v2.8.2

🧰 Included Tools

Update AWS CLI packages @renovate (#897)

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
awscli (source, changelog)	==1.31.6 -> ==1.32.17
boto3	==1.33.6 -> ==1.34.17

---

Release Notes

aws/aws-cli (awscli)

v1.32.17

Compare Source

=======

• api-change:ec2: This release adds support for adding an ElasticBlockStorage volume configurations in ECS RunTask/StartTask/CreateService/UpdateService APIs. The configuration allows for attaching EBS volumes to ECS Tasks.
• api-change:ecs: This release adds support for adding an ElasticBlockStorage volume configurations in ECS RunTask/StartTask/CreateService/UpdateService APIs. The configuration allows for attaching EBS volumes to ECS Tasks.
• api-change:events: Update events command to latest version
• api-change:iot: Add ConflictException to Update APIs of AWS IoT Software Package Catalog
• api-change:iotfleetwise: The following dataTypes have been removed: CUSTOMER_DECODED_INTERFACE in NetworkInterfaceType; CUSTOMER_DECODED_SIGNAL_INFO_IS_NULL in SignalDecoderFailureReason; CUSTOMER_DECODED_SIGNAL_NETWORK_INTERFACE_INFO_IS_NULL in NetworkInterfaceFailureReason; CUSTOMER_DECODED_SIGNAL in SignalDecoderType
• api-change:secretsmanager: Doc only update for Secrets Manager
• api-change:workspaces: Added AWS Workspaces RebootWorkspaces API - Extended Reboot documentation update

v1.32.16

Compare Source

=======

• api-change:connectcampaigns: Minor pattern updates for Campaign and Dial Request API fields.
• api-change:location: This release adds API support for custom layers for the maps service APIs: CreateMap, UpdateMap, DescribeMap.
• api-change:logs: Add support for account level subscription filter policies to PutAccountPolicy, DescribeAccountPolicies, and DeleteAccountPolicy APIs. Additionally, PutAccountPolicy has been modified with new optional "selectionCriteria" parameter for resource selection.
• api-change:qconnect: QueryAssistant and GetRecommendations will be discontinued starting June 1, 2024. To receive generative responses after March 1, 2024 you will need to create a new Assistant in the Connect console and integrate the Amazon Q in Connect JavaScript library (amazon-q-connectjs) into your applications.
• api-change:redshift-serverless: Updates to ConfigParameter for RSS workgroup, removal of use_fips_ssl
• api-change:route53: Route53 now supports geoproximity routing in AWS regions
• api-change:wisdom: QueryAssistant and GetRecommendations will be discontinued starting June 1, 2024. To receive generative responses after March 1, 2024 you will need to create a new Assistant in the Connect console and integrate the Amazon Q in Connect JavaScript library (amazon-q-connectjs) into your applications.

v1.32.15

Compare Source

=======

• api-change:codebuild: Aws CodeBuild now supports new compute type BUILD_GENERAL1_XLARGE
• api-change:ec2: Amazon EC2 R7iz bare metal instances are powered by custom 4th generation Intel Xeon Scalable processors.
• api-change:route53resolver: This release adds support for query type configuration on firewall rules that enables customers for granular action (ALLOW, ALERT, BLOCK) by DNS query type.

v1.32.14

Compare Source

=======

• api-change:connect: Minor trait updates for User APIs
• api-change:kms: Documentation updates for AWS Key Management Service (KMS).
• api-change:redshift-serverless: use_fips_ssl and require_ssl parameter support for Workgroup, UpdateWorkgroup, and CreateWorkgroup

v1.32.13

Compare Source

=======

• api-change:config: Updated ResourceType enum with new resource types onboarded by AWS Config in November and December 2023.
• api-change:docdb: Adding PerformanceInsightsEnabled and PerformanceInsightsKMSKeyId fields to DescribeDBInstances Response.
• api-change:ecs: This release adds support for managed instance draining which facilitates graceful termination of Amazon ECS instances.
• api-change:es: This release adds support for new or existing Amazon OpenSearch domains to enable TLS 1.3 or TLS 1.2 with perfect forward secrecy cipher suites for domain endpoints.
• api-change:lightsail: This release adds support to set up an HTTPS endpoint on an instance.
• api-change:opensearch: This release adds support for new or existing Amazon OpenSearch domains to enable TLS 1.3 or TLS 1.2 with perfect forward secrecy cipher suites for domain endpoints.
• api-change:sagemaker: Adding support for provisioned throughput mode for SageMaker Feature Groups
• api-change:servicecatalog: Added Idempotency token support to Service Catalog AssociateServiceActionWithProvisioningArtifact, DisassociateServiceActionFromProvisioningArtifact, DeleteServiceAction API
• api-change:endpoint-rules: Update endpoint-rules command to latest version

v1.32.12

Compare Source

=======

• api-change:connect: Amazon Connect, Contact Lens Evaluation API increase evaluation notes max length to 3072.
• api-change:mediaconvert: This release includes video engine updates including HEVC improvements, support for ingesting VP9 encoded video in MP4 containers, and support for user-specified 3D LUTs.

v1.32.11

Compare Source

=======

• api-change:apprunner: AWS App Runner adds Python 3.11 and Node.js 18 runtimes.
• api-change:location: This release introduces a new parameter to bypasses an API key's expiry conditions and delete the key.
• api-change:quicksight: Add LinkEntityArn support for different partitions; Add UnsupportedUserEditionException in UpdateDashboardLinks API; Add support for New Reader Experience Topics

v1.32.10

Compare Source

=======

• api-change:codestar-connections: New integration with the GitLab self-managed provider type.
• api-change:kinesis-video-archived-media: NoDataRetentionException thrown when GetImages requested for a Stream that does not retain data (that is, has a DataRetentionInHours of 0).
• api-change:sagemaker: Amazon SageMaker Studio now supports Docker access from within app container

v1.32.9

Compare Source

======

• api-change:emr: Update emr command to latest version

v1.32.8

Compare Source

======

• api-change:iam: Documentation updates for AWS Identity and Access Management (IAM).
• api-change:endpoint-rules: Update endpoint-rules command to latest version

v1.32.7

Compare Source

======

• api-change:bedrock-agent: Adding Claude 2.1 support to Bedrock Agents
• api-change:endpoint-rules: Update endpoint-rules command to latest version
• api-change:glue: This release adds additional configurations for Query Session Context on the following APIs: GetUnfilteredTableMetadata, GetUnfilteredPartitionMetadata, GetUnfilteredPartitionsMetadata.
• api-change:lakeformation: This release adds additional configurations on GetTemporaryGlueTableCred...

v2.8.1

Make bindfs mapping bidirectional, remove host USER name from env @Nuru (#901)

REMINDER

This PR fixes an issue with using bindfs to work around file ownership issues caused by running the Docker daemon as root (#594). This support is provided as a courtesy, but the better solution is to run Docker in "rootless" mode, which is done automatically when you use Docker Desktop. Support for running Docker as root should be considered deprecated.

what

• Use bi-directional UID and GUID mapping in bindfs mount of host filesystem
• Remove host username ($USER) from Geodesic environment

why

• To guard against CVE-2022-24765, git checks the ownership of all directories it looks at for configuration, and complains if it finds a directory with a different owner.
• The host's username was injected to support ansible 8 years ago (#65). It was never working properly on Debian due to the different structure of the adduser command on Debian vs Alpine, and should not be necessary now. If it turns out to be needed for some reason, we should develop a more robust solution.

references

• Git vulnerability to configuration injection
• Supersedes and closes #900

📚️ Documentation

Update Demo GIF with VHS @osterman (#898)

what

• Updated demo with automation
• See

why

• Video was hopelessly out of date, with this change we can keep it regularly updated with each PR.

🏗️ Build/Release Maintenance

v2.8.0 Core updates

🚀 Enhancements

• Enhance kubectl-auto-select to work with Debian

🧰 Included Tools

Non-automatic tool updates @Nuru (#894)

what

• Enhance kubectl-auto-select to work with Debian
• Configure Debian version by codename
• Upgrade Alpine to use Fuse 3
• For Alpine, configure bindfs version via Docker ARG and upgrade bindfs v1.15.1 -> 1.17.6
• Upgrade Python on Debian from v3.10.10 to v3.11.6
• Upgrade Google Cloud SDK v422.0.0 -> 455.0.0
• Upgrade kubectx v0.9.4 -> v0.9.5
• Upgrade helm-diff v3.6.0 -> v3.8.1

why

• kubectl-auto-select was written for Alpine and failed on Debian due to differing package managers
• Python is configured by Debian codename, so keep it in sync with Debian by using codename is both places
• Debian upgraded to Fuse 3 in v11 "bullseye" so keep Alpine relatively in sync
• Alpine bindfs version was hard coded, but not easily changed, and was old. Debian installs bindfs via package, and for some reason is sticking to v1.14.7.
• Alpine is using Python 3.11.6, so update Debian to corresponding version
• Update tools not tracked by automation to current versions

Update dependency cryptography to v41.0.7 @renovate (#890)

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
cryptography (changelog)	==41.0.5 -> ==41.0.7

---

Release Notes

pyca/cryptography (cryptography)

v41.0.7

Compare Source

---

Update alpine Docker tag to v3.18.5 @renovate (#893)

This PR contains the following updates:

Package	Type	Update	Change
alpine	final	patch	3.18.4 -> 3.18.5
alpine	stage	patch	3.18.4 -> 3.18.5

---

Update AWS CLI packages @renovate (#888)

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
awscli (source, changelog)	==1.29.78 -> ==1.31.6
boto3	==1.28.78 -> ==1.33.6

---

Release Notes

aws/aws-cli (awscli)

v1.31.6

Compare Source

======

• api-change:qconnect: This release adds the PutFeedback API and allows providing feedback against the specified assistant for the specified target.
• api-change:rbin: Added resource identifier in the output and updated error handling.
• api-change:verifiedpermissions: Adds description field to PolicyStore API's and namespaces field to GetSchema.

v1.31.5

Compare Source

======

• api-change:arc-zonal-shift: This release adds a new capability, zonal autoshift. You can configure zonal autoshift so that AWS shifts traffic for a resource away from an Availability Zone, on your behalf, when AWS determines that there is an issue that could potentially affect customers in the Availability Zone.
• api-change:glue: Adds observation and analyzer support to the GetDataQualityResult and BatchGetDataQualityResult APIs.
• api-change:sagemaker: This release adds support for 1/ Code Editor, based on Code-OSS, Visual Studio Code Open Source, a new fully managed IDE option in SageMaker Studio 2/ JupyterLab, a new fully managed JupyterLab IDE experience in SageMaker Studio

v1.31.4

Compare Source

======

• api-change:marketplace-agreement: The AWS Marketplace Agreement Service provides an API interface that helps AWS Marketplace sellers manage their agreements, including listing, filtering, and viewing details about their agreements.
• api-change:marketplace-catalog: This release enhances the ListEntities API to support new entity type-specific strongly typed filters in the request and entity type-specific strongly typed summaries in the response.
• api-change:marketplace-deployment: AWS Marketplace Deployment is a new service that provides essential features that facilitate the deployment of software, data, and services procured through AWS Marketplace.
• api-change:redshift-serverless: This release adds the following support for Amazon Redshift Serverless: 1) cross-account cross-VPCs, 2) copying snapshots across Regions, 3) scheduling snapshot creation, and 4) restoring tables from a recovery point.
• api-change:endpoint-rules: Update endpoint-rules command to latest version

v1.31.3

Compare Source

======

• api-change:application-autoscaling: Amazon SageMaker customers can now use Application Auto Scaling to automatically scale the number of Inference Component copies across an endpoint to meet the varying demand of their workloads.
• api-change:cleanrooms: AWS Clean Rooms now provides differential privacy to protect against user-identification attempts and machine learning modeling to allow two parties to identify similar users in their data.
• api-change:cleanroomsml: Public Preview SDK release of AWS Clean Rooms ML APIs
• api-change:opensearch: Launching Amazon OpenSearch Service support for new zero-ETL integration with Amazon S3. Customers can now manage their direct query data sources to Amazon S3 programatically
• api-change:opensearchserverless: Amazon OpenSearch Serverless collections support an additional attribute called standby-replicas. This allows to specify whether a collection should have redundancy enabled.
• api-change:sagemaker-runtime: Update sagemaker-runtime command to latest version
• api-change:sagemaker: This release adds following support 1/ Improved SDK tooling for model deployment. 2/ New Inference Component based features to lower inference costs and latency 3/ SageMaker HyperPod management. 4/ Additional parameters for FM Fine Tuning in Autopilot
• api-change:sts: Documentation updates for AWS Security Token Service.
• api-change:endpoint-rules: Update endpoint-rules command to latest version

v1.31.2

Compare Source

======

• api-change:accessanalyzer: This release adds support for external access findings for S3 directory buckets to help you easily identify cross-account access. Updated service API, documentation, and paginators.
• api-change:bedrock: This release adds support for customization types, model life cycle status and minor versions/aliases for model identifiers.
• api-change:bedrock-agent: This release introduces Agents for Amazon B...

v2.7.3

🧰 Included Tools

Update AWS CLI packages @renovate (#887)

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
awscli (source, changelog)	==1.29.74 -> ==1.29.78
boto3	==1.28.74 -> ==1.28.78

---

Release Notes

aws/aws-cli (awscli)

v1.29.78

Compare Source

=======

• api-change:config: Updated ResourceType enum with new resource types onboarded by AWS Config in October 2023.
• api-change:connect: Amazon Connect Chat introduces Create Persistent Contact Association API, allowing customers to choose when to resume previous conversations from previous chats, eliminating the need to repeat themselves and allowing agents to provide personalized service with access to entire conversation history.
• api-change:iotwireless: Added LoRaWAN version 1.0.4 support
• api-change:launch-wizard: AWS Launch Wizard is a service that helps reduce the time it takes to deploy applications to the cloud while providing a guided deployment experience.
• api-change:endpoint-rules: Update endpoint-rules command to latest version

v1.29.77

Compare Source

=======

• api-change:apprunner: AWS App Runner now supports using dual-stack address type for the public endpoint of your incoming traffic.
• api-change:connect: GetMetricDataV2 API: Update to include new metrics PERCENT_NON_TALK_TIME, PERCENT_TALK_TIME, PERCENT_TALK_TIME_AGENT, PERCENT_TALK_TIME_CUSTOMER
• api-change:gamelift: Amazon GameLift adds support for shared credentials, which allows applications that are deployed on managed EC2 fleets to interact with other AWS resources.
• api-change:glue: This release introduces Google BigQuery Source and Target in AWS Glue CodeGenConfigurationNode.
• api-change:network-firewall: This release introduces the stateless rule analyzer, which enables you to analyze your stateless rules for asymmetric routing.
• api-change:quicksight: This release introduces Float Decimal Type as SubType in QuickSight SPICE datasets and Custom week start and Custom timezone options in Analysis and Dashboard
• api-change:endpoint-rules: Update endpoint-rules command to latest version

v1.29.76

Compare Source

=======

• api-change:connect: Adds the BatchGetFlowAssociation API which returns flow associations (flow-resource) corresponding to the list of resourceArns supplied in the request. This release also adds IsDefault, LastModifiedRegion and LastModifiedTime fields to the responses of several Describe and List APIs.
• api-change:globalaccelerator: Global Accelerator now support accelerators with cross account endpoints.
• api-change:rds: This release adds support for customized networking resources to Amazon RDS Custom.
• api-change:redshift: Added support for Multi-AZ deployments for Provisioned RA3 clusters that provide 99.99% SLA availability.
• api-change:sagemaker: Support for batch transform input in Model dashboard

v1.29.75

Compare Source

=======

• api-change:amplify: Add backend field to CreateBranch and UpdateBranch requests. Add pagination support for ListApps, ListDomainAssociations, ListBranches, and ListJobs
• api-change:application-insights: Automate attaching managed policies
• api-change:ec2: Capacity Blocks for ML are a new EC2 purchasing option for reserving GPU instances on a future date to support short duration machine learning (ML) workloads. Capacity Blocks automatically place instances close together inside Amazon EC2 UltraClusters for low-latency, high-throughput networking.
• api-change:m2: Added name filter ability for ListDataSets API, added ForceUpdate for Updating environment and BatchJob submission using S3BatchJobIdentifier
• api-change:neptunedata: Minor change to not retry CancelledByUserException
• api-change:translate: Added support for Brevity translation settings feature.

boto/boto3 (boto3)

v1.28.78

Compare Source

=======

• api-change:config: [botocore] Updated ResourceType enum with new resource types onboarded by AWS Config in October 2023.
• api-change:connect: [botocore] Amazon Connect Chat introduces Create Persistent Contact Association API, allowing customers to choose when to resume previous conversations from previous chats, eliminating the need to repeat themselves and allowing agents to provide personalized service with access to entire conversation history.
• api-change:iotwireless: [botocore] Added LoRaWAN version 1.0.4 support
• api-change:launch-wizard: [botocore] AWS Launch Wizard is a service that helps reduce the time it takes to deploy applications to the cloud while providing a guided deployment experience.
• api-change:endpoint-rules: [botocore] Update endpoint-rules client to latest version

v1.28.77

Compare Source

=======

• api-change:apprunner: [botocore] AWS App Runner now supports using dual-stack address type for the public endpoint of your incoming traffic.
• api-change:connect: [botocore] GetMetricDataV2 API: Update to include new metrics PERCENT_NON_TALK_TIME, PERCENT_TALK_TIME, PERCENT_TALK_TIME_AGENT, PERCENT_TALK_TIME_CUSTOMER
• api-change:gamelift: [botocore] Amazon GameLift adds support for shared credentials, which allows applications that are deployed on managed EC2 fleets to interact with other AWS resources.
• api-change:glue: [botocore] This release introduces Google BigQuery Source and Target in AWS Glue CodeGenConfigurationNode.
• api-change:network-firewall: [botocore] This release introduces the stateless rule analyzer, which enables you to analyze your stateless rules for asymmetric routing.
• api-change:quicksight: [botocore] This release introduces Float Decimal Type as SubType in QuickSight SPICE datasets and Custom week start and Custom timezone options in Analysis and Dashboard
• api-change:endpoint-rules: [botocore] Update endpoint-rules client to latest version

v1.28.76

Compare Source

=======

• api-change:connect: [botocore] Adds the BatchGetFlowAssociation API which returns flow associations (flow-resource) corresponding to the list of resourceArns supplied in the request. This release also adds IsDefault, LastModifiedRegion and LastModifiedTime fields to the responses of several Describe and List APIs.
• api-change:globalaccelerator: [botocore] Global Accelerator now support accelerators with cross account endpoints.
• api-change:rds: [botocore] This release adds support for customized networking resources to Amazon RDS Custom.
• api-change:redshift: [botocore] Added support for Multi-AZ deployments for Provisioned RA3 clusters that provide 99.99% SLA availability.
• api-change:sagemaker: [botocore] Support for batch transform input in Model dashboard

v1.28.75

Compare Source

=======

• api-change:amplify: [botocore] Add backend field to CreateBranch and UpdateBranch requests. Add pagination support for ListApps, ListDomainAssociations, ListBranches, and ListJobs
• api-change:application-insights: [botocore] Automate attaching managed policies
• api-change:ec2: [botocore] Capacity Blocks for ML are a new EC2 purchasing option for reserving GPU instances on a future date to support short duration machine learning (ML) workloads. Cap...

v2.7.2

🧰 Included Tools

Update dependency cryptography to v41.0.5 @renovate (#884)

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
cryptography (changelog)	==41.0.4 -> ==41.0.5

---

Release Notes

pyca/cryptography (cryptography)

v41.0.5

Compare Source

---

Update AWS CLI packages @renovate (#886)

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
awscli (source, changelog)	==1.29.68 -> ==1.29.74
boto3	==1.28.68 -> ==1.28.74

---

Release Notes

aws/aws-cli (awscli)

v1.29.74

Compare Source

=======

• api-change:connect: This release adds InstanceId field for phone number APIs.
• api-change:dataexchange: We added a new API action: SendDataSetNotification.
• api-change:datasync: Platform version changes to support AL1 deprecation initiative.
• api-change:finspace: Introducing new API UpdateKxClusterCodeConfiguration, introducing new cache types for clusters and introducing new deployment modes for updating clusters.
• api-change:mediapackagev2: This feature allows customers to create a combination of manifest filtering, startover and time delay configuration that applies to all egress requests by default.
• api-change:rds: This release launches the CreateIntegration, DeleteIntegration, and DescribeIntegrations APIs to manage zero-ETL Integrations.
• api-change:redshift-serverless: Added support for custom domain names for Amazon Redshift Serverless workgroups. This feature enables customers to create a custom domain name and use ACM to generate fully secure connections to it.
• api-change:resiliencehub: Introduced the ability to filter applications by their last assessment date and time and have included metrics for the application's estimated workload Recovery Time Objective (RTO) and estimated workload Recovery Point Objective (RPO).
• api-change:s3outposts: Updated ListOutpostsWithS3 API response to include S3OutpostArn for use with AWS RAM.
• api-change:wisdom: This release added necessary API documents on creating a Wisdom knowledge base to integrate with S3.

v1.29.73

Compare Source

=======

• api-change:emr: Update emr command to latest version
• api-change:neptune: Update TdeCredentialPassword type to SensitiveString
• api-change:pinpoint: Updated documentation to describe the case insensitivity for EndpointIds.
• api-change:redshift: added support to create a dual stack cluster
• api-change:wafv2: Updates the descriptions for the calls that manage web ACL associations, to provide information for customer-managed IAM policies.

v1.29.72

Compare Source

=======

• api-change:appstream: This release introduces multi-session fleets, allowing customers to provision more than one user session on a single fleet instance.
• api-change:ec2: Launching GetSecurityGroupsForVpc API. This API gets security groups that can be associated by the AWS account making the request with network interfaces in the specified VPC.
• api-change:network-firewall: Network Firewall now supports inspection of outbound SSL/TLS traffic.
• api-change:opensearch: You can specify ipv4 or dualstack IPAddressType for cluster endpoints. If you specify IPAddressType as dualstack, the new endpoint will be visible under the 'EndpointV2' parameter and will support IPv4 and IPv6 requests. Whereas, the 'Endpoint' will continue to serve IPv4 requests.
• api-change:redshift: Add Redshift APIs GetResourcePolicy, DeleteResourcePolicy, PutResourcePolicy and DescribeInboundIntegrations for the new Amazon Redshift Zero-ETL integration feature, which can be used to control data ingress into Redshift namespace, and view inbound integrations.
• api-change:sagemaker: Amazon Sagemaker Autopilot now supports Text Generation jobs.
• api-change:sns: Message Archiving and Replay is now supported in Amazon SNS for FIFO topics.
• api-change:ssm-sap: AWS Systems Manager for SAP added support for registration and discovery of SAP ABAP applications
• api-change:transfer: No API changes from previous release. This release migrated the model to Smithy keeping all features unchanged.
• api-change:endpoint-rules: Update endpoint-rules command to latest version

v1.29.71

Compare Source

=======

• api-change:connectcases: Increase maximum length of CommentBody to 3000, and increase maximum length of StringValue to 1500
• api-change:groundstation: This release will allow KMS alias names to be used when creating Mission Profiles
• api-change:iam: Updates to GetAccessKeyLastUsed action to replace NoSuchEntity error with AccessDeniedException error.

v1.29.70

Compare Source

=======

• api-change:codepipeline: Add ability to trigger pipelines from git tags, define variables at pipeline level and new pipeline type V2.
• api-change:ec2: This release updates the documentation for InstanceInterruptionBehavior and HibernationOptionsRequest to more accurately describe the behavior of these two parameters when using Spot hibernation.
• api-change:eks: Added support for Cluster Subnet and Security Group mutability.
• api-change:iam: Add the partitional endpoint for IAM in iso-f.
• api-change:migrationhub-config: This release introduces DeleteHomeRegionControl API that customers can use to delete the Migration Hub Home Region configuration
• api-change:migrationhubstrategy: This release introduces multi-data-source feature in Migration Hub Strategy Recommendations. This feature now supports vCenter as a data source to fetch inventory in addition to ADS and Import from file workflow that is currently supported with MHSR collector.
• api-change:opensearchserverless: This release includes the following new APIs: CreateLifecyclePolicy, UpdateLifecyclePolicy, BatchGetLifecyclePolicy, DeleteLifecyclePolicy, ListLifecyclePolicies and BatchGetEffectiveLifecyclePolicy to support the data lifecycle management feature.

v1.29.69

Compare Source

=======

• api-change:marketplacecommerceanalytics: The StartSupportDataExport operation has been deprecated as part of the Product Support Connection deprecation. As of December 2022, Product Support Connection is no longer supported.
• api-change:networkmanager: This release adds API support for Tunnel-less Connect (NoEncap Protocol) for AWS Cloud WAN
• api-change:redshift-serverless: This release adds support for customers to see the patch version and workgroup version in Amazon Redshift Serverless.
• api-change:rekognition: Amazon Rekognition introduces StartMediaAnalysisJob, GetMediaAnalysisJob, an...

v2.7.1

🧰 Included Tools

Update AWS CLI packages @renovate (#883)

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
awscli (source, changelog)	==1.29.63 -> ==1.29.68
boto3	==1.28.63 -> ==1.28.68

---

Release Notes

aws/aws-cli (awscli)

v1.29.68

Compare Source

=======

• api-change:appconfig: Update KmsKeyIdentifier constraints to support AWS KMS multi-Region keys.
• api-change:appintegrations: Updated ScheduleConfig to be an optional input to CreateDataIntegration to support event driven downloading of files from sources such as Amazon s3 using Amazon Connect AppIntegrations.
• api-change:connect: This release adds support for updating phone number metadata, such as phone number description.
• api-change:discovery: This release introduces three new APIs: StartBatchDeleteConfigurationTask, DescribeBatchDeleteConfigurationTask, and BatchDeleteAgents.
• api-change:medical-imaging: Updates on documentation links
• api-change:ssm: This release introduces a new API: DeleteOpsItem. This allows deletion of an OpsItem.

v1.29.67

Compare Source

=======

• api-change:ec2: Amazon EC2 C7a instances, powered by 4th generation AMD EPYC processors, are ideal for high performance, compute-intensive workloads such as high performance computing. Amazon EC2 R7i instances are next-generation memory optimized and powered by custom 4th Generation Intel Xeon Scalable processors.
• api-change:managedblockchain-query: This release adds support for Ethereum Sepolia network
• api-change:neptunedata: Doc changes to add IAM action mappings for the data actions.
• api-change:omics: This change enables customers to retrieve failure reasons with detailed status messages for their failed runs
• api-change:opensearch: Added Cluster Administrative options for node restart, opensearch process restart and opensearch dashboard restart for Multi-AZ without standby domains
• api-change:quicksight: This release adds the following: 1) Trino and Starburst Database Connectors 2) Custom total for tables and pivot tables 3) Enable restricted folders 4) Add rolling dates for time equality filters 5) Refine DataPathValue and introduce DataPathType 6) Add SeriesType to ReferenceLineDataConfiguration
• api-change:secretsmanager: Documentation updates for Secrets Manager
• api-change:servicecatalog: Introduce support for EXTERNAL product and provisioning artifact type in CreateProduct and CreateProvisioningArtifact APIs.
• api-change:verifiedpermissions: Improving Amazon Verified Permissions Create experience
• api-change:workspaces: Documentation updates for WorkSpaces

v1.29.66

Compare Source

=======

• api-change:cloud9: Update to imageId parameter behavior and dates updated.
• api-change:dynamodb: Updating descriptions for several APIs.
• api-change:kendra: Changes for a new feature in Amazon Kendra's Query API to Collapse/Expand query results
• api-change:rds: This release adds support for upgrading the storage file system configuration on the DB instance using a blue/green deployment or a read replica.
• api-change:wisdom: This release adds an max limit of 25 recommendation ids for NotifyRecommendationsReceived API.

v1.29.65

Compare Source

=======

• api-change:codepipeline: Add retryMode ALL_ACTIONS to RetryStageExecution API that retries a failed stage starting from first action in the stage
• api-change:discovery: This release introduces three new APIs: StartBatchDeleteConfigurationTask, DescribeBatchDeleteConfigurationTask, and BatchDeleteAgents.
• api-change:ecs: Documentation only updates to address Amazon ECS tickets.
• api-change:globalaccelerator: Fixed error where ListCustomRoutingEndpointGroups did not have a paginator
• api-change:guardduty: Add domainWithSuffix finding field to dnsRequestAction
• api-change:kafka: AWS Managed Streaming for Kafka is launching MSK Replicator, a new feature that enables customers to reliably replicate data across Amazon MSK clusters in same or different AWS regions. You can now use SDK to create, list, describe, delete, update, and manage tags of MSK Replicators.
• api-change:route53-recovery-cluster: Adds Owner field to ListRoutingControls API.
• api-change:route53-recovery-control-config: Adds permissions for GetResourcePolicy to support returning details about AWS Resource Access Manager resource policies for shared resources.

v1.29.64

Compare Source

=======

• api-change:cloudformation: SDK and documentation updates for UpdateReplacePolicy
• api-change:drs: Updated exsiting API to allow AWS Elastic Disaster Recovery support of launching recovery into existing EC2 instances.
• api-change:entityresolution: This launch expands our matching techniques to include provider-based matching to help customer match, link, and enhance records with minimal data movement. With data service providers, we have removed the need for customers to build bespoke integrations,.
• api-change:managedblockchain-query: This release introduces two new APIs: GetAssetContract and ListAssetContracts. This release also adds support for Bitcoin Testnet.
• api-change:mediapackagev2: This release allows customers to manage MediaPackage v2 resource using CloudFormation.
• api-change:opensearch: This release allows customers to list and associate optional plugin packages with compatible Amazon OpenSearch Service clusters for enhanced functionality.
• api-change:redshift-serverless: Added support for managing credentials of serverless namespace admin using AWS Secrets Manager.
• api-change:redshift: Added support for managing credentials of provisioned cluster admin using AWS Secrets Manager.
• api-change:sesv2: This release provides enhanced visibility into your SES identity verification status. This will offer you more actionable insights, enabling you to promptly address any verification-related issues.
• api-change:transfer: Documentation updates for AWS Transfer Family
• api-change:xray: This releases enhances GetTraceSummaries API to support new TimeRangeType Service to query trace summaries by segment end time.

boto/boto3 (boto3)

v1.28.68

Compare Source

=======

• api-change:appconfig: [botocore] Update KmsKeyIdentifier constraints to support AWS KMS multi-Region keys.
• api-change:appintegrations: [botocore] Updated ScheduleConfig to be an optional input to CreateDataIntegration to support event driven downloading of files from sources such as Amazon s3 using Amazon Connect AppIntegrations.
• api-change:connect: [botocore] This release adds support for updating phone number metadata, such as phone number description.
• api-change:discovery: [botocore] This release introduces three new APIs: StartBatchDeleteConfigurationTask, DescribeBatchDeleteConfigurationTask, and BatchDeleteAgents.
• api-change:medical-imaging: [botocore] Updates on documentation links
• api-change:ssm: [botocore] This release introduces a new API: DeleteOpsItem. This allows deletion of an OpsItem.

v1.28.67

Compare Source

=======

• api-change:gamesparks: [botocore] The gamesparks client has been removed following the deprecation of the service.
• api-change:ec2: [botocore] Amazon EC2 C7a instances, powered by 4th generation AMD EPYC processors, are ideal for high performance, co...

v2.7.0

Update Debian to v11.8 @renovate (#881)

This PR contains the following updates:

Package	Type	Update	Change
debian	final	minor	11.7-slim -> 11.8-slim

---

🧰 Included Tools

Update AWS CLI packages @renovate (#882)

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
awscli (source, changelog)	==1.29.62 -> ==1.29.63
boto3	==1.28.62 -> ==1.28.63

---

Release Notes

aws/aws-cli (awscli)

v1.29.63

Compare Source

=======

• api-change:auditmanager: This release introduces a new limit to the awsAccounts parameter. When you create or update an assessment, there is now a limit of 200 AWS accounts that can be specified in the assessment scope.
• api-change:autoscaling: Update the NotificationMetadata field to only allow visible ascii characters. Add paginators to DescribeInstanceRefreshes, DescribeLoadBalancers, and DescribeLoadBalancerTargetGroups
• api-change:config: Add enums for resource types supported by Config
• api-change:controltower: Added new EnabledControl resource details to ListEnabledControls API and added new GetEnabledControl API.
• api-change:customer-profiles: Adds sensitive trait to various shapes in Customer Profiles Calculated Attribute API model.
• api-change:ec2: This release adds Ubuntu Pro as a supported platform for On-Demand Capacity Reservations and adds support for setting an Amazon Machine Image (AMI) to disabled state. Disabling the AMI makes it private if it was previously shared, and prevents new EC2 instance launches from it.
• api-change:elbv2: Update elbv2 command to latest version
• api-change:glue: Extending version control support to GitLab and Bitbucket from AWSGlue
• api-change:inspector2: Add MacOs ec2 platform support
• api-change:ivs-realtime: Update GetParticipant to return additional metadata.
• api-change:lambda: Adds support for Lambda functions to access Dual-Stack subnets over IPv6, via an opt-in flag in CreateFunction and UpdateFunctionConfiguration APIs
• api-change:location: This release adds endpoint updates for all AWS Location resource operations.
• api-change:machinelearning: This release marks Password field as sensitive
• api-change:pricing: Documentation updates for Price List
• api-change:rds: This release adds support for adding a dedicated log volume to open-source RDS instances.
• api-change:rekognition: Amazon Rekognition introduces support for Custom Moderation. This allows the enhancement of accuracy for detect moderation labels operations by creating custom adapters tuned on customer data.
• api-change:sagemaker: Amazon SageMaker Canvas adds KendraSettings and DirectDeploySettings support for CanvasAppSettings
• api-change:textract: This release adds 9 new APIs for adapter and adapter version management, 3 new APIs for tagging, and updates AnalyzeDocument and StartDocumentAnalysis API parameters for using adapters.
• api-change:transcribe: This release is to enable m4a format to customers
• api-change:workspaces: Updated the CreateWorkspaces action documentation to clarify that the PCoIP protocol is only available for Windows bundles.

boto/boto3 (boto3)

v1.28.63

Compare Source

=======

• api-change:auditmanager: [botocore] This release introduces a new limit to the awsAccounts parameter. When you create or update an assessment, there is now a limit of 200 AWS accounts that can be specified in the assessment scope.
• api-change:autoscaling: [botocore] Update the NotificationMetadata field to only allow visible ascii characters. Add paginators to DescribeInstanceRefreshes, DescribeLoadBalancers, and DescribeLoadBalancerTargetGroups
• api-change:config: [botocore] Add enums for resource types supported by Config
• api-change:controltower: [botocore] Added new EnabledControl resource details to ListEnabledControls API and added new GetEnabledControl API.
• api-change:customer-profiles: [botocore] Adds sensitive trait to various shapes in Customer Profiles Calculated Attribute API model.
• api-change:ec2: [botocore] This release adds Ubuntu Pro as a supported platform for On-Demand Capacity Reservations and adds support for setting an Amazon Machine Image (AMI) to disabled state. Disabling the AMI makes it private if it was previously shared, and prevents new EC2 instance launches from it.
• api-change:elbv2: [botocore] Update elbv2 client to latest version
• api-change:glue: [botocore] Extending version control support to GitLab and Bitbucket from AWSGlue
• api-change:inspector2: [botocore] Add MacOs ec2 platform support
• api-change:ivs-realtime: [botocore] Update GetParticipant to return additional metadata.
• api-change:lambda: [botocore] Adds support for Lambda functions to access Dual-Stack subnets over IPv6, via an opt-in flag in CreateFunction and UpdateFunctionConfiguration APIs
• api-change:location: [botocore] This release adds endpoint updates for all AWS Location resource operations.
• api-change:machinelearning: [botocore] This release marks Password field as sensitive
• api-change:pricing: [botocore] Documentation updates for Price List
• api-change:rds: [botocore] This release adds support for adding a dedicated log volume to open-source RDS instances.
• api-change:rekognition: [botocore] Amazon Rekognition introduces support for Custom Moderation. This allows the enhancement of accuracy for detect moderation labels operations by creating custom adapters tuned on customer data.
• api-change:sagemaker: [botocore] Amazon SageMaker Canvas adds KendraSettings and DirectDeploySettings support for CanvasAppSettings
• api-change:textract: [botocore] This release adds 9 new APIs for adapter and adapter version management, 3 new APIs for tagging, and updates AnalyzeDocument and StartDocumentAnalysis API parameters for using adapters.
• api-change:transcribe: [botocore] This release is to enable m4a format to customers
• api-change:workspaces: [botocore] Updated the CreateWorkspaces action documentation to clarify that the PCoIP protocol is only available for Windows bundles.

---

v2.6.0

Update alpine Docker tag to v3.18.4 @renovate (#879)

This PR contains the following updates:

Package	Type	Update	Change
alpine	final	patch	3.18.3 -> 3.18.4
alpine	stage	patch	3.18.3 -> 3.18.4

---

🧰 Included Tools

Update AWS CLI packages @renovate (#875)

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
awscli (source, changelog)	==1.29.30 -> ==1.29.62
boto3	==1.28.30 -> ==1.28.62

---

Update dependency crudini to v0.9.5 @renovate (#880)

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
crudini	==0.9.4 -> ==0.9.5

---

Release Notes

pixelb/crudini (crudini)

v0.9.5

Compare Source

• Support converting whole ini file to shell syntax
• Support getting/setting multiple items per invocation
• Support indented ini files

---

Update dependency cryptography to v41.0.4 [SECURITY] @renovate (#878)

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
cryptography (changelog)	==41.0.3 -> ==41.0.4

GitHub Vulnerability Alerts

GHSA-v8gr-m533-ghj9

pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 2.5-41.0.3 are vulnerable to several security issues. More details about the vulnerabilities themselves can be found in https://www.openssl.org/news/secadv/20230908.txt.

If you are building cryptography source ("sdist") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.

---

Release Notes

pyca/cryptography (cryptography)

v41.0.4

Compare Source

---

v2.5.1

🧰 Included Tools

Update AWS CLI packages @renovate (#874)

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
awscli (source, changelog)	==1.29.25 -> ==1.29.30
boto3	==1.28.25 -> ==1.28.30

---

Release Notes

aws/aws-cli (awscli)

v1.29.30

Compare Source

=======

• api-change:codecommit: Add new ListFileCommitHistory operation to retrieve commits which introduced changes to a specific file.
• api-change:securityhub: Added Inspector Lambda code Vulnerability section to ASFF, including GeneratorDetails, EpssScore, ExploitAvailable, and CodeVulnerabilities.

v1.29.29

Compare Source

=======

• api-change:ec2: Adds support for SubnetConfigurations to allow users to select their own IPv4 and IPv6 addresses for Interface VPC endpoints
• api-change:gamelift: Amazon GameLift updates its instance types support.

v1.29.28

Compare Source

=======

• api-change:cloudwatch: Update cloudwatch command to latest version
• api-change:lexv2-models: Update lexv2-models command to latest version

v1.29.27

Compare Source

=======

• api-change:chime-sdk-meetings: Updated API documentation to include additional exceptions.
• api-change:ec2: Documentation updates for Elastic Compute Cloud (EC2).
• api-change:glue: AWS Glue Crawlers can now accept SerDe overrides from a custom csv classifier. The two SerDe options are LazySimpleSerDe and OpenCSVSerDe. In case, the user wants crawler to do the selection, "None" can be selected for this purpose.
• api-change:pi: AWS Performance Insights for Amazon RDS is launching Performance Analysis On Demand, a new feature that allows you to analyze database performance metrics and find out the performance issues. You can now use SDK to create, list, get, delete, and manage tags of performance analysis reports.
• api-change:route53domains: Provide explanation if CheckDomainTransferability return false. Provide requestId if a request is already submitted. Add sensitive protection for customer information
• api-change:sagemaker: SageMaker Inference Recommender now provides SupportedResponseMIMETypes from DescribeInferenceRecommendationsJob response

v1.29.26

Compare Source

=======

• api-change:mediapackage: Fix SDK logging of certain fields.
• api-change:omics: This release provides support for annotation store versioning and cross account sharing for Omics Analytics
• api-change:transfer: Documentation updates for AWS Transfer Family

boto/boto3 (boto3)

v1.28.30

Compare Source

=======

• api-change:codecommit: [botocore] Add new ListFileCommitHistory operation to retrieve commits which introduced changes to a specific file.
• api-change:securityhub: [botocore] Added Inspector Lambda code Vulnerability section to ASFF, including GeneratorDetails, EpssScore, ExploitAvailable, and CodeVulnerabilities.

v1.28.29

Compare Source

=======

• api-change:ec2: [botocore] Adds support for SubnetConfigurations to allow users to select their own IPv4 and IPv6 addresses for Interface VPC endpoints
• api-change:gamelift: [botocore] Amazon GameLift updates its instance types support.

v1.28.28

Compare Source

=======

• api-change:cloudwatch: [botocore] Update cloudwatch client to latest version
• api-change:lexv2-models: [botocore] Update lexv2-models client to latest version

v1.28.27

Compare Source

=======

• enhancement:Python: Added provisional Python 3.12 support to Boto3
• enhancement:Python: [botocore] Added provisional Python 3.12 support to Botocore
• api-change:chime-sdk-meetings: [botocore] Updated API documentation to include additional exceptions.
• api-change:ec2: [botocore] Documentation updates for Elastic Compute Cloud (EC2).
• api-change:glue: [botocore] AWS Glue Crawlers can now accept SerDe overrides from a custom csv classifier. The two SerDe options are LazySimpleSerDe and OpenCSVSerDe. In case, the user wants crawler to do the selection, "None" can be selected for this purpose.
• api-change:pi: [botocore] AWS Performance Insights for Amazon RDS is launching Performance Analysis On Demand, a new feature that allows you to analyze database performance metrics and find out the performance issues. You can now use SDK to create, list, get, delete, and manage tags of performance analysis reports.
• api-change:route53domains: [botocore] Provide explanation if CheckDomainTransferability return false. Provide requestId if a request is already submitted. Add sensitive protection for customer information
• api-change:sagemaker: [botocore] SageMaker Inference Recommender now provides SupportedResponseMIMETypes from DescribeInferenceRecommendationsJob response

v1.28.26

Compare Source

=======

• api-change:mediapackage: [botocore] Fix SDK logging of certain fields.
• api-change:omics: [botocore] This release provides support for annotation store versioning and cross account sharing for Omics Analytics
• api-change:transfer: [botocore] Documentation updates for AWS Transfer Family

---

v2.5.0 update `set-cluster` and `eks-update-kubeconfig` commands

🚀 Enhancements

Update eks-update-kubeconfig for tenant and aws-teams support @Nuru (#873)

what

• Update eks-update-kubeconfig (and, indirectly, set-cluster) to support Tenants and new aws-teams configuration

why

• Improved compatibility with current Cloud Posse reference architecture

usage and other support notes

The Geodesic set-cluster and eks-update-kubeconfig commands are helpers that are intended to make it easier to configure EKS cluster access for people using the Cloud Posse reference architecture. While admittedly brittle and somewhat complex, please keep in mind they are completely optional shortcuts that you are in no way forced to use if you do not like them. They are simply shortcuts to manage multiple KUBECONFIG files and build the full command, which you can use directly:

aws --profile <profile in cluster's account> --region <cluster region> eks update-kubeconfig --name=<cluster name>

The full set-cluster command is

set-cluster <cluster short name> <role short name>

The cluster short name is [tenant-]environment-stage which expands to namespace-[tenant-]-environment-stage-eks-cluster. If your cluster name does not follow this pattern, you can set a new pattern with EKS_CLUSTER_NAME_PATTERN but it is admittedly unwieldy.

The role short name is something like "admin" or "terraform" and is expected to be the suffix to an AWS config profile prefix of namespace-[tenant-]-gbl-stage-. So, for example, with NAMESPACE=eg and a Tenant named core:

set-cluster core-use1-dev developer

Would set up the eg-core-use1-dev-eks-cluster to be accessed by the eg-core-gbl-dev-developer profile.

The previous default role name is whatever role name you currently had. Now that we encourage aws-teams to use managers and devops as team names, this is no longer appropriate. The new default role name is admin, but this can be changed via the environment variable EKS_DEFAULT_AWS_ROLE.

Users using "tenant" labels can set a default Tenant value via export TENANT.

Other configuration is possible via environment variables; see the source at

• rootfs/usr/local/bin/eks-update-kubeconfig
• rootfs/etc/profile.d/set-cluster.sh

roadmap and other support notes

The Geodesic set-cluster and eks-update-kubeconfig are helper functions that are intended to make it easier to configure EKS cluster access for people using the Cloud Posse reference architecture. They do so by making a lot of assumptions about the name of the cluster, the structure of the name of the cluster, the name of available AWS "profiles", and the desired profile to use. This update is an interim update to better support recent changes in the Cloud Posse reference architecture.

These commands will never be fully general purpose. If you are not following Cloud Posse conventions, or even if you are but are using blue/green deployments, these commands may not work for you. Cloud Posse is NOT committed to making them more broadly usable. You can use them as starting points for your own shortcuts.