Release history - AWS CloudFormation

Release history

The following table describes important changes in each release of the AWS CloudFormation User Guide after May 2018. For notification about updates to this documentation, you can subscribe to an RSS feed.

ChangeDescriptionDate

New resource

The following resource was added: AWS::Connect::AgentStatus

AWS::Connect::AgentStatus

Use the AWS::Connect::AgentStatus resource to configure an AgentStatus in the specified instance.

September 13, 2024

New resource

The following resource was added: AWS::Connect::UserHierarchyStructure

AWS::Connect::UserHierarchyStructure

Use the AWS::Connect::UserHierarchyStructure resource to create a UserHierarchyStructure in the specified instance.

September 13, 2024

New resource

The following resource was added: AWS::DataZone::EnvironmentActions.

AWS::DataZone::EnvironmentActions

Use the AWS::DataZone::EnvironmentActions resource to specify the details about a particular action configured for an environment in Amazon DataZone.

September 13, 2024

Updated resource

The following resource was updated: AWS::Pipes::Pipe.

AWS::Pipes::Pipe

Use the PipeTargetTimestreamParameters property to specify the parameters for using a Timestream for LiveAnalytics table as a target.

September 10, 2024

New resource

The following resources were added: AWS::MSK::Replicator ReplicationTopicNameConfiguration.

AWS::MSK::Replicator ReplicationTopicNameConfiguration

Configuration for specifying replicated topic names will be the identical to their corresponding upstream topics or prefixed with source cluster alias.

September 10, 2024

New resource

The following structure was added: AWS::ApplicationSignals::ServiceLevelObjective RequestBasedSli

AWS::ApplicationSignals::ServiceLevelObjective RequestBasedSli

Use the RequestBasedSli structure to provide information about the service and the performance metric that a request-based SLO is to monitor. For more information, see Service level objectives.

September 6, 2024

New resource

The following structure was added: AWS::ApplicationSignals::ServiceLevelObjective RequestBasedSliMetric

AWS::ApplicationSignals::ServiceLevelObjective RequestBasedSliMetric

Use the RequestBasedSliMetric structure to provide information about the metric that the request-based SLO monitors. For more information, see Service level objectives.

September 6, 2024

Updated resource

The following resources were updated: AWS::AppSync::GraphQLApi

AWS::AppSync::GraphQLApi

Updated LogConfig property.

September 4, 2024

Updated resource

The following property was added to the AWS::SES::ReceiptRule S3Action resource:

AWS::SES::ReceiptRule S3Action

Use the IamRoleArn property to access the resources in the Deliver to S3 action (Amazon S3 bucket, SNS topic, and KMS key) and to write to an S3 bucket that exists in a region where SES Email receiving isn't available.

August 29, 2024

Updated resource

The following resource was updated: AWS::AutoScaling::AutoScalingGroup.

AWS::AutoScaling::AutoScalingGroup

Use the HealthCheckType property to specify EBS as the health check type for your Auto Scaling group.

August 27, 2024

Visualize your scanned resources and generated templates

You can now streamline your Infrastructure as Code (IaC) generator workflows by visualizing scan summary details and previewing the generated templates before deploying your infrastructure stack.

For more information, see View the scan summary in the CloudFormation console and Create a CloudFormation stack from scanned resources.

August 22, 2024

Updated resource

The following resource was updated: AWS::IVS::Stage

AWS::IVS::Stage

Use the AutoParticipantRecordingConfiguration property to specify a configuration for individual participant recording.

August 20, 2024

New resource

The following resource was added: AWS::IVS::PublicKey

AWS::IVS::PublicKey

Use the PublicKey to sign stage participant tokens.

August 20, 2024

Updated resource

The following resource was updated: AWS::Lambda::Function.

AWS::Lambda::Function

Use the RecursiveLoop property to allow Lambda functions to be invoked in a recursive loop.

August 19, 2024

Updated resource

The following resource was updated: AWS::Bedrock::Guardrail.

AWS::Bedrock::Guardrail

The AWS::Bedrock::Guardrail resource was updated to support the contextual grounding filter.

August 15, 2024

Added support for user log export

Added S3Configuration and FirehoseConfiguration to LogDeliveryConfiguration. Adds support for log export to Amazon S3 and Amazon Data Firehose.

AWS::Cognito::UserPool PreTokenGenerationConfig

You can update the version of your Lambda trigger event. Version 2 includes details to customize access tokens and ID tokens.

August 8, 2024

New resource

The following resource was added: AWS::SSMQuickSetup::ConfigurationManager

AWS::SSMQuickSetup::ConfigurationManager

Creates a Quick Setup configuration manager resource. This resource is a collection of desired state configurations for multiple configuration definitions and summaries describing the deployments of those definitions. Quick Setup is a capability of Systems Manager. For more information about Quick Setup, see Systems Manager Quick Setup in the Systems Manager User Guide.

July 31, 2024

Amazon EventBridge integration with AWS CloudFormation Git sync

AWS CloudFormation Git sync now publishes sync status changes as events to Amazon EventBridge.

For more information, see Repository Sync Status Change event detail and Resource Sync Status Change event detail.

July 29, 2024

Updated resource

The following resource was updated: AWS::CodeCommit::Repository

AWS::CodeCommit::Repository Code

AWS CodeCommit is no longer available to new customers. Existing customers of AWS CodeCommit can continue to use the service as normal. Learn more"

July 25, 2024

Updated resource

The following resource was updated: AWS::KinesisFirehose::DeliveryStream.

AWS::KinesisFirehose::DeliveryStream DestinationTableConfiguration

Use the DestinationTableConfiguration property type to specify the configuration of a destination in Apache Iceberg Tables.

AWS::KinesisFirehose::DeliveryStream IcebergDestinationConfiguration

Use the IcebergDestinationConfiguration property type to specify the destination configure settings for Apache Iceberg Table.

AWS::KinesisFirehose::DeliveryStream CatalogConfiguration

Use the CatalogConfiguration property type to specify the containers where the destination Apache Iceberg Tables are persisted.

July 25, 2024

Updated resources

The following resources were updated: AWS::CleanRooms::ConfiguredTable and AWS::CleanRooms::ConfiguredTableAssociation.

AWS::CleanRooms::ConfiguredTable

Use the AdditionalAnalyses property to specify whether additional analyses can be applied to the output of the direct query.

AWS::CleanRooms::ConfiguredTableAssociation

Use the ConfiguredTableAssociationAnalysisRule property to specify how data from the table can be used within its associated collaboration.

July 24, 2024

Updated resources

The following resources were updated: AWS::EntityResolution::MatchingWorkflow and AWS::EntityResolution::SchemaMapping.

AWS::EntityResolution::MatchingWorkflow RuleBasedProperties

Use the MatchPurpose property to specify whether to generate IDs and index the data or index the data without generating IDs.

AWS::EntityResolution::SchemaMapping SchemaInputAttribute

Use the Hashed property to specify if the column values are hashed in the schema input.

July 23, 2024

New resources

The following resources were added: AWS::CleanRooms::IDMappingTable and AWS::CleanRooms::IdNamespaceAssociation.

AWS::CleanRooms::IDMappingTable

Use the AWS::CleanRooms::IDMappingTable resource to specify a new ID mapping table resource in AWS Clean Rooms.

AWS::CleanRooms::IdNamespaceAssociation

Use the AWS::CleanRooms::IdNamespaceAssociation resource to specify a new ID namespace association resource in AWS Clean Rooms.

July 23, 2024

Updated resource

The following resource was updated: AWS::WorkSpacesWeb::UserSettings.

AWS::WorkSpacesWeb::UserSettings

Use the DeepLinkAllowed property to specify whether the user can use deep links that open automatically when connecting to a session.

July 22, 2024

New resources

The following resources were added: AWS::Bedrock::Prompt, AWS::Bedrock::PromptVersion, AWS::Bedrock::Flow, AWS::Bedrock::FlowVersion, and AWS::Bedrock::FlowAlias.

AWS::Bedrock::Prompt

Use the AWS::Bedrock::Prompt resource to create a prompt in Amazon Bedrock to reuse in different workflows. For more information, see Prompt management in Amazon Bedrock.

AWS::Bedrock::PromptVersion

Use the AWS::Bedrock::PromptVersion resource to create a version of your prompt that acts as a static snapshot of a prompt configuration. For more information, see Prompt management in Amazon Bedrock.

AWS::Bedrock::Flow

Use the AWS::Bedrock::Flow resource to create a prompt flow in Amazon Bedrock so that you can chain resources from Amazon Bedrock and other AWS services to create complex workflows that take advantage of generative AI. For more information, see Prompt flows in Amazon Bedrock.

AWS::Bedrock::FlowVersion

Use the AWS::Bedrock::FlowVersion resource to create a version of your prompt flow that acts as a static snapshot of a prompt flow. For more information, see Prompt flow sin Amazon Bedrock.

AWS::Bedrock::FlowAlias

Use the AWS::Bedrock::FlowAlias resource to create an alias of your prompt flow that points to a version of the prompt flow. For more information, see Prompt flows in Amazon Bedrock.

July 10, 2024

Updated resource

The following resource was updated: AWS::MWAA::Environment

AirflowVersion

The AirflowVersion property has been updated to include a new valid value for Apache Airflow version 2.9.2.

July 9, 2024

New resource

The following resource was released: AWS::LaunchWizard::Deployment.

Use AWS::LaunchWizard::Deployment to create a Launch Wizard deployment.

July 3, 2024

New resources

The following resources were added: AWS::SES::MailManagerAddonInstance, AWS::SES::MailManagerAddonSubscription, AWS::SES::MailManagerArchive, AWS::SES::MailManagerIngressPoint, AWS::SES::MailManagerRelay, AWS::SES::MailManagerRuleSet, and AWS::SES::MailManagerTrafficPolicy.

AWS::SES::MailManagerAddonInstance

Use the AWS::SES::MailManagerAddonInstance resource to create an Add On instance which represents the actual deployment and configuration of the Add On functionality within your Mail Manager environment.

AWS::SES::MailManagerAddonSubscription

Use the AWS::SES::MailManagerAddonSubscription resource to create an Add On subscription which represents the acceptance of the Add On's terms of use and any additional pricing.

AWS::SES::MailManagerArchive

Use the AWS::SES::MailManagerArchive resource to create a new email archive resource for storing and retaining emails.

AWS::SES::MailManagerIngressPoint

Use the AWS::SES::MailManagerIngressPoint resource to provision an ingress endpoint which serves as the entry point for incoming emails, allowing you to define how emails are received and processed within your AWS environment.

AWS::SES::MailManagerRelay

Use the AWS::SES::MailManagerRelay resource to create an SMTP relay which can be used within a Mail Manager rule set to forward incoming emails to defined relay destinations.

AWS::SES::MailManagerRuleSet

Use the AWS::SES::MailManagerRuleSet resource to create a rule set for a Mail Manager ingress endpoint which contains a list of rules that are evaluated sequentially for each email.

AWS::SES::MailManagerTrafficPolicy

Use the AWS::SES::MailManagerTrafficPolicy resource to create a traffic policy for a Mail Manager ingress endpoint which contains policy statements used to evaluate whether incoming emails should be allowed or denied.

June 30, 2024

New resource

The following resource was added: AWS::WorkSpaces::WorkspacesPool

AWS::WorkSpaces::WorkspacesPool

Use the AWS::WorkSpaces::WorkspacesPool resource to create a pool of WorkSpaces.

June 27, 2024

New resource type

The following resource type was added: AWS::AppTest::TestCase.

AWS::AppTest::TestCase

Use the AWS::AppTest::TestCase resource type to specify a test case.

June 26, 2024

New resource

The following resource was added: AWS::GuardDuty::MalwareProtectionPlan

AWS::GuardDuty::MalwareProtectionPlan

Use AWS::GuardDuty::MalwareProtectionPlan resource to configure Malware Protection for S3 that helps you detect potential malware in the newly uploaded objects in your selected S3 buckets.

June 13, 2024

New resource

The following resource was added: AWS::ApplicationSignals::ServiceLevelObjective

AWS::ApplicationSignals::ServiceLevelObjective

Use the AWS::ApplicationSignals::ServiceLevelObjective resource to create service level objective (SLO), which can help you ensure that your critical business operations are meeting customer expectations. For more information, see Service level objectives.

June 12, 2024

Updated resource

The following resource was updated: AWS::CloudFormation::CustomResource.

AWS::CloudFormation::CustomResource

Use the ServiceTimeout property to specify the maximum time, in seconds, that can elapse before a custom resource operation times out.

June 10, 2024

New resources

The following resources were added: AWS::ECS::Cluster ManagedStorageConfiguration

AWS::ECS::Cluster ManagedStorageConfiguration

Use the AWS::ECS::Cluster ManagedStorageConfiguration resource to represent the configuration for Managed Storage.

June 10, 2024

Updated resource

The following resource was updated: AWS::AutoScaling::ScalingPolicy.

AWS::AutoScaling::ScalingPolicy

Use the AWS::AutoScaling::ScalingPolicy property to use metric math to customize the metrics that you include in your target tracking policies.

June 6, 2024

Updated resource

The following resource was updated: AWS::Pipes::Pipe.

AWS::Pipes::Pipe

Use the PipeTargetTimestreamParameters property to specify the parameters for using a Timestream for LiveAnalytics table as a target.

June 4, 2024

Updated resource

The following resource was updated: AWS::Bedrock::Agent.

AWS::Bedrock::Agent

The AWS::Bedrock::Agent resource was updated to support the addition of a guardrail to an agent. For more information, see Associate a guardrail with your agent.

June 3, 2024

New resources

The following resources were added: AWS::SecurityHub::ConfigurationPolicy, AWS::SecurityHub::FindingAggregator, AWS::SecurityHub::OrganizationConfiguration, and AWS::SecurityHub::PolicyAssociation.

AWS::SecurityHub::ConfigurationPolicy

Use the AWS::SecurityHub::ConfigurationPolicy resource to create a Security Hub central configuration policy.

AWS::SecurityHub::FindingAggregator

Use the AWS::SecurityHub::FindingAggregator resource to enable Security Hub cross-Region aggregation and specify aggregation settings.

AWS::SecurityHub::OrganizationConfiguration

Use the AWS::SecurityHub::OrganizationConfiguration resource to specify how an AWS organization is configured in Security Hub.

AWS::SecurityHub::PolicyAssociation

Use the AWS::SecurityHub::PolicyAssociation resource to associate a Security Hub configuration policy or self-managed configuration with the organization root, an account, or an organizational unit (OU).

May 30, 2024

New resource

The following resource was added: AWS::SecurityLake::SubscriptionNotification

AWS::SecurityLake::SubscriptionNotification

Use the AWS::SecurityLake::SubscriptionNotification resource to add a notification method for the subscription (SQS or HTTPs) endpoint in Amazon Security Lake.

May 29, 2024

New resource

The following resources were added: AWS::DataZone::GroupProfile, AWS::DataZone::ProjectMembership, and AWS::DataZone::UserProfile.

AWS::DataZone::GroupProfile

Use the AWS::DataZone::GroupProfile resource to specify the details of a group profile in Amazon DataZone.

AWS::DataZone::ProjectMembership

Use the AWS::DataZone::ProjectMembership resource to specify the project membership information in Amazon DataZone.

AWS::DataZone::UserProfile

Use the AWS::DataZone::UserProfile resource to specify the user profile information in Amazon DataZone.

May 15, 2024

New resource

The following resource was added: AWS::SecurityHub::SecurityControl.

AWS::SecurityHub::SecurityControl

Use the AWS::SecurityHub::SecurityControl resource to specify control parameters for a Security Hub control.

May 15, 2024

AWS CloudTrail event stack operation root causes

AWS CloudFormation improves the troubleshooting experience for stack operations with a new AWS CloudTrail deep-link integration. This feature directly links stack operation events in the CloudFormation Console to relevant CloudTrail events

For more information, see Determine the cause of a stack failure

May 15, 2024

Updated resource

The following resource was updated: AWS::Events::EventBus.

AWS::Events::EventBus

Use the DeadLetterConfig property to specify configuration details of the Amazon SQS queue for EventBridge to use as a dead-letter queue (DLQ).

Use the KmsKeyIdentifier property to specify the AWS KMS customer managed key for EventBridge to use for event encryption.

May 14, 2024

Updated resource

The following resource was updated: AWS::Bedrock::Agent.

AWS::Bedrock::Agent

The AWS::Bedrock::Agent resource was updated to support the creation of action groups using a function schema, in addition to the configuring of action groups to return control to the agent developer instead of sending the information to a Lambda function. For more information, see Define function details and Return control to the agent developer.

May 9, 2024

New resource

The following resource was added: AWS::Bedrock::GuardrailVersion.

AWS::Bedrock::GuardrailVersion

Use the AWS::Bedrock::GuardrailVersion resource to create new versions for your guardrail. For more information, see Create and manage a version of a guardrail..

May 6, 2024

New resource

The following resources were added: AWS::SSO::Application, AWS::SSO::ApplicationAssignment, and AWS::SSO::Instance.

AWS::SSO::Application

Use the AWS::SSO::Application resource to create an application in IAM Identity Center.

AWS::SSO::ApplicationAssignment

Use the AWS::SSO::ApplicationAssignment resource to describe an assignment of a principal of an application.

AWS::SSO::Instance

Use the AWS::SSO::Instance resource to create an instance of IAM Identity Center for a standalone AWS account that is not managed by or a member AWS account in an organization.

May 6, 2024

Updated resource

The following resource was updated: AWS::FMS::Policy.

AWS::FMS::Policy

The AWS::FMS::Policy resource now supports centralized management of Amazon Virtual Private Cloud network ACLs.

May 3, 2024

Updated resource

The following properties were added to the AWS::DynamoDB::GlobalTable resource: ReadOnDemandThroughputSettings and WriteOnDemandThroughputSettings.

AWS::DynamoDB::GlobalTable ReadOnDemandThroughputSettings

Use this property to set the read request settings for a replica table or a replica global secondary index if the BillingMode is PAY_PER_REQUEST.

AWS::DynamoDB::GlobalTable WriteOnDemandThroughputSettings

Use this property to set the write request settings for a global table or a global secondary index if the BillingMode is PAY_PER_REQUEST.

May 1, 2024

Updated resource

The following property was added to the AWS::DynamoDB::Table resource: OnDemandThroughput.

AWS::DynamoDB::Table OnDemandThroughput

Use this property to set the maximum number of read and write units for a specified on-demand table.

May 1, 2024

New resources

The following resources were added: AWS::QBusiness::Application, AWS::QBusiness::DataSource, AWS::QBusiness::Index, AWS::QBusiness::Plugin, AWS::QBusiness::Retriever, and AWS::QBusiness::WebExperience.

AWS::QBusiness::Application

Use the AWS::QBusiness::Application resource to create an Amazon Q Business application. For more information, see Configuring an Amazon Q Business application.

AWS::QBusiness::DataSource

Use the AWS::QBusiness::DataSource resource to create a data source connector for an Amazon Q Business application. For more information, see Configuring Amazon Q Business data source connectors.

AWS::QBusiness::Index

Use the AWS::QBusiness::Index resource to create an Amazon Q Business index. For more information, see Creating an Amazon Q Business index.

AWS::QBusiness::Plugin

Use the AWS::QBusiness::Plugin resource to create and configure an Amazon Q Business plugin. For more information, see Configuring plugins with Amazon Q Business.

AWS::QBusiness::Retriever

Use the AWS::QBusiness::Retriever resource to add a retriever to an Amazon Q Business application. For more information, see Selecting a retriever for Amazon Q Business.

AWS::QBusiness::WebExperience

Use the AWS::QBusiness::WebExperience resource to create an Amazon Q Business web experience. For more information, see Customizing an Amazon Q Business web experience .

April 30, 2024

New resources

The following property was updated: AWS::Route53Resolver::FirewallRuleGroup FirewallRule.

AWS::Route53Resolver::FirewallRuleGroup FirewallRule

Added a FirewallDomainRedirectionAction property to include a DNS redirection choice for the DNS Firewall rule to evaluate.

April 30, 2024

Updated resource

The following resources was updated: AWS::Oam::Link.

AWS::Oam::Sink

The AWS::Oam::Link resource was updated with a LinkConfiguration structure. You can use this structure to specify that only a subset of metric namespaces or log groups are to be shared with the monitoring account.

April 26, 2024

Updated resource

The following resource was updated: AWS::RDS::DBInstance

AWS::RDS::DBInstance

Use the AutomaticBackupReplicationKmsKeyId property to specify the AWS KMS key identifier for encryption of replicated automated backups.

April 26, 2024

Updated resource

The following resource was updated: AWS::DataSync::Task.

AWS::DataSync::Task

Use the Status property to enable or disable your task schedule.

April 24, 2024

New resource

The following resource was added: AWS::Bedrock::Guardrail.

AWS::Bedrock::Guardrail

Use the AWS::Bedrock::Guardrail resource to block topics and to filter out harmful content. For more information, see Guardrails for Amazon Bedrock.

April 24, 2024

New resources

The following resources were added: AWS::PaymentCryptography::Alias and AWS::PaymentCryptography::Key.

AWS::PaymentCryptography::Alias

Use the AWS::PaymentCryptography::Alias resource to specify an alias.

AWS::PaymentCryptography::Key

Use the AWS::PaymentCryptography::Key resource to specify a key.

April 23, 2024

Updated resources

The following resources were updated: AWS::WorkSpacesWeb::BrowserSettings, AWS::WorkSpacesWeb::IpAccessSettings, AWS::WorkSpacesWeb::Portal, and AWS::WorkSpacesWeb::UserSettings.

AWS::WorkSpacesWeb::BrowserSettings

Use the AdditionalEncryptionContext property to specify the additional encryption context of the browser settings.

Use the CustomerManagedKey property to specify the custom managed key of the browser settings.

AWS::WorkSpacesWeb::IpAccessSettings

Use the AdditionalEncryptionContext property to specify the additional encryption context of the IP access settings.

Use the CustomerManagedKey property to specify the custom managed key of the IP access settings.

AWS::WorkSpacesWeb::Portal

Use the AdditionalEncryptionContext property to specify the additional encryption context of the portal.

Use the CustomerManagedKey property to specify the custom managed key of the portal.

Use the InstanceType property to specify the type and resources of the underlying instance.

Use the MaxConcurrentSessions property to specify the maximum number of concurrent sessions for the portal.

AWS::WorkSpacesWeb::UserSettings

Use the AdditionalEncryptionContext property to specify the additional encryption context of the user settings.

Use the CustomerManagedKey property to specify the custom managed key of the user settings.

April 22, 2024

New resource

The following resource was added: AWS::GlobalAccelerator::CrossAccountAttachment.

AWS::GlobalAccelerator::CrossAccountAttachment

Use the AWS::GlobalAccelerator::CrossAccountAttachment resource to create a cross-account attachment to specify the principals who have permission to work with resources in accelerators in their own account, and the resources that those principals can work with.

April 22, 2024

New resource

The following resources were added: AWS::SecurityLake::AwsLogSource, AWS::SecurityLake::DataLake, AWS::SecurityLake::Subscriber.

AWS::SecurityLake::AwsLogSource

Use the AWS::SecurityLake::AWSLogSource to add a natively supported AWS service as an Amazon Security Lake source.

AWS::SecurityLake::DataLake

Use the AWS::SecurityLake::DataLake resource to initialize an Amazon Security Lake instance with the provided (or default) configuration.

AWS::SecurityLake::Subscriber

Use the AWS::SecurityLake::Subscriber resource to create subscription permission for accounts that are already enabled in Amazon Security Lake.

April 12, 2024

Updated resource

The following resource was updated: AWS::CloudWatch::AnomalyDetector

AWS::CloudWatch::AnomalyDetector

In the AnomalyDetector resource, the MetricCharacteristics object was added to enable you to specify parameters to provide information about your metric to CloudWatch to help it build more accurate anomaly detection models. Currently, this object includes the PeriodicSpikes parameter. Use this parameter if values for this metric consistently include spikes that should not be considered to be anomalies.

April 11, 2024

Updated resource

The following resource was updated: AWS::KMS::Key.

AWS::KMS::Key

Added support to specify a custom rotation period for automatic key rotations.

April 11, 2024

Updated resource

The following resource was updated: AWS::CleanRooms::ConfiguredTable. AWS::CleanRooms::PrivacyBudgetTemplate

AWS::CleanRooms::ConfiguredTable

Use the DifferentialPrivacy property to specify the name of the column that contains the unique identifier of your users, whose privacy you want to protect.

April 10, 2024

New resource

The following resource was added: AWS::CleanRooms::PrivacyBudgetTemplate.

AWS::CleanRooms::PrivacyBudgetTemplate

Use the PrivacyBudgetTemplate to specify the differential privacy configuration.

April 10, 2024

New resources

The following resources were added: AWS::IVS::EncoderConfigration, AWS::IVS::PlaybackRestrictionPolicy, AWS::IVS::StorageConfigration

AWS::IVS::EncoderConfiguration

Use the EncoderConfiguration resource to describe a streamā€™s video configuration.

AWS::IVS::PlaybackRestrictionPolicy

Use the PlaybackRestrictionPolicy resource to constrain playback by country and/or origin sites.

AWS::IVS::StorageConfiguration

Use the StorageConfiguration resource to describe an S3 location where recorded videos will be stored.

April 9, 2024

Updated resource

The following resource was updated: AWS::CloudWatch::Alarm

AWS::CloudWatch::Alarm

The Tags property was added so that you can use AWS CloudFormation to apply tags to metric alarms.

April 5, 2024

Updated resource

The following resource was updated: AWS::CloudWatch::CompositeAlarm

AWS::CloudWatch::CompositeAlarm

The Tags property was added so that you can use AWS CloudFormation to apply tags to composite alarms.

April 5, 2024

New resources

The following resources were added: AWS::Bedrock::Agent, AWS::Bedrock::AgentAlias, AWS::Bedrock::KnowledgeBase, and AWS::Bedrock::DataSource.

AWS::Bedrock::Agent

Use the AWS::Bedrock::Agent resource to create an agent in Amazon Bedrock to help users fulfill tasks. For more information, see Agents for Amazon Bedrock.

AWS::Bedrock::AgentAlias

Use the AWS::Bedrock::AgentAlias resource to create an alias that points to a version of your Amazon Bedrock agent that your application can invoke during deployment. For more information, see Deploy an Amazon Bedrock Agent.

AWS::Bedrock::KnowledgeBase

Use the AWS::Bedrock::KnowledgeBase resource to create a knowledge base in Amazon Bedrock that can be queried and generate responses based on the retrieved results. For more information, see Knowledge Bases for Amazon Bedrock.

AWS::Bedrock::DataSource

Use the AWS::Bedrock::DataSource resource to create a data source in a knowledge base in Amazon Bedrock to manage the conversion of data from an Amazon S3 bucket into vector embeddings for a knowledge base. For more information, see Set up a data source for your knowledge base .

April 4, 2024

New resources

The following resources were added: AWS::SecurityHub::DelegatedAdmin, AWS::SecurityHub::Insight, and AWS::SecurityHub::ProductSubscription.

AWS::SecurityHub::DelegatedAdmin

Use the AWS::SecurityHub::DelegatedAdmin resource to specify the delegated Security Hub administrator for an organization.

AWS::SecurityHub::Insight

Use the AWS::SecurityHub::Insight resource to specify a custom Security Hub insight.

AWS::SecurityHub::ProductSubscription

Use the AWS::SecurityHub::ProductSubscription resource to specify a subscription to a third-party product that integrates with Security Hub.

April 3, 2024

New resource

The following resource was added: AWS::CleanRoomsML::TrainingDataset.

AWS::CleanRoomsML::TrainingDataset

Use the AWS::CleanRoomsML::TrainingDataset resource to specify the creation of a training dataset, which is metadata that points to a Glue table. For more information, see Import training data.

April 3, 2024

New resources

The following resources were added:

AWS::Deadline::Farm

Use the AWS::Deadline::Farm resource to create a farm that contains the queues and fleets that process you jobs. For more information, see AWS Deadline Cloud farms.

AWS::Deadline::Fleet

Use the AWS::Deadline::Fleet resource to define a fleet of worker hosts that process the tasks for your jobs. For more information, see Manage AWS Deadline Cloud fleets.

AWS::Deadline::LicenseEndpoint

Use the AWS::Deadline::LicenseEndpoint resource to integrate licensed software with your jobs. For more information, see Connect customer-managed fleets to a license endpoint.

AWS::Deadline::MeteredProduct

Use the AWS::Deadline::MeteredProduct resource to associate a licensed application with a license endpoint.

AWS::Deadline::Queue

Use the AWS::Deadline::Queue resource to create queues for your farm. Jobs are submitted to a queue, and the queue sends the tasks in the job to a worker fleet for processing. For more information, see Queues.

AWS::Deadline::QueueEnvironment

Use the AWS::Deadline::QueueEnvironment resource to create to create a processing environment for workers processing tasks from the queue. For more information, see Create a queue environment.

AWS::Deadline::QueueFleetAssociation

Use the AWS::Deadline::QueueFleetAssociation resource to associate a worker fleet with a queue. Workers in the fleet process tasks for the jobs in the queue. For more information, see Associate a queue and fleet.

AWS::Deadline::StorageProfile

Use the AWS::Deadline::StorageProfile resource to specify the operating system, file type, and file location of resources used by a farm. For more information, see Storage profiles in AWS Deadline Cloud .

April 2, 2024

New resource

The following new resource has been added: AWS::CodeConnections::Connection

April 2, 2024

New and updated resources

The following resources were added: AWS::EntityResolution::IdNamespace and AWS::EntityResolution::PolicyStatement. The following resource was updated: AWS::EntityResolution::IdMappingWorkflow.

AWS::EntityResolution::IdNamespace

Use the AWS::EntityResolution::IdNamespace resource to specify a new ID namespace resource in AWS Entity Resolution.

AWS::EntityResolution::IdNamespace

Use the AWS::EntityResolution::PolicyStatement resource to specify a new policy statement resource in AWS Entity Resolution.

AWS::EntityResolution::IdMappingWorkflow

Use the AWS::EntityResolution::IdMappingWorkflow IdMappingWorkflowInputSource property to specify type of ID namespace (source or target).

April 2, 2024

Updated resource

The following resource was updated: AWS::InternetMonitor::Monitor.

AWS::InternetMonitor::Monitor

Use Monitor.IncludeLinkedAccounts to located accounts that you've linked with this monitor.

March 29, 2024

New resource

The following resource was added: AWS::APS::Scraper.

AWS::APS::Scraper

Use the AWS::APS::Scraper resource to create or update an Amazon Managed Service for Prometheus scraper. A scraper is a metrics collector that pulls metrics from Amazon EKS and sends them to your Amazon Managed Service for Prometheus workspace.

For more information, see Using an AWS managed collector in the Amazon Managed Service for Prometheus User Guide.

March 29, 2024

Updated resource

The following resource was updated: AWS::CloudWatch::AnomalyDetector SingleMetricAnomalyDetector

AWS::CloudWatch::AnomalyDetector SingleMetricAnomalyDetector

In the SingleMetricAnomalyDetector resource, the AccountId field was added to enable you to create an anomaly detector in a monitoring account that watches a metric in a source account.

March 28, 2024

New resource

The following resource was added: AWS::BCMDataExports::Export.

AWS::BCMDataExports::Export

Use the Export and Tags property to specify the data query, delivery preference, and any optional resource tags.

March 28, 2024

Updated resource

The following resource was updated: AWS::RDS::Integration

AWS::RDS::Integration

Use the DataFilter property to specify which tables from the source database are sent to the target Amazon Redshift data warehouse.

Use the Description property to provide a description of the integration.

March 27, 2024

New resource

The following resource was added: AWS::AppIntegrations::Application

AWS::AppIntegrations::Application

Use the AWS::AppIntegrations::Application resource to create an Application.

March 25, 2024

Updated resources

The following resource was updated: AWS::WAFv2::WebACL.

AWS::WAFv2::WebACL

Use the AssociationConfig property to increase the body inspection size limit beyond the new default limit of 16 KB for some regional resources. Prior to this, you could only increase the limit for CloudFront distributions.

March 21, 2024

Updated resource

The following resource was updated: AWS::DataSync::Task.

AWS::DataSync::Task

Use the ManifestConfig property to configure a manifest that lists the files or objects that you want to transfer.

March 20, 2024

Updated resource

The following property was added to the AWS::DynamoDB::GlobalTable.ReplicaSpecification and AWS::DynamoDB::GlobalTable.ReplicaStreamSpecification resources: ResourcePolicy.

AWS::DynamoDB::GlobalTable.ReplicaSpecification.ResourcePolicy

Use this property to attach a resource-based policy to the replica of a DynamoDB global table.

AWS::DynamoDB::GlobalTable.ReplicaStreamSpecification.ResourcePolicy

Use this property to attach a resource-based policy to the stream of a DynamoDB global table replica.

March 20, 2024

Updated resource

The following property was added to the AWS::DynamoDB::Table and AWS::DynamoDB::Table.StreamSpecification resources: ResourcePolicy.

AWS::DynamoDB::Table.ResourcePolicy

Use this property to attach a resource-based policy to a DynamoDB resource, such as a table and its index.

AWS::DynamoDB::Table.StreamSpecification.ResourcePolicy

Use this property to attach a resource-based policy to a table's stream.

March 20, 2024

Updated resources

The following resources were updated: AWS::WAFv2::WebACL and AWS::WAFv2::RuleGroup.

AWS::WAFv2::WebACL

Use the EvaluationWindowSec property in RateBasedStatement to specify the amount of time to include in request counts.

AWS::WAFv2::RuleGroup

Use the EvaluationWindowSec property in RateBasedStatement to specify the amount of time to include in request counts.

March 19, 2024

AWS CloudFormation introduces the CONFIGURATION_COMPLETE event to enable faster workflows involving creation of resources

AWS CloudFormation added the CONFIGURATION_COMPLETE event to enable faster workflows involving the creation of resources.

March 11, 2024

Updated resources

The following resources were updated: AWS::WAFv2::WebACL and AWS::WAFv2::RuleGroup.

AWS::WAFv2::WebACL

Use the JA3Fingerprint property in FieldToMatch to perform an exact match against the web request's JA3 fingerprint.

AWS::WAFv2::RuleGroup

Use the JA3Fingerprint property in FieldToMatch to perform an exact match against the web request's JA3 fingerprint.

March 7, 2024

Updated resource

The following resources were updated: AWS::AppSync::GraphQLApi, AWS::AppSync::Resolver, AWS::AppSync::DataSource

AWS::AppSync::GraphQLApi

Added support for enhanced metrics logging.

AWS::AppSync::Resolver

Added support for enhanced metrics logging.

AWS::AppSync::DataSource

Added support for enhanced metrics logging.

March 7, 2024

Updated resource

The following resource was updated: AWS::Amplify::Domain

AWS::Amplify::Domain

Use the Certificate property to specify the SSL/TLS certificate for the domain association.

Use the CertificateSettings property to specify the type of SSL/TLS certificate to use for your custom domain.

March 1, 2024

New resource

The following resource was added: AWS::Timestream::InfluxDBInstance.

AWS::Timestream::InfluxDBInstance

Use the AWS::Timestream::InfluxDBInstance resource to create a new InfluxDB instance.

March 1, 2024

Updated resources

The following resource was updated: AWS::Batch:JobDefinition.

Use the support for multi-container jobs. The following resources were added or updated:

February 29, 2024

Updated resource

The following resource was updated: AWS::APS::Workspace.

AWS::APS::Workspace

You can use the optional KmsKeyArn property to specify a customer-managed KMS key to use when encrypting data in your Amazon Managed Service for Prometheus workspace.

For more information, see Encryption at rest in the Amazon Managed Service for Prometheus User Guide.

February 23, 2024

Updated resource

The following resources were updated: AWS::AppSync::GraphQLApi

AWS::AppSync::GraphQLApi

Added EnvironmentVariables property.

February 15, 2024

Updated resource

The following resource was updated: AWS::CodePipeline::Pipeline.

AWS::CodePipeline::Pipeline

Added new trigger filtering on branches, file paths, pull request status. Added new PARALLEL and QUEUED execution modes for V2 type pipelines. Added field for manual timeout configuration in minutes.

February 15, 2024

Updated resource

The following resources were updated: AWS::IoTSiteWise::Asset and AWS::IoTSiteWise::AssetModel.

AWS::IoTSiteWise::Asset

Added the following properties: AssetExternalId.

AWS::IoTSiteWise::AssetModel

Added the following property: AssetModelExternalId and AssetModelType.

February 15, 2024

New properties

The following properties were added: AWS::Route53::RecordSet GeoProximityLocation and AWS::Route53::RecordSetGroup GeoProximityLocation.

AWS::Route53::RecordSet GeoProximityLocation

Use the AWS::Route53::RecordSet GeoProximityLocation property to specify a geoproximity resource recordset.

AWS::Route53::RecordSetGroup GeoProximityLocation

Use the AWS::Route53::RecordSetGroup GeoProximityLocation property to specify croperty to specify a geoproximity resource recordset.

February 15, 2024

New resources

The following resources were added: AWS::NeptuneGraph::Graph and AWS::NeptuneGraph::PrivateGraphEndpoint.

AWS::NeptuneGraph::Graph

Use the AWS::NeptuneGraph::Graph resource to specify a graph in Amazon Neptune Analytics.

AWS::NeptuneGraph::PrivateGraphEndpoint

Use the AWS::NeptuneGraph::PrivateGraphEndpoint resource to specify a private graph endpoint in Amazon Neptune Analytics.

February 13, 2024

Updated resources

The following resources were updated: AWS::FSx::Filesystem and AWS::FSx::Volume

AWS::FSx::Filesystem

Use the HAPairs and ThroughputCapacityPerHAPair AWS::FSx::FileSystem OntapConfiguration properties to create a scale out FSx for ONTAP file system.

AWS::FSx::Volume

Use the AggregateConfiguration, SizeInBytes, and VolumeStyle AWS::FSx::Volume OntapConfiguration properties when creating FSx for ONTAP volumes.

February 9, 2024

Updated resource

The following resource was updated: AWS::IoT::DomainConfiguration.

AWS::IoT::DomainConfiguration

The AWS::IoT::DomainConfiguration resource adds server certificate configuration parameter.

February 9, 2024

Updated resource

The following resource was updated: AWS::Cassandra::Table.

AWS::Cassandra::Table.AutoScalingSpecifications

Use the AWS::Cassandra::Table.AutoScalingSpecifications property to specify auto scaling settings for a table in provisioned capacity mode in Amazon Keyspaces (for Apache Cassandra).

AWS::Cassandra::Table.ReplicaSpecification

The AWS::Cassandra::Table.ReplicaSpecification property allows you to define different settings for replicas of a multi-Region table in Amazon Keyspaces (for Apache Cassandra).

February 2, 2024

Generate AWS CloudFormation templates and AWS CDK applications from existing AWS resources

With the CloudFormation IaC generator, you can generate a template using resources provisioned in your account that are not already managed by CloudFormation.

February 2, 2024

Updated resource

The following resource was updated: AWS::AutoScaling::AutoScalingGroup.

AWS::AutoScaling::AutoScalingGroup InstanceRequirements

Use the MaxSpotPriceAsPercentageOfOptimalOnDemandPrice property when using attribute-based instance type selection.

January 29, 2024

Updated resource

The following resource was updated: AWS::GroundStation::MissionProfile.

ContactPostPassDurationSeconds property

Updated description of the ContactPostPassDurationSeconds property.

ContactPrePassDurationSeconds property

Updated description of the ContactPrePassDurationSeconds property.

January 29, 2024

New resource

The following resource was added: AWS::RDS::Integration

AWS::RDS::Integration

Use the AdditionalEncryptionContext property for an optional set of non-secret keyā€“value pairs that contain additional contextual information about the data.

Use the IntegrationName property for the name of the integration.

Use the KMSKeyId property for the AWS KMS key identifier for the key to use to encrypt the integration.

Use the SourceArn property for the ARN of the database to use as the source for replication.

Use the Tags property for a list of tags.

Use the TargetArn property for the ARN of the Redshift data warehouse to use as the target for replication.

January 29, 2024

New resource

The following resource was added: AWS::InspectorV2::CisScanConfiguration.

AWS::InspectorV2::CisScanConfiguration

Use the AWS::InspectorV2::CisScanConfiguration resource to specify a CIS scan configuration.

January 23, 2024

New property

The following property was added: AWS::ECS::Service TimeoutConfiguration.

AWS::ECS::Service TimeoutConfiguration

Use the TimeoutConfiguration property to specify the timeout for Service Connect

January 22, 2024

New properties

The following properties were added: AWS::ECS::Service ServiceConnectTlsConfiguration and AWS::ECS::Service ServiceConnectTlsCertificateAuthority.

AWS::ECS::Service ServiceConnectTlsConfiguration

Use the ServiceConnectTlsConfiguration property to specify the key that encrypts and decrypts your resources for Service Connect TLS.

AWS::ECS::Service ServiceConnectTlsConfiguration

Use the ServiceConnectTlsCertificateAuthority property to specify the AWS Private Certificate Authority certificate.

January 22, 2024

New resources

The following property was updated: AWS::Route53Resolver::FirewallRuleGroup FirewallRule.

AWS::Route53Resolver::FirewallRuleGroup FirewallRule

Added a Qtype property to include a DNS query type for the DNS Firewall rule to evaluate.

January 19, 2024

Updated resource

The following property was added to the AWS::DynamoDB::GlobalTable resource: KinesisStreamSpecification

AWS::DynamoDB::GlobalTable.KinesisStreamSpecification

Use the KinesisStreamSpecification property to set timestamp precision for Kinesis Data Streams.

January 18, 2024

Updated resource

The following property was added to the AWS::DynamoDB::Table resource: KinesisStreamSpecification

AWS::DynamoDB::Table.KinesisStreamSpecification

Use the KinesisStreamSpecification property to set timestamp precision for Kinesis Data Streams.

January 18, 2024

New resource

The following resources were added: AWS::DataZone::DataSource, AWS::DataZone::Domain, AWS::DataZone::Environment, AWS::DataZone::EnvironmentBlueprintConfiguration, AWS::DataZone::EnvironmentProfile, AWS::DataZone::Project, AWS::DataZone::SubscriptionTarget.

AWS::DataZone::DataSource

Use the AWS::DataZone::DataSource resource to specify an Amazon DataZone data source that is used to import technical metadata of assets (data) from the source databases or data warehouses into Amazon DataZone.

AWS::DataZone::Domain

Use the AWS::DataZone::Domain resource to specify an Amazon DataZone domain. You can use domains to organize your assets, users, and their projects.

AWS::DataZone::Environment

Use the AWS::DataZone::Environment resource to specify an Amazon DataZone environment, which is a collection of zero or more configured resources with a given set of IAM principals who can operate on those resources.

AWS::DataZone::EnvironmentBlueprintConfiguration

Use the AWS::DataZone::EnvironmentBlueprintConfiguration resource to specify the configuration details of an environment blueprint.

AWS::DataZone::EnvironmentProfile

Use the AWS::DataZone::EnvironmentProfile resource to specify the details of an environment profile.

AWS::DataZone::Project

Use the AWS::DataZone::Project resource to specify an Amazon DataZone project. Projects enable a group of users to collaborate on various business use cases that involve publishing, discovering, subscribing to, and consuming data in the Amazon DataZone catalog. Project members consume assets from the Amazon DataZone catalog and produce new assets using one or more analytical workflows.

AWS::DataZone::SubscriptionTarget

Use the AWS::DataZone::SubscriptionTarget resource to specify an Amazon DataZone subscription target. Subscription targets enable you to access the data to which you have subscribed in your projects. A subscription target specifies the location (for example, a database or a schema) and the required permissions (for example, an IAM role) that Amazon DataZone can use to establish a connection with the source data and to create the necessary grants so that members of the Amazon DataZone project can start querying the data to which they have subscribed.

January 18, 2024

New resource

The following resource was added: AWS::IVS::Stage

AWS::IVS::Stage

Use the Stage resource to specify a stage, a virtual space where participants can exchange video in real time.

January 18, 2024

Added properties

Added PreTokenGenerationConfig to AWS::Cognito::UserPool LambdaConfig and AWS::Cognito::UserPool PreTokenGenerationConfig. Adds support for access token customization Lambda functions.

AWS::Cognito::UserPool PreTokenGenerationConfig

You can update the version of your Lambda trigger event. Version 2 includes details to customize access tokens and ID tokens.

January 18, 2024

Updated resource

The following resource was updated: AWS::Logs::AccountPolicy.

AWS::Logs::AccountPolicy

The AWS::Logs::AccountPolicy resource was updated to support account-level subscription filter policies, in addition to account-level data protection policies. For more information, see Account-level subscription filters.

January 15, 2024

New resource

The following resource was added: AWS::NetworkFirewall::TLSInspectionConfiguration

AWS::NetworkFirewall::TLSInspectionConfiguration

Use the AWS::NetworkFirewall::TLSInspectionConfiguration resource to specify a TLS inspection configuration for Network Firewall to use to decrypt traffic for inspection. Network Firewall re-encrypts the traffic before sending it to its destination.

January 10, 2024

Updated resources

The following resource was added: AWS::MediaTailor::Channel.TimeShiftConfiguration

AWS::MediaTailor::Channel

Use the AWS::MediaTailor::Channel.TimeShiftConfiguration resource for configuration for time-shifted viewing.

December 27, 2023

updated resources

The following resources were added: AWS::Pinpoint::GCMChannel DefaultAuthenticationMethod and AWS::Pinpoint::GCMChannel DefaultAuthenticationMethod ServiceJson.

AWS::Pinpoint::GCMChannel DefaultAuthenticationMethod

Added the DefaultAuthenticationMethod property to specify the default authentication method used for GCM.

AWS::Pinpoint::GCMChannel ServiceJson

Added the ServiceJson property to generate an access token for authentication.

December 26, 2023

New resource

The following resource was added: AWS::Connect::PredefinedAttribute

AWS::Connect::PredefinedAttribute

Use the AWS::Connect::PredefinedAttribute resource to create a predefined attribute in the specified instance.

December 22, 2023

Updated resource

The following resource was updated: AWS::CodeCommit::Repository

AWS::CodeCommit::Repository Code

Use the KmsKeyId property to encrypt and decrypt the repository.

December 21, 2023

New resources

The following resources were updated: AWS::Route53Resolver::ResolverEndpoint and AAWS::Route53Resolver::ResolverRule TargetAddress.

AWS::Route53Resolver::ResolverEndpoint

Added a Protocols property to specify the protocols for an endpoint.

AWS::Route53Resolver::ResolverRule TargetAddress

Added a Protocols property to specify the protocols for an endpoint target address.

December 20, 2023

Updated resource

The following resources were updated: AWS::AppSync::GraphQLApi

AWS::AppSync::GraphQLApi

Use the IntrospectionConfig property to enable or disable introspection.

Use the ResolverCountLimit property to set the maximum number of resolvers that can be invoked in a single request.

Use the QueryDepthLimit property to set the maximum depth a query can have in a single request.

December 19, 2023

New resource

The following resource was added: AWS::IoT::CertificateProvider.

AWS::IoT::CertificateProvider

Use the AWS::IoT::CertificateProvider resource to create a certificate provider.

December 19, 2023

Updated resource

The following resource was updated: AWS::EKS::Cluster

AWS::EKS::Cluster

Use the AccessConfig property to enable access entries, the aws-auth ConfigMap, or both for the cluster.

An access entry allows an IAM user or role to access your cluster. Access entries can replace the need to maintain the aws-auth ConfigMap for authentication. You have the following options for authorizing an IAM user or role to access Kubernetes objects on your cluster: Kubernetes role-based access control (RBAC), Amazon EKS API, or both.

December 15, 2023

New resource

The following resource was added: AWS::EKS::AccessEntry

AWS::EKS::AccessEntry

Use the AccessEntry resource to create an access entry on your cluster. Access entries allow:

  • Amazon EC2 nodes and nodes created from Fargate profiles to join your cluster.

  • IAMroles used for any other purpose or IAM users to authenticate to your cluster and access Kubernetes objects on your cluster.

December 15, 2023

Updated resource

The following resource was updated: AWS::EFS::FileSystem

AWS::EFS::FileSystem

Use the ReplicationOverwriteProtection property for the new FileSystemProtection property type to enable or disable a file system's replication overwrite protection.

Use the TransitionToArchive property to define the lifecycle policy for transitioning files into Archive storage.

December 14, 2023

New resource

The following resources were added: AWS::B2BI::Capability

AWS::B2BI::Capability

Use the Capability resource to specify trading capabilities for the B2BI service.

AWS::B2BI::Transformer

Use the Transformer resource to describe how to process incoming EDI (electronic data interchange) for the B2BI service.

AWS::B2BI::Profile

Use the Profile resource to specify details about one of your private networks for the B2BI service.

AWS::B2BI::Partnership

Use the Partnership resource to specify the connection between a profile and a trading partner for the B2BI service.

December 14, 2023

Updated resource

The following resources were updated: AWS::AppSync::GraphQLApi

AWS::AppSync::GraphQLApi

Use the GraphQLEndpointArn return value to get the GraphQL endpoint ARN.

December 13, 2023

Updated resource

The following resource was updated: AWS::ApplicationAutoScaling::ScalingPolicy.

AWS::ApplicationAutoScaling::ScalingPolicy CustomizedMetricSpecification

Use the Metrics property to use metric math to customize the metrics that you include in your target tracking scaling policy.

December 7, 2023

Updated resource

The following resource was updated: AWS::CloudTrail::EventDataStore

AWS::CloudTrail::EventDataStore

Use the FederationEnabled property to specify whether you want to federate the event data store. Federating an event data store lets you view the metadata associated with the event data store in the AWS Glue Data Catalog and run SQL queries against your event data using Amazon Athena. The table metadata stored in the AWS Glue Data Catalog lets the Athena query engine know how to find, read, and process the data that you want to query. For more information about Lake query federation, see Federate an event data store.

AWS::CloudTrail::EventDataStore

If the FederationEnabled property is set to true, use the FederationRoleArn property to specify the ARN for the federation role. The federation role must exist in your account and provide the required minimum permissions.

December 7, 2023

Updated resource

The following resource was updated: AWS::SNS::Topic.

DeliveryStatusLogging

Use the DeliveryStatusLogging to log the delivery status of messages sent from your Amazon SNS topic to subscribed endpoints with the following supported delivery protocols:

  • Amazon Kinesis Data Firehose

  • Amazon Simple Queue Service

  • AWS Lambda

  • HTTP

  • Platform application endpoint

December 7, 2023

New resource

The following resource was added: AWS::SNS::Topic LoggingConfig.

LoggingConfig

The LoggingConfig property type specifies the Delivery status logging configuration for an AWS::SNS::Topic.

December 7, 2023

Updated resources

The following resources were updated: AWS::CleanRooms::AnalysisTemplate, AWS::CleanRooms::Collaboration, AWS::CleanRooms::ConfiguredTable, AWS::CleanRooms::Collaboration and AWS::CleanRooms::Membership.

AWS::CleanRooms::ConfiguredTableAssociation

Use the Tag property to specify a key-value pair for a collaboration.

AWS::CleanRooms::Collaboration

Use the QueryComputePaymentConfig property to specify the collaboration member's payment responsibilities for query compute costs.

Use the Tag property to specify a key-value pair for a collaboration.

AWS::CleanRooms::ConfiguredTable

Use the Tag property to specify a key-value pair for a collaboration.

AWS::CleanRooms::ConfiguredTableAssociation

Use the Tag property to specify a key-value pair for a collaboration.

AWS::CleanRooms::Membership

Use the MembershipPaymentConfiguration and MembershipQueryComputePaymentConfig properties to specify payment responsibilities accepted by the collaboration member.

December 5, 2023

Updated resource

The following resource was updated:AWS::BillingConductor::CustomLineItem AccountId.

AWS::BillingConductor::CustomLineItem AccountId

You can specify the AWS account in which a custom line item will be charged to.

December 5, 2023

New resource

The following resource was added: AWS::WorkSpacesThinClient::Environment.

AWS::WorkSpacesThinClient::Environment

Use the AWS::WorkSpacesThinClient::Environment resource to create an environment for the Amazon WorkSpaces Thin Client service.

December 5, 2023

Updated resource

The following resource was updated: AWS::CodeDeploy::DeploymentConfig.

AWS::CodeDeploy::DeploymentConfig

Use the ZonalConfig property if you want CodeDeploy to deploy your application to one Availability Zone at a time.

December 4, 2023

New resource

The following resource was released: AWS::ARCZonalShift::ZonalAutoshiftConfiguration.

Use AWS::ARCZonalShift::ZonalAutoshiftConfiguration to authorize AWS to shift away resource traffic for an application from an Availability Zone during events, on your behalf, to help reduce time to recovery. In addition, configure options for required weekly practice runs in zonal autoshift. Practice runs test the safety of shifting away your application traffic from one Availability Zone in an AWS Region.

December 1, 2023

New resource

The following resources were added: AWS::S3Express::DirectoryBucket and AWS::S3Express::BucketPolicy.

AWS::S3Express::DirectoryBucket

Use the AWS::S3Express::DirectoryBucket resource to create an Amazon S3 directory bucket.

AWS::S3Express::BucketPolicy

Use the AWS::S3Express::BucketPolicy resource to apply an S3 bucket policy to an S3 directory bucket.

December 1, 2023

Updated resources

AWS::ElastiCache::ServerlessCache.

AWS::ElastiCache::ReplicationGroup.ClusterMode

ServerlessCache enables the creation of caches with a variety of features including automatic scaling and related capabilities. For more information see Serverless caching.

November 27, 2023

Updated resource

The following resources were updated: AWS::CodeStarConnections::RepositoryLink and SyncConfiguration

AWS::CodeStarConnections::Connection

Use a repository link with a sync configuration to use Git sync.

November 27, 2023

Updated resource

The following resource was updated: AWS::AccessAnalyzer::Analyzer

AWS::AccessAnalyzer::Analyzer

Use the AnalyzerConfiguration property to specify the configuration for an Unused Access Analyzer.

November 27, 2023

New resource

The following resource was added: AWS::Backup::RestoreTestingPlan

AWS::Backup::RestoreTestingPlan

This resource was added for the feature Restore Testing.

November 27, 2023

New resource

The following resource was added: AWS::Backup::RestoreTestingSelection

AWS::Backup::RestoreTestingSelection

This resource was added for the feature Restore Testing.

November 27, 2023

Updated resource

The following resource was updated: AWS::ManagedBlockchain::Accessor

AWS::ManagedBlockchain::Accessor

Use the NetworkType property to choose the blockchain network that you are creating the Accessor for.

November 26, 2023

New resource

The following resource was added: AWS::EKS::PodIdentityAssociation

AWS::EKS::PodIdentityAssociation

Use the PodIdentityAssociation to create an EKS Pod Identity association to give IAM credentials to pods through service accounts. The previous method to do the same, IAM roles for service accounts, could only be managed inside Kubernetes.

November 26, 2023

Updated resource

The following resource was updated: AWS::CodePipeline::Pipeline.

AWS::CodePipeline::Pipeline

Added trigger and variables for V2 type pipelines.

November 19, 2023

New resource

The following properties and return values have been added:

EndpointManagement

The EndpointManagement property has added, letting you choose how you want to manage the Amazon VPC endpoints associated with your environment. You can choose to manage your own endpoints or let Amazon MWAAmanage them on your behalf.

Return values

Amazon MWAA is adding CeleryExecutorQueue, DatabaseVpcEndpointService, and WebserverVpcEndpointService as return values you can use in your templates.

November 19, 2023

Updated resources

The AWS::Transfer::Server and AWS::Transfer::User resources have been updated.

AWS::Transfer::Server S3StorageOptions

Use the S3StorageOptions property to specify how Transfer Family works with Amazon S3.

AWS::Transfer::User HomeDirectoryMapEntry

Use the Type parameter to specify whether the target of a logical directory mapping is a directory or a file.

November 17, 2023

New resource

The following parameters were added to the AWS::IoT::SecurityProfile resource.

SecurityProfile MetricsExportConfig

Specifies the MQTT topic and role ARN required for metric export.

SecurityProfile Behavior ExportMetric

Value indicates exporting metrics related to the behavior when it is true.

SecurityProfile MetricsExportConfig RoleArn

This role ARN has permission to publish MQTT messages, after which Device Defender Detect can assume the role and publish messages on your behalf.

SecurityProfile MetricToRetain ExportMetric

Value added in both Behavior and AdditionalMetricsToRetainV2 to indicate if Device Defender Detect should export the corresponding metrics.

November 17, 2023

New resources

The following resources were updated: AWS::ECR::PullThroughCacheRule

AWS::ECR::PullThroughCacheRule

The AWS::ECR::PullThroughCacheRule property was updated to include the required properties to create a pull through cache rule for an upstream registry that requires authentication.

November 16, 2023

Updated resource

The following resource was updated: AWS::CloudTrail::EventDataStore

AWS::CloudTrail::EventDataStore

Use the BillingMode property to specify the billing mode to use for the event data store. The billing mode determines the cost for ingesting events and storing events, and the default and maximum retention period for the event data store. For more information, see Event data store pricing options in the AWS CloudTrail User Guide.

November 15, 2023

Updated resource

The following resource was updated: AWS::AutoScaling::AutoScalingGroup.

AWS::AutoScaling::AutoScalingGroup

Use the InstanceMaintenancePolicy property to meet specific capacity requirements during events that lead to instance replacement, such as health check failures or an instance refresh.

November 15, 2023

Updated resource

The following resource was updated: AWS::Grafana::Workspace.

AWS::Grafana::Workspace

Use the PluginAdminEnabled property of the AWS::Grafana::Workspace resource to allow workspace admins to install, uninstall, or update plugins in the Amazon Managed Grafana workspace.

November 15, 2023

New resource

The following resource was added: AWS::OpenSearchServerless::LifecyclePolicy.

AWS::OpenSearchServerless::LifecyclePolicy

Use the AWS::OpenSearchServerless::LifecyclePolicy resource to create lifecycle access policies for Amazon OpenSearch Serverless.

November 15, 2023

Updated resource

The following resource was updated: AWS::Pipes::Pipe.

AWS::Pipes::Pipe

Use the PipeLogConfiguration property to specify the configuration settings for the logs to which the pipe should report events.

November 14, 2023

Updated resource

The following resource was updated: AWS::CloudTrail::EventDataStore

AWS::CloudTrail::EventDataStore

Use the InsightsDestination property to specify the ARN (or ID suffix of the ARN) of the destination event data store that logs Insights events.

AWS::CloudTrail::EventDataStore InsightSelector

Use the AWS::CloudTrail::EventDataStore InsightSelector property to specify the types of Insights events you want to collect in your destination event data store. ApiCallRateInsight and ApiErrorRateInsight are valid Insights types.

November 10, 2023

Updated resource

The following resource was updated: AWS::RDS::DBInstance

AWS::RDS::DBInstance

Use the AutomaticBackupReplicationRegion property for the destination Region for the backup replication of the DB instance.

November 9, 2023

Updated resource

The following resource was updated: AWS::EC2::IPAM.

AWS::EC2::IPAM

IPAM is now offered in a Free Tier and an Advanced Tier. For more information about the features available in each tier and the costs associated with the tiers, see Amazon VPC pricing > IPAM tab.'

November 8, 2023

Updated resource

The following resource was updated: AWS::MWAA::Environment

AirflowVersion

The AirflowVersion property has been updated to include a new valid value for Apache Airflow version 2.7.2.

November 6, 2023

Updated resource

The documentation for the following resource was updated: AWS::AppRunner::Service

AWS::AppRunner::Service.Tag.Value

The value assigned to the Tag property of the App Runner service.

November 3, 2023

Updated resource

The documentation for the following resource was updated: AWS::AppRunner::AutoScalingConfiguration

AWS::AppRunner::AutoScalingConfiguration.Tag

The Tag added for the autoscaling configuration resource.

November 3, 2023

Updated resource

The documentation for the following resource was updated: AWS::AppRunner::ObservabilityConfiguration

AWS::AppRunner::ObservabilityConfiguration.Tag.Key

The key assigned to Tag property of the AWS App Runner observability configuration.

November 3, 2023

Updated resource

The documentation for the following resource was updated: AWS::AppRunner::Service

AWS::AppRunner::Service.Tag

The Tag assigned to App Runner service.

November 3, 2023

Updated resource

The following resource was updated: AWS::AppRunner::Service

AWS::AppRunner::Service.CodeRepository.SourceDirectory

New property. The SourceDirectory of the App Runner service.

November 3, 2023

Updated resource

The documentation for the following resource was updated: AWS::AppRunner::VpcIngressConnection

AWS::AppRunner::VpcIngressConnection.Tag.Key

The key assigned to Tag property of the VpcIngressConnection resource of the App Runner service.

November 3, 2023

Updated resource

The documentation for the following resource was updated: AWS::AppRunner::VpcIngressConnection

AWS::AppRunner::VpcIngressConnection.Tag

The tag assigned to the VpcIngressConnection resource of the App Runner service.

November 3, 2023

Updated resource

The documentation for the following resource was updated: AWS::AppRunner::VpcConnector

AWS::AppRunner::VpcConnector.Tag.Value

The value added to the Tag property of the VpcConnector resource.

November 3, 2023

Updated resource

The documentation for the following resource was updated: AWS::AppRunner::AutoScalingConfiguration

AWS::AppRunner::AutoScalingConfiguration.Tag.Key

The key added for the Tag property of autoscaling configuration resource.

November 3, 2023

Updated resource

The documentation for the following resource was updated: AWS::AppRunner::VpcConnector

AWS::AppRunner::VpcConnector.Tag.Key

The key added for the VpcConnector resource.

November 3, 2023

Updated resource

The documentation for the following resource was updated: AWS::AppRunner::ObservabilityConfiguration

AWS::AppRunner::ObservabilityConfiguration.Tag.Value

The value added for the Tag property of the AWS App Runner observability configuration.

November 3, 2023

Updated resource

The documentation for the following resource was updated: AWS::AppRunner::AutoScalingConfiguration

AWS::AppRunner::AutoScalingConfiguration.Tag.Value

The value added for the Tag property of autoscaling configuration resource.

November 3, 2023

Updated resource

The documentation for the following resource was updated: AWS::AppRunner::VpcIngressConnection

AWS::AppRunner::VpcIngressConnection.Tag.Value

The value assigned to the VpcIngressConnection resource of the App Runner service.

November 3, 2023

Updated resource

The documentation for the following resource was updated: AWS::AppRunner::Service

AWS::AppRunner::Service.Tag.Key

The key assigned to App Runner service.

November 3, 2023

Updated resource

The documentation for the following resource was updated: AWS::AppRunner::ObservabilityConfiguration

AWS::AppRunner::ObservabilityConfiguration.Tag

Use the Tag parameter to add a key-value pair to AWS App Runner observability configuration.

November 3, 2023

Updated resource

The documentation for the following resource was updated: AWS::AppRunner::VpcConnector

AWS::AppRunner::VpcConnector.Tag

Use the AWS::AppRunner::VpcConnector Tag resource to assign a key-value pair.

November 3, 2023

Updated resource

The following resource was updated: AWS::AppRunner::Service

AWS::AppRunner::Service.NetworkConfiguration.IpAddressType

New property. Use the IpAddressType property to select either IP4 or dual stack for your incoming public traffic.

November 3, 2023

Updated resource

The following resource was updated: AWS::EMRServerless::Application MonitoringConfiguration.

AWS::EMRServerless::Application MonitoringConfiguration

Use the MonitoringConfiguration property to set the monitoring configuration.

November 3, 2023

New attribute

The following attribute was added: AWS::SNS::Topic.ArchivePolicy.

AWS::SNS::Topic

Use the AWS::SNS::Topic.ArchivePolicy attribute to archive messages to an SNS topic. Only supported for FIFO topics.

October 26, 2023

New resource

The following parameter was added: DestinationPackageVersions to the AWS::IoT::JobTemplate resource in the Ningxia (cn-northest-1) Region. It is still available in the Beijing (cn-north-1) Region and other Regions where Service Package Catalog has been deployed.

DestinationPackageVersions

Use the DestinationPackageVersions paremeter in the AWS::IoT::JobTemplate resource to indentify the package version Amazon Resource Names (ARNs) that are installed on the deviceā€™s reserved named shadow ($package) when the job successfully completes.

October 25, 2023

Updated resource

The following property was updated: AWS::EKS::Cluster

AWS::EKS::Cluster ResourcesVpcConfig

You can change the SubnetIds and SecurityGroupIds property values once the cluster is created without interruptions. Previously, changing these property values required replacement.

October 24, 2023

Updated resources

The following resources were updated: AWS::EntityResolution::MatchingWorkflow and AWS::EntityResolution::SchemaMapping.

AWS::EntityResolution::MatchingWorkflow

Use the AWS::EntityResolution::MatchingWorkflow IntermediateSourceConfiguration property to temporarily store your data while it processes.

Use the AWS::EntityResolution::MatchingWorkflow ProviderProperties property to specify configuration parameters to use with a provider service.

AWS::EntityResolution::SchemaMapping

Use SubType to specify a subtype of the attribute, selected from a list of values.

October 19, 2023

Updated resource

The following resources were updated: AWS::MSK::Configuration and AWS::MSK::BatchScramSecret.

AWS::MSK::Configuration

Creates a new MSK configuration.

AWS::MSK::BatchScramSecret

Represents a secret stored in the Amazon Secrets Manager that can be used to authenticate with a cluster using a user name and a password.

October 19, 2023

Updated resource

The following resource was updated: AWS::WAFv2::WebACL.

AWS::WAFv2::WebACL

Use the EnableMachineLearning property in AWSManagedRulesBotControlRuleSet to indicate whether to use machine learning (ML) to analyze your web traffic for bot-related activity. This setting applies only to the targeted protection level of the Bot Control managed rule group.

October 19, 2023

New resource

The following resource was added: AWS::EntityResolution::IdMappingWorkflow.

AWS::EntityResolution::IdMappingWorkflow

Use the AWS::EntityResolution::IdMappingWorkflow resource to specify a new ID mapping workflow resource in AWS Entity Resolution.

October 19, 2023

New resource

The following resources were added: AWS::MSK::Replicator.

AWS::MSK::Replicator

Use the Replicator property to create an MSK Replicator to reliably replicate data across Amazon MSK clusters.

October 19, 2023

Added properties

Added AWS::Cognito::LogDeliveryConfiguration and associated parameters for CloudWatch Logs configuration in user pools.

AWS::Cognito::LogDeliveryConfiguration

You can configure a user pool to log detailed information about user errors to CloudWatch Logs.

October 19, 2023

Updated resource

The following resource was updated: AWS::IoT::TopicRule KafkaAction.

AWS::IoT::TopicRule KafkaAction

The AWS::IoT::TopicRule KafkaAction resource adds headers parameter.

October 12, 2023

Updated resource

The following resource was added: AWS::IoT::SoftwarePackageVersion.

AWS::IoT::SoftwarePackageVersion

Use the AWS::IoT::SoftwarePackageVersion resource to create a package version.

Note: The software package must exist before creating the package version.

October 12, 2023

Updated resource

The following resource was updated: AWS::Lambda::Function.

AWS::Lambda::Function VpcConfig

Use the Ipv6AllowedForDualStack property to allow outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets.

October 12, 2023

New resource

The following resource was added: AWS::IoT::SoftwarePackage.

AWS::IoT::SoftwarePackage

Use the AWS::IoT::SoftwarePackage resource to create a software package.

October 12, 2023

New resource

The following paremeter was added: DestinationPackageVersions to the AWS::IoT::JobTemplate resource in the Beijing (cn-north-1) Region and other Regions where Service Package Catalog has been deployed except for the the Ningxia (cn-northest-1) Region.

DestinationPackageVersions

Use the DestinationPackageVersions paremeter in the AWS::IoT::JobTemplate resource to indentify the package version Amazon Resource Names (ARNs) that are installed on the deviceā€™s reserved named shadow ($package) when the job successfully completes.

October 12, 2023

Updated resource

The following resource was updated: AWS::InternetMonitor::Monitor.

AWS::InternetMonitor::Monitor

Use Monitor.Resources to add or remove resources when making an update. If Monitor.Resources is non-empty during an update, Monitor.ResourcesToAdd and Monitor.ResourcesToRemove must be empty.

October 6, 2023

Updated resource

The following resource was updated: AWS::ServiceCatalog::PortfolioPrincipalAssociation.

AWS::ServiceCatalog::PortfolioPrincipalAssociation

Use the PrincipalType property to specify the type of principal associated with the portfolio.

October 5, 2023

Updated resources

The following resources were updated: AWS::Lightsail::Disk and AWS::Lightsail::Container

AWS::Lightsail::Disk Location

Use the location property to specify the location of the disk, such as the AWS Region and Availability Zone.

AWS::Lightsail::Container PrivateRegistryAccess

Use the PrivateRegistryAccess property to describe the configuration for a Lightsail container service to access private container image repositories, such as Amazon Elastic Container Registry (Amazon ECR) private repositories.

September 28, 2023

Updated resource

The following resource was updated: AWS::EFS::FileSystem.

AWS::EFS::FileSystem

Use the ReplicationConfiguration property to specify a replication configuration for a file system.

Use the ReplicationDestination property to specify the destination file system for a replication configuration.

September 21, 2023

Updated resource

The following resource was updated: AWS::RDS::DBInstance

AWS::RDS::DBInstance

Use the DomainAuthSecretArn property to find the ARN for the Secrets Manager with the details for the user joining the domain.

Use the DomainDnsIps property for the IP addresses of the Active Directory domain controllers.

Use the DomainFqdn property for the fully qualified domain name (FQDN) of an Active Directory domain.

Use the DomainOu property for the Active Directory organizational unit for your DB instance to join.

September 21, 2023

New resource

The following resource was added: AWS::Connect::SecurityProfile

AWS::Connect::SecurityProfile

Use the AWS::Connect::SecurityProfile resource to create a security profile in the specified instance.

September 21, 2023

New resource

Use the following resource to create a data store in AWS HealthImaging.

AWS::HealthImaging::Datastore

Creates a data store in AWS HealthImaging.

September 21, 2023

Updated resources

The following resources were updated: AWS::AppStream::Fleet and AWS::AppStream::Fleet ComputeCapacity.

AWS::AppStream::Fleet

Use the MaxSessionsPerInstance property to specify the maximum number of user sessions on an instance. This is applicable only for multi-session fleets.

AWS::AppStream::Fleet ComputeCapacity

Use the DesiredSessions property to specify the desired capacity in terms of number of user sessions for a multi-session fleet.

AWS::AppStream::ApplicationFleetAssociation

Use the AWS::AppStream::ApplicationFleetAssociation resource to specify an association between an application and fleet.

September 14, 2023

Updated resources

The following resources were added: AWS::MediaPackageV2::Channel, AWS::MediaPackageV2::ChannelGroup, AWS::MediaPackageV2::ChannelPolicy, AWS::MediaPackageV2::OriginEndpoint, and AWS::MediaPackageV2::OriginEndpointPolicy.

AWS::MediaPackageV2::Channel

Use the AWS::MediaPackageV2::ChannelGroup resource to specify the configuration parameters for a channel.

AWS::MediaPackageV2::ChannelGroup

Use the AWS::MediaPackageV2::ChannelGroup resource to specify the configuration parameters for a channel group.

AWS::MediaPackageV2::ChannelPolicy

Use the AWS::MediaPackageV2::ChannelPolicy resource to specify the configuration parameters for a channel policy.

AWS::MediaPackageV2::OriginEndpoint

Use the AWS::MediaPackageV2::OriginEndpoint resource to specify the configuration parameters for an origin endpoint.

AWS::MediaPackageV2::OriginEndpointPolicy

Use the AWS::MediaPackageV2::OriginEndpointPolicy resource to specify the configuration parameters for an origin endpoint policy.

September 14, 2023

Updated resource

The following resource was updated: AWS::BillingConductor::CustomLineItem LineItemFilter.

AWS::BillingConductor::CustomLineItem LineItemFilter

You can use LineItemFilter for your CustomLineItem to customize the definition of a billing group's total cost when you include the billing group as a resource value for a percentage custom line item.

September 7, 2023

Updated resource

The following resource was updated: AWS::CleanRooms::Membership.

AWS::CleanRooms::Membership

Use the MembershipProtectedQueryOutputConfiguration, MembershipProtectedQueryResultConfiguration, and ProtectedQueryS3OutputConfiguration properties to specify configurations for protected query results.

September 7, 2023

New resource

The following resource was added: AWS::Connect::View

AWS::Connect::View

Use the AWS::Connect::View resource to create a customer-managed view in the specified instance.

September 7, 2023

New resource

The following resource was added: AWS::Connect::ViewVersion

AWS::Connect::ViewVersion

Use the AWS::Connect::ViewVersion resource to create a version for the specified customer-managed view within the specified instance.

September 7, 2023

Updated resource

The following resource was updated: AWS::CloudFormation::Stack.

AWS::CloudFormation::Stack

The Capabilities, ChangeSetId, CreationTime, Description, DisableRollback, EnableTerminationProtection, LastUpdateTime, Outputs, ParentId, RoleARN, RootId, StackId, StackName, StackPolicyBody, StackPolicyURL, StackStatus, StackStatusReason, and TemplateBody properties can be accessed only when using AWS Cloud Control API.

August 31, 2023

Updated resource

The following resource was updated: AWS::DataSync::Task.

AWS::DataSync::Task

Use the TaskReportConfig property to configure task reports, which can help you monitor and audit your DataSync transfers.

August 31, 2023

New resource

The following resource was added: AWS::CleanRooms::AnalysisTemplate

AWS::CleanRooms::AnalysisTemplate

Use the AWS::CleanRooms::AnalysisTemplate resource to specify a new analysis template resource in AWS Clean Rooms.

August 31, 2023

New resource

The following resource was added: AWS::PCAConnectorAD::Connector

AWS::PCAConnectorAD::Connector

Creates and manage connector between AWS Private CA and an Active Directory.

August 31, 2023

New resource

The following resource was added: AWS::PCAConnectorAD::DirectoryRegistration

AWS::PCAConnectorAD::DirectoryRegistration

Create and manage a directory registration that authorizes communication between AWS Private CA and an Active Directory

August 31, 2023

New resource

The following resource was added: AWS::PCAConnectorAD::ServicePrincipalName

AWS::PCAConnectorAD::ServicePrincipalName

Create and manage service principal name (SPN) for the service account in Active Directory.

August 31, 2023

New resource

The following resource was added: AWS::PCAConnectorAD::TemplateGroupAccessControlEntry

AWS::PCAConnectorAD::TemplateGroupAccessControlEntry

Create and manage group access control entries from Active Directory groups.

August 31, 2023

New resource

The following resource was added: AWS::PCAConnectorAD::Template

AWS::PCAConnectorAD::Template

Create and manage an Active Directory compatible certificate template.

August 31, 2023

Updated resource

The following resource was updated: AWS::WAFv2::WebACL.

AWS::WAFv2::WebACL

Added guidance for managing web ACLs that you use with Shield Advanced automatic application layer DDoS mitigation.

August 30, 2023

Updated resource

The following resource was updated: AWS::CleanRooms::ConfiguredTable.

AWS::CleanRooms::ConfiguredTable

Use the AnalysisRuleCustom property to specify a configured table resource with the custom analysis rule type in AWS Clean Rooms.

August 24, 2023

Updated resource

The following resource was updated: AWS::EMRServerless::Application.

AWS::EMRServerless::Application

The ReleaseLabel property can now be modified.

August 24, 2023

New resources

The following resource was added: AWS::EntityResolution::MatchingWorkflow.

AWS::EntityResolution::MatchingWorkflow

Use the AWS::EntityResolution::MatchingWorkflow resource to specify a new matching workflow resource in AWS Entity Resolution.

August 24, 2023

New resources

The following resources were added: AWS::WorkSpacesWeb::BrowserSettings, AWS::WorkSpacesWeb::IdentityProvider, AWS::WorkSpacesWeb::IpAccessSettings, AWS::WorkSpacesWeb::NetworkSettings, AWS::WorkSpacesWeb::Portal, AWS::WorkSpacesWeb::TrustStore, AWS::WorkSpacesWeb::UserAccessLoggingSettings, and AWS::WorkSpacesWeb::UserSettings.

AWS::WorkSpacesWeb::BrowserSettings

Use the AWS::WorkSpacesWeb::BrowserSettings resource to specify browser settings that can be associated with a web portal.

AWS::WorkSpacesWeb::IdentityProvider

Use the AWS::WorkSpacesWeb::IdentityProvider resource to specify an identity provider that is then associated with a web portal.

AWS::WorkSpacesWeb::IpAccessSettings

Use the AWS::WorkSpacesWeb::IpAccessSettings resource to specify IP access settings that can be associated with a web portal.

AWS::WorkSpacesWeb::NetworkSettings

Use the AWS::WorkSpacesWeb::NetworkSettings resource to specify network settings that can be associated with a web portal.

AWS::WorkSpacesWeb::Portal

Use the AWS::WorkSpacesWeb::Portal resource to specify a web portal, which users use to start browsing sessions.

AWS::WorkSpacesWeb::TrustStore

Use the AWS::WorkSpacesWeb::TrustStore resource to specify a trust store that can be associated with a web portal.

AWS::WorkSpacesWeb::UserAccessLoggingSettings

Use the AWS::WorkSpacesWeb::UserAccessLoggingSettings resource to specify user access logging settings that can be associated with a web portal.

AWS::WorkSpacesWeb::UserSettings

Use the AWS::WorkSpacesWeb::UserSettings resource to specify user settings that can be associated with a web portal.

August 24, 2023

Updated resource

AWS::NetworkManager::ConnectPeer was updated.

AWS::NetworkManager::ConnectPeer

Use the SubnetArn property to specify the subnet ARN of a Connect peer.

August 23, 2023

Updated resources

The following resources were added: AWS::MediaTailor::Channel, AWS::MediaTailor::ChannelPolicy, AWS::MediaTailor::LiveSource, AWS::MediaTailor::SourceLocation, and AWS::MediaTailor::VodSource

AWS::MediaTailor::Channel

Use the AWS::MediaTailor::Channel resource to specify the configuration parameters for a channel.

AWS::MediaTailor::ChannelPolicy

Use the AWS::MediaTailor::ChannelPolicy resource to specify an IAM policy for the channel.

AWS::MediaTailor::LiveSource

Use the AWS::MediaTailor::LiveSource resource to specify configuration parameters for a live source.

AWS::MediaTailor::SourceLocation

Use the AWS::MediaTailor::SourceLocation resource to specify configuration parameters for a source location.

AWS::MediaTailor::VodSource

Use the AWS::MediaTailor::VodSource resource to specify configuration parameters for a VOD source.

August 17, 2023

Updated resource

The following resources were updated: AWS::AppSync::GraphQLApi

AWS::AppSync::GraphQLApi

Updated several properties to mutable values.

August 17, 2023

Updated resource

The following resource was updated: AWS::FSx::Filesystem

AWS::FSx::Filesystem

The AWS::FSx::FileSystem OpenZFSConfiguration and AWS::FSx::FileSystem WindowsConfiguration resources were updated.

August 17, 2023

New resources

The following resource was added: AWS::EntityResolution::SchemaMapping.

AWS::EntityResolution::SchemaMapping

Use the AWS::EntityResolution::SchemaMapping resource to specify a new schema mapping resource in AWS Entity Resolution.

August 17, 2023

New resource

The following resource was added: AWS::EC2::InstanceConnectEndpoint.

AWS::EC2::InstanceConnectEndpoint

Creates an EC2 Instance Connect Endpoint.

August 17, 2023

New resource

The following resource was added: AWS::Route53Resolver::OutpostResolver

AWS::Route53Resolver::OutpostResolver

Use the AWS::Route53Resolver::OutpostResolver resource to specify information about a RouteĀ 53 Resolver on an AWS Outposts.

August 17, 2023

Updated resource

The following resource was updated: AWS::EC2::LaunchTemplate NetworkInterface.

AWS::EC2::LaunchTemplate NetworkInterface

Use the PrimaryIpv6 property to specify a primary IPv6 address on a network interface.

August 10, 2023

Updated resource

The following resource was updated: AWS::IVS::RecordingConfiguration

AWS::IVS::RecordingConfiguration

Use the RecordingConfiguration resource to configure a stream recording.

August 10, 2023

Updated resource

The following resource was updated: AWS::WAFv2::WebACL.

AWS::WAFv2::WebACL

Use the AWSManagedRulesACFPRuleSet property to configure your use of the account creation fraud prevention (ACFP) managed rule group, in a managed rule group reference statement. For protected CloudFront distributions, in addition to inspecting account registration and account creation requests, you can also use ACFP to block new account creation attempts from clients that have recently submitted too many failed account creation attempts.

Use the EnableRegexInPath setting in the AWSManagedRulesATPRuleSet property to enable the use of regex in the login page path specification.

August 10, 2023

New resource

The following resource was added: AWS::Connect::TrafficDistributionGroup

AWS::Connect::TrafficDistributionGroup

Use the AWS::Connect::TrafficDistributionGroup resource to get information about a traffic distribution group.

August 10, 2023

New resource

The following resource was added: AWS::DataSync::LocationAzureBlob.

AWS::DataSync::LocationAzureBlob

Use the AWS::DataSync::LocationAzureBlob resource to create a transfer location for a Microsoft Azure Blob Storage container.

August 10, 2023

Updated resource

The following resource was updated: AWS::MWAA::Environment

AirflowVersion

The AirflowVersion property has been updated to include a new valid value for Apache Airflow version 2.6.3.

August 9, 2023

New resources

The following resource was updated: AWS::Batch:JobDefinition.

AWS::Batch::JobDefinition RuntimePlatform

Use the RuntimePlatform property to specify the CpuArchitecture and OperatingSystemFamily for AWS Batch jobs on AWS Fargate.

August 8, 2023

Updated resource

The following resource was updated: AWS::BillingConductor::BillingGroup AccountGrouping.

AWS::BillingConductor::BillingGroup AccountGrouping

You can use AutoAssociate so that your billing group will automatically associate newly added AWS accounts that join your consolidated billing family.

August 3, 2023

Updated resource

The following resources were added: AWS::DMS::ReplicationConfig, AWS::DMS::ComputeConfig. The following resources were updated: AWS::DMS::RedshiftSettings, AWS::DMS::ComputeConfig.

AWS::DMS::Endpoint.ReplicationConfig

Added ReplicationConfig. Use ReplicationConfig to configure a serverless replication.

AWS::DMS::Endpoint.ReplicationConfig

Added ComputeConfig. Use ComputeConfig to configure provisioning for a serverless replication.

AWS::DMS::Endpoint.MongoDbSettings

Added MapBooleanAsBoolean attributes to RedshiftSettings. Use MapBooleanAsBoolean to configure how DMS migrates boolean values.

AWS::DMS::Endpoint.MongoDbSettings

Added MapBooleanAsBoolean to PostgreSQLSettings. Use MapBooleanAsBoolean to configure how DMS migrates boolean values.

August 3, 2023

Updated resource

The following resource was updated: AWS::EC2::NetworkInterface.

AWS::EC2::NetworkInterface

Use the EnablePrimaryIpv6 property to enable a primary IPv6 address on a network interface.

August 3, 2023

Updated resource

The following resource was updated: AWS::SQS::QueueInlinePolicy

AWS::SQS::QueueInlinePolicy

You can now associate one Amazon SQS policy with one queue.

August 3, 2023

New and updated resources

The AWS::Transfer::Connector As2Config resource has been updated with several new parameters. Also, the AWS::Transfer::Connector Sftp2Config resource has been added.

AWS::Transfer::Connector As2Config

Multiple parameters have been added for this resource. See the linked documentation for details.

AWS::Transfer::Connector SftpConfig

Use the SftpConfig resource to specify values for a connector. The connector establishes a relationship between your AWS storage and a partner's SFTP server.

August 3, 2023

New resource

The following resource was added: AWS::SNS::TopicInlinePolicy.

AWS::SNS::TopicInlinePolicy

Use the AWS::SNS::TopicInlinePolicy resource to associate one Amazon SNS topic with one policy.

August 2, 2023

Updated resources

The following resources were updated: AWS::WAFv2::WebACL and AWS::WAFv2::RuleGroup.

AWS::WAFv2::WebACL

Use the AggregateKeyType and CustomKeys properties in rate based rules to configure custom web request aggregation for rate limiting.

AWS::WAFv2::RuleGroup

Use the AggregateKeyType and CustomKeys properties in rate based rules to configure custom web request aggregation for rate limiting.

July 27, 2023

Fn::ForEach intrinsic function

The Fn::ForEach intrinsic function introduces looping capabilities to your AWS CloudFormation templates. With Fn::ForEach, you can replicate parts of your templates with minimal lines of code. You can use Fn::ForEach to simplify your template layout and make it easier and faster for you and your peers to review your code.

For more information, see Fn::ForEach.

July 25, 2023

Detailed StackSet drift information

The following APIs allow users to see which stack instances have drifted from the StackSet template and which resources have drifted.

ListStackInstanceResourceDrifts

Returns drift information for resources in a stack instance.

StackInstanceResourceDriftsSummary

The structure containing summary information about resource drifts for a stack instance.

July 24, 2023

Updated resource

The following resource was updated: AWS::FSx::Volume

AWS::FSx::Volume

Use the SnapLockConfiguration resource to create an ONTAP SnapLock volume.

July 20, 2023

New resources

The following resources were added: AWS::IAM::GroupPolicy, AWS::IAM::RolePolicy, and AWS::IAM::UserPolicy.

AWS::IAM::GroupPolicy

Use the AWS::IAM::GroupPolicy resource to specify an inline policy document that is embedded in the IAM group.

AWS::IAM::RolePolicy

Use the AWS::IAM::RolePolicy resource to specify an inline policy document that is embedded in the IAM role.

AWS::IAM::UserPolicy

Use the AWS::IAM::UserPolicy resource to specify an inline policy document that is embedded in the IAM user.

July 20, 2023

New resource

The following resource was added: AWS::Logs::LogAnomalyDetector.

AWS::Logs::LogAnomalyDetector

Use the AWS::Logs::LogAnomalyDetector resource to create or update a log anomaly detector. A log anomaly detector anomaly scans the log events ingested into the log group and finds anomalies in the log data. For more information, see Log anomaly detection.

July 20, 2023

New resource

The following resource was added: AWS::Logs::AccountPolicy.

AWS::Logs::AccountPolicy

Use the AWS::Logs::AccountPolicy resource to create or update an account-level data protection policy that applies to all log groups in the account. A data protection policy can help safeguard sensitive data that's ingested by your log groups by auditing and masking the sensitive log data.. For more information, see Protect sensitive log data with masking.

July 20, 2023

New resource

The following resource was added: AWS::Connect::RoutingProfile

AWS::Connect::RoutingProfile

Use the AWS::Connect::RoutingProfile resource to create a routing profile for the specified Amazon Connect instance.

July 20, 2023

New resource

The following resource was added: AWS::Connect::Queue

AWS::Connect::Queue

Use the AWS::Connect::Queue resource to create a queue for the specified Amazon Connect instance.

July 20, 2023

Updated resource

The following resource was updated: AWS::CleanRooms::ConfiguredTable

AWS::CleanRooms::ConfiguredTable

Use the AWS::CleanRooms::ConfiguredTable resource to specify a new configured table resource in AWS Clean Rooms.

July 13, 2023

Updated resource

The following resource was updated: AWS::InternetMonitor::Monitor.

AWS::InternetMonitor::Monitor

Use Monitor.HealthEventsConfig to set the threshold for when Internet Monitor creates a health event. You can set the threshold for the availability score, performance score, or both.

July 13, 2023

Updated resource

The following resource was updated: AWS::IoT::JobTemplate.

AWS::IoT::JobTemplate JobExecutionsRetryConfig

The AWS::IoT::JobTemplate JobExecutionsRetryConfig resource adds a description for the RetryCriteriaList parameter.

July 13, 2023

Updated resource

The following resource was updated: AWS::IoT::JobTemplate.

AWS::IoT::JobTemplate JobExecutionsRolloutConfig

The AWS::IoT::JobTemplate JobExecutionsRolloutConfig resource adds a description for the ExponentialRolloutRate parameter.

July 13, 2023

Updated resource

The following resource was updated: AWS::SageMaker::Endpoint.

AWS::SageMaker::Endpoint

Use the RollingUpdatePolicy in the AWS::SageMaker::Endpoint resource to create a new rolling deployment for updating a SageMaker endpoint.

July 13, 2023

New resource

The following resource was added: AWS::Transfer::Server StructuredLogDestination

AWS::Transfer::Server StructuredLogDestination

Use the StructuredLogDestination resource to specify the log groups to which your AWS Transfer Family server logs are sent.

July 6, 2023

Updated resources

The following resource was updated: AWS::AppStream::AppBlock

AWS::AppStream::AppBlock

Use the PackagingType property to specify the packaging type of the app block.

AWS::AppStream::AppBlock

Use the PostSetupScriptDetails property to specify the post setup script details of the app block.

June 29, 2023

Updated resource

The following resource was updated: AWS::EC2::KeyPair.

AWS::EC2::KeyPair

Use the KeyFormat property to specify the format for the key pair.

June 29, 2023

Updated resource

The following resource was updated: AWS::WAFv2::WebACL.

AWS::WAFv2::WebACL

Use the AssociationConfig property to increase the body inspection size limit for CloudFront distributions beyond the new default size limit of 16 KB. This update doesn't affect protections for regional resources.

June 29, 2023

New resources

The following resource was added: AWS::AppStream::AppBlockBuilder

AWS::AppStream::AppBlockBuilder

Use the AWS::AppStream::AppBlockBuilder resource to create an app block builder.

June 29, 2023

New resources

The following resources were added: AWS::VerifiedPermissions::IdentitySource, AWS::VerifiedPermissions::Policy, AWS::VerifiedPermissions::PolicyStore, and AWS::VerifiedPermissions::PolicyTemplate.

AWS::VerifiedPermissions::IdentitySource

Use the AWS::VerifiedPermissions::IdentitySource resource to specify an identity source in Amazon Verified Permissions.

AWS::VerifiedPermissions::Policy

Use the AWS::VerifiedPermissions::policy resource to specify a static or template-linked policy in Amazon Verified Permissions.

AWS::VerifiedPermissions::PolicyStore

Use the AWS::VerifiedPermissions::PolicyStore resource to specify a policy store in Amazon Verified Permissions.

AWS::VerifiedPermissions::PolicyTemplate

Use the AWS::VerifiedPermissions::PolicyTemplate resource to specify a policy template in Amazon Verified Permissions.

June 29, 2023

New resource

The following new resource was added: AWS::Comprehend::DocumentClassifier.

Use the AWS::Comprehend::DocumentClassifier resource to create and train custom document classifiers in Amazon Comprehend.

June 29, 2023

Updated resource

The following resource was updated: AWS::Cassandra::Keyspace.

AWS::Cassandra::Keyspace.ReplicationSpecification

Use the AWS::Cassandra::Keyspace.ReplicationSpecification property to create a multi-Region keyspace in Amazon Keyspaces (for Apache Cassandra).

June 26, 2023

New resources

The following resources were added: AWS::StepFunctions::StateMachineAlias and AWS::StepFunctions::StateMachineVersion .

AWS::StepFunctions::StateMachineAlias

Use the AWS::StepFunctions::StateMachineAlias resource to create an alias that routes traffic to one or two versions of the same state machine.

AWS::StepFunctions::StateMachineVersion

Use the AWS::StepFunctions::StateMachineVersion resource to create multiple versions of a state machine.

June 22, 2023

New resource

The following resource was added: AWS::AppRunner::AutoScalingConfiguration

AWS::AppRunner::AutoScalingConfiguration

Use the AWS::AppRunner::AutoScalingConfiguration resource to create or update an AWS App Runner automatic scaling configuration resource.

June 22, 2023

New resource

The following resource was added: AWS::Organizations::Organization.

AWS::Organizations::Organization

Use the AWS::Organizations::Organization resource to create an AWS organization. The account you use to create the organization automatically becomes the management account of the new organization.

June 22, 2023

New and updated resources

The following resource was updated: AWS::SecurityHub::Hub. The following resource was added: AWS::SecurityHub::Standard.

AWS::SecurityHub::Hub

Use the AutoEnableControls property to specify whether you want Security Hub to automatically enable new controls as they are added to your enabled standards. For more information, see Enabling new controls in enabled standards automatically.

Use the ControlFindingGenerator property to specify whether you want Security Hub to generate a single finding or separate findings when a control applies to multiple standards. For more information, see Consolidated control findings.

Use the EnableDefaultStandards property to specify whether you want to enable security standards that Security Hub has designated as default standards. For more information, see Automatically enabled security standards.

AWS::SecurityHub::Standard

Use the AWS::SecurityHub::Standard resource to enable a specified security standard in Security Hub.

June 22, 2023

Updated resources

The following resource was updated: AWS::WAFv2::WebACLAssociation.

AWS::WAFv2::WebACLAssociation

The ResourceArn property now accepts AWS Verified Access instance ARNs.

June 17, 2023

Updated resource

The following resource was updated: AWS::IVS::Channel

AWS::IVS::Channel

Use the preset property to set a transcode preset, based on bandwidth delivery, for the channel. Available only for advanced channel types.

June 15, 2023

Updated resource

The following resource was updated: AWS::S3::Bucket.

AWS::S3::Bucket ServerSideEncryptionByDefault

Updated SSEAlgorithm to add a new allowed value: DSSE-KMS. You can apply this setting to enable dual-layer server-side encryption with AWS KMS keys.

June 15, 2023

New resources

The following resources were added: AWS::CleanRooms::Collaboration, AWS::CleanRooms::ConfiguredTable, AWS::CleanRooms::ConfiguredTableAssociation, and AWS::CleanRooms::Membership.

AWS::CleanRooms::Collaboration

Use the AWS::CleanRooms::Collaboration resource to specify a new collaboration resource in AWS Clean Rooms.

AWS::CleanRooms::ConfiguredTable

Use the AWS::CleanRooms::ConfiguredTable resource to specify a new configured table resource in AWS Clean Rooms.

AWS::CleanRooms::ConfiguredTableAssociation

Use the AWS::CleanRooms::ConfiguredTable resource to specify a new configured association resource in AWS Clean Rooms.

AWS::CleanRooms::Membership

Use the AWS::CleanRooms::Membership resource to specify a membership for a specific collaboration identifier and join the collaboration in AWS Clean Rooms.

June 15, 2023

New resources

The following resources were added: AWS::MediaConnect::Bridge, AWS::MediaConnect::BridgeOutput, AWS::MediaConnect::BridgeSource, and AWS::MediaConnect::Gateway.

AWS::MediaConnect::Bridge

Use the AWS::MediaConnect::Bridge resource to create a connection between your data center instance and the cloud.

AWS::MediaConnect::BridgeOutput

Use the AWS::MediaConnect::BridgeOutput resource to add new outputs to an existing bridge.

AWS::MediaConnect::BridgeSource

Use the AWS::MediaConnect::BridgeSource resource to add new sources to an existing bridge.

AWS::MediaConnect::Gateway

Use the AWS::MediaConnect::Gateway resource to create a gateway. The gateway is a logical grouping of Instances and Bridges. Each gateway utilizes user-defined IP information for communication between data centers and the cloud.

June 15, 2023

New resource

The following resource was added: AWS::RDS::CustomDBEngineVersion

AWS::RDS::CustomDBEngineVersion

The DatabaseInstallationFilesS3BucketName property is the name of an Amazon S3 bucket that contains database installation files for your CEV.

The DatabaseInstallationFilesS3Prefix property is the Amazon S3 directory that contains the database installation files for your CEV.

Use the Description property to provide an optional description of your CEV.

Use the Engine property to indicate the database engine to use for your custom engine version (CEV).

Use the EngineVersion property to indicate the name of your CEV in the format 19.customized_string.

Use the KMSKeyId property for the AWS KMS key identifier for an encrypted CEV.

The Manifest property is the CEV manifest, which is a JSON document that describes the installation .zip files stored in Amazon S3.

The Status property provides the status of a custom engine version (CEV).

The Tags property allows you to add metadata to your RDS resource.

June 15, 2023

New resource

The following resource was added: AWS::SecurityHub::AutomationRule.

AWS::SecurityHub::AutomationRule

Use the AWS::SecurityHub::AutomationRule resource to specify an automation rule based on criteria that you define.

June 15, 2023

Updated resource

The following resource was updated: AWS::CloudTrail::EventDataStore

AWS::CloudTrail::EventDataStore

Use the IngestionEnabled property to specify whether you want the event data store to ingest events.

June 8, 2023

Updated resource

The following resource was updated: AWS::CustomerProfiles::EventStream.

AWS::CustomerProfiles::EventStream

Use the AWS::CustomerProfiles::EventStream resource to create a new event stream in Amazon Connect Customer Profiles Service.

June 8, 2023

New resource

The following resource was added: AWS::Athena::CapacityReservation

AWS::Athena::CapacityReservation

Use the AWS::Athena::CapacityReservation resource to specify dedicated processing capacity for the queries you run in Athena. You can assign one or more workgroups to the reservation. Capacity is fully managed by Athena and held for you as long as you require.

June 8, 2023

New Properties

The following properties were added: AWS::Omics::Workflow.Accelerators, AWS::Omics::RunGroup.MaxGpus, AWS::Omics::AnnotationStore.SchemaItem, and AWS::Omics::SequenceStore.FallbackLocation.

AWS::Omics::Workflow

Use the AWS::Omics::Workflow.Accelerators property to specify the accelerator used for your workflow in Amazon Omics.

AWS::Omics::RunGroup

Use the AWS::Omics::RunGroup.MaxGpus property to specify the max GPUs for your run group in Amazon Omics.

AWS::Omics::AnnotationStore

Use the AWS::Omics::AnnotationStore.SchemaItem property to specify a schema item. Omics.

AWS::Omics::SequenceStore

Use the AWS::Omics::SequenceStore.FallbackLocation property update to specify a fallback location for files that don't upload successfully. Omics.

June 8, 2023

AWS CloudFormation StackSets APIs to control AWS Organizations trust access

AWS CloudFormation StackSets provides customers with the following APIs for managing AWS Organizations trust access:

ActivateOrganizationsAccess

Activate trusted access with AWS Organizations. With trusted access between StackSets and Organizations activated, the management account has permissions to create and manage StackSets for your organization.

DeactivateOrganizationsAccess

Deactivates trusted access with AWS Organizations. If trusted access is deactivated, the management account does not have permissions to create and manage service-managed StackSets for your organization.

DescribeOrganizationsAccess

Retrieves information about the account's OrganizationAccess status. This API can be called either by the management account or the delegated administrator by using the CallAs parameter. This API can also be called without the CallAs parameter by the management account.

June 5, 2023

Updated resource

The following resource was updated: AWS::GroundStation::DataflowEndpointGroup.

ContactPostPassDurationSeconds property

Updated description of the ContactPostPassDurationSeconds property.

ContactPrePassDurationSeconds property

Updated description of the ContactPrePassDurationSeconds property.

June 2, 2023

Updated resource

The following resource was updated: AWS::CustomerProfiles::CalculatedAttributeDefinition.

AWS::CustomerProfiles::CalculatedAttributeDefinition

Use the AWS::CustomerProfiles::CalculatedAttributeDefinition resource to create a new integration in Amazon Connect Customer Profiles Service.

June 1, 2023

Updated resource

The following resource was added: AWS::Detective::Graph

AWS::Detective::Graph

AutoEnableMembers indicates whether to automatically enable new organization accounts as member accounts in the organization behavior graph.

June 1, 2023

Updated resource

The following resource was updated: AWS::IoTFleetWise::Campaign

AWS::IoTFleetWise::Campaign

The AWS::IoTFleetWise::Campaign resource now supports sending vehicle data to Amazon S3 or Amazon Timestream.

June 1, 2023

Updated resource

The following resource was updated: AWS::RefactorSpaces::Route.

AWS::RefactorSpaces::Route

In the UriPathRouteInput property type, use the AppendSourcePath property to specify whether to append the source path to the service URL endpoint.

June 1, 2023

Updated resource

The following resource was updated: AWS::WorkSpaces::ConnectionAlias

AWS::WorkSpaces::ConnectionAlias

The ConnectionAliasAssociation property was removed from the AWS::WorkSpaces::ConnectionAlias resource.

June 1, 2023

New resource

The following resource was updated: AWS::Detective::OrganizationAdmin

AWS::Detective::OrganizationAdmin

Designates the Detective administrator account for the organization in the current region.

June 1, 2023

Added resource

The following resource was added: AWS::Cognito::IdentityPoolPrincipalTag

AWS::Cognito::IdentityPoolPrincipalTag

AWS::Cognito::IdentityPoolPrincipalTag is a map of identity pool user claims to principal tags that you want to apply to your user's temporary session.

May 26, 2023

Updated resource

The following resource was updated: AWS::Grafana::Workspace.

AWS::Grafana::Workspace

Use the GrafanaVersion property of the AWS::Grafana::Workspace resource to configure the version of Grafana to support in your Amazon Managed Grafana workspace.

May 25, 2023

Updated resource

The following resource was updated: AWS::OpenSearchService::Domain.

AWS::OpenSearchService::Domain

Use the MultiAZWithStandbyEnabled property within ClusterConfig to deploy a domain with the Multi-AZ with Standby option.

May 25, 2023

Updated resource

The ScalingMode property was revised for the AWS::SES::DedicatedIpPool resource:

AWS::SES::DedicatedIpPool

The ScalingMode property changed its Update requires: definition from Replacement to Some interruptions.

May 25, 2023

New resources

The following resources were updated: AWS::AppSync::GraphQLApi

AWS::AppSync::GraphQLApi

Use the ApiType property to specify whether the type of a GraphQL API is standard or merged.

Use the MergedApiExecutionRoleArn property to specify the service role ARN for a merged API.

Use the OwnerContact property to specify the owner contact information for an API resource.

The following resources were added: AWS::AppSync::SourceApiAssociation

AWS::AppSync::SourceApiAssociation

Use the AWS::AppSync::SourceApiAssociation resource to describe the configuration of a source API.

May 25, 2023

New resources

The following resources were added: AWS::Shield::DRTAccess, AWS::Shield::ProactiveEngagement, AWS::Shield::Protection, and AWS::Shield::ProtectionGroup.

AWS::Shield::DRTAccess

Use the AWS::Shield::DRTAccess resource to give permissions to the Shield response team (SRT) to access your account and your resource protections. This permits them to help you mitigate distributed denial of service (DDoS) attacks.

AWS::Shield::ProactiveEngagement

Use the AWS::Shield::ProactiveEngagement resource to enable and disable authorization for the the Shield Response Team (SRT) to contact you and to initiate proactive support for potential attacks.

AWS::Shield::Protection

Use the AWS::Shield::Protection resource to enable Shield Advanced protections for a specific AWS resource.

AWS::Shield::ProtectionGroup

Use the AWS::Shield::ProtectionGroup resource to combine the management of selected protected resources, to improve the accuracy of detection and reduce false positives.

May 25, 2023

Updated resource

The following resource was added: AWS::Glue::DataQualityRuleset

AWS::Glue::Ruleset

Use AWS::Glue::DataQualityRuleset to specify data quality rulesets.

May 23, 2023

Updated resources

The following resource was updated: AWS::NetworkFirewall::FirewallPolicy

AWS::NetworkFirewall::FirewallPolicy

Use the PolicyVariables property to set your one or more CIDRs as your HOME_NET if your firewall uses a centralized deployment model.

Use the IPSet property specify list of IP addresses and address ranges, in CIDR notation for use with IPSets.

May 18, 2023

Updated resource

The following resource was updated: AWS::Transfer::Server

AWS::Transfer::Server IdentityProviderDetails

Use the SftpAuthenticationMethods property to specify how to authenticate for SFTP-enabled servers that use a custom identity provider.

May 18, 2023

New resource

The following resource was added: AWS::Connect::Prompt

AWS::Connect::Prompt

Use the AWS::Connect::Prompt resource to create a prompt for the specified Amazon Connect instance.

May 18, 2023

New resource

The following resource was added: AWS::QuickSight::Topic.

AWS::QuickSight::Topic

Use the AWS::QuickSight::Topic resource to create a topic in Amazon QuickSight.

May 18, 2023

Updated resources

AWS::ElastiCache::ReplicationGroup.

AWS::ElastiCache::ReplicationGroup.ClusterMode

To modify cluster mode from Disabled to Enabled, you must first set the cluster mode to Compatible. Compatible mode allows your Redis OSS clients to connect using both cluster mode enabled and cluster mode disabled. After you migrate all Redis OSS clients to use cluster mode enabled, you can then complete cluster mode configuration and set the cluster mode to Enabled. For more information, see Modify cluster mode.

May 11, 2023

Updated resources

Additional details were added for specifying resource-based policies and sampling rules.

AWS::XRay::ResourcePolicy

Use the ResourcePolicy resource to specify a resource-based policy which enables access to specific X-Ray resources.

AWS::XRay::SamplingRule

Use the AWS::XRay::SamplingRule resource to specify an X-Ray sampling rule.

May 11, 2023

Updated resource

The following resource was updated: AWS::AppRunner::Service

AWS::AppRunner::Service.ImageConfiguration.RuntimeEnvironmentSecrets

New property. Runtime environment secrets that can be reference when creating the App Runner service using an image configuration.

May 11, 2023

Updated resource

The following resource was updated: AWS::AppRunner::Service

AWS::AppRunner::Service.CodeConfigurationValues.RuntimeEnvironmentSecrets

New property. Runtime environment secrets that can be reference when creating the App Runner service using a code configuration.

May 11, 2023

New resources

The following resources were added:AWS::LakeFormation::DataLakeSettings.CreateDatabaseDefaultPermissions, AWS::LakeFormation::DataLakeSettings.CreateTableDefaultPermissions, AWS::LakeFormation::DataLakeSettings.DataLakePrincipal, AWS::LakeFormation::DataLakeSettings ExternalDataFilteringAllowList, AWS::LakeFormation::DataLakeSettings Permissions, AWS::LakeFormation::DataLakeSettings PrincipalPermissions

AWS::LakeFormation::DataLakeSettings CreateDatabaseDefaultPermissions

Use the CreateDatabaseDefaultPermissions resource to set the default permissions for a newly created database.

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lakeformation-datalakesettings-createtabledefaultpermissions.html

Use the CreateTableDefaultPermissions resource to set default permissions for a newly created table.

AWS::LakeFormation::DataLakeSettings ExternalDataFilteringAllowList

Use ExternalDatafilteringAllowlist resource to list account IDs of Amazon EMR clusters that are allowed to perform data filtering.

May 11, 2023

New resource

The following resource was added: AWS::IoT::ThingGroup.

AWS::IoT::ThingGroup

Use AWS::IoT::ThingGroup to create a thing group.

May 11, 2023

New resource

The following resource was added: AWS::IoT::BillingGroup.

AWS::IoT::BillingGroup

Use AWS::IoT::BillingGroup to create a new billing group.

May 11, 2023

New resource

The following resource was added: AWS::IoT::ThingType.

AWS::IoT::ThingType

Use AWS::IoT::ThingType to create a new thing type.

May 11, 2023

New resource

The following resource was added: AWS::OSIS::Pipeline.

AWS::OSIS::Pipeline

Use the AWS::OSIS::Pipeline resource to specify an Amazon OpenSearch Ingestion pipeline. For more information, see Amazon OpenSearch Ingestion.

May 11, 2023

Updated resources

The following resources were updated: AWS::DeviceFarm::Project.

AWS::DeviceFarm::Project

Use the AWS::DeviceFarm::Project VpcConfig resource to specify the VPC security groups and subnets that are attached to a project.

May 4, 2023

Updated resource

The following resources were updated: AWS::AppSync::GraphQLApi

AWS::AppSync::GraphQLApi

Use the Visibility property to specify the scoping of the GraphQL API.

May 4, 2023

Updated resource

The following resource was updated: AWS::CloudWatch::MetricStreamFilter

AWS::CloudWatch::MetricStream MetricSTreamFilter

In the MetricStreamFilter resource, use MetricNames to specify individual metrics to include or exclude from a metric stream.

May 4, 2023

New resources

The following resource was added: AWS::BackupGateway::Hypervisor.

AWS::BackupGateway::Hypervisor

Use the AWS::BackupGateway::Hypervisor resource to specify a hypervisor in AWS Backup;.

May 4, 2023

New resources

The following resources were added: AWS::Proton::EnvironmentAccountConnection, AWS::Proton::EnvironmentTemplate and AWS::Proton::ServiceTemplate.

AWS::Proton::ServiceTemplate

Use the AWS::Proton::ServiceTemplate resource to specify standardized infrastructure and an optional CI/CD service pipeline in AWS Proton.

AWS::Proton::EnvironmentTemplate

Use the AWS::Proton::EnvironmentTemplate resource to specify an environment template in AWS Proton.

AWS::Proton::EnvironmentAccountConnection

Use the AWS::Proton::EnvironmentAccountConnection resource to specify an environment account connection resource in AWS Proton.

May 4, 2023

New resource

The following resource was added: AWS::QuickSight::VPCConnection.

AWS::QuickSight::VPCConnection

Use the AWS::QuickSight::VPCConnection resource to create a new VPC connection in Amazon QuickSight.

May 4, 2023

New resources

The following resources were added: AWS::EC2::VerifiedAccessInstance, AWS::EC2::VerifiedAccessGroup, AWS::EC2::VerifiedAccessEndpoint and AWS::EC2::VerifiedAccessTrustProvider.

AWS::EC2::VerifiedAccessInstance

Use the AWS::EC2::VerifiedAccessInstance resource to create an instance.

AWS::EC2::VerifiedAccessGroup

Use the AWS::EC2::VerifiedAccessGroup resource to create a group.

AWS::EC2::VerifiedAccessEndpoint

Use the AWS::EC2::VerifiedAccessEndpoint resource to create an endpoint.

AWS::EC2::VerifiedAccessTrustProvider

Use the AWS::EC2::VerifiedAccessTrustProvider resource to create a trust provider.

April 28, 2023

Updated resource

The following resource was updated: AWS::MSK::Cluster.

AWS::MSK::Cluster

Use the VpcConnectivity property to specify VPC connection control settings for brokers.

Use the VpcConnectivityClientAuthentication property to get all client authentication information for VpcConnectivity.

Use the VpcConnectivitySasl property to get details for SASL client authentication for VpcConnectivity.

Use the VpcConnectivityIam property to get details for IAM client authentication for VpcConnectivity.

Use the VpcConnectivity.Iam.Enabled property get details about whether IAM authentication is on or off.

Use the VpcConnectivityTls property to get details for TLS client authentication for VpcConnectivity.

Use the VpcConnectivityTls.Enabled property get details about whether TLS authentication is on or off.

Use the VpcConnectivityScram property to get details for SCRAM client authentication for VpcConnectivity.

Use the VpcConnectivityScram.Enabled property get details about whether SCRAM authentication is on or off.

Use the ConnectivityInfo.VpcConnectivity property to get details for VPC connection control settings for brokers.

April 27, 2023

New resource

The following resource was added: AWS::DataSync::StorageSystem.

AWS::DataSync::StorageSystem

Use the AWS::DataSync::StorageSystem resource to create an AWS resource for an on-premises storage system that DataSync Discovery can collect information about.

April 27, 2023

New resource

The following resource was added: AWS::IoT::DomainConfiguration TlsConfig.

AWS::IoT::DomainConfiguration TlsConfig

Use AWS::IoT::DomainConfiguration TlsConfig resource to specify security policy settings in domain configuration.

April 27, 2023

New resource

The following resources were added: AWS::MSK::ClusterPolicy and AWS::MSK::VpcConnection.

AWS::MSK::ClusterPolicy

You can now create or update cluster policy.

AWS::MSK::VpcConnection

You can now create a remote VPC connection.

April 27, 2023

New resource

The following resource was added: AWS::Connect::EvaluationForm

AWS::Connect::EvaluationForm

Use the AWS::Connect::EvaluationForm resource to create an evaluation form for the specified Amazon Connect instance.

April 25, 2023

Updated resource

The following resource was updated: AWS::InternetMonitor::Monitor.

AWS::InternetMonitor::Monitor

Use Monitor.TrafficPercentageToMonitor to set the percentage of your internet-facing traffic to monitor.

April 20, 2023

Updated resource

The following resources was updated: AWS::SSMContacts::Contact and AWS::SSMContacts::Rotation

AWS::SSMContacts::Contacts

ONCALL_SCHEDULE was added as a supported contact type.

AWS::SSMContacts::Rotation

Use the AWS::SSMContacts::Rotation resource to specify a rotation in an on-call schedule.

April 20, 2023

Updated resource

The following resource was updated: AWS::IVS::Channel

AWS::IVS::Channel

Use the InsecureIngest property to control whether a channel allows insecure RTMP ingest.

April 20, 2023

New resource

The following resource was added: AWS::FraudDetector::List.

AWS::FraudDetector::List

Use the AWS::FraudDetector::List resource to create a list of input data. After creating the list, use the list in a rule to allow or deny access or a transaction.

April 20, 2023

New resource

Added new resource type AWS::RAM::Permission

AWS::RAM::Permission

Creates a customer managed permission that you can then assign to resource shares and applies to resources of the specified resource type that are included in the share.

April 19, 2023

Updated resource

The AWS::GuardDuty::Detector resource was updated.

April 13, 2023

Updated resource

The following resource was updated: AWS::MWAA::Environment

StartupScriptS3Path

Amazon MWAA adds the StartupScriptS3Path property. This property specifies the relative path to a shell script that you upload to your environment's Amazon S3 bucket.

StartupScriptS3ObjectVersion

Amazon MWAA adds the StartupScriptS3ObjectVersion property. This property specifies the version ID for the shell script that you upload to your environment's Amazon S3 bucket.

AirflowVersion

The AirflowVersion property has been updated to include a new valid value for Apache Airflow version 2.5.1.

April 13, 2023

Updated resource

The following resource was updated: AWS::RDS::DBInstance

AWS::RDS::DBInstance

Use the SourceDBClusterIdentifier property as the identifier of the Multi-AZ DB cluster that will act as the source for the read replica.

April 13, 2023

New resource

The following resource was added: AWS::QuickSight::RefreshSchedule.

AWS::QuickSight::RefreshSchedule

Use the AWS::QuickSight::RefreshSchedule resource to create a refresh schedule for a dataset in Amazon QuickSight.

April 13, 2023

New resource

The following resource was added: AWS::AppConfig::Extension

AWS::AppConfig::Extension

This resource lets you creates an AWS AppConfig extension. An extension augments your ability to inject logic or behavior at different points during the AWS AppConfig workflow of creating or deploying a configuration.

April 12, 2023

New resource

The following resource was added: AWS::AppConfig::ExtensionAssociation

AWS::AppConfig::ExtensionAssociation

This resource lets you creates an AWS AppConfig extension association. An extension association is a specified relationship between an extension and an AWS AppConfig resource, such as an application or a configuration profile.

April 12, 2023

New resources

The following resources were added: AWS::IoTWireless::WirelessDeviceImportTask

AWS::IoTWireless::WirelessDeviceImportTask

Gets information about a wireless device import task.

April 7, 2023

Updated resource

The following resource was updated: AWS::InternetMonitor::Monitor.

AWS::InternetMonitor::Monitor

Use Monitor.InternetMeasurementsLogDelivery to publish internet measurements to another location in addition to CloudWatch Logs, such as an Amazon S3 bucket.

April 6, 2023

Updated resource

The following resource was updated: AWS::Lambda::Url.

AWS::Lambda::Url

Use the InvokeMode property to stream responses from your functions.

April 6, 2023

Updated resource

The following resource was updated: AWS::RDS::DBCluster

AWS::RDS::DBCluster

Use the RestoreToTime property for the date and time to restore the DB cluster to.

April 6, 2023

New resources

The following resources were added: AWS::SSMContacts::Plan and AWS::SSMContacts::Rotation

AWS::SSMContacts::Plan

Use the AWS::SSMContacts::Plan resource to specify the stages that an escalation plan or engagement plan engages contacts and contact methods in.

AWS::SSMContacts::Rotation

Use the AWS::SSMContacts::Rotation resource to specify a rotation in an on-call schedule.

April 6, 2023

Updated resources

The following resources were updated: AWS::RefactorSpaces::Application, AWS::RefactorSpaces::Environment, AWS::RefactorSpaces::Route, AWS::RefactorSpaces::Service.

AWS::RefactorSpaces::Application

The EnvironmentIdentifier property was changed to Required: Yes.

The Name property was changed to Required: Yes.

The ProxyType property was changed to Required: Yes.

The VpcId property was changed to Required: Yes.

AWS::RefactorSpaces::Environment

The Name property was changed to Required: Yes.

The NetworkFabricType property was changed to Required: Yes.

AWS::RefactorSpaces::Route

The RouteType property was changed to Required: Yes.

In the DefaultRouteInput property type, the ActivationState property was changed to Required: No.

In the UriPathRouteInput property type, the SourcePath property was changed to Required: Yes.

AWS::RefactorSpaces::Service

The Name property was changed to Required: Yes.

March 30, 2023

Updated resource

The resource AWS::GuardDuty::Detector was updated.

AWS::GuardDuty::Detector

Use Features property to configure a GuardDuty feature. For more information about features, see Feature activation in GuardDuty.

March 30, 2023

Updated resource

The following resource was added: AWS::SageMaker::InferenceExperiment.

AWS::SageMaker::InferenceExperiment

Use the AWS::SageMaker::InferenceExperiment resource to create a new inference experiment for comparing model variants on a SageMaker endpoint.

March 30, 2023

Updated resources

The following resources were updated: AWS::Route53Resolver::ResolverEndpoint AWS::Route53Resolver::ResolverEndpoint IpAddressRequest, and AWS::Route53Resolver::ResolverRule TargetAddress

AWS::Route53Resolver::ResolverEndpoint

Use the ResolverEndpointType property to specify Resolver endpoint IP address type.

AWS::Route53Resolver::ResolverEndpoint IpAddressRequest

Added the Ipv6 property to support IPv6 IP addresses.

AWS::Route53Resolver::ResolverRule TargetAddress

Added the Ipv6 property to support IPv6 IP addresses.

March 23, 2023

Updated resource

The following resource was updated: AWS::OpenSearchService::Domain.

AWS::OpenSearchService::Domain

Use the SoftwareUpdateOptions, OffPeakWindowOptions, WindowStartTime, and OffPeakWindow properties to configure an off-peak window for the domain.

March 23, 2023

Updated resource

The following resource was updated: AWS::S3ObjectLambda::AccessPoint.

AWS::S3ObjectLambda::AccessPoint

Add the Alias attribute to the return values. The Alias return value is the alias of the Object Lambda Access Point.

March 23, 2023

New resources

The following resources were added: AWS::VpcLattice::AccessLogSubscription, AWS::VpcLattice::AuthPolicy, AWS::VpcLattice::Listener, AWS::VpcLattice::ResourcePolicy, AWS::VpcLattice::Rule, AWS::VpcLattice::Service, AWS::VpcLattice::ServiceNetwork, AWS::VpcLattice::ServiceNetworkServiceAssociation, AWS::VpcLattice::ServiceNetworkVpcAssociation, AWS::VpcLattice::TargetGroup

AWS::VpcLattice::AccessLogSubscription

Enables access logs to be sent to Amazon CloudWatch, Amazon S3, and Amazon Kinesis Data Firehose.

AWS::VpcLattice::AuthPolicy

Creates or updates the auth policy.

AWS::VpcLattice::Listener

Creates a listener for a service.

AWS::VpcLattice::ResourcePolicy

Retrieves information about the resource policy.

AWS::VpcLattice::Rule

Creates a listener rule.

AWS::VpcLattice::Service

Creates a service. A service is any software application that can run on instances containers, or serverless functions within an account or virtual private cloud (VPC).

AWS::VpcLattice::ServiceNetwork

Creates a service network. A service network is a logical boundary for a collection of services.

AWS::VpcLattice::ServiceNetworkServiceAssociation

Associates a service with a service network.

AWS::VpcLattice::ServiceNetworkVpcAssociation

Associates a VPC with a service network.

AWS::VpcLattice::TargetGroup

Creates a target group.

March 22, 2023

Updated resource

The following resource was updated: AWS::Cassandra::Table.

AWS::Cassandra::Table.ClientSideTimestampsEnabled

Use the AWS::Cassandra::Table.ClientSideTimestampsEnabled property to turn on client-side timestamps for a table in Amazon Keyspaces (for Apache Cassandra).

March 16, 2023

Updated resource

The following resource was updated: AWS::RUM::AppMonitor.

AWS::RUM::AppMonitor

The Namespace property was added to the AWS::RUM::AppMonitor resource to support Amazon CloudWatch RUM custom metrics. For more information, see Custom metrics and extended metrics that you can send to CloudWatch and CloudWatch Evidently.

March 16, 2023

New resource

The following new resource was added: AWS::Comprehend::Flywheel.

Use the AWS::Comprehend::Flywheel resource to create a flywheel for an Amazon Comprehend model.

March 16, 2023

Updated resource

The following resource was updated: AWS::Logs::LogGroup.

AWS::Wisdom::KnowledgeBase

The AppIntegrationsConfiguration:ObjectFields parameter is optional if ObjectConfiguration is included in the provided DataIntegration.

March 13, 2023

updated resources

The following resources were updated: AWS::Pinpoint::ApplicationSettings Limits and AWS::Pinpoint::Campaign Limits.

AWS::Pinpoint::ApplicationSettings Limits

The MessagesPerSecond field minimum values was changed from 50 to 1.

AWS::Pinpoint::Campaign Limits

The MessagesPerSecond field minimum values was changed from 50 to 1.

March 9, 2023

Updated resource

The following resource was updated: AWS::ServiceCatalog::CloudFormationProduct.

AWS::ServiceCatalog::CloudFormationProduct

Use the ProvisioningArtifactProperties property to specify information about a provisioning artifact (also known as a version) for a product.

Use the SourceConnection property to specify details about the productā€™s connection.

March 9, 2023

Updated resource

The following resource was updated: AWS::WAFv2::WebACLAssociation.

AWS::WAFv2::WebACLAssociation

The ResourceArn property now accepts AWS::AppRunner::Service ARNs.

March 6, 2023

Updated resource

The following resource was updated: AWS::Lambda::EventSourceMapping.

AWS::Lambda::EventSourceMapping

Use the DocumentDBEventSourceConfig property to define specific configuration settings for a DocumentDB event source, such as the database name.

March 2, 2023

Updated resource

The following resource was updated: AWS::WAFv2::WebACL.

AWS::WAFv2::WebACL

Use the AWSManagedRulesATPRuleSet property to configure your use of the Fraud Control account takeover prevention (ATP) managed rule group in a managed rule group reference statement. For protected CloudFront distributions, in addition to inspecting login requests, you can now use ATP to block new login attempts from clients that have recently submitted too many failed login attempts.

March 2, 2023

New resources

The following resources were added: AWS::IVSChat::Room and AWS::IVSChat::LoggingConfiguration

AWS::IVSChat::Room

Use the AWS::IVSChat::Room resource to specify and Amazon IVS Chat Room.

AWS::IVSChat::LoggingConfiguration

Use the AWS::IVSChat::LoggingConfiguration resource to specify and Amazon IVS Chat Logging Configuration, which stores configuration information related to loggin your chat session to a data store.

March 2, 2023

New resource

The following resource was released: AWS::SystemsManagerSAP::Application.

Use AWS::SystemsManagerSAP::Application to register an SAP application with AWS Systems Manager for SAP.

March 2, 2023

New resource

The following resource was released: AWS::InternetMonitor::Monitor.

Use AWS::InternetMonitor::Monitor to create a monitor in Amazon CloudWatch Internet Monitor to provide visibility into the performance and availability between your applications hosted on AWS and your end users, and to reduce the time it takes for you to diagnose internet issues.

February 28, 2023

Updated resource

The following resource was updated: AWS::IoT::JobTemplate.

AWS::IoT::JobTemplate

The AWS::IoT::JobTemplate resource adds MaintenaceWindows, StartTime, and DurationInMinutes properties.

February 23, 2023

New resource

A new resource was added to Network Manager: AWS::NetworkManager::TransitGatewayRouteTableAttachment

AWS::NetworkManager::TransitGatewayRouteTableAttachment.

Use AWS::NetworkManager::TransitGatewayRouteTableAttachment to create a transit gateway route table attachment.

February 23, 2023

New resource

The following resource was added: AWS::Organizations::ResourcePolicy.

AWS::Organizations::ResourcePolicy

Use the AWS::Organizations::ResourcePolicy resource to create or update a resource-based delegation policy that delegates policy management for AWS Organizations to specified member accounts to perform policy actions that are by default available only to the organization management account.

February 16, 2023

Updated resource

The following resource was updated: AWS::DataSync::LocationObjectStorage.

AWS::DataSync::LocationObjectStorage

Use the ServerCertificate property to specify a certificate for authenticating with an object storage system that uses a private or self-signed certificate authority (CA).

February 9, 2023

Updated resource

The following resource was added: AWS::SageMaker::Space.

AWS::SageMaker::Space

Use the AWS::SageMaker::Space resource to create a new shared space for use in a Domain.

February 9, 2023

Updated resource

The following resource was updated: AWS::SNS::Topic.

AWS::SNS::Topic

Use the TracingConfig property send X-Ray segment data to a topic owner account.

February 8, 2023

New resources

The following resources were added: AWS::Omics::Workflow, AWS::Omics::RunGroup, AWS::Omics::AnnotationStore, AWS::Omics::ReferenceStore, AWS::Omics::VariantStore, and AWS::Omics::SequenceStore.

AWS::Omics::Workflow

Use the AWS::Omics::Workflow resource to specify a workflow in Amazon Omics.

AWS::Omics::RunGroup

Use the AWS::Omics::RunGroup resource to specify a run group in Amazon Omics.

AWS::Omics::ReferenceStore

Use the AWS::Omics::ReferenceStore resource to specify a reference store in Amazon Omics.

AWS::Omics::RunGroup

Use the AWS::Omics::SequenceStore resource to specify a sequence store in Amazon Omics.

AWS::Omics::ReferenceStore

Use the AWS::Omics::ReferenceStore resource to specify a reference store in Amazon Omics.

AWS::Omics::SequenceStore

Use the AWS::Omics::SequenceStore resource to specify a sequence store in Amazon Omics.

February 3, 2023

Updated resources

The following resources were updated: AWS::NetworkFirewall::FirewallPolicy and AWS::NetworkFirewall::RuleGroup

AWS::NetworkFirewall::FirewallPolicy

Use the IPAddressType property to configure your firewall endpoint as IPv4,IPv6, or dualstack.

AWS::NetworkFirewall::RuleGroup

The StatefulRule$Action property now the REJECT option. With REJECT, Network Firewall drops TCP traffic that matches the conditions of the stateful rule, and sends a TCP reset packet back to sender of the packet.

February 2, 2023

Updated resource

The following resources were updated: AWS::AppSync::DataSource

AWS::AppSync::DataSource

Use the EventBridgeConfig property to add custom events to your Amazon EventBridge bus.

February 2, 2023

Updated resource

The following resource was updated: AWS::DataSync::LocationS3.

AWS::DataSync::LocationS3

Use the S3StorageClass property to specify the S3 Glacier Instant Retrieval storage class (GLACIER_INSTANT_RETRIEVAL) for data transferred to your S3 bucket.

February 2, 2023

Updated resource

The following resource was updated: AWS::RDS::DBInstance

AWS::RDS::DBInstance

Use the CertificateDetails property for the details of the DB instance's server certificate.

February 2, 2023

Updated resource

The following resource was added: AWS::SageMaker::ModelCard.

AWS::SageMaker::ModelCard

Use the AWS::SageMaker::ModelCard resource to create an Amazon SageMaker Model Card.

February 2, 2023

New resources

The following new resources were added: AWS::CloudTrail::Channel and AWS::CloudTrail::ResourcePolicy

AWS::CloudTrail::Channel

Use the Channel resource to specify a channel for logging events from outside AWS in CloudTrail Lake. Channels are used by partner event sources, or your custom event sources, to send events to CloudTrail Lake. For more information, see Working with CloudTrail Lake in the AWS CloudTrail User Guide.

AWS::CloudTrail::Channel.Channel

Use the Channel property to specify the name and ARN of a channel that you use with integrations in CloudTrail Lake. For more information, see Working with CloudTrail Lake in the AWS CloudTrail User Guide.

AWS::CloudTrail::Channel.Destination

Use the Destination property to specify destination event data stores for events that arrive over a channel in CloudTrail Lake. For more information, see Working with CloudTrail Lake in the AWS CloudTrail User Guide.

AWS::CloudTrail::ResourcePolicy

Use the ResourcePolicy resource to attach a resource-based permission policy to a CloudTrail channel that is used for an integration with an event source outside of AWS. For more information about resource-based policies, see CloudTrail resource-based policy examples in the CloudTrail User Guide.

AWS::CloudTrail::ResourcePolicy.ResourceArn

Use the ResourceArn property to specify the Amazon Resource Name (ARN) of the CloudTrail channel attached to the resource-based policy. The following is the format of a resource ARN: arn:aws:cloudtrail:us-east-2:123456789012:channel/MyChannel.

AWS::CloudTrail::ResourcePolicy.ResourcePolicy

Use the ResourcePolicy property to specify the JSON-formatted string that contains the resource-based policy to attach to the CloudTrail channel.

February 2, 2023

New resource

The following resource was added: AWS::Connect::IntegrationAssociation

AWS::Connect::IntegrationAssociation

Use the AWS::Connect::IntegrationAssociation resource to associate Lex bots (both v1 and v2) and Lambda functions with an instance.

February 2, 2023

New resource

The following resource was added: AWS::Connect::ApprovedOrigin

AWS::Connect::ApprovedOrigin

Use the AWS::Connect::ApprovedOrigin resource to associate Approved Origin with an instance.

February 2, 2023

New resource

The following resource was added: AWS::Connect::SecurityKey

AWS::Connect::SecurityKey

Use the AWS::Connect::SecurityKey resource to associate Security Key with an instance.

February 2, 2023

New resource

The following resource was added: AWS::SimSpaceWeaver::Simulation.

AWS::SimSpaceWeaver::Simulation

Use the AWS::SimSpaceWeaver::Simulation resource to specify a simulation in the AWS Cloud, in your AWS account.

February 2, 2023

DescribeStackSet API

The DescribeStackSet API has a new parameter to the list of Regions where a given stack set is deployed.

For more information, see DescribeStackSet.

February 1, 2023

Updated resource

The following resource was updated: AWS::Lambda::Function.

AWS::Lambda::Function

Use the RuntimeManagementConfig to define how your function gets runtime version updates. Lambda releases new runtime versions that include security updates, bug fixes, and new features. You can now control when your functions get updated to the new runtime versions.

January 26, 2023

Updated resource

The following resource was updated: AWS::OpenSearchService::Domain.

AWS::OpenSearchService::Domain

Use the SAMLOptions property within AdvancedSecurityOptions to configure SAML authentication for the domain.

January 26, 2023

New resource

A new resource was added to Network Manager: AWS::NetworkManager::TransitGatewayPeering

AWS::NetworkManager::TransitGatewayPeering.

Use AWS::NetworkManager::TransitGatewayPeering to create a transit gateway peering.

January 26, 2023

Updated resource

The following resource was updated: AWS::KendraRanking::ExecutionPlan

AWS::KendraRanking::ExecutionPlan

Create a rescore execution plan, which is an Amazon Kendra Intelligent Ranking resource used for provisioning the Rescore API. Amazon Kendra Intelligent Ranking rescores or re-ranks a search service's results using semantic search.

January 20, 2023

Updated resource

The following resource was updated: AWS::CloudWatch::MetricStream.

AWS::CloudWatch::MetricStream

In the MetricStream resource, use IncludeLinkedAccountsMetrics to specify whether the metric stream should metric streams from source accounts, if the metric stream is created in a monitoring account.

January 19, 2023

Updated resource

The following resource was updated: AWS::Lambda::EventSourceMapping.

AWS::Lambda::EventSourceMapping

Use the ScalingConfig property to specify a scaling configuration for an Amazon SQS event source.

January 19, 2023

Updated resource

The following resource was updated: AWS::AuditManager::Assessment

AWS::AuditManager::Assessment

Use the Delegations property to specify a delegation for an assessment.

January 12, 2023

Updated resource

The following resource was updated: AWS::RDS::DBCluster

AWS::RDS::DBCluster

The ManageMasterUserPassword property indicates whether to manage the master user password with AWS Secrets Manager.

The MasterUserSecret property 4has the secret managed by RDS in AWS Secrets Manager for the master user password.

January 12, 2023

Updated resource

The following resource was updated: AWS::RDS::DBInstance

AWS::RDS::DBInstance

The ManageMasterUserPassword property indicates whether to manage the master user password with AWS Secrets Manager.

The MasterUserSecret property 4has the secret managed by RDS in AWS Secrets Manager for the master user password.

January 12, 2023

Fn::FindInMap enhancements

Adding the AWS::LanguageExtensions transform in a AWS CloudFormation template allows you to use intrinsic functions to define the fields of Fn::FindInMap. You can also use a new optional field to return a default value if a mapping isn't found.

For more information, see Fn::FindInMap enhancements.

January 11, 2023

Updated resource

The following resource was updated: AWS::CloudFront::ResponseHeadersPolicy.

AWS::CloudFront::ResponseHeadersPolicy

In the ResponseHeadersPolicyConfig use the RemoveHeadersConfig to specify a list of headers that CloudFront removes from HTTP responses that it sends to viewers.

For more information, see Adding or removing response headers in the Amazon CloudFront Developer Guide.

January 5, 2023

Updated resource

The following resource was updated: AWS::MWAA::Environment

AirflowVersion

The AirflowVersion property has been updated to include a new valid value for Apache Airflow version 2.4.3.

January 5, 2023

Updated resource

The following resource was updated: AWS::EMRServerless::Application.

AWS::EMRServerless::Application

Use the ImageConfigurationInput property to specify your custom image configuration for all worker types.

Use the WorkerTypeSpecificationInput property to specify the configuration for a worker type.

January 3, 2023

Updated resource

The following property type was updated: AWS::Lex::Bot.

AWS::Lex::Bot

Use the AllowedInputTypes property to specify the allowed input types.

Use the AudioSpecification property to specify the audio input specifications.

Use the AudioAndDTMFInputSpecification property to specify the audio and DTMF input specification.

Use the Condition property to provide an expression that evaluates to true or false.

Use the ConditionalBranch property to configure a set of actions that Amazon Lex should run if the condition is matched.

Use the ConditionalSpecification property to provide a list of conditional branches.

Use the DefaultConditionalBranch property to configure a set of actions that Amazon Lex should run if none of the other conditions are met.

Use the DialogAction property to define the action that the bot executes at runtime.

Use the DialogCodeHookInvocationSetting property to specify the dialog code hook that is called by Amazon Lex at a step of the conversation.

Use the DialogState property to configure the current state of the conversation with the user.

Use the DTMFSpecification property to specify the DTMF input specifications.

Use the ElicitationCodeHookInvocationSetting property to specify the dialog code hook that is called by Amazon Lex between eliciting slot values.

Use the InitialResponseSetting property to configure settings for a response sent to the user before Amazon Lex starts eliciting slots.

Use the Intent property to configure how Amazon Lex handles intents.

Use the IntentClosingSetting property to configure the statement that Amazon Lex conveys to the user when the intent is successfully fulfilled.

Use the IntentConfirmationSetting property to provide a prompt for making sure that the user is ready for the intent to be fulfilled.

Use the IntentOverride property to override settings to configure the intent state.

Use the PostDialogCodeHookInvocationSpecification property to specify next steps to run after the dialog code hook finishes.

Use the PostFulfillmentStatusSpecification property to configure the settings of the post-fulfillment response that is sent to the user.

Use the PromptAttemptSpecification property to specify the settings on a prompt attempt.

Use the PromptSpecification property to specify a list of message groups that Amazon Lex sends to a user to elicit a response.

Use the SessionAttribute property to specify session-specific context information.

Use the SlotCaptureSetting property to configure the settings that are used when Amazon Lex successfully captures a slot value from a user.

Use the SlotValue property to set values in a slot.

Use the SlotValueElicitationSetting property to specify the settings for eliciting a slot value.

Use the SlotValueOverride property to set slot values in a dialog step.

Use the SlotValueOverrideMap property to map slot names to a SlotValueOVerride object.

Use the TextInputSpecification property to specify the text input specifications.

Use the VoiceSettings property to specify the Amazon Polly voice used for audio interaction with the user.

December 30, 2022

Updated resource

The following resource was updated: AWS::FSx::Filesystem

AWS::FSx::Filesystem

The AWS::FSx::FileSystem resource returns a file system's Amazon Resource Name (ARN).

December 29, 2022

Updated resource

The following resource was updated: AWS::FSx::Volume

AWS::FSx::Volume

Use the CopyTagsToBackups AWS::FSx::Volume OntapConfiguration property to specify whether an ONTAP volume's tags get copied to backups.

December 29, 2022

Updated resource

The following resource was updated: AWS::FSx::Volume

AWS::FSx::Volume

Use the OntapVolumeType AWS::FSx::Volume OntapConfiguration property to specify the type of ONTAP volume to create.

December 29, 2022

Updated resource

The following resource was updated: AWS::FSx::Volume

AWS::FSx::Volume

Use the SnapshotPolicy AWS::FSx::Volume OntapConfiguration property to specify the snapshot policy for the volume you are creating.

December 29, 2022

Updated resources

The following resources were updated: AWS::NetworkFirewall::FirewallPolicy and AWS::NetworkFirewall::RuleGroup

AWS::NetworkFirewall::FirewallPolicy

Use the StatefulDefaultActions property to establish default actions to take on a packet that doesn't match any stateful rules when using strict rule ordering.

Use the StatefulEngineOptions property to govern how Network Firewall handles stateful rules.

AWS::NetworkFirewall::RuleGroup

The StatefulRuleGroupReference property now includes Priority and StatefulRuleGroupOverride fields.

Use the StatefulRuleOptions property to govern how Network Firewall handles stateful rules.

Use the ReferenceSets property to configure IP set references for your stateful rules.

December 22, 2022

Updated resource

The following resource was updated: AWS::Grafana::Workspace.

AWS::Grafana::Workspace

Use the vpcConfiguration property of the AWS::Grafana::Workspace resource to configure a connection to a private VPC from your Amazon Managed Grafana workspace.

December 22, 2022

Updated resource

The following resource was updated: AWS::RDS::DBInstance

AWS::RDS::DBInstance

The Endpoint property specifies the connection endpoint.

The DBSystemId return value is the Oracle system ID (Oracle SID) for a container database (CDB).

December 22, 2022

Updated resource

The following resource was added: AWS::SageMaker::Project.

AWS::SageMaker::FeatureGroup

Use the AWS::SageMaker::FeatureGroup resource to create a new feature group using either an Apache Iceberg or Glue table format.

December 22, 2022

Updated resource

The following resource was updated: AWS::Backup::ReportPlan

AWS::Backup::BackupSelection

This resource was updated to allow the report plan to include multiple Regions and multiple accounts.

December 21, 2022

Updated resources

The following resources were updated: AWS::M2::Application and AWS::M2::Environment.

AWS::M2::Application

Use the KmsKeyId property to specify a customer managed key.

AWS::M2::Environment

Use the KmsKeyId property to specify a customer managed key.

December 15, 2022

Updated resources

The following resources were updated: AWS::RefactorSpaces::Application, AWS::RefactorSpaces::Environment, AWS::RefactorSpaces::Route, AWS::RefactorSpaces::Service.

AWS::RefactorSpaces::Application

The EnvironmentIdentifier property was changed to Required: Yes.

The Name property was changed to Required: Yes.

The ProxyType property was changed to Required: Yes.

The VpcId property was changed to Required: Yes.

AWS::RefactorSpaces::Environment

The Name property was changed to Required: Yes.

The NetworkFabricType property was changed to Required: Yes.

AWS::RefactorSpaces::Route

The RouteType property was changed to Required: Yes.

In the DefaultRouteInput property type, the ActivationState property was changed to Required: No.

In the UriPathRouteInput property type, the SourcePath property was changed to Required: Yes.

AWS::RefactorSpaces::Service

The Name property was changed to Required: Yes.

In the LambdaEndpointInput property type, the Arn property description was updated.

December 15, 2022

Updated resource

The following resource was updated: AWS::SSMIncidents::AWS::SSMIncidents::ReplicationSet

AWS::SSMIncidents::ReplicationSet

Use the Tags resource to add a list of tags to the replication set.

December 15, 2022

Updated resource

The following resource was updated: AWS::RDS::DBInstance

AWS::RDS::DBInstance

Use the DBClusterSnapshotIdentifier property as the identifier for the RDS for MySQL Multi-AZ DB cluster snapshot to restore from.

Use the RestoreTime property to specify the date and time to restore from.

Use the SourceDbiResourceId property to specify the resource ID of the source DB instance from which to restore.

Use the SourceDBInstanceAutomatedBackupsArn property to specify the Amazon Resource Name (ARN) of the replicated automated backups from which to restore.

Use the UseLatestRestorableTime property to specify a value that indicates whether the DB instance is restored from the latest backup time.

December 15, 2022

Updated resource

The following resource was updated: AWS::RDS::DBCluster

AWS::RDS::DBCluster

Use the SecondsBeforeTimeout value in ScalingConfiguration property syntax to define the amount of time (seconds) that Aurora Serverless v1 tries to find a scaling point to perform seamless scaling before enforcing the timeout action.

The DBSystemId property is reserved for future use.

December 15, 2022

New resource

The following resources were added: AWS::DocDBElastic::Cluster.

AWS::DocDBElastic::Cluster

Use the AWS::DocDBElastic::Cluster resource to create an elastic cluster in the Amazon DocumentDB database service.

December 15, 2022

New resources

A property was added to VpcOptions in Network Manager: AWS::NetworkManager::VpcAttachment VpcOptions

AWS::NetworkManager::VpcAttachment VpcOptions

You can enable or disable appliance mode for VPC attachments in VpcOptions by using the ApplianceModeSupport Boolean.

December 14, 2022

New resource

The following resource was added: AWS::Connect::Rule

AWS::Connect::Rule

Use the AWS::Connect::Rule resource to create an instance.

December 12, 2022

Updated resource

The following resource was updated: AWS::FIS::ExperimentTemplate. The following resource was added: AWS::FIS::TargetAccountConfiguration.

AWS::FIS::ExperimentTemplate

Use the ExperimentOptions property to configure experiment options.

AWS::FIS::TargetAccountConfiguration

Use the TargetAccountConfiguration resource to add a target account to a multi-account experiment template.

December 11, 2022

Updated resources

The following resources were updated: AWS::WAFv2::WebACL and AWS::WAFv2::RuleGroup.

AWS::WAFv2::WebACL

Use the ChallengeConfig property to configure request evaluations for rules that use the Challenge action.

Use the TokenDomains property to specify additional domains to accept in web request tokens.

Use the RuleActionOverride property in rule group reference statements to override individual rule actions to any valid action. This replaces the ExcludedRule property, which only allows override to Count.

Use the AWSManagedRulesBotControlRuleSet property to configure your use of the Bot Control managed rule group in a managed rule group reference statement.

AWS::WAFv2::RuleGroup

Use the ChallengeConfig property to configure request evaluations for rules that use the Challenge action.

December 8, 2022

New resources

The following resources were added: AWS::Grafana::Workspace.

AWS::Grafana::Workspace

Use the AWS::Grafana::Workspace resource to create an Amazon Managed Grafana workspace in your AWS account. An Amazon Managed Grafana workspace allows you to view and monitor metrics and alerts for your system.

December 8, 2022

New resource

The following resources were added: AWS::OpenSearchServerless::AccessPolicy, AWS::OpenSearchServerless::Collection, AWS::OpenSearchServerless::SecurityConfig, AWS::OpenSearchServerless::SecurityPolicy, AWS::OpenSearchServerless::VpcEndpoint.

AWS::OpenSearchServerless::AccessPolicy

Use the AWS::OpenSearchServerless::AccessPolicy resource to create data access policies for Amazon OpenSearch Serverless.

AWS::OpenSearchServerless::Collection

Use the AWS::OpenSearchServerless::Collection resource to create collections in Amazon OpenSearch Serverless.

AWS::OpenSearchServerless::SecurityConfig

Use the AWS::OpenSearchServerless::SecurityConfig resource to specify SAML providers for Amazon OpenSearch Serverless.

AWS::OpenSearchServerless::SecurityPolicy

Use the AWS::OpenSearchServerless::SecurityPolicy resource to specify network and encryption policies for Amazon OpenSearch Serverless.

AWS::OpenSearchServerless::VpcEndpoint

Use the AWS::OpenSearchServerless::VpcEndpoint resource to specify Amazon OpenSearch Serverless-managed VPC endpoints.

December 8, 2022

New resources

The following resource was added: AWS::IoTTwinMaker::SyncJob.

AWS::IoTTwinMaker::SyncJob

Use the AWS::IoTTwinMaker::SyncJob respurce to create a new sync job request.

December 6, 2022

Updated resources

The following resources were updated: AWS::ECS::TaskDefinition.

AWS::ECS::TaskDefinition PortMappings

Use the Name property to specify the port mapping name.

Use the AppProtocol property to specify the port mapping's application protocol.

December 2, 2022

Updated resources

The following resources were updated: AWS::ECS::TaskDefinition.

AWS::ECS::TaskDefinition PortMappings

Use the Name property to specify the port mapping name.

Use the AppProtocol property to specify the port mapping's application protocol.

December 2, 2022

Updated resource

The following resource was updated: AWS::Logs::LogGroup.

AWS::Logs::LogGroup

The AWS::Logs::LogGroup resource was updated with the LogGroupClass parameter. For more information, see Log classes.

December 2, 2022

Updated resource

The following resource was updated: AWS::Logs::LogGroup.

AWS::Logs::LogGroup

The AWS::Logs::LogGroup resource now supports the DataProtectionPolicy parameter, to support the masking of sensitive data in log events in the log group. For more information, see Protect sensitive log data with masking.

December 2, 2022

Updated resource

The following resource was updated: AWS::SSMIncidents::ResponsePlan

AWS::SSMIncidents::ResponsePlan

Use the Integration resource to specify information about third-party services integrated into the response plan, such as PagerDuty.

Use the PagerDuty resource to provide details about the PagerDuty configuration for a response plan.

December 2, 2022

Updated resource

The following resource was updated: AWS::Lambda::Function.

AWS::Lambda::Function

Use the SnapStart property to specify the function's AWS Lambda SnapStart setting. SnapStart creates a snapshot of the initialized execution environment when you publish a function version.

December 2, 2022

New resources

The following properties were added: AWS::ECS::Cluster ServiceConnectDefaults, AWS::ECS::Service ServiceConnectClientAlias, and AWS::ECS::Service ServiceConnectConfiguration.

AWS::ECS::Cluster ServiceConnectDefaults

Use the AWS::ECS::Cluster ServiceConnectDefaults property to specify a default Service Connect namespace for new services in the cluster.

AWS::ECS::Service ServiceConnectClientAlias

Use the AWS::ECS::Service ServiceConnectClientAlias property to specify an endpoint in the Service Connect configuration for the service.

AWS::ECS::Service ServiceConnectConfiguration

Use the AWS::ECS::Service ServiceConnectConfiguration property to specify the Service Connect configuration for the service.

December 2, 2022

New resources

The following resources were added: AWS::Pipes::Pipe.

AWS::Pipes::Pipe

Use the AWS::Pipes::Pipe resource to specify a new Amazon EventBridge Pipes pipe.

December 2, 2022

New resources

The following resources were added: AWS::Oam::Sink and AWS::Oam::Link.

AWS::Oam::Sink

Use the AWS::Oam::Sink resource to specify a sink, which is an attachment point in a monitoring account that source accounts can create links to. Use the AWS::Oam::Link resource to specify a link from a source account to a monitoring account sink. For more information, see CloudWatch cross-account observability.

December 2, 2022

New resource

The following resource was added: AWS::EC2::NetworkPerformanceMetricSubscription.

AWS::EC2::NetworkPerformanceMetricSubscription

Returns a list of Infrastructure Performance subscriptions for AWS CloudWatch.

December 2, 2022

New resource

The following resource was added: AWS::IoT::TopicRule RepublishActionHeaders.

AWS::IoT::TopicRule RepublishActionHeaders

Use AWS::IoT::TopicRule RepublishActionHeaders to specify MQTT Version 5.0 headers information.

December 2, 2022

Updated resource

The following resource was updated: AWS::S3::AccessPoint.

AWS::S3::AccessPoint

Use AWS::S3::AccessPoint BucketAccountId to specify which AWS account is associated with the S3 bucket associated with an access point.

November 30, 2022

Updated resources

The following properties were added: AWS::IoTTwinMaker::ComponentType.PropertyGroups, and Entity.PropertyGroup.

AWS::IoTTwinMaker::ComponentType.PropertyGroups

Use the AWS::IoTTwinMaker::ComponentType.PropertyGroups property to declare a ComponentType propertyGroup.

Entity.PropertyGroup

Use the AWS::IoTTwinMaker::Entity.PropertyGroup to declare an entity PropertyGroup.

November 17, 2022

Updated resources

The following resources were updated: AWS::Amplify::App and AWS::Amplify::Branch

AWS::Amplify::App

Use the Platform property to specify the platform type for the Amplify app.

AWS::Amplify::Branch

Use the Framework property to specify the framework for the Amplify app.

November 17, 2022

Updated resource

The following resources were updated: AWS::AppSync::Resolver and AWS::AppSync::FunctionConfiguration

AWS::AppSync::Resolver

Use the Code property to specify the request and response functions.

AWS::AppSync::Resolver

Use the Runtime property to specify the runtime type to be used with a pipeline resolver or function

AWS::AppSync::Resolver

Use the AppSyncRuntime to specify the name and version of your runtime property.

AWS::AppSync::FunctionConfiguration

Use the Code property to specify the request and response functions.

AWS::AppSync::FunctionConfiguration

Use the Runtime property to specify the runtime type to be used with a pipeline resolver or function

AWS::AppSync::FunctionConfiguration

Use the AppSyncRuntime to specify the name and version of your runtime property.

November 17, 2022

Updated resource

The following resource was updated: AWS::CloudFront::Distribution.

AWS::CloudFront::Distribution

In the DistributionConfig use the ContinuousDeploymentPolicyId to specify a continuous deployment policy to associate with the distribution.

For more information, see Using CloudFront continuous deployment to safely test CDN configuration changes in the Amazon CloudFront Developer Guide.

November 17, 2022

Updated resource

The following resource was updated: AWS::CloudTrail::EventDataStore

AWS::CloudTrail::EventDataStore

Use the KmsKeyId property to specify the AWS KMS key ID to use to encrypt the events delivered by CloudTrail.

November 17, 2022

Updated resource

The following resource was updated: AWS::AutoScaling::AutoScalingGroup.

AWS::AutoScaling::AutoScalingGroup InstanceRequirements

Use the AllowedInstanceTypes and NetworkBandwidthGbpsRequest properties when using attribute-based instance type selection.

November 17, 2022

Updated resource

The following resource was updated: AWS::EMRServerless::Application.

AWS::EMRServerless::Application

Use the Architecture property to specify the CPU architecture type of the application.

November 17, 2022

Updated resource

The following resource was updated: AWS::IVS::RecordingConfiguration

AWS::IVS::RecordingConfiguration

Use the RecordingReconnectWindowSeconds property to control when multiple streams from the same broadcast are merged together.

November 17, 2022

Updated resource

The following resource was updated: AWS::S3::StorageLens.

AWS::S3::StorageLens AdvancedCostOptimizationMetrics

Use AWS::S3::StorageLens AdvancedCostOptimizationMetrics to enable advanced cost optimization metrics for S3 Storage Lens.

AWS::S3::StorageLens AdvancedDataProtectionMetrics

Use AWS::S3::StorageLens AdvancedDataProtectionMetrics to enable advanced data protection metrics for S3 Storage Lens.

AWS::S3::StorageLens DetailedStatusCodesMetrics

Use AWS::S3::StorageLens DetailedStatusCodesMetrics to enable detailed status code metrics for S3 Storage Lens.

November 17, 2022

New resources

The following resources were added: AWS::Organizations::Account, AWS::Organizations::OrganizationalUnit, and AWS::Organizations::Policy.

AWS::Organizations::Account

Use the AWS::Organizations::Account resource to create an AWS account that is automatically a member of the organization whose credentials made the request.

AWS::Organizations::OrganizationalUnit

Use the AWS::Organizations::OrganizationalUnit resource to create an organizational unit (OU) within a root or parent OU in AWS Organizations.

AWS::Organizations::Policy

Use the AWS::Organizations::Policy resource to create a policy of a specified type that you can attach to a root, an organizational unit (OU), or an individual AWS account in AWS Organizations.

November 17, 2022

New resource

The following resource was added: AWS::XRay::ResourcePolicy.

AWS::XRay::ResourcePolicy

Use the ResourcePolicy resource to specify a resource-based policy which enables access to specific X-Ray resources.

November 17, 2022

New Resource

The following resource was added: AWS::CloudFront::ContinuousDeploymentPolicy.

AWS::CloudFront::ContinuousDeploymentPolicy

Use the AWS::CloudFront::ContinuousDeploymentPolicy resource in a CloudFront continuous deployment workflow.

For more information, see Using CloudFront continuous deployment to safely test CDN configuration changes in the Amazon CloudFront Developer Guide.

November 17, 2022

Managing StackSets events with AWS CloudFormation and Amazon EventBridge

AWS CloudFormation StackSets launch event notifications via Amazon EventBridge. You can trigger event-driven actions after creating, updating, or deleting your CloudFormation stack sets

For more information, see Managing events with AWS CloudFormation and Amazon EventBridge.

November 16, 2022

New property

The following property was added: AWS::GreengrassV2::Deployment.ParentTargetArn.

AWS::GreengrassV2::Deployment

Use the AWS::GreengrassV2::Deployment.ParentTargetArn property to set the parent deployment of a subdeployment.

November 15, 2022

New resources for Amazon EventBridge Scheduler

The following resources were added: AWS::Scheduler::Schedule, AWS::Scheduler::ScheduleGroups.

AWS::Scheduler::Schedule

Use the Schedule resource to create a new schedule.

AWS::Scheduler::ScheduleGroups

Use the Schedule resource to create a new schedule group to tag and organize your schedules.

November 11, 2022

Updated resources

The following resources were updated: AWS::AppStream::DirectoryConfig

AWS::AppStream::DirectoryConfig RSS

Use the CertificateBasedAuthProperties property to specify the certificate-based authentication properties used to authenticate SAML 2.0 Identity Provider (IdP) user identities to Active Directory domain-joined streaming instances.

November 10, 2022

Updated resources

The following resources were updated: AWS::Batch::ComputeEnvironment and AWS::Batch::JobDefinition

AWS::Batch::ComputeEnvironment

Use the EksConfiguration property to specify the details for the EKS cluster that supports the compute environment.

AWS::Batch::JobDefinition

Use the EksProperty property to specify properties for Amazon EKS based jobs.

November 10, 2022

Updated resources

The following resources were updated: AWS::EC2::SpotFleet, AWS::EC2::EC2Fleet, and AWS::EC2::LaunchTemplate.

AWS::EC2::SpotFleet InstanceRequirementsRequest

Use the AllowedInstanceTypes and NetworkBandwidthGbps properties when using attribute-based instance type selection.

AWS::EC2::EC2Fleet InstanceRequirementsRequest

Use the AllowedInstanceTypes and NetworkBandwidthGbps properties when using attribute-based instance type selection.

AWS::EC2::LaunchTemplate InstanceRequirements

Use the AllowedInstanceTypes and NetworkBandwidthGbps properties when using attribute-based instance type selection.

November 10, 2022

Updated resources

The following resource was updated: AWS::EC2::LaunchTemplate.

AWS::EC2::LaunchTemplate MaintenanceOptions

Use the AutoRecovery property to disable the automatic recovery of your instance or set it to default.

AWS::EC2::LaunchTemplate Placement

Use the GroupId property to launch an instance in a shared placement group.

November 10, 2022

Updated resource

The following resource was updated: AWS::AutoScaling::AutoScalingGroup.

AWS::AutoScaling::AutoScalingGroup MixedInstancesPolicy

Use the SpotAllocationStrategy property to specify price-capacity-optimized as the allocation strategy for your Spot capacity.

November 10, 2022

Updated resource

The following resource was updated: AWS::RDS::DBInstance

AWS::RDS::DBInstance

Use the StorageThroughput property to specify the storage throughput value for the DB instance. This setting is applicable only for gp3 storage type.

November 10, 2022

New resources

The following resources were added: AWS::MemoryDB::Cluster.DataTiering

AWS::MemoryDB::Cluster.DataTiering

The data-tiering-enabled parameter enables data tiering. Data tiering is only supported for clusters using the r6gd node type. For more information, see Data tiering.

November 10, 2022

Launch of Resource Explorer

Initially added the resources for AWS Resource Explorer.

AWS::ResourceExplorer2::Index

Use the AWS::ResourceExplorer2::Index resource to turn on Resource Explorer in an AWS Region by creating an index.

AWS::ResourceExplorer2::View

Use the AWS::ResourceExplorer2::View resource to create a view that your users can use to search.

AWS::ResourceExplorer2::DefaultViewAssociation

Use the AWS::ResourceExplorer2::DefaultViewAssociation resource to designate a view as the default for its AWS Region in the account.

November 7, 2022

Improved insights on stack instances for stack set operations

AWS CloudFormation StackSets provides more detailed information on stack instances for stack set operations:

DescribeStackSetOperation

You can now use DescribeStackSetOperation to provide the count of failed stack instances for stack set operations during deployment.

ListStackInstances

You can now use the filtering option LastOperationID to list stack instances for stack set operations.

November 4, 2022

Updated resource

The following resource was updated: AWS::RDS::DBCluster

AWS::RDS::DBCluster

Use the TimeoutAction value in ScalingConfiguration property syntax to define the action to take when the timeout is reached.

The DBClusterArn return value is the Amazon Resource Name (ARN) for the DB cluster.

The DBClusterResourceId return value is the AWS Region-unique, immutable identifier for the DB cluster.

November 3, 2022

Updated resource

The following resource was updated: AWS::RDS::DBInstance

AWS::RDS::DBInstance

Use the ReplicaMode property to define the open mode of an Oracle read replica.

The DBInstanceArn return value is the Amazon Resource Name (ARN) for the your instance.

The DbiResourceId return value is the AWS Region-unique, immutable identifier for the DB instance.

November 3, 2022

Updated resource

The following resource was updated: AWS::RDS::DBClusterParameterGroup

AWS::RDS::DBClusterParameterGroup

Use the DBClusterParameterGroupName property to specify the name of the DB cluster parameter group.

November 3, 2022

Updated resource

The following resource was updated: AWS::RDS::OptionGroup

AWS::RDS::OptionGroup

Use the OptionGroupName property to specify the name of the new option group.

November 3, 2022

Updated resource

The following resource was updated: AWS::RDS::DBInstance

AWS::RDS::DBParameterGroup

Use the DBParameterGroupName property to specify the name of the DB parameter group.

November 3, 2022

New resource

The following resource and properties were added: AWS::SES::VdmAttributes, AWS::SES::ConfigurationSet VdmOptions .

AWS::SES::VdmAttributes

Use the VdmAttributes resource to specify the Virtual Deliverability Manager (VDM) attributes that apply to your Amazon SES account.

AWS::SES::ConfigurationSet VdmOptions

Use the VdmOptions property to specify the VDM properties that apply to a configuration set.

November 3, 2022

New resource

The following resource was added: AWS::SupportApp::SlackWorkspaceConfiguration.

AWS::SupportApp::SlackWorkspaceConfiguration

Use the AWS::SupportApp::SlackWorkspaceConfiguration resource to specify your configuration for the AWS Support App in Slack.

November 3, 2022

Updated resource

The following resource was updated: AWS::AutoScaling::AutoScalingGroup.

AWS::AutoScaling::AutoScalingGroup

Use the DefaultInstanceWarmup property to unify all the warm-up and cooldown settings for an Auto Scaling group and optimize the performance of scaling policies that scale continuously, such as target tracking and step scaling policies.

November 2, 2022

Updated resource

The following resource was updated: AWS::AppRunner::Service

AWS::AppRunner::Service.IngressConfiguration

New property. The ingress configuration of the App Runner service.

October 31, 2022

New resource

The following resource was added: AWS::AppRunner::VpcIngressConnection

AWS::AppRunner::VpcIngressConnection

Use the AWS::AppRunner::VpcIngressConnection resource to create or update an AWS App Runner VPC Ingress Connection.

October 31, 2022

New resource

The following resource was added: AWS::IoT::TopicRule LocationAction.

AWS::IoT::TopicRule LocationAction

The AWS::IoT::TopicRule LocationAction resource to specify a Location Action.

October 31, 2022

Updated resource

The following resource was updated: AWS::Connect::User UserIdentityInfo

AWS::Connect::User UserIdentityInfo

Use the Mobile property to specify the user's mobile number.

Use the SecondaryEmail property to specify the user's secondary email address.

October 27, 2022

Updated resource

The following resource was updated: AWS::RUM::AppMonitor.

AWS::RUM::AppMonitor

The MetricDestination and MetricDefinition properties were added to the AWS::RUM::AppMonitor resource to support Amazon CloudWatch extended metrics. For more information, see Custom metrics and extended metrics that you can send to CloudWatch and CloudWatch Evidently.

October 27, 2022

Updated resource

The following resource was updated: AWS::Cognito::UserPoolClient

AWS::Cognito::UserPool

The DeletionProtection property of a user pool prevents accidental deletion of user pools.

October 24, 2022

Updated resource

The following property was added to the AWS::SES::DedicatedIpPool resource:

AWS::SES::DedicatedIpPool

Use the ScalingMode property to specify the scaling mode of a dedicated IP pool.

October 20, 2022

New resources

The following resources were added: AWS::AmplifyUIBuilder::Form.

AWS::AmplifyUIBuilder::Form

Use the AWS::AmplifyUIBuilder::Form resource to specify a form within an Amplify app.

October 20, 2022

New resource

The following new resource was added: AWS::FSx::DataRepositoryAssociation

AWS::FSx::DataRepositoryAssociation

Use the DataRepositoryAssociation resource to link an FSx for Lustre file system to an Amazon S3 data repository.

October 20, 2022

Updated resource

The following resource was updated: AWS::RDS::DBCluster

AWS::RDS::DBCluster

Use the Domain property to specify the directory ID of the Active Directory to create the DB cluster.

Use the DomainIAMRoleName property to specify the name of the IAM role to use when making API calls to the Directory Service.

Use the NetworkType property to indicate the network type of the DB cluster.

The following properties now supported for Multi-AZ DB clusters: AllocatedStorage, AutoMinorVersionUpgrade, BackupRetentionPeriod, CopyTagsToSnapshot, DatabaseName, DBClusterIdentifier, DBClusterInstanceClass, DBClusterParameterGroupName, DBSubnetGroupName, DeletionProtection, EnableCloudwatchLogsExports, Engine, EngineVersion, Iops, KmsKeyId, MasterUsername, MasterUserPassword, MonitoringInterval, MonitoringRoleArn, PerformanceInsightsEnabled, PerformanceInsightsKmsKeyId, PerformanceInsightsRetentionPeriod, Port, PreferredBackupWindow, PreferredMaintenanceWindow, PubliclyAccessible, StorageEncrypted, StorageType, Tags, and VpcSecurityGroupIds

October 13, 2022

Updated resource

The following resource was updated: AWS::RDS::DBInstance

AWS::RDS::DBInstance

Use the NetworkType property to indicate the network type of the DB cluster.

October 13, 2022

Updated resource

The following resource was updated: AWS::Connect::PhoneNumber

AWS::Connect::PhoneNumber

Use the AWS::Connect::PhoneNumber resource to claim a phone number to an Amazon Connect instance or traffic distribution group.

October 10, 2022

New resource

The following resources were added: AWS::GreengrassV2::Deployment.

AWS::GreengrassV2::Deployment

Use the AWS::GreengrassV2::Deployment resource to create a new deployment to your core devices in AWS IoT Greengrass.

October 6, 2022

New and updated resources

The following resources were added: AWS::Transfer::Agreement, AWS::Transfer::Connector, AWS::Transfer::Certificate, and AWS::Transfer::Profile. The following resource was updated: AWS::Transfer::Server WorkflowDetails

AWS::Transfer::Agreement

Use the Agreement resource to specify an agreement between trading partners in AWS Transfer Family.

AWS::Transfer::Certificate

Use the Certificate resource to import signing and encryption certificates for AS2 in AWS Transfer Family.

AWS::Transfer::Connector

Use the Connector resource to create an entity that captures the parameters for an outbound AS2 connection in AWS Transfer Family.

AWS::Transfer::Profile

Use the Profile resource to specify local and partner profiles for servers in AWS Transfer Family that use the AS2 protocol.

AWS::Transfer::Server WorkflowDetails

Use the OnPartialUpload parameter to trigger a workflow in the case a transfer is interrupted and does not complete.

October 6, 2022

Updated resource

The following resource was updated: AWS::KMS::Key.

AWS::KMS::Key

If you change the value of an immutable property of an existing AWS::KMS::Key resource, the request to update the resource fails. Previously, changing the value of an immutable property caused the existing AWS::KMS::Key to be deleted and replaced.

This change does not affect the AWS::KMS::Alias or AWS::KMS::ReplicaKey resources. If you change an immutable property of these resources, the resource is deleted and replaced.

September 30, 2022

Updated resource

The following resource was updated: AWS::RDS::DBCluster

AWS::RDS::DBCluster

Use the ServerlessV2ScalingConfiguration property to specify the scaling configuration of an Aurora Serverless V2 DB cluster.

The DBClusterResourceId return value is the AWS Region-unique, immutable identifier for the DB cluster.

Use the DBInstanceParameterGroupName property to specify the name of the DB parameter group to apply to all instances of the DB cluster.

September 29, 2022

Updated resource

The following resource was updated: AWS::RDS::DBInstance

AWS::RDS::DBInstance

Use the NcharCharacterSetName property to specify the name of the NCHAR character set for the Oracle DB instance.

Use the CustomIAMInstanceProfile property to specify the instance profile associated with the underlying Amazon EC2 instance of an RDS Custom DB instance.

September 29, 2022

New resources

The following resources were added: AWS::IdentityStore::Group and AWS::IdentityStore::GroupMembership.

AWS::IdentityStore::Group

Use the AWS::IdentityStore::Group resource to manage groups in an identity store.

AWS::IdentityStore::GroupMembership

Use the AWS::IdentityStore::GroupMembership resource to manage group membership in an identity store.

September 29, 2022

New resource

The following resource was added: AWS::CloudFront::MonitoringSubscription.

AWS::CloudFront::MonitoringSubscription

Use the AWS::CloudFront::MonitoringSubscription resource to enable additional CloudWatch metrics for the specified Amazon CloudFront distribution.

For more information, see Viewing additional CloudFront distribution metrics in the Amazon CloudFront Developer Guide.

September 29, 2022

Updated resource

The following resource was updated: AWS::IoT::CACertificate.

AWS::IoT::CACertificate

The AWS::IoT::CACertificate resource adds RemoveAutoRegistration property.

September 22, 2022

New resource

The following resource was added: AWS::IoTFleetWise::Campaign

AWS::IoTFleetWise::Campaign

Use the AWS::IoTFleetWise::Campaign resource to specify a campaign in AWS IoT FleetWise.

September 22, 2022

New resource

The following resource was added: AWS::IoTFleetWise::DecoderManifest

AWS::IoTFleetWise::DecoderManifest

Use the AWS::IoTFleetWise::DecoderManifest resource to specify a decoder manifest in AWS IoT FleetWise.

September 22, 2022

New resource

The following resource was added: AWS::IoTFleetWise::Fleet

AWS::IoTFleetWise::Fleet

Use the AWS::IoTFleetWise::Fleet resource to specify a fleet in AWS IoT FleetWise.

September 22, 2022

New resource

The following resource was added: AWS::IoTFleetWise::ModelManifest

AWS::IoTFleetWise::ModelManifest

Use the AWS::IoTFleetWise::ModelManifest resource to specify a model manifest in AWS IoT FleetWise.

September 22, 2022

New resource

The following resource was added: AWS::IoTFleetWise::SignalCatalog

AWS::IoTFleetWise::SignalCatalog

Use the AWS::IoTFleetWise::SignalCatalog resource to specify a signal catalog in AWS IoT FleetWise.

September 22, 2022

New resource

The following resource was added: AWS::IoTFleetWise::Vehicle

AWS::IoTFleetWise::Vehicle

Use the AWS::IoTFleetWise::Vehicle resource to specify a vehicle in AWS IoT FleetWise.

September 22, 2022

Updated resource

The following resource was updated: AWS::Cognito::UserPoolClient

AWS::Cognito::UserPoolClient

The AuthSessionValidity property of a user pool client makes it possible to increase the duration of a prompt for authentication input like a password or MFA code.

September 15, 2022

Updated resource

The following property was updated: AWS::EKS::Cluster

AWS::EKS::Cluster

Use the OutpostConfig property to specify the configuration of your local Amazon EKS cluster on an Outpost.

September 15, 2022

New resource

A new parameter was added to the AWS::Evidently::Project.

Evidently resource type reference

The AppConfigResource property was added to the AWS::Evidently::Project resource to enable you to use Client-side evaluation - powered by AWS AppConfig in your projects.

For more information, see Use client-side evaluation - powered by AWS AppConfig.

September 15, 2022

Updated resources

The following resource was updated: AWS::EC2::LaunchTemplate.

AWS::EC2::LaunchTemplate

A description for the first version of the launch template.

September 8, 2022

Updated resource

The following resource was updated: AWS::KMS::Key.

AWS::KMS::Key

Add full AWS::KMS::Key support to Middle East (UAE) Region (me-central-1), including support for using a CloudFormation template to create and manage asymmetric KMS keys and multi-Region KMS keys (primary or replica).

September 8, 2022

Updated resource

The following resource was updated: AWS::OpenSearchService::Domain.

AWS::OpenSearchService::Domain

Use the Throughput property to specify the throughput of the EBS volumes attached to data nodes. This propertly applies only to the gp3 volume type.

September 8, 2022

Updated resource

The following resource was updated: AWS::SNS::Topic.

AWS::SNS::Topic

Use the DataProtectionPolicy property to attach a DataProtectionPolicy to an SNS topic.

September 8, 2022

New resource

The following resource was added: AWS::CloudFront::OriginAccessControl.

AWS::CloudFront::OriginAccessControl

Use the AWS::CloudFront::OriginAccessControl resource to create a new origin access control in Amazon CloudFront.

For more information, see Restricting access to an Amazon S3 origin in the Amazon CloudFront Developer Guide.

September 8, 2022

New resource

The following resource was added: AWS::Connect::InstanceStorageConfig

AWS::Connect::InstanceStorageConfig

Use the AWS::Connect::InstanceStorageConfig resource to configure instance storage.

September 1, 2022

New resource

The following resource was added: AWS::ControlTower::EnabledControl.

AWS::ControlTower::EnabledControl

Use the AWS::ControlTower::EnabledControl resource to specify an asynchronous operation that manages a control.

September 1, 2022

New resource

The following resource was added: AWS::Macie::AllowList.

AWS::Macie::AllowList

Use the AWS::Macie::AllowList resource to specify text or a text pattern for Amazon Macie to ignore when it inspects data sources for sensitive data.

September 1, 2022

Updated resource

The following resource was updated: AWS::APS::Workspace.

AWS::APS::Workspace

Use the LoggingConfiguration property to specify Amazon Managed Service for Prometheus workspace logging configuration.

August 30, 2022

Updated resources

The following resources were updated: AWS::AppMesh::VirtualNode, AWS::AppMesh::VirtualGateway, AWS::AppMesh::GatewayRoute and AWS::AppMesh::Route

AWS::AppMesh::VirtualNode

Use the Format property to represent the specified format for the logs. The format is either json_format or text_format.

Use the JsonFormatRef resource to represent object that represents the key value pairs for the JSON.

Use the LoggingFormat resource to represent object that represents the format for the logs.

AWS::AppMesh::VirtualGateway

Use the VirtualGatewayFileAccessLogFormat property to represent the specified format for the logs. The format is either json_format or text_format.

Use the JsonFormatRef resource to represent object that represents the key value pairs for the JSON.

Use the LoggingFormat resource to represent object that represents the format for the logs.

AWS::AppMesh::GatewayRoute

Use the Port property to represent the port number of the gateway route target.

AWS::AppMesh::Route

Use the Port property to represent the port number of the gateway route target.

Use the Port property to represent an object that is the criteria for determining a request match.

Use the TcpRouteMatch resource to represent an object that is the TCP route to match.

August 25, 2022

Updated resource

The following resource was updated: AWS::MediaPackage::OriginEndpoint.

AWS::MediaPackage::OriginEndpoint.

Use the DVB_DASH_2014 property to select the DVB_DASH_2014 profile for the output.

August 25, 2022

New resource

The following resource was added: AWS::Connect::Instance

AWS::Connect::Instance

Use the AWS::Connect::Instance resource to create an instance.

August 25, 2022

New resource

The following resource was added: AWS::SupportApp::SlackChannelConfiguration.

AWS::SupportApp::SlackChannelConfiguration

Use the AWS::SupportApp::SlackChannelConfiguration resource to specify your configuration for the AWS Support App in Slack.

August 25, 2022

New resource

The following resource was added: AWS::SupportApp::AccountAlias.

AWS::SupportApp::AccountAlias

Use the AWS::SupportApp::AccountAlias resource to specify your alias name. You can use this alias to identify your AWS account in the AWS Support App.

August 25, 2022

Fn::ToJsonString intrinsic function

The Fn::ToJsonString intrinsic function converts an object or array to its corresponding JSON string.

For more information, see Fn::ToJsonString.

August 24, 2022

Fn::Length intrinsic function

The Fn::Length intrinsic function returns the number of elements within an array or an intrinsic function that returns an array.

For more information, see Fn::Length.

August 24, 2022

AWS::LanguageExtensions transform

The AWS::LanguageExtensions transform is a macro hosted by AWS CloudFormation that lets you use intrinsic functions and other functionalities not included by default in AWS CloudFormation.

For more information, see AWS::LanguageExtensions transform.

August 24, 2022

Updated resources

The following resource was updated: AWS::WAFv2::WebACLAssociation.

AWS::WAFv2::WebACLAssociation

The ResourceArn property now accepts AWS::Cognito::UserPool ARNs.

August 23, 2022

Updated resource

The following resource was updated: AWS::FMS::Policy.

AWS::FMS::Policy

The AWS::FMS::Policy resource now allows you to manage third-party firewalls, as well as AWS Network Firewall policies that use centralized or distributed deployment models.

August 18, 2022

Updated resource

The following resource was updated: AWS::Lambda::EventSourceMapping.

AWS::Lambda::EventSourceMapping

Use the SelfManagedKafkaEventSourceConfig property to define specific configuration settings for a self-managed Kafka event source, such as the consumer group ID. Use the AmazonManagedKafkaEventSourceConfig property to define specific configuration settings for an MSK event source, such as the consumer group ID.

August 18, 2022

New resource

The following resource was added: AWS::DynamoDB::Table.ImportSourceSpecification

AWS::DynamoDB::Table.ImportSourceSpecification

Use the AWS::DynamoDB::Table.ImportSourceSpecification resource to import from S3 into DynamoDB.

August 18, 2022

Updated resource

The following resource was updated: AWS::CloudFront::Distribution.

AWS::CloudFront::Distribution

In the HttpVersion property, use the http2and3 and http3 values to specify the HTTP version(s) that you want viewers to use to communicate with Amazon CloudFront.

For more information, see Supported HTTP versions in the Amazon CloudFront Developer Guide.

August 15, 2022

Updated resource

The following resources were updated: AWS::GuardDuty::Filter, AWS::GuardDuty::IPSet, and AWS::GuardDuty::ThreatIntelSet

AWS::GuardDuty::Filter

Use Tags property to specify metadata to add to a new filter resource.

Use Rank property to specify position of the filter in the list of the current filters.

AWS::GuardDuty::IPSet

Use Tags property to specify metadata to add to a new IP set resource.

AWS::GuardDuty::ThreatIntelSet

Use Tags property to specify metadata to add to a new threat list resource.

August 15, 2022

New resources

The following resources were added: AWS::M2::Application and AWS::M2::Environment.

AWS::M2::Application

Use the AWS::M2::Application resource to specify an application in the AWS Mainframe Modernization service.

AWS::M2::Environment

Use the AWS::M2::Environment resource to specify a runtime environment in the AWS Mainframe Modernization service.

August 11, 2022

Updated resources

The following resources were updated: AWS::WAFv2::WebACL and AWS::WAFv2::RuleGroup.

AWS::WAFv2::WebACL

In the SqliMatchStatement property type, use the SensitivityLevel property to specify the sensitivity that you want to use to inspect for SQL injection attacks.

AWS::WAFv2::RuleGroup

In the SqliMatchStatement property type, use the SensitivityLevel property to specify the sensitivity that you want to use to inspect for SQL injection attacks.

August 4, 2022

Updated resource

The following resource was updated: AWS::GuardDuty::Detector

AWS::GuardDuty::Detector

Use the CFNDataSourceConfigurations property to specify the data source when detector is created.

Use the CFNMalwareProtectionConfiguration property to specify enabling Malware Protection data source.

Use the CFNScanEc2InstanceWithFindingsConfiguration property to specify enabling data source as Malware Protection for EC2 findings.

August 4, 2022

Updated resource

The following resource was updated: AWS::IoT::CACertificate.

AWS::IoT::CACertificate

The AWS::IoT::CACertificate resource adds RegistrationConfig type in RegistrationConfig property.

August 4, 2022

Updated resource

The following resource was updated: AWS::IoT::ProvisioningTemplate.

AWS::IoT::ProvisioningTemplate

The AWS::IoT::ProvisioningTemplate resource now supports TemplateType property.

August 4, 2022

Updated resource

The following resource was updated: AWS::RedshiftServerless::Workgroup

AWS::RedshiftServerless::Workgroup

The additionalinfo parameter was removed from AWS::RedshiftServerless::Workgroup.

July 28, 2022

Updated resource

The following resource was updated:

AWS::Transfer::Server ProtocolDetails

Use the As2Transports property to indicate the transport method for the AS2 messages.

July 28, 2022

Updates to resource

The following resource was updated: AWS::SSO::PermissionSet.

AWS::SSO::PermissionSet

Use the CustomerManagedPolicyReferences and PermissionsBoundary properties of the AWS::SSO::PermissionSet resource to assign customer managed policies and permissions boundaries in IAM Identity Center.

July 21, 2022

Updated resources

The following resource was updated: AWS::EC2::PlacementGroup.

AWS::EC2::PlacementGroup

Use the SpreadLevel parameter to determine how placement groups spread instances.

July 21, 2022

Updated resource

The following resource was updated: AWS::MediaPackage::OriginEndpoint.

AWS::MediaPackage::OriginEndpoint.

Updated the presetSpeke20Audio and presetSpeke20Videoproperties.

July 21, 2022

New resource

The AWS::Evidently::Segment resource was added.

Evidently resource type reference

Use a segment to define a portion of your audience that share one or more characteristics.

For more information, see Use segments to focus your audience.

July 21, 2022

New resource

The following resource was added: AWS::Synthetics::Group.

AWS::Synthetics::Group

Use the AWS::Synthetics::Group resource to create a group. You can use groups to associate canaries with each other, including cross-Region canaries. Using groups can help you with managing and automating your canaries, and you can also view aggregated run results and statistics for all canaries in a group.

July 21, 2022

Managing events with AWS CloudFormation and Amazon EventBridge

Receive notifications when specific AWS CloudFormation events such as object creation or deletion occur in an AWS CloudFormation with EventBridge.

For more information, see Managing events with Amazon EventBridge.

July 20, 2022

Updated resource

The following resource was updated: AWS::KMS::Key.

AWS::KMS::Key

Added support for SM2 key pairs (China Regions only), including the SM2 value for the KeySpec property.

July 14, 2022

Updated resource

The following resource was updated: AWS::SageMaker::NotebookInstance

AWS::SageMaker::NotebookInstance

Use the InstanceMetadataServiceConfiguration property to specify information about the IMDS configuration of the notebook instance.

Use the InstanceMetadataServiceConfiguration.MinimumInstanceMetadataServiceVersion property to specify the minimum IMDS version that the notebook instance supports.

July 14, 2022

New resources

Use these resources to manage your Amazon Redshift Serverless instance.

AWS::RedshiftServerless::Workgroup

Use the AWS::RedshiftServerless::Workgroup resource to manage compute resources in Amazon Redshift Serverless.

AWS::RedshiftServerless::Namespace

Use the AWS::RedshiftServerless::Namespace resource to manage database objects and users in Amazon Redshift Serverless.

July 12, 2022

Account level

AWS CloudFormation announces the general availability of account filter type, a feature that allows customers to limit deployment targets to individual accounts or include additional accounts with provided OUs.

For more information, see Account level targets.

July 7, 2022

Updated resource

The following resource was updated: AWS::RefactorSpaces::Route.

AWS::RefactorSpaces::Route

In the DefaultRouteInput property type, use the ActivationState property to specify the activation state of the route.

In the UriPathRouteInput property type, use the ActivationState property to specify the activation state of the route.

June 30, 2022

New resources

The following resources were added: AWS::LakeFormation::DataCellsFilter, AWS::LakeFormation::TagAssociation, documentation target="AWS::LakeFormation::Tag, AWS::LakeFormation::PrincipalPermissions

AWS::LakeFormation::DataCellsfilter

Use the DataCellsFilter resource to specify a structure for a data cell filter.

AWS::LakeFormation::PrincipalPermissions

Use the AWS::LakeFormation::PrincipalPermissions resource to specify the permissions that a principal has on an resource.

AWS::LakeFormation::Tag

Use the AWS::LakeFormation::Tag resource to specify an LF-tag, which consists of a key and one or more possible values for the key.

AWS::LakeFormation::TagAssociation

Use the AWS::LakeFormation::TagAssociation resource to assign an LF-tag to a Data Catalog resource.

June 30, 2022

New resource

The following resource was added: AWS::DataSync::LocationFSxONTAP.

AWS::DataSync::LocationFSxONTAP

Use the AWS::DataSync::LocationFSxONTAP resource to create a location for an Amazon FSx for ONTAP file system.

June 30, 2022

New resource

The following resource was added: AWS::IoT::CACertificate

AWS::IoT::CACertificate

Use the AWS::IoT::CACertificateto specify a CA certificate.

June 30, 2022

New resource

The following resource was added: AWS::SES::DedicatedIpPool.

AWS::SES::DedicatedIpPool

Use the DedicatedIpPool resource to create a new pool of dedicated IP addresses.

June 30, 2022

New resource

The following resource and properties were added: AWS::SES::EmailIdentity, AWS::SES::EmailIdentity ConfigurationSetAttributes, AWS::SES::EmailIdentity DkimAttributes, AWS::SES::EmailIdentity DkimSigningAttributes, AWS::SES::EmailIdentity FeedbackAttributes, and AWS::SES::EmailIdentity MailFromAttributes.

AWS::SES::EmailIdentity

Use the EmailIdentity resource to specify an identity, such as an email address or domain, for using within SES.

AWS::SES::EmailIdentity ConfigurationSetAttributes

Use the ConfigurationSetAttributes property to associate a configuration set with an email identity.

AWS::SES::EmailIdentity DkimAttributes

Use the DkimAttributes property to enable or disable DKIM authentication for an email identity.

AWS::SES::EmailIdentity DkimSigningAttributes

Use the DkimSigningAttributes property to configure or change the DKIM authentication settings for an email domain identity.

AWS::SES::EmailIdentity FeedbackAttributes

Use the FeedbackAttributes property to enable or disable feedback forwarding for an identity.

AWS::SES::EmailIdentity MailFromAttributes

Use the MailFromAttributes property to enable or disable the custom Mail-From domain configuration for an email identity.

June 30, 2022

Updated resources

The following resources were updated: AWS::AppStream::Stack

AWS::AppStream::Stack

Use the StreamingExperienceSettings property to specify the streaming protocol you want your stack to prefer. This can be UDP or TCP. Currently, UDP is only supported in the Windows native client.

June 28, 2022

New resource

The following resource was added: AWS::CloudTrail::EventDataStore

AWS::CloudTrail::EventDataStore

Use the EventDataStore resource to specify an event data store in CloudTrail Lake. Event data stores are immutable collections of events based on criteria that you select by applying advanced event selectors. For more information, see Working with CloudTrail Lake in the AWS CloudTrail User Guide.

AWS::CloudTrail::EventDataStore.AdvancedEventSelector

Use the AdvancedEventSelector property to specify fine-grained event properties for data events that you want to log to an event data store. For more information, see Data events in the AWS CloudTrail User Guide.

AWS::CloudTrail::EventDataStore.AdvancedFieldSelector

Use the AdvancedFieldSelector property to specify fine-grained event properties for data events that you want to log to an event data store. An AdvancedFieldSelector is a single selector statement within an advanced event selector. For more information, see Data events in the AWS CloudTrail User Guide.

June 23, 2022

New resource

The following resources were added: AWS::ConnectCampaigns::Campaign

AWS::ConnectCampaigns::Campaign

Use the AWS::ConnectCampaigns::Campaign resource to create a high-volume outbound campaign.

June 23, 2022

Updated resources

The following resources were updated: AWS::MediaTailor::Channel, AWS::MediaTailor::LiveSource, AWS::MediaTailor::SourceLocation, and AWS::MediaTailor::VodSource.

AWS::MediaTailor::Channel

Added DashPlaylistSettings, HlsPlaylistSettings, LogConfigurationForChannel, RequestOutputItem, and SlateSource properties.

AWS::MediaTailor::ChannelPolicy

Added ChannelNameand Policy properties.

AWS::MediaTailor::LiveSource

Added HttpPackageConfiguration property.

AWS::MediaTailor::SourceLocation

Added AccessConfiguration, DefaultSegmentDeliveryConfiguration, HttpConfiguration, SecretsManagerAccessTokenConfiguration, and SegmentDeliveryConfiguration properties.

AWS::MediaTailor::VodSource

Added HttpPackageConfiguration property.

June 22, 2022

Updated resources

The following resource was updated: AWS::MediaTailor::PlaybackConfiguration.

AWS::MediaTailor::PlaybackConfiguration

Added DashConfiguration.ManifestEndpointPrefix, HlsConfiguration.ManifestEndpointPrefix, PlaybackConfigurationArn, PlaybackEndpointPrefix, and SessionInitializationEndpointPrefix return values.

June 16, 2022

New resources

The following resource and properties were added: AWS::Route53::CidrCollection, AWS::Route53::RecordSet.CidrRoutingConfig, and AWS::Route53::RecordSetGroup CidrRoutingConfig

AWS::Route53::CidrCollection

Use the AWS::Route53::CidrCollection resource to create a CIDR collection for IP-based DNS routing.

AWS::Route53::RecordSet.CidrRoutingConfig

Use the AWS::Route53::RecordSet.CidrRoutingConfig property to update IP-routing information for the DNS record that you want to create.

AWS::Route53::RecordSetGroup CidrRoutingConfig

Use the AWS::Route53::RecordSetGroup CidrRoutingConfig property to link a resource record set to a CIDR location.

June 16, 2022

Updated resources

The following resource was updated: AWS::EC2::LaunchTemplate.

AWS::EC2::LaunchTemplate LaunchTemplateData

Use the DisableApiStop parameter to enable or disable an instance for stop protection.

June 9, 2022

Updated resource

The following resource was updated: AWS::DataSync::LocationEFS.

AWS::DataSync::LocationEFS

Use the AccessPointArn property to specify an access point for your Amazon EFS file system.

Use the FileSystemAccessRoleArn property to specify an IAM role that DataSync assumes when mounting your file system.

Use the InTransitEncryption property to specify whether you want DataSync to use Transport Layer Security (TLS) 1.2 encryption when it copies data to or from your file system.

June 9, 2022

Updated resource

The following property was added to the AWS::SES::ConfigurationSetEventDestination resource:

AWS::SES::ConfigurationSetEventDestination SnsDestination

Use the SnsDestination property to specify an Amazon Simple Notification Service (Amazon SNS) event destination to publish email sending events.

June 9, 2022

Updated resource

The following properties were updated to SES API v2 for the AWS::SES::ConfigurationSet resource:

AWS::SES::ConfigurationSet DeliveryOptions

Use the DeliveryOptions property to assign a dedicated IP pool to this configuration set.

AWS::SES::ConfigurationSet ReputationOptions

Use the ReputationOptions property to enable or disable collection of reputation metrics for emails sent with this configuration set.

AWS::SES::ConfigurationSet SendingOptions

Use the SendingOptions property to enable or disable email sending for messages that use this configuration set.

AWS::SES::ConfigurationSet SuppressionOptions

Use the SuppressionOptions property to specify a list that contains the reasons that email addresses are automatically added to the suppression list.

AWS::SES::ConfigurationSet TrackingOptions

Use the TrackingOptions property to specify a custom domain to use for open and click tracking elements in emails that you send from this configuration set.

June 9, 2022

New resource

The following resources were added: AWS::Connect::TaskTemplate

AWS::Connect::TaskTemplate

Use the AWS::Connect::TaskTemplate resource to create a task template.

June 9, 2022

Updated resource

The following resource was updated:

AWS::Transfer::Server ProtocolDetails

Use the SetStatOption to ignore the error that is generated when the client attempts to use SETSTAT on a file you are uploading to an S3 bucket.

May 26, 2022

New resource

The following resource was added: AWS::EMRServerless::Application.

AWS::EMRServerless::Application

Use the AWS::EMRServerless::Application resource to specify an EMR Serverless application.

May 26, 2022

New resources

The following resources were added: AWS::IoTWireless::NetworkAnalyzerConfiguration

AWS::IoTWireless::NetworkAnalyzerConfiguration

Gets information about a network analyzer configuration.

May 25, 2022

Updated resource

The following resource was updated: AWS::Cognito::UserPoolClient

AWS::Cognito::UserPoolClient

The EnablePropagateAdditionalUserContextData property of a user pool client makes it possible to pass IP address information to advanced security features with unauthenticated API requests.

May 20, 2022

Updated resources

The following resources were updated: AWS::AppMesh::VirtualNode and AWS::AppMesh::Mesh

AWS::AppMesh::VirtualNode

Use the DnsServiceDiscovery property to represent the DNS service discovery information for your virtual node.

Use the AwsCloudMapServiceDiscovery property to represent the AWS Cloud Map service discovery information for your virtual node.

AWS::AppMesh::Mesh

Use the MeshServiceDiscovery resource to represent the service discovery information for a service mesh.

May 19, 2022

Updated resources

The following resources were updated: AWS::Lightsail::LoadBalancer and AWS::Lightsail::LoadBalancerTlsCertificate

AWS::Lightsail::LoadBalancer

Use the tlsPolicyName property to specify a TLS security policy for the load balancer.

AWS::Lightsail::LoadBalancerTlsCertificate

Use the httpsRedirectionEnabled property to indicate whether HTTPS redirection is enabled for the load balancer that the TLS certificate is attached to.

May 19, 2022

Updated resource

The following resource was updated: AWS::Synthetics::Canary.

AWS::Synthetics::Canary

The DeleteLambdaResourcesOnCanaryDeletion parameter was added. You can specify this parameter when you create or update a canary to have the canary's Lambda resources deleted when the canary is deleted.

May 12, 2022

Updated resource

The following resource was updated: AWS::DataSync::Task.

AWS::DataSync::Task

In the Options property type, use the ObjectTags property to specify whether object tags are maintained when transferring between object storage systems.

May 12, 2022

New resource

The following resource was added: AWS::IoT::RoleAlias

AWS::IoT::RoleAlias

Use the AWS::IoT::RoleAliasto specify a role alias.

May 12, 2022

New resources

New resources were added to Network Manager: AWS::NetworkManager::CoreNetwork, AWS::NetworkManager::ConnectAttachment, AWS::NetworkManager::ConnectPeer, AWS::NetworkManager::SiteToSiteVpnAttachment, and AWS::NetworkManager::VpcAttachment.

AWS::NetworkManager::CoreNetwork

Use the AWS::NetworkManager::CoreNetwork to create a core network.

AWS::NetworkManager::ConnectAttachment

Use the AWS::NetworkManager::CoreNetwork.ConnectAttachment to create a Connect attachment.

AWS::NetworkManager::ConnectPeer

Use the AWS::NetworkManager::ConnectPeer to create a Connect peer attachment.

AWS::NetworkManager::SiteToSiteVpnAttachment

Use the AWS::NetworkManager::SiteToSiteVpnAttachment to create a site-to-site VPN attachment.

AWS::NetworkManager::VpcAttachment

Use the AWS::NetworkManager::VpcAttachment to create a VPC attachment.

May 11, 2022

Updated resources

The following resources were updated: AWS::WAFv2::WebACL and AWS::WAFv2::RuleGroup.

AWS::WAFv2::WebACL

Use the Cookies property to specify that a rule statement should inspect the cookies in web requests.

Use the CookieMatchPattern property to specify a subset of all cookies for inspection.

Use the Headers property to specify that a rule statement should inspect the headers in web requests.

Use the HeaderMatchPattern property to specify a subset of all headers for inspection.

In the Body property type, use the OversizeHandling property to specify how to handle web requests that have oversize body contents.

In the JsonBody property type, use the OversizeHandling property to specify how to handle web requests that have oversize body contents.

AWS::WAFv2::RuleGroup

Use the Cookies property to specify that a rule statement should inspect the cookies in web requests.

Use the CookieMatchPattern property to specify a subset of all cookies for inspection.

Use the Headers property to specify that a rule statement should inspect the headers in web requests.

Use the HeaderMatchPattern property to specify a subset of all headers for inspection.

In the Body property type, use the OversizeHandling property to specify how to handle web requests that have oversize body contents.

In the JsonBody property type, use the OversizeHandling property to specify how to handle web requests that have oversize body contents.

May 5, 2022

New resource

The following resource was added: AWS::Rekognition::StreamProcessor.

AWS::Rekognition::StreamProcessor

The AWS::Rekognition::StreamProcessor type creates a stream processor used to detect and recognize faces or to detect connected home labels in a streaming video.

May 5, 2022

New resource

The following resources were added: AWS::VoiceID::Domain

AWS::VoiceID::Domain

Use the AWS::VoiceID::Domain resource to create a Voice ID domain.

May 5, 2022

New resource

The following resource was added: AWS::EC2::KeyPair.

AWS::EC2::KeyPair

Use the KeyPair resource to create or import a key pair.

April 28, 2022

New resource

The following resource was added: AWS::Route53Profiles::Profile.

AWS::Route53Profiles::Profile

Added the AWS::Route53Profiles::Profile resource was added to support the shareing of Route 53 configurations across VPCs and AWS accounts.

April 24, 2022

New resource

The following resource was added: AWS::Route53Profiles::ProfileAssociation.

AWS::Route53Profiles::ProfileAssociation

Added the AWS::Route53Profiles::ProfileAssociation resource was added to support associating a Route 53 Profile to a VPC.

April 24, 2022

New resource

The following resource was added: AWS::Route53Profiles::ProfileAssociation.

AWS::Route53Profiles::ProfileResourceAssociation

Added the AWS::Route53Profiles::ProfileResourceAssociation resource was added to support associating resources to a Route 53 Profile.

April 24, 2022

Updated resources

The following resource was updated: AWS::Batch::ComputeEnvironment

AWS::Batch::ComputeEnvironment

Use the ReplaceComputeEnvironment property to specify whether the compute environment should be replaced if an update is made that requires replacing the instances in the compute environment.

Use the UpdatePolicy property to specify the infrastructure update policy for the compute environment.

AWS::Batch::JobDefinition

Added a JobQueueArn attribute to the return values.

April 21, 2022

Updated resource

New parameters were added to AWS::Evidently::Experiment and AWS::Evidently::Launch

Evidently resource type reference

New parameters were added to AWS::Evidently::Experiment and AWS::Evidently::Launch to allow you to use AWS CloudFormation to start and stop experiments and launches.

April 21, 2022

New resources

The following resources were added: AWS::IoTTwinMaker::ComponentType, AWS::IoTTwinMaker::Entity, AWS::IoTTwinMaker::Scene, and AWS::IoTTwinMaker::Workspace

AWS::IoTTwinMaker::ComponentType

Use the AWS::IoTTwinMaker::ComponentType resource to declare a component type.

AWS::IoTTwinMaker::Entity

Use the AWS::IoTTwinMaker::Entity resource to declare an entity.

AWS::IoTTwinMaker::Scene

Use the AWS::IoTTwinMaker::Scene resource to declare a scene.

CFNResource

Use the AWS::IoTTwinMaker::Workspace resource to declare a workspace.

April 21, 2022

New resource

The following resources were added: AWS::Connect::PhoneNumber

AWS::Connect::PhoneNumber

Use the AWS::Connect::PhoneNumber resource to create a phone number.

April 21, 2022

Updated resource

The following resource was updated: AWS::KMS::Key.

AWS::KMS::Key

Added support for HMAC KMS keys, including new HMAC values for the KeySpec property and the GENERATE_VERIFY_MAC value for the KeyUsage property.

You can also use the AWS::KMS::ReplicaKey resource to create a replica of a multi-Region HMAC key. However, the properties of this resource did not change.

April 19, 2022

Updated resources

The following resources were updated: AWS::AppStream::Fleet

AWS::AppStream::Fleet

Use the SessionScriptS3Location property to specify the S3 location of the session scripts configuration zip file. This only applies to Elastic fleets.

April 14, 2022

Updated resource

The following resource was updated: AWS::CloudWatch::MetricStream.

AWS::CloudWatch::MetricStream

In the MetricStream resource, use the MetricStreamStatisticsConfiguration to have the metric stream include additional statistics such as percentile statistics in the stream.

April 14, 2022

Updated resource

The following resource was updated: AWS::AppRunner::Service

AWS::AppRunner::Service.ObservabilityConfiguration

New property. The observability configuration of the App Runner service.

April 12, 2022

New resource

The following resource was added: AWS::AppRunner::ObservabilityConfiguration

AWS::AppRunner::ObservabilityConfiguration

Use the AWS::AppRunner::ObservabilityConfiguration resource to create or update an AWS App Runner observability configuration.

April 12, 2022

Updated resources

The following resource was updated: AWS::EC2::LaunchTemplate.

AWS::EC2::LaunchTemplate NetworkInterface

Use the Ipv4PrefixCount or Ipv4Prefixes properties to assign IPv4 prefixes to a network interface.

Use the Ipv6PrefixCount or Ipv6Prefixes properties to assign IPv6 prefixes to a network interface.

April 7, 2022

New resource

The following resource was added: AWS::Events::Endpoint.

AWS::Events::Endpoint

Use the AWS::Events::Endpoint resource to create a Amazon EventBridge global endpoint and mae your application Regional-fault tolerant.

April 7, 2022

New resource

The following resource was added: AWS::Lambda::Url.

AWS::Lambda::Url

Use the Url resource to add a function URL endpoint to your Lambda function.

April 7, 2022

Updated resource

The following resources were updated: AWS::SageMaker::Domain, AWS::SageMaker::UserProfile

AWS::SageMaker::Domain

Use the UserSettings.RStudioServerProAppSettings property to configure user interaction with the RStudioServerPro app.

Use the RStudioServerProAppSettings property to configure user interaction with the RStudioServerPro app.

Use the RStudioServerProAppSettings.AccessStatus property to indicate whether the current user has access to the RStudioServerPro app.

Use the RStudioServerProAppSettings.UserGroup property to indicate the level of permissions that the user has within the RStudioServerPro app.

Use the RStudioServerProDomainSettings property to configure the RStudioServerPro Domain-level app.

Use the RStudioServerProDomainSettings.DefaultResourceSpec property to define the default InstanceType, SageMakerImageArn and SageMakerImageVersionArn for the Domain.

Use the RStudioServerProDomainSettings.DomainExecutionRoleArn property to indicate the ARN of the execution role for the RStudioServerPro Domain-level app.

Use the RStudioServerProDomainSettings.RStudioConnectUrl property to indicate a URL pointing to an RStudio Connect server.

Use the RStudioServerProDomainSettings.RStudioPackageManagerUrl property to indicate a URL pointing to an RStudio Package Manager server.

Use the DomainSettings property to indicate a collection of settings that apply to the SageMaker Domain.

Use the DomainSettings.RStudioServerProDomainSettings property to configure the RStudioServerPro Domain-level app.

Use the DomainSettings.SecurityGroupIds property to indicate security groups for the Amazon Virtual Private Cloud (Amazon VPC) that the Domain uses for communication between Domain-level apps and user apps.

AWS::SageMaker::UserProfile

Use the UserSettings.RStudioServerProAppSettings property to configure user interaction with the RStudioServerPro app.

Use the RStudioServerProAppSettings property to configure user interaction with the RStudioServerPro app.

Use the RStudioServerProAppSettings.AccessStatus property to indicate whether the current user has access to the RStudioServerPro app.

Use the RStudioServerProAppSettings.UserGroup property to indicate the level of permissions that the user has within the RStudioServerPro app.

March 31, 2022

New resource

The following resource was added: AWS::DataSync::LocationFSxOpenZFS.

AWS::DataSync::LocationFSxOpenZFS

Use the AWS::DataSync::LocationFSxOpenZFS resource to specify an Amazon FSx for OpenZFS file system.

March 31, 2022

Updated resource

The following resource was updated: AWS::ServiceCatalog::CloudFormationProduct ProvisioningArtifactProperties.

AWS::ServiceCatalog::CloudFormationProduct ProvisioningArtifactProperties

The AWS::ServiceCatalog::CloudFormationProduct ProvisioningArtifactProperties resource now supports the Type property.

March 30, 2022

Updated resource

The following resource was updated: AWS::Lambda::Function.

AWS::Lambda::Function

Use the EphemeralStorage property to set the function's ephemeral (/tmp) storage to any any whole number between 512 and 10240 MB.

March 24, 2022

Updated resource

The following property type was updated: AWS::Lex::Bot.

AWS::Lex::Bot

Use the AudioLogSetting property to configure logging of audio conversation with your users.

Use the AudioLogSetting property to configure the Lambda functions used for each of your bot's locales.

Use the ConversationLogsSettings property to manage logging that saves audio, text, and metadata of the conversations with your users.

Use the CustomVocabulary property to define custom vocabularies for your slot types.

Use the LambdaCodeHook property to specify a Lambda function that verifies requests to the bot or fulfills the user's request.

Use the S3BucketLogDestination property to configure the Amazon S3 bucket to hold audio conversation logs.

Use the SlotValueSelectionSetting property to configure advanced settings for recognizing slot values.

Use the TestBotAliasSettings property to configure the alias used for testing a bot.

Use the TextLogSetting property to configure text logs for conversations.

March 24, 2022

New resource

The following resource was added: AWS::IoTEvents::AlarmModel.

AWS::IoTEvents::AlarmModel

Use the AlarmModel resource to monitor an AWS IoT Events input attribute.

March 24, 2022

Updated resource

The following resource was updated: AWS::FSx::Filesystem

AWS::FSx::Filesystem

FSx for OpenZFS file system root volumes now support the LZ4 DataCompressionType.

March 17, 2022

Updated resource

The following resource was updated: AWS::FSx::Volume

AWS::FSx::Volume

FSx for OpenZFS volumes now support the LZ4 DataCompressionType.

March 17, 2022

Updated resource

The following resource was updated: AWS::FSx::Volume

AWS::FSx::Volume

FSx for OpenZFS volumes now support using the value 0 to un-set the StorageCapacityQuotaGiB for a volume.

March 17, 2022

Updated resource

The following resource was updated: AWS::FSx::Volume

AWS::FSx::Volume

FSx for OpenZFS volumes now support using the value 0 to un-set the StorageCapacityReservationGiB for a volume.

March 17, 2022

Updated resource

The following resource was updated: AWS::FSx::Volume

AWS::FSx::Volume

FSx for OpenZFS volumes now support setting the suggested block size for a volume.

March 17, 2022

Updated resource

The following resource was updated: AWS::FSx::Filesystem

AWS::FSx::FileSystem

FSx for ONTAP file systems now support lower ThroughputCapacity settings.

March 17, 2022

Updated resource

The following resource was updated: AWS::FIS::ExperimentTemplate.

AWS::FIS::ExperimentTemplate

Use the LogConfiguration property to configure experiment logging.

Use the Parameters property to specify criteria used to identify target resources.

March 11, 2022

Updated resource

The following resource was updated: AWS::AutoScaling::ScalingPolicy.

AWS::AutoScaling::ScalingPolicy

Use the AWS::AutoScaling::ScalingPolicy property to specify custom metrics when you create predictive scaling policies. You can also use metric math to further customize the metrics that you include in your policy.

March 10, 2022

Updated resource

The following resource was updated: AWS::StepFunctions::StateMachine

AWS::StepFunctions::StateMachine

The StateMachineType attribute is now IMMUTABLE.

March 10, 2022

New resources

The following resources were added: AWS::Personalize::Dataset, AWS::Personalize::Dataset DatasetImportJob, AWS::Personalize::DatasetGroup, AWS::Personalize::Schema, AWS::Personalize::Solution, and AWS::Personalize::Solution SolutionConfig.

AWS::Personalize::Dataset

Use the AWS::Personalize::Dataset resource to specify a dataset in Amazon Personalize.

AWS::Personalize::Dataset DatasetImportJob

Use the AWS::Personalize::Dataset DatasetImportJob resource to specify a dataset import job in Amazon Personalize.

AWS::Personalize::DatasetGroup

Use the AWS::Personalize::DatasetGroup resource to specify a dataset group in Amazon Personalize.

AWS::Personalize::Schema

Use the AWS::Personalize::Schema resource to specify a schema in Amazon Personalize.

AWS::Personalize::Solution

Use the AWS::Personalize::Solution resource to specify a solution in Amazon Personalize.

AWS::Personalize::Solution SolutionConfig

Use the AWS::Personalize::Solution SolutionConfig resource to specify a solution configuration in Amazon Personalize.

March 10, 2022

Updated resources

The following resources were updated: AWS::RedshiftServerless::Workgroup and AWS::RedshiftServerless::Namespace

AWS::RedshiftServerless::Workgroup

Added a number of return values to the AWS::RedshiftServerless::Workgroup resource.

AWS::RedshiftServerless::Namespace

Added a number of return values to the AWS::RedshiftServerless::Namespace resource.

March 9, 2022

New resource

The following resource was added: AWS::EKS::IdentityProviderConfig

AWS::EKS::IdentityProviderConfig

Use the OidcIdentityProviderConfig resources to specify an identity provider config and RequiredClaim to specify required claims.

March 7, 2022

Updated resources

The following resources were updated: AWS::DataBrew::Job

AWS::DataBrew::Job

Add MaxOutputFiles parameter to the Output data type to specify the maximum number of files to be generated by a profile job and written to the output folder.

March 3, 2022

Added resource

The following resource was added: AWS::ManagedBlockchain::Accessor

AWS::ManagedBlockchain::Accessor

Use the Accessor to create a new accessor for use with Managed Blockchain Ethereum nodes.

March 2, 2022

Updated resources

The following resources were updated: AWS::Batch::ComputeEnvironment, and AWS::Batch::JobQueue

AWS::Batch::ComputeEnvironment

Added a ComputeEnvironmentArn attribute to the return values.

AWS::Batch::JobQueue

Added a JobQueueArn attribute to the return values.

February 24, 2022

Updated resource

The following resource was updated: AWS::AutoScaling::WarmPool.

AWS::AutoScaling::WarmPool

Use the PoolState property to specify Hibernated to stop instances in a warm pool without deleting their RAM contents. Use the InstanceReusePolicy property to return instances to the warm pool on scale in, instead of always terminating instance capacity that you will need later.

February 24, 2022

Updated resource

The following resource was updated:

AWS::Transfer::Server

Use the PreAuthenticationLoginBanner property to specify a string to display when users connect to a server, before they authenticate.

Use the PostAuthenticationLoginBanner property to specify a string to display when users connect to a server, after they authenticate.

February 24, 2022

New resource

The following resource was added: AWS::DataSync::LocationFSxLustre.

AWS::DataSync::LocationFSxLustre

Use the AWS::DataSync::LocationFSxLustre resource to specify an Amazon FSx for Lustre file system.

February 24, 2022

Updated resource

The following resource was updated: AWS::WAFv2::WebACL.

AWS::WAFv2::WebACL

You can now define ManagedRuleGroupConfigs for a ManagedRuleGroupStatement, to provide configuration specific to the managed rule group. This is required to use the managed rule group, AWSManagedRulesATPRuleSet.

February 17, 2022

New resources

The following new resources were added to Network Manager: AWS::NetworkManager::ConnectAttachment, AWS::NetworkManager::ConnectPeer, AWS::NetworkManager::CoreNetwork, AWS::NetworkManager::SiteToSiteVPNAttachment, and AWS::NetworkManager::VPCAttachment.

AWS::NetworkManager::ConnectAttachment

Use the AWS::NetworkManager::ConnectAttachment to create a core network Connect attachment.

AWS::NetworkManager::ConnectPeer

Use the AWS::NetworkManager::ConnectPeer create a core network Connect Peer attachment.

AWS::NetworkManager::CoreNetwork

Use the AWS::NetworkManager::CoreNetwork to create a core network.

AWS::NetworkManager::SiteToSiteVPNAttachment

Use the AWS::NetworkManager::SiteToSiteVPNAttachment create a core network site-to-site VPN attachment.

AWS::NetworkManager::VPCAttachment

Use the AWS::NetworkManager::VPCAttachment create a core network VPC attachment.

February 17, 2022

Updated resources

The following resource was updated: AWS::EC2::LaunchTemplate.

AWS::EC2::LaunchTemplate PrivateDnsNameOptions

Use the PrivateDnsNameOptions property to set options for instance hostnames.

AWS::EC2::LaunchTemplate MetadataOptions

Use the InstanceMetadataTags property to allow access to instance tags from the instance metadata.

February 10, 2022

New resources

The following resources were added: AWS::CloudFormation::HookDefaultVersion, AWS::CloudFormation::HookTypeConfig, and AWS::CloudFormation::HookVersion.

AWS::CloudFormation::HookDefaultVersion

Use the AWS::CloudFormation::HookDefaultVersion resource to specify the default version of the hook.

AWS::CloudFormation::HookTypeConfig

Use the AWS::CloudFormation::HookTypeConfig resource to specify the configuration of a hook.

AWS::CloudFormation::HookVersion

Use the AWS::CloudFormation::HookVersion resource to publish the hook version in the AWS CloudFormation registry.

February 10, 2022

New resources

The following resources were added: AWS::ECR::PullThroughCacheRule

AWS::ECR::PullThroughCacheRule

Use the AWS::ECR::PullThroughCacheRule property to create a pull through cache rule for your private registry. Pull through cache rules provide a way to cache images from an external public registry in your private registry

February 10, 2022

CloudFormation registry

AWS CloudFormation announces the general availability of hooks, a feature that allows customers to invoke custom logic to automate actions or inspect resource configurations prior to a create, update or delete stack operation.

For more information, see Developing hooks in the User Guide for Extension Development.

February 10, 2022

Updated resource

The following resource was updated: AWS::AppRunner::Service

AWS::AppRunner::Service.NetworkConfiguration

New property. Configuration settings related to network traffic of the web application that the App Runner service runs.

February 8, 2022

New resource

The following resource was added: AWS::AppRunner::VpcConnector

AWS::AppRunner::VpcConnector

Use the AWS::AppRunner::VpcConnector resource to create or update an AWS App Runner VPC connector.

February 8, 2022

Updated resource

The following resource was updated: AWS::Events::Rule.

AWS::Events::Rule

The Rule.SageMakerPipelineParameter.PipelineParameterList is a list of parameter names and values for SageMaker Model Building Pipeline execution.

The Rule.SageMakerPipelineParameter.Name is the name of parameter to start execution of a SageMaker Model Building Pipeline.

The Rule.SageMakerPipelineParameter.Value is the value of parameter to start execution of a SageMaker Model Building Pipeline.

February 3, 2022

New properties

The following properties were added under AWS::ApplicationInsights::Application.ConfigurationDetails:

HANAPrometheusExporter

Use the HANAPrometheusExporter property of the AWS::ApplicationInsights::Application resource to define the HANA DB Prometheus Exporter settings.

HAClusterPrometheusExporter

Use the HAClusterPrometheusExporter property of the AWS::ApplicationInsights::Application resource to define the HA Cluster Prometheus Exporter settings.

February 3, 2022

Updated resource

The following resource was updated: RotationRules

AWS::SecretsManager::RotationSchedule RotationRules

Use RotationRules to set a detailed schedule to rotate your secret.

January 31, 2022

Updated resources

The following resource was updated: AWS::CustomerProfiles::Integration.

AWS::CustomerProfiles::Integration

Use the AWS::CustomerProfiles::Integration resource to create a new integration in Amazon Connect Customer Profiles Service.

January 27, 2022

Updated resources

The following resources were updated: AWS::Location::GeofenceCollection, AWS::Location::Map, AWS::Location::PlaceIndex, AWS::Location::RouteCalculator, and AWS::Location::Tracker.

AWS::Location::GeofenceCollection

Updated the AWS::Location::GeofenceCollection resource to no longer use PricingPlan or PricingPlanDataSource.

AWS::Location::Map

Updated the AWS::Location::Map resource to no longer use PricingPlan.

AWS::Location::PlaceIndex

Updated the AWS::Location::PlaceIndex resource to no longer use PricingPlan.

AWS::Location::RouteCalculator

Update the AWS::Location::RouteCalculator resource to no longer use PricingPlan.

AWS::Location::Tracker

Update the AWS::Location::Tracker resource to no longer use PricingPlan or PricingPlanDataSource.

January 27, 2022

Updated resource

The following resource was updated: AWS::IVS::RecordingConfiguration

AWS::IVS::RecordingConfiguration

Use the ThumbnailConfiguration property to specify an Amazon IVS ThumbnailConfiguration, which stores configuration information related to generating thumbnail images for your live stream.

January 27, 2022

New resource

The following resource was added: AWS::AppIntegrations::DataIntegration

AWS::AppIntegrations::DataIntegration

Use the AWS::AppIntegrations::DataIntegration resource to create a DataIntegration.

January 27, 2022

New collection resource

The following resource was added: AWS::Rekognition::Collection.

AWS::Rekognition::Collection

The AWS::Rekognition::Collection type creates a server-side container called a collection. You can use a collection to store information about detected faces and search for known faces in images, stored videos, and streaming videos.

January 27, 2022

New resources

The following resources were added: AWS::Forecast::Dataset and AWS::Forecast::DatasetGroup.

AWS::Forecast::Dataset

Use the AWS::Forecast::Dataset resource to import a new or updated dataset in Amazon Forecast.

AWS::Forecast::DatasetGroup

Use the AWS::Forecast::DatasetGroup resource to create a Dataset Group in Amazon Forecast.

January 23, 2022

Updated resources

The following resources were updated: AWS::DataBrew::Job

AWS::DataBrew::Job

Add BucketOwner parameter to the S3Location data type to define the owner of the specified S3 bucket.

January 20, 2022

Updated resource

The following resources were updated: AWS::Location::Tracker,

AWS::Location::Tracker

Added AccuracyBased as a new value for PositionFiltering for trackers.

January 20, 2022

New resources

The following resources were added: AWS::Lightsail::Certificate, AWS::Lightsail::Container, and AWS::Lightsail::Distribution

AWS::Lightsail::Certificate

Use the AWS::Lightsail::Certificate resource to specify an Amazon Lightsail certificate that you can use with a Lightsail content delivery network (CDN) distribution and a Lightsail container service.

AWS::Lightsail::Container

Use the AWS::Lightsail::Container resource to specify an Amazon Lightsail container service.

AWS::Lightsail::Distribution

Use the AWS::Lightsail::Distribution resource to specify an Amazon Lightsail CDN distribution.

January 20, 2022

New resource

The following resource was added: AWS::KafkaConnect::Connector

AWS::KafkaConnect::Connector

Creates an MSK Connect connector.

January 20, 2022

Updated resource

The following resources were updated: AWS::AppSync::Resolver and AWS::AppSync::FunctionConfiguration

AWS::AppSync::Resolver

Use the MaxBatchSize property to specify the maximum number of resolver request inputs that will be sent to a single AWS Lambda function in a BatchInvoke operation.

AWS::AppSync::FunctionConfiguration

Use the MaxBatchSize property to specify the maximum number of resolver request inputs that will be sent to a single AWS Lambda function in a BatchInvoke operation.

January 13, 2022

Updated resource

The following resource was updated: AWS::FMS::Policy.

AWS::FMS::Policy

The AWS::FMS::Policy resource now allows you to manage Shield Advanced automatic application layer DDoS mitigation for Shield Advanced policies that you use for Amazon CloudFront distributions.

January 7, 2022

Updated resource

The following property was updated: AWS::EKS::Cluster KubernetesNetworkConfig

AWS::EKS::Cluster KubernetesNetworkConfig

Use the IpFamily property to specify whether you want your version 1.21 or later cluster to assign IPv4 or IPv6 addresses to pods and services.

January 6, 2022

Updated resource

The following property type was updated: AWS::Lex::Bot.

AWS::Lex::Bot

In the ExternalSourceSetting property type, use the GrammarSlotTypeSetting property to specify that the slot type is defined by an external grammar.

In the GrammarSlotTypeSetting property type, use the Source property to specify the location of a file that contains a grammar defining the slot type.

In the GrammarSlotTypeSource property type, use the KmsKeyArn, S3BucketName, and S3ObjectKey properties to specify the S3 bucket location of a file that contains a grammar defining the slot type.

January 6, 2022

New resources

The following resources were added: AWS::Lightsail::Alarm, AWS::Lightsail::Bucket, AWS::Lightsail::LoadBalancer, and AWS::Lightsail::LoadBalancerTlsCertificate

AWS::Lightsail::Alarm

Use the AWS::Lightsail::Alarm resource to specify an Amazon Lightsail alarm.

AWS::Lightsail::Bucket

Use the AWS::Lightsail::Bucket resource to specify an Amazon Lightsail bucket.

AWS::Lightsail::LoadBalancer

Use the AWS::Lightsail::LoadBalancer resource to specify an Amazon Lightsail load balancer.

AWS::Lightsail::LoadBalancerTlsCertificate

Use the AWS::Lightsail::LoadBalancerTlsCertificate resource to specify a certificate that you can use with an Amazon Lightsail load balancer that is in the same AWS Region and Availability Zone.

January 6, 2022

New resource

The following resource was added: AWS::InspectorV2::Filter.

AWS::InspectorV2::Filter

Use the AWS::InspectorV2::Filter resource to specify a filter.

January 6, 2022

New resource

The following resource is new: AWS::IoT::JobTemplate

AWS::IoT::JobTemplate

Use the AWS::IoT::JobTemplate resource to specify a job template.

January 6, 2022

New resources

The following resources were added: AWS::AppStream::ApplicationEntitlementAssociation and AWS::AppStream::Entitlement

AWS::AppStream::ApplicationEntitlementAssociation

Use the AWS::AppStream::ApplicationEntitlementAssociation resource to specify an association between an application and entitlement.

AWS::AppStream::Entitlement

Use the AWS::AppStream::Entitlement resource to specify an entitlement.

January 5, 2022

Updated resources

The following resources were updated: AWS::WAFv2::WebACL and AWS::WAFv2::RuleGroup.

AWS::WAFv2::WebACL

You can now use single regular expression (regex) match statements with RegexMatchStatement. You can now specify a CAPTCHA rule action.

AWS::WAFv2::RuleGroup

You can now use single regular expression (regex) match statements with RegexMatchStatement. You can now specify a CAPTCHA rule action.

December 9, 2021

Updated resource

The following resource was updated: AWS::Kinesis::Stream.

AWS::Kinesis::Stream

Use the StreamModeDetails property to specify the capacity mode to which you want to set your data stream. Currently, in Kinesis Data Streams, you can choose between an on-demand capacity mode and a provisioned capacity mode for your data streams.

December 9, 2021

Properties updated

For the AWS::Chatbot::SlackChannelConfiguration resource, the GuardrailPolicies property was updated and the UserRoleRequired property was added.

AWS::Chatbot::SlackChannelConfiguration

Use the GuardrailPolicies property to list policy ARNs applied as channel guardrails for AWS Chatbot.

AWS::Chatbot::SlackChannelConfiguration

Use the UserRoleRequired property to enable the use of a user role requirement in AWS Chatbot configurations.

December 9, 2021

New resources

The following resources were added: AWS::Lex:Bot, AWS::Lex::BotAlias, AWS::Lex::BotVersion, and AWS::Lex::ResourcePolicy.

AWS::Lex::Bot

Use the AWS::Lex::Bot resource to specify an Amazon Lex chatbot.

AWS::Lex::BotAlias

Use the AWS::Lex::BotAlias resource to specify an alias for an Amazon Lex chatbot.

AWS::Lex::BotVersion

Use the AWS::Lex::BotVersion resource to specify a version of an Amazon Lex chatbot.

AWS::Lex::ResourcePolicy

Use the AWS::Lex::ResourcePolicy resource to specify a new resource policy for an Amazon Lex chatbot.

December 9, 2021

Updated resource

The following resources were updated: AWS::GameLift::GameSessionQueue, AWS::GameLift::MatchmakingConfiguration, AWS::GameLift::MatchmakingRuleSet, AWS::GameLift::Script

AWS::GameLift::GameSessionQueue

Use the Tags property to add a list of labels to new game session queue resources.

AWS::GameLift::MatchmakingConfiguration

Use the Tags property to add a list of labels to new matchmaking configurations.

AWS::GameLift::MatchmakingRuleSet

Use the Tags property to add a list of labels to new matchmaking rule sets.

AWS::GameLift::Script

Use the Tags property to add a list of labels to new scripts.

December 8, 2021

New resources

The following resources were added: AWS::AppSync::DomainName and AWS::AppSync::DomainNameApiAssociation

AWS::AppSync::DomainName

Use the AWS::AppSync::DomainName resource to specify the configuration for a custom domain.

AWS::AppSync::DomainNameApiAssociation

Use the AWS::AppSync::DomainNameApiAssociation property to specify the mapping of a custom domain name to an assigned API URL.

December 6, 2021

Updated resources

The following resource was updated: AWS::WAFv2::LoggingConfiguration.

AWS::WAFv2::LoggingConfiguration

You can now log web ACL traffic to an Amazon CloudWatch Logs log group or an Amazon Simple Storage Service (Amazon S3) bucket. These options are in addition to the existing option of logging to an Amazon Data Firehose.

December 3, 2021

Updated resource

The following resource was updated: AWS::S3::StorageLens.

AWS::S3::StorageLens CloudWatchMetrics

Use the AWS::S3::StorageLens CloudWatchMetrics resource to enable the Amazon CloudWatch publishing option for S3 Storage Lens metrics.

December 3, 2021

Updated resource

The following resource was updated: AWS::S3::Bucket OwnershipControlsRule.

AWS::S3::Bucket OwnershipControlsRule

Updated ObjectOwnership property to add a new allowed value: BucketOwnerEnforced. You can apply this S3 Object Ownership setting to disable access control lists (ACLs) and take ownership of all the objects in your bucket.

December 3, 2021

Updated resource

The following resource was updated: AWS::SageMaker::EndpointConfig

AWS::SageMaker::EndpointConfig

Use the ServerlessConfig property to specify a serverless configuration for a serverless endpoint.

Use the MaxConcurrency property to specify the maximum concurrent invocations for a serverless endpoint.

Use the MemorySizeInMB property to specify the memory size (in MB) for a serverless endpoint.

December 3, 2021

New resources

The following resources were added: AWS::AmplifyUIBuilder::Component and AWS::AmplifyUIBuilder::Theme.

AWS::AmplifyUIBuilder::Component

Use the AWS::AmplifyUIBuilder::Component resource to specify a component within an Amplify app.

AWS::AmplifyUIBuilder::Theme

Use the AWS::AmplifyUIBuilder::Theme resource to specify a collection of style settings to apply globally to the components in an Amplify app.

December 3, 2021

New resources

The following resources were added:

AWS::ResilienceHub::App

Creates an AWS Resilience Hub application.

AWS::ResilienceHub::ResiliencyPolicy

Defines a resiliency policy.

December 3, 2021

New resource

The following resources were added: AWS::Evidently::Experiment, AWS::Evidently::Feature, AWS::Evidently::Launch, and AWS::Evidently::Project

Evidently resource type reference

Use Amazon CloudWatch Evidently to safely validate new features by serving them to a specified percentage of your users while you roll out the feature. You can monitor the performance of the new feature to help you decide when to ramp up traffic to your users. This helps you reduce risk and identify unintended consequences before you fully launch the feature. You can also conduct A/B experiments to make feature design decisions based on evidence and data.

For more information, see Perform launches and A/B experiments with CloudWatch Evidently.

December 3, 2021

New resource

The following resources were added: AWS::Connect::ContactFlow and AWS::Connect::ContactFlowModule

AWS::Connect::ContactFlow

Use the AWS::Connect::ContactFlow resource to create a flow.

AWS::Connect::ContactFlowModule

Use the AWS::Connect::ContactFlowModule resource to create a flow module.

December 3, 2021

New resource

The following new resource was added: AWS::FSx::Snapshot

AWS::FSx::Snapshot

Use the Snapshot resource to create a snapshot of an FSx for ONTAP or Amazon FSx for OpenZFS volume.

December 3, 2021

New resource

The following new resource was added: AWS::FSx::StorageVirtualMachine

AWS::FSx::StorageVirtualMachine

Use the StorageVirtualMachine resource to create an FSx for ONTAP storage virtual machine.

December 3, 2021

New resource

The following new resource was added: AWS::FSx::Volume

AWS::FSx::Volume

Use the Volume resource to create an FSx for ONTAP or Amazon FSx for OpenZFS volume.

December 3, 2021

New resource

The following resource was added: AWS::RUM::AppMonitor.

AWS::RUM::AppMonitor

Use the AWS::RUM::AppMonitor resource to create or update an Amazon CloudWatch RUM app monitor. For more information, see Set up an application to use CloudWatch RUM.

December 3, 2021

New resource

The following resource was added: AWS::Timestream::ScheduledQuery.

AWS::Timestream::ScheduledQuery

Use the AWS::Timestream::ScheduledQuery resource to create a new scheduled query for an existing table in Amazon Timestream.

December 3, 2021

Updated resource

The following resource was updated: AWS::SES::ConfigurationSetEventDestination

AWS::SES::ConfigurationSetEventDestination

Use the new property SnsDestination with the ConfigurationSetEventDestination resource as an event destination associated with a configuration set which enables you to publish email sending events.

In the property type EventDestination, new property SnsDestination specifies the topic ARN associated with an Amazon Simple Notification Service (Amazon SNS) event destination.

November 25, 2021

Updated resources

AWS::ElastiCache::ReplicationGroup.

AWS::ElastiCache::ReplicationGroup

The data-tiering-enabled parameter enables data tiering. Data tiering is only supported for replication groups using the r6gd node type. If you elect not to use data-tiering, set the parameter to no-data-tiering-enabled. For more information, see Data tiering.

November 23, 2021

Updated resource

The following resource was updated: AWS::Logs::LogGroup.

AWS::Logs::LogGroup

The AWS::Logs::LogGroup resource now supports tags.

November 22, 2021

Updated resources

The following resources were updated: AWS::AppStream::Fleet

AWS::AppStream::Fleet

Use the FleetType property to specify an ELASTIC fleet.

Use the Platform property to specify platform of the fleet.

Use the MaxConcurrentSessions property to specify the maximum concurrent sessions of an Elastic fleet.

Use the UsbDeviceFilterStrings property to specify the USB device filter strings for an Elastic fleet..

November 18, 2021

Updated resources

The following resources were updated: AWS::DataBrew::Job, AWS::DataBrew::Ruleset

AWS::DataBrew::Job

Updates to support the following features: handling personally identifiable information (PII), data quality rules, and custom SQL queries.

November 18, 2021

Updated resources

The following resources were updated:

AWS::Transfer::Server

Use the IdentityProviderType resource to specify a the identity provider to use with your AWS Transfer Family server. A new type, LAMBDA, was added.

November 18, 2021

Updated resource

The following resource was updated: AWS::FinSpace::Environment

AWS::FinSpace::Environment

Use the DataBundles property to specify a list of data bundles to install.

Use the SuperuserParameters property to specify configuration information of the superuser.

November 18, 2021

Updated resource

The following resource was updated: AWS::FSx::FileSystem

AWS::FSx::FileSystem

Use ONTAP for the FileSystemType, to use an ONTAP file system. Use OntapConfiguration parameter to configure an Amazon FSx ONTAP file system.

November 18, 2021

New resources

The following resources were added: AWS::AppStream::Application, AWS::AppStream::AppBlock, and AWS::AppStream::ApplicationFleetAssociation

AWS::AppStream::Application

Use the AWS::AppStream::Application resource to specify an application.

AWS::AppStream::AppBlock

Use the AWS::AppStream::AppBlock resource to specify an app block.

AWS::AppStream::ApplicationFleetAssociation

Use the AWS::AppStream::ApplicationFleetAssociation resource to specify an association between an application and fleet.

November 18, 2021

New resource

The following resource was updated: AWS::FSx::FileSystem

AWS::FSx::FileSystem

Use the FileSystemTypeVersion attribute to specify the file system version of an Amazon FSx for Lustre file system.

November 18, 2021

New resource

The following resource was added:

AWS::Transfer::Workflow

Use the Workflow resource to specify a managed workflow for file processing using AWS Transfer Family.

November 18, 2021

New resource

The following resource was added: AWS::SSM::ResourcePolicy

AWS::SSM::ResourcePolicy

Creates or updates a Systems Manager resource policy. A resource policy helps you to define the IAM entity (for example, an AWS account) that can manage your Systems Manager resources. Currently, OpsItemGroup is the only resource that supports Systems Manager resource policies. The resource policy for OpsItemGroup enables AWS accounts to view and interact with OpsCenter operational work items (OpsItems). OpsCenter is a capability of Systems Manager. For more information about OpsCenter, see Systems Manager OpsCenter in the Systems Manager User Guide.

November 17, 2021

Updated resource

The following resource was updated: AWS::Location::Tracker

AWS::Location::Tracker

Use the PositionFiltering property to specify how you want positions in your tracker to be filtered.

November 12, 2021

Updated resources

The following resources were updated: AWS::Batch::ComputeEnvironment, AWS::Batch::JobDefinition, and AWS::Batch::JobQueue

AWS::Batch::ComputeEnvironment

Use the UnmanagedvCpus property to specify the maximum number of vCPUs for an unmanaged compute environment.

AWS::Batch::JobDefinition

Use the SchedulingPriority property to specify the scheduling priority for job definition.

AWS::Batch::JobQueue

Use the SchedulingPolicyArn property to specify the scheduling policy for a job queue.

November 11, 2021

Updated resources

The following resource was updated: AWS::SageMaker::Endpoint

AWS::SageMaker::Endpoint

Use the DeploymentConfig property to specify the deployment configuration for an endpoint, which contains the desired deployment strategy and rollback configurations.

Use the AutoRollbackConfig property to specify the the automatic rollback configuration for handling endpoint deployment failures and recovery.

Use the Alarm property to specify a list of CloudWatch alarms that are configured to monitor metrics on an endpoint.

Use the AlarmName property to specify the name of a CloudWatch alarm in your account.

Use the BlueGreenUpdatePolicy property to specify the update policy for a blue/green deployment.

Use the MaximumExecutionTimeoutInSeconds property to specify the maximum execution timeout for a blue/green deployment.

Use the TerminationWaitInSeconds property to specify additional waiting time in seconds after the completion of an endpoint deployment before terminating the old endpoint fleet

Use the TrafficRoutingConfig property to specify the traffic routing strategy during a blue/green endpoint deployment.

Use the CanarySize property to specify the batch size for the first step to turn on traffic on the new endpoint fleet.

Use the LinearStepSize property to specify the batch size for each step to turn on traffic on the new endpoint fleet

Use the Type property to specify the traffic routing strategy type (all at once, canary, or linear).

Use the WaitIntervalInSeconds property to specify the waiting time (in seconds) between incremental steps to turn on traffic on the new endpoint fleet.

Use the CapacitySize property to specify the endpoint capacity to activate for production.

Use the Type property to specify the endpoint capacity type to use (instance count or capacity percent).

Use the Value property to specify the capacity size, either as a number of instances or a capacity percentage.

Use the RetainDeploymentConfig property to specify whether to reuse the last deployment configuration. The default value is false (the configuration is not reused)

November 11, 2021

New resources

The following resource was added: AWS::Batch::SchedulingPolicy

AWS::Batch::SchedulingPolicy

Use the AWS::Batch::SchedulingPriority resource to specify a scheduling policy.

November 11, 2021

New resources

The following resources were added: AWS::IoTWireless::FuotaTask, AWS::IoTWireless::MulticastGroup

AWS::IoTWireless::FuotaTask

Gets information about a FUOTA task.

AWS::IoTWireless::MulticastGroup

Gets information about a multicast group.

November 11, 2021

Updated resource

The following resource was updated: AWS::Backup::BackupSelection

AWS::Backup::BackupSelection

The BackupSelection resource type supports a number of new resource assignment options, including StringLike and the ability to exclude resources from your backup plans.

November 10, 2021

Updated resource

The following resource was updated: AWS::EKS::Cluster

AWS::EKS::Cluster ClusterLogging

Use the ClusterLogging property to specify the cluster control plane configuration for your cluster.

AWS::EKS::Cluster Logging

Use the Logging property to enable or disable exporting the Kubernetes control plane logs for your cluster to CloudWatch Log.

AWS::EKS::Cluster LoggingTypeConfig

Use the LoggingTypeConfig property to specify the enabled logging type.

AWS::EKS::Cluster ResourcesVpcConfig

Use the EndpointPrivateAccess property to enable or disable private access for your cluster's Kubernetes API server endpoint.

Use the EndpointPublicAccess property to enable or disable public access to your cluster's Kubernetes API server endpoint.

Use the PublicAccessCidrs property to specify the CIDR blocks that are allowed access to your cluster's public Kubernetes API server endpoint.

November 10, 2021

Updated resources

The following resources were updated: AWS::EC2::SpotFleet and AWS::EC2::EC2Fleet.

AWS::EC2::SpotFleet.SpotCapacityRebalance

Use the TerminationDelay property type to specify a delay in termination of your Spot Instances that receive a rebalance notification.

AWS::EC2::EC2Fleet.SpotOptionsRequest

Use the MaintenanceStrategies property type to manage your Spot Instances that are at an elevated risk of being interrupted.

AWS::EC2::EC2Fleet.CapacityRebalance

Use the CapacityRebalance property to proactively augment your fleet with a new Spot Instance before a running Spot Instance is interrupted by Amazon EC2.

November 4, 2021

Updated resources

The following resources were updated: AWS::NetworkFirewall::FirewallPolicy and AWS::NetworkFirewall::RuleGroup

AWS::NetworkFirewall::FirewallPolicy

Use the StatefulDefaultActions property to establish default actions to take on a packet that doesn't match any stateful rules when using strict rule ordering.

Use the StatefulEngineOptions property to govern how Network Firewall handles stateful rules.

AWS::NetworkFirewall::RuleGroup

Use the StatefulRuleOptions property to govern how Network Firewall handles stateful rules.

November 4, 2021

Updated resources

The following resource was updated: AWS::Pinpoint::Campaign.

AWS::Pinpoint::Campaign InAppMessageBodyConfig

Specifies the configuration of main body text of the in-app message.

AWS::Pinpoint::Campaign InAppMessageButton

Specifies the configuration of a button that appears in an in-app message.

AWS::Pinpoint::Campaign InAppMessageContent

Specifies the configuration and contents of an in-app message.

AWS::Pinpoint::Campaign InAppMessageHeaderConfig

Specifies the configuration and content of the header or title text of the in-app message.

November 4, 2021

Updated resource

The following resource was updated: AWS::CloudFront::Distribution.

AWS::CloudFront::Distribution

In the CacheBehavior and DefaultCacheBehavior property types, use the ResponseHeadersPolicyId property to specify a response headers policy to associate with the cache behavior.

For more information, see Adding HTTP headers to CloudFront responses in the Amazon CloudFront Developer Guide.

November 4, 2021

Updated resource

The following resource was updated: AWS::MWAA::Environment

TagMap

The TagMap property has been removed the service resource specification.

November 4, 2021

Updated resource

The following resource was updated: AWS::Redshift.

Amazon Redshift resource type reference

AWS::Redshift::EndpointAccess to create a Amazon Redshift-managed VPC endpoint.

Amazon Redshift resource type reference

AWS::Redshift::EndpointAuthorization to describe an endpoint authorization for authorizing Amazon Redshift-managed VPC endpoint access to a cluster across AWS accounts.

Amazon Redshift resource type reference

AWS::Redshift::EventSubscription to create an event notification subscription.

Amazon Redshift resource type reference

AWS::Redshift::ScheduledAction to create a scheduled action to run an API operation.

November 4, 2021

New resources

The following resource was added: AWS::Pinpoint::InAppTemplate.

AWS::Pinpoint::InAppTemplate

Creates a message template that you can use to send in-app messages.

November 4, 2021

New resource

The following resource was added: AWS::CloudFront::ResponseHeadersPolicy.

AWS::CloudFront::ResponseHeadersPolicy

Use the AWS::CloudFront::ResponseHeadersPolicy resource to create a new response headers policy in Amazon CloudFront.

For more information, see Adding HTTP headers to CloudFront responses in the Amazon CloudFront Developer Guide.

November 4, 2021

New resource

The following resource was added: AWS::DataSync::LocationHDFS.

AWS::DataSync::LocationHDFS

Use the AWS::DataSync::LocationHDFS resource to specify an endpoint for a Hadoop Distributed File System (HDFS).

November 4, 2021

New resource

The following resource was added: AWS::EC2::CapacityReservationFleet.

AWS::EC2::CapacityReservationFleet

Use the CapacityReservationFleet property to create a Capacity Reservation Fleet.

November 4, 2021

Updated resource

The following resource was updated: AWS::EC2::EC2Fleet.

InstanceRequirementsRequest

Use the InstanceRequirementsRequest property to specify instance attributes, which Amazon EC2 uses to identify instance types.

October 28, 2021

Updated resource

The following resource was updated: AWS::EC2::SpotFleet.

InstanceRequirementsRequest

Use the InstanceRequirementsRequest property to specify instance attributes, which Amazon EC2 uses to identify instance types.

October 28, 2021

Updated resource

The following resource was updated: AWS::AutoScaling::AutoScalingGroup.

AWS::AutoScaling::AutoScalingGroup MixedInstancesPolicy

Use the OnDemandAllocationStrategy property to specify lowest-price as the allocation strategy for your On-Demand capacity.

AWS::AutoScaling::AutoScalingGroup MixedInstancesPolicy

Use the InstanceRequirements property to specify the instance attributes that Amazon EC2 Auto Scaling uses for selecting instance types to fulfill your On-Demand and Spot capacities.

October 28, 2021

New resources

The following resources were added: AWS::Lightsail::Database and AWS::Lightsail::StaticIp

AWS::Lightsail::Database

Use the AWS::Lightsail::Database resource to specify an Amazon Lightsail database.

AWS::Lightsail::StaticIp

Use the AWS::Lightsail::StaticIp resource to specify a static IP that can be attached to an Amazon Lightsail instance that is in the same AWS Region and Availability Zone.

October 28, 2021

Updated resource

The following resources were updated: AWS::MediaConnect::Flow.Source, AWS::MediaConnect::FlowOutput

AWS::MediaConnect::Flow Source

Use the AWS::MediaConnect::Flow.Source resource to specify the details of the sources of the flow.

AWS::MediaConnect::FlowOutput

Use the AWS::MediaConnect::FlowOutput resource to specify the destination address, protocol, and port to send the ingested video to.

October 27, 2021

Updated resource

The following resource was updated: AWS::FMS::Policy.

AWS::FMS::Policy

The AWS::FMS::Policy resource now allows you to automatically remove protections from resources that leave policy scope.

October 21, 2021

Updated resource

The following resource was updated: AWS::Cassandra::Table.

AWS::Cassandra::Table.DefaultTimeToLive

Use the AWS::Cassandra::Table.DefaultTimeToLive property to set a default Time to Live (TTL) value for a table in Amazon Keyspaces (for Apache Cassandra).

October 21, 2021

Updated resource

The following resource was updated: AWS::SageMaker::NotebookInstance

AWS::SageMaker::NotebookInstance

Use the PlatformIdentifier property to set the platform identifier of the notebook instance runtime environment.

October 21, 2021

New resources

Use these resources to deploy computer vision applications to an AWS Panorama Appliance.

AWS::Panorama::ApplicationInstance

Creates and deploys an application instance.

AWS::Panorama::Package

Creates an application package.

AWS::Panorama::PackageVersion

Registers an application version.

October 21, 2021

New resource

The following resource was added: AWS::Rekognition:Project.

AWS::Rekognition:Project

Use the Project resource to create an Amazon Rekognition Custom Labels project.

October 21, 2021

New resources

The following resources were added: AWS::DeviceFarm::DevicePool, AWS::DeviceFarm::InstanceProfile, AWS::DeviceFarm::NetworkProfile, AWS::DeviceFarm::Project AWS::DeviceFarm::TestGridProject, and AWS::DeviceFarm::VPCEConfiguration.

AWS::DeviceFarm::DevicePool

Use the AWS::DeviceFarm::DevicePool resource to specify a device pool operation.

AWS::DeviceFarm::InstanceProfile

Use the AWS::DeviceFarm::InstanceProfile resource to specify a profile that can be applied to one or more private fleet device instances.

AWS::DeviceFarm::NetworkProfile

Use the AWS::DeviceFarm::NetworkProfile resource to specify a network profile.

AWS::DeviceFarm::Project

Use the AWS::DeviceFarm::Project resource to specify a project.

AWS::DeviceFarm::TestGridProject

Use the AWS::DeviceFarm::TestGridProject resource to specify a Selenium testing project.

AWS::DeviceFarm::VPCEConfiguration

Use the AWS::DeviceFarm::VPCEConfiguration resource to specify a configuration record in Device Farm for your Amazon Virtual Private Cloud (VPC) endpoint service.

October 14, 2021

New resource

The following resources were added: AWS::Wisdom::Assistant, AWS::Wisdom::AssistantAssociation, and AWS::Wisdom::KnowledgeBase

AWS::Wisdom::Assistant

Use the AWS::Wisdom::Assistant resource to specify an Amazon Connect Wisdom assistant.

AWS::Wisdom::AssistantAssociation

Use the AWS::Wisdom::AssistantAssociation resource to specify an association between an Amazon Connect Wisdom assistant and another resource.

AWS::Wisdom::KnowledgeBase

Use the AWS::Wisdom::KnowledgeBase resource to specify a knowledge base.

October 14, 2021

Updated resource

The following resource was updated: AWS::CodeBuild::Project ProjectBuildBatchConfig

AWS::CodeBuild::Project ProjectBuildBatchConfig

The BatchReportMode property was added to specify the how batch build reports are sent to the source provider.

October 13, 2021

New resource

The following resources were added: AWS::Connect::HoursOfOperation, AWS::Connect::User, AWS::Connect::UserHierarchyGroup

AWS::Connect::HoursOfOperation

Use the AWS::Connect::HoursOfOperation resource to create an hours of operation.

AWS::Connect::User

Use the AWS::Connect::User resource to create a user.

AWS::Connect::UserHierarchyGroup

Use the AWS::Connect::UserHierarchyGroup resource to create a user hierarchy group.

October 12, 2021

Updated resource

The following resource was updated: AWS::Backup::BackupVault

AWS::Backup::BackupVault

Use the LockConfiguration property to specify the configuration of AWS Backup; Vault Lock.

AWS::Backup::Framework

Use the Framework property to specify the configuration of an AWS Backup; Audit Manager framework.

AWS::Backup::ReportPlan

Use the Report Plan property to specify the configuration of an AWS Backup; Audit Manager report plan.

October 7, 2021

New resources

The following resources were added: AWS::Lightsail::Disk and AWS::Lightsail::Instance

AWS::Lightsail::Instance

Use the AWS::Lightsail::Instance resource to specify an Amazon Lightsail instance.

AWS::Lightsail::Disk

Use the AWS::Lightsail::Disk resource to specify a disk that can be attached to an Amazon Lightsail instance that is in the same AWS Region and Availability Zone.

October 7, 2021

New resource

The following resource was added: AWS::IoT::JobTemplate.

AWS::IoT::JobTemplate

Use the AWS::IoT::DomainConfJobTemplateiguration resource to specify a job template in AWS IoT Core.

October 7, 2021

New resource

The following resource was added: AWS::Route53Resolver::ResolverConfig

AWS::Route53Resolver::ResolverConfig

Use the AWS::Route53Resolver::ResolverConfig resource to specify information about a RouteĀ 53 Resolver configuration for a VPC.

October 7, 2021

Updated resources

The following resources were updated: AWS::ECR::ReplicationConfiguration

AWS::ECR::ReplicationConfiguration

Use the AWS::ECR::ReplicationConfiguration property to configure replication for the contents of a private repository. Support has been added to specify repository filters on a replication rule.

September 30, 2021

Updated resource

The following resource was updated: AWS::KinesisFirehose::DeliveryStream.

AWS::KinesisFirehose::DeliveryStream

Use the AmazonopensearchserviceDestinationConfiguration property type to specify the destination in Amazon OpenSearch Service. You can specify only one destination.

September 30, 2021

Updated resource

The following resources were updated: AWS::Lambda::LayerVersion and AWS::Lambda::Function.

AWS::Lambda::Function

Use the Architectures property to set the instruction set architecture for the function.

September 30, 2021

Updated resource

The following resource was updated: AWS::APS::Workspace.

AWS::APS::Workspace

The AWS::APS::Workspace resource was updated to include the AlertManagerDefinition property. For more information, see Alert manager and templating.

September 30, 2021

New resource

The following resource was added: AWS::APS::RuleGroupsNamespace.

AWS::APS::RuleGroupsNamespace

Use the AWS::APS::RuleGroupsNamespace resource to create or update an Amazon Managed Service for Prometheus rule groups namespace. A rule groups namespace contains Prometheus recording rules and alerting rules. For more information, see Recording rules and alerting rules.

September 30, 2021

Updated resource

The following resource was updated: AWS::AppSync::DataSource

AWS::AppSync::DataSource

Use the OpenSearchServiceConfig property to specify the configuration for an Amazon OpenSearch Service domain for an AWS AppSync data source.

September 23, 2021

New resources

The following resources were added: AWS::MemoryDB::Cluster, AWS::MemoryDB::ACL, AWS::MemoryDB::ParameterGroup, AWS::MemoryDB::SubnetGroup, and AWS::MemoryDB::User.

AWS::MemoryDB::Cluster

Use the Cluster resource to specify a MemoryDB cluster.

AWS::MemoryDB::ACL

Use the ACL resource to specify a MemoryDB access control list and associate it with a cluster.

AWS::MemoryDB::ParameterGroup

Use the ParameterGroup resource to specify a MemoryDB parameter group and associate it with a cluster.

AWS::MemoryDB::SubnetGroup

Use the SubnetGroup resource to specify a MemoryDB subnet group and associate it with a cluster.

AWS::MemoryDB::User

Use the User resource to specify a MemoryDB user and add it to an access control list.

September 23, 2021

Updated resources

The following resource was updated: AWS::EMR::Studio.

AWS::EMR::Studio

Use the IdpAuthUrl property to specify the authentication endpoint of your identity provider (IdP) when you use IAM authentication and want to let federated users log in to an Amazon EMR Studio with the Studio URL and credentials from your IdP.

Use the IdpRelayStateParameterName property to specify the name that your identity provider uses for its RelayState parameter.

Use the UserRole property only when you set AuthMode to SSO.

September 17, 2021

Updated resource

The following resource was updated: AWS::S3::Bucket.

Monitoring metrics with Amazon CloudWatch

Use the AccessPointArn property in AWS::S3::Bucket MetricsConfiguration to filter CloudWatch request metrics by access point.

September 17, 2021

Updated resource

The following resource was added: AWS::ACMPCA::Permission.

AWS::ACMPCA::Permission

Use the AWS::ACMPCA::Permission object to grant permissions on a private CA to the AWS Certificate Manager (ACM) service principal (acm.amazonaws.com). These permissions allow ACM to issue and renew ACM certificates that reside in the same AWS account as the CA.

September 16, 2021

New resources

The following resource was added: AWS::OpenSearchService::Domain.

AWS::OpenSearchService::Domain

Use the AWS::OpenSearchService::Domain resource to create an Amazon OpenSearch Service domain.

September 16, 2021

New resource

The following resource was added: AWS::APS::Workspace.

AWS::APS::Workspace

Use the AWS::APS::Workspace resource to create an Amazon Managed Service for Prometheus workspace. For more information, see Create a workspace.

September 16, 2021

Updated resource

The following resource was updated: AWS::SQS::Queue

RedriveAllowPolicy includes the parameters for the dead-letter queue redrive permission. It defines which source queues can specify dead-letter queues as a JSON object.

September 9, 2021

Updated resource

The following resource was updated: AWS::Cassandra::Table.

AWS::Cassandra::Table

Use the AWS::Cassandra::Table resource to add new regular columns to existing tables in Amazon Keyspaces (for Apache Cassandra).

September 3, 2021

Updated resources

The following resource was updated: AWS::Transfer::Server

AWS::Transfer::Server WorkflowDetail

Use the WorkflowDetail property to specify the steps and other details for a workflow.

AWS::Transfer::Server WorkflowDetails

Use the WorkflowDetails property as a container for the WorkflowDetails property.

September 2, 2021

Updated resource

The following resource was updated: AWS::DataSync::Task.

AWS::DataSync::Task

Use the Includes property to specify files to include in a task.

September 2, 2021

Updated resource

The following resource was Updated: AWS::EventSchemas::Discoverer.

AWS::EventSchemas::Discoverer

Use the CrossAccount property to allow event schemas from other accounts to be discovered.

September 2, 2021

Updated resource

The following resource was updated: AWS::KinesisFirehose::DeliveryStream.

AWS::KinesisFirehose::DeliveryStream

DynamicPartitioningConfiguration property type is now supported for the delivery streams in CloudFormation.

September 2, 2021

Updated resource

The following resource was added: AWS::ACMPCA::CertificateAuthority OcspConfiguration. The following resource was updated: AWS::ACMPCA::CertificateAuthority RevocationConfiguration.

AWS::ACMPCA::CertificateAuthority OcspConfiguration

Use the AWS::ACMPCA::CertificateAuthority OcspConfiguration object to configure Online Certificate Status Protocol (OCSP) support on a CA.

September 2, 2021

New resource

The following resource is new: AWS::IoT::FleetMetric

AWS::IoT::FleetMetric

Use the AWS::IoT::FleetMetric resource to specify a fleet metric.

September 2, 2021

New resource

The following resources were added: AWS::S3::MultiRegionAccessPoint and AWS::S3::MultiRegionAccessPointPolicy.

AWS::S3::MultiRegionAccessPoint

Use the AWS::S3::MultiRegionAccessPoint resource to create an S3 Multi-Region Access Point configuration.

AWS::S3::MultiRegionAccessPointPolicy

Use the AWS::S3::MultiRegionAccessPointPolicy resource to create an S3 Multi-Region Access Point Policy configuration.

September 2, 2021

Terminology change

AWS KMS is replacing the term customer master key (CMK) with AWS KMS key and KMS key. The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations of this term.

August 30, 2021

Stack failure options

You can iteratively develop your applications when provisioning failures are encountered by starting from the point of failure without rolling back successfully provisioned resources. By specifying stack failure options, you can troubleshoot resources in a CREATE_FAILED or UPDATE_FAILED status. You can provision failure options for all stack deployments and change set operations.

For more information, see Stack failure options.

August 30, 2021

Updated resource

The following resource was updated: AWS::CodeBuild::Project

AWS::CodeBuild::Project

The ResourceAccessRole and Visibility properties were added to support public builds.

August 19, 2021

Updated resource

The following resource was updated: AWS::AutoScaling::ScalingPolicy.

AWS::AutoScaling::ScalingPolicy

Use the PredictiveScalingConfiguration property to specify a predictive scaling policy configuration for an Auto Scaling group.

August 19, 2021

Updated resource

The following resource was updated: AWS::SageMaker::EndpointConfig

AWS::SageMaker::EndpointConfig

In the AsyncInferenceClientConfig property type, use the MaxConcurrentInvocationsPerInstance property to set the maximum number of concurent requests.

In the AsyncInferenceConfig property type, use the ClientConfig to configure the behavior of the client SageMaker uses. Use OutputConfig to spcify invocation outputs.

In the AsyncInferenceNotificationConfig property, use the ErrorTopic and SuccessTopic to define Amazon SNS topics to post a notification if the inference fails or completes successfully, respectively.

In the OutputConfig property type use the KmsKeyId to encrypt the asynchronous inference output. Use NotificationConfig to specify the notification configuration and S3OutputPath to specify the output location in S3.

August 19, 2021

Updated resource

The following resource was updated: AWS::Elasticsearch::Domain.

AWS::Elasticsearch::Domain

Use the ColdStorageOptions property to specify whether to enable cold storage for the cluster.

August 17, 2021

Updated resources

The following resource was updated: AWS::WAFv2::WebACL.

AWS::WAFv2::WebACL

You can now specify the version to use for managed rule groups. For information, see ManagedRuleGroupStatement.

August 12, 2021

Updated resource

The following resource was updated: AWS::ApiGateway::DomainName.

AWS::ApiGateway::DomainName

Use the OwnershipVerificationCertificateArn property to specify the certificate ARN used to verify ownership of the domain using mutual TLS.

August 12, 2021

Updated resource

The following resource was updated: AWS::LookoutEquipment::InferenceScheduler

AWS::LookoutEquipment::InferenceScheduler

The ModelName property has changed so that an update requires replacement.

The ServerSideKmsKeyId property has changed so that an update requires replacement.

August 12, 2021

Updated resource

The following resource was updated: AWS::SageMaker::Model.

AWS::SageMaker::Model

In the ImageConfig property type, use the RepositoryAuthConfig property to specify an authentication configuration for the private docker registry where your model image is hosted.

August 12, 2021

Updated resource

The following resource was added: AWS::WAFv2::LoggingConfiguration.

AWS::WAFv2::LoggingConfiguration

You can now define an association between Amazon Kinesis Data Firehose destinations and a web ACL resource, for logging.

August 12, 2021

Updated resource

The following resource was updated: AWS::AppSync::GraphQLApi

AWS::AppSync::GraphQLApi

Use the LambdaAuthorizerConfig property to specify the configuration for AWS Lambda function authorization.

August 5, 2021

Updated resource

The following resource was updated: AWS::FSx::FileSystem

AWS::FSx::FileSystem

In the WindowsConfiguration property type, use the AuditLogConfiguration property to enable audit event logging of end-user accesses of files, folders, and file shares on an Amazon FSx Windows File Server instance.

August 5, 2021

New resource

The following resource was added: AWS::Athena::PreparedStatement

AWS::Athena::PreparedStatement

Use the AWS::Athena::PreparedStatement resource to specify a prepared statement for use with SQL queries in Athena. Use prepared statements for repeated execution of the same query with different query parameters. A prepared statement contains parameter placeholders whose values are supplied at execution time.

August 5, 2021

Updated resource

The following resource was updated: AWS::DataBrew::Job

AWS::DataBrew::Job

Use the AWS::DataBrew::Job.DatabaseOutputs property type to define the output destination for a DataBrew job to be written into.

Use the AWS::DataBrew::Job.ProfileConfiguration property type to configure which statistics to include when running DataBrew profile jobs.

July 29, 2021

Updated resource

The following resource was updated: AWS::S3Outposts::EndPoint

AWS::S3Outposts::EndPoint

Use the AWS::S3Outposts::EndPoint.AccessType property to create an endpoint using customer owned IP (CoIP) addresses and access your Amazon S3 on AWS Outposts objects by creating a local gateway from your on-premises network.

July 29, 2021

New resource

The following resources were released: AWS::Route53RecoveryControl::Cluster, AWS::Route53RecoveryControl::ControlPanel, AWS::Route53RecoveryControl::RoutingControl, AWS::Route53RecoveryControl::SafetyRule

AWS::Route53RecoveryControl::Cluster

Use the AWS::Route53RecoveryControl::Cluster to host routing controls, which are simple on/off switches for routing traffic.

AWS::Route53RecoveryControl::ControlPanel

Use the AWS::Route53RecoveryControl::ControlPanel to define a group of routing controls that can be updated together in a single transaction.

AWS::Route53RecoveryControl::RoutingControl

Use the AWS::Route53RecoveryControl::RoutingControl to fail over traffic to an application replica, to recover your application across Availability Zones or Regions.

AWS::Route53RecoveryControl::SafetyRule

Use the AWS::Route53RecoveryControl::SafetyRule to configure safeguards for routing controls, to avoid a scenario like stopping all traffic flow by setting all routing controls to off.

July 29, 2021

New resource

The following resources were released: AWS::Route53RecoveryReadiness::Cell, AWS::Route53RecoveryReadiness::ReadinessCheck, AWS::Route53RecoveryReadiness::RecoveryGroup, AWS::Route53RecoveryReadiness::ResourceSet

AWS::Route53RecoveryReadiness::Cell

Use the AWS::Route53RecoveryReadiness::Cell to define a single cell for an application.

AWS::Route53RecoveryReadiness::ReadinessCheck

Use the AWS::Route53RecoveryReadiness::ReadinessCheck to check application readiness for failover. Amazon Route 53 Application Recovery Controller uses readiness checks to determine the readiness of the resources in a resource set.

AWS::Route53RecoveryReadiness::RecoveryGroup

Use the AWS::Route53RecoveryReadiness::RecoveryGroup to define a recovery group for an application. A recovery group models an application and includes cells that represent application replicas.

AWS::Route53RecoveryReadiness::ResourceSet

Use the AWS::Route53RecoveryReadiness::ResourceSet to define a group of resources of a single type that you can associate with a readiness check.

July 29, 2021

Import stacks to stack set

The AWS CloudFormation stack import operation can import existing stacks into new or existing stack sets, so that you can migrate existing stacks to a stack set in one operation.

For more information, see Importing stacks into a stack set.

July 28, 2021

Updated resource

The following resource was updated: AWS::CloudWatch::Alarm.

AWS::CloudWatch::Alarm

In the MetricDataQuery property type, use the AccountId property to specify the ID of the account where the metrics are located, if this is a cross-account alarm.

July 22, 2021

Updated resource

The following resource was updated: AWS::QLDB::Ledger

AWS::QLDB::Ledger

Use the KmsKey property to specify a customer managed AWS KMS key to use for encryption at rest in the ledger.

July 22, 2021

New resources

The following resources were added: AWS::LookoutEquipment::InferenceScheduler

AWS::LookoutEquipment::InferenceScheduler

Use the AWS::LookoutEquipment::InferenceScheduler resource to set up a continuous real-time inference plan to analyze new measurement data.

July 22, 2021

Updated resource

The following resource was updated: AWS::EC2::VPCCidrBlock.

AWS::EC2::VPCCidrBlock

Use the Ipv6CidrBlock property to specify an IPv6 CIDR block from the IPv6 address pool.

Use the Ipv6Pool property to specify the ID of an IPv6 address pool from which to allocate the IPv6 CIDR block.

July 21, 2021

Updated resource

The following resource was updated: AWS::Cassandra::Table.

AWS::Cassandra::Table.EncryptionSpecification

Use the AWS::Cassandra::Table.EncryptionSpecification property to choose the encryption option for new or existing tables in Amazon Keyspaces (for Apache Cassandra).

July 21, 2021

New resource

The following resource was added : AWS::Logs::ResourcePolicy

AWS::Logs::ResourcePolicy

Use the AWS::Logs::ResourcePolicy resource to create a IAM policy that allows other AWS services to write log events to this account. For more information, see Logs sent to CloudWatch Logs .

July 15, 2021

Increased quota

The following AWS CloudFormation quota has been updated.

  • You can now declare a defaulted maximum of 2000 stacks in your AWS CloudFormation account. For more information, see AWS CloudFormation quotas.

July 15, 2021

Updated resource

The following resource was updated: AWS::DataBrew::Job

AWS::DataBrew::Job

Use the AWS::DataBrew::Job.DataCatalogOutput property type to define outputs from DataBrew recipe jobs to the AWS Glue Data Catalog.

July 9, 2021

Updated resources

The following resources were updated: AWS::ServiceDiscovery::PrivateDnsNamespace and AWS::ServiceDiscovery::PublicDnsNamespace.

AWS::ServiceDiscovery::PrivateDnsNamespace

Use the Properties property to specify DNS properties for an AWS Cloud Map private DNS namespace.

AWS::ServiceDiscovery::PublicDnsNamespace

Use the Properties property to specify DNS properties for an AWS Cloud Map public DNS namespace.

July 8, 2021

Updated resources

The following resources were updated: AWS::CodeDeploy::Application, AWS::CodeDeploy::DeploymentConfig, and AWS::CodeDeploy::DeploymentGroup

AWS::CodeDeploy::Application

Use the Tags property to specify metadata to add to CodeDeploy applications.

AWS::CodeDeploy::DeploymentConfig

Use the TrafficRoutingConfig property to specify how deployment traffic is routed.

Use the ComputePlatform property to specify the destination platform type for the deployment ( Lambda , Server, or ECS).

AWS::CodeDeploy::DeploymentGroup

Use the BlueGreenDeploymentConfiguration property to specify information about blue/green deployment options for a deployment group.

Use the ECSServices property to specify the target Amazon ECS services in the deployment group.

July 8, 2021

Updated resource

The following resource was updated: AWS::AutoScaling::LaunchConfiguration.

AWS::AutoScaling::LaunchConfiguration

Use the BlockDevice property to specify GP3 volumes in the block device mappings for launch configurations.

July 8, 2021

Updated resources

The following resources were updated: AWS::ImageBuilder::ContainerRecipe and AWS::ImageBuilder::DistributionConfiguration.

AWS::ImageBuilder::DistributionConfiguration

Use the LaunchTemplateConfiguration property to use an Amazon EC2 launch template for specified accounts where you distribute your Image Builder image.

AWS::ImageBuilder::ContainerRecipe
  • Retrieve the container recipe Name attribute with the GN::GetAtt function.

  • Use the InstanceBlockDeviceMapping property to define block device mappings for the build instance used to configure your image.

July 1, 2021

China Rebrand Update

China rebrand updates

June 29, 2021

Updated resources

The following resource was updated: AWS::Transfer::Server ProtocolDetails

AWS::Transfer::Server ProtocolDetails

Use the ProtocolDetails property to specify the PassiveIp address for FTP and FTPS protocols.

June 24, 2021

Updated resource

The following resource was updated: AWS::DAX::Cluster

AWS::DAX::Cluster

Use the ClusterEndpointEncryptionType to specify the encryption type of the cluster's endpoint.

June 24, 2021

New resources

The following resources were added: AWS::CloudFormation::PublicTypeVersion, AWS::CloudFormation::Publisher, and AWS::CloudFormation::TypeActivation.

AWS::CloudFormation::PublicTypeVersion

Use the AWS::CloudFormation::PublicTypeVersion resource to test and publish a registered extension as a public, third-party extension.

AWS::CloudFormation::Publisher

Use the AWS::CloudFormation::Publisher resource to register your account as a publisher of public extensions in the CloudFormation registry.

AWS::CloudFormation::TypeActivation

Use the AWS::CloudFormation::TypeActivation resource to activate a public third-party extension, making it available for use in CloudFormation operations.

June 24, 2021

New resource

The following resource was added: AWS::Connect::QuickConnect

AWS::Connect::QuickConnect

Use the AWS::Connect::QuickConnect resource to create a quick connect.

June 24, 2021

Updated resource

The following resource was updated: AWS::MWAA::Environment

Schedulers

Use the Schedulers property to specify the number of Apache Airflow schedulers that run in an environment.

June 21, 2021

Publish public third-party extensions

Use public extensions provided by third-party publishers, just as you would extensions from AWS.

For more information, see Using public extensions. For information about publishing third-party public extensions, see Publishing extensions in the CloudFormation CLI User Guide.

June 21, 2021

Updated resource

The following resource was updated: AWS::AutoScaling::ScheduledAction.

AWS::AutoScaling::ScheduledAction

Use the TimeZone property to create recurring scheduled actions in the local time zone. If your time zone observes Daylight Saving Time (DST), the recurring action automatically adjusts for Daylight Saving Time.

June 18, 2021

Updated resources

The following resources were updated: AWS::AppMesh::VirtualNode, AWS::AppMesh::GatewayRoute, and AWS::AppMesh::Route

AWS::AppMesh::VirtualNode

Use the DnsServiceDiscovery property to represent the DNS service discovery information for your virtual node.

AWS::AppMesh::GatewayRoute

Use the GatewayRouteHostnameMatch property to represent the gateway route hostname to match.

Use the GatewayRouteHostnameRewrite property to represent the gateway route host name to rewrite.

Use the GrpcGatewayRouteMetadata property to represent the metadata of the gateway route.

Use the GrpcGatewayRouteRewrite property to represent the the gateway route to rewrite.

Use the GrpcMetadataMatchMethod property to represent the method header to be matched.

Use the HttpGatewayRouteHeader property to represent the HTTP header in the gateway route.

Use the HttpGatewayRoutePathRewrite property to represent the path to rewrite.

Use the HttpGatewayRoutePrefixRewrite property to represent the beginning characters of the route to rewrite.

Use the HttpGatewayRouteRewrite property to represent the beginning characters of the route to rewrite.

Use the HttpGatewayRoutePathRewrite property to represent the beginning characters of the route to rewrite.

AWS::AppMesh::Route

Use the HttpQueryParameter property to represent the query parameter in the request.

June 17, 2021

Updated resource

The following resource was updated: AWS::KMS::Key.

AWS::KMS::Key

Use the MultiRegionKey property to specify multi-Region primary keys.

June 17, 2021

New resource

The following resource was added: AWS::KMS::ReplicaKey.

AWS::KMS::ReplicaKey

Use the AWS::KMS::ReplicaKey resource to specify a replica of a specified multi-Region primary key.

June 17, 2021

Parallel Node Upgrade and Scale to Zero

In the NodegroupUpdateConfig, use either the MaxUnavailable and MaxUnavailablePercentage values to define the number of nodes to upgrade in parallel. In the scalingconfig, the minsize and desiredsize values can both be set to zero.

June 16, 2021

Updated resource

The following resource was updated: AWS::EC2::NatGateway

AWS::EC2::NatGateway

Use the ConnectivityType property to indicate whether the NAT gateway supports public or private connectivity.

June 11, 2021

Updated resources

The following resource was updated: AWS::RAM:ResourceShare

AWS::RAM::ResourceShare

Use the PermissionArns property to specify the Amazon Resource Names (ARNs) of the permissions to associate with the resource share.

June 10, 2021

Updated resource

The following resource was updated: AWS::KinesisAnalyticsV2::Application

AWS::KinesisAnalyticsV2::Application ApplicationConfiguration

You can use the ZeppelinApplicationConfiguration property to create Studio notebook applications that use Apache Zeppelin. You can use the notebook interactively, and you can deploy it as a continuously running streaming application with durable state and autoscaling features.

June 10, 2021

Updated resource

The following resource was updated: AWS::SQS::Queue

AWS::SQS::Queue

You can now use the DeduplicationScope and FifoThroughputLimitproperties to enable higher throughput for FIFO queues.

June 10, 2021

Updated resource

The following resource was updated: AWS::SSM::Document

AWS::SSM::Document

Use the Attachments property to specify a list of key and value pairs that describe attachments to a version of a document. Use the Requires property to specify a list of SSM documents required by a document. This parameter is used exclusively by AWS AppConfig. When a user creates an AWS AppConfig configuration in an SSM document, the user must also specify a required document for validation purposes. In this case, an ApplicationConfiguration document requires an ApplicationConfigurationSchema document for validation purposes. For more information, see Creating a configuration and a configuration profile in the AWS AppConfig User Guide.

June 10, 2021

Updated resource

The following resource was updated: AWS::FSx::FileSystem

AWS::FSx::FileSystem

Use the DNSName attribute to access the DNS name of your Amazon FSx file system.

June 7, 2021

New resource

The following resources were added: AWS::Location::GeofenceCollection, AWS::Location::Map, AWS::Location::PlaceIndex, AWS::Location::RouteCalculator, AWS::Location::Tracker, and AWS::Location::TrackerConsumer.

AWS::Location::GeofenceCollection

Use the AWS::Location::GeofenceCollection resource to specify the ability to detect and act when a tracked device enters or exits a defined geographical boundary.

AWS::Location::Map

Use the AWS::Location::Map resource to specify a map resource in your AWS account, which provides map tiles of different styles sourced from available data providers.

AWS::Location::PlaceIndex

Use the AWS::Location::PlaceIndex resource to specify a place index resource in your AWS account, which supports Places functions with geospatial data sourced from your chosen data provider.

AWS::Location::RouteCalculator

Use the AWS::Location::RouteCalculator resource to specify a route calculator resource in your AWS account.

AWS::Location::Tracker

Use the AWS::Location::Tracker resource to specify a tracker resource in your AWS account, which lets you receive current and historical location of devices.

AWS::Location::TrackerConsumer

Use the AWS::Location::TrackerConsumer resource to specify an association between a geofence collection and a tracker resource.

June 7, 2021

Updated resources

The following resources were updated: AWS::MediaPackage::Channel, AWS::MediaPackage::OriginEndpoint, AWS::MediaPackage::PackagingConfiguration, and AWS::MediaPackage::PackagingGroup.

AWS::MediaPackage::Channel.

Use the EgressAccessLogs property to specify egress access logs for your channel.

Use the IngressAccessLogs property to specify ingress access logs for your channel.

AWS::MediaPackage::OriginEndpoint.

Use the CmafEncryption.ConstantInitializationVector property to specify an optional 128-bit, 16-byte hex value represented by a 32-character string, used in conjunction with the key for encrypting blocks. If you don't specify a value, then AWS Elemental MediaPackage creates the constant initialization vector (IV).

AWS::MediaPackage::PackagingConfiguration.

Use the CmafPackage.IncludeEncoderConfigurationInSegments property to place your encoder's metadata into every video segment instead of the init fragment, which is the default behavior. This lets you use different SPS/PPS/VPS settings for your assets during content playback.

AWS::MediaPackage::PackagingGroup.

Use the EgressAccessLogs property to configure egress access logs for your packaging group.

May 27, 2021

Updated resources

The following resources were updated: AWS::WAFv2::WebACL and AWS::WAFv2::RuleGroup.

AWS::WAFv2::WebACL

You now have additional text transformation options.

AWS::WAFv2::RuleGroup

You now have additional text transformation options.

May 27, 2021

Updated resource

The following resource was updated: AWS::FraudDetector::Detector.

AWS::FraudDetector::Detector

Use the AssociatedModels property to associate models with the detector.

May 27, 2021

Updated resource

The following resource was updated: AWS::FSx::FileSystem

AWS::FSx::FileSystem

In the LustreConfiguration property type, use DataCompressionType to specify the type of data compression used by an Amazon FSx for Lustre file system.

May 27, 2021

Updated resource

The following resource was updated: AWS::MWAA::Environment

ModuleLoggingConfiguration

In the ModuleLoggingConfiguration property type, the CloudWatchLogGroupArn response property type for the CloudWatch Logs ARN where Apache Airflow DAG logs are published was removed from the request to enable logs, and is being returned in the response.

AirflowConfigurationOptions

In the AirflowConfigurationOptions property type, use a PrimitiveType of Json to add an Apache Airflow configuration option.

MinWorkers

Use the MinWorkers property to specify the minimum number of Apache Airflow workers that run in an environment.

May 27, 2021

Updated resource

The following resource was updated: AWS::ACMPCA::CertificateAuthority.

AWS::ACMPCA::CertificateAuthority

Use the S3ObjectAcl property to restrict public access to your CRLs.

May 27, 2021

Updated resource

The following resource was updated: AWS::QLDB::Ledger

AWS::QLDB::Ledger

The PermissionsMode property has changed so that an update requires no interruption.

May 27, 2021

New resource

The following resource was added: AWS::CUR::ReportDefinition

AWS::CUR::ReportDefinition

Use the AWS::CUR::ReportDefinition resource to define AWS Cost and Usage Report.

May 27, 2021

Region availability

The following resources were updated: AWS::AmazonMQ::Broker

AWS::AmazonMQ::Broker

Amazon MQ for RabbitMQ is now available in the Amazon Web Services China (Bejing) and the Amazon Web Services China (Ningxia) Regions.

May 26, 2021

New resources

The following resource was added: AWS::EC2::TransitGatewayPeeringAttachment.

AWS::EC2::TransitGatewayPeeringAttachment

Use the TransitGatewayPeeringAttachment resource to request transit gateway peering attachment between the specified transit gateway (requester) and a peer transit gateway (accepter).

May 20, 2021

New resource

The following resource was added: AWS::AppRunner::Service

AWS::AppRunner::Service

Use the AWS::AppRunner::Service resource to create or update an AWS App Runner service.

May 20, 2021

New resource

The following resource was added: AWS::IoTCoreDeviceAdvisor::SuiteDefinition

SuiteDefinition

Use the SuiteDefinition resource to create a new test suite configuration for Device Advisor.

May 20, 2021

Updated resources

The following resource was updated: AWS::CloudFormation::StackSet.

AWS::CloudFormation::StackSet

Use the CallAs property type to specify whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account.

May 14, 2021

Updated resource

The following resource was updated: AWS::ECS::TaskDefinition.

AWS::ECS::TaskDefinition EphemeralStorage

Use the AWS::ECS::TaskDefinition EphemeralStorage resource to define a custom ephemeral storage setting for your Amazon ECS tasks that are hosted on AWS Fargate.

May 14, 2021

Updated resource

The following resource was updated: AWS::ECS::CapacityProvider.

AWS::ECS::CapacityProvider ManagedScaling

Use the AWS::ECS::CapacityProvider ManagedScaling.InstanceWarmupPeriod property to set an instance warmup period for newly launched Amazon EC2 instances.

May 14, 2021

Updated resource

The following resource was updated: AWS::EKS::Nodegroup

AWS::EKS::Nodegroup

Use the Taints property to specify whether you want to have the effect of No_Schedule, Prefer_No_Schedule, or No_Execute applied to your node group.

May 14, 2021

Updated resource

The following resource was updated: AWS::Elasticsearch::Domain.

AWS::Elasticsearch::Domain

Use the EncryptionAtRestOptions property to specify whether the domain should encrypt data at rest, and if so, the AWS Key Management Service (KMS) key to use.

Use the NodeToNodeEncryptionOptions property to specify whether node-to-node encryption is enabled.

May 14, 2021

New resources

The following resources were added: AWS::SSMContacts::Contact and AWS::SSMContacts::ContactChannel

AWS::SSMContacts::Contact

Use the AWS::SSMContacts::Contact resource to specify an Incident Manager contact or escalation plan.

AWS::SSMContacts::ContactChannel

Use the AWS::SSMContacts::ContactChannel resource to specify a contact channel as the method that Incident Manager uses to engage your contact.

May 14, 2021

New resource

The following resource was added: AWS::DynamoDB::GlobalTable

AWS::DynamoDB::GlobalTable

Use the AWS::DynamoDB::GlobalTable resource to create DynamoDB global tables.

May 14, 2021

New resource

The following resources were added: AWS::SSMIncidents::ReplicationSet and AWS::SSMIncidents::ResponsePlan

AWS::SSMIncidents::ReplicationSet

Use the ReplicationSet resource to specify a set of Regions that Incident Manager data is replicated to and the AWS KMS key used to encrypt the data.

AWS::SSMIncidents::ResponsePlan

Use the ResponsePlan resource to specify the details of the response plan that are used when creating an incident.

May 14, 2021

Updated resources

The following resources were updated: AWS::ECR::Repository

AWS::ECR::Repository

Use the AWS::ECR::Repository.EncryptionConfiguration property to configure encryption for the contents of a private repository.

May 13, 2021

Updated resource

The following resource was updated: AWS::S3::Bucket.

AWS::S3::Bucket

Use the ExpiredObjectDeleteMarker property to specify whether Amazon S3 will remove a delete marker with no noncurrent versions.

May 13, 2021

Updated resource

The following resource was updated: AWS::CloudFront::Distribution.

AWS::CloudFront::Distribution

In the CacheBehavior and DefaultCacheBehavior property types, use the FunctionAssociations property to specify the CloudFront functions associated with the cache behavior.

For more information, see Customizing with CloudFront Functions in the Amazon CloudFront Developer Guide.

May 6, 2021

Updated resource

The following resources were updated: AWS::GameLift:Fleet, AWS::GameLift::GameSessionQueue.

AWS::GameLift::Fleet

In the LocationCapacity property type, use DesiredEc2Instance to specify the number of desired EC2 instance and MinSize and MaxSize to specify the minimum and maximum capacity size.

In the LocationConfiguration property type, use location Location to specify an AWS Region code and LocationConfiguration to specify resource capacity settings in a specified fleet.

AWS::GameLift::GameSessionQueue

Use the PriorityConfiguration property to specify priority destinations and locations for game session placements.

Use the FilterConfiguration property to specify a list of locations where a queue is allowed to place new game sessions.

May 6, 2021

Updated resource

The following resource was updated: AWS::IoT::TopicRule

AWS::IoT::TopicRule

Use the CloudwatchLogsAction property to specify a Cloudwatch logs action.

Use the TimestreamAction property to specify a timestream action.

Use the KafkaAction property to specify a kafka action.

In the S3Action property, use the CannedAcl value to specify a canned ACL action.

May 6, 2021

Updated resource

The following resource was updated: AWS::ACMPCA::CertificateAuthority.

AWS::ACMPCA::CertificateAuthority

Use the KeyStorageSecurityStandard property to specify the minimum FIPS key security standard.

May 6, 2021

New resources

The following resources were added: AWS::FraudDetector::Detector, AWS::FraudDetector::EntityType, AWS::FraudDetector::EventType, AWS::FraudDetector::Label, AWS::FraudDetector::Outcome, and AWS::FraudDetector::Variable

AWS::FraudDetector::Detector

Use the AWS::FraudDetector::Detector resource to manage a detector or associated detector versions in Amazon Fraud Detector.

AWS::FraudDetector::EntityType

Use the AWS::FraudDetector::EntityType resource to create or update an entity type in Amazon Fraud Detector.

AWS::FraudDetector::EventType

Use the AWS::FraudDetector::EventType resource to create or update an event type in Amazon Fraud Detector.

AWS::FraudDetector::Label

Use the AWS::FraudDetector::Label resource to create or update label in Amazon Fraud Detector.

AWS::FraudDetector::Outcome

Use the AWS::FraudDetector::Outcome resource to create or update an outcome in Amazon Fraud Detector.

AWS::FraudDetector::Variable

Use the AWS::FraudDetector::Variable resource to create a variable in Amazon Fraud Detector.

May 6, 2021

New resources

The following resources were added: AWS::XRay::Group and AWS::XRay::SamplingRule.

AWS::XRay::Group

Use the AWS::XRay::Group resource to specify an X-Ray group.

AWS::XRay::SamplingRule

Use the AWS::XRay::SamplingRule resource to specify an X-Ray sampling rule.

May 6, 2021

New resource

The following resource was added: AWS::CloudFront::Function.

AWS::CloudFront::Function

Use the AWS::CloudFront::Function resource to create a function in CloudFront Functions.

For more information, see Customizing with CloudFront Functions in the Amazon CloudFront Developer Guide.

May 6, 2021

New resource

The following resource was added: AWS::FinSpace::Environment

AWS::FinSpace::Environment

Use the AWS::FinSpace::Environment resource to specify an Amazon FinSpace environment.

May 6, 2021

Updated resource

The following resource was updated: AWS::Detective::Graph

AWS::Detective::Graph

Use the Tags property to assign tag values to the behavior graph.

April 29, 2021

New resource

The following resource was added: AWS::IoTFleetHub::Application

AWS::IoTFleetHub::Application

Use the AWS::IoTFleetHub::Application resource to create a Fleet Hub for AWS IoT Device Management web application.

April 29, 2021

New resource

The following resource was added: AWS::SES::ContactList

AWS::SES::ContactList

Use the AWS::SES::ContactList resource to create a list that contains contacts that have subscribed to a particular topic or topics.

April 29, 2021

Updated resources

The following resources were updated: AWS::IAM::InstanceProfile and AWS::IAM::ManagedPolicy.

AWS::IAM::InstanceProfile

Use the Tags property to specify a list of tags that you want to attach to the newly created instance profile.

AWS::IAM::ManagedPolicy

Use the Tags property to specify a list of tags that you want to attach to the newly created managed policy.

April 27, 2021

New resources

The following resources were added: AWS::IoTWireless::PartnerAccount, AWS::IoTWireless::TaskDefinition

AWS::IoTWireless::PartnerAccount

Gets information about a partner account. If PartnerAccountId and PartnerType are null, returns all partner accounts.

AWS::IoTWireless::TaskDefinition

Gets information about the gateway task definition for a wireless gateway.

April 26, 2021

New resources

The following resources were added: AWS::NimbleStudio::Studio, AWS::NimbleStudio::StudioComponent, AWS::NimbleStudio::StreamingImage, and AWS::NimbleStudio::LaunchProfile.

AWS::NimbleStudio::Studio

Use the AWS::NimbleStudio::Studio resource to specify a studio resource.

AWS::NimbleStudio::StudioComponent

Use the AWS::NimbleStudio::StudioComponent resource to configure studio components, including types of workstations, render farms, license servers, and shared file systems.

AWS::NimbleStudio::StreamingImage

Use the AWS::NimbleStudio::StreamingImage resource to configure a machine image, including operating system and software, that can be launched as a virtual workstation in a streaming session.

AWS::NimbleStudio::LaunchProfile

Use the AWS::NimbleStudio::LaunchProfile resource to specify user access permissions to studio components.

April 26, 2021

Updated resources

AWS::ElastiCache::CacheCluster, AWS::ElastiCache::ReplicationGroup.

AWS::ElastiCache::CacheCluster

You can now specify log delivery to a CloudWatch Logs or Kinesis Data Firehose destination.

AWS::ElastiCache::ReplicationGroup

You can now specify log delivery to a CloudWatch Logs or Kinesis Data Firehose destination.

April 22, 2021

Updated resources

The following resources were updated: AWS::WAFv2::WebACL and AWS::WAFv2::RuleGroup.

AWS::WAFv2::WebACL

You can now nest rule statements without using different names for statements at different levels. For example, instead of using AndStatementOne and AndStatementTwo to nest an AND rule statement inside another AND rule statement, you can use AndStatement for both. The new statement properties are AndStatement, NotStatement, OrStatement, RateBasedStatement, and Statement.

AWS::WAFv2::RuleGroup

You can now nest rule statements without using different names for statements at different levels. For example, instead of using AndStatementOne and AndStatementTwo to nest an AND rule statement inside another AND rule statement, you can use AndStatement for both. The new statement properties are AndStatement, NotStatement, OrStatement, RateBasedStatement, and Statement.

April 22, 2021

Updated resource

The following resource was updated: AWS::ResourceGroups::Group

AWS::ResourceGroups::Group

Use the Configuration property to specify settings for an AWS service that automatically apply to members of the resource group.

April 22, 2021

New resource

The following resource was added: AWS::AutoScaling::WarmPool.

AWS::AutoScaling::WarmPool

Use the AWS::AutoScaling::WarmPool resource to specify a warm pool for an Auto Scaling group.

April 22, 2021

Updated resources

The following resource was updated: AWS::CloudFormation::StackSet.

AWS::CloudFormation::StackSet

Use the RegionConcurrencyType property type to specify the concurrency type of deploying StackSets operations in Regions.

April 15, 2021

Updated resource

The following resource was updated: AWS::ApiGateway::RestApi.

AWS::ApiGateway::RestApi

Use the Mode property to specify how API Gateway handles resource updates when you use OpenAPI to define your REST API.

April 15, 2021

Updated resource

The following resource was updated: AWS::IVS::Channel

AWS::IVS::Channel

Use the RecordingConfiguration property to specify an Amazon IVS RecordingConfiguration, which stores configuration information related to recording your live stream to a data store.

April 15, 2021

New resources

The following resource was added: AWS::EC2::EnclaveCertificateIamRoleAssociation.

AWS::EC2::EnclaveCertificateIamRoleAssociation

Use the EnclaveCertificateIamRoleAssociation resource to associate an AWS Identity and Access Management (IAM) role with an AWS Certificate Manager (ACM) certificate.

April 15, 2021

New resource

The following resource was added: AWS::IVS::RecordingConfiguration

AWS::IVS::RecordingConfiguration

Use the AWS::IVS::RecordingConfiguration resource to specify an Amazon IVS RecordingConfiguration, which stores configuration information related to recording your live stream to a data store.

April 15, 2021

Reference macros in stack set templates

StackSets now supports creating or updating stack sets with self-managed permissions from templates that reference macros.

For more information about macros, see Using AWS CloudFormation macros to perform custom processing on templates.

April 14, 2021

Use the latest value of an SSM parameter in a dynamic reference

When using dynamic references, you can now have CloudFormation use the latest version of an SSM parameter whenever you create or update a stack. You are no longer required to specify a specific version.

For more details, see SSM parameters.

April 13, 2021

Updated resources

AWS::ElastiCache::ParameterGroup, AWS::ElastiCache::SecurityGroup, AWS::ElastiCache::SubnetGroup.

AWS::ElastiCache::ParameterGroup

You can now add tags to the AWS::ElastiCache::ParameterGroup type.

AWS::ElastiCache::SecurityGroup

You can now add tags to the AWS::ElastiCache::SecurityGroup resource.

AWS::ElastiCache::SubnetGroup

You can now add tags to the AWS::ElastiCache::SubnetGroup resource.

April 8, 2021

Updated resource

The following resource was updated: AWS::DynamoDB::Table.

AWS::DynamoDB::Table

Use the KinesisStreamSpecification property to specify the Kinesis Data Streams configuration for a table.

April 8, 2021

Modules support using period delimiters in resource names

You can now use a period as a delimiter in specifying the fully-qualified logical name for a resource contained in a module.

For more information, see Referencing resources in a module.

April 8, 2021

AWS CloudFormation StackSets now supports parallel region deployment

You can now choose to deploy StackSets into Regions sequentially or in parallel.

For more information, see Stack set operation options.

April 6, 2021

Updated resources

The following resources were updated: AWS::DataBrew::Dataset and AWS::DataBrew::Job

AWS::DataBrew::Dataset

Use the CsvOptions property to define how DataBrew will read a comma-separated value (CSV) file when creating a dataset from that file.

Use the DatabaseInputDefinition property to define connection information for dataset input files stored in a database.

Use the DataCatalogInputDefinition property to define how metadata stored in the AWS Glue Data Catalog is defined in a DataBrew dataset.

Use the DatasetParameter property to define the type and conditions for a parameter in the Amazon S3 path of the dataset.

Use the DatetimeOptions property to define the correct interpretation of datetime parameters used in the Amazon S3 path of a dataset.

Use the ExcelOptions property to define how DataBrew will interpret a Microsoft Excel file when creating a dataset from that file.

Use the FilesLimit property to limit the number of Amazon S3 files that should be selected for a dataset from a connected Amazon S3 path.

Use the FilterExpression property to define parameter conditions.

Use the FilterValue property to define a single entry in the ValuesMap of a FilterExpression.

Use the FormatOptions property to define the structure of either comma-separated value (CSV), Excel, or JSON input.

Use the Input property to define how DataBrew can find data, in either the AWS Glue Data Catalog or Amazon S3.

Use the JsonOptions property to define how input is to be interpreted by AWS Glue DataBrew.

Use the PathOptions property to define how DataBrew selects files for a given Amazon S3 path in a dataset.

Use the PathParameter property to define the file format of a dataset.

Use the S3Location property to define a single entry in the path parameters of a dataset.

AWS::DataBrew::Job

Use the JobSample property to define the number of rows on which a profile job is run.

Use the OutputLocation property to define the location in Amazon S3 where the job writes its output.

Use the Recipe property to define the actions to be performed on a dataset.

April 1, 2021

Updated resources

The following resources were updated: AWS::WAFv2::WebACL and AWS::WAFv2::RuleGroup.

AWS::WAFv2::WebACL

You can now inspect a web request body as JSON. You can now add custom request and response handling to web ACL default action and rule action settings. You can now define labels for rules, which are added automatically to matching requests and that persist with requests during web ACL evaluation. You can match against labels using the new rule LabelMatchStatement. You can now add a scope-down statement to managed rule group statements.

AWS::WAFv2::RuleGroup

You can now inspect a web request body as JSON. You can now add custom request and response handling to rule action settings. You can now define labels for rules, which are added automatically to matching requests and that persist with requests during web ACL evaluation. You can match against labels using the new rule LabelMatchStatement.

April 1, 2021

Updated resource

The following resource was updated: AWS::Config::DeliveryChannel.

AWS::Config::DeliveryChannel

Use the S3KmsKeyArn property to specify the Amazon Resource Name (ARN) of the AWS Key Management Service (KMS) customer managed key (CMK) used to encrypt objects delivered by AWS Config.

April 1, 2021

Updated resource

The following resource was updated: AWS::ApiGateway::RestApi.

AWS::ApiGateway::RestApi

Use the DisableExecuteApiEndpoint property to disable the default endpoint for a REST API.

April 1, 2021

Updated resource

The following resource was updated: AWS::Budgets::BudgetsAction

AWS::Budgets::BudgetsAction

Use the AWS::Budgets::BudgetsAction resource to take predefined actions that are initiated when a budget threshold has been exceeded.

April 1, 2021

Updated resource

The following resource was updated: AWS::Cloud9::EnvironmentEC2

AWS::Cloud9::EnvironmentEC2

Use the ImageId property to specify the Amazon Machine Image (AMI) that's used to create the EC2 instance.

April 1, 2021

Updated resource

The following resource was updated: AWS::EC2::LaunchTemplate.

AWS::EC2::LaunchTemplate

Use the TagSpecifications property to tag a launch template on creation.

April 1, 2021

Updated resource

The following resource was updated: AWS::ElasticBeanstalk::Environment.

AWS::ElasticBeanstalk::Environment

Use the OperationsRole property to specify the Amazon Resource Name (ARN) of an existing IAM role to be used as the environment's operations role.

April 1, 2021

Updated resource

The following resource was updated: AWS::Events::Rule.

AWS::Events::Rule

The SageMakerPipelineParameter property is a Name / Value pair of a parameter to start execution of a SageMaker Model Building Pipeline to create an API destination. An API destination defines an HTTP invocation endpoint to use as the target of a rule.

The SageMakerPipelineParameters contains the SageMaker Model Building Pipeline parameters to start execution of a SageMaker Model Building Pipeline.

April 1, 2021

Updated resource

The following resource was updated: AWS::FMS::Policy.

AWS::FMS::Policy

The AWS::FMS::Policy resource now allows you to manage DNS Firewall policies for Amazon RouteĀ 53 Resolver DNS Firewall.

April 1, 2021

Updated resource

The following resource was updated: AWS::GameLift::GameSessionQueue.

AWS::GameLift::GameSessionQueue

Use the NotificationTarget property to specify an SNS topic ARN to publish game session placement events that are emitted by the queue.

Use the CustomEventData property to specify a string value to add to all game session placement events that are emitted by the queue.

April 1, 2021

New resources

The following resources were added: AWS::Route53Resolver::FirewallDomainList, AWS::Route53Resolver::FirewallRuleGroup, AWS::Route53Resolver::FirewallRuleGroupAssociation

AWS::Route53Resolver::FirewallDomainList

Use the AWS::Route53Resolver::FirewallDomainList resource to specify a domain list configuration for Route 53 Resolver DNS Firewall.

AWS::Route53Resolver::FirewallRuleGroup

Use the AWS::Route53Resolver::FirewallRuleGroup resource to specify a rule group configuration for Route 53 Resolver DNS Firewall.

AWS::Route53Resolver::FirewallRuleGroupAssociation

Use the AWS::Route53Resolver::FirewallRuleGroupAssociation resource to specify an association between a firewall rule group and a VPC.

April 1, 2021

New resource

The following resource was added: AWS::CloudWatch::MetricStream.

AWS::CloudWatch::MetricStream

Use the AWS::CloudWatch::MetricStream resource to create a metric stream of CloudWatch metric data to a destination of your choice. For more information, see Metric streams.

April 1, 2021

New resource

The following resource was added : AWS::Logs::QueryDefinition

AWS::Logs::QueryDefinition

Use the AWS::Logs::QueryDefinition resource to create a CloudWatch Logs Insights query definition. For more information, see Analyzing Log Data with CloudWatch Logs Insights.

April 1, 2021

Updated resource

The following resource was updated: AWS::Batch::JobDefinition

AWS::Batch::JobDefinition

In the Volumes property type, use the EfsVolumeConfiguration property to specify the Amazon EFS configuration for a job definition.

March 31, 2021

New resources

The following resources were added: AWS::LookoutMetrics::Alert

AWS::LookoutMetrics::Alert

Use the AWS::LookoutMetrics::Alert resource to specify an alert for an anomaly detector.

AWS::LookoutMetrics::AnomalyDetector

Use the AWS::LookoutMetrics::AnomalyDetector resource to specify an anomaly detector.

March 25, 2021

New resource

The following resource was added: AWS::AppIntegrations::EventIntegration

AWS::AppIntegrations::EventIntegration

Use the AWS::AppIntegrations::EventIntegration resource to create an EventIntegration.

March 25, 2021

New resources

The following resources were added: AWS::CustomerProfiles::Domain, AWS::CustomerProfiles::Integration and AWS::CustomerProfiles::ObjectType.

AWS::CustomerProfiles::Domain

Use the AWS::CustomerProfiles::Domain resource to create a new domain in Amazon Connect Customer Profiles Service.

AWS::CustomerProfiles::Integration

Use the AWS::CustomerProfiles::Integration resource to create a new integration in Amazon Connect Customer Profiles Service.

AWS::CustomerProfiles::ObjectType

Use the AWS::CustomerProfiles::ObjectType resource to create a new object type in Amazon Connect Customer Profiles Service.

March 24, 2021

Updated resource

The following resource was updated: AWS::ServiceDiscovery::Service.

AWS::ServiceDiscovery::Service

Use the Type property to allow service instances in a service in a public or private DNS namespace to only be discovered with the DiscoverInstances API operation.

March 18, 2021

New resource

The following resource was added: AWS::FIS::ExperimentTemplate.

AWS::FIS::ExperimentTemplate

Use the AWS::FIS::ExperimentTemplate resource to create an experiment template in AWS Fault Injection Service.

March 18, 2021

New resource

The following resources were added: AWS::S3ObjectLambda::AccessPoint and AWS::S3ObjectLambda::AccessPointPolicy

AWS::S3ObjectLambda::AccessPoint

Use the AWS::S3ObjectLambda::AccessPoint resource to create a S3 Object Lambda access point.

AWS::S3ObjectLambda::AccessPointPolicy

Use the AWS::S3ObjectLambda::AccessPointPolicy resource to create a policy for your S3 Object Lambda access point.

March 18, 2021

New resources

The following resources were updated: AWS::ECS::Service.

AWS::ECS::Service

Use the AWS::ECS::Service resource and the EnableExecuteCommand property to turn on ECS Exec for the tasks in a service.

March 16, 2021

New resources

The following resources were updated: AWS::ECS::Cluster ExecuteCommandLogConfiguration.

AWS::ECS::Cluster ExecuteCommandLogConfiguration

Use the AWS::ECS::Cluster ExecuteCommandLogConfiguration resource to define a logging configuration for the ECS Exec actions on the tasks in a cluster.

March 16, 2021

New resources

The following resources were updated: AWS::ECS::Cluster ExecuteCommandConfiguration.

AWS::ECS::Cluster ExecuteCommandConfiguration

Use the AWS::ECS::Cluster ExecuteCommandConfiguration resource to turn on ECS Exec for a cluster.

March 16, 2021

Updated resource

The following resource was updated: AWS::Detective::MemberInvitation

AWS::Detective::MemberInvitation

Use the DisableEmailNotification property to prevent the sending of invitation emails to member accounts.

The term "master account" is changed to "administrator account."

March 15, 2021

Updated resources

The following resources were updated: AWS::ECR::PublicRepository

AWS::ECR::PublicRepository

Use the AWS::ECR::PublicRepository.Tags property to add tags to your public repositories.

March 11, 2021

Updated resource

The following resource was updated: AWS::CertificateManager::Account

AWS::CertificateManager::Account

Use the ExpiryEventsConfiguration property to specify options for certificate expiration events associated with an AWS account.

March 11, 2021

Updated resource

The following resource was updated: AWS::EFS::FileSystem

AWS::EFS::FileSystem

Use the AvailabilityZoneName property to create a file system that uses One Zone storage, which stores data redundantly within a single Availability Zone within an AWS Region.

March 11, 2021

New resources

The following resources were added: AWS::CE::AnomalySubscription and AWS::CE::AnomalyMonitor.

AWS::CE::AnomalySubscription

Use the AWS::CE::AnomalySubscription resource to deliver notifications about anomalies detected by a monitor that exceeds a threshold.

AWS::CE::AnomalyMonitor

Use the AWS::CE::AnomalyMonitor resource to continuously inspect your account's cost data for anomalies, based on MonitorType and MonitorSpecification.

March 11, 2021

New resources

The following resources were updated: AWS::ECS::ClusterCapacityProviderAssociations.

AWS::ECS::ClusterCapacityProviderAssociations

Use the AWS::ECS::ClusterCapacityProviderAssociations resource to associate capacity providers with a cluster.

March 11, 2021

New resource

The following resource was added: AWS::RDS::DBProxyEndpoint.

AWS::RDS::DBProxyEndpoint

Use the AWS::RDS::DBProxyEndpoint resource to create or update a custom DB proxy endpoint.

March 11, 2021

Updated resource

The following resource was updated: AWS::StepFunctions::StateMachine.

AWS::StepFunctions::StateMachine

The AWS::StepFunctions::StateMachine has a new Definition property that lets you define your state machine in the language of your template file.

March 10, 2021

Updated resource

The following resource was updated: AWS::AutoScaling::AutoScalingGroup.

AWS::AutoScaling::AutoScalingGroup MixedInstancesPolicy

Use the SpotAllocationStrategy property to specify capacity-optimized-prioritized as the allocation strategy for your Spot capacity when you use a mixed instances policy.

March 8, 2021

Updated resource

The following new resource was updated: AWS::SecretsManager::Secret

AWS::SecretsManager::Secret

Use the ReplicaRegions property to replicate secrets into additional Regions for resiliency and disaster recovery.

March 4, 2021

New resource

The following resource was added: AWS::Events::ApiDestination.

AWS::Events::ApiDestination

Use the ApiDestination resource to create an API destination. An API destination defines an HTTP invocation endpoint to use as the target of a rule.

March 4, 2021

New resource

The following resource was added: AWS::Events::Connection.

AWS::Events::Connection

Use the Connection resource to create a connection to use with Api destinations. A connection defines the authorization method and parameters to use to connect to the HTTP invocation endpoint for an Api destination.

March 4, 2021

New resource

The following resources were added: AWS::IoT::AccountAuditConfiguration,AWS::IoT::CustomMetric, AWS::IoT::Dimension, AWS::IoT::MitigationAction, AWS::IoT::ScheduledAudit, AWS::IoT::SecurityProfile.

AWS::IoT::AccountAuditConfiguration

Use the AWS::IoT::AccountAuditConfiguration resource to specify an account audit configuration in AWS IoT Core.

AWS::IoT::CustomMetric

Use the AWS::IoT::CustomMetric resource to specify a custom metric in AWS IoT Core.

AWS::IoT::Dimension

Use the AWS::IoT::Dimension resource to specify a dimension in AWS IoT Core.

AWS::IoT::MitigationAction

Use the AWS::IoT::MitigationAction resource to specify a mitigation action in AWS IoT Core.

AWS::IoT::ScheduledAudit

Use the AWS::IoT::ScheduledAudit resource to specify a Scheduled Audit in AWS IoT Core.

AWS::IoT::SecurityProfile

Use the AWS::IoT::SecurityProfile resource to specify a security profile in AWS IoT Core.

March 4, 2021

New resource

The following resources were added: AWS::S3Outposts::Bucket, AWS::S3Outposts::BucketPolicy, AWS::S3Outposts::AccessPoint, and AWS::S3Outposts::EndPoint

AWS::S3Outposts::Bucket

Use the AWS::S3Outposts::Bucket resource to create an S3 on Outposts bucket.

AWS::S3Outposts::BucketPolicy

Use the AWS::S3Outposts::BucketPolicy resource to create a bucket policy for your S3 on Outposts bucket.

AWS::S3Outposts::AccessPoint

Use the AWS::S3Outposts::AccessPoint resource to create an access point for your S3 on Outposts bucket.

AWS::S3Outposts::EndPoint

Use the AWS::S3Outposts::EndPoint resource to create an endpoint for Amazon S3 on AWS Outposts.

March 4, 2021

Updated resource

The following resources were updated: AWS::IoTSiteWise::AccessPolicy and AWS::IoTSiteWise::Portal.

AWS::IoTSiteWise::AccessPolicy

Added the following properties: IamRole and IamUser.

AWS::IoTSiteWise::Portal

Added the following property: PortalAuthMode.

March 2, 2021

Updated resource

The following resource was updated: AWS::IoTSiteWise::AssetModel.

AWS::IoTSiteWise::AssetModel

Added the following property: AssetModelCompositeModel.

You can use this property to define an alarm in AWS IoT SiteWise.

For more information, see Monitoring data with alarms in the AWS IoT SiteWise User Guide.

March 1, 2021

Updated resource

The following resource was updated: AWS::DataBrew::Dataset Format.

AWS::DataBrew::Dataset Format

Use the Format property to define the file format of a dataset.

February 25, 2021

Updated resource

The following resource was updated: AWS::ManagedBlockchain::Node

AWS::ManagedBlockchain::Node

Use the NodeConfiguration property to create a node on an Ethereum network.

February 25, 2021

Updated resource

The following resource was updated: AWS::SageMaker::Model

AWS::SageMaker::Model

Use the InferenceExecutionConfig property to specify details of how containers in a multi-container endpoint are called.

February 25, 2021

New resources

The following resource was added: AWS::EC2::TransitGatewayConnect.

AWS::EC2::TransitGatewayConnect

Use the TransitGatewayConnect resource to create a Connect attachment from a specified transit gateway attachment.

February 25, 2021

New resources

The following resources were added: AWS::EMR::Studio and AWS::EMR::StudioSessionMapping.

AWS::EMR::Studio

Use the AWS::EMR::Studio resource to create a new Amazon EMR Studio.

AWS::EMR::StudioSessionMapping

Use the AWS::EMR::StudioSessionMapping resource to assign a user or group to an Amazon EMR Studio, and apply an IAM session policy to refine Studio permissions for that user or group.

February 25, 2021

New resources

The following resources were added: AWS::IAM::OIDCProvider, AWS::IAM::SAMLProvider, AWS::IAM::ServerCertificate, and AWS::IAM::VirtualMFADevice.

AWS::IAM::OIDCProvider

Use the AWS::IAM::OIDCProvider resource to create an IAM entity to describe an identity provider (IdP) that supports OpenID Connect (OIDC).

AWS::IAM::SAMLProvider

Use the AWS::IAM::SAMLProvider resource to create an IAM resource that describes an identity provider (IdP) that supports SAML 2.0.

AWS::IAM::ServerCertificate

Use the AWS::IAM::ServerCertificate resource to retrieve information about the specified server certificate stored in IAM.

AWS::IAM::VirtualMFADevice

Use the AWS::IAM::VirtualMFADevice resource to create a new virtual MFA device for the AWS account.

February 25, 2021

New resources

The following resources were added: AWS::SageMaker::Image, AWS::SageMaker::ImageVersion.

AWS::SageMaker::Image

Use the AWS::SageMaker::Image resource to create a new Image in Amazon SageMaker.

AWS::SageMaker::ImageVersion

Use the AWS::SageMaker::ImageVersion resource to create a new ImageVersion in Amazon SageMaker.

February 25, 2021

New resource

The following resource was added: AWS::EKS::Addon.

AWS::EKS::Addon

Use the AWS::EKS::Addon resource to create an Amazon EKS add-on.

February 25, 2021

New attributes

The following parameters were added for 10DLC support: EntityId, TemplateId, OriginationNumber.

AWS::Pinpoint::Campaign CampaignSmsMessage

Specifies the content and settings for an SMS message that's sent to recipients of a campaign.

February 24, 2021

Updated resource

The following resource was updated: AWS::DynamoDB::Table

AWS::DynamoDB::Table

Use the ContributorInsightsSpecification property to enable or disable CloudWatch Contributor Insights on a table or global secondary index.

February 22, 2021

Updated resource

The following resource was updated: AWS::CodeCommit::Repository Code

AWS::CodeCommit::Repository Code

The behavior of the BranchName property on update has changed to be consistent with all other aspects of AWS:CodeCommit:Repository Code. All properties of AWS:CodeCommit:Repository Code are ignored on update, as they only apply to initial resource creation.

February 19, 2021

Updated resources

The following resources were updated: AWS::AppMesh::VirtualNode and AWS::AppMesh::VirtualGateway

AWS::AppMesh::VirtualNode

Use the ClientTlsCertificate property to represent the client's certificate.

Use the SubjectAlternativeNames property to represent the subject alternative names secured by the certificate.

Use the TlsValidationContextSdsTrust property to represent a Transport Layer Security (TLS) Secret Discovery Service validation context trust.

Use the ListenerTlsValidationContextTrust property to represent a listener's Transport Layer Security (TLS) validation context trust.

Use the SubjectAlternativeNameMatchers property to represent the methods by which a subject alternative name on a peer Transport Layer Security (TLS) certificate can be matched.

Use the ListenerTlsSdsCertificate property to represent the listener's Secret Discovery Service certificate.

Use the ListenerTlsValidationContext property to represent a listener's Transport Layer Security (TLS) validation context.

AWS::AppMesh::VirtualGateway

Use the VirtualGatewayListenerTlsValidationContextTrust property to specify validation context trust.

Use the VirtualGatewayTlsValidationContextSdsTrust property to represent a virtual gateway's listener's Transport Layer Security (TLS) Secret Discovery Service validation context trust.

Use the SubjectAlternativeNames property represents the subject alternative names secured by the certificate.

Use the VirtualGatewayListenerTlsSdsCertificate property to represent the virtual gateway's listener's Secret Discovery Service certificate.

Use the VirtualGatewayClientTlsCertificate property to represent the virtual gateway's client's Transport Layer Security (TLS) certificate.

Use the VirtualGatewayListenerTlsValidationContext property to represent a virtual gateway's listener's Transport Layer Security (TLS) validation context.

Use the SubjectAlternativeNameMatchers property to represent the methods by which a subject alternative name on a peer Transport Layer Security (TLS) certificate can be matched.

February 18, 2021

Updated resources

The following resource was updated: AWS::IoTWireless::ServiceProfile

AWS::IoTWireless::ServiceProfile

Use the attributes of LoRaWANGetServiceProfileInfo with LoRaWANServiceProfile instead as ReadOnly properties that you can return using Fn::GetAtt.

February 18, 2021

Updated resources

The following resources were updated: AWS::Kendra::DataSource, AWS::Kendra::Index.

AWS::Kendra::DataSource

Use the ConfluenceConfiguration property of the resource to specify configuration information for indexing a Confluence data source.

AWS::Kendra::DataSource

Use the GoogleDriveConfiguration property of the resource to specify configuration information for indexing a Google Drive data source.

AWS::Kendra::Index

Use the UserContextPolicy and UserTokenConfiguration properties of the resource to specify how Amazon Kendra uses user tokens for access to the index.

February 18, 2021

Updated resource

The following resource was updated: AWS::FSx::FileSystem

AWS::FSx::FileSystem

In the WindowsConfiguration property type, use Aliases to specify one or more DNS alias names that you want to associate with the Amazon FSx file system.

February 18, 2021

Updated resource

The following resource was updated: AWS::DataBrew::Job JobSample.

AWS::DataBrew::Job JobSample

Use the JobSample property to define the sample configuration for profile jobs.

February 18, 2021

Updated resource

The following resource was updated: AWS::IoTAnalytics::Dataset.

AWS::IoTAnalytics::Dataset

Added the following properties: LateDataRule and LateDataRuleConfiguration.

You can use these properties to specify a late data rule for your dataset. The late data rule enables AWS IoT Analytics to send notifications through Amazon CloudWatch when late data arrives.

For more information, see Getting late data notifications in the AWS IoT Analytics User Guide.

February 18, 2021

AWS CloudFormation StackSets now supports delegated administrator with AWS Organizations

In addition to the organization's management account, delegated administrator accounts can create and manage stack sets with service-managed permissions for their organization.

For more information, see Register a delegated administrator and Create a stack set with service-managed permissions.

February 18, 2021

New resources

The following resources were added: AWS::EC2::TransitGatewayMulticastDomain,