for the role. Use the `Tags` property to specify a list of tags that are attached to the specified role. AWS::Lambda::EventSourceMapping Use the `MaximumBatchingWindowInSeconds` property to specify the maximum amount of time to gather records before invoking the function, in seconds.	August 29, 2019
Updated resources	The following resources were updated: AWS::RDS::DBCluster and AWS::RDS::DBInstance AWS::RDS::DBCluster Use the `AssociatedRoles` property to specify the AWS Identity and Access Management (IAM) roles associated with the DB instance. Use the `RestoreType` property to specify the type of restore to be performed. Use the `SourceDBClusterIdentifier` property to specify the identifier of the source DB cluster from which to restore. Use the `UseLatestRestorableTime` property to specify whether to restore the DB cluster to the latest restorable backup time. AWS::RDS::DBInstance Use the `AssociatedRoles` property to specify the AWS Identity and Access Management (IAM) roles associated with the DB instance.	August 29, 2019
Updated resource	The following resource was updated: AWS::CloudWatch::Alarm AWS::CloudWatch::Alarm Use the `ThresholdMetricId` property to specify the ID of the ANOMALY_DETECTION_BAND function used as the threshold for the alarm.	August 29, 2019
Updated resource	The following resource was updated: AWS::Elasticsearch::Domain. AWS::Elasticsearch::Domain In the ElasticsearchClusterConfig property type, use the `ZoneAwarenessConfig` property to specify zone awareness configuration options.	August 29, 2019
New resource	The following resource was added: AWS::Config::OrganizationConfigRule AWS::Config::OrganizationConfigRule Use the `AWS::Config::OrganizationConfigRule` resource to create an OrganizationConfigRule that has information about config rules that AWS Config creates in the member accounts.	August 29, 2019
Updated resource	The following resource was updated: AWS::Neptune::DBCluster. AWS::Neptune::DBCluster Use the `EnableCloudwatchLogsExports` property to specify a list of log types that are enabled for export to CloudWatch Logs.	August 22, 2019
Updated resource	The following resource was updated: AWS::DMS::ReplicationTask AWS::DMS::ReplicationTask Use the `CdcStartPosition` property to indicate when you want a change data capture (CDC) operation to start. Use the `CdcStopPosition` property to indicate when you want a change data capture (CDC) operation to stop.	August 16, 2019
Updated resources	The following resources were updated: AWS::EC2::ClientVpnEndpoint, AWS::Greengrass::Group, AWS::Greengrass::ConnectorDefinition, AWS::Greengrass::CoreDefinition, AWS::Greengrass::DeviceDefinition, AWS::Greengrass::FunctionDefinition, AWS::Greengrass::LoggerDefinition, AWS::Greengrass::ResourceDefinition, and AWS::Greengrass::SubscriptionDefinition. AWS::EC2::ClientVpnEndpoint Use the `SplitTunnel` parameter to specify whether split-tunnel is enabled on the AWS Client VPN endpoint. AWS::Greengrass::ConnectorDefinition Use the `Tags` property to attach metadata to the `AWS::Greengrass::ConnectorDefinition` resource. AWS::Greengrass::CoreDefinition Use the `Tags` property to attach metadata to the `AWS::Greengrass::CoreDefinition` resource. AWS::Greengrass::DeviceDefinition Use the `Tags` property to attach metadata to the `AWS::Greengrass::DeviceDefinition` resource. AWS::Greengrass::FunctionDefinition Use the `Tags` property to attach metadata to the `AWS::Greengrass::FunctionDefinition` resource. AWS::Greengrass::Group Use the `Tags` property to attach metadata to the `AWS::Greengrass::Group` resource. AWS::Greengrass::LoggerDefinition Use the `Tags` property to attach metadata to the `AWS::Greengrass::LoggerDefinition` resource. AWS::Greengrass::ResourceDefinition Use the `Tags` property to attach metadata to the `AWS::Greengrass::ResourceDefinition` resource. AWS::Greengrass::SubscriptionDefinition Use the `Tags` property to attach metadata to the `AWS::Greengrass::SubscriptionDefinition` resource.	August 8, 2019
Updated resource	The following resource was updated: AWS::AppSync::GraphQLApi. AWS::AppSync::GraphQLApi In the LogConfig property type, when set to `TRUE`, the `excludeVerboseContent` property excludes sections that contain information such as headers, context, and evaluated mapping templates, regardless of logging level.	August 8, 2019
New resources	The following resources were added: AWS::ManagedBlockchain::Member and AWS::ManagedBlockchain::Node. AWS::ManagedBlockchain::Member Use the `Member` resource to create the first member or an additional member of an Amazon Managed Blockchain network. AWS::ManagedBlockchain::Node Use the `Node` resource to create a peer node in a member of an Amazon Managed Blockchain network.	August 8, 2019
New resource	The following resource was added: AWS::Glue::MLTransform AWS::Glue::MLTransform Use the `AWS::Glue::MLTransform` resource to manage machine learning transforms.	August 8, 2019
New resource	The following resource was added: AWS::LakeFormation::DataLakeSettings AWS::LakeFormation::DataLakeSettings Use the `AWS::LakeFormation::DataLakeSettings` resource to manage data lake settings.	August 8, 2019
New resource	The following resource was added: AWS::LakeFormation::Permissions AWS::LakeFormation::Permissions Use the `AWS::LakeFormation:Permissions` resource to grant or revoke AWS Lake Formation permissions.	August 8, 2019
New resource	The following resource was added: AWS::LakeFormation::Resource AWS::LakeFormation::Resource Use the `AWS::LakeFormation::Resource` resource to define the resources to which permissions are to be granted.	August 8, 2019
New resource	The following resource was added: AWS::CodeBuild::SourceCredential AWS::CodeBuild::SourceCredential Use the `AWS::CodeBuild::SourceCredential` resource to specify information about the credentials for a GitHub, GitHub Enterprise, or Bitbucket repository used in an AWS CodeBuild build project.	August 7, 2019
Updated resources	The following resources were updated: AWS::Batch::JobDefinition, AWS::Cognito::UserPool, AWS::Cognito::UserPoolClient, and AWS::Glue::Job. AWS::Batch::JobDefinition In the ContainerProperties property type, use the `LinuxParameters` property to specify Linux-specific modifications that are applied to the container, such as details for device mappings. AWS::Cognito::UserPool Use the `UserPoolAddOns` property to enable advanced security risk detection. Use the `VerificationMessageTemplate` property to define the template for verification messages. AWS::Cognito::UserPoolClient Use the `AnalyticsConfiguration` property to define the Amazon Pinpoint analytics configuration for collecting metrics for this user pool. AWS::Glue::Job Use the `GlueVersion` property to determine the versions of Apache Spark and Python that AWS Glue supports. The Python version indicates the version supported for jobs of type Spark. Use the `MaxCapacity` property to specify the number of AWS Glue data processing units (DPUs) that can be allocated when this job runs. A DPU is a relative measure of processing power that consists of 4 vCPUs of compute capacity and 16 GB of memory. For the `NumberofWorkers` property, when you specify a Python shell job (`JobCommand.Name`="pythonshell"), you can allocate either 0.0625 or 1 DPU. The default is 0.0625 DPU. When you specify an Apache Spark ETL job (`JobCommand.Name`="glueetl"), you can allocate from 2 to 100 DPUs. The default is 10 DPUs. This job type cannot have a fractional DPU allocation. Use the `WorkerType` property to specify the type of predefined worker that is allocated when a job runs. In the JobCommand property type, use the `PythonVersion` property to specify the Python version being used to execute a Python shell job.	August 2, 2019
Stack set limit increases	You can now create a maximum of 100 stack sets in your administrator account, create a maximum of 2000 stack instances per stack set, and run a maximum of 3500 stack instance operations in each region at the same time, per administrator account. For more details, see AWS CloudFormation Limits.	August 2, 2019
New resource	The following resource was added: AWS::CodeStar::GitHubRepository. AWS::CodeStar::GitHubRepository Use the `AWS::CodeStar::GitHubRepository` resource to create a GitHub repository where you can store source code for use with AWS workflows. If provided, your source code is uploaded to the repository after it is created.	August 2, 2019
Updated resource	You can now add tags to a CodeCommit repository in your AWS CloudFormation template. AWS::CodeCommit::Repository Use the `Tags` property to provide information about one or more tag key-value pairs to use when tagging a repository.	July 25, 2019
Updated resources	The following resource was updated: AWS::AmazonMQ::Broker. AWS::AmazonMQ::Broker Use the `encryptionOptions` property to specify an AWS-owned CMK or a customer-managed CMK.	July 22, 2019
Updated resources	The following resources were updated: AWS::Amplify::App and AWS::Amplify::Branch. AWS::Amplify::App Use the `AutoBranchCreationConfig` property type to automatically create branches that match a certain pattern. AWS::Amplify::Branch Use the `EnableAutoBuild` property to enable automatic builds for a branch.	July 18, 2019
New resources	The following resources were added: AWS::IoTEvents::DetectorModel and AWS::IoTEvents::Input. AWS::IoTEvents::DetectorModel Use the `DetectorModel` resource to create a detector model. AWS::IoTEvents::Input Use the `Input` resource to create an input.	July 18, 2019
New resource	The following resource was added: AWS::CloudWatch::AnomalyDetector. AWS::CloudWatch::AnomalyDetector Use the `AWS::CloudWatch::AnomalyDetector` resource to specify an anomaly detection band for a certain metric and statistic. The band represents the expected "normal" range for the metric values.	July 12, 2019
Updated resources	The following resources were updated: AWS::IoTAnalytics::Channel and AWS::IoTAnalytics::Datastore. AWS::IoTAnalytics::Channel Use the `ChannelStorage` property to specify channel data is stored. AWS::IoTAnalytics::Datastore Use the `DatastoreStorage` property to specify where data store data is stored.	June 27, 2019
New resources	The following resources were added: AWS::MediaLive::Channel, AWS::MediaLive::Input, and AWS::MediaLive::InputSecurityGroup. AWS::MediaLive::Channel The `AWS::MediaLive::Channel` resource creates a channel. A MediaLive channel ingests and transcodes (decodes and encodes) source content from the inputs that are attached to that channel, and packages the new content into outputs. AWS::MediaLive::Input The `AWS::MediaLive::Input` resource creates an input. A MediaLive input holds information that describes how the MediaLive channel is connected to the upstream system that is providing the source content that is to be transcoded. AWS::MediaLive::InputSecurityGroup The `AWS::MediaLive::InputSecurityGroup` resource creates an input security group. A MediaLive input security group is associated with a MediaLive input. The input security group is an "allow list" of IP addresses that controls whether an external IP address can push content to the associated MediaLive input.	June 27, 2019
Updated resource	The following resource was updated: AWS::EC2::LaunchTemplate AWS::EC2::LaunchTemplate In the SpotOptions property type, use `BlockDurationMinutes` to specify the required duration for the Spot Instances, and use `ValidUntil` to specify the end date for the Spot request.	June 25, 2019
New resource	The following resource was added: AWS::SecurityHub::Hub AWS::SecurityHub::Hub Use the AWS::SecurityHub::Hub resource to specify the implementation of the AWS Security Hub service in your account.	June 25, 2019
Updated resources	The following resource were updated: AWS::AppStream::Fleet, AWS::ServiceCatalog::CloudFormationProvisionedProduct AWS::ServiceCatalog::CloudFormationProvisionedProduct Use the `ProvisioningPreferences` property to specify user-defined preferences that will be applied when updating a provisioned product. AWS::AppStream::Fleet Use the `IdleDisconnectTimeoutInSeconds` property to specify the amount of time that users can be idle (inactive) before they are disconnected from their streaming session and the `DisconnectTimeoutInSeconds` time interval begins.	June 20, 2019
New resources	The following resource was added: AWS::Config::RemediationConfiguration, AWS::ServiceCatalog::StackSetConstraint AWS::Config::RemediationConfiguration Use the `AWS::Config::RemediationConfiguration` resource to specify the details about the remediation configuration, including the remediation action, parameters, and data to execute the action. AWS::ServiceCatalog::StackSetConstraint Use the `AWS::ServiceCatalog::StackSetConstraint` resource to specify a stack set constraint.	June 20, 2019
Updated resources	The following resources were updated: AWS::AppMesh::VirtualNode, AWS::CodeBuild::Project, AWS::EC2::Host, AWS::EC2::Route, AWS::EC2::VPNConnection, AWS::ECS::Cluster, AWS::ECS::Service, AWS::ECS::TaskDefinition, AWS::EFS::MountTarget, AWS::ElasticLoadBalancingV2::ListenerRule, AWS::EMR::Cluster, AWS::IoTAnalytics::Dataset, AWS::KinesisFirehose::DeliveryStream, AWS::S3::Bucket. AWS::AppMesh::VirtualNode Use `ServiceDiscovery` to specify whether to use `AWSCloudMap` or `DNS` for service discovery. If using AWS Cloud Map for service discovery, use `AwsCloudMapServiceDiscovery` to specify `ServiceName`, `NamespaceName`, and `Attributes` properties. Use `AwsCloudMapInstanceAttribute` to specify key and value pairs for `AwsCloudMapServiceDiscovery`. AWS::CodeBuild::Project Use the `SecondarySourceVersions` property to specify an array of `ProjectSourceVersion` objects. If `secondarySourceVersions` is specified at the build level, then they take over these `secondarySourceVersions` (at the project level). AWS::DLM::LifecyclePolicy In the PolicyDetails property type: Use the `PolicyType` property to determine the valid target resource types and actions a policy can manage. This field defaults to EBS_SNAPSHOT_MANAGEMENT if not present. Use the `Parameters` property to specify a set of optional parameters that can be provided by the policy. In the Schedule property type, use the `VariableTags` property to specify a collection of key/value pairs with values determined dynamically when the policy is executed. Keys may be any valid Amazon EC2 tag key. Values must be in one of the two following formats: `$(instance-id)` or `$(timestamp)`. Variable tags are only valid for EBS Snapshot Management – Instance policies. AWS::EC2::Host Use the `HostRecovery` property to indicates whether to enable or disable host recovery for the Dedicated Host. AWS::EC2::Route Use the `TransitGatewayId` property to specify the ID of a transit gateway. AWS::EC2::VPNConnection Use the `TransitGatewayId` property to specify the ID of the transit gateway associated with the VPN connection. Use the `VpnGatewayId` property to specify the ID of the virtual private gateway at the AWS side of the VPN connection. AWS::ECR::Repository Use the `Tags` property to specify an array of key-value pairs to apply to this resource. AWS::ECS::Cluster Use the `Tags` property to apply metadata to clusters to help you categorize and organize them. AWS::ECS::Service Use the `EnableECSManagedTags` property to specify whether to enable Amazon ECS managed tags for the tasks within the service. Use the `PropagateTags` property to specify whether to propagate the tags from the task definition or the service to the tasks in the service. Use the `Tags` property to apply metadata to services to help you categorize and organize them. AWS::ECS::TaskDefinition In the ContainerDefinition property type: Use the `ResourceRequirements` property to specify the type and amount of a resource to assign to a container. The only supported resource is a GPU. Use the `Secrets` property to specify the secrets to pass to the container. Use the `Tags` property to apply metadata to task definitions to help you categorize and organize them. AWS::EFS::FileSystem Use the `LifecyclePolicies` property to specify a list of policies used by EFS lifecycle management to transition files to the Infrequent Access (IA) storage class. AWS::EFS::MountTarget Use the `IpAddress` attribute to return the IPv4 address of the mount target. AWS::ElasticLoadBalancingV2::ListenerRule In the RuleCondition property type: Use the `HostHeaderConfig` property to specify information for a host header condition. Use the `HttpHeaderConfig` property to specify information for an HTTP header condition. Use the `HttpRequestMethodConfig` property to specify information for an HTTP method condition. Use the `PathPatternConfig` property to specify information for a path pattern condition. Use the `QueryStringConfig` property to specify information for a query string condition. Use the `SourceIpConfig` property to specify information for a source IP condition. AWS::EMR::Cluster In the JobFlowInstancesConfig property type, use the `Ec2SubnetIds` property to specify multiple EC2 subnet IDs. AWS::IoTAnalytics::Dataset When data set contents are created they are delivered to destinations specified in the `ContentDeliveryRules` property. Use the `VersioningConfiguration` property to specify how many versions of data set contents are kept. If not specified or set to null, only the latest version plus the latest succeeded version (if they are different) are kept for the time period specified by the "retentionPeriod" parameter. AWS::KinesisFirehose::DeliveryStream In the ExtendedS3DestinationConfiguration property type: Use the `DataFormatConversionConfiguration` property to specify the serializer, deserializer, and schema for converting data from the JSON format to the Parquet or ORC format before writing it to Amazon S3. Use the `ErrorOutputPrefix` property to specify a prefix that Kinesis Data Firehose evaluates and adds to failed records before writing them to S3. The `Prefix` property is no longer required. In the S3DestinationConfiguration property type, use the `ErrorOutputPrefix` property to specify a prefix that Kinesis Data Firehose evaluates and adds to failed records before writing them to S3. AWS::S3::Bucket Use the `ObjectLockConfiguration` property to specify an object lock configuration for the specified bucket. Use the `ObjectLockEnabled` property to specify whether this bucket has an object lock configuration enabled.	June 13, 2019
New resources	The following resources were added: AWS::Amplify::App, AWS::Amplify::Branch, AWS::Amplify::Domain, AWS::EC2::ClientVpnAuthorizationRule, AWS::EC2::ClientVpnEndpoint, AWS::EC2::ClientVpnRoute, AWS::EC2::ClientVpnTargetNetworkAssociation, AWS::MSK::Cluster. AWS::Amplify::App Creates apps in AWS Amplify Console. An app is a collection of branches. AWS::Amplify::Branch Creates a new branch within an AWS Amplify Console app. AWS::Amplify::Domain Allows you to connect a custom domain to your AWS Amplify Console app. AWS::EC2::ClientVpnAuthorizationRule Specifies an ingress authorization rule to add to a Client VPN endpoint. Ingress authorization rules act as firewall rules that grant access to networks. AWS::EC2::ClientVpnEndpoint Specifies a Client VPN endpoint. A Client VPN endpoint is the resource you create and configure to enable and manage client VPN sessions. It is the destination endpoint at which all client VPN sessions are terminated. AWS::EC2::ClientVpnRoute Specifies a network route to add to a Client VPN endpoint. Each Client VPN endpoint has a route table that describes the available destination network routes. Each route in the route table specifies the path for traﬃc to speciﬁc resources or networks. AWS::EC2::ClientVpnTargetNetworkAssociation Specifies a target network to associate with a Client VPN endpoint. A target network is a subnet in a VPC. You can associate multiple subnets from the same VPC with a Client VPN endpoint. AWS::MSK::Cluster Use the `AWS::MSK::Cluster` resource to create an Amazon MSK cluster.	June 13, 2019
Updated resources	The following resource was updated: AWS::SageMaker::NotebookInstance. AWS::SageMaker::NotebookInstance Use the `AcceleratorTypes` property to specify a list of Elastic Inference (EI) instance types to associate with this notebook instance. Use the `AdditionalCodeRepositories` property to specify an array of up to three Git repositories associated with the notebook instance. Use the `DefaultCodeRepository` property to specify the Git repository associated with the notebook instance as its default code repository.	June 3, 2019
New resources	The following resources were added: AWS::IoTThingsGraph::FlowTemplate, AWS::Pinpoint::ADMChannel, AWS::Pinpoint::APNSChannel, AWS::Pinpoint::APNSSandboxChannel, AWS::Pinpoint::APNSVoipChannel, AWS::Pinpoint::APNSVoipSandboxChannel, AWS::Pinpoint::App, AWS::Pinpoint::ApplicationSettings, AWS::Pinpoint::BaiduChannel, AWS::Pinpoint::Campaign, AWS::Pinpoint::EmailChannel, AWS::Pinpoint::EventStream, AWS::Pinpoint::GCMChannel, AWS::Pinpoint::SMSChannel, AWS::Pinpoint::Segment, AWS::Pinpoint::VoiceChannel, AWS::SageMaker::CodeRepository, and AWS::MSK::Cluster. AWS::IoTThingsGraph::FlowTemplate Use the `AWS::IoTThingsGraph::FlowTemplate` resource to specify a workflow template. AWS::Pinpoint::ADMChannel Use the `AWS::Pinpoint::ADMChannel` resource to specify an ADM channel. You can use the ADM channel to send push notifications through the Amazon Device Messaging (ADM) service to apps that run on Amazon devices, such as Kindle Fire tablets. AWS::Pinpoint::APNSChannel Use the `AWS::Pinpoint::APNSChannel` resource to specify an APNs channel. You can use the APNs channel to send push notification messages to the Apple Push Notification service (APNs). AWS::Pinpoint::APNSSandboxChannel Use the `AWS::Pinpoint::APNSSandboxChannel` resource to specify an APNs sandbox channel. You can use the APNs sandbox channel to send push notification messages to the sandbox environment of the Apple Push Notification service (APNs). AWS::Pinpoint::APNSVoipChannel Use the `AWS::Pinpoint::APNSVoipChannel` resource to specify an APNs VoIP channel. You can use the APNs VoIP channel to send VoIP notification messages to the Apple Push Notification service (APNs). AWS::Pinpoint::APNSVoipSandboxChannel Use the `AWS::Pinpoint::APNSVoipSandboxChannel` resource to specify an APNs VoIP sandbox channel. You can use the APNs VoIP sandbox channel to send VoIP notification messages to the sandbox environment of the Apple Push Notification service (APNs). AWS::Pinpoint::App Use the `AWS::Pinpoint::App` resource to specify an app. AWS::Pinpoint::ApplicationSettings Use the `AWS::Pinpoint::ApplicationSettings` resource to specify the settings for an Amazon Pinpoint app. AWS::Pinpoint::BaiduChannel Use the `AWS::Pinpoint::BaiduChannel` resource to update the settings of the Baidu channel for an application. AWS::Pinpoint::Campaign Use the `AWS::Pinpoint::Campaign` resource to update the settings for a campaign. AWS::Pinpoint::EmailChannel Use the `AWS::Pinpoint::EmailChannel` resource to update the status and settings of the email channel for an application. AWS::Pinpoint::EventStream Use the `AWS::Pinpoint::EventStream` resource to create a new event stream for an application or update the settings of an existing event stream for an application. AWS::Pinpoint::GCMChannel Use the `AWS::Pinpoint::GCMChannel` resource to specify a GCM channel. You can use the GCM channel to send push notification messages to the Firebase Cloud Messaging (FCM) service, which replaced the Google Cloud Messaging (GCM) service. AWS::Pinpoint::SMSChannel Use the `AWS::Pinpoint::SMSChannel` resource to specify an SMS channel. To send an SMS text message, you send the message through the SMS channel. AWS::Pinpoint::Segment Use the `AWS::Pinpoint::Segment` resource to create a new segment for an application or update the configuration, dimension, and other settings for an existing segment that's associated with an application. AWS::Pinpoint::VoiceChannel Use the `AWS::Pinpoint::VoiceChannel` resource to update the status and settings of the voice channel for an application. AWS::SageMaker::CodeRepository Use the `AWS::SageMaker::CodeRepository` resource to specify a Git repository as a resource in your Amazon SageMaker account.	June 3, 2019
Updated resources	The following resources were updated: AWS::CodeCommit::Repository and AWS::EC2::LaunchTemplate. Code Use the `Code` resource to provide information about code to be committed. S3 Use the `S3` resource to provide information about the Amazon S3 bucket that contains the code that will be committed to the new repository. AWS::EC2::LaunchTemplate In the NetworkInterface property, use `InterfaceType` to specify the type of network interface.	May 23, 2019
New resources	The following resources were added: AWS::Backup::BackupPlan, AWS::Backup::BackupSelection, AWS::Backup::BackupVault, AWS::PinpointEmail::ConfigurationSet, AWS::PinpointEmail::ConfigurationSetEventDestination, AWS::PinpointEmail::DedicatedIpPool, AWS::PinpointEmail::Identity, AWS::Transfer::Server, AWS::Transfer::User, AWS::WAFRegional::GeoMatchSet, AWS::WAFRegional::RateBasedRule, and AWS::WAFRegional::RegexPatternSet. AWS::Backup::BackupPlan Contains an optional backup plan display name and an array of BackupRule objects, each of which specifies a backup rule. Each rule in a backup plan is a separate scheduled task and can back up a different selection of AWS resources. AWS::Backup::BackupSelection Specifies a set of resources to assign to a backup plan. AWS::Backup::BackupVault Creates a logical container where backups are stored. A CreateBackupVault request includes a name, optionally one or more resource tags, an encryption key, and a request ID. AWS::PinpointEmail::ConfigurationSet Use the `AWS::PinpointEmail::ConfigurationSet` resource to specify configuration sets for the Amazon Pinpoint Email API. AWS::PinpointEmail::ConfigurationSetEventDestination Use the `AWS::PinpointEmail::ConfigurationSetEventDestination` resource to specify destinations for events related to sending email in the Amazon Pinpoint Email API. AWS::PinpointEmail::DedicatedIpPool Use the `AWS::PinpointEmail::DedicatedIpPool` resource to specify groups of dedicated IP addresses in the Amazon Pinpoint Email API. AWS::PinpointEmail::Identity Use the `AWS::PinpointEmail::Identity` resource to specify identities (email addresses or domains) for sending email through the Amazon Pinpoint Email API. AWS::Transfer::Server Creates an autoscaling virtual server based on Secure File Transfer Protocol (SFTP) in AWS. AWS::Transfer::User Creates a user and associates them with an existing Secure File Transfer Protocol (SFTP) server. AWS::WafRegional::GeoMatchSet The `AWS::WAFRegional::GeoMatchSet` resource contains one or more countries that AWS WAF will search for. AWS::WafRegional::RateBasedRule The `AWS::WAFRegional::RateBasedRule` resource is identical to a regular Rule, with one addition: a RateBasedRule counts the number of requests that arrive from a specified IP address every five minutes. AWS::WafRegional::RegexPatternSet The `AWS::WAFRegional::RegexPatternSet` resource specifies the regular expression (regex) pattern that you want AWS WAF to search for.	May 23, 2019
Updated resources	The following resources were updated: AWS::AppSync::GraphQLApi, AWS::Cognito::UserPool, AWS::Glue::Classifier, AWS::Glue::Crawler, AWS::Glue::DevEndpoint, AWS::Glue::Job, and AWS::Glue::Trigger. AWS::AppSync::GraphQLApi Use the `AdditionalAuthenticationProviders` property to specify a list of additional authentication providers for the GraphqlApi API. Use the `Tags` property to specify an arbitrary set of tags (key-value pairs) for this GraphQL API. AWS::Cognito::UserPool In the PasswordPolicy property type, use the `TemporaryPasswordValidityDays` property to specify the number of days a temporary password is valid. If the user does not sign-in during this time, their password will need to be reset by an administrator. Note When you set `TemporaryPasswordValidityDays` for a user pool, you will no longer be able to set the deprecated `UnusedAccountValidityDays` value for that user pool. AWS::Glue::Classifier Use the `CsvClassifier` property to specify a classifier for comma-separated values (CSV). AWS::Glue::Crawler Use the `CrawlerSecurityConfiguration` property to specify the name of the `SecurityConfiguration` structure to be used by this crawler. Use the `Tags` property to specify the tags to use with this crawler request. You can use tags to limit access to the crawler. AWS::Glue::DevEndpoint Use the `SecurityConfiguration` property to specify the name of the `SecurityConfiguration` structure to be used by this `DevEndpoint`. Use the `Tags` property to specify the tags to use with this `DevEndpoint`. You can use tags to limit access to the `DevEndpoint`. AWS::Glue::Job Use the `SecurityConfiguration` property to specify the name of the `SecurityConfiguration` structure to be used with this job. Use the `Tags` property to specify the tags to use with this job. You can use tags to limit access to the job. AWS::Glue::Trigger Use the `Tags` property to specify the tags to use with this trigger. You can use tags to limit access to the trigger.	May 17, 2019
New resources	The following resources were added: AWS::Glue::DataCatalogEncryptionSettings, AWS::Glue::SecurityConfiguration, and AWS::MediaStore::Container. AWS::Glue::DataCatalogEncryptionSettings Sets the security configuration for a specified catalog. After the configuration has been set, the specified encryption is applied to every catalog write thereafter. AWS::Glue::SecurityConfiguration Creates a new security configuration. AWS::MediaStore::Container The `AWS::MediaStore::Container` resource specifies a storage container to hold objects. A container is similar to a bucket in Amazon S3. When you create a container using AWS CloudFormation, the template manages data for five API actions: creating a container, setting access logging, updating the default container policy, adding a cross-origin resource sharing (CORS) policy, and adding an object lifecycle policy.	May 17, 2019
Updated resource	The following resource was updated: AWS::ServiceCatalog::CloudFormationProduct. AWS::ServiceCatalog::CloudFormationProduct In the ProvisioningArtifactProperties property type, if `DisableTemplateValidation` is set to `true`, AWS Service Catalog stops validating the specified provisioning artifact even if it is invalid.	May 3, 2019
New resources	The following resources were added: AWS::ApiGatewayV2::ApiMapping and AWS::ApiGatewayV2::DomainName. AWS::ApiGatewayV2::ApiMapping The AWS CloudFormation `AWS::ApiGatewayV2::ApiMapping` resource contains an API mapping. AWS::ApiGatewayV2::DomainName Use the AWS CloudFormation `AWS::ApiGatewayV2::DomainName` resource to specify a custom, friendly URL for your API in API Gateway.	May 3, 2019
Limit for resources in concurrent stack operations	CloudFormation now enforces an account limit for the number of resources in concurrent stack operations. This limit is determined by region. For more information, see AWS CloudFormation Limits	April 30, 2019
Updated resources	The following resources were updated: AWS::Greengrass::FunctionDefinition and AWS::Greengrass::FunctionDefinitionVersion. AWS::Greengrass::FunctionDefinition In the `FunctionConfiguration` property type, the `MemorySize` and `Timeout` properties are no longer required. AWS::Greengrass::FunctionDefinitionVersion In the `FunctionConfiguration` property type, the `MemorySize` and `Timeout` properties are no longer required.	April 25, 2019
Updated resources	The following resources were updated: AWS::ECS::TaskDefinition, AWS::ElasticLoadBalancingV2::TargetGroup AWS::ECS::TaskDefinition Use the `ProxyConfiguration` property to specify the configuration details for an App Mesh proxy. In the `ContainerDefinition` property type: Use the `DependsOn` property to specify the dependencies defined for container startup and shutdown. Use the `StartTimeout` property to specify the time duration to wait before giving up on resolving dependencies for a container. Use the `StopTimeout` property to specify the time duration to wait before the container is forcefully killed if it doesn't exit normally on its own. AWS::ElasticLoadBalancingV2::TargetGroup Use the `HealthCheckEnabled` property to indicate whether health checks are enabled. The `Port`, `Protocol`, and `VpcId` properties are now required only if the target type is `instance` or `ip`.	April 18, 2019
New resource	The following resource was added: AWS::EC2::CapacityReservation. AWS::EC2::CapacityReservation Use the `AWS::EC2::CapacityReservation` resource to create a Capacity Reservation.	April 18, 2019
Updated resources	The following resource was updated: AWS::Batch::JobDefinition and AWS::ServiceCatalog::CloudFormationProvisionedProduct. AWS::Batch::JobDefinition Use the ResourceRequirement property type to specify the type and amount of a resource to assign to a container. Currently, the only supported resource type is `GPU`. AWS::ServiceCatalog::CloudFormationProvisionedProduct The `Tags` property requires the provisioned product to have a `RESOURCE_UPDATE` constraint with `TagUpdatesOnProvisionedProduct` set to `ALLOWED` to allow tag updates. The `Tags` property now requires no interruption upon update.	April 4, 2019
New resource	The following resource was added: AWS::ServiceCatalog::ResourceUpdateConstraint. AWS::ServiceCatalog::ResourceUpdateConstraint Use the `AWS::ServiceCatalog::ResourceUpdateConstraint` resource to create a RESOURCE_UPDATE constraint for Service Catalog.	April 4, 2019
Updated resources	The following resources were updated: AWS::AppStream::Fleet, AWS::AppStream::ImageBuilder, AWS::AppStream::Stack, and AWS::EKS::Cluster. AWS::AppStream::Fleet, AWS::AppStream::ImageBuilder, and AWS::AppStream::Stack Use the `Tags` property to add or overwrite one or more tags for an Amazon AppStream 2.0 fleet, stack, or image builder. AWS::EKS::Cluster Updates to the `Version` property no longer require replacement.	March 28, 2019
New resources	The following resources were added: AWS::AppMesh::Mesh, AWS::AppMesh::Route, AWS::AppMesh::VirtualNode, AWS::AppMesh::VirtualRouter, and AWS::AppMesh::VirtualService. AWS::AppMesh::Mesh The `AWS::AppMesh::Mesh` resource to specify a service mesh. A service mesh is a logical boundary for network traffic between the services that reside within it. AWS::AppMesh::Route Use the `AWS::AppMesh::Route` resource to specify a route that is associated with a virtual router. AWS::AppMesh::VirtualNode Use the `AWS::AppMesh::VirtualNode` resource to specify a virtual node within a service mesh. AWS::AppMesh::VirtualRouter Use the `AWS::AppMesh::VirtualRouter` resource to specify a virtual router within a service mesh. AWS::AppMesh::VirtualService Use the `AWS::AppMesh::VirtualService` resource to specify a virtual service within a service mesh.	March 27, 2019
New resources	The following resources were added: AWS::Greengrass::ConnectorDefinition, AWS::Greengrass::ConnectorDefinitionVersion, AWS::Greengrass::CoreDefinition, AWS::Greengrass::CoreDefinitionVersion, AWS::Greengrass::DeviceDefinition, AWS::Greengrass::DeviceDefinitionVersion, AWS::Greengrass::FunctionDefinition, AWS::Greengrass::FunctionDefinitionVersion, AWS::Greengrass::Group, AWS::Greengrass::GroupVersion, AWS::Greengrass::LoggerDefinition, AWS::Greengrass::LoggerDefinitionVersion, AWS::Greengrass::ResourceDefinition, AWS::Greengrass::ResourceDefinitionVersion, AWS::Greengrass::SubscriptionDefinition, and AWS::Greengrass::SubscriptionDefinitionVersion. AWS::Greengrass::ConnectorDefinition and AWS::Greengrass::ConnectorDefinitionVersion Use the `AWS::Greengrass::ConnectorDefinition` and `AWS::Greengrass::ConnectorDefinitionVersion` resources to create and manage your connectors. AWS::Greengrass::CoreDefinition and AWS::Greengrass::CoreDefinitionVersion Use the `AWS::Greengrass::CoreDefinition` and `AWS::Greengrass::CoreDefinitionVersion` resources to create and manage your cores. AWS::Greengrass::DeviceDefinition and AWS::Greengrass::DeviceDefinitionVersion Use the `AWS::Greengrass::DeviceDefinition` and `AWS::Greengrass::DeviceDefinitionVersion` resources to create and manage your devices. AWS::Greengrass::FunctionDefinition and AWS::Greengrass::FunctionDefinitionVersion Use the `AWS::Greengrass::FunctionDefinition` and `AWS::Greengrass::FunctionDefinitionVersion` resources to create and manage your functions. AWS::Greengrass::Group and AWS::Greengrass::GroupVersion Use the `AWS::Greengrass::Group` and `AWS::Greengrass::GroupVersion` resources to create and manage your Greengrass groups. AWS::Greengrass::LoggerDefinitionVersion and AWS::Greengrass::LoggerDefinition Use the `AWS::Greengrass::LoggerDefinition` and `AWS::Greengrass::LoggerDefinitionVersion` resources to create and manage your logging configuration. AWS::Greengrass::ResourceDefinition and AWS::Greengrass::ResourceDefinitionVersion Use the `AWS::Greengrass::ResourceDefinition` and `AWS::Greengrass::ResourceDefinitionVersion` resources to create and manage your local, machine learning, and secret resources. AWS::Greengrass::SubscriptionDefinition and AWS::Greengrass::SubscriptionDefinitionVersion Use the `AWS::Greengrass::SubscriptionDefinition` and `AWS::Greengrass::SubscriptionDefinitionVersion` resources to create and manage your subscriptions.	March 15, 2019
Updated resources	The following resources were updated: AWS::CodeBuild::Project, AWS::OpsWorksCM::Server, and AWS::SageMaker::NotebookInstance. AWS::CodeBuild::Project In the Project Source property type, use the `GitSubmodulesConfig` property to get information about Git submodules for a project. In the Project S3Logs property type, use the `EncryptionDisabled` property to disable encryption on S3 build logs. AWS::OpsWorksCM::Server Use the `AssociatePublicIpAddress` property to associate a public IP address with the server. AWS::SageMaker::NotebookInstance Use the `RootAccess` property to specify whether root access is enabled or disabled for users of the notebook instance.	March 14, 2019
Updated resources	The following resources were updated: AWS::StepFunctions::Activity and AWS::StepFunctions::StateMachine. AWS::StepFunctions::Activity Use the `Tags` property to specify the tags (key-value pairs) that you want to attach to the Step Functions activity. AWS::StepFunctions::StateMachine Use the `Tags` property to specify the tags (key-value pairs) that you want to attach to the Step Functions state machine.	March 7, 2019
Updated resource	The following resource was updated to support envelope encryption of secrets with AWS KMS: AWS::EKS::Cluster AWS::EKS::Cluster EncryptionConfig Use the `AWS::EKS::Cluster EncryptionConfig` property to specify the encryption configuration for a Amazon EKS cluster. AWS::EKS::Cluster Provider Use the `AWS::EKS::Cluster Provider` property to specify the AWS Key Management Service (AWS KMS) customer master key (CMK) used to encrypt the secrets for a Amazon EKS cluster.	March 5, 2019
New resource	The following resource was added: AWS::CloudWatch::CompositeAlarm. AWS::CloudWatch::CompositeAlarm Use the `AWS::CloudWatch::CompositeAlarm` property to create a composite alarm. Composite alarms evaluate their alarm state based on the alarm states of other CloudWatch rules.	March 2, 2019
Updated resource	The following resource was updated: AWS::SageMaker::NotebookInstance. AWS::SageMaker::NotebookInstance Use the `VolumeSizeInGB` property to specify the size in GB of the persisted machine learning storage volume that is provisioned and attached to the Amazon SageMaker notebook instance.	February 28, 2019
Updated resources	The following resources were updated: AWS::ApiGateway::ApiKey, AWS::CodeBuild::Project, AWS::Elasticsearch::Domain, AWS::RDS::DBCluster, and AWS::RDS::DBInstance. AWS::ApiGateway::ApiKey Use the `Value` property to specify the value of the API key. AWS::CodeBuild::Project In the ProjectCache property type, you can use the `Modes` property to specify the type cache an AWS CodeBuild project uses. AWS::Elasticsearch::Domain Use the `NodeToNodeEncryptionOptions` property to specify whether node-to-node encryption is enabled. AWS::RDS::DBCluster Use the `SourceRegion` property to specify the AWS Region which contains the source DB cluster when replicating a DB cluster. AWS::RDS::DBInstance Use the `UseDefaultProcessorFeatures` property to specify that the DB instance class of the DB instance uses its default processor features.	February 21, 2019
New resources	The following resources were added: AWS::RAM::ResourceShare, AWS::RoboMaker::Fleet, AWS::RoboMaker::Robot, AWS::RoboMaker::RobotApplication, AWS::RoboMaker::RobotApplicationVersion, AWS::RoboMaker::SimulationApplication, and AWS::RoboMaker::SimulationApplicationVersion. AWS::RAM::ResourceShare Use the `AWS::RAM::ResourceShare` resource to create, update, and delete an Amazon ResourceShare. AWS::RoboMaker::Fleet Use the `AWS::RoboMaker::Fleet` resource to to create an AWS RoboMaker fleet. AWS::RoboMaker::Robot Use the `AWS::RoboMaker::Robot` resource to create an AWS RoboMaker robot. AWS::RoboMaker::RobotApplication Use the `AWS::RoboMaker::RobotApplication` resource to create an AWS RoboMaker robot application. AWS::RoboMaker::RobotApplicationVersion Use the `AWS::RoboMaker::RobotApplicationVersion` resource to create a version of an AWS RoboMaker robot application. AWS::RoboMaker::SimulationApplication Use the `AWS::RoboMaker::SimulationApplication` resource to create an AWS RoboMaker simulation application. AWS::RoboMaker::SimulationApplicationVersion Use the `AWS::RoboMaker::SimulationApplicationVersion` resource to create a version of an AWS RoboMaker simulation application.	February 21, 2019
Updated resource	The following resource was updated: AWS::CodeBuild::Project. AWS::CodeBuild::Project In the ProjectTriggers property type, you can use the `WebhookFilters` property to specify the webhook events that trigger a new AWS CodeBuild build.	February 15, 2019
New resources	The following resources were added: AWS::FSx::FileSystem, AWS::KinesisAnalyticsv2::Application, AWS::KinesisAnalyticsv2::ApplicationCloudWatchLoggingOption, AWS::KinesisAnalyticsv2::ApplicationOutput, and AWS::KinesisAnalyticsv2::ApplicationReferenceDataSource. AWS::FSx::FileSystem Use the `AWS::FSx::FileSystem` resource to create a new Amazon FSx for Lustre or Amazon FSx for Windows File Server file system. AWS::KinesisAnalyticsV2::Application Use the `AWS::KinesisAnalyticsV2::Application` resource to create an Amazon Kinesis Data Analytics application. AWS::KinesisAnalyticsV2::ApplicationCloudWatchLoggingOption Use the `AWS::KinesisAnalyticsV2::ApplicationCloudWatchLoggingOption` resource to add an Amazon CloudWatch log stream to monitor application configuration errors. AWS::KinesisAnalyticsV2::ApplicationOutput Use the `AWS::KinesisAnalyticsV2::ApplicationOutput` resource to describe a SQL-based Amazon Kinesis Data Analytics application's output configuration. AWS::KinesisAnalyticsV2::ApplicationReferenceDataSource Use the `AWS::KinesisAnalyticsV2::ApplicationReferenceDataSource` resource to describe a reference data source for a SQL-based Amazon Kinesis Data Analytics application.	February 15, 2019
Updated resources	The following resources were updated: AWS::OpsWorksCM::Server, AWS::ServiceDiscovery::Instance, and AWS::ServiceDiscovery::Service. AWS::OpsWorksCM::Server `EngineAttributes` were updated to include additional attributes that you can use to create an AWS OpsWorks for Puppet Enterprise master server. AWS::ServiceDiscovery::Instance The `InstanceAttributes` property now takes a `String map` value. AWS::ServiceDiscovery::Service The `DNSConfig` property is no longer required. An update to the `HealthCheckCustomConfig` property now requires replacement.	February 8, 2019
New resources	The following resources were added: AWS::ApiGatewayV2::Api, AWS::ApiGatewayV2::Authorizer, AWS::ApiGatewayV2::Deployment, AWS::ApiGatewayV2::Integration, AWS::ApiGatewayV2::IntegrationResponse, AWS::ApiGatewayV2::Model, AWS::ApiGatewayV2::Route, AWS::ApiGatewayV2::RouteResponse, and AWS::ApiGatewayV2::Stage. AWS::ApiGatewayV2::Api Use the `AWS::ApiGatewayV2::Api` resource to manage an API Gateway WebSocket API. AWS::ApiGatewayV2::Authorizer Use the `AWS::ApiGatewayV2::Authorizer` resource to represent an API Gateway authorizer function. AWS::ApiGatewayV2::Deployment Use the `AWS::ApiGatewayV2::Deployment` resource to create an API Gateway WebSocket API deployment. AWS::ApiGatewayV2::Integration Use the `AWS::ApiGatewayV2::Integration` resource to specify information about the target backend that an API Gateway route calls. AWS::ApiGatewayV2::IntegrationResponse Use the `AWS::ApiGatewayV2::IntegrationResponse` resource to specify the response that API Gateway sends after a route's backend finishes processing a WebSocket message. AWS::ApiGatewayV2::Model Use the `AWS::ApiGatewayV2::Model` resource to define the structure of a route request or response payload for an API Gateway WebSocket API. AWS::ApiGatewayV2::Route Use the `AWS::ApiGatewayV2::Route` resource to specify information that is expected to be present in a WebSocket message payload. AWS::ApiGatewayV2::RouteResponse Use the `AWS::ApiGatewayV2::RouteResponse` resource to define the responses that can be sent to the client that sends a message to an API Gateway WebSocket API. AWS::ApiGatewayV2::Stage Use the `AWS::ApiGatewayV2::Stage` resource to create a stage for an API Gateway WebSocket API deployment.	February 8, 2019
Updated resources	The following resources were updated: AWS::CodeBuild::Project and AWS::ElasticLoadBalancingV2::Listener. AWS::CodeBuild::Project In the Environment property type, you can use the `ImagePullCredentialsType` property to specify the type of credentials AWS CodeBuild uses to pull images in your build. In the Environment property type, you can use the `RegistryCredential` property to provide information about credentials that provide access to a private Docker registry. AWS::ElasticLoadBalancingV2::Listener Create TLS listeners for your Network Load Balancers.	January 24, 2019
New resource	The following resource was added: AWS::OpsWorksCM::Server. AWS::OpsWorksCM::Server Use the `AWS::OpsWorksCM::Server` resource to create an AWS OpsWorks for Chef Automate or AWS OpsWorks for Puppet Enterprise server.	January 24, 2019
UpdateReplacePolicy attribute added	Use the UpdateReplacePolicy attribute to retain or (in some cases) backup the existing physical instance of a resource when it is replaced during a stack update operation. For more information, see UpdateReplacePolicy Attribute.	January 23, 2019
Updated resource	The following resource was updated: AWS::Inspector::AssessmentTarget AWS::Inspector::AssessmentTarget The `ResourceGroupArn` property is no longer required. If unspecified, all Amazon EC2 instances in your AWS account in the current region will be included in the assessment target.	January 17, 2019
Updated resource	The following resource was updated: AWS::ServiceCatalog::CloudFormationProvisionedProduct. AWS::ServiceCatalog::CloudFormationProvisionedProduct The `ProductId` property now requires no interruption upon update. The `ProductName` property now requires no interruption upon update. Each time a stack is created or updated, if `ProductName` is provided it will successfully resolve to `ProductId` as long as only one product exists in the account/region with that `ProductName`.	January 10, 2019
New resources	The following resources were added: AWS::DocDB::DBCluster, AWS::DocDB::DBClusterParameterGroup, AWS::DocDB::DBInstance, and AWS::DocDB::DBSubnetGroup. AWS::DocDB::DBCluster Use the `AWS::DocDB::DBCluster` resource to manage an Amazon DocumentDB cluster. AWS::DocDB::DBClusterParameterGroup Use the `AWS::DocDB::DBClusterParameterGroup` resource to manage an Amazon DocumentDB cluster parameter group. AWS::DocDB::DBInstance Use the `AWS::DocDB::DBInstance` resource to manage an Amazon DocumentDB instance. AWS::DocDB::DBSubnetGroup Use the `AWS::DocDB::DBSubnetGroup` resource to describe an Amazon DocumentDB subnet group.	January 10, 2019
Updated resources	The following resources were updated: AWS::AmazonMQ::Broker, AWS::AmazonMQ::Configuration, and AWS::SageMaker::Model. AWS::AmazonMQ::Broker Use the `Tags` property to specify an array of key-value pairs for cost allocation tagging. AWS::AmazonMQ::Configuration Use the `Tags` property to specify an array of key-value pairs for cost allocation tagging. AWS::SageMaker::Model Use the `Containers` property to specify the list of containers in the inference pipeline.	January 3, 2019
New resource	The following resource was added: AWS::Route53Resolver::ResolverRuleAssociation. AWS::Route53Resolver::ResolverRuleAssociation Use the `AWS::Route53Resolver::ResolverRuleAssociation` resource to associate an Amazon Route 53 Resolver rule and a VPC that you created using Amazon Virtual Private Cloud (Amazon VPC).	January 3, 2019
Updated resource	The following resource was updated: AWS::AmazonMQ::Broker. AWS::AmazonMQ::Broker The following attributes are now available using the `Fn::Getatt` intrinsic function: `IpAddresses` `MqttEndpoints` `OpenWireEndpoints` `AmqpEndpoints` `StompEndpoints` `WssEndpoints`	December 13, 2018
Stack instance operation limit	For StackSets, you can have a maximum of 1500 stack instance operations running in a given region at the same time, per administrator account. For more information, see AWS CloudFormation Limits.	December 13, 2018
New resources	The following resources were added: AWS::AmazonMQ::ConfigurationAssociation, AWS::IoTAnalytics::Channel, AWS::IoTAnalytics::Dataset, AWS::IoTAnalytics::Datastore, and AWS::IoTAnalytics::Pipeline. AWS::AmazonMQ::ConfigurationAssociation Use the `AWS::AmazonMQ::ConfigurationAssociation` resource to associate a configuration with a broker, or return information about the specified configuration association. AWS::IoTAnalytics::Channel Use the `AWS::IoTAnalytics::Channel` resource to create a channel. A channel collects data from an MQTT topic and archives the raw, unprocessed messages before publishing the data to a pipeline. AWS::IoTAnalytics::Dataset Use the `AWS::IoTAnalytics::Dataset` resource to create a data set. A data set retrieves data from a data store and allows you to explore and analyze your data using machine learning tools. AWS::IoTAnalytics::Datastore Use the `AWS::IoTAnalytics::Datastore` resource to create a data store. A data store holds messages from a channel which have been processed through a pipeline. AWS::IoTAnalytics::Pipeline Use the `AWS::IoTAnalytics::Pipeline` resource to create a pipeline. A pipeline consumes messages from one or more channels and allows you to process the messages before storing them in a data store.	December 13, 2018
The CAPABILITY_AUTO_EXPAND capability is now available.	Use the `CAPABILITY_AUTO_EXPAND` capability to create or update a stack directly from a stack template that contains macros, without first reviewing the resulting changes in a change set first. For more information, see CreateStack or UpdateStack in AWS CloudFormation API Reference.	December 7, 2018
Updated resource	The following resource was updated: AWS::CodeBuild::Project. AWS::CodeBuild::Project In the Environment property type, you can use the `Certificate` property to specify a certificate to use with your build project. In the Artifacts property type, you can use the `ArtifactIdentifier` property to identify the project artifact. In the Source property type, you can use the `SourceIdentifier` property to identify the project source.	December 6, 2018
Updated resource	The following resource was updated: AWS::Lambda::Function AWS::Lambda::Function Use the `Layers` property to specify a list of Amazon Resource Names (ARNs) for the function layers to add to the function's execution environment.	November 29, 2018
New resources	The following resources were added: AWS::Lambda::LayerVersion, AWS::Lambda::LayerVersionPermission. AWS::Lambda::LayerVersion Use the AWS CloudFormation `AWS::Lambda::LayerVersion` resource to create a layer version in AWS Lambda. AWS::Lambda::LayerVersionPermission Use the AWS CloudFormation `AWS::Lambda::LayerVersionPermission` resource to give other accounts permission to use a layer version in AWS Lambda.	November 29, 2018
Updated resources	The following resources were updated: AWS::DynamoDB::Table, AWS::EC2::Instance, and AWS::ServiceDiscovery::Service. AWS::DynamoDB::Table Use the `BillingMode` property to specify how you are charged for read and write throughput and how you manage capacity. The `ProvisionedThroughput` property is now conditional. In the GlobalSecondaryIndex property type, the `ProvisionedThroughput` property is now conditional. AWS::EC2::Instance Use the `ElasticInferenceAccelerators` property to specify a list of elastic inference accelerators for an instance. Use the `LicenseSpecifications` property to associate a list of license configuration with an instance. AWS::ServiceDiscovery::Service Use the `NamespaceId` property to specify the ID of the namespace that you want to use to create the service. In the DnsConfig property type, use the `RoutingPolicy` property to specify the routing policy that you want to apply to all DNS records that AWS Cloud Map creates when you register an instance and specify this service.	November 28, 2018
New resource	The following resource was added: AWS::ServiceDiscovery::HttpNamespace. AWS::ServiceDiscovery::HttpNamespace Use the `HttpNamespace` resource to create an HTTP namespace for Cloud Map.	November 28, 2018
New resources	The following resources were added: AWS::EC2::TransitGateway, AWS::EC2::TransitGatewayAttachment, AWS::EC2::TransitGatewayRoute, AWS::EC2::TransitGatewayRouteTable, AWS::EC2::TransitGatewayRouteTableAssociation, and AWS::EC2::TransitGatewayRouteTablePropagation. AWS::EC2::TransitGateway Use the `AWS::EC2::TransitGateway` resource to create a transit gateway. AWS::EC2::TransitGatewayAttachment Use the `AWS::EC2::TransitGatewayAttachment` resource to create an attachment between a VPC and a transit gateway. AWS::EC2::TransitGatewayRoute Use the `AWS::EC2::TransitGatewayRoute` resource to create a static route for a transit gateway route table. AWS::EC2::TransitGatewayRouteTable Use the `AWS::EC2::TransitGatewayRouteTable` resource to create a route table for a transit gateway. AWS::EC2::TransitGatewayRouteTableAssociation Use the `AWS::EC2::TransitGatewayRouteTableAssociation` resource to associate an attachment with a transit gateway route table. AWS::EC2::TransitGatewayRouteTablePropagation Use the `AWS::EC2::TransitGatewayRouteTablePropagation` resource to enable an attachment to propagate routes.	November 26, 2018
New resources	The following resources were added: Alexa::ASK::Skill, AWS::AppSync::FunctionConfiguration, AWS::EC2::EC2Fleet, AWS::Kinesis::StreamConsumer, AWS::Route53Resolver:ResolverEndpoint, and AWS::Route53Resolver::ResolverRule. Alexa::ASK::Skill Use the `Alexa::ASK::Skill` resource to create an Alexa skill. AWS::AppSync::FunctionConfiguration Use the `AWS::AppSync::FunctionConfiguration` resource to describe the functions defined with appsync datasource in AWS AppSync. AWS::EC2::EC2Fleet Use the `AWS::EC2::EC2Fleet` resource to launch an EC2 Fleet that can include multiple launch specifications that vary by instance type, AMI, Availability Zone, or subnet. AWS::Kinesis::StreamConsumer Use the `AWS::Kinesis::StreamConsumer` resource to to register a consumer with a Kinesis data stream. AWS::Route53Resolver::ResolverEndpoint Use the `AWS::Route53Resolver::ResolverEndpoint` resource to specify settings for inbound or outbound endpoints for Amazon Route 53. AWS::Route53Resolver::ResolverRule Use the `AWS::Route53Resolver::ResolverRule` resource to specify detailed information about a resolver rule, which specifies how to route DNS queries out of a VPC for Amazon Route 53.	November 20, 2018
Updated resources	The following resources were updated: AWS::ApiGateway::Deployment, AWS::ApiGateway::Stage, AWS::AutoScaling::AutoScalingGroup, AWS::EC2::EIP, AWS::ElasticLoadBalancingV2::Listener, AWS::EMR::Cluster, AWS::OpsWorks::Layer, AWS::RDS::DBCluster, AWS::RDS::DBInstance, AWS::S3::Bucket, and AWS::SNS::Topic. AWS::ApiGateway::Deployment In the StageDescription property type, use the `Tags` property to specify the AWS CloudFormation resource tags to associate with the stage. AWS::ApiGateway::Stage Use the `Tags` property to specify the AWS CloudFormation resource tags to associate with the stage. AWS::AutoScaling::AutoScalingGroup Use the `MixedInstancesPolicy` property to provision a combination of On-Demand Instances and Spot Instances across multiple instance types. When you create your Auto Scaling group, you can specify a launch configuration or template as a parameter for the top-level object, or you can specify a mixed instances policy, but not both at the same time. AWS::EC2::EIP Use the `PublicIpv4Pool` property to specify the ID of an address pool that you own to let Amazon EC2 select an address from the address pool. AWS::ElasticLoadBalancingV2::Listener In the Action property type: Use the `AuthenticateCognitoConfig` property to specify request parameters to use when integrating with Amazon Cognito to authenticate users. Use the `AuthenticateOidcConfig` property to request parameters when using an identity provider (IdP) that is compliant with OpenID Connect (OIDC) to authenticate users. Use the `FixedResponseConfig` property to specify information about an action that returns a custom HTTP response. Use the `RedirectConfig` property to specify information about a redirect action. AWS::ElasticLoadBalancingV2::ListenerRule In the Actions property type: Use the `AuthenticateCognitoConfig` property to specify request parameters to use when integrating with Amazon Cognito to authenticate users. Use the `AuthenticateOidcConfig` property to request parameters when using an identity provider (IdP) that is compliant with OpenID Connect (OIDC) to authenticate users. Use the `FixedResponseConfig` property to specify information about an action that returns a custom HTTP response. Use the `RedirectConfig` property to specify information about a redirect action. AWS::EMR::Cluster Use the HadoopJarStepConfig property type to specify a job flow step consisting of a JAR file whose main function will be executed. Use the StepConfig property type to specify a cluster (job flow) step. Use the KeyValue property type to specify a key value pair. In the JobFlowInstancesConfig property type, use `KeepJobFlowAliveWhenNoSteps` property to specify whether the cluster should remain available after completing all steps. AWS::OpsWorks::Layer In the VolumeConfiguration property type, use the `Encrypted` property to specify whether an Amazon EBS volume is encrypted. AWS::RDS::DBCluster Use the `DeletionProtection` property to indicate whether the DB cluster should have deletion protection enabled. The database can't be deleted when this value is set to `true`. If you want to delete a stack with a protected cluster, update this value to `false` before you delete the stack. AWS::RDS::DBInstance Use the `DeleteAutomatedBackups` property to indicate whether automated backups should be deleted (`true`) or retained (`false`) when you delete a DB instance. The default is `true`. Use the `DeletionProtection` property to indicate whether the DB instance should have deletion protection enabled. The database can't be deleted when this value is set to `true`. If you want to delete a stack with a protected instance, update this value to `false` before you delete the stack. AWS::S3::Bucket Use the `PublicAccessBlockConfiguration` property to specify the public access configuration for an Amazon S3 bucket. AWS::SNS::Topic Use the `KmsMasterKeyId` property to specify an AWS KMS key identifier. This can be a key ID, key ARN, or key alias.	November 19, 2018
Updated resource	The following resource was updated: AWS::CodePipeline::Pipeline. AWS::CodePipeline::Pipeline Use the `ArtifactStores` property to specify a list of `ArtifactStoreMap` mappings. There must be an artifact store for the pipeline region and for each cross-region action within the pipeline. You can only use either `ArtifactStore` or `ArtifactStores`, not both. In the Actions property type, use the `Region` property to specify the action’s AWS Region, such as `us-east-1`.	November 13, 2018
Stack drift detection added	Drift detection enables you to detect whether a stack's actual configuration differs, or has drifted, from its expected template configuration as defined within AWS CloudFormation. You can have AWS CloudFormation detect drift on an entire stack, or individual stack resources. For more information, see Detecting Unmanaged Configuration Changes to Stacks and Resources.	November 13, 2018
Updated resources	The following resources have been updated: AWS::ApiGateway::Deployment, AWS::ApiGateway::Stage, AWS::CloudWatch::Alarm, AWS::EC2::SecurityGroupIngress, AWS::IAM::Role, AWS::IAM::User, AWS::IoT::TopicRule, AWS::KMS::Key, AWS::RDS::DBCluster, AWS::RDS::DBInstance, AWS::Route53::RecordSet, AWS::S3::Bucket, and AWS::Workspaces::Workspace. AWS::ApiGateway::Deployment In the StageDescription property type, use the `TracingEnabled` property to specify whether active tracing with X-ray is enabled for this stage. AWS::ApiGateway::Stage Use the `TracingEnabled` property to specify whether active tracing with X-ray is enabled for this stage. AWS::CloudWatch::Alarm Use the `DatapointsToAlarm` property to specify the number of datapoints that must be breaching to trigger the alarm. This is used only if you are setting an "M out of N" alarm. In that case, this value is the M. AWS::EC2::SecurityGroupIngress Use the `SourcePrefixListId` property to specify the AWS service prefix of an Amazon VPC endpoint. AWS::IAM::Role Use the `PermissionsBoundary` property to specify the policy that is used to set the permissions boundary for the role. AWS::IAM::User Use the `PermissionsBoundary` property to specify the policy that is used to set the permissions boundary for the user. AWS::IoT::TopicRule In the TopicRulePayload property type, use the `ErrorActions` property to specify the action to take when an error occurs. In the Action property type: Use the `IoTAnalytics` property to send message data to an AWS IoT Analytics channel. Use the `StepFunctionsAction` property to start execution of a Step Functions state machine. AWS::KMS::Key Use the `PendingWindowInDays` property to specify the waiting period, specified in number of days, after which AWS KMS deletes the customer master key (CMK). AWS::RDS::DBInstance Use the `EnableCloudwatchLogsExports` property to specify the list of log types that need to be enabled for exporting to CloudWatch Logs. Use the `EnableIAMDatabaseAuthentication` property to enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts. Use the `EnablePerformanceInsights` property to enable Performance Insights for the DB instance. Use the `PerformanceInsightsKMSKeyId` property to specify the AWS KMS key identifier for encryption of Performance Insights data. The AWS KMS key ID is the Amazon Resource Name (ARN), AWS KMS key identifier, or the AWS KMS key alias for the AWS KMS encryption key. Use the `PerformanceInsightsRetentionPeriod` property to specify the amount of time, in days, to retain Performance Insights data. Use the `ProcessorFeatures` property to specify the number of CPU cores and the number of threads per core for the DB instance class of the DB instance. Use the `PromotionTier` property to specify the order in which an Aurora Replica is promoted to the primary instance after a failure of the existing primary instance. AWS::RDS::DBCluster Use the `EnableCloudwatchLogsExports` property to specify the list of log types that need to be enabled for exporting to CloudWatch Logs. Use the `EnableIAMDatabaseAuthentication` property to enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts. Use the `BacktrackWindow` property to specify the target backtrack window, in seconds. To disable backtracking, specify 0. If specified, this property must be set to a number from 0 to 259,200 (72 hours). AWS::Route53::RecordSet Use the `MultiValueAnswer` property to route traffic approximately randomly to multiple resources, such as web servers. Create one multivalue answer record for each resource and specify true for `MultiValueAnswer`. AWS::S3::Bucket Use the `RegionalDomainName` attribute with the Fn::GetAtt function to return the regional domain name of the specified bucket. AWS::Workspaces::Workspace Use the `Tags` property to specify the tags (key-value pairs) that you want to attach to the WorkSpace. Use the `WorkspaceProperties` property to specify information about a WorkSpace.	November 9, 2018
The secretsmanager dynamic reference is now available.	Use the `secretsmanager` dynamic reference to retrieve entire secrets or secret values that are stored in AWS Secrets Manager for use in your templates. Secrets can be database credentials, passwords, third-party API keys, and even arbitrary text. Using the `secretsmanager` dynamic reference guarantees that neither Secrets Manager nor CloudFormation logs or persists any resolved secret value. For more information, see Using Dynamic References to Specify Template Values.	November 9, 2018
New resources	The following resources were added: AWS::DLM::LifecyclePolicy, AWS::SecretsManager::ResourcePolicy, AWS::SecretsManager::RotationSchedule, AWS::SecretsManager::Secret, and AWS::SecretsManager::SecretTargetAttachment. AWS::DLM::LifecyclePolicy The `AWS::DLM::LifecyclePolicy` resource creates a lifecycle policy for Amazon Data Lifecycle Manager. AWS::SecretsManager::ResourcePolicy Use the `AWS::SecretsManager::ResourcePolicy` resource to define a resource-based policy and attach it to a secret that's stored in Secrets Manager. AWS::SecretsManager::RotationSchedule Use the `AWS::SecretsManager::RotationSchedule` resource to configure rotation for a secret. AWS::SecretsManager::Secret Use the `AWS::SecretsManager::Secret` resource to create a secret and stores it in Secrets Manager. AWS::SecretsManager::SecretTargetAttachment Use the `AWS::SecretsManager::SecretTargetAttachment` resource to complete the final link between a Secrets Manager secret and its associated database.	November 9, 2018
Updated resource	The following resource was updated: AWS::SSM:MaintenanceWindow. AWS::SSM:MaintenanceWindow Use the `StartDate` and `StartDate` property types to specify when you want the Maintenance Window to become active or inactive. Use the `ScheduleTimezone` property type to specify the time zone to base scheduled Maintenance Window executions on, in Internet Assigned Numbers Authority (IANA) format.	November 1, 2018
Updated resources	The following resources were updated: AWS::AppSync::DataSource, AWS::AppSync::Resolver, AWS::AutoScalingPlans::ScalingPlan, AWS::Batch::JobDefinition, AWS::Batch::ComputeEnvironment, AWS::CloudWatch::Alarm, AWS::IoT1Click::Placement, and AWS::IoT1Click::Project. AWS::AppSync::DataSource Use the `RelationalDatabaseConfig` property type to specify RelationalDatabaseConfig for an AWS AppSync data source. In the `HttpConfig` property type, use the `AuthorizationConfig` property to specify the authorization type and configurations for an AWS AppSync http data source. AWS::AppSync::Resolver Use the `PipelineConfig` property type to specify PipelineConfig for an AWS AppSync data source to connect with functions. AWS::AutoScalingPlans::ScalingPlan Use the `ScalingInstruction` property type to configure predictive scaling as part of the scaling configuration for an Amazon EC2 Auto Scaling group in an AWS Auto Scaling scaling plan. Use the `PredefinedLoadMetricSpecification` property type to specify a predefined load metric for predictive scaling to use with AWS Auto Scaling. Use the `CustomizedLoadMetricSpecification` property type to specify a customized load metric for predictive scaling to use with AWS Auto Scaling. AWS::Batch::JobDefinition The `AWS::Batch::JobDefinition` resource was updated to support AWS Batch multi-node parallel jobs. AWS::Batch::ComputeEnvironment The `AWS::Batch::ComputeEnvironment` resource was updated to support Amazon EC2 launch templates and placement groups. AWS::CloudWatch::Alarm Use the `Metrics` property to specify the metric data to return. The `MetricName`, `Namespace`, and `Period` properties are now optional. AWS::IoT1Click::Placement The `PlacementName` property is now optional. AWS::IoT1Click::Project The `ProjectName` property is now optional.	October 25, 2018
New resources	The following resources were added: AWS::AppStream::DirectoryConfig, AWS::AppStream::Fleet, AWS::AppStream::ImageBuilder, AWS::AppStream::Stack, AWS::AppStream::StackFleetAssociation, AWS::AppStream::StackUserAssociation, AWS::AppStream::User. AWS::AppStream::DirectoryConfig Use the `AWS::AppStream::DirectoryConfig` resource to describe the configuration information required to join Amazon AppStream 2.0 fleets and image builders to Microsoft Active Directory domains. AWS::AppStream::Fleet Use the `AWS::AppStream::Fleet` resource to create a fleet for Amazon AppStream 2.0. A fleet consists of streaming instances that run a specified image. AWS::AppStream::ImageBuilder Use the `AWS::AppStream::ImageBuilder` resource to create an image builder for Amazon AppStream 2.0. AWS::AppStream::Stack Use the `AWS::AppStream::Stack` resource to create a stack to start streaming applications to Amazon AppStream 2.0 users. AWS::AppStream::StackFleetAssociation Use the `AWS::AppStream::StackFleetAssociation` resource to associate a fleet with a stack for Amazon AppStream 2.0. AWS::AppStream::StackUserAssociation Use the `AWS::AppStream::StackUserAssociation` resource to associate the specified stacks with the specified users for Amazon AppStream 2.0. Users in a user pool cannot be assigned to stacks with fleets that are joined to an Active Directory domain. AWS::AppStream::User Use the `AWS::AppStream::User` resource to create a new user in the user pool for Amazon AppStream 2.0.	October 25, 2018
Updated resource	Updated the following resources: AWS::AmazonMQ::Broker, AWS::GuardDuty::Detector, and AWS::SSM::PatchBaseline. AWS::AmazonMQ::Broker Amazon MQ now supports engine versions 5.15.6 and 5.15.0. Property changes include: The `EngineVersion` property now requires some interruptions upon update. The `AutoMinorVersionUpgrade` property now requires no interruption upon update. AWS::GuardDuty::Detector Use the `FindingPublishingFrequency` property to specify the frequency of notifications sent about the subsequent finding occurrences. AWS::SSM::PatchBaseline Use the `PatchSource` property type to provide information about the patches to use to update target instances.	October 18, 2018
New resource	Added the AWS::Events::EventBusPolicy resource. AWS::Events::EventBusPolicy Use the `AWS::Events::EventBusPolicy` resource to grant permission to other AWS accounts that send events to your account.	October 18, 2018
UseOnlineResharding update policy now available.	To modify a replication group's shards by adding or removing shards, rather than replacing the entire `AWS::ElastiCache::ReplicationGroup` resource, use the `UseOnlineResharding` update policy. For more information, see UseOnlineResharding Policy.	September 20, 2018
Updated resources	The following resources have been updated: AWS::ApiGateway::Deployment, AWS::ApiGateway::Method, AWS::ApiGateway::Stage, AWS::ApiGateway::UsagePlan, AWS::CodeBuild::Project, AWS::CodeDeploy::DeploymentGroup, AWS::EC2::FlowLog, AWS::EC2::SpotFleet, AWS::EC2::VPCEndpoint, AWS::ECS::Service, AWS::ECS::TaskDefinition, and AWS::RDS::DBCluster. AWS::ApiGateway::Deployment Use the `DeploymentCanarySettings` property to specify settings for the canary deployment. In the StageDescription property type: Use the `AccessLogSetting` property to specify settings for logging access in this stage. Use the `CanarySetting` property to specify settings for the canary deployment in this stage. AWS::ApiGateway::Method Use the `AuthorizationScopes` property to specify a list of authorization scopes configured on the method. In the Integration: Use the `ConnectionId` property to specify the ID of the VpcLink used for the integration when `connectionType=VPC_LINK`. Use the `ConnectionType` property to specify the type of the network connection to the integration endpoint. Use the `TimeoutInMillis` property to specify a custom timeout between 50 and 29,000 milliseconds. AWS::ApiGateway::Stage Use the `AccessLogSetting` property to specify settings for logging access in this stage. Use the `CanarySetting` property to specify settings for the canary deployment in this stage. AWS::ApiGateway::UsagePlan In the ApiStage property type, use the `Throttle` property to specify a map containing method-level throttling information for API stage in a usage plan. AWS::CodeBuild::Project Use the `LogsConfig` property specify logs for a project. Logs can be CloudWatch Logs, uploaded to a specified S3 bucket, or both. In the LogsConfig property type: Use the `CloudWatchLogs` property to specify details about CloudWatch Logs. Use the `S3Logs` property to specify details about logs that are uploaded to an S3 bucket. AWS::CodeDeploy::DeploymentGroup Use the `Ec2TagSet` property to specify information about groups of tags applied to EC2 instances. The deployment group will include only EC2 instances identified by all the tag groups. Use the `OnPremisesInstanceTagSet` property to specify information about groups of tags applied to on-premises instances. The deployment group will include only on-premises instances identified by all the tag groups. The `DeliverLogsPermissionArn` and `LogGroupName` properties are no longer required. AWS::EC2::FlowLog Use the `LogDestination` property to specify the destination to which the flow log data is to be published. Use the `LogDestinationType` property to specify the type of destination to which the flow log data is to be published. Flow log data can be published to CloudWatch Logs or Amazon S3. AWS::EC2::SpotFleet In the `SpotFleetRequestConfigData` property type, use the `InstanceInterruptionBehavior` property to specify the behavior when a Spot Instance is interrupted. In the `SpotFleetRequestConfigData` property type, use the `LoadBalancersConfig` property to specify one or more Classic Load Balancers and target groups to attach to the Spot Fleet request. Spot Fleet registers the running Spot Instances with the specified Classic Load Balancers and target groups. In the `Placement` property type, use the `Tenancy` property to specify the tenancy of the instance (if the instance is running in a VPC). An instance with a tenancy of dedicated runs on single-tenant hardware. The host tenancy is not supported for Spot Instances. AWS::EC2::VPCEndpoint Use the following attributes with the `Fn::GetAtt` function to return attribute values. Use `CreationTimestamp` to return the date and time the VPC endpoint was created. Use `DnsEntries` to return the DNS entries for the endpoint. Use `NetworkInterfaceIds` to return the network interfaces for the endpoint. AWS::ECS::Service The `ServiceRegistries` property now requires replacement upon update. Use the `SchedulingStrategy` property to specify the scheduling strategy to use for the service. In the ServiceRegistry property type: Use the `ContainerName` property to specify the container name value, already specified in the task definition, to be used for your service discovery service. Use the `ContainerPort` property to specify the port value, already specified in the task definition, to be used for your service discovery service. AWS::ECS::TaskDefinition In the LinuxParameters property type: Use the `Tmpfs` property to specify the container path, mount options, and size of the tmpfs mount. Use the `SharedMemorySize` property to specify the size (in MiB) of the `/dev/shm` volume. In the Volumes property type, use the `DockerVolumeConfiguration` property to specify the configuration of a Docker volume. In the ContainerDefinition property type, use the `RepositoryCredentials` property to specify the repository credentials for private registry authentication. AWS::ElastiCache::ReplicationGroup The `NodeGroupConfiguration` and `NumNodeGroups` properties are now conditional for some update operations. In the NodeGroupConfiguration property type, use the `NodeGroupId` property to specify either the ElastiCache for Redis supplied 4-digit id or a user supplied id for the node group these configuration values apply to. AWS::RDS::DBCluster Use the `EngineMode` property to specify the DB engine mode of the DB cluster. Use the `ScalingConfiguration` property to specify the scaling properties of the DB cluster, for DB clusters in `serverless` DB engine mode.	September 20, 2018
New resources	The following resources were added: AWS::IoT1Click::Device, AWS::IoT1Click::Placement, and AWS::IoT1Click::Project. AWS::IoT1Click::Device Use the `AWS::IoT1Click::Device` resource to change the enabled state of an AWS IoT 1-Click compatible device. AWS::IoT1Click::Placement Use the `AWS::IoT1Click::Placement` resource to create an empty AWS IoT 1-Click placement. AWS::IoT1Click::Project Use the `AWS::IoT1Click::Project` resource to create an empty project with a placement template.	September 20, 2018
New resource	Added the AWS::CloudFormation::Macro resource. AWS::CloudFormation::Macro Use the `AWS::CloudFormation::Macro` resource to create a template macro to perform custom processing on AWS CloudFormation templates.	September 6, 2018
Macros now available	Use macros to to perform custom processing on templates, from simple actions like find-and-replace operations to extensive transformations of entire templates. See Using AWS CloudFormation Macros to Perform Custom Processing on Templates for more information.	September 6, 2018
Updated resources	Added the Logs property to AWS::AmazonMQ::Broker. Added the SecondaryArtifacts and SecondarySources properties to AWS::CodeBuild::Project. AWS::AmazonMQ::Broker Use the `Logs` property to enable general or audit logging for an Amazon MQ broker. AWS::CodeBuild::Project In the Artifacts property type, you can use the `SecondaryArtifacts` property to specify secondary artifacts for a build project. You can use the `SecondarySources` property to specify secondary inputs for a build project.	August 30, 2018
Updated resources	Added the Configuration property to AWS::Glue::Crawler. Added the JsonClassifier and XMLClassifier properties to AWS::Glue::Classifier. AWS::Glue::Crawler Use the `Configuration` property to specify crawler configuration information. This versioned JSON string allows users to specify aspects of a crawler's behavior. AWS::Glue::Classifier Use the `JsonClassifier` property to specify AWS Glue classifier for JSON. Use the `XMLClassifier` property to specify AWS Glue classifier for XML content.	August 23, 2018
AWS CloudFormation now supports VPC endpoints powered by PrivateLink.	You can use a VPC endpoint to create a private connection between your VPC and AWS CloudFormation without requiring access over the Internet, through a NAT instance, a VPN connection, or AWS Direct Connect. For more information, see Setting Up VPC Endpoints for AWS CloudFormation.	August 22, 2018
Dynamic references support secure strings	Use new dynamic references to specify values that are stored and managed in other services, including Systems Manager Parameter Store SecureString type parameters, in your stack templates. For more information, see Using Dynamic References to Specify Template Values.	August 16, 2018
Updated resources	The following resources were updated: AWS::ApiGateway::DomainName, AWS::CertificateManager::Certificate, AWS::EC2::VPCPeeringConnection, AWS::EFS::FileSystem, AWS::EMR::Cluster, AWS::RDS::DBClusterParameterGroup, AWS::SNS::Subscription, and AWS::SQS::Queue. AWS::ApiGateway::DomainName Use the following attributes with the `Fn::GetAtt` intrinsic function: The `DistributionHostedZoneId` attribute returns the region-agnostic Amazon Route 53 Hosted Zone ID of the edge-optimized endpoint. The `RegionalDomainName` attribute returns the domain name associated with the regional endpoint for this custom domain name. The `RegionalHostedZoneId` attribute returns the region-specific Amazon Route 53 Hosted Zone ID of the regional endpoint. AWS::CertificateManager::Certificate Use the `ValidationMethod` property to specify the method you want to use if you are requesting a public certificate to validate that you own or control a domain. AWS::EC2::VPCPeeringConnection Use the `PeerRegion` property to specify the region code for the accepter VPC, if the accepter VPC is located in a region other than the region in which you make the request. AWS::EFS::FileSystem Use the `ProvisionedThroughputInMibps` property to specify the throughput, measured in MiB/s, that you want to provision for a file system that you're creating. Use the `ThroughputMode` property to specify the throughput mode for the file system to be created. AWS::EMR::Cluster Use the `KerberosAttributes` property to specify attributes for Kerberos configuration when Kerberos authentication is enabled using a security configuration. AWS::RDS::DBClusterParameterGroup The `Tags` property now requires no interruption to update. AWS::SNS::Subscription Use the `DeliveryPolicy` property to specify the JSON serialization of the subscription's delivery policy. Use the `FilterPolicy` property to specify the filter policy JSON that is assigned to the subscription. Use the `RawMessageDelivery` property to specify if raw message delivery is enabled for the subscription. Use the `Region` property to specify the region in which the topic resides. AWS::SQS::Queue Use the `Tags` property to specify the tags that you want to attach to this queue.	August 15, 2018
Updated resource	Added the SSESpecification property to AWS::DAX::Cluster. AWS::DAX::Cluster Use the `SSESpecification` property to specify the settings to enable server-side encryption.	August 9, 2018
New resource	Added the AWS::EC2::VPCEndpointServicePermissions resource. AWS::EC2::VPCEndpointServicePermissions Grant or revoke permissions for service consumers to connect the VPC endpoint service.	August 9, 2018
Updated resource	Added the OverrideArtifactName property to AWS::CodeBuild::Project. AWS::CodeBuild::Project In the Artifacts property type, set the `OverrideArtifactName` property to true to override the artifact name with a name specified in the buildspec file. The name specified in a buildspec file is calculated at build time and uses the Shell command language. For example, you can append a date and time to your artifact name so that it is always unique.	August 7, 2018
Updated resource	Added the EncryptionDisabled property to AWS::CodeBuild::Project. AWS::CodeBuild::Project In the Artifacts property type, set the `EncryptionDisabled` property to true to disable encryption for build output artifacts. This option is only valid if your artifact type is Amazon S3. If this is set to true with another artifact type, an invalidInputException will be thrown.	July 26, 2018
Updated resource	Added the Timeout property to AWS::Batch::JobDefinition. AWS::Batch::JobDefinition Use the `Timeout` property type to specify a job timeout configuration.	July 19, 2018
New resource	The following resource was added: AWS::IAM::ServiceLinkedRole. AWS::IAM::ServiceLinkedRole Use the `AWS::IAM::ServiceLinkedRole` resource to create a service-linked role in IAM. A service-linked role is a unique type of IAM role that is linked directly to an AWS service. Service-linked roles are predefined by the service and include all the permissions that the service requires to call other AWS services on your behalf.	July 19, 2018
Updated resources	Added the FieldLevelEncryptionId property to AWS::CloudFront::Distribution property types. AWS::CloudFront::Distribution In the CacheBehavior and DefaultCacheBehavior property types, use the `FieldLevelEncryptionId` property to specify the ID for the field-level encryption configuration that you want CloudFront to use for encrypting specific fields of data for a cache behavior or for the default cache behavior.	July 18, 2018
Updated resource	Added the HttpConfig property to AWS::AppSync::DataSource. AWS::AppSync::DataSource Use the `HttpConfig` property type to specify HttpConfig for an AWS AppSync data source.	July 12, 2018
Updated resource	Added the ReportBuildStatus property to AWS::CodeBuild::Project. AWS::CodeBuild::Project In the Source property type, use the `ReportBuildStatus` property to specify whether to send your source provider the status of a build's start and completion.	July 10, 2018
New resource	The following resource was added: AWS::CodePipeline::Webhook. AWS::CodePipeline::Webhook Use the `AWS::CodePipeline::Webhook` resource to create a webhook that connects your pipeline to an external event, such as a GitHub source repository change, which triggers your pipeline to start every time the external event occurs.	July 5, 2018
Updated resource	Added the following properties to AWS::EC2::VPCEndpoint: PrivateDnsEnabled, SecurityGroupIds, SubnetIds, and VpcEndpointType. AWS::EC2::VPCEndpoint Use the `PrivateDnsEnabled` property to indicate whether to associate a private hosted zone with the specified VPC. Use the `SecurityGroupIds` property to specify the ID of one or more security groups to associate with the endpoint network interface. Use the `SubnetIds` property to specify the ID of one or more subnets in which to create an endpoint network interface. Use the `VpcEndpointType` property to specify the type of endpoint.	June 21, 2018
New resources	The following resources were added: AWS::EC2::VPCEndpointConnectionNotification and AWS::EC2::VPCEndpointService. AWS::EC2::VPCEndpointConnectionNotification Use the `AWS::EC2::VPCEndpointConnectionNotification` resource to create a connection notification for the specified VPC endpoint or VPC endpoint service. AWS::EC2::VPCEndpointService Use the `AWS::EC2::VPCEndpointService` resource to create a VPC endpoint service configuration to which service consumers (AWS accounts, IAM users, and IAM roles) can connect.	June 21, 2018
Updated resource	Added the following property to AWS::ServiceDiscovery::Service: HealthCheckCustomConfig. AWS::ServiceDiscovery::Service Use the `HealthCheckCustomConfig` property to specify information about an optional custom health check.	June 14, 2018
New resources	The following new resources were released: AWS::AmazonMQ::Broker and AWS::AmazonMQ::Configuration. AWS::AmazonMQ::Broker Use the `AWS::AmazonMQ::Broker` resource to create a broker, add configuration changes or modify users for the specified broker, return information about the specified broker, or delete the specified broker. AWS::AmazonMQ::Configuration Use the `AWS::AmazonMQ::Configuration` resource to create a configuration, update the specified configuration, or return information about the specified configuration.	June 14, 2018
New resource	The following resource was added: AWS::SSM::ResourceDataSync. AWS::SSM::ResourceDataSync Use the `AWS::SSM::ResourceDataSync` resource to create or delete a Resource Data Sync for Systems Manager Inventory. You can use Resource Data Sync to send Inventory data collected from all of your Systems Manager managed instances to a single Amazon S3 bucket.	June 11, 2018
New resource	The following resource was released: AWS::EKS::Cluster. AWS::EKS::Cluster Use the `AWS::EKS::Cluster` resource to create Amazon EKS clusters.	June 5, 2018
Updated resource	For the AWS::GuardDuty::Master resource, the InvitationId property is now optional. AWS::GuardDuty::Master The `InvitationId` property is now optional.	May 31, 2018
New resources	The following new resources were released: AWS::SageMaker::Endpoint, AWS::SageMaker::EndpointConfig, AWS::SageMaker::Model, AWS::SageMaker::NotebookInstance, and AWS::SageMaker::NotebookInstanceLifecycleConfig. AWS::SageMaker::Endpoint Use the `AWS::SageMaker::Endpoint` resource to create a SageMaker endpoint to host trained models. AWS::SageMaker::EndpointConfig Use the `AWS::SageMaker::EndpointConfig` resource to create a configuration for an endpoint. AWS::SageMaker::Model Use the `AWS::SageMaker::Model` resource to create a model to host at an Amazon SageMaker endpoint. AWS::SageMaker::NotebookInstance Use the `AWS::SageMaker::NotebookInstance` resource to create an Amazon SageMaker notebook instance.