v2.11.3

🚀 Enhancements

Fix colorized string in prompt @Nuru (#942)

what

• Fix colorized text added to prompt without delimiters for color codes by aws.sh

why

• Bash counts the characters in the prompt to manage viewing and editing command history. Non-printing characters must be delimited so they are not counted in the prompt text length.

Every Release

In every release, we update all unpinned packages to their latest packaged versions.

On a regular basis (roughly weekly), on Alpine only, we update the AWS CLI v1 and its dependencies to the latest versions. Debian does not have AWS CLI v1 installed, only v2.

These changes are not detailed here.

v2.11.2

🏗️ Build/Release Maintenance

PR & Release management maintenance @Nuru (#940)

what

• Install font needed by vhs-action in a separate step
• Label PRs that only affect the Alpine version as alpine-only
• Exclude Apline-only PRs from release notes
• Add a standard catchall to every release note

why

• Work around broken install-fonts in vhs-action
• Deprecate Alpine, focus release notes on Debian
• The AWS CLI v1 and boto3 release notes are huge and yet not very informative
• Packages are updated on every release, without those changes being documented, so let people know that

references

• charmbracelet/vhs-action#264

Every Release

In every release, we update all unpinned packages to their latest packaged versions.

On a regular basis (roughly weekly), on Alpine only, we update the AWS CLI v1 and its dependencies to the latest versions. Debian does not have AWS CLI v1 installed, only v2.

These changes are not detailed here.

v2.11.1

🚀 Enhancements

Dockerfile examples, Renovate config, color text bugfixes @Nuru (#939)

what

• Update Dockerfile examples
• Update Renovate config
• Update vhs-action GHA to v2
• Better support for non-terminals and monochrome terminals with respect to colorized output

why

• Closes #927
• Properly exclude Dockerfiles that should not be updated
• Update dependencies
• Resolve errors displayed when running VHS

🧰 Included Tools [Alpine only]

Update dependency cryptography to v42.0.7 @renovate (#938)

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
cryptography (changelog)	==42.0.6 -> ==42.0.7

---

Release Notes

pyca/cryptography (cryptography)

v42.0.7

Compare Source

---

v2.11.0 OpenTofu, Minor Breaking Changes

💥 Breaking Changes

OpenTofu

OK, not a breaking change, but we are excited about it:
we have made it easy to install OpenTofu into
Geodesic. At the command line or in your Dockerfile, just run:

Debian:

# We recommend pinning the version to ensure reproducibility
apt-get update && apt-get install tofu=1.6.2 

Alpine:

# At this point, it seems there is only one version of OpenTofu available
# for Alpine, and a new version would be in a different repository, and it
# might get in the way nof updating later, so we don't pin the version here.
apk update && apk add opentofu@opentofu

Google Cloud SDK no longer pre-installed

Previously we pre-installed the Google Cloud SDK in the base image. Recent
changes to the Google Cloud SDK have made it seem like there is no good
one-size-fits-all way to install it, and peopple who need it would be better
served by picking the version and extra packages they want and having control
over when they are upgraded. So we have removed the Google Cloud SDK from the
base image.

We have left the Google Cloud Package repository installed in Debian, so you
can install the Google Cloud CLI with:

apt-get update && apt-get install google-cloud-cli

For Alpine, we used to install the Google Cloud SDK like this, which may or may not work with the switch to Google Cloud CLI, but should give you a good starting point anyway:

Alpine Dockerfile installing Google Cloud SDK

FROM google/cloud-sdk:$GOOGLE_CLOUD_SDK_VERSION-alpine as google-cloud-sdk

FROM alpine:$ALPINE_VERSION
#...

#
# Install Google Cloud SDK
#
ENV CLOUDSDK_CONFIG=/localhost/.config/gcloud/

COPY --from=google-cloud-sdk /google-cloud-sdk/ /usr/local/google-cloud-sdk/

RUN ln -s /usr/local/google-cloud-sdk/completion.bash.inc /etc/bash_completion.d/gcloud.sh && \
    ln -s /usr/local/google-cloud-sdk/bin/gcloud /usr/local/bin/ && \
    ln -s /usr/local/google-cloud-sdk/bin/gsutil /usr/local/bin/ && \
    ln -s /usr/local/google-cloud-sdk/bin/bq /usr/local/bin/

On both Debian and Alpine, we used to set some configuration options for the
Google Cloud SDK. If you want to set these options, you can do so in your
Dockerfile like this:

# gcloud config writes successful status updates to stderr, but we want to preserve
# stderr for real errors in need of action.
RUN { gcloud config set core/disable_usage_reporting true --installation && \
      gcloud config set component_manager/disable_update_check true --installation && \
      gcloud config set metrics/environment github_docker_image --installation; } 2>&1

AWS CLI v1 and Python requirements removed [Debain only]

We have removed the AWS CLI v1 and its Python requirements (including boto3)
from the Debian Geodesic. CLI v2 has been the default for nearly 3 years, so
we expect this to impact few to no users. If you need the AWS CLI v1 on Debian,
you can install it with:

pip3 install awscli

On Alpine, we have never installed the AWS CLI v2, because it requires
glibc, and we continue to install AWS CLI v1 as before.

🚀 Enhancements

Update Dependencies, add OpenTofu package repo @Nuru (#936)

Breaking Changes

• Google Cloud SDK is no longer pre-installed. The Google Cloud Debian package repository is installed, so you can install it into Debian with apt-get.
• AWS CLI v1 is no longer installed in Debian. The CLI v2 has been the default for Debian Geodesic for almost 3 years, so this should impact many people, if any.
• Python dependencies of AWS CLI v2 (including boto3) are also no longer pre-installed on Debian.

what

All OSes

• Update repository default branch name master -> main
• Google Cloud SDK is no longer installed

Debian only

• Update Debian 12.4 -> 12.5
• Update Python 3.12.2 -> 2.12.3
• Add OpenTofu Debian package repository
• Pin kubectl package to Cloud Posse repository over Google Cloud SDK repository

Alpine only

• Update bindfs on Alpine 1.17.6 -> 1.17.7
• Install Alpine v3.19 community package repo as @opentofu

why

• Branch name: Conform to Cloud Posse and GitHub standards.
• The google-cloud-sdk package is deprecated in favor of google-cloud-cli and additional packages. For example, the current version of the Google Cloud CLI is 474.0.0, but the latest google-cloud-sdk package version is 467.0.0.
• Recent releases of Google Cloud SDK (474.0.0, 473.0.0, and 470.0.0) have had breaking changes, making it important that users have control over which version they use and when they change versions. There is no longer a single good choice of which version to install, so Cloud Posse does not want force one on anyone.
• Reduce size of distributed Docker image.
• Debian version, Debian Python version, Alpine BindFS version: Stay current.
• Enable OpenTofu to be installed easily:
  • On Debian: apt-get update && apt-get install tofu (or ... tofu=1.6.2)
  • On Alpine: apk update && apk add opentofu@opentofu
• Google Cloud SDK package repo has a package named kubectl that installs multiple versions of kubectl, causing excessive bloat. Cloud Posse's kubectl package installs only the latest version, sufficient for kubectl-auto-select to determine and install the correct version for your cluster. Cloud Posse provides kubectl-1.x packages which take advantage of the Debian Alternatives system to allow both versions to be present but automatically select the more specific package's version to be used by default, but this feature is not compatible with Google's package.

references

• OpenTofu
• Google Cloud SDK v473.0.0 Release Notes
• Google Cloud SDK v474.0.0 Release Notes
• Google Cloud Community post referencing deprecation of google-cloud-sdk

🧰 Included Tools [Alpine Only]

Update dependency cryptography to v42.0.6 @renovate (#937)

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
cryptography (changelog)	==42.0.5 -> ==42.0.6

---

Release Notes

pyca/cryptography (cryptography)

v42.0.6

Compare Source

---

Update AWS CLI packages @renovate (#935)

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
awscli (source, changelog)	==1.32.93 -> ==1.32.98
boto3	==1.34.93 -> ==1.34.98

---

Release Notes

aws/aws-cli (awscli)

[`v1.3...

v2.10.1

🚀 Enhancements

You can now run update-terminal-mode dark or update-terminal-mode light to force the dark/light mode setting if auto-detection does not work.

Dark mode caching fix @Nuru (#934)

what

• Fix caching of terminal escape codes
• Update update-terminal-mode command to allow forcing a mode
• rename internal update_terraform_prompt to _update_terraform_prompt

why

• Substantial performance improvement on every command line prompt
• Auto-detection is likely to be unavailable or wrong on some terminals
• Keep internal functions from showing up in command line completions

v2.10.0

🚀 Enhancements

Initial support for dark mode terminals @Nuru (#933)

notes

Dark mode

This release brings preliminary support for "dark mode" terminals, and a simplified option for a Terraform workspace prompt. If you find problems, please report them, but we expect the situation will at least be no worse than before.

Mainly, with respect to dark mode terminals, after setting a text color, we do not "revert" by setting the text to black, we now revert by setting foreground and background to terminal defaults.

Similarly, after setting text to bold, we no longer reset all graphics settings, we just unset bold. If this causes a problem in your terminal, you can revert the behavior by setting the environment variable TERM_BOLD_OFF=$(tput sgr0) inside Geodesic.

Terraform workspace in prompt

Geodesic has a legacy option for displaying the current Terraform workspace when in a directory with *.tf files. The prompts used to instruct you what to do if no workspace was selected, assuming you were using the old Cloud Posse tooling based on make and direnv. Those instructions have been removed, and you now have the option of just having the Terraform workspace displayed in the prompt.

Because all the prompt now does is indicate the current Terraform workspace, the environment variable GEODESIC_TERRAFORM_WORKSPACE_PROMPT_ENABLED is no longer used (assumed to be true). The Terraform information display in the prompt remains controlled by the GEODESIC_TF_PROMPT_ENABLED environment variable, which defaults to false.

what

• Initial support for "dark mode" terminals
• More generic Terraform workspace prompt, just shows active workspace
• Update scripts to keep them from polluting the environment with leftover variables

why

• In many cases, after setting a text color, Geodesic was "resetting" the text color by setting it to black. This fails in dark mode terminals, where the background is black and the text color should be changed to white instead.
• As a bonus, text that was previously yellow, which can be hard to read on light mode terminals, will now be rendered as magenta in light mode. Similarly, blue text (which Geodesic never used) will be rendered as cyan in dark mode, for improved visibility.
• Terraform's current workspace affects what Terraform does, but is not otherwise visible.
• Good hygiene, preemptively avoid conflicts.

v2.9.7

🧰 Included Tools

Update AWS CLI packages @renovate (#932)

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
awscli (source, changelog)	==1.32.79 -> ==1.32.93
boto3	==1.34.79 -> ==1.34.93

---

Release Notes

aws/aws-cli (awscli)

v1.32.93

Compare Source

=======

• api-change:codepipeline: Add ability to manually and automatically roll back a pipeline stage to a previously successful execution.
• api-change:cognito-idp: Add LimitExceededException to SignUp errors
• api-change:connectcampaigns: This release adds support for specifying if Answering Machine should wait for prompt sound.
• api-change:marketplace-entitlement: Releasing minor endpoint updates.
• api-change:oam: This release introduces support for Source Accounts to define which Metrics and Logs to share with the Monitoring Account
• api-change:rds: SupportsLimitlessDatabase field added to describe-db-engine-versions to indicate whether the DB engine version supports Aurora Limitless Database.
• api-change:support: Releasing minor endpoint updates.
• enhancement:dependency: Bump upper bound of colorama to <0.4.7; fixes #&#8203;7086 <https://github.com/aws/aws-cli/issues/7086>__

v1.32.92

Compare Source

=======

• api-change:appsync: UpdateGraphQLAPI documentation update and datasource introspection secret arn update
• api-change:fms: AWS Firewall Manager adds support for network ACL policies to manage Amazon Virtual Private Cloud (VPC) network access control lists (ACLs) for accounts in your organization.
• api-change:ivs: Bug Fix: IVS does not support arns with the svs prefix
• api-change:ivs-realtime: Bug Fix: IVS Real Time does not support ARNs using the svs prefix.
• api-change:rds: Updates Amazon RDS documentation for setting local time zones for RDS for Db2 DB instances.
• api-change:stepfunctions: Add new ValidateStateMachineDefinition operation, which performs syntax checking on the definition of a Amazon States Language (ASL) state machine.

v1.32.91

Compare Source

=======

• api-change:datasync: This change allows users to disable and enable the schedules associated with their tasks.
• api-change:ec2: Launching capability for customers to enable or disable automatic assignment of public IPv4 addresses to their network interface
• api-change:emr-containers: EMRonEKS Service support for SecurityConfiguration enforcement for Spark Jobs.
• api-change:entityresolution: Support Batch Unique IDs Deletion.
• api-change:gamelift: Amazon GameLift releases container fleets support for public preview. Deploy Linux-based containerized game server software for hosting on Amazon GameLift.
• api-change:ssm: Add SSM DescribeInstanceProperties API to public AWS SDK.

v1.32.90

Compare Source

=======

• api-change:bedrock: This release introduces Model Evaluation and Guardrails for Amazon Bedrock.
• api-change:bedrock-agent: Introducing the ability to create multiple data sources per knowledge base, specify S3 buckets as data sources from external accounts, and exposing levers to define the deletion behavior of the underlying vector store data.
• api-change:bedrock-agent-runtime: This release introduces zero-setup file upload support for the RetrieveAndGenerate API. This allows you to chat with your data without setting up a Knowledge Base.
• api-change:bedrock-runtime: This release introduces Guardrails for Amazon Bedrock.
• api-change:ce: Added additional metadata that might be applicable to your reservation recommendations.
• api-change:ec2: This release introduces EC2 AMI Deregistration Protection, a new AMI property that can be enabled by customers to protect an AMI against an unintended deregistration. This release also enables the AMI owners to view the AMI 'LastLaunchedTime' in DescribeImages API.
• api-change:pi: Clarifies how aggregation works for GetResourceMetrics in the Performance Insights API.
• api-change:rds: Fix the example ARN for ModifyActivityStreamRequest
• api-change:workspaces-web: Added InstanceType and MaxConcurrentSessions parameters on CreatePortal and UpdatePortal Operations as well as the ability to read Customer Managed Key & Additional Encryption Context parameters on supported resources (Portal, BrowserSettings, UserSettings, IPAccessSettings)

v1.32.89

Compare Source

=======

• api-change:bedrock-agent: Releasing the support for simplified configuration and return of control
• api-change:bedrock-agent-runtime: Releasing the support for simplified configuration and return of control
• api-change:payment-cryptography: Adding support to TR-31/TR-34 exports for optional headers, allowing customers to add additional metadata (such as key version and KSN) when exporting keys from the service.
• api-change:redshift-serverless: Updates description of schedule field for scheduled actions.
• api-change:route53profiles: Route 53 Profiles allows you to apply a central DNS configuration across many VPCs regardless of account.
• api-change:sagemaker: This release adds support for Real-Time Collaboration and Shared Space for JupyterLab App on SageMaker Studio.
• api-change:servicediscovery: This release adds examples to several Cloud Map actions.
• api-change:transfer: Adding new API to support remote directory listing using SFTP connector

v1.32.88

Compare Source

=======

• api-change:glue: Adding RowFilter in the response for GetUnfilteredTableMetadata API
• api-change:internetmonitor: This update introduces the GetInternetEvent and ListInternetEvents APIs, which provide access to internet events displayed on the Amazon CloudWatch Internet Weather Map.
• api-change:personalize: This releases auto training capability while creating a solution and automatically syncing latest solution versions when creating/updating a campaign

v1.32.87

Compare Source

=======

• api-change:drs: Outpost ARN added to Source Server and Recovery Instance
• api-change:emr-serverless: This release adds the capability to publish detailed Spark engine metrics to Amazon Managed Service for Prometheus (AMP) for enhanced monitoring for Spark jobs.
• api-change:guardduty: Added IPv6Address fields for local and remote IP addresses
• api-change:quicksight: This release adds support for the Cross Sheet Filter and Control features, and support for warnings in asset imports for any permitted errors encountered during execution
• api-change:rolesanywhere: This release introduces the PutAttributeMapping and DeleteAttributeMapping APIs. IAM Roles Anywhere now provides the capability to define a set of mapping rules, allowing customers to specify which data is extracted from their X.509 end-entity certificates.
• api-change:sagemaker: Removed deprecated enum values and updated API documentation.
• api-change:workspaces: Adds new APIs for managing and sharing WorkSpaces BYOL configuration across accounts.

v1.32.86

Compare Source

=======

• api-change:ec2: Documentation updates for Elastic Compute Cloud (EC2).
• api-change:qbusiness: This release adds support for IAM Identity Center (IDC) as the identity gateway for Q Business. It also allows users to provide an explicit intent for Q Business to identify ...

v2.9.6

🧰 Included Tools

Update AWS CLI packages @renovate (#931)

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
awscli (source, changelog)	==1.32.69 -> ==1.32.79
boto3	==1.34.69 -> ==1.34.79

---

Release Notes

aws/aws-cli (awscli)

v1.32.79

Compare Source

=======

• api-change:quicksight: Adding IAMIdentityCenterInstanceArn parameter to CreateAccountSubscription
• api-change:resource-groups: Added a new QueryErrorCode RESOURCE_TYPE_NOT_SUPPORTED that is returned by the ListGroupResources operation if the group query contains unsupported resource types.
• api-change:verifiedpermissions: Adding BatchIsAuthorizedWithToken API which supports multiple authorization requests against a PolicyStore given a bearer token.

v1.32.78

Compare Source

=======

• api-change:b2bi: Adding support for X12 5010 HIPAA EDI version and associated transaction sets.
• api-change:cleanrooms: Feature: New schemaStatusDetails field to the existing Schema object that displays a status on Schema API responses to show whether a schema is queryable or not. New BatchGetSchemaAnalysisRule API to retrieve multiple schemaAnalysisRules using a single API call.
• api-change:ec2: Amazon EC2 G6 instances powered by NVIDIA L4 Tensor Core GPUs can be used for a wide range of graphics-intensive and machine learning use cases. Gr6 instances also feature NVIDIA L4 GPUs and can be used for graphics workloads with higher memory requirements.
• api-change:emr-containers: This release adds support for integration with EKS AccessEntry APIs to enable automatic Cluster Access for EMR on EKS.
• api-change:ivs: API update to include an SRT ingest endpoint and passphrase for all channels.
• api-change:verifiedpermissions: Adds GroupConfiguration field to Identity Source API's

v1.32.77

Compare Source

=======

• api-change:cleanroomsml: The release includes a public SDK for AWS Clean Rooms ML APIs, making them globally available to developers worldwide.
• api-change:cloudformation: This release would return a new field - PolicyAction in cloudformation's existed DescribeChangeSetResponse, showing actions we are going to apply on the physical resource (e.g., Delete, Retain) according to the user's template
• api-change:datazone: This release supports the feature of dataQuality to enrich asset with dataQualityResult in Amazon DataZone.
• api-change:docdb: This release adds Global Cluster Switchover capability which enables you to change your global cluster's primary AWS Region, the region that serves writes, while preserving the replication between all regions in the global cluster.
• api-change:groundstation: This release adds visibilityStartTime and visibilityEndTime to DescribeContact and ListContacts responses.
• api-change:lambda: Add Ruby 3.3 (ruby3.3) support to AWS Lambda
• api-change:medialive: Cmaf Ingest outputs are now supported in Media Live
• api-change:medical-imaging: SearchImageSets API now supports following enhancements - Additional support for searching on UpdatedAt and SeriesInstanceUID - Support for searching existing filters between dates/times - Support for sorting the search result by Ascending/Descending - Additional parameters returned in the response
• api-change:transfer: Add ability to specify Security Policies for SFTP Connectors

v1.32.76

Compare Source

=======

• api-change:ecs: Documentation only update for Amazon ECS.
• api-change:glue: Adding View related fields to responses of read-only Table APIs.
• api-change:ivschat: Doc-only update. Changed "Resources" to "Key Concepts" in docs and updated text.
• api-change:rolesanywhere: This release increases the limit on the roleArns request parameter for the *Profile APIs that support it. This parameter can now take up to 250 role ARNs.
• api-change:securityhub: Documentation updates for AWS Security Hub

v1.32.75

Compare Source

=======

• api-change:cloudwatch: This release adds support for CloudWatch Anomaly Detection on cross-account metrics. SingleMetricAnomalyDetector and MetricDataQuery inputs to Anomaly Detection APIs now take an optional AccountId field.
• api-change:datazone: This release supports the feature of AI recommendations for descriptions to enrich the business data catalog in Amazon DataZone.
• api-change:deadline: AWS Deadline Cloud is a new fully managed service that helps customers set up, deploy, and scale rendering projects in minutes, so they can improve the efficiency of their rendering pipelines and take on more projects.
• api-change:emr: This release fixes a broken link in the documentation.
• api-change:lightsail: This release adds support to upgrade the TLS version of the distribution.

v1.32.74

Compare Source

=======

• api-change:b2bi: Supporting new EDI X12 transaction sets for X12 versions 4010, 4030, and 5010.
• api-change:codebuild: Add new fleet status code for Reserved Capacity.
• api-change:codeconnections: Duplicating the CodeStar Connections service into the new, rebranded AWS CodeConnections service.
• api-change:internetmonitor: This release adds support to allow customers to track cross account monitors through ListMonitor, GetMonitor, ListHealthEvents, GetHealthEvent, StartQuery APIs.
• api-change:iotwireless: Add support for retrieving key historical and live metrics for LoRaWAN devices and gateways
• api-change:marketplace-catalog: This release enhances the ListEntities API to support ResaleAuthorizationId filter and sort for OfferEntity in the request and the addition of a ResaleAuthorizationId field in the response of OfferSummary.
• api-change:neptune-graph: Add the new API Start-Import-Task for Amazon Neptune Analytics.
• api-change:sagemaker: This release adds support for custom images for the CodeEditor App on SageMaker Studio
• enhancement:s3: Add parameter to validate source and destination S3 URIs to the mv command.

v1.32.73

Compare Source

=======

• api-change:codecatalyst: This release adds support for understanding pending changes to subscriptions by including two new response parameters for the GetSubscription API for Amazon CodeCatalyst.
• api-change:compute-optimizer: This release enables AWS Compute Optimizer to analyze and generate recommendations with a new customization preference, Memory Utilization.
• api-change:ec2: Amazon EC2 C7gd, M7gd and R7gd metal instances with up to 3.8 TB of local NVMe-based SSD block-level storage have up to 45% improved real-time NVMe storage performance than comparable Graviton2-based instances.
• api-change:eks: Add multiple customer error code to handle customer caused failure when managing EKS node groups
• api-change:guardduty: Add EC2 support for GuardDuty Runtime Monitoring auto management.
• api-change:neptune-graph: Update ImportTaskCancelled waiter to evaluate task state correctly and minor documentation changes.
• api-change:oam: This release adds support for sharing AWS::InternetMonitor::Monitor resources.
• api-change:quicksight: Amazon QuickSight: Adds support for setting up VPC Endpoint restrictions for accessing QuickSight Website.

v1.32.72

Compare Source

=======

• api-change:batch: This feature allows AWS Batch to supp...

v2.9.5

🧰 Included Tools

Update AWS CLI packages @renovate (#930)

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
awscli (source, changelog)	==1.32.54 -> ==1.32.69
boto3	==1.34.54 -> ==1.34.69

---

Release Notes

aws/aws-cli (awscli)

v1.32.69

Compare Source

=======

• api-change:firehose: Updates Amazon Firehose documentation for message regarding Enforcing Tags IAM Policy.
• api-change:kendra: Documentation update, March 2024. Corrects some docs for Amazon Kendra.
• api-change:pricing: Add ResourceNotFoundException to ListPriceLists and GetPriceListFileUrl APIs
• api-change:rolesanywhere: This release relaxes constraints on the durationSeconds request parameter for the *Profile APIs that support it. This parameter can now take on values that go up to 43200.
• api-change:securityhub: Added new resource detail object to ASFF, including resource for LastKnownExploitAt

v1.32.68

Compare Source

=======

• api-change:codeartifact: This release adds Package groups to CodeArtifact so you can more conveniently configure package origin controls for multiple packages.

v1.32.67

Compare Source

=======

• api-change:accessanalyzer: This release adds support for policy validation and external access findings for DynamoDB tables and streams. IAM Access Analyzer helps you author functional and secure resource-based policies and identify cross-account access. Updated service API, documentation, and paginators.
• api-change:codebuild: This release adds support for new webhook events (RELEASED and PRERELEASED) and filter types (TAG_NAME and RELEASE_NAME).
• api-change:connect: This release updates the *InstanceStorageConfig APIs to support a new ResourceType: REAL_TIME_CONTACT_ANALYSIS_CHAT_SEGMENTS. Use this resource type to enable streaming for real-time analysis of chat contacts and to associate a Kinesis stream where real-time analysis chat segments will be published.
• api-change:dynamodb: This release introduces 3 new APIs ('GetResourcePolicy', 'PutResourcePolicy' and 'DeleteResourcePolicy') and modifies the existing 'CreateTable' API for the resource-based policy support. It also modifies several APIs to accept a 'TableArn' for the 'TableName' parameter.
• api-change:managedblockchain-query: AMB Query: update GetTransaction to include transactionId as input
• api-change:savingsplans: Introducing the Savings Plans Return feature enabling customers to return their Savings Plans within 7 days of purchase.

v1.32.66

Compare Source

=======

• api-change:cloudformation: Documentation update, March 2024. Corrects some formatting.
• api-change:ec2: This release adds the new DescribeMacHosts API operation for getting information about EC2 Mac Dedicated Hosts. Users can now see the latest macOS versions that their underlying Apple Mac can support without needing to be updated.
• api-change:finspace: Adding new attributes readWrite and onDemand to dataview models for Database Maintenance operations.
• api-change:logs: Update LogSamples field in Anomaly model to be a list of LogEvent
• api-change:managedblockchain-query: Introduces a new API for Amazon Managed Blockchain Query: ListFilteredTransactionEvents.

v1.32.65

Compare Source

=======

• api-change:cloudformation: This release supports for a new API ListStackSetAutoDeploymentTargets, which provider auto-deployment configuration as a describable resource. Customers can now view the specific combinations of regions and OUs that are being auto-deployed.
• api-change:kms: Adds the ability to use the default policy name by omitting the policyName parameter in calls to PutKeyPolicy and GetKeyPolicy
• api-change:mediatailor: This release adds support to allow customers to show different content within a channel depending on metadata associated with the viewer.
• api-change:rds: This release launches the ModifyIntegration API and support for data filtering for zero-ETL Integrations.
• api-change:s3: Fix two issues with response root node names.
• api-change:timestream-query: Documentation updates, March 2024

v1.32.64

Compare Source

=======

• api-change:backup: This release introduces a boolean attribute ManagedByAWSBackupOnly as part of ListRecoveryPointsByResource api to filter the recovery points based on ownership. This attribute can be used to filter out the recovery points protected by AWSBackup.
• api-change:codebuild: AWS CodeBuild now supports overflow behavior on Reserved Capacity.
• api-change:connect: This release adds Hierarchy based Access Control fields to Security Profile public APIs and adds support for UserAttributeFilter to SearchUsers API.
• api-change:ec2: Add media accelerator and neuron device information on the describe instance types API.
• api-change:kinesisanalyticsv2: Support for Flink 1.18 in Managed Service for Apache Flink
• api-change:s3: Documentation updates for Amazon S3.
• api-change:sagemaker: Adds m6i, m6id, m7i, c6i, c6id, c7i, r6i r6id, r7i, p5 instance type support to Sagemaker Notebook Instances and miscellaneous wording fixes for previous Sagemaker documentation.
• api-change:workspaces-thin-client: Removed unused parameter kmsKeyArn from UpdateDeviceRequest

v1.32.63

Compare Source

=======

• api-change:amplify: Documentation updates for Amplify. Identifies the APIs available only to apps created using Amplify Gen 1.
• api-change:ec2-instance-connect: This release includes a new exception type "SerialConsoleSessionUnsupportedException" for SendSerialConsoleSSHPublicKey API.
• api-change:elbv2: This release allows you to configure HTTP client keep-alive duration for communication between clients and Application Load Balancers.
• api-change:fis: This release adds support for previewing target resources before running a FIS experiment. It also adds resource ARNs for actions, experiments, and experiment templates to API responses.
• api-change:rds: Updates Amazon RDS documentation for EBCDIC collation for RDS for Db2.
• api-change:secretsmanager: Doc only update for Secrets Manager
• api-change:timestream-influxdb: This is the initial SDK release for Amazon Timestream for InfluxDB. Amazon Timestream for InfluxDB is a new time-series database engine that makes it easy for application developers and DevOps teams to run InfluxDB databases on AWS for near real-time time-series applications using open source APIs.

v1.32.62

Compare Source

=======

• api-change:ivs-realtime: adds support for multiple new composition layout configuration options (grid, pip)
• api-change:kinesisanalyticsv2: Support new RuntimeEnvironmentUpdate parameter within UpdateApplication API allowing callers to change the Flink version upon which their application runs.
• api-change:s3: This release makes the default option for S3 on Outposts request signing to use the SigV4A algorithm when using AWS Common Runtime (CRT).

v1.32.61

Compare Source

=======

• api-change:cloudformation: CloudFormation documentation update for March, 2024
• api-change:connect: This release increases MaxResults limit to ...

v2.9.4

🧰 Included Tools

Add rakkess to linux/arm64 in Debian @Nuru (#929)

what

• Add rakkess to linux/arm64 Debian build

why

• Previously we excluded rakkess from the arm64 build because there was no binary available and it was not considered that useful a tool. However, with AWS now supporting a new mechanism for access control for EKS clusters, it is newly useful in verifying access control given that it access can no longer be determined by simply looking at Kubernetes resources.

references

• https://docs.aws.amazon.com/eks/latest/userguide/access-entries.html
• https://github.com/corneliusweig/rakkess
• Some of the best documentation is in this issue comment