Release history - AWS CloudFormation

Release history

The following table describes important changes in each release of the AWS CloudFormation User Guide after May 2018. For notification about updates to this documentation, you can subscribe to an RSS feed.

Change Description Date

Updated resource

The following resource was updated: AWS::AppSync::DataSource

AWS::AppSync::DataSource

Use the OpenSearchServiceConfig property to specify the configuration for an Amazon OpenSearch Service domain for an AWS AppSync data source.

September 23, 2021

New resources

The following resources were added: AWS::MemoryDB::Cluster, AWS::MemoryDB::ACL, AWS::MemoryDB::ParameterGroup, AWS::MemoryDB::SubnetGroup, and AWS::MemoryDB::User.

AWS::MemoryDB::Cluster

Use the Cluster resource to specify a MemoryDB cluster.

AWS::MemoryDB::ACL

Use the ACL resource to specify a MemoryDB access control list and associate it with a cluster.

AWS::MemoryDB::ParameterGroup

Use the ParameterGroup resource to specify a MemoryDB parameter group and associate it with a cluster.

AWS::MemoryDB::SubnetGroup

Use the SubnetGroup resource to specify a MemoryDB subnet group and associate it with a cluster.

AWS::MemoryDB::User

Use the User resource to specify a MemoryDB user and add it to an access control list.

September 23, 2021

Updated resources

The following resource was updated: AWS::EMR::Studio.

AWS::EMR::Studio

Use the IdpAuthUrl property to specify the authentication endpoint of your identity provider (IdP) when you use IAM authentication and want to let federated users log in to an Amazon EMR Studio with the Studio URL and credentials from your IdP.

Use the IdpRelayStateParameterName property to specify the name that your identity provider uses for its RelayState parameter.

Use the UserRole property only when you set AuthMode to SSO.

September 17, 2021

Updated resource

The following resource was added: AWS::ACMPCA::Permission

AWS::ACMPCA::Permission

Use the AWS::ACMPCA::Permission object to grant permissions on a private CA to the AWS Certificate Manager (ACM) service principal (acm.amazonaws.com). These permissions allow ACM to renew ACM certificates that reside in the same AWS account as the CA.

September 17, 2021

Updated resource

The following resource was updated: AWS::S3::Bucket.

Monitoring metrics with Amazon CloudWatch

Use the AccessPointArn property in AWS::S3::Bucket MetricsConfiguration to filter CloudWatch request metrics by access point.

September 17, 2021

New resource

The following resource was added: AWS::APS::Workspace.

AWS::APS::Workspace

Use the AWS::APS::Workspace resource to specify an Amazon Managed Service for Prometheus workspace. For more information, see Create a workspace.

September 17, 2021

New resource

The following resource was added: AWS::HealthLake::FHIRDatastore.

AWS::HealthLake::FHIRDatastore

Use the AWS::HealthLake::FHIRDatastore resource to specify a Data Store that can inest and export FHIR formatted data.

September 17, 2021

New resources

The following resource was added: AWS::OpenSearchService::Domain.

AWS::OpenSearchService::Domain

Use the AWS::OpenSearchService::Domain resource to create an Amazon OpenSearch Service domain.

September 16, 2021

Updated resource

The following resource was updated: AWS::CloudTrail::Trail

AWS::CloudTrail::Trail

Use the ExcludeManagementEventSources property to exclude exclude AWS Key Management Service (AWS KMS) events from a trail's logs.

Use the InsightSelectors property to specify the Insights event type when you want to log Insights events on your trail.

Use the IsOrganizationTrail property to create an AWS Organizations trail, if Organizations is enabled in your account.

September 10, 2021

Updated resource

The following resource was updated: AWS::Cassandra::Table.

AWS::Cassandra::Table

Use the AWS::Cassandra::Table resource to add new regular columns to existing tables in Amazon Keyspaces (for Apache Cassandra).

September 3, 2021

Updated resources

The following resource was updated: AWS::Transfer::Server

AWS::Transfer::Server WorkflowDetail

Use the WorkflowDetail property to specify the steps and other details for a workflow.

AWS::Transfer::Server WorkflowDetails

Use the WorkflowDetails property as a container for the WorkflowDetails property.

September 2, 2021

Updated resource

The following resource was added: AWS::ACMPCA::CertificateAuthority OcspConfiguration. The following resource was updated: AWS::ACMPCA::CertificateAuthority RevocationConfiguration.

AWS::ACMPCA::CertificateAuthority OcspConfiguration

Use the AWS::ACMPCA::CertificateAuthority OcspConfiguration object to configure Online Certificate Status Protocol (OCSP) support on a CA.

September 2, 2021

Updated resource

The following resource was updated: AWS::DataSync::Task.

AWS::DataSync::Task

Use the Includes property to specify files to include in a task.

September 2, 2021

Updated resource

The following resource was Updated: AWS::EventSchemas::Discoverer.

AWS::EventSchemas::Discoverer

Use the CrossAccount property to allow event schemas from other accounts to be discovered.

September 2, 2021

Updated resource

The following resource was updated: AWS::KinesisFirehose::DeliveryStream

AWS::KinesisFirehose::DeliveryStream

DynamicPartitioningConfiguration property type is now supported for the delivery streams in CloudFormation.

September 2, 2021

New resource

The following resource is new: AWS::IoT::FleetMetric

AWS::IoT::FleetMetric

Use the AWS::IoT::FleetMetric resource to specify a fleet metric.

September 2, 2021

New resource

The following resources were added: AWS::S3::MultiRegionAccessPoint and AWS::S3::MultiRegionAccessPointPolicy.

AWS::S3::MultiRegionAccessPoint

Use the AWS::S3::MultiRegionAccessPoint resource to create an S3 Multi-Region Access Point configuration.

AWS::S3::MultiRegionAccessPointPolicy

Use the AWS::S3::MultiRegionAccessPointPolicy resource to create an S3 Multi-Region Access Point Policy configuration.

September 2, 2021

Terminology change

AWS KMS is replacing the term customer master key (CMK) with AWS KMS key and KMS key. The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations of this term.

August 30, 2021

Stack failure options

You can iteratively develop your applications when provisioning failures are encountered by starting from the point of failure without rolling back successfully provisioned resources. By specifying stack failure options, you can troubleshoot resources in a CREATE_FAILED or UPDATE_FAILED status. You can provision failure options for all stack deployments and change set operations.

For more information, see Stack failure options.

August 30, 2021

Updated resource

The following resource was updated: AWS::CodeBuild::Project

AWS::CodeBuild::Project

The ResourceAccessRole and Visibility properties were added to support public builds.

August 19, 2021

Updated resource

The following resource was updated: AWS::AutoScaling::ScalingPolicy.

AWS::AutoScaling::ScalingPolicy

Use the PredictiveScalingConfiguration property to specify a predictive scaling policy configuration for an Auto Scaling group.

August 19, 2021

Updated resource

The following resource was updated: AWS::Redshift::Cluster.

August 19, 2021

Updated resource

The following resource was updated: AWS::SageMaker::EndpointConfig

AWS::SageMaker::EndpointConfig

In the AsyncInferenceClientConfig property type, use the MaxConcurrentInvocationsPerInstance property to set the maximum number of concurent requests.

In the AsyncInferenceConfig property type, use the ClientConfig to configure the behavior of the client SageMaker uses. Use OutputConfig to spcify invocation outputs.

In the AsyncInferenceNotificationConfig property, use the ErrorTopic and SuccessTopic to define Amazon SNS topics to post a notification if the inference fails or completes successfully, respectively.

In the OutputConfig property type use the KmsKeyId to encrypt the asynchronous inference output. Use NotificationConfig to specify the notification configuration and S3OutputPath to specify the output location in S3.

August 19, 2021

Updated resource

The following resource was updated: AWS::Elasticsearch::Domain.

AWS::Elasticsearch::Domain

Use the ColdStorageOptions property to specify whether to enable cold storage for the cluster.

August 17, 2021

Updated resources

The following resource was updated: AWS::WAFv2::WebACL.

AWS::WAFv2::WebACL

You can now specify the version to use for managed rule groups. For information, see ManagedRuleGroupStatement.

August 12, 2021

Updated resource

The following resource was updated: AWS::ApiGateway::DomainName.

AWS::ApiGateway::DomainName

Use the OwnershipVerificationCertificateArn property to specify the certificate ARN used to verify ownership of the domain using mutual TLS.

August 12, 2021

Updated resource

The following resource was updated: AWS::ApiGatewayV2::DomainName.

AWS::ApiGatewayV2::DomainName

Use the OwnershipVerificationCertificateArn property to specify the certificate ARN used to verify ownership of the domain using mutual TLS.

August 12, 2021

Updated resource

The following resource was updated: AWS::LookoutEquipment::InferenceScheduler

AWS::LookoutEquipment::InferenceScheduler

The ModelName property has changed so that an update requires replacement.

The ServerSideKmsKeyId property has changed so that an update requires replacement.

August 12, 2021

Updated resource

The following resource was updated: AWS::SageMaker::Model.

AWS::SageMaker::Model

In the ImageConfig property type, use the RepositoryAuthConfig property to specify an authentication configuration for the private docker registry where your model image is hosted.

August 12, 2021

Updated resource

The following resource was added: AWS::WAFv2::LoggingConfiguration.

AWS::WAFv2::LoggingConfiguration

You can now define an association between Amazon Kinesis Data Firehose destinations and a web ACL resource, for logging from AWS WAF.

August 12, 2021

Updated resource

The following resource was updated: AWS::AppSync::GraphQLApi

AWS::AppSync::GraphQLApi

Use the LambdaAuthorizerConfig property to specify the configuration for AWS Lambda function authorization.

August 5, 2021

Updated resource

The following resource was updated: AWS::FSx::FileSystem

AWS::FSx::FileSystem

In the WindowsConfiguration property type, use the AuditLogConfiguration property to enable audit event logging of end-user accesses of files, folders, and file shares on an Amazon FSx Windows File Server instance.

August 5, 2021

New resource

The following resource was added: AWS::Athena::PreparedStatement

AWS::Athena::PreparedStatement

Use the AWS::Athena::PreparedStatement resource to specify a prepared statement for use with SQL queries in Athena. Use prepared statements for repeated execution of the same query with different query parameters. A prepared statement contains parameter placeholders whose values are supplied at execution time.

August 5, 2021

Updated resource

The following resource was updated: AWS::DataBrew::Job

AWS::DataBrew::Job

Use the AWS::DataBrew::Job.DatabaseOutputs property type to define the output destination for a DataBrew job to be written into.

Use the AWS::DataBrew::Job.ProfileConfiguration property type to configure which statistics to include when running DataBrew profile jobs.

July 29, 2021

Updated resource

The following resource was updated: AWS::S3Outposts::EndPoint

AWS::S3Outposts::EndPoint

Use the AWS::S3Outposts::EndPoint.AccessType property to create an endpoint using customer owned IP (CoIP) addresses and access your Amazon S3 on AWS Outposts objects by creating a local gateway from your on-premises network.

July 29, 2021

New resource

The following resources were released: AWS::Route53RecoveryControl::Cluster, AWS::Route53RecoveryControl::ControlPanel, AWS::Route53RecoveryControl::RoutingControl, AWS::Route53RecoveryControl::SafetyRule

AWS::Route53RecoveryControl::Cluster

Use the AWS::Route53RecoveryControl::Cluster to host routing controls, which are simple on/off switches for routing traffic.

AWS::Route53RecoveryControl::ControlPanel

Use the AWS::Route53RecoveryControl::ControlPanel to define a group of routing controls that can be updated together in a single transaction.

AWS::Route53RecoveryControl::RoutingControl

Use the AWS::Route53RecoveryControl::RoutingControl to fail over traffic to an application replica, to recover your application across Availability Zones or Regions.

AWS::Route53RecoveryControl::SafetyRule

Use the AWS::Route53RecoveryControl::SafetyRule to configure safeguards for routing controls, to avoid things like turning off routing controls at once and stopping all traffic flow.

July 29, 2021

New resource

The following resources were released: AWS::Route53RecoveryReadiness::Cell, AWS::Route53RecoveryReadiness::ReadinessCheck, AWS::Route53RecoveryReadiness::RecoveryGroup, AWS::Route53RecoveryReadiness::ResourceSet

AWS::Route53RecoveryReadiness::Cell

Use the AWS::Route53RecoveryReadiness::Cell to define a single cell for an application.

AWS::Route53RecoveryReadiness::ReadinessCheck

Use the AWS::Route53RecoveryReadiness::ReadinessCheck to check application readiness for failover. Amazon Route 53 Application Recovery Controller uses readiness checks to determine the readiness of the resources in a resource set.

AWS::Route53RecoveryReadiness::RecoveryGroup

Use the AWS::Route53RecoveryReadiness::RecoveryGroup to define a recovery group for an application. A recovery group models an application and includes cells that represent application replicas.

AWS::Route53RecoveryReadiness::ResourceSet

Use the AWS::Route53RecoveryReadiness::ResourceSet to define a group of resources of a single type that you can associate with a readiness check.

July 29, 2021

Import stacks to stack set

The AWS CloudFormation stack import operation can import existing stacks into new or existing stack sets, so that you can migrate existing stacks to a stack set in one operation.

For more information, see Importing stacks into a stack set.

July 28, 2021

Updated resource

The following resource was updated: AWS::CloudWatch::Alarm.

AWS::CloudWatch::Alarm

In the MetricDataQuery property type, use the AccountId property to specify the ID of the account where the metrics are located, if this is a cross-account alarm.

July 22, 2021

Updated resource

The following resource was updated: AWS::QLDB::Ledger

AWS::QLDB::Ledger

Use the KmsKey property to specify a customer managed AWS KMS key to use for encryption at rest in the ledger.

July 22, 2021

New resources

The following resources were added: AWS::LookoutEquipment::InferenceScheduler

AWS::LookoutEquipment::InferenceScheduler

Use the AWS::LookoutEquipment::InferenceScheduler resource to set up a continuous real-time inference plan to analyze new measurement data.

July 22, 2021

Updated resource

The following resource was updated: AWS::EC2::VPCCidrBlock.

AWS::EC2::VPCCidrBlock

Use the Ipv6CidrBlock property to specify an IPv6 CIDR block from the IPv6 address pool.

Use the Ipv6Pool property to specify the ID of an IPv6 address pool from which to allocate the IPv6 CIDR block.

July 21, 2021

Updated resource

The following resource was updated: AWS::Cassandra::Table.

AWS::Cassandra::Table.EncryptionSpecification

Use the AWS::Cassandra::Table.EncryptionSpecification property to choose the encryption option for new or existing tables in Amazon Keyspaces (for Apache Cassandra).

July 21, 2021

New resource

The following resource was added : AWS::Logs::ResourcePolicy

AWS::Logs::ResourcePolicy

Use the AWS::Logs::ResourcePolicy resource to create a IAM policy that allows other AWS services to write log events to this account. For more information, see Logs sent to CloudWatch Logs.

July 15, 2021

Increased quota

The following AWS CloudFormation quota has been updated.

  • You can now declare a defaulted maximum of 2000 stacks in your AWS CloudFormation account. For more information, see AWS CloudFormation quotas.

July 15, 2021

Updated resource

The following resource was updated: AWS::DataBrew::Job

AWS::DataBrew::Job

Use the AWS::DataBrew::Job.DataCatalogOutput property type to define outputs from DataBrew recipe jobs to the AWS Glue Data Catalog.

July 9, 2021

Updated resources

The following resources were updated: AWS::ServiceDiscovery::PrivateDnsNamespace and AWS::ServiceDiscovery::PublicDnsNamespace.

AWS::ServiceDiscovery::PrivateDnsNamespace

Use the Properties property to specify DNS properties for an AWS Cloud Map private DNS namespace.

AWS::ServiceDiscovery::PublicDnsNamespace

Use the Properties property to specify DNS properties for an AWS Cloud Map public DNS namespace.

July 8, 2021

Updated resources

The following resources were updated: AWS::CodeDeploy::Application, AWS::CodeDeploy::DeploymentConfig, and AWS::CodeDeploy::DeploymentGroup

AWS::CodeDeploy::Application

Use the Tags property to specify metadata to add to CodeDeploy applications.

AWS::CodeDeploy::DeploymentConfig

Use the TrafficRoutingConfig property to specify how deployment traffic is routed.

Use the ComputePlatform property to specify the destination platform type for the deployment (Lambda, Server, or ECS).

AWS::CodeDeploy::DeploymentGroup

Use the BlueGreenDeploymentConfiguration property to specify information about blue/green deployment options for a deployment group.

Use the ECSServices property to specify the target Amazon ECS services in the deployment group.

July 8, 2021

Updated resource

The following resource was updated: AWS::AutoScaling::LaunchConfiguration.

AWS::AutoScaling::LaunchConfiguration

Use the BlockDevice property to specify GP3 volumes in the block device mappings for launch configurations.

July 8, 2021

Updated resources

The following resources were updated: AWS::ImageBuilder::ContainerRecipe and AWS::ImageBuilder::DistributionConfiguration.

AWS::ImageBuilder::DistributionConfiguration

Use the LaunchTemplateConfiguration property to use an Amazon EC2 launch template for specified accounts where you distribute your Image Builder image.

AWS::ImageBuilder::ContainerRecipe
  • Retrieve the container recipe Name attribute with the GN::GetAtt function.

  • Use the InstanceBlockDeviceMapping property to define block device mappings for the build instance used to configure your image.

July 1, 2021

Updated resource

The following resource was updated: AWS::ApplicationAutoScaling::ScalableTarget.

AWS::ApplicationAutoScaling::ScalableTarget

In the ScheduledAction property type, use the Timezone property to create scheduled actions in the local time zone. If your time zone observes Daylight Saving Time (DST), the recurring action automatically adjusts for Daylight Saving Time.

July 1, 2021

Updated resources

The following resource was updated: AWS::Transfer::Server ProtocolDetails

AWS::Transfer::Server ProtocolDetails

Use the ProtocolDetails property to specify the PassiveIp address for FTP and FTPS protocols.

June 24, 2021

Updated resource

The following resource was updated: AWS::DAX::Cluster

AWS::DAX::Cluster

Use the ClusterEndpointEncryptionType to specify the encryption type of the cluster's endpoint.

June 24, 2021

New resources

The following resources were added: AWS::CloudFormation::PublicTypeVersion, AWS::CloudFormation::Publisher, and AWS::CloudFormation::TypeActivation.

AWS::CloudFormation::PublicTypeVersion

Use the AWS::CloudFormation::PublicTypeVersion resource to test and publish a registered extension as a public, third-party extension.

AWS::CloudFormation::Publisher

Use the AWS::CloudFormation::Publisher resource to register your account as a publisher of public extensions in the CloudFormation registry.

AWS::CloudFormation::TypeActivation

Use the AWS::CloudFormation::TypeActivation resource to activate a public third-party extension, making it available for use in CloudFormation operations.

June 24, 2021

New resource

The following resource was added: AWS::Connect::QuickConnect

AWS::Connect::QuickConnect

Use the AWS::Connect::QuickConnect resource to create a quick connect.

June 24, 2021

Updated resource

The following resource was updated: AWS::MWAA::Environment

Schedulers

Use the Schedulers property to specify the number of Apache Airflow schedulers that run in an environment.

June 21, 2021

Publish public third-party extensions

Use public extensions provided by third-party publishers, just as you would extensions from Amazon.

For more information, see Using public extensions. For information on publishing third-party public extensions, see Publishing extensions in the CloudFormation CLI User Guide.

June 21, 2021

Updated resource

The following resource was updated: AWS::AutoScaling::ScheduledAction.

AWS::AutoScaling::ScheduledAction

Use the TimeZone property to create recurring scheduled actions in the local time zone. If your time zone observes Daylight Saving Time (DST), the recurring action automatically adjusts for Daylight Saving Time.

June 18, 2021

Updated resources

The following resources were updated: AWS::AppMesh::VirtualNode, AWS::AppMesh::GatewayRoute, and AWS::AppMesh::Route

AWS::AppMesh::VirtualNode

Use the DnsServiceDiscovery property to represent the DNS service discovery information for your virtual node.

AWS::AppMesh::GatewayRoute

Use the GatewayRouteHostnameMatch property to represent the gateway route hostname to match.

Use the GatewayRouteHostnameRewrite property to represent the gateway route host name to rewrite.

Use the GrpcGatewayRouteMetadata property to represent the metadata of the gateway route.

Use the GrpcGatewayRouteRewrite property to represent the the gateway route to rewrite.

Use the GrpcMetadataMatchMethod property to represent the method header to be matched.

Use the HttpGatewayRouteHeader property to represent the HTTP header in the gateway route.

Use the HttpGatewayRoutePathRewrite property to represent the path to rewrite.

Use the HttpGatewayRoutePrefixRewrite property to represent the beginning characters of the route to rewrite.

Use the HttpGatewayRouteRewrite property to represent the beginning characters of the route to rewrite.

Use the HttpGatewayRoutePathRewrite property to represent the beginning characters of the route to rewrite.

AWS::AppMesh::Route

Use the HttpQueryParameter property to represent the query parameter in the request.

June 17, 2021

Updated resource

The following resource was updated: AWS::KMS::Key.

AWS::KMS::Key

Use the MultiRegionKey property to specify multi-Region primary keys.

June 17, 2021

New resource

The following resource was added: AWS::KMS::ReplicaKey.

AWS::KMS::ReplicaKey

Use the AWS::KMS::ReplicaKey resource to specify a replica of a specified multi-Region primary key.

June 17, 2021

Parallel Node Upgrade and Scale to Zero

In the NodegroupUpdateConfig, use either the MaxUnavailable and MaxUnavailablePercentage values to define the number of nodes to upgrade in parallel. In the scalingconfig, the minsize and desiredsize values can both be set to zero.

June 16, 2021

Updated resource

The following resource was updated: AWS::EC2::NatGateway

AWS::EC2::NatGateway

Use the ConnectivityType property to indicate whether the NAT gateway supports public or private connectivity.

June 11, 2021

Updated resources

The following resource was updated: AWS::RAM:ResourceShare

AWS::RAM::ResourceShare

Use the PermissionArns property to specify the Amazon Resource Names (ARNs) of the permissions to associate with the resource share.

June 10, 2021

Updated resource

The following resource was updated: AWS::KinesisAnalyticsV2::Application

AWS::KinesisAnalyticsV2::Application ApplicationConfiguration

You can use the ZeppelinApplicationConfiguration property to create Studio notebook applications that use Apache Zeppelin. You can use the notebook interactively, and you can deploy it as a continuously running streaming application with durable state and autoscaling features.

June 10, 2021

Updated resource

The following resource was updated: AWS::SQS::Queue

AWS::SQS::Queue

You can now use the DeduplicationScope and FifoThroughputLimitproperties to enable higher throughput for FIFO queues.

June 10, 2021

Updated resource

The following resource was updated: AWS::SSM::Document

AWS::SSM::Document

Use the Attachments property to specify a list of key and value pairs that describe attachments to a version of a document. Use the Requires property to specify a list of SSM documents required by a document. This parameter is used exclusively by AWS AppConfig. When a user creates an AWS AppConfig configuration in an SSM document, the user must also specify a required document for validation purposes. In this case, an ApplicationConfiguration document requires an ApplicationConfigurationSchema document for validation purposes. For more information, see Creating a configuration and a configuration profile in the AWS AppConfig User Guide.

June 10, 2021

Updated resource

The following resource was updated: AWS::FSx::FileSystem

AWS::FSx::FileSystem

Use the DNSName attribute to access the DNS name of your Amazon FSx file system.

June 7, 2021

New resource

The following resources were added: AWS::Location::GeofenceCollection, AWS::Location::Map, AWS::Location::PlaceIndex, AWS::Location::RouteCalculator, AWS::Location::Tracker, and AWS::Location::TrackerConsumer.

AWS::Location::GeofenceCollection

Use the AWS::Location::GeofenceCollection resource to specify the ability to detect and act when a tracked device enters or exits a defined geographical boundary.

AWS::Location::Map

Use the AWS::Location::Map resource to specify a map resource in your AWS account, which provides map tiles of different styles sourced from available data providers.

AWS::Location::PlaceIndex

Use the AWS::Location::PlaceIndex resource to specify a place index resource in your AWS account, which supports Places functions with geospatial data sourced from your chosen data provider.

AWS::Location::RouteCalculator

Use the AWS::Location::RouteCalculator resource to specify a route calculator resource in your AWS account.

AWS::Location::Tracker

Use the AWS::Location::Tracker resource to specify a tracker resource in your AWS account, which lets you receive current and historical location of devices.

AWS::Location::TrackerConsumer

Use the AWS::Location::TrackerConsumer resource to specify an association between a geofence collection and a tracker resource.

June 7, 2021

Updated resources

The following resources were updated: AWS::MediaPackage::Channel, AWS::MediaPackage::OriginEndpoint, AWS::MediaPackage::PackagingConfiguration, and AWS::MediaPackage::PackagingGroup.

AWS::MediaPackage::Channel.

Use the EgressAccessLogs property to specify egress access logs for your channel.

Use the IngressAccessLogs property to specify ingress access logs for your channel.

AWS::MediaPackage::OriginEndpoint.

Use the CmafEncryption.ConstantInitializationVector property to specify an optional 128-bit, 16-byte hex value represented by a 32-character string, used in conjunction with the key for encrypting blocks. If you don't specify a value, then MediaPackage creates the constant initialization vector (IV).

AWS::MediaPackage::PackagingConfiguration.

Use the CmafPackage.IncludeEncoderConfigurationInSegments property to place your encoder's metadata into every video segment instead of the init fragment, which is the default behavior. This lets you use different SPS/PPS/VPS settings for your assets during content playback.

AWS::MediaPackage::PackagingGroup.

Use the EgressAccessLogs property to configure egress access logs for your packaging group.

May 27, 2021

Updated resources

The following resources were updated: AWS::WAFv2::WebACL and AWS::WAFv2::RuleGroup.

AWS::WAFv2::WebACL

You now have additional text transformation options.

AWS::WAFv2::RuleGroup

You now have additional text transformation options.

May 27, 2021

Updated resource

The following resource was updated: AWS::ACMPCA::CertificateAuthority.

AWS::ACMPCA::CertificateAuthority

Use the S3ObjectAcl property to restrict public access to your CRLs.

May 27, 2021

Updated resource

The following resource was updated: AWS::FraudDetector::Detector.

AWS::FraudDetector::Detector

Use the AssociatedModels property to associate models with the detector.

May 27, 2021

Updated resource

The following resource was updated: AWS::FSx::FileSystem

AWS::FSx::FileSystem

In the LustreConfiguration property type, use DataCompressionType to specify the type of data compression used by an Amazon FSx for Lustre file system.

May 27, 2021

Updated resource

The following resource was updated: AWS::MWAA::Environment

ModuleLoggingConfiguration

In the ModuleLoggingConfiguration property type, the CloudWatchLogGroupArn response property type for the CloudWatch Logs ARN where Apache Airflow DAG logs are published was removed from the request to enable logs, and is being returned in the response.

AirflowConfigurationOptions

In the AirflowConfigurationOptions property type, use a PrimitiveType of Json to add an Apache Airflow configuration option.

MinWorkers

Use the MinWorkers property to specify the minimum number of Apache Airflow workers that run in an environment.

May 27, 2021

Updated resource

The following resource was updated: AWS::QLDB::Ledger

AWS::QLDB::Ledger

The PermissionsMode property has changed so that an update requires no interruption.

May 27, 2021

New resource

The following resource was added: AWS::CUR::ReportDefinition

AWS::CUR::ReportDefinition

Use the AWS::CUR::ReportDefinition resource to define AWS Cost and Usage Report.

May 27, 2021

Region availability

The following resources were updated: AWS::AmazonMQ::Broker

AWS::AmazonMQ::Broker

Amazon MQ for RabbitMQ is now available in the Amazon Web Services China (Bejing) and the Amazon Web Services China (Ningxia) Regions.

May 26, 2021

New resources

The following resource was added: AWS::EC2::TransitGatewayPeeringAttachment.

AWS::EC2::TransitGatewayPeeringAttachment

Use the TransitGatewayPeeringAttachment resource to request transit gateway peering attachment between the specified transit gateway (requester) and a peer transit gateway (accepter).

May 20, 2021

New resource

The following resource was added: AWS::AppRunner::Service.

AWS::AppRunner::Service

Use the AWS::AppRunner::Service resource to create or update an AWS App Runner service.

May 20, 2021

New resource

The following resource was added: AWS::IoTCoreDeviceAdvisor::SuiteDefinition

SuiteDefinition

Use the SuiteDefinition resource to create a new test suite configuration for Device Advisor.

May 20, 2021

Updated resources

The following resource was updated: AWS::CloudFormation::StackSet.

AWS::CloudFormation::StackSet

Use the CallAs property type to specify whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account.

May 14, 2021

Updated resource

The following resource was updated: AWS::ECS::TaskDefinition

AWS::ECS::TaskDefinition EphemeralStorage

Use the AWS::ECS::TaskDefinition EphemeralStorage resource to define a custom ephemeral storage setting for your Amazon ECS tasks hosted on AWS Fargate.

May 14, 2021

Updated resource

The following resource was updated: AWS::ECS::CapacityProvider

AWS::ECS::CapacityProvider ManagedScaling

Use the AWS::ECS::CapacityProvider ManagedScaling.InstanceWarmupPeriod resource to set an instance warmup period for newly launched Amazon EC2 instances.

May 14, 2021

Updated resource

The following resource was updated: AWS::EKS::Nodegroup

AWS::EKS::Nodegroup

Use the Taints property to specify whether you want to have the effect of No_Schedule, Prefer_No_Schedule, or No_Execute applied to your node group.

May 14, 2021

Updated resource

The following resource was updated: AWS::Elasticsearch::Domain.

AWS::Elasticsearch::Domain

Use the EncryptionAtRestOptions property to specify whether the domain should encrypt data at rest, and if so, the AWS Key Management Service (KMS) key to use.

Use the NodeToNodeEncryptionOptions property to specify whether node-to-node encryption is enabled.

May 14, 2021

New resources

The following resources were added: AWS::SSMContacts::Contact and AWS::SSMContacts::ContactChannel

AWS::SSMContacts::Contact

Use the AWS::SSMContacts::Contact resource to specify an Incident Manager contact or escalation plan.

AWS::SSMContacts::ContactChannel

Use the AWS::SSMContacts::ContactChannel resource to specify a contact channel as the method that Incident Manager uses to engage your contact.

May 14, 2021

New resource

The following resource was added: AWS::DynamoDB::GlobalTable

AWS::DynamoDB::GlobalTable

Use the AWS::DynamoDB::GlobalTable resource to create DynamoDB global tables.

May 14, 2021

New resource

The following resources were added: AWS::SSMIncidents::ReplicationSet and AWS::SSMIncidents::ResponsePlan

AWS::SSMIncidents::ReplicationSet

Use the ReplicationSet resource to specify a set of Regions that Incident Manager data is replicated to and the KMS key used to encrypt the data.

AWS::SSMIncidents::ResponsePlan

Use the ResponsePlan resource to specify the details of the response plan that are used when creating an incident.

May 14, 2021

Updated resources

The following resources were updated: AWS::ECR::Repository

AWS::ECR::Repository

Use the AWS::ECR::Repository.EncryptionConfiguration property to configure encryption for the contents of a private repository.

May 13, 2021

Updated resource

The following resource was updated: AWS::S3::Bucket.

AWS::S3::Bucket

Use the ExpiredObjectDeleteMarker property to specify whether Amazon S3 will remove a delete marker with no noncurrent versions.

May 13, 2021

Updated resource

The following resource was updated: AWS::ACMPCA::CertificateAuthority.

AWS::ACMPCA::CertificateAuthority

Use the KeyStorageSecurityStandard property to specify the minimum FIPS key security standard.

May 6, 2021

Updated resource

The following resource was updated: AWS::CloudFront::Distribution.

AWS::CloudFront::Distribution

In the CacheBehavior and DefaultCacheBehavior property types, use the FunctionAssociations property to specify the CloudFront functions associated with the cache behavior.

For more information, see Customizing with CloudFront Functions in the Amazon CloudFront Developer Guide.

May 6, 2021

Updated resource

The following resources were updated: AWS::GameLift:Fleet, AWS::GameLift::GameSessionQueue.

AWS::GameLift::Fleet

In the LocationCapacity property type, use DesiredEc2Instance to specify the number of desired EC2 instance and MinSize and MaxSize to specify the minimum and maximum capacity size.

In the LocationConfiguration property type, use location Location to specify an AWS Region code and LocationConfiguration to specify resource capacity settings in a specified fleet.

AWS::GameLift::GameSessionQueue

Use the PriorityConfiguration property to specify priority destinations and locations for game session placements.

Use the FilterConfiguration property to specify a list of locations where a queue is allowed to place new game sessions.

May 6, 2021

Updated resource

The following resource was updated: AWS::IoT::TopicRule

AWS::IoT::TopicRule

Use the CloudwatchLogsAction property to specify a Cloudwatch logs action.

Use the TimestreamAction property to specify a timestream action.

Use the KafkaAction property to specify a kafka action.

In the S3Action property, use the CannedAcl value to specify a canned ACL action.

May 6, 2021

Updated resource

The following resource was updated: AWS::MSK::Cluster

AWS::MSK::Cluster

You can now create clusters with IAM access control. This enables you to authenticate clients, as well as to authorize Apache Kafka actions.

May 6, 2021

New resources

The following resources were added: AWS::FraudDetector::Detector, AWS::FraudDetector::EntityType, AWS::FraudDetector::EventType, AWS::FraudDetector::Label, AWS::FraudDetector::Outcome, and AWS::FraudDetector::Variable

AWS::FraudDetector::Detector

Use the AWS::FraudDetector::Detector resource to manage a detector or associated detector versions in Amazon Fraud Detector.

AWS::FraudDetector::EntityType

Use the AWS::FraudDetector::EntityType resource to create or update an entity type in Amazon Fraud Detector.

AWS::FraudDetector::EventType

Use the AWS::FraudDetector::EventType resource to create or update an event type in Amazon Fraud Detector.

AWS::FraudDetector::Label

Use the AWS::FraudDetector::Label resource to create or update label in Amazon Fraud Detector.

AWS::FraudDetector::Outcome

Use the AWS::FraudDetector::Outcome resource to create or update an outcome in Amazon Fraud Detector.

AWS::FraudDetector::Variable

Use the AWS::FraudDetector::Variable resource to create a variable in Amazon Fraud Detector.

May 6, 2021

New resources

The following resources were added: AWS::XRay::Group and AWS::XRay::SamplingRule.

AWS::XRay::Group

Use the AWS::XRay::Group resource to specify an X-Ray group.

AWS::XRay::SamplingRule

Use the AWS::XRay::SamplingRule resource to specify an X-Ray sampling rule.

May 6, 2021

New resource

The following resource was added: AWS::CloudFront::Function.

AWS::CloudFront::Function

Use the AWS::CloudFront::Function resource to create a function in CloudFront Functions.

For more information, see Customizing with CloudFront Functions in the Amazon CloudFront Developer Guide.

May 6, 2021

New resource

The following resource was added: AWS::FinSpace::Environment

AWS::FinSpace::Environment

Use the AWS::FinSpace::Environment resource to specify an Amazon FinSpace environment.

May 6, 2021

Updated resource

The following resource was updated: AWS::Detective::Graph

AWS::Detective::Graph

Use the Tags property to assign tag values to the behavior graph.

April 29, 2021

New resource

The following resource was added: AWS::IoTFleetHub::Application

AWS::IoTFleetHub::Application

Use the AWS::IoTFleetHub::Application resource to create a Fleet Hub for AWS IoT Device Management web application.

April 29, 2021

New resource

The following resource was added: AWS::SES::ContactList

AWS::SES::ContactList

Use the AWS::SES::ContactList resource to create a list that contains contacts that have subscribed to a particular topic or topics.

April 29, 2021

Updated resource

The following resources were updated: AWS::IAM::InstanceProfile and AWS::IAM::ManagedPolicy.

AWS::IAM::InstanceProfile

Use the Tags property to specify a list of tags that you want to attach to the newly created instance profile.

AWS::IAM::ManagedPolicy

Use the Tags property to specify a list of tags that you want to attach to the newly created managed policy.

April 27, 2021

New resources

The following resources were added: AWS::IoTWireless::PartnerAccount, AWS::IoTWireless::TaskDefinition

AWS::IoTWireless::PartnerAccount

Gets information about a partner account. If PartnerAccountId and PartnerType are null, returns all partner accounts.

AWS::IoTWireless::TaskDefinition

Gets information about the gateway task definition for a wireless gateway.

April 26, 2021

New resources

The following resources were added: AWS::NimbleStudio::Studio, AWS::NimbleStudio::StudioComponent, AWS::NimbleStudio::StreamingImage, and AWS::NimbleStudio::LaunchProfile.

AWS::NimbleStudio::Studio

Use the AWS::NimbleStudio::Studio resource to specify a studio resource.

AWS::NimbleStudio::StudioComponent

Use the AWS::NimbleStudio::StudioComponent resource to configure studio components, including types of workstations, render farms, license servers, and shared file systems.

AWS::NimbleStudio::StreamingImage

Use the AWS::NimbleStudio::StreamingImage resource to configure a machine image, including operating system and software, that can be launched as a virtual workstation in a streaming session.

AWS::NimbleStudio::LaunchProfile

Use the AWS::NimbleStudio::LaunchProfile resource to specify user access permissions to studio components.

April 26, 2021

Updated resources

AWS::ElastiCache::CacheCluster, AWS::ElastiCache::ReplicationGroup.

AWS::ElastiCache::CacheCluster

You can now specify log delivery to a CloudWatch Logs or Kinesis Data Firehose destination.

AWS::ElastiCache::ReplicationGroup

You can now specify log delivery to a CloudWatch Logs or Kinesis Data Firehose destination.

April 22, 2021

Updated resources

The following resources were updated: AWS::WAFv2::WebACL and AWS::WAFv2::RuleGroup.

AWS::WAFv2::WebACL

You can now nest rule statements without using different names for statements at different levels. For example, instead of using AndStatementOne and AndStatementTwo to nest an AND rule statement inside another AND rule statement, you can use AndStatement for both. The new statement properties are AndStatement, NotStatement, OrStatement, RateBasedStatement, and Statement.

AWS::WAFv2::RuleGroup

You can now nest rule statements without using different names for statements at different levels. For example, instead of using AndStatementOne and AndStatementTwo to nest an AND rule statement inside another AND rule statement, you can use AndStatement for both. The new statement properties are AndStatement, NotStatement, OrStatement, RateBasedStatement, and Statement.

April 22, 2021

Updated resource

The following resource was updated: AWS::ResourceGroups::Group

AWS::ResourceGroups::Group

Use the Configuration property to specify settings for an AWS service that automatically apply to members of the resource group.

April 22, 2021

New resource

The following resource was added: AWS::AutoScaling::WarmPool.

AWS::AutoScaling::WarmPool

Use the AWS::AutoScaling::WarmPool resource to specify a warm pool for an Auto Scaling group.

April 22, 2021

Updated resources

The following resource was updated: AWS::CloudFormation::StackSet.

AWS::CloudFormation::StackSet

Use the RegionConcurrencyType property type to specify the concurrency type of deploying StackSets operations in Regions.

April 15, 2021

Updated resource

The following resource was updated: AWS::ApiGateway::RestApi.

AWS::ApiGateway::RestApi

Use the Mode property to specify how API Gateway handles resource updates when you use OpenAPI to define your REST API.

April 15, 2021

Updated resource

The following resource was updated: AWS::IVS::Channel

AWS::IVS::Channel

Use the RecordingConfiguration property to specify an Amazon IVS RecordingConfiguration, which stores configuration information related to recording your live stream to a data store.

April 15, 2021

New resources

The following resource was added: AWS::EC2::EnclaveCertificateIamRoleAssociation.

AWS::EC2::EnclaveCertificateIamRoleAssociation

Use the EnclaveCertificateIamRoleAssociation resource to associate an AWS Identity and Access Management (IAM) role with an AWS Certificate Manager (ACM) certificate.

April 15, 2021

New resource

The following resource was added: AWS::IVS::RecordingConfiguration

AWS::IVS::RecordingConfiguration

Use the AWS::IVS::RecordingConfiguration resource to specify an Amazon IVS RecordingConfiguration, which stores configuration information related to recording your live stream to a data store.

April 15, 2021

Reference macros in stack set templates

StackSets now supports creating or updating stack sets with self-managed permissions from templates that reference macros.

For more information about macros, see Using AWS CloudFormation macros to perform custom processing on templates.

April 14, 2021

Use the latest value of an SSM parameter in a dynamic reference.

When using dynamic references, you can now have CloudFormation use the latest version of an SSM parameter whenever you create or update a stack. You are no longer required to specify a specific version.

For more details, see SSM parameters.

April 13, 2021

Updated resources

AWS::ElastiCache::ParameterGroup, AWS::ElastiCache::SecurityGroup, AWS::ElastiCache::SubnetGroup.

AWS::ElastiCache::ParameterGroup

You can now add tags to the AWS::ElastiCache::ParameterGroup type.

AWS::ElastiCache::SecurityGroup

You can now add tags to the AWS::ElastiCache::SecurityGroup resource.

AWS::ElastiCache::SubnetGroup

You can now add tags to the AWS::ElastiCache::SubnetGroup resource.

April 8, 2021

Updated resource

The following resource was updated: AWS::DynamoDB::Table.

AWS::DynamoDB::Table

Use the KinesisStreamSpecification property to specify the Kinesis Data Streams configuration for a table.

April 8, 2021

Modules support using period delimiters in resource names

You can now use a period as a delimiter in specifying the fully-qualified logical name for a resource contained in a module.

For more information, see Referencing resources in a module.

April 8, 2021

AWS CloudFormation StackSets now supports parallel region deployment

You can now choose to deploy StackSets into Regions sequentially or in parallel.

For more information, see Stack set operation options.

April 6, 2021

Updated resource

The following resource was updated: AWS::Backup::BackupPlan

AWS::Backup::BackupPlan

In the BackupPlanResourceType property type, use the AdvancedBackupSetting property to specify a list of backup options for each resource type you want to back up.

April 3, 2021

Updated resources

The following resources were updated: AWS::DataBrew::Dataset and AWS::DataBrew::Job

AWS::DataBrew::Dataset

Use the CsvOptions property to define how DataBrew will read a comma-separated value (CSV) file when creating a dataset from that file.

Use the DatabaseInputDefinition property to define connection information for dataset input files stored in a database.

Use the DataCatalogInputDefinition property to define how metadata stored in the AWS Glue Data Catalog is defined in a DataBrew dataset.

Use the DatasetParameter property to define the type and conditions for a parameter in the Amazon S3 path of the dataset.

Use the DatetimeOptions property to define the correct interpretation of datetime parameters used in the Amazon S3 path of a dataset.

Use the ExcelOptions property to define how DataBrew will interpret a Microsoft Excel file when creating a dataset from that file.

Use the FilesLimit property to limit the number of Amazon S3 files that should be selected for a dataset from a connected Amazon S3 path.

Use the FilterExpression property to define parameter conditions.

Use the FilterValue property to define a single entry in the ValuesMap of a FilterExpression.

Use the FormatOptions property to define the structure of either comma-separated value (CSV), Excel, or JSON input.

Use the Input property to define how DataBrew can find data, in either the AWS Glue Data Catalog or Amazon S3.

Use the JsonOptions property to define how input is to be interpreted by AWS Glue DataBrew.

Use the PathOptions property to define how DataBrew selects files for a given Amazon S3 path in a dataset.

Use the PathParameter property to define the file format of a dataset.

Use the S3Location property to define a single entry in the path parameters of a dataset.

AWS::DataBrew::Job

Use the JobSample property to define the number of rows on which a profile job is run.

Use the OutputLocation property to define the location in Amazon S3 where the job writes its output.

Use the Recipe property to define the actions to be performed on a dataset.

April 1, 2021

Updated resources

The following resources were updated: AWS::WAFv2::WebACL and AWS::WAFv2::RuleGroup.

AWS::WAFv2::WebACL

You can now inspect a web request body as JSON. You can now add custom request and response handling to web ACL default action and rule action settings. You can now define labels for rules, which are added automatically to matching requests and that persist with requests during web ACL evaluation. You can match against labels using the new rule LabelMatchStatement. You can now add a scope-down statement to managed rule group statements.

AWS::WAFv2::RuleGroup

You can now inspect a web request body as JSON. You can now add custom request and response handling to rule action settings. You can now define labels for rules, which are added automatically to matching requests and that persist with requests during web ACL evaluation. You can match against labels using the new rule LabelMatchStatement.

April 1, 2021

Updated resource

The following resource was updated: AWS::Config::DeliveryChannel.

AWS::Config::DeliveryChannel

Use the S3KmsKeyArn property to specify the Amazon Resource Name (ARN) of the AWS Key Management Service (KMS) customer managed key (CMK) used to encrypt objects delivered by AWS Config.

April 1, 2021

Updated resource

The following resource was updated: AWS::ApiGateway::RestApi.

AWS::ApiGateway::RestApi

Use the DisableExecuteApiEndpoint property to disable the default endpoint for a REST API.

April 1, 2021

Updated resource

The following resource was updated: AWS::Budgets::BudgetsAction

AWS::Budgets::BudgetsAction

Use the AWS::Budgets::BudgetsAction resource to take predefined actions that are initiated when a budget threshold has been exceeded.

April 1, 2021

Updated resource

The following resource was updated: AWS::Cloud9::EnvironmentEC2

AWS::Cloud9::EnvironmentEC2

Use the ImageId property to specify the Amazon Machine Image (AMI) that's used to create the EC2 instance.

April 1, 2021

Updated resource

The following resource was updated: AWS::EC2::LaunchTemplate.

AWS::EC2::LaunchTemplate

Use the TagSpecifications property to tag a launch template on creation.

April 1, 2021

Updated resource

The following resource was updated: AWS::ElasticBeanstalk::Environment.

AWS::ElasticBeanstalk::Environment

Use the OperationsRole property to specify the Amazon Resource Name (ARN) of an existing IAM role to be used as the environment's operations role.

April 1, 2021

Updated resource

The following resource was updated: AWS::Events::Rule.

AWS::Events::Rule

The SageMakerPipelineParameter property is a Name / Value pair of a parameter to start execution of a SageMaker Model Building Pipeline to create an API destination. An API destination defines an HTTP invocation endpoint to use as the target of a rule.

The SageMakerPipelineParameters contains the SageMaker Model Building Pipeline parameters to start execution of a SageMaker Model Building Pipeline.

April 1, 2021

Updated resource

The following resource was updated: AWS::FMS::Policy.

AWS::FMS::Policy

The AWS::FMS::Policy resource now allows you to manage DNS Firewall policies for Amazon Route 53 Resolver DNS Firewall.

April 1, 2021

Updated resource

The following resource was updated: AWS::GameLift::GameSessionQueue.

AWS::GameLift::GameSessionQueue

Use the NotificationTarget property to specify an SNS topic ARN to publish game session placement events that are emitted by the queue.

Use the CustomEventData property to specify a string value to add to all game session placement events that are emitted by the queue.

April 1, 2021

New resources

The following resources were added: AWS::Route53Resolver::FirewallDomainList, AWS::Route53Resolver::FirewallRuleGroup, AWS::Route53Resolver::FirewallRuleGroupAssociation

AWS::Route53Resolver::FirewallDomainList

Use the AWS::Route53Resolver::FirewallDomainList resource to specify a domain list configuration for Route 53 Resolver DNS Firewall.

AWS::Route53Resolver::FirewallRuleGroup

Use the AWS::Route53Resolver::FirewallRuleGroup resource to specify a rule group configuration for Route 53 Resolver DNS Firewall.

AWS::Route53Resolver::FirewallRuleGroupAssociation

Use the AWS::Route53Resolver::FirewallRuleGroupAssociation resource to specify an association between a firewall rule group and a VPC.

April 1, 2021

New resource

The following resource was added: AWS::CloudWatch::MetricStream.

AWS::CloudWatch::MetricStream

Use the AWS::CloudWatch::MetricStream resource to create a metric stream of CloudWatch metric data to a destination of your choice. For more information, see Metric streams.

April 1, 2021

New resource

The following resource was added : AWS::Logs::QueryDefinition

AWS::Logs::QueryDefinition

Use the AWS::Logs::QueryDefinition resource to create a CloudWatch Logs Insights query definition. For more information, see Analyzing Log Data with CloudWatch Logs Insights.

April 1, 2021

Updated resource

The following resource was updated: AWS::Batch::JobDefinition

AWS::Batch::JobDefinition

In the Volumes property type, use the EfsVolumeConfiguration property to specify the Amazon EFS configuration for a job definition.

March 31, 2021

New resources

The following resources were added: AWS::LookoutMetrics::Alert

AWS::LookoutMetrics::Alert

Use the AWS::LookoutMetrics::Alert resource to specify an alert for an anomaly detector.

AWS::LookoutMetrics::AnomalyDetector

Use the AWS::LookoutMetrics::AnomalyDetector resource to specify an anomaly detector.

March 25, 2021

New resource

The following resource was added: AWS::AppIntegrations::EventIntegration

AWS::AppIntegrations::EventIntegration

Use the AWS::AppIntegrations::EventIntegration resource to create an EventIntegration.

March 25, 2021

Updated resource

The following resource was updated: AWS::ServiceDiscovery::Service.

AWS::ServiceDiscovery::Service

Use the Type property to allow service instances in a service in a public or private DNS namespace to only be discovered with the DiscoverInstances API operation.

March 18, 2021

New resources

The following resource was added: AWS::FIS::ExperimentTemplate.

AWS::FIS::ExperimentTemplate

Use the AWS::FIS::ExperimentTemplate resource to create an experiment template in AWS Fault Injection Simulator.

March 18, 2021

New resource

The following resources were added: AWS::S3ObjectLambda::AccessPoint and AWS::S3ObjectLambda::AccessPointPolicy

AWS::S3ObjectLambda::AccessPoint

Use the AWS::S3ObjectLambda::AccessPoint resource to create a S3 Object Lambda access point.

AWS::S3ObjectLambda::AccessPointPolicy

Use the AWS::S3ObjectLambda::AccessPointPolicy resource to create a policy for your S3 Object Lambda access point.

March 18, 2021

New resources

The following resources were updated: AWS::ECS::Service

AWS::ECS::Service

Use the AWS::ECS::Service resource and the EnableExecuteCommand property to enable ECS Exec for the tasks in a service.

March 16, 2021

New resources

The following resources were updated: AWS::ECS::Cluster ExecuteCommandLogConfiguration

AWS::ECS::Cluster ExecuteCommandLogConfiguration

Use the AWS::ECS::Cluster ExecuteCommandLogConfiguration resource to define a logging configuration for the ECS Exec actions on the tasks in a cluster.

March 16, 2021

New resources

The following resources were updated: AWS::ECS::Cluster ExecuteCommandConfiguration

AWS::ECS::Cluster ExecuteCommandConfiguration

Use the AWS::ECS::Cluster ExecuteCommandConfiguration resource to enable ECS Exec for a cluster.

March 16, 2021

Updated resource

The following resource was updated: AWS::Detective::MemberInvitation

AWS::Detective::MemberInvitation

Use the DisableEmailNotification property to prevent the sending of invitation emails to member accounts.

The term "master account" is changed to "administrator account."

March 15, 2021

Updated resources

The following resources were updated: AWS::ECR::PublicRepository

AWS::ECR::PublicRepository

Use the AWS::ECR::PublicRepository.Tags property to add tags to your public repositories.

March 11, 2021

Updated resource

The following resource was updated: AWS::CertificateManager::Account

AWS::CertificateManager::Account

Use the ExpiryEventsConfiguration property to specify options for certificate expiration events associated with an AWS account.

March 11, 2021

Updated resource

The following resource was updated: AWS::EFS::FileSystem

AWS::EFS::FileSystem

Use the AvailabilityZoneName property to create a file system that uses EFS One Zone storage classes, which store data redundantly within a single Availability Zone within an AWS Region.

March 11, 2021

New resources

The following resources were added: AWS::CE::AnomalySubscription and AWS::CE::AnomalyMonitor.

AWS::CE::AnomalySubscription

Use the AWS::CE::AnomalySubscription resource to deliver notifications about anomalies detected by a monitor that exceeds a threshold.

AWS::CE::AnomalyMonitor

Use the AWS::CE::AnomalyMonitor resource to continuously inspect your account's cost data for anomalies, based on MonitorType and MonitorSpecification.

March 11, 2021

New resources

The following resources were updated: AWS::ECS::ClusterCapacityProviderAssociations

AWS::ECS::ClusterCapacityProviderAssociations

Use the AWS::ECS::ClusterCapacityProviderAssociations resource to associate capacity providers with a cluster.

March 11, 2021

New resource

The following resource was added: AWS::RDS::DBProxyEndpoint.

AWS::RDS::DBProxyEndpoint

Use the AWS::RDS::DBProxyEndpoint resource to create or update a custom DB proxy endpoint.

March 11, 2021

Updated resource

The following resource was updated: AWS::StepFunctions::StateMachine.

AWS::StepFunctions::StateMachine

The AWS::StepFunctions::StateMachine has a new Definition property that lets you define your state machine in the language of your template file.

March 10, 2021

Updated resource

The following resource was updated: AWS::AutoScaling::AutoScalingGroup.

AWS::AutoScaling::AutoScalingGroup MixedInstancesPolicy

Use the SpotAllocationStrategy property to specify capacity-optimized-prioritized as the allocation strategy for your Spot capacity when you use a mixed instances policy.

March 8, 2021

Updated resource

The following new resource was updated: AWS::SecretsManager::Secret

AWS::SecretsManager::Secret

Use the ReplicaRegions property to replicate secrets into additional Regions for resiliency and disaster recovery.

March 4, 2021

New resource

The following resource was added: AWS::Events::ApiDestination.

AWS::Events::ApiDestination

Use the ApiDestination resource to create an API destination. An API destination defines an HTTP invocation endpoint to use as the target of a rule.

March 4, 2021

New resource

The following resource was added: AWS::Events::Connection.

AWS::Events::Connection

Use the Connection resource to create a connection to use with Api destinations. A connection defines the authorization method and parameters to use to connect to the HTTP invocation endpoint for an Api destination.

March 4, 2021

New resource

The following resources were added: AWS::IoT::AccountAuditConfiguration,AWS::IoT::CustomMetric, AWS::IoT::Dimension, AWS::IoT::MitigationAction, AWS::IoT::ScheduledAudit, AWS::IoT::SecurityProfile.

AWS::IoT::AccountAuditConfiguration

Use the AWS::IoT::AccountAuditConfiguration resource to specify an account audit configuration in AWS IoT Core.

AWS::IoT::CustomMetric

Use the AWS::IoT::CustomMetric resource to specify a custom metric in AWS IoT Core.

AWS::IoT::Dimension

Use the AWS::IoT::Dimension resource to specify a dimension in AWS IoT Core.

AWS::IoT::MitigationAction

Use the AWS::IoT::MitigationAction resource to specify a mitigation action in AWS IoT Core.

AWS::IoT::ScheduledAudit

Use the AWS::IoT::ScheduledAudit resource to specify a Scheduled Audit in AWS IoT Core.

AWS::IoT::SecurityProfile

Use the AWS::IoT::SecurityProfile resource to specify a security profile in AWS IoT Core.

March 4, 2021

New resource

The following resources were added: AWS::S3Outposts::Bucket, AWS::S3Outposts::BucketPolicy, AWS::S3Outposts::AccessPoint, and AWS::S3Outposts::EndPoint

AWS::S3Outposts::Bucket

Use the AWS::S3Outposts::Bucket resource to create an S3 on Outposts bucket.

AWS::S3Outposts::BucketPolicy

Use the AWS::S3Outposts::BucketPolicy resource to create a bucket policy for your S3 on Outposts bucket.

AWS::S3Outposts::AccessPoint

Use the AWS::S3Outposts::AccessPoint resource to create an access point for your S3 on Outposts bucket.

AWS::S3Outposts::EndPoint

Use the AWS::S3Outposts::EndPoint resource to create an endpoint for Amazon S3 on AWS Outposts.

March 4, 2021

Updated resource

The following resources were updated: AWS::IoTSiteWise::AccessPolicy and AWS::IoTSiteWise::Portal.

AWS::IoTSiteWise::AccessPolicy

Added the following properties: IamRole and IamUser.

AWS::IoTSiteWise::Portal

Added the following property: PortalAuthMode.

March 2, 2021

Updated resource

The following resource was updated: AWS::IoTSiteWise::AssetModel.

AWS::IoTSiteWise::AssetModel

Added the following property: AssetModelCompositeModel.

You can use this property to define an alarm in AWS IoT SiteWise.

For more information, see Monitoring data with alarms in the AWS IoT SiteWise User Guide.

March 1, 2021

Updated resource

The following resource was updated: AWS::DataBrew::Dataset Format.

AWS::DataBrew::Dataset Format

Use the Format property to define the file format of a dataset.

February 25, 2021

Updated resource

The following resource was updated: AWS::ManagedBlockchain::Node

AWS::ManagedBlockchain::Node

Use the NodeConfiguration property to create a node on an Ethereum network.

February 25, 2021

Updated resource

The following resource was updated: AWS::SageMaker::Model

AWS::SageMaker::Model

Use the InferenceExecutionConfig property to specify details of how containers in a multi-container endpoint are called.

February 25, 2021

New resources

The following resource was added: AWS::EC2::TransitGatewayConnect.

AWS::EC2::TransitGatewayConnect

Use the TransitGatewayConnect resource to create a Connect attachment from a specified transit gateway attachment.

February 25, 2021

New resources

The following resources were added: AWS::EMR::Studio and AWS::EMR::StudioSessionMapping.

AWS::EMR::Studio

Use the AWS::EMR::Studio resource to create a new Amazon EMR Studio.

AWS::EMR::StudioSessionMapping

Use the AWS::EMR::StudioSessionMapping resource to assign a user or group to an Amazon EMR Studio, and apply an IAM session policy to refine Studio permissions for that user or group.

February 25, 2021

New resources

The following resources were added: AWS::SageMaker::Image, AWS::SageMaker::ImageVersion.

AWS::SageMaker::Image

Use the AWS::SageMaker::Image resource to create a new Image in Amazon SageMaker.

AWS::SageMaker::ImageVersion

Use the AWS::SageMaker::ImageVersion resource to create a new ImageVersion in Amazon SageMaker.

February 25, 2021

New resource

The following resource was added: AWS::EKS::Addon.

AWS::EKS::Addon

Use the AWS::EKS::Addon resource to create an Amazon EKS add-on.

February 25, 2021

New resource

The following resources were added: AWS::IAM::OIDCProvider, AWS::IAM::SAMLProvider, AWS::IAM::ServerCertificate, and AWS::IAM::VirtualMFADevice.

AWS::IAM::OIDCProvider

Use the AWS::IAM::OIDCProvider resource to create an IAM entity to describe an identity provider (IdP) that supports OpenID Connect (OIDC).

AWS::IAM::SAMLProvider

Use the AWS::IAM::SAMLProvider resource to create an IAM resource that describes an identity provider (IdP) that supports SAML 2.0.

AWS::IAM::ServerCertificate

Use the AWS::IAM::ServerCertificate resource to retrieve information about the specified server certificate stored in IAM.

AWS::IAM::VirtualMFADevice

Use the AWS::IAM::VirtualMFADevice resource to create a new virtual MFA device for the AWS account.

February 25, 2021

New attributes

The following parameters were added for 10DLC support: EntityId, TemplateId, OriginationNumber.

AWS::Pinpoint::Campaign CampaignSmsMessage

Specifies the content and settings for an SMS message that's sent to recipients of a campaign.

February 24, 2021

Updated resource

The following resource was updated: AWS::DynamoDB::Table

AWS::DynamoDB::Table

Use the ContributorInsightsSpecification property to enable or disable CloudWatch Contributor Insights on a table or global secondary index.

February 22, 2021

Updated resource

The following resource was updated: AWS::CodeCommit::Repository Code

AWS::CodeCommit::Repository Code

The behavior of the BranchName property on update has changed to be consistent with all other aspects of AWS:CodeCommit:Repository Code. All properties of AWS:CodeCommit:Repository Code are ignored on update, as they only apply to initial resource creation.

February 19, 2021

Updated resources

The following resources were updated: AWS::AppMesh::VirtualNode and AWS::AppMesh::VirtualGateway

AWS::AppMesh::VirtualNode

Use the ClientTlsCertificate property to represent the client's certificate.

Use the SubjectAlternativeNames property to represent the subject alternative names secured by the certificate.

Use the TlsValidationContextSdsTrust property to represent a Transport Layer Security (TLS) Secret Discovery Service validation context trust.

Use the ListenerTlsValidationContextTrust property to represent a listener's Transport Layer Security (TLS) validation context trust.

Use the SubjectAlternativeNameMatchers property to represent the methods by which a subject alternative name on a peer Transport Layer Security (TLS) certificate can be matched.

Use the ListenerTlsSdsCertificate property to represent the listener's Secret Discovery Service certificate.

Use the ListenerTlsValidationContext property to represent a listener's Transport Layer Security (TLS) validation context.

AWS::AppMesh::VirtualGateway

Use the VirtualGatewayListenerTlsValidationContextTrust property to specify validation context trust.

Use the VirtualGatewayTlsValidationContextSdsTrust property to represent a virtual gateway's listener's Transport Layer Security (TLS) Secret Discovery Service validation context trust.

Use the SubjectAlternativeNames property represents the subject alternative names secured by the certificate.

Use the VirtualGatewayListenerTlsSdsCertificate property to represent the virtual gateway's listener's Secret Discovery Service certificate.

Use the VirtualGatewayClientTlsCertificate property to represent the virtual gateway's client's Transport Layer Security (TLS) certificate.

Use the VirtualGatewayListenerTlsValidationContext property to represent a virtual gateway's listener's Transport Layer Security (TLS) validation context.

Use the SubjectAlternativeNameMatchers property to represent the methods by which a subject alternative name on a peer Transport Layer Security (TLS) certificate can be matched.

February 18, 2021

Updated resources

The following resource was updated: AWS::IoTWireless::ServiceProfile

AWS::IoTWireless::ServiceProfile

Use the attributes of LoRaWANGetServiceProfileInfo with LoRaWANServiceProfile instead as ReadOnly properties that you can return using Fn::GetAtt.

February 18, 2021

Updated resources

The following resources were updated: AWS::Kendra::DataSource, AWS::Kendra::Index.

AWS::Kendra::DataSource

Use the ConfluenceConfiguration property of the resource to specify configuration information for indexing a Confluence data source.

AWS::Kendra::DataSource

Use the GoogleDriveConfiguration property of the resource to specify configuration information for indexing a Google Drive data source.

AWS::Kendra::Index

Use the UserContextPolicy and UserTokenConfiguration properties of the resource to specify how Amazon Kendra uses user tokens for access to the index.

February 18, 2021

Updated resource

The following resource was updated: AWS::DataBrew::Job JobSample.

AWS::DataBrew::Job JobSample

Use the JobSample property to define the sample configuration for profile jobs.

February 18, 2021

Updated resource

The following resource was updated: AWS::FSx::FileSystem

AWS::FSx::FileSystem

In the WindowsConfiguration property type, use Aliases to specify one or more DNS alias names that you want to associate with the Amazon FSx file system.

February 18, 2021

Updated resource

The following resource was updated: AWS::IoTAnalytics::Dataset.

AWS::IoTAnalytics::Dataset

Added the following properties: LateDataRule and LateDataRuleConfiguration.

You can use these properties to specify a late data rule for your dataset. The late data rule enables AWS IoT Analytics to send notifications through Amazon CloudWatch when late data arrives.

For more information, see Getting late data notifications in the AWS IoT Analytics User Guide.

February 18, 2021

AWS CloudFormation StackSets now supports delegated administrator with AWS Organizations

In addition to the organization's management account, delegated administrator accounts can create and manage stack sets with service-managed permissions for their organization.

For more information, see Register a delegated administrator and Create a stack set with service-managed permissions.

February 18, 2021

New resources

The following resources were added: AWS::EC2::TransitGatewayMulticastDomain, AWS::EC2::TransitGatewayMulticastDomainAssociation, AWS::EC2::TransitGatewayMulticastGroupMembers and AWS::EC2::TransitGatewayMulticastGroupSource.

AWS::EC2::TransitGatewayMulticastDomain

Use the TransitGatewayMulticastDomain resource to create a transit gateway multicast domain.

AWS::EC2::TransitGatewayMulticastDomainAssociation

Use the TransitGatewayMulticastDomainAssociation resource to associate the specified subnets and transit gateway attachments with the specified transit gateway multicast domain.

AWS::EC2::TransitGatewayMulticastGroupMember

Use the TransitGatewayMulticastGroupMembers resource to register members (network interfaces) with the transit gateway multicast group.

AWS::EC2::TransitGatewayMulticastGroupSource

Use the TransitGatewayMulticastGroupSource resource to register sources (network interfaces) with the specified transit gateway multicast group.

February 12, 2021

Updated resources

The following resources were updated: AWS::IoTWireless::Destination, AWS::IoTWireless::DeviceProfile, AWS::IoTWireless::ServiceProfile, AWS::IoTWireless::WirelessDevice, and AWS::IoTWireless::WirelessGateway.

AWS::IoTWireless::Destination

Use the ExpressionType property of the resource to specify whether to use a new value MqttTopic or to use RuleName. In addition, the property descriptions now list any maximum values, minimum values, and patterns.

AWS::IoTWireless::DeviceProfile

Use the new LoRaWAN property which is a renaming of the LoRaWANDeviceProfile property. The property type has not changed from LoRaWANDeviceProfile. In addition, the property descriptions now list any maximum values, minimum values, and patterns.

AWS::IoTWireless::ServiceProfile

Use the new LoRaWAN property which is a renaming of the LoRaWANServiceProfile property. The property type has not changed from LoRaWANServiceProfile. In addition, the property descriptions now list any maximum values, minimum values, and patterns.

AWS::IoTWireless::WirelessDevice

Use the new LoRaWAN property which is a renaming of the LoRaWANDevice property. The property type has not changed from LoRaWANDevice. In addition, the property descriptions now list any maximum values, minimum values, and patterns.

AWS::IoTWireless::WirelessGateway

Use the new LoRaWAN property which is a renaming of the LoRaWANGateway property. The property type has not changed from LoRaWANGateway. In addition, the property descriptions now list any maximum values, minimum values, and patterns.

February 11, 2021

Updated resource

The following resource was updated: AWS::DMS::Endpoint.

AWS::DMS::Endpoint.MongoDbSettings

Added SecretsManager attributes to MongoDbSettings.

AWS::DMS::Endpoint.MySqlSettings

Added SecretsManager attributes to MySqlSettings.

AWS::DMS::Endpoint.RedshiftSettings

Added SecretsManager attributes to RedshiftSettings.

AWS::DMS::Endpoint.SybaseSettings

Added SecretsManager attributes to SybaseSettings.

AWS::DMS::Endpoint.PostgreSqlSettings

Added SecretsManager attributes to PostgreSqlSettings.

AWS::DMS::Endpoint.MicrosoftSqlServerSettings

Added SecretsManager attributes to MicorsoftSqlServerSettings.

AWS::DMS::Endpoint.IbmDb2Settings

Added SecretsManager attributes to IbmDb2Settings.

AWS::DMS::Endpoint.DocDbSettings

Added SecretsManager attributes to DocDbSettings.

AWS::DMS::Endpoint.OracleSettings

Added SecretsManager attributes to OracleSettings.

February 11, 2021

Updated resource

The following resource was updated: AWS::GroundStation::Config.

AWS::GroundStation::Config S3RecordingConfig CloudFormation property

The S3RecordingConfig property sets the information for a S3 recording config object.

February 11, 2021

New resources

The following resources were added: AWS::CloudFormation::ResourceDefaultVersion and AWS::CloudFormation::ResourceVersion.

AWS::CloudFormation::ResourceDefaultVersion

Use the AWS::CloudFormation::ResourceDefaultVersion resource to specify the default resource version to be used in CloudFormation operations.

AWS::CloudFormation::ResourceVersion

Use the AWS::CloudFormation::ResourceVersion resource to specify a resource version with the CloudFormation service, making it available for use in CloudFormation operations.

February 11, 2021

New resources

The following resources were added: AWS::SageMaker::App, AWS::SageMaker::AppImageConfig, AWS::SageMaker::Domain, AWS::SageMaker::UserProfile.

AWS::SageMaker::App

Use the AWS::SageMaker::App resource to create a running app for a user profile in SageMaker Studio.

AWS::SageMaker::AppImageConfig

Use the AWS::SageMaker::AppImageConfig resource to create a configuration for running a SageMaker image as a KernelGateway app in SageMaker Studio.

AWS::SageMaker::Domain

Use the AWS::SageMaker::Domain resource to create a domain used by SageMaker Studio.

AWS::SageMaker::UserProfile

Use the AWS::SageMaker::UserProfile resource to create a user profile used by SageMaker Studio.

February 11, 2021

New resources

The following resources were added: AWS::ServiceCatalog::ServiceAction and AWS::ServiceCatalog::ServiceActionAssociation.

AWS::ServiceCatalog::ServiceAction

Use this self-service action feature to create CloudFormation templates that create Service Actions.

AWS::ServiceCatalog::ServiceActionAssociation

Use this self-service action association feature to create AWS CloudFormation templates that create Service Actions.

February 11, 2021

AWS CloudFormation StackSets Region availability

AWS CloudFormation StackSets is now available in the Asia Pacific (Osaka) Region.

For more information, see Working with AWS CloudFormation StackSets.

February 10, 2021

Updated resource

The following resource was updated: AWS::IoTAnalytics::Datastore.

AWS::IoTAnalytics::Datastore

Added the following properties: Column, FileFormatConfiguration, JsonConfiguration, ParquetConfiguration, and SchemaDefinition.

You can use these properties to specify JSON or Parquet file format for your data store.

For more information, see File formats in the AWS IoT Analytics User Guide.

February 5, 2021

Updated resources

The following resources were updated: AWS::ECR::ReplicationConfiguration

AWS::ECR::ReplicationConfiguration

Use the ReplicationConfiguration property to create or update the replication configuration for a private repository.

February 4, 2021

Updated resources

The following resources were updated: AWS::IoTWireless::DeviceProfile, AWS::IoTWireless::ServiceProfile, AWS::IoTWireless::WirelessDevice, and AWS::IoTWireless::WirelessGateway.

AWS::IoTWireless::DeviceProfile

Use the DeviceProfile resource to specify a device profile for a wireless device to use.

AWS::IoTWireless::ServiceProfile

Use the ServiceProfile resource to specify a service profile for a wireless device to use.

AWS::IoTWireless::WirelessDevice

Use the WirelessDevice resource to specify a wireless device in an AWS IoT Core for LoRaWAN solution.

AWS::IoTWireless::WirelessGateway

Use the WirelessGateway resource to specify a wireless gateway in an AWS IoT Core for LoRaWAN solution.

February 4, 2021

Updated resources

The following resources were updated: AWS::Cassandra::Keyspace and AWS::Cassandra::Table.

AWS::Cassandra::Keyspace.Tags

Use the AWS::Cassandra::Keyspace.Tags property to add tags to new or existing keyspaces in Amazon Keyspaces (for Apache Cassandra).

AWS::Cassandra::Table.Tags

Use the AWS::Cassandra::Table.Tags property to create and add tags to new or existing tables in Amazon Keyspaces (for Apache Cassandra).

AWS::Cassandra::Table.PointInTimeRecoveryEnabled

Use the AWS::Cassandra::Table.PointInTimeRecoveryEnabled property to enable point-in-time recovery in Amazon Keyspaces (for Apache Cassandra).

February 4, 2021

Updated resource

The following resource was updated: AWS::DataBrew::Job.

AWS::DataBrew::Job

Use the CsvOutputOptions property to define how DataBrew will write a CSV file.

Use the OutputFormatOptions property to define the structure of CSV job output.

February 4, 2021

Updated resource

The following resource was updated: AWS::ElastiCache::GlobalReplicationGroup.

AWS::ElastiCache::GlobalReplicationGroup

Consists of a primary cluster that accepts writes and an associated secondary cluster that resides in a different Amazon region. The secondary cluster accepts only reads. The primary cluster automatically replicates updates to the secondary cluster.

February 4, 2021

New resource

Added the following resource: AWS::ImageBuilder::ContainerRecipe.

AWS::ImageBuilder::ContainerRecipe

Use the AWS::ImageBuilder::ContainerRecipe resource to create a container recipe in the Image Builder service.

February 4, 2021

Updated resource

The following resource was updated: AWS::ApiGatewayV2::Stage.

AWS::ApiGatewayV2::Stage

Added the attribute AccessPolicyId for internal use only.

January 28, 2021

New resource

The following resource was added: AWS::LookoutVision:Project.

AWS::LookoutVision:Project

Use the Project resource to create an Amazon Lookout for Vision project.

January 28, 2021

Updated resource

The following resource was updated: AWS::ACMPCA::Certificate.

AWS::ACMPCA::Certificate

Use the ApiPassthrough property to include parameters in certificates during issuance.

Use the ValidityNotBefore property to customize the start of certificate validity.

January 21, 2021

Updated resource

The following resource was updated: AWS::MediaConnect::FlowVpcInterface.

AWS::MediaConnect::FlowVpcInterface

Use the FlowArn property to specify the ARN of the flow.

Use the Name property to specify the name of the VPC Interface.

January 21, 2021

Updated resource

The following resources were updated: AWS::SageMaker::Device, AWS::SageMaker::DeviceFleet, and AWS::SageMaker::Model.

AWS::SageMaker::Device

Use the DeviceFleetName property to get the name of the fleet the device belongs to.

Use the Device property to make the edge device you want to create.

Use the Tags property to get the tags registered to a specific device.

Use the Device.Device property/resource to get information about a particular device.

Use the Device.Device.Description property/resource to get a description of the device.

Use the Device.Device.DeviceName property/resource to get the device name.

Use the Device.Device.IotThingName property/resource to get the IoT object name.

AWS::SageMaker::DeviceFleet

Use the DeviceFleet.Description property to get information about a fleet.

Use the OutputConfig property to get the output configuration for the fleet.

Use the RoleArn property to get the ARN of the IoT thing.

Use the Tags property to get the tags registered to a specific fleet.

Use the EdgeOutputConfig.KmsKeyId property/resource to set the KMS key ID.

Use the EdgeOutputConfig.S3OutputLocation property/resource to set the S3 bucket URI.

AWS::SageMaker::Model

Use the MultiModelConfiguration property to specify configuration details for a multi-model endpoint.

January 21, 2021

New resources

The following resource was added: AWS::SageMaker::Project.

AWS::SageMaker::Project

Use the AWS::SageMaker::Project resource to create a new project in Amazon SageMaker.

January 21, 2021

Updated resource

The following resource was updated with examples: AWS::S3::AccessPoint

Access Points

Use the AWS::S3::AccessPoint resource to specify an S3 access point.

January 20, 2021

Updated resource

The following resource was updated: AWS::MSK::Cluster

AWS::MSK::Cluster

You can now change the broker type for an existing cluster.

January 15, 2021

New resource

The AWS::EMRContainers::VirtualCluster resource was added.

AWS::EMRContainers::VirtualCluster

The AWS::EMRContainers::VirtualCluster resource specifies a virtual cluster.

January 14, 2021

New resource

The following resource was added: AWS::QuickSight::DataSet and AWS::QuickSight::DataSource.

AWS::QuickSight::DataSet

Use the AWS::QuickSight::DataSet resource to create a dataset in Amazon QuickSight.

AWS::QuickSight::DataSource

Use the AWS::QuickSight::DataSource resource to create a data source in Amazon QuickSight.

January 14, 2021

New resource

The following resource was added: AWS::QuickSight::Analysis, AWS::QuickSight::Dashboard, AWS::QuickSight::Template, and AWS::QuickSight::Theme.

AWS::QuickSight::Analysis

Use the AWS::QuickSight::Analysis resource to create an analysis in Amazon QuickSight.

AWS::QuickSight::Dashboard

Use the AWS::QuickSight::Dashboard resource to create a dashboard from a template in Amazon QuickSight.

AWS::QuickSight::Template

Use the AWS::QuickSight::Template resource to create a template from an existing Amazon QuickSight analysis or template.

AWS::QuickSight::Theme

Use the AWS::QuickSight::Theme resource to create a theme in Amazon QuickSight.

January 14, 2021

New resource

The following new resources were added: AWS::ServiceCatalogAppRegistry::Application, AWS::ServiceCatalogAppRegistry::AttributeGroup, AWS::ServiceCatalogAppRegistry::AttributeGroupAssociation, AWS::ServiceCatalogAppRegistry::ResourceAssociation

AWS::ServiceCatalogAppRegistry::Application

Use the AWS::ServiceCatalogAppRegistry::Application resource to represent a Service Catalog AppRegistry application at the top-level node in a hierarchy of related cloud resource abstractions.

AWS::ServiceCatalogAppRegistry::AttributeGroup

Use the AWS::ServiceCatalogAppRegistry::AttributeGroup resource to create a new attribute group as a container for user-defined attributes.

AWS::ServiceCatalogAppRegistry::AttributeGroupAssociation

Use the AWS::ServiceCatalogAppRegistry::AttributeGroupAssociation as the attribute group to associate ServiceCatalogAppRegistry.

AWS::ServiceCatalogAppRegistry::ResourceAssociation

Use the AWS::ServiceCatalogAppRegistry::ResourceAssociation as the resource association for ServiceCatalogAppRegistry.

January 14, 2021

Updates to resource

The following resource was updated: AWS::SSO::InstanceAccessControlAttributeConfiguration.

AWS::SSO::InstanceAccessControlAttributeConfiguration

Use the AWS::SSO::InstanceAccessControlAttributeConfiguration resource to configure attribute-based access control (ABAC) in AWS SSO.

January 7, 2021

Updated resources

The following resources were updated: AWS::IoTWireless::Destination, AWS::IoTWireless::DeviceProfile, AWS::IoTWireless::ServiceProfile, AWS::IoTWireless::WirelessDevice, and AWS::IoTWireless::WirelessGateway.

AWS::IoTWireless::Destination

Use the Destination resource to specify a destination for a wireless device to use.

AWS::IoTWireless::DeviceProfile

Use the DeviceProfile resource to specify a device profile for a wireless device to use.

AWS::IoTWireless::ServiceProfile

Use the ServiceProfile resource to specify a service profile for a wireless device to use.

AWS::IoTWireless::WirelessDevice

Use the WirelessDevice resource to specify a wireless device in an AWS IoT Core for LoRaWAN solution.

AWS::IoTWireless::WirelessGateway

Use the WirelessGateway resource to specify a wireless gateway in an AWS IoT Core for LoRaWAN solution.

January 7, 2021

Updated resource

The following resource was updated: AWS::ApiGatewayV2::Integration.

AWS::ApiGatewayV2::Integration

Use the AWS::ApiGatewayV2::Integration resource to configure request and response parameter mapping for an HTTP API.

January 7, 2021

Updated resource

The following resource was updated: AWS::EC2::LaunchTemplate

AWS::EC2::LaunchTemplate

Use the Throughput property to specify the throughput to provision for gp3 volumes.

January 7, 2021

Updated resource

The following resources were updated: AWS::FMS::Policy.

AWS::FMS::Policy

The AWS::FMS::Policy resource now allows you to manage AWS Network Firewall policies.

January 7, 2021

New resources

The following resources were added: AWS::MediaConnect::Flow, AWS::MediaConnect::FlowEntitlement, AWS::MediaConnect::FlowOutput, AWS::MediaConnect::FlowSource, and AWS::MediaConnect::FlowVpcInterface.

AWS::MediaConnect::Flow

Use the AWS::MediaConnect::Flow resource to create a connection between one or more video sources and one or more outputs.

AWS::MediaConnect::FlowEntitlement

Use the AWS::MediaConnect::FlowEntitlement resource to grant permission to another AWS account to allow access to the content in a specific AWS Elemental MediaConnect flow.

AWS::MediaConnect::FlowOutput

Use the AWS::MediaConnect::FlowOutput resource to define the destination address, protocol, and port that you want MediaConnect to send the ingested video to.

AWS::MediaConnect::FlowSource

Use the AWS::MediaConnect::FlowSource resource to define where the external video content comes from.

AWS::MediaConnect::FlowVpcInterface

Use the AWS::MediaConnect::FlowVpcInterface resource to create a connection between your MediaConnect flow and a virtual private cloud (VPC) that you created using the Amazon Virtual Private Cloud service.

January 7, 2021

New resources

The following resources were added: AWS::Route53::DNSSEC and AWS::Route53::KeySigningKey.

AWS::Route53::DNSSEC

Use the AWS::Route53::DNSSEC resource to enable DNSSEC signing for a hosted zone.

AWS::Route53::KeySigningKey

Use the AWS::Route53::KeySigningKey resource to specify configuration settings for a key-signing key (KSK) that's associated with a hosted zone.

January 7, 2021

New resource

The following resource was added: AWS::Route53Resolver::ResolverDNSSECConfig.

AWS::Route53Resolver::ResolverDNSSECConfig

Use the AWS::Route53Resolver::ResolverDNSSECConfig resource to specify configuration for DNSSEC validation.

January 7, 2021

New Resources

The following resources were added: AWS::DataSync::Agent, AWS::DataSync::LocationEFS, AWS::DataSync::LocationFSxWindows, AWS::DataSync::LocationNFS, AWS::DataSync::LocationObjectStorage, AWS::DataSync::LocationS3, AWS::DataSync::LocationSMB, and AWS::DataSync::Task.

AWS::DataSync::Agent

Use the AWS::DataSync::Agent resource to specify an AWS DataSync agent.

AWS::DataSync::LocationEFS

Use the AWS::DataSync::LocationEFS resource to specify an Amazon EFS location.

AWS::DataSync::LocationFSxWindows

Use the AWS::DataSync::LocationFSxWindows resource to specify an Amazon FSx for Windows file system.

AWS::DataSync::LocationNFS

Use the AWS::DataSync::LocationNFS resource to specify a file system on a Network File System (NFS) server.

AWS::DataSync::LocationObjectStorage

Use the AWS::DataSync::LocationObjectStorage resource to specify an endpoint for a self-managed object storage bucket.

AWS::DataSync::LocationS3

Use the AWS::DataSync::LocationS3 resource to specify an endpoint for an Amazon S3 bucket.

AWS::DataSync::LocationSMB

Use the AWS::DataSync::LocationSMB resource to specify an SMB location.

AWS::DataSync::Task

Use the AWS::DataSync::Task resource to specify a task.

January 7, 2021

Updated resource

The following resource was updated: AWS::Glue::Table

AWS::Glue::Table

Use the SchemaReference property to specify an object that references a schema stored in the AWS Glue Schema Registry.

Use the TableInput.TargetTable property to specify a TableIdentifier structure that describes a target table for resource linking.

Use the Table.TableIdentifier property to specify a target table for resource linking.

December 22, 2020

Updated resource

The following resource was updated: AWS::Glue::Partition

AWS::Glue::Partition

Use the SchemaReference property to specify an object that references a schema stored in the AWS Glue Schema Registry.

December 22, 2020

Updated resource

The following resource was updated: AWS::Glue::Database

AWS::Glue::Database

Use the DatabaseInput.TargetDatabase property to specify a TableIdentifier structure that describes a target table for resource linking.

Use the Database.DatabaseIdentifier property to specify a target database for resource linking.

December 22, 2020

Updated resource

The following resource was updated: AWS::Glue::MLTransform

AWS::Glue::MLTransform

Use the TransformEncryption property to specify the encryption-at-rest settings of the transform that apply to accessing user data.

Use the MLUserDataEncryption property to specify the encryption mode and customer-provided KMS key ID.

December 22, 2020

New resource

The following resource was added: AWS::MWAA::Environment

AWS::MWAA::Environment

Use the AWS::MWAA::Environment resource to create an Amazon Managed Workflows for Apache Airflow (MWAA) environment.

December 21, 2020

Updated resources

The following resources were updated: AWS::EC2::Instance, AWS::EC2::SpotFleet, AWS::EC2::Volume.

AWS::EC2::Instance

Use the EnclaveOptions property to indicate whether the instance is enabled for AWS Nitro Enclaves.

AWS::EC2::SpotFleet SpotCapacityRebalance

Use the SpotCapacityRebalance property when Amazon EC2 emits a signal that your Spot Instance is at an elevated risk of being interrupted.

AWS::EC2::SpotFleet SpotMaintenanceStrategies

Use the SpotMaintenanceStrategies property to manage your Spot Instances that are at an elevated risk of being interrupted. .

AWS::EC2::Volume

Use the Throughput property to specify the throughput that the volume supports, in MiB/s.

December 18, 2020

Updated resources

The following resources were updated: AWS::ECS::Service

AWS::ECS::Service

Use the DeploymentCircuitBreaker property to enable the deployment circuit breaker for a service.

December 18, 2020

Updated resources

The following resources were updated: AWS::ElastiCache::User AWS::ElastiCache::UserGroup and AWS::ElastiCache::ReplicationGroup.

AWS::ElastiCache::User

For Redis engine version 6.x onwards: Creates a Redis user. For more information, see Using Role Based Access Control (RBAC)

AWS::ElastiCache::UserGroup

For Redis engine version 6.x onwards: Creates a Redis user group. For more information, see Using Role Based Access Control (RBAC)

AWS::ElastiCache::ReplicationGroup

Use the UserGroupIds property to associate a list of user groups with the replication group.

December 18, 2020

Updated resource

The following resource was updated: AWS::Batch::JobDefinition

AWS::Batch::JobDefinition

Use the PlatformCapabilities property to specify whether the job requires EC2 or FARGATE resources.

Use the PropagateTags property to specify whether to propagate tags from the job definition to the corresponding Amazon ECS task.

In the ContainerProperties property type:

  • Use the FargatePlatformConfiguration property to specify the Fargate platform version to use for jobs running on Fargate resources.

  • Use the NetworkConfiguration property to specify the network configuration for jobs running on Fargate resources.

AWS::Batch::JobDefinition

In the ContainerProperties property type, use the FargatePlatformConfiguration property to define the version of the Fargate platform used for the job.

December 18, 2020

Updated resource

The following resource was updated: AWS::FSx::FileSystem

AWS::FSx::FileSystem

The StorageCapacity property was updated to "Required": conditional.

In the WindowsConfiguration property type, the ThroughputCapacity property was updated to "Required": true.

December 18, 2020

Updated resource

The following resources were updated: AWS::S3::Bucket

SourceSelectionCriteria

Use the ReplicaModifications property in AWS::S3::Bucket SourceSelectionCriteria to filter modifications on replicas.

Amazon S3 Bucket Keys

Use the BucketKeyEnabled property to specify an S3 Bucket Key with default encryption using AWS Key Management Service.

December 18, 2020

New resources

The following resources were added: AWS::CloudFormation::ModuleDefaultVersion and AWS::CloudFormation::ModuleVersion.

AWS::CloudFormation::ModuleDefaultVersion

Use the AWS::CloudFormation::ModuleDefaultVersion resource to specify the default version of a module, which will be used in CloudFormation operations for this account and Region.

AWS::CloudFormation::ModuleVersion

Use the AWS::CloudFormation::ModuleVersion resource to register the specified version of the module with the CloudFormation service, making it available for use in CloudFormation templates in this account and Region.

December 18, 2020

New resources

The following resources were added: AWS::DevOpsGuru::NotificationChannel, AWS::DevOpsGuru::ResourceCollection

AWS::DevOpsGuru::NotificationChannel

Use the AWS::DevOpsGuru::NotificationChannel resource to add a notification channel to Amazon DevOps Guru. The notification channel is used to notify you about important events. For example, the creation of an insight or a change in an insight's severity.

AWS::DevOpsGuru::ResourceCollection

Use the AWS::DevOpsGuru::ResourceCollection resource to specify a collection of resources in your account that you want Amazon DevOps Guru to analyze. The specified resources are analyzed to generate insights that contain recommendations, related metrics, and operational data to help you improve the performance of your operational solutions.

December 18, 2020

New resources

The following resources were added: AWS::EC2::NetworkInsightsPath and AWS::EC2::NetworkInsightsAnalysis.

AWS::EC2::NetworkInsightsPath

Use the NetworkInsightsPath property to specify a path to analyze for reachability.

AWS::EC2::NetworkInsightsAnalysis

Use the NetworkInsightsAnalysis property to specify a network insights analysis.

December 18, 2020

New resources

The following resources were added: AWS::ECR::PublicRepository

AWS::ECR::PublicRepository

Use the PublicRepository property to create or update a public repository.

December 18, 2020

New resources

The following resources were added: AWS::LicenseManager::Grant and AWS::LicenseManager::License.

AWS::LicenseManager::Grant

Use the AWS::LicenseManager::Grant resource to specify a grant in the AWS License Manager service.

AWS::LicenseManager::License

Use the AWS::LicenseManager::License resource to specify a granted license in the AWS License Manager service.

December 18, 2020

New resources

The following resources were added: AWS::SageMaker::DataQualityJobDefinition, AWS::SageMaker::Device, AWS::SageMaker::DeviceFleet, AWS::SageMaker::ModelBiasJobDefinition, AWS::SageMaker::ModelExplainabilityJobDefinition, AWS::SageMaker::ModelQualityJobDefinition, AWS::SageMaker::ModelPackageGroup, and AWS::SageMaker::Pipeline.

AWS::SageMaker::DataQualityJobDefinition

Use the AWS::SageMaker::DataQualityJobDefinition resource to create a monitoring job that monitors drift in data quality.

AWS::SageMaker::Device

Use the AWS::SageMaker::Device resource to register your Devices against an existing SageMaker Edge Manager DeviceFleet. Each device must be listed individually in the CFN specification.

AWS::SageMaker::DeviceFleet

Use the AWS::SageMaker::DeviceFleet resource to create a DeviceFleet that manages your SageMaker Edge Manager Devices. You must register your devices against the DeviceFleet separately.

AWS::SageMaker::ModelBiasJobDefinition

Use the AWS::SageMaker::ModelBiasJobDefinition resource to create a monitoring job that monitors potential bias in your model.

AWS::SageMaker::ModelExplainabilityJobDefinition

Use the AWS::SageMaker::ModelExplainabilityJobDefinition resource to create a monitoring job that monitors feature attribution drift in your model.

AWS::SageMaker::ModelQualityJobDefinition

Use the AWS::SageMaker::ModelQualityJobDefinition resource to create a monitoring job that monitors quality drift in your model.

AWS::SageMaker::ModelPackageGroup

Use the AWS::SageMaker::ModelPackageGroup resource to create a group of related models.

AWS::SageMaker::Pipeline

Use the AWS::SageMaker::Pipeline resource to specify shell scripts that run when you create and/or start a SageMaker Pipeline. For information about SageMaker Pipelines, see SageMaker Pipelines in the Amazon SageMaker Developer Guide.

December 18, 2020

New resource

The following resource was added: AWS::AuditManager::Assessment

AWS::AuditManager::Assessment

Use the AWS::AuditManager::Assessment resource to specify a new assessment in AWS Audit Manager.

December 18, 2020

New resource

The following resources were added: AWS::GreengrassV2::ComponentVersion.

AWS::GreengrassV2::ComponentVersion

Use the AWS::GreengrassV2::ComponentVersion resource to create a new component version in AWS IoT Greengrass.

December 18, 2020

New resource

The following resources were added: AWS::IoTSitewise::AccessPolicy, AWS::IoTSiteWise::Dasboard, AWS::IoTSiteWise::Portal, and AWS::IoTSiteWise::Project.

AWS::IoTSiteWise::AccessPolicy

Use the AWS::IoTSiteWise::AccessPolicy resource to create a new access policy in AWS IoT SiteWise.

AWS::IoTSiteWise::Dasboard

Use the AWS::IoTSiteWise::Dasboard resource to create a new dashboard in AWS IoT SiteWise.

AWS::IoTSiteWise::Portal

Use the AWS::IoTSiteWise::Portal resource to create a new portal in AWS IoT SiteWise.

AWS::IoTSiteWise::Project

Use the AWS::IoTSiteWise::Project resource to create a new project in AWS IoT SiteWise.

December 18, 2020

New resource

The following resources were updated: AWS::Lambda::CreateEventSourceMapping and AWS::Lambda::Function.

AWS::Lambda::EventSourceMapping

Use the TumblingWindowInSeconds property to set the window size for SQS event sources.

Lambda now supports a Self-Managed Apache Kafka cluster as an event source.

AWS::Lambda::Function

Lambda now supports functions deployed as container images. Use the ImageUri property to specify the container image location.

In the Code property type, new property ImageUri specifies the image to associate with your Lambda function.

December 18, 2020

New resource

The following resource was added: AWS::SSO::InstanceAccessControlAttributeConfiguration.

AWS::SSO::InstanceAccessControlAttributeConfiguration

Use the AWS::SSO::InstanceAccessControlAttributeConfiguration resource to configure attribute-based access control (ABAC) in AWS SSO.

December 18, 2020

Updated resource

The following resource was updated to support specifying a capacity type for a node group: AWS::EKS::Nodegroup.

AWS::EKS::Nodegroup

Use the CapacityType property to specify whether you want to use Spot or On-Demand instance types for your node group.

December 17, 2020

Updated resource

The following resource was updated: AWS::GameLift::MatchmakingConfiguration.

AWS::GameLift::MatchmakingConfiguration

Use the FlexMatchMode property to specify that the matchmaker is for a standalone FlexMatch solution or for matchmaking with GameLift managed hosting.

November 24, 2020

Updated resource

The following resource was updated: AWS::Lambda::CreateEventSourceMapping.

AWS::Lambda::EventSourceMapping.BatchSize

The BatchSize has been increased for standard SQS queues, and allows for the use of a MaximumBatchingWindowInSeconds.

November 24, 2020

Modules

Modules are a way for you to package resource configurations for inclusion across stack templates, in a transparent, manageable, and repeatable way. Modules can encapsulate common service configurations and best practices as modular, customizable building blocks for you to include in your stack templates.

For more information, see Using modules to encapsulate and reuse resource configurations.

November 24, 2020

New resource

The following resource was added: AWS::Lambda::CodeSigningConfig.

AWS::Lambda::CodeSigningConfig

Use the CodeSigningConfig resource to specify code-signing capability to your Lambda functions.

November 23, 2020

Updated resource

The following resource was updated: AWS::CloudFront::Distribution.

AWS::CloudFront::Distribution

In the CacheBehavior and DefaultCacheBehavior property types, use the TrustedKeyGroups property to specify a list of the key groups that CloudFront can use to verify signed URLs or signed cookies.

For more information, see Serving private content in the Amazon CloudFront Developer Guide.

November 19, 2020

Updated resource

The following resources were updated: AWS::EC2::LaunchTemplate and AWS::EC2::ClientVpnEndpoint.

AWS::EC2::ClientVpnEndpoint

Use the ClientConnectOptions property to indicate whether client connect options are used for Client VPN.

AWS::EC2::LaunchTemplate

Use the AssociateCarrierIpAddress property to indicates whether to associate a Carrier IP address with eth0 for a new network interface.

AWS::EC2::LaunchTemplate

Use the EnclaveOptions property to indicate whether the instance is enabled for AWS Nitro Enclaves.

AWS::EC2::LaunchTemplate

Use the NetworkCardIndex property to specify the network card index.

November 19, 2020

Updated resource

The following resource was updated: AWS::Events::EventBusPolicy.

AWS::Events::EventBusPolicy

Added the Statement property. Use the Statement property to add a statement to the policy attached to an event bus.

November 19, 2020

Updated resource

The following resource was updated: AWS::KMS::Key.

AWS::KMS::Key

Added support for asymmetric KMS keys, including the KeySpec property and the SIGN_VERIFY value for the KeyUsage property.

November 19, 2020

New resources

The following resources were added: AWS::CloudFront::KeyGroup and AWS::CloudFront::PublicKey.

AWS::CloudFront::KeyGroup

Use the AWS::CloudFront::KeyGroup resource to create a key group in Amazon CloudFront to use with CloudFront signed URLs and signed cookies.

For more information, see Serving private content in the Amazon CloudFront Developer Guide.

AWS::CloudFront::PublicKey

Use the AWS::CloudFront::PublicKey resource to create a public key in Amazon CloudFront to use with CloudFront signed URLs and signed cookies, or with field-level encryption.

For more information, see Serving private content or Using field-level encryption to help protect sensitive data in the Amazon CloudFront Developer Guide.

November 19, 2020

New resource

The following resource was added: AWS::Glue::Registry

AWS::Glue::Registry

Use the AWS::Glue::Registry resource to manage registries in the AWS Glue Schema Registry.

November 19, 2020

New resource

The following resource was added: AWS::Glue::Schema

AWS::Glue::Schema

Use the AWS::Glue::Schema resource to manage schemas in the AWS Glue Schema Registry.

November 19, 2020

New resource

The following resource was added: AWS::Glue::SchemaVersion

AWS::Glue::SchemaVersion

Use the AWS::Glue::SchemaVersion resource to manage schema versions in the AWS Glue Schema Registry.

November 19, 2020

New resource

The following resource was added: AWS::Glue::SchemaVersionMetadata

AWS::Glue::SchemaVersionMetadata

Use the AWS::Glue::SchemaVersionMetadata resource to manage schema version metadata in the AWS Glue Schema Registry.

November 19, 2020

New resource

The following resource is new: AWS::IoT::TopicRuleDestination

AWS::IoT::TopicRuleDestination

Use the AWS::IoT::TopicRuleDestination to specify a topic rule destination.

November 19, 2020

New resource

The following resources were added: AWS::NetworkFirewall::Firewall, AWS::NetworkFirewall::FirewallPolicy, AWS::NetworkFirewall::LoggingConfiguration, and AWS::NetworkFirewall::RuleGroup

AWS::NetworkFirewall::Firewall

Use the AWS::NetworkFirewall::Firewall resource to specify stateful, managed, network firewall and intrusion detection and prevention for your VPCs in Amazon VPC.

AWS::NetworkFirewall::FirewallPolicy

Use the AWS::NetworkFirewall::FirewallPolicy resource to specify the stateless and stateful network traffic filtering behavior for your AWS::NetworkFirewall::Firewall.

AWS::NetworkFirewall::LoggingConfiguration

Use the AWS::NetworkFirewall::LoggingConfiguration resource to specify the destinations and logging options for an AWS::NetworkFirewall::Firewall.

AWS::NetworkFirewall::RuleGroup

Use the AWS::NetworkFirewall::RuleGroup resource to specify a reusable collection of stateless or stateful network traffic filtering rules for use in your AWS::NetworkFirewall::FirewallPolicy.

November 19, 2020

New resource

The following resource was added: AWS::S3::StorageLens

S3 Storage Lens

Use the AWS::S3::StorageLens resource to create a S3 Storage Lens configuration in the Amazon Simple Storage Service.

November 19, 2020

Change sets for nested stacks

With change sets for nested stacks you can preview the changes to your application and infrastructure resources across the entire nested stack hierarchy and proceed with updates when you've confirmed that all the changes are as intended.

For more information, see Change sets for nested stacks.

November 18, 2020

Updated resources

The following resources were updated: AWS::AppMesh::VirtualNode and AWS::AppMesh::VirtualGateway

AWS::AppMesh::VirtualNode

Use the ConnectionPool property to specify the type of connection pool for the listener.

Use the VirtualNodeHttp2ConnectionPool property to specify an http2 type of connection pool.

Use the VirtualNodeGrpcConnectionPool property to specify a grpc type of connection pool.

Use the VirtualNodeConnectionPool property to specify the type of virtual node connection pool.

Use the VirtualNodeHttpConnectionPool property to specify an http type of connection pool.

Use the OutlierDetection property to specify the type of outlier detection for the listener.

Use the VirtualNodeTcpConnectionPool property to specify an http2 type of connection pool.

AWS::AppMesh::VirtualGateway

Use the ConnectionPool property to specify the type of connection pool for the listener.

Use the VirtualGatewayHttpConnectionPool property to specify an http type of connection pool.

Use the VirtualGatewayHttp2ConnectionPool property to specify an http2 type of connection pool.

Use the VirtualGatewayConnectionPool property to specify the type of virtual gateway connection pool.

Use the VirtualGatewayGrpcConnectionPool property to specify a grpc type of connection pool.

November 12, 2020

Updated resource

The following resources were updated: AWS::EC2::Route and AWS::EC2::VPCEndpointService.

AWS::EC2::Route

Use the VpcEndpointId property to create a route to a Gateway Load Balancer endpoint.

AWS::EC2::VPCEndpointService

Use the GatewayLoadBalancerArns property to specify a Gateway Load Balancer for your VPC endpoint service.

November 12, 2020

Updated resource

The following resource was updated: AWS::Kendra::DataSource.

AWS::Kendra::DataSource

Use the new CUSTOM value to specify the custom data sources.

November 12, 2020

New resources: AWS Glue DataBrew

This is the first release of AWS Glue DataBrew.

November 12, 2020

Updated resource

The following resources were updated: AWS::S3::Bucket

IntelligentTieringConfiguration

Use the IntelligentTieringConfiguration property to specify an S3 Intelligent-Tiering configuration.

OwnershipControls

Use the OwnershipControls property to specify object ownership on a bucket.

November 9, 2020

Updated resources

The following resources were updated: AWS::CodeArtifact::Domain and AWS::CodeArtifact::Repository.

AWS::CodeArtifact::Domain

The AWS::CodeArtifact::Domain resource now supports tags.

AWS::CodeArtifact::Repository

The AWS::CodeArtifact::Repository resource now supports tags.

November 5, 2020

Updated resource

The following resource was updated: AWS::Batch::JobDefinition

AWS::Batch::JobDefinition

In the RetryStrategy property type, use the EvaluateOnExit property to specify a set of conditions to be met, and an action to take (RETRY or EXIT) if all conditions are met.

November 5, 2020

Updated resource

The following resource was updated: AWS::EC2::Route.

AWS::EC2::Route

Use the CarrierGatewayId property to create a route to a carrier gateway.

November 5, 2020

Updated resource

The following resource was updated: AWS::AutoScaling::AutoScalingGroup.

CapacityRebalance

Use the CapacityRebalance property to indicate whether Capacity Rebalancing is enabled.

November 5, 2020

Updated resource

The following resource was updated: AWS::Lambda::EventSourceMapping.

AWS::Lambda::EventSourceMapping

Use the Queues property to specify the Amazon MQ queue to stream to a Lambda function. Use the Source access configuration property to specify the Secrets Manager secret that stores your MQ broker credentials.

November 5, 2020

New resource

The following new resource was added: AWS::Events::Archive.

AWS::Events::Archive

Use the Archive resource to create an EventBridge archive to store events in.

November 5, 2020

New resource

The following resource was added: AWS::IoT::DomainConfiguration.

AWS::IoT::DomainConfiguration

Use the AWS::IoT::DomainConfiguration resource to specify a domain configuration in AWS IoT Core.

November 5, 2020

New resource

The following resource was added: AWS::RDS::GlobalCluster.

AWS::RDS::GlobalCluster

Use the AWS::RDS::GlobalCluster resource to create or update an Aurora global database cluster.

November 5, 2020

Updated resource

The following resources were updated: AWS::AmazonMQ::Broker, AWS::AmazonMQ::Configuration, AWS::AmazonMQ::ConfigurationAssociation

AWS::AmazonMQ::Broker

Amazon MQ now supports RabbitMQ broker engine.

November 4, 2020

Updated resource

The following resource was updated: AWS::GlobalAccelerator::EndpointGroup.

AWS::GlobalAccelerator::EndpointGroup

Use the PortOverride property to override the listener port used for routing traffic to endpoints.

October 29, 2020

New resources

The following resources were added: AWS::IVS::Channel, AWS::IVS::StreamKey, and AWS::IVS::PlaybackKeyPair

AWS::IVS::Channel

Use the AWS::IVS::Channel resource to specify an Amazon IVS Channel, which stores configuration information related to your live stream.

AWS::IVS::StreamKey

Use the AWS::IVS::StreamKey resource to specify an Amazon IVS Stream Key, which creates a stream key for the specified IVS Channel. Use a stream key to initiate a live stream.

AWS::IVS::PlaybackKeyPair

Use the AWS::IVS::PlaybackKeyPair resource to specify an Amazon IVS PlaybackKeyPair, which is used to sign and validate a playback authorization token for a private channel.

October 29, 2020

New resource

The following resources were added: AWS::IoTSitewise::Asset, AWS::IoTSiteWise::AssetModel, and AWS::IoTSiteWise::Gateway.

AWS::IoTSiteWise::Asset

Use the AWS::IoTSiteWise::Asset resource to create a new asset in AWS IoT SiteWise.

AWS::IoTSiteWise::AssetModel

Use the AWS::IoTSiteWise::AssetModel resource to create a new asset model in AWS IoT SiteWise.

AWS::IoTSiteWise::Gateway

Use the AWS::IoTSiteWise::Gateway resource to create a new gateway in AWS IoT SiteWise.

October 28, 2020

Updated resource

The following resource was updated: AWS::AutoScaling::AutoScalingGroup.

AWS::AutoScaling::AutoScalingGroup

Use the NewInstancesProtectedFromScaleIn property to specify whether newly launched instances are protected from termination by Amazon EC2 Auto Scaling when scaling in.

October 26, 2020

Updated resources

The following resources were updated: AWS::AppStream::Fleet and AWS::AppStream::ImageBuilder

AWS::AppStream::Fleet

Use the IAMRoleArn property to specify an ARN for the IAM role to apply to the fleet.

Use the StreamView property to specify the AppStream 2.0 view that is displayed to your users when they stream from the fleet.

AWS::AppStream::ImageBuilder

Use the IAMRoleArn property to specify an ARN for the IAM role to apply to the image builder.

October 22, 2020

Updated resources

The following resources were updated: AWS::Batch::ComputeEnvironment, AWS::Batch::JobDefinition, and AWS::Batch::JobQueue.

AWS::Batch::ComputeEnvironment

Use the Tags property to specify tags for the compute environment.

AWS::Batch::JobDefinition

Use the Tags property to specify tags for the job definition.

AWS::Batch::JobQueue

Use the Tags property to specify tags for the job queue.

October 22, 2020

Updated resource

The following resource was updated: AWS::AppSync::ApiKey.

AWS::AppSync::ApiKey

Use the ApiKeyId property to specify the API key ID.

October 22, 2020

Updated resource

The following resource was updated: AWS::CloudFront::Distribution.

AWS::CloudFront::Distribution

In the Origin property type, use the OriginShield property to enable CloudFront Origin Shield.

For more information, see Using Origin Shield in the Amazon CloudFront Developer Guide.

October 22, 2020

Updated resource

The following resource was updated: AWS::EMR::Cluster.

AWS::EMR::Cluster

Use the LogEncryptionKmsKeyId property to specify the AWS KMS key used for encrypting log files.

Use the ManagedScalingPolicy property to create a managed scaling policy for an Amazon EMR cluster.

Use the StepConcurrencyLevel property to specify the number of steps that can be executed concurrently.

October 22, 2020

Updated resource

The following resource was updated: AWS::Events::Rule.

AWS::Events::Rule

Added AWS::Events::Rule DeadLetterConfig

Added AWS::Events::Rule RetryPolicy

AWS::Events::Rule Target

Added the DeadLetterConfig property of the Target property type.

Added the RetryPolicy property of the Target property type.

October 22, 2020

Updated resource

Added a new property, FileFormat, to the FAQ resource. For more information, see https://docs.aws.amazon.com/kendra/latest/dg/in-creating-faq.html

October 22, 2020

Updated resource

The following resource was updated: AWS::KinesisFirehose::DeliveryStream

AWS::KinesisFirehose::DeliveryStream

DeliveryStreamEncryptionConfigurationInput property type is now supported for the delivery streams in CloudFormation.

October 22, 2020

Updated resource

The following resource was updated: AWS::Elasticsearch::Domain.

AWS::Elasticsearch::Domain

In the ElasticsearchClusterConfig property type:

  • Use the WarmCount property to specify the number of warm nodes in the cluster.

  • Use the WarmEnabled property to specify whether to enable warm storage for the cluster.

  • Use the WarmType property to specify the instance type for the cluster's warm nodes.

October 22, 2020

Updated resource

The following resource was updated: AWS::SNS::Topic.

AWS::SNS::Topic

Use the ContentBasedDeduplication property to enable content-based deduplication for FIFO topics.

Use the FifoTopic property to create a FIFO topic.

October 22, 2020

New resources

The following resources were added: AWS::MediaPackage::Asset, AWS::MediaPackage::Channel, , AWS::MediaPackage::OriginEndpoint, AWS::MediaPackage::PackagingConfiguration, and AWS::MediaPackage::PackagingGroup.

AWS::MediaPackage::Asset.

Use the AWS::MediaPackage::Asset to specify an asset to ingest VOD content.

AWS::MediaPackage::Channel.

Use the AWS::MediaPackage::Channel to specify a channel to receive content.

AWS::MediaPackage::OriginEndpoint.

Use the AWS::MediaPackage::OriginEndpoint to specify an endpoint on an AWS Elemental MediaPackage channel.

AWS::MediaPackage::PackagingConfiguration.

Use the AWS::MediaPackage::PackagingConfiguration to specify a packaging configuration in a packaging group.

AWS::MediaPackage::PackagingGroup.

Use the AWS::MediaPackage::PackagingGroup to specify a packaging group.

October 22, 2020

New resource

The following updated resource was added: BlockPublicPolicy

AWS::SecretsManager::Resource Policies.BlockPublicPolicy

Use the BlockPublicPolicy when adding resource policies to Secrets Manager.

October 22, 2020

Increased quotas

The following AWS CloudFormation quotas have been updated.

  • You can now declare a maximum of 200 mappings in your AWS CloudFormation template.

  • You can now declare a maximum of 200 mapping attributes for each mapping in your AWS CloudFormation template.

  • You can now declare a maximum of 200 outputs in your AWS CloudFormation template.

  • You can now declare a maximum of 200 parameters in your AWS CloudFormation template.

  • You can now declare a maximum of 500 resources in your AWS CloudFormation template.

  • You can now pass a template body with a maximum size of 1 MB in an Amazon S3 object.

October 22, 2020

Updated resource

The following resource was updated: AWS::AmazonMQ::Broker.

AWS::AmazonMQ::Broker

Use the LdapServerMetadata property to to authenticate and authorize connections to a broker.

October 9, 2020

New resources

The following resources were added: AWS::CodeArtifact::Domain and AWS::CodeArtifact::Repository.

AWS::CodeArtifact::Domain

Use the AWS::CodeArtifact::Domain resource to create an AWS CodeArtifact domain.

AWS::CodeArtifact::Repository

Use the AWS::CodeArtifact::Repository resource to create an AWS CodeArtifact repository.

October 8, 2020

Updated resources

The following resources were updated: AWS::ECS::Service

AWS::ECS::Service

Use the CapacityProviderStrategy property to specify a custom capacity provider strategy when creating a service.

October 1, 2020

Updated resource

The following resource was updated: AWS::Batch::JobDefinition.

These property types were added.

LogConfiguration

Use the LogConfiguration property type to specify the log configuration options to send to a custom log driver for the container.

Secrets

Use the Secrets property type to specify a secret to expose to the container.

Tmpfs

Use the Tmpfs property type to specify the details of a tmpfs mount.

These property types were updated.

ContainerProperties

These properties were added.

ExecutionRoleArn

Specifies the execution role to be assumed for the job.

LogConfiguration

Specifies the log configuration for a custom log driver for the job.

Secrets

Specifies the secrets provided for the job.

LinuxParameters

These properties were added.

InitProcessEnabled

Indicates that an init process should be enabled inside the container that forwards signals and reaps processes.

MaxSwap

Specifies the total amount of swap memory (in MiB) a job can use.

SharedMemorySize

Specifies the size (in MiB) of the /dev/shm volume.

Swappiness

Specifies the job container's memory swappiness behavior.

Tmpfs

Specifies the details of the job's tmpfs mount.

October 1, 2020

Updated resource

The following resource was updated: AWS::CloudFront::CachePolicy.

AWS::CloudFront::CachePolicy

In the AWS::CloudFront::CachePolicy resource, some properties are now required that previously were not required.

In the AWS::CloudFront::CachePolicy ParametersInCacheKeyAndForwardedToOrigin property type, use the EnableAcceptEncodingBrotli property to enable CloudFront to serve compressed objects to viewers that support the Brotli compression format. For more information, see Compression support in the Amazon CloudFront Developer Guide.

October 1, 2020

Updated resource

The following resource was updated to support specifying a custom CIDR for Kubernetes service IP address assignment: AWS::EKS::Cluster.

AWS::EKS::Cluster

Use the KubernetesNetworkConfig property to specify a Kubernetes network configuration.

AWS::EKS::Cluster KubernetesNetworkConfig

Use the ServiceIpv4Cidr property to specify the CIDR block that you want Kubernetes to assign service IP addresses from.

October 1, 2020

New resource

The following resource was added: AWS::WorkSpaces::ConnectionAlias

AWS::WorkSpaces::ConnectionAlias

Use the AWS::WorkSpaces::ConnectionAlias resource to specify a connection alias. Connection aliases are used for cross-Region redirection.

October 1, 2020

Drift detection for private resources

CloudFormation supports drift detection operations on an expanded list of AWS resources, as well as private resources that are defined as provisonable.

In addition to the resources that previously supported drift detection, CloudFormation now supports drift detection on all resources defined as provisionable in the CloudFormation registry. For more information, see Resources that support import and drift detection operations.

October 1, 2020

Updated resource

The following resource was updated: AWS::MSK::Cluster

AWS::MSK::Cluster

Adding support for SASL/Scram (username- and password-based client authentication.)

September 24, 2020

Updated resource

The following resource was updated: AWS::ApiGateway::DomainName.

AWS::ApiGateway::DomainName

Use the AWS::ApiGateway::DomainName resource to configure mutual TLS authentication for an API.

September 17, 2020

Updated resource

The following resource was updated: AWS::ApiGatewayV2::DomainName.

AWS::ApiGatewayV2::DomainName

Use the AWS::ApiGatewayV2::DomainName resource to configure mutual TLS authentication for an API.

September 17, 2020

Updated resource

The following resource was updated: AWS::ApiGatewayV2::Api.

AWS::ApiGatewayV2::Api

Use the AWS::ApiGatewayV2::Api resource to disable the default endpoint for an HTTP API.

September 17, 2020

New resources

The following resources were added: AWS::AppFlow::Flow and AWS::AppFlow::ConnectorProfile.

AWS::AppFlow::Flow

Use the AWS::AppFlow::Flow resource to specify a new flow in Amazon AppFlow.

AWS::AppFlow::ConnectorProfile

Use the AWS::AppFlow::ConnectorProfile describe an instance of a connector in Amazon AppFlow.

September 17, 2020

New resource

The following resource was added: AWS::CloudFormation::StackSet.

AWS::CloudFormation::StackSet

Use the AWS::CloudFormation::StackSet resource to provision stacks into AWS accounts and across Regions by using a single CloudFormation template.

September 17, 2020

Updated resource

The following resource was updated: AWS::ApiGatewayV2::Authorizer.

AWS::ApiGatewayV2::Authorizer

Use the AWS::ApiGatewayV2::Authorizer resource to create a Lambda authorizer for an HTTP API.

September 10, 2020

Updated resource

The following resource was updated: AWS::CodeBuild::ReportGroup

AWS::CodeBuild::ReportGroup

Use the DeleteReports property to specify if any reports that belong to the report group should be deleted when the report group is deleted.

September 10, 2020

Updated resource

The following resource was updated: AWS::StepFunctions::StateMachine.

AWS::StepFunctions::StateMachine

The AWS::StepFunctions::StateMachine now supports X-Ray tracing. You can use the TracingConfiguration property to enable X-Ray tracing for your state machines.

September 10, 2020

New resources

This is the first release of Amazon Kendra in AWS CloudFormation.

September 10, 2020

New resources

The following resources were added: AWS::SSO::Assignment, AWS::SSO::PermissionSet.

AWS::SSO::Assignment

Use the AWS::SSO::Assignment resource to assign access to a principal for a specified AWS account using a specified permission set.

AWS::SSO::PermissionSet

Use the AWS::SSO::PermissionSet resource to create a permission set within a specified SSO instance.

September 10, 2020

Update resource

The following resource was updated: AWS::CloudFront::Distribution.

AWS::CloudFront::Distribution

In the CacheBehavior and DefaultCacheBehavior property types, use the RealtimeLogConfigArn property to specify the Amazon Resource Name (ARN) of the real-time log configuration for the cache behavior.

For more information, see Real-time logs in the Amazon CloudFront Developer Guide.

September 3, 2020

New resources

The following resources were added: AWS::CloudFront::CachePolicy, AWS::CloudFront::OriginRequestPolicy, and AWS::CloudFront::RealtimeLogConfig.

AWS::CloudFront::CachePolicy

Use the AWS::CloudFront::CachePolicy resource to create a new cache policy in Amazon CloudFront.

AWS::CloudFront::OriginRequestPolicy

Use the AWS::CloudFront::OriginRequestPolicy resource to create a new origin request policy in Amazon CloudFront.

AWS::CloudFront::RealtimeLogConfig

Use the AWS::CloudFront::RealtimeLogConfig resource to create a new real-time log configuration in Amazon CloudFront.

September 3, 2020

New resource

The following resource was added: AWS::CodeGuruReviewer::RepositoryAssociation

AWS::CodeGuruReviewer::RepositoryAssociation

The AWS::CodeGuruReviewer::RepositoryAssociation resource describes an associated repository that contains source code to be analyzed by AWS CodeGuru Reviewer. For more information, see RespositoryAssociation in the AWS CodeGuru Reviewer API Reference.

September 3, 2020

New resource

The following resource was added: AWS::EKS::FargateProfile.

AWS::EKS::FargateProfile

Use the AWS::EKS::FargateProfile resource to create an AWS Fargate profile.

September 3, 2020

Updated resource

The following resource was updated: AWS::CodeCommit::Repository Code

AWS::CodeCommit::Repository Code

Use the BranchName property to specify a branch name to be used as the default branch when importing code into a repository.

August 31, 2020

Updated resource

The following resource was updated: AWS::ServiceCatalog::CloudFormationProvisionedProduct.

AWS::ServiceCatalog::CloudFormationProvisionedProduct

The PathName property is now available as an alternative to PathId.

August 27, 2020

New resources

The following resources were added: AWS::GameLift::GameServerGroup

AWS::GameLift::GameServerGroup

Use the AWS::GameLift::GameServerGroup resource to create a GameLift FleetIQ game server group to run low-cost game hosting on your Amazon EC2 instances.

August 27, 2020

New resources

The following resources were added: AWS::Route53Resolver::ResolverQueryLoggingConfig and AWS::Route53Resolver::ResolverQueryLoggingConfigAssociation.

AWS::Route53Resolver::ResolverQueryLoggingConfig

Use the AWS::Route53Resolver::ResolverQueryLoggingConfig resource to specify settings for a query logging configuration.

AWS::Route53Resolver::ResolverQueryLoggingConfigAssociation

Use the AWS::Route53Resolver::ResolverQueryLoggingConfigAssociation resource to configure DNS query logging.

August 27, 2020

Updated resource

The following resource was updated: AWS::KMS::Key.

AWS::KMS::Key

Added a KeyId attribute to the return values.

August 26, 2020

Updated resource

The following resource was updated to support use of a launch template: AWS::EKS::Nodegroup.

AWS::EKS::Nodegroup

Use the LaunchTemplate property to specify a launch template specification that can be used to deploy or update a managed node group. If you use a launch template to deploy a node group, some settings that you normally set for a node group must be moved into the launch template. The text for affected settings has been updated to note that.

August 20, 2020

Updated resources

The following resources were updated: AWS::ECS::TaskDefinition

AWS::ECS::TaskDefinition

Use the EnvironmentFiles property to specify a list of files containing the environment variables to pass to a container.

August 13, 2020

Updated resource

The following resource was updated: AWS::FSx::FileSystem

AWS::FSx::FileSystem

In the LustreConfiguration property type, use DriveCacheType to specify the type of drive cache used by PERSISTENT_1 file systems that are provisioned with HDD storage devices.

August 13, 2020

Updated resource

The following resource was updated: AWS::Lambda::EventSourceMapping.

AWS::Lambda::EventSourceMapping

Use the Topics property to specify the Amazon MSK topics to stream to a Lambda function.

August 13, 2020

New resource

The following resource was added: AWS::ApplicationInsights::Application

AWS::ApplicationInsights::Application

Use the AWS::ApplicationInsights::Application resource to add an application that is created from a resource group.

August 13, 2020

New resource

The following resource was added: AWS::EC2::CarrierGateway.

AWS::EC2::CarrierGateway

Use the CarrierGateway resource to create a carrier gateway.

August 13, 2020

Updated permissions required for registering resource providers

Registering a resource provider in your account now requires you have permission to access the schema handler package uploaded to an S3 bucket for that resource provider.

For more information, see Registering resource providers in CloudFormation.

August 7, 2020

Updated resource

The following resource was updated: AWS::CodeBuild::Project

AWS::CodeBuild::Project

Use the BuildBatchConfig property to specify configuration information for a batch build.

August 6, 2020

Updated resource

The following resource was updated: AWS::FSx::FileSystem

AWS::FSx::FileSystem

In the LustreConfiguration property type, AutoImportPolicyType was changed to AutoImportPolicy. Use AutoImportPolicy to configure your Amazon FSx for Lustre file system to automatically import metadata of objects that are added to or changed in your linked S3 bucket after file system creation.

August 6, 2020

Updated resources

The following resources were updated: AWS::ECS::TaskDefinition

AWS::ECS::TaskDefinition

Use the EFSVolumeConfiguration property to specify an Amazon Elastic File System file system for task storage.

July 30, 2020

Updated resource

The following resource was updated: AWS::EC2::FlowLog.

AWS::EC2::FlowLog

Use the LogFormat property to specify the fields for the flow log record.

Use the MaxAggregationInterval property to specify the maximum interval for capturing and aggregating flows.

Use the Tags property to specify tags for the flow log.

July 30, 2020

Updated resource

The following resource was updated: AWS::GroundStation::DataflowEndpointGroup.

MTU property

The MTU property sets the maximum transmission unit used for a dataflow endpoint.

July 30, 2020

New resources

The following resources were added: AWS::AppMesh::VirtualGateway and AWS::AppMesh::GatewayRoute

AWS::AppMesh::VirtualGateway

Use the AWS::AppMesh::VirtualGateway resource to create a virtual gateway that allows resources outside of your mesh to communicate to resources that are inside of your mesh.

AWS::AppMesh::GatewayRoute

Use the AWS::AppMesh::GatewayRoute resource to create a gateway route that routes traffic to a virtual service.

July 30, 2020

New resources

The following resource was added: AWS::SageMaker::MonitoringSchedule

AWS::SageMaker::MonitoringSchedule

Use the AWS::SageMaker::MonitoringSchedule resource to create a monitoring schedule to regularly start an Amazon SageMaker processing job to monitor the data captured for a SageMaker endpoint.

July 30, 2020

New property

The following properties were added: AWS::CodeGuruProfiler::ProfilingGroup.AnomalyDetectionNotificationConfiguration and AWS::CodeGuruProfiler::ProfilingGroup.Tags.

AWS::CodeGuruProfiler::ProfilingGroup.AnomalyDetectionNotificationConfiguration

Use the AWS::CodeGuruProfiler::ProfilingGroup.AnomalyDetectionNotificationConfiguration property to configure notifications for your profiling group.

AWS::CodeGuruProfiler::ProfilingGroup.Tags

Use the AWS::CodeGuruProfiler::ProfilingGroup.Tags property to add tags to a profiling group.

July 30, 2020

Updated resources

The following resources were updated: AWS::WAFv2::WebACL and AWS::WAFv2::RuleGroup.

AWS::WAFv2::WebACL

Rule statements that use IP addresses now support using IP addresses that are forwarded in an HTTP header in the web request, instead of using the IP address that's reported by the web request origin. This option is available for all rule statements that use an IP address: GeoMatchStatement, RateBasedStatement, and IPSetReferenceStatement. The following new properties support this functionality: IPSetForwardedIPConfiguration and ForwardedIPConfiguration.

AWS::WAFv2::RuleGroup

Rule statements that use IP addresses now support using IP addresses that are forwarded in an HTTP header in the web request, instead of using the IP address that's reported by the web request origin. This option is available for all rule statements that use an IP address: GeoMatchStatement, RateBasedStatement, and IPSetReferenceStatement. The following new properties support this functionality: IPSetForwardedIPConfiguration and ForwardedIPConfiguration.

July 23, 2020

Updated resource

The following resource was updated: AWS::EFS::FileSystem

AWS::EFS::FileSystem

Use the BackupPolicy property to turn automatic backups on or off for your Amazon EFS file system.

July 23, 2020

Updated resource

The following resource was updated: AWS::CloudFront::Distribution.

AWS::CloudFront::Distribution

In the CacheBehavior and DefaultCacheBehavior property types:

  • Use the CachePolicyId property to specify the ID of the cache policy for the cache behavior.

  • Use the OriginRequestPolicyId property to specify the ID of the origin request policy for the cache behavior.

For more information, see Working with policies in the Amazon CloudFront Developer Guide.

July 23, 2020

Updated resource

The following resource was updated: AWS::CodeStarConnections::Connection

AWS::CodeStarConnections::Connection

Use the HostArn property to specify the host associated with connections you want to make to an installed provider.

July 23, 2020

Updated resource

The following resource was updated: AWS::FSx::FileSystem

AWS::FSx::FileSystem

In the LustreConfiguration property type, use AutoImportPolicyType to configure how FSx imports new files and file changes in the linked data repository into the file system.

July 23, 2020

Updated resource

The following resource was updated: EndpointConfig

AWS::SageMaker::EndpointConfig

Use the CaptureContentTypeHeader property to specify content types (JSON and/or CSV) to capture.

Use the CaptureOption property to specify whether to capture input data, output data, or both.

Use the DataCaptureConfig resource/property to configure how the endpoint captures data.

July 23, 2020

New resource

The following resource was added: AWS::SecretsManager::RotationSchedule.HostedRotationLambda.

AWS::SecretsManager::RotationSchedule

Use the HostedRotationLambda property type to create a rotation Lambda.

July 23, 2020

Updated resource

The following resource was updated: AWS::Amplify::App

AWS::Amplify::App

Use the EnableBranchAutoDeletion property to automatically disconnect a branch in the Amplify Console when you delete a branch from your Git repository.

July 9, 2020

Updated resource

The following resource was updated: AWS::Amplify::Domain

AWS::Amplify::Domain

Use the AutoSubDomainCreationPatterns property to set branch patterns for automatic subdomain creation.

Use the AutoSubDomainIAMRole property to specify the required AWS Identity and Access Management (IAM) service role for the Amazon Resource Name (ARN) for automatically creating subdomains.

Use the EnableAutoSubDomain property to enable the automated creation of subdomains for branches.

July 9, 2020

Updated resource

The following resource was updated: AWS::Synthetics::Canary.

AWS::Synthetics::Canary

The MemoryInMB parameter was added. Also, the RunConfig parameter is no longer required, and DurationInSeconds is no longer required.

July 9, 2020

Updated resource

The following resource was updated: AWS::ElasticLoadBalancingV2::Listener.

AWS::ElasticLoadBalancingV2::Listener

Use the AlpnPolicy property to specify the name of the Application-Layer Protocol Negotiation (ALPN) policy for TLS listeners.

July 9, 2020

Updated resource

The following resource was updated: AWS::FSx::FileSystem

AWS::FSx::FileSystem

The StorageCapacity property has changed so that an update requires no interruption.

In the WindowsConfiguration property type, the ThroughputCapacity property has changed so that an update requires no interruption.

In the LustreConfiguration property type:

  • Use the DailyAutomaticBackupStartTime property to specify the time that the daily automatic backup window starts.

  • Use the CopyTagsToBackups boolean property to copy file system tags to its backups.

  • Use the AutomaticBackupRetentionDays property to set the number of days to retain file system backups.

July 9, 2020

Updated resource

The following resource was updated: AWS::ServiceCatalog::CloudFormationProvisionedProduct.

AWS::ServiceCatalog::CloudFormationProvisionedProduct

Use the Outputs property to view the output of the product you are provisioning.

July 9, 2020

New resource

The following resource was added: AWS::Athena::DataCatalog

AWS::Athena::DataCatalog

Use the AWS::Athena::DataCatalog resource to register external data sources with Athena.

July 9, 2020

New resource

The following resource was added: AWS::EC2::PrefixList.

AWS::EC2::PrefixList

Use the PrefixList resource to create a prefix list.

July 9, 2020

New resource

The following resource was added: AWS::QLDB::Stream

AWS::QLDB::Stream

Use the AWS::QLDB::Stream resource to specify a new journal stream for a given Amazon Quantum Ledger Database (Amazon QLDB) ledger.

July 9, 2020

New property

The following property was added to AWS::CodeBuild::Project Source: BuildStatusConfig

AWS::CodeBuild::Project Source

Use the buildStatusConfig property to specify build status information to the source provider.