v2.1.1

🏗️ Build/Release Maintenance

Publish "latest" image to Docker hub @Nuru (#842)

what & why

Since Geodesic v1.8.0 we have published Docker images to public.ecr.aws/cloudposse/geodesic as well as Docker hub cloudposse/geodesic. However, due to a bug in our script, the latest tag was only being pushed to public.ecr.aws and Docker hub latest was stuck at 1.7.0-alpine.

When Geodesic v2.0.0 was released, we started tagging the Debian image as latest instead of the Alpine image, but due to the above bug, that only affected the public.ecr.aws repo, not the Docker hub rep. With this release, we restore updates of the latest tag to Docker hub, and consequently shift latest from Alpine to Debian there, too.

references

• #825

v2.1.0

🚀 Enhancements

• Install stubs for tools missing arm64 support @Nuru (#841)
  • Note that in Geodesic 2.0.0 the amd64version of goofys was installed in the arm64 Debian image. In this version, it is replaced with a stub explaining it is not supported on arm64.
  • Tools that were removed from Geodesic 2.0.0 for lack of multi-architecture support have been restored in the amd64 builds, and replaced with stubs in the arm64 build. The stubs help to explain why scripts depending on those tools might fail, but it interferes with using command -v to see if the tools are installed. In a future release we will probably remove all the tools and stubs, and the scripts that depend on them,, but invite community feedback in our Slack channel.

🧰 Included Tools

• Update AWS CLI packages @renovate (#838)
• Update dependency cryptography to v40 @renovate (#839)
• Update alpine Docker tag to v3.17.3 @renovate (#840)

🧰 Included Tools (details)

Update AWS CLI packages @renovate (#838)

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
awscli (source, changelog)	==1.27.92 -> ==1.27.100
boto3	==1.26.92 -> ==1.26.100

---

Release Notes

aws/aws-cli

v1.27.100

Compare Source

========

• api-change:athena: Enforces a minimal level of encryption for the workgroup for query and calculation results that are written to Amazon S3. When enabled, workgroup users can set encryption only to the minimum level set by the administrator or higher when they submit queries.
• api-change:chime-sdk-voice: Documentation updates for Amazon Chime SDK Voice.
• api-change:connect: This release introduces support for RelatedContactId in the StartChatContact API. Interactive message and interactive message response have been added to the list of supported message content types for this API as well.
• api-change:connectparticipant: This release provides an update to the SendMessage API to handle interactive message response content-types.
• api-change:iotwireless: Introducing new APIs that enable Sidewalk devices to communicate with AWS IoT Core through Sidewalk gateways. This will empower AWS customers to connect Sidewalk devices with other AWS IoT Services, creating possibilities for seamless integration and advanced device management.
• api-change:medialive: AWS Elemental MediaLive now supports ID3 tag insertion for audio only HLS output groups. AWS Elemental Link devices now support tagging.
• api-change:sagemaker: Fixed some improperly rendered links in SDK documentation.
• api-change:securityhub: Added new resource detail objects to ASFF, including resources for AwsEksCluster, AWSS3Bucket, AwsEc2RouteTable and AwsEC2Instance.
• api-change:servicecatalog-appregistry: In this release, we started supporting ARN in applicationSpecifier and attributeGroupSpecifier. GetAttributeGroup, ListAttributeGroups and ListAttributeGroupsForApplication APIs will now have CreatedBy field in the response.
• api-change:voice-id: Amazon Connect Voice ID now supports multiple fraudster watchlists. Every domain has a default watchlist where all existing fraudsters are placed by default. Custom watchlists may now be created, managed, and evaluated against for known fraudster detection.

v1.27.99

Compare Source

=======

• api-change:cloudwatch: Update cloudwatch command to latest version
• api-change:comprehend: This release adds a new field (FlywheelArn) to the EntitiesDetectionJobProperties object. The FlywheelArn field is returned in the DescribeEntitiesDetectionJob and ListEntitiesDetectionJobs responses when the EntitiesDetection job is started with a FlywheelArn instead of an EntityRecognizerArn .
• api-change:rds: Added error code CreateCustomDBEngineVersionFault for when the create custom engine version for Custom engines fails.

v1.27.98

Compare Source

=======

• enhancement:eks: Add user-alias argument to update-kubeconfig command. Implements #&#8203;5164 <https://github.com/aws/aws-cli/issues/5164>__
• api-change:batch: This feature allows Batch to support configuration of ephemeral storage size for jobs running on FARGATE
• api-change:chime-sdk-identity: AppInstanceBots can be used to add a bot powered by Amazon Lex to chat channels. ExpirationSettings provides automatic resource deletion for AppInstanceUsers.
• api-change:chime-sdk-media-pipelines: This release adds Amazon Chime SDK call analytics. Call analytics include voice analytics, which provides speaker search and voice tone analysis. These capabilities can be used with Amazon Transcribe and Transcribe Call Analytics to generate machine-learning-powered insights from real-time audio.
• api-change:chime-sdk-messaging: ExpirationSettings provides automatic resource deletion for Channels.
• api-change:chime-sdk-voice: This release adds Amazon Chime SDK call analytics. Call analytics include voice analytics, which provides speaker search and voice tone analysis. These capabilities can be used with Amazon Transcribe and Transcribe Call Analytics to generate machine-learning-powered insights from real-time audio.
• api-change:codeartifact: Repository CreationTime is added to the CreateRepository and ListRepositories API responses.
• api-change:guardduty: Adds AutoEnableOrganizationMembers attribute to DescribeOrganizationConfiguration and UpdateOrganizationConfiguration APIs.
• api-change:ivs-realtime: Initial release of the Amazon Interactive Video Service RealTime API.
• api-change:mediaconvert: AWS Elemental MediaConvert SDK now supports passthrough of ID3v2 tags for audio inputs to audio-only HLS outputs.
• api-change:sagemaker: Amazon SageMaker Autopilot adds two new APIs - CreateAutoMLJobV2 and DescribeAutoMLJobV2. Amazon SageMaker Notebook Instances now supports the ml.geospatial.interactive instance type.
• api-change:servicediscovery: Reverted the throttling exception RequestLimitExceeded for AWS Cloud Map APIs introduced in SDK version 1.12.424 2023-03-09 to previous exception specified in the ErrorCode.
• api-change:textract: The AnalyzeDocument - Tables feature adds support for new elements in the API: table titles, footers, section titles, summary cells/tables, and table type.

v1.27.97

Compare Source

=======

• api-change:iam: Documentation updates for AWS Identity and Access Management (IAM).
• api-change:iottwinmaker: This release adds support of adding metadata when creating a new scene or updating an existing scene.
• api-change:networkmanager: This release includes an update to create-transit-gateway-route-table-attachment, showing example usage for TransitGatewayRouteTableArn.
• api-change:pipes: This release improves validation on the ARNs in the API model
• api-change:resiliencehub: This release provides customers with the ability to import resources from within an EKS cluster and assess the resiliency of EKS cluster workloads.
• api-change:ssm: This Patch Manager release supports creating, updating, and deleting Patch Baselines for AmazonLinux2023, AlmaLinux.

v1.27.96

Compare Source

=======

• api-change:chime-sdk-messaging: Amazon Chime SDK messaging customers can now manage streaming configuration for messaging data for archival and analysis.
• api-change:cleanrooms: GA Release of AWS Clean Rooms, Added Tagging Functionality
• api-change:ec2: This release adds support for AWS Network Firewall, AWS PrivateLink, and Gateway Load Balancers t...

v2.0.0 Breaking changes, Apple M1 support

🚀 Enhancements

Initial support for ARM @Nuru (#837)

Breaking changes (building)

In addition to the changes listed below, this release may bring unexpected breaking changes, ironically due to support for ARM.

Geodesic now must be built with BuildKit. Failing to use BuildKit will generate errors due to ARG TARGETARCH being undefined (it is pre-defined by BuildKit and should not be added on the command line).

BuildKit is installed and used by default by Docker Desktop. For Docker on Linux, recommended options are:

1. Enable BuildKit on Linux temporarily by adding to Makefile:

export DOCKER_BUILDKIT := 1

2. Ensure your Linux installation has BuildKit enabled by configuration by adding

{
  "features": {
    "buildkit" : true
  }
}

to /etc/docker/daemon.json (and restarting the daemon).

Previously, if you built a Docker image based on Geodesic on an ARM machine like an Apple M1, because Geodesic was only available in linux/amd64 architecture, your build would have been forced into linux/amd64 architecture and your installations, whether from apt-get or other sources, would have had to have been the same linux/amd64 architecture to work. (The build and run of the resulting Docker image would have been run under emulation.) Now, if you are building on an Apple M1 or M2, you will get the Geodesic linux/arm64 architecture (using native, not emulated code for build and execution, with potentially huge performance benefits), and the rest of your Dockerfile will need to be updated to install architecture-specific packages, some of which may not exist. You will need to decide if you want to go on without them or rather stick to linux/amd64 emulation to retain them.

Furthermore, if you built and pushed a Geodesic image in the past, you would always get a single architecture (linux/amd64) image. Now, if you are not careful, you may overwrite that with a linux/arm64 image, causing slowdowns for people using your image on Intel/AMD/X86_64 hardware. If you want to support both architectures in a shared image, you will need to use Docker buildx to generate a multi-platform image.

If you want to avoid all this, you can convert your FROM statement in your Dockerfile from

FROM cloudposse/geodesic:2.0.0-debian

to

FROM --platform=linux/amd64 cloudposse/geodesic:2.0.0-debian

For more information on multi-platform (a.k.a. multi-architecture) builds, see:

• Multi-platform images
• Faster multi-platform builds

Breaking changes (using)

If you have been using Geodesic to run Terraform code on your host machine (Cloud Posses current standard operating procedure), and are caching providers locally (default Terraform behavior), and you switch to using the new architecture, your Terraform lock files will be a problem, because they will only have checksums for the linux_amd64 platform. You can delete the lock files, or update them with terraform providers lock -platform=linux_arm64. If you want to check in your lock files, then no matter which architecture your host is, be sure to have the lock files include both architectures, by running

terraform providers lock -platform=linux_arm64 -platform=linux_amd64 

what

• Enhance Debian version of Geodesic to run on arm64 as well as amd64 architecture
• Make cloudposse/geodesic:latest image Debian instead of Alpine. NOTE: due to a bug, fixed in Geodesic 2.1.1, the latest tag was only being updated in the public.ecr.aws repo, not the Docker Hub repo, so docker pull cloudposse/geodesic:latest was stuck at pulling geodesic:1.7.0-alpine until being switched to geodesic:2.1.1-debian with the v2.1.1 release.
• Remove binaries that are not available on arm64 or are just outdated:
  • kops
  • awless
  • cfssl
  • rakkess
  • tfenv
  • tfmask
• Remove init-terraform script meant to be used with obsolete direnv/tfenv configuration
• Copy python from "official" pre-built docker images rather than compiling it ourselves
• Update Python 3.10.8 -> 3.10.10
• Update Google Cloud SDK 410.0.0 -> 422.0.0 (breaking changes)
• Update Helm-git 0.14.0 -> 0.15.1

why

• Provide native code support for Apple and Gravitron hardware

notes

This is our initial support of arm64 and can be expected to have some bugs to shake out.

We are only supporting arm64 on Debian at this time. We will not support it on Alpine. Will consider supporting CentOS (or its successor) if we have sufficient demand.

Geodesic relies heavily on Cloud Posse's packages distribution, and it has not yet been updated to automatically generate arm64 packages. As a result, for most packages, only the latest version is available in arm64. We have historical versions of atmos, kubectl, and terraform published. If you need historical versions of other packages, you can request them by opening an issue in packages, but please consider either staying on amd64 or updating to the latest version of the binary instead. Please also give us a few weeks to get arm64 packages automated.

references

• Supersedes and closes #805
• Closes #719

v1.9.1

🧰 Included Tools

Update dependency cryptography to v39.0.2 @renovate (#835)

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
cryptography (changelog)	==39.0.1 -> ==39.0.2

---

Release Notes

pyca/cryptography

v39.0.2

Compare Source

---

Update AWS CLI packages @renovate (#836)

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
awscli (source, changelog)	==1.27.88 -> ==1.27.92
boto3	==1.26.88 -> ==1.26.92

---

Release Notes

aws/aws-cli

v1.27.92

Compare Source

=======

• api-change:migrationhubstrategy: This release adds the binary analysis that analyzes IIS application DLLs on Windows and Java applications on Linux to provide anti-pattern report without configuring access to the source code.
• api-change:s3control: Added support for S3 Object Lambda aliases.
• api-change:securitylake: Make Create/Get/ListSubscribers APIs return resource share ARN and name so they can be used to validate the RAM resource share to accept. GetDatalake can be used to track status of UpdateDatalake and DeleteDatalake requests.

v1.27.91

Compare Source

=======

• api-change:application-autoscaling: Application Auto Scaling customers can now use mathematical functions to customize the metric used with Target Tracking policies within the policy configuration itself, saving the cost and effort of publishing the customizations as a separate metric.
• api-change:dataexchange: This release enables data providers to license direct access to S3 objects encrypted with Customer Managed Keys (CMK) in AWS KMS through AWS Data Exchange. Subscribers can use these keys to decrypt, then use the encrypted S3 objects shared with them, without creating or managing copies.
• api-change:directconnect: describe-direct-connect-gateway-associations includes a new status, updating, indicating that the association is currently in-process of updating.
• api-change:ec2: This release adds a new DnsOptions key (PrivateDnsOnlyForInboundResolverEndpoint) to CreateVpcEndpoint and ModifyVpcEndpoint APIs.
• api-change:iam: Documentation only updates to correct customer-reported issues
• api-change:keyspaces: Adding support for client-side timestamps

v1.27.90

Compare Source

=======

• bugfix:codeartifact login: Prevent AWS CodeArtifact login command from hanging unexpectedly.
• api-change:appintegrations: Adds FileConfiguration to Amazon AppIntegrations CreateDataIntegration supporting scheduled downloading of third party files into Amazon Connect from sources such as Microsoft SharePoint.
• api-change:lakeformation: This release updates the documentation regarding Get/Update DataCellsFilter
• api-change:s3control: Added support for cross-account Multi-Region Access Points. Added support for S3 Replication for S3 on Outposts.
• api-change:tnb: This release adds tagging support to the following Network Instance APIs : Instantiate, Update, Terminate.
• api-change:wisdom: This release extends Wisdom CreateKnowledgeBase API to support SharePoint connector type by removing the @​required trait for objectField

v1.27.89

Compare Source

=======

• api-change:ivschat: This release adds a new exception returned when calling AWS IVS chat UpdateLoggingConfiguration. Now UpdateLoggingConfiguration can return ConflictException when invalid updates are made in sequence to Logging Configurations.
• api-change:secretsmanager: The type definitions of SecretString and SecretBinary now have a minimum length of 1 in the model to match the exception thrown when you pass in empty values.

boto/boto3

v1.26.92

Compare Source

=======

• api-change:migrationhubstrategy: [botocore] This release adds the binary analysis that analyzes IIS application DLLs on Windows and Java applications on Linux to provide anti-pattern report without configuring access to the source code.
• api-change:s3control: [botocore] Added support for S3 Object Lambda aliases.
• api-change:securitylake: [botocore] Make Create/Get/ListSubscribers APIs return resource share ARN and name so they can be used to validate the RAM resource share to accept. GetDatalake can be used to track status of UpdateDatalake and DeleteDatalake requests.

v1.26.91

Compare Source

=======

• api-change:application-autoscaling: [botocore] Application Auto Scaling customers can now use mathematical functions to customize the metric used with Target Tracking policies within the policy configuration itself, saving the cost and effort of publishing the customizations as a separate metric.
• api-change:dataexchange: [botocore] This release enables data providers to license direct access to S3 objects encrypted with Customer Managed Keys (CMK) in AWS KMS through AWS Data Exchange. Subscribers can use these keys to decrypt, then use the encrypted S3 objects shared with them, without creating or managing copies.
• api-change:directconnect: [botocore] describe-direct-connect-gateway-associations includes a new status, updating, indicating that the association is currently in-process of updating.
• api-change:ec2: [botocore] This release adds a new DnsOptions key (PrivateDnsOnlyForInboundResolverEndpoint) to CreateVpcEndpoint and ModifyVpcEndpoint APIs.
• api-change:iam: [botocore] Documentation only updates to correct customer-reported issues
• api-change:keyspaces: [botocore] Adding support for client-side timestamps

v1.26.90

Compare Source

=======

• api-change:appintegrations: [botocore] Adds FileConfiguration to Amazon AppIntegrations CreateDataIntegration supporting scheduled downloading of third party files into Amazon Connect from sources such as Microsoft SharePoint.
• api-change:lakeformation: [botocore] This release updates the documentation regarding Get/Update DataCellsFilter
• api-change:s3control: [botocore] Added support for cross-account Multi-Region Access Points. Added support for S3 Replication for S3 on Outposts.
• api-change:tnb: [botocore] This release adds tagging support to the following Network Instance APIs : Instantiate, Update, Terminate.
• api-change:wisdom: [botocore] This release extends Wisdom CreateKnowledgeBase API to support SharePoint connector...

v1.9.0 Update Alpine v3.17.1 -> v3.17.2

Update Alpine v3.17.1 -> v3.17.2 @renovate (#833)

This PR contains the following updates:

Package	Type	Update	Change
alpine	final	patch	3.17.1 -> 3.17.2
alpine	stage	patch	3.17.1 -> 3.17.2

---

v1.8.1 includes security patches

🧰 Included Tools

Update dependency cryptography to v39.0.1 [SECURITY] @renovate (#832)

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
cryptography (changelog)	==39.0.0 -> ==39.0.1

GitHub Vulnerability Alerts

CVE-2023-23931

Previously, Cipher.update_into would accept Python objects which implement the buffer protocol, but provide only immutable buffers:

>>> outbuf = b"\x00" * 32
>>> c = ciphers.Cipher(AES(b"\x00" * 32), modes.ECB()).encryptor()
>>> c.update_into(b"\x00" * 16, outbuf)
16
>>> outbuf
b'\xdc\x95\xc0x\xa2@​\x89\x89\xadH\xa2\x14\x92\x84 \x87\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'

This would allow immutable objects (such as bytes) to be mutated, thus violating fundamental rules of Python. This is a soundness bug -- it allows programmers to misuse an API, it cannot be exploited by attacker controlled data alone.

This now correctly raises an exception.

This issue has been present since update_into was originally introduced in cryptography 1.8.

CVE-2023-0286

pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 0.8.1-39.0.0 are vulnerable to a security issue. More details about the vulnerabilities themselves can be found in https://www.openssl.org/news/secadv/20221213.txt and https://www.openssl.org/news/secadv/20230207.txt.

If you are building cryptography source ("sdist") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.

---

Release Notes

pyca/cryptography

v39.0.1

Compare Source

---

Update AWS CLI packages @renovate (#829)

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
awscli (source, changelog)	==1.27.55 -> ==1.27.88
boto3	==1.26.55 -> ==1.26.88

---

Release Notes

aws/aws-cli

v1.27.88

Compare Source

=======

• api-change:codeartifact: This release introduces the generic package format, a mechanism for storing arbitrary binary assets. It also adds a new API, PublishPackageVersion, to allow for publishing generic packages.
• api-change:connect: This release adds a new API, GetMetricDataV2, which returns metric data for Amazon Connect.
• api-change:evidently: Updated entity override documentation
• api-change:networkmanager: This update provides example usage for TransitGatewayRouteTableArn.
• api-change:quicksight: This release has two changes: add state persistence feature for embedded dashboard and console in GenerateEmbedUrlForRegisteredUser API; add properties for hidden collapsed row dimensions in PivotTableOptions.
• api-change:redshift-data: Added support for Redshift Serverless workgroup-arn wherever the WorkgroupName parameter is available.
• api-change:sagemaker: Amazon SageMaker Inference now allows SSM access to customer's model container by setting the "EnableSSMAccess" parameter for a ProductionVariant in CreateEndpointConfig API.
• api-change:servicediscovery: Updated all AWS Cloud Map APIs to provide consistent throttling exception (RequestLimitExceeded)
• api-change:sesv2: This release introduces a new recommendation in Virtual Deliverability Manager Advisor, which detects missing or misconfigured Brand Indicator for Message Identification (BIMI) DNS records for customer sending identities.

v1.27.87

Compare Source

=======

• api-change:athena: A new field SubstatementType is added to GetQueryExecution API, so customers have an error free way to detect the query type and interpret the result.
• api-change:dynamodb: Adds deletion protection support to DynamoDB tables. Tables with deletion protection enabled cannot be deleted. Deletion protection is disabled by default, can be enabled via the CreateTable or UpdateTable APIs, and is visible in TableDescription. This setting is not replicated for Global Tables.
• api-change:ec2: Introducing Amazon EC2 C7g, M7g and R7g instances, powered by the latest generation AWS Graviton3 processors and deliver up to 25% better performance over Graviton2-based instances.
• api-change:lakeformation: This release adds two new API support "GetDataCellsFiler" and "UpdateDataCellsFilter", and also updates the corresponding documentation.
• api-change:mediapackage-vod: This release provides the date and time VOD resources were created.
• api-change:mediapackage: This release provides the date and time live resources were created.
• api-change:route53resolver: Add dual-stack and IPv6 support for Route 53 Resolver Endpoint,Add IPv6 target IP in Route 53 Resolver Forwarding Rule
• api-change:sagemaker: There needs to be a user identity to specify the SageMaker user who perform each action regarding the entity. However, these is a not a unified concept of user identity across SageMaker service that could be used today.

v1.27.86

Compare Source

=======

• bugfix:eks: Output JSON only for user entry in kubeconfig fixes #&#8203;7719 <https://github.com/aws/aws-cli/issues/7719>, fixes #&#8203;7723 <https://github.com/aws/aws-cli/issues/7723>, fixes #&#8203;7724 <https://github.com/aws/aws-cli/issues/7724>__
• api-change:dms: This release adds DMS Fleet Advisor Target Recommendation APIs and exposes functionality for DMS Fleet Advisor. It adds functionality to start Target Recommendation calculation.
• api-change:location: Documentation update for the release of 3 additional map styles for use with Open Data Maps: Open Data Standard Dark, Open Data Visualization Light & Open Data Visualization Dark.

v1.27.85

Compare Source

=======

• api-change:account: AWS Account alternate contact email addresses can now have a length of 254 characters and contain the character "|".
• api-change:ivs: Updated text description in DeleteChannel, Stream, and StreamSummary.

v1.27.84

Compare Source

=======

• api-change:dynamodb: Documentation updates for DynamoDB.
• api-change:ec2: This release adds support for a new boot mode for EC2 instances called 'UEFI Preferred'.
• api-change:macie2: Documentation updates for Amazon Macie
• api-change:mediaconvert: The AWS Elemental MediaConvert SDK has improved handling for different input and output color space combinations.
• api-change:medialive: AWS Elemental MediaLive adds support for Nielsen watermark ...

v1.8.0 Update Alpine v3.16.3 -> v3.17.1

Update alpine Docker tag to v3.17.1 @renovate (#817)

This PR contains the following updates:

Package	Type	Update	Change
alpine	final	minor	3.16.3 -> 3.17.1
alpine	stage	minor	3.16.3 -> 3.17.1

---

🧰 Included Tools

Update dependency cryptography to v39 @renovate (#828)

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
cryptography (changelog)	==38.0.4 -> ==39.0.0

---

Release Notes

pyca/cryptography

v39.0.0

Compare Source

---

Update AWS CLI packages @renovate (#824)

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
awscli (source, changelog)	==1.27.27 -> ==1.27.55
boto3	==1.26.27 -> ==1.26.55

---

Release Notes

aws/aws-cli

v1.27.55

Compare Source

=======

• enhancement:gamelift upload-build: Add --server-sdk-version parameter to the upload-build command
• api-change:lambda: Release Lambda RuntimeManagementConfig, enabling customers to better manage runtime updates to their Lambda functions. This release adds two new APIs, GetRuntimeManagementConfig and PutRuntimeManagementConfig, as well as support on existing Create/Get/Update function APIs.
• api-change:sagemaker: Amazon SageMaker Inference now supports P4de instance types.

v1.27.54

Compare Source

=======

• api-change:ec2: C6in, M6in, M6idn, R6in and R6idn instances are powered by 3rd Generation Intel Xeon Scalable processors (code named Ice Lake) with an all-core turbo frequency of 3.5 GHz.
• api-change:ivs: API and Doc update. Update to arns field in BatchGetStreamKey. Also updates to operations and structures.
• api-change:quicksight: This release adds support for data bars in QuickSight table and increases pivot table field well limit.

v1.27.53

Compare Source

=======

• api-change:appflow: Adding support for Salesforce Pardot connector in Amazon AppFlow.
• api-change:codeartifact: Documentation updates for CodeArtifact
• api-change:connect: Amazon Connect Chat introduces Persistent Chat, allowing customers to resume previous conversations with context and transcripts carried over from previous chats, eliminating the need to repeat themselves and allowing agents to provide personalized service with access to entire conversation history.
• api-change:connectparticipant: This release updates Amazon Connect Participant's GetTranscript api to provide transcripts of past chats on a persistent chat session.
• api-change:ec2: Adds SSM Parameter Resource Aliasing support to EC2 Launch Templates. Launch Templates can now store parameter aliases in place of AMI Resource IDs. CreateLaunchTemplateVersion and DescribeLaunchTemplateVersions now support a convenience flag, ResolveAlias, to return the resolved parameter value.
• api-change:glue: Release Glue Studio Hudi Data Lake Format for SDK/CLI
• api-change:groundstation: Add configurable prepass and postpass times for DataflowEndpointGroup. Add Waiter to allow customers to wait for a contact that was reserved through ReserveContact
• api-change:logs: Bug fix - Removed the regex pattern validation from CoralModel to avoid potential security issue.
• api-change:medialive: AWS Elemental MediaLive adds support for SCTE 35 preRollMilliSeconds.
• api-change:opensearch: This release adds the enhanced dry run option, that checks for validation errors that might occur when deploying configuration changes and provides a summary of these errors, if any. The feature will also indicate whether a blue/green deployment will be required to apply a change.
• api-change:panorama: Added AllowMajorVersionUpdate option to OTAJobConfig to make appliance software major version updates opt-in.
• api-change:sagemaker: HyperParameterTuningJobs now allow passing environment variables into the corresponding TrainingJobs

v1.27.52

Compare Source

=======

• api-change:cloudwatch: Update cloudwatch command to latest version
• api-change:efs: Update efs command to latest version
• api-change:ivschat: Updates the range for a Chat Room's maximumMessageRatePerSecond field.
• api-change:wafv2: Improved the visibility of the guidance for updating AWS WAF resources, such as web ACLs and rule groups.

v1.27.51

Compare Source

=======

• api-change:billingconductor: This release adds support for SKU Scope for pricing plans.
• api-change:cloud9: Added minimum value to AutomaticStopTimeMinutes parameter.
• api-change:imagebuilder: Add support for AWS Marketplace product IDs as input during CreateImageRecipe for the parent-image parameter. Add support for listing third-party components.
• api-change:network-firewall: Network Firewall now allows creation of dual stack endpoints, enabling inspection of IPv6 traffic.

v1.27.50

Compare Source

=======

• api-change:connect: This release updates the responses of UpdateContactFlowContent, UpdateContactFlowMetadata, UpdateContactFlowName and DeleteContactFlow API with empty responses.
• api-change:ec2: Documentation updates for EC2.
• api-change:outposts: This release adds POWER_30_KVA as an option for PowerDrawKva. PowerDrawKva is part of the RackPhysicalProperties structure in the CreateSite request.
• api-change:resource-groups: AWS Resource Groups customers can now turn on Group Lifecycle Events in their AWS account. When you turn this on, Resource Groups monitors your groups for changes to group state or membership. Those changes are sent to Amazon EventBridge as events that you can respond to using rules you create.

v1.27.49

Compare Source

=======

• api-change:cleanrooms: Initial release of AWS Clean Rooms
• api-change:lambda: Add support for MaximumConcurrency parameter for SQS event source. Customers can now limit the maximum concurrent invocations for their SQS Event Source Mapping.
• api-change:logs: Bug fix: logGroupName is now not a required field in GetLogEvents, FilterLogEvents, GetLogGroupFields, and DescribeLogStreams APIs as logGroupIdentifier can be provided instead
• api-change:mediaconvert: The AWS Elemental MediaConvert SDK has added support for compact DASH manifest generation, audio normalization usin...

v1.7.0 update Debian 11.5 -> 11.6

Update debian Docker tag to v11.6 @renovate (#826)

This PR contains the following updates:

Package	Type	Update	Change
debian	final	minor	11.5-slim -> 11.6-slim
debian	stage	minor	11.5-slim -> 11.6-slim

---

🧰 Included Tools

Update dependency crudini to v0.9.4 @renovate (#827)

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
crudini	==0.9.3 -> ==0.9.4

---

Release Notes

pixelb/crudini

v0.9.4

Compare Source

Bug fixes

• Fix updating of flag only parameters so they
  don't have '=' or '=crudini_no_arg' added added on update.

• Handle closed stdin/stdout gracefully, without giving errors.

Improvements

• Windows support.

• Windows line endings are maintained.

• Lists can be delimited with arbitrary whitespace with --list-sep=.

• Support for unspaced "name=val" format with --ini-options=nospace.

• Avoid deprecation warnings about use of pipes module.

---

v1.6.0 Remove obsolete `boto` Python library

🧰 Included Tools

Remove obsolete `boto` (replaced with `boto3`) @Nuru (#823)

what

• Remove obsolete boto (replaced with boto3)

why

• boto requires Python 2 and installs dependencies that require Python 2 but we no longer install Python 2 so boto is just extra broken cruft.

references

• Boto: PyPi GitHub
• Boto3 PyPi GitHub

v1.5.2

🧰 Included Tools

Update AWS CLI packages @renovate (#822)

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
awscli (source, changelog)	==1.27.16 -> ==1.27.27
boto3	==1.26.16 -> ==1.26.27

---

Release Notes

aws/aws-cli

v1.27.27

Compare Source

=======

• api-change:iotfleetwise: Deprecated assignedValue property for actuators and attributes. Added a message to invalid nodes and invalid decoder manifest exceptions.
• api-change:logs: Doc-only update for CloudWatch Logs, for Tagging Permissions clarifications
• api-change:medialive: Link devices now support buffer size (latency) configuration. A higher latency value means a longer delay in transmitting from the device to MediaLive, but improved resiliency. A lower latency value means a shorter delay, but less resiliency.
• api-change:mediapackage-vod: This release provides the approximate number of assets in a packaging group.

v1.27.26

Compare Source

=======

• api-change:autoscaling: Adds support for metric math for target tracking scaling policies, saving you the cost and effort of publishing a custom metric to CloudWatch. Also adds support for VPC Lattice by adding the Attach/Detach/DescribeTrafficSources APIs and a new health check type to the CreateAutoScalingGroup API.
• api-change:iottwinmaker: This release adds the following new features: 1) New APIs for managing a continuous sync of assets and asset models from AWS IoT SiteWise. 2) Support user friendly names for component types (ComponentTypeName) and properties (DisplayName).
• api-change:migrationhubstrategy: This release adds known application filtering, server selection for assessments, support for potential recommendations, and indications for configuration and assessment status. For more information, see the AWS Migration Hub documentation at https://docs.aws.amazon.com/migrationhub/index.html

v1.27.25

Compare Source

=======

• api-change:ce: This release adds the LinkedAccountName field to the GetAnomalies API response under RootCause
• api-change:cloudfront: Introducing UpdateDistributionWithStagingConfig that can be used to promote the staging configuration to the production.
• api-change:eks: Adds support for EKS add-ons configurationValues fields and DescribeAddonConfiguration function
• api-change:kms: Updated examples and exceptions for External Key Store (XKS).

v1.27.24

Compare Source

=======

• api-change:billingconductor: This release adds the Tiering Pricing Rule feature.
• api-change:connect: This release provides APIs that enable you to programmatically manage rules for Contact Lens conversational analytics and third party applications. For more information, see https://docs.aws.amazon.com/connect/latest/APIReference/rules-api.html
• api-change:dynamodb: Endpoint Ruleset update: Use http instead of https for the "local" region.
• api-change:dynamodbstreams: Update dynamodbstreams command to latest version
• api-change:rds: This release adds the BlueGreenDeploymentNotFoundFault to the AddTagsToResource, ListTagsForResource, and RemoveTagsFromResource operations.
• api-change:sagemaker-featurestore-runtime: For online + offline Feature Groups, added ability to target PutRecord and DeleteRecord actions to only online store, or only offline store. If target store parameter is not specified, actions will apply to both stores.

v1.27.23

Compare Source

=======

• bugfix:codeartifact login: Ignore always-auth errors for CodeArtifact login command; fixes #&#8203;7434 <https://github.com/aws/aws-cli/issues/7434>__
• api-change:ce: This release introduces two new APIs that offer a 1-click experience to refresh Savings Plans recommendations. The two APIs are StartSavingsPlansPurchaseRecommendationGeneration and ListSavingsPlansPurchaseRecommendationGeneration.
• api-change:ec2: Documentation updates for EC2.
• api-change:ivschat: Adds PendingVerification error type to messaging APIs to block the resource usage for accounts identified as being fraudulent.
• api-change:rds: This release adds the InvalidDBInstanceStateFault to the RestoreDBClusterFromSnapshot operation.
• api-change:transcribe: Amazon Transcribe now supports creating custom language models in the following languages: Japanese (ja-JP) and German (de-DE).

v1.27.22

Compare Source

=======

• api-change:appsync: Fixes the URI for the evaluatecode endpoint to include the /v1 prefix (ie. "/v1/dataplane-evaluatecode").
• api-change:ecs: Documentation updates for Amazon ECS
• api-change:fms: AWS Firewall Manager now supports Fortigate Cloud Native Firewall as a Service as a third-party policy type.
• api-change:mediaconvert: The AWS Elemental MediaConvert SDK has added support for configurable ID3 eMSG box attributes and the ability to signal them with InbandEventStream tags in DASH and CMAF outputs.
• api-change:medialive: Updates to Event Signaling and Management (ESAM) API and documentation.
• api-change:polly: Add language code for Finnish (fi-FI)
• api-change:proton: CreateEnvironmentAccountConnection RoleArn input is now optional
• api-change:redshift-serverless: Add Table Level Restore operations for Amazon Redshift Serverless. Add multi-port support for Amazon Redshift Serverless endpoints. Add Tagging support to Snapshots and Recovery Points in Amazon Redshift Serverless.
• api-change:sns: This release adds the message payload-filtering feature to the SNS Subscribe, SetSubscriptionAttributes, and GetSubscriptionAttributes API actions

v1.27.21

Compare Source

=======

• api-change:codecatalyst: This release adds operations that support customers using the AWS Toolkits and Amazon CodeCatalyst, a unified software development service that helps developers develop, deploy, and maintain applications in the cloud. For more information, see the documentation.
• api-change:comprehend: Comprehend now supports semi-structured documents (such as PDF files or image files) as inputs for custom analysis using the synchronous APIs (ClassifyDocument and DetectEntities).
• api-change:gamelift: GameLift introduces a new feature, GameLift Anywhere. GameLift Anywhere allows you to integrate your own compute resources with GameLift. You can also use GameLift Anywhere to iteratively test your game servers without uploading the build to GameLift for every iteration.
• api-change:pipes: AWS introduces new Amazon EventBridge Pipes which allow you to connect sources (SQS, Kinesis, DDB, Kafka, MQ) to Targets (14+ EventBridge Targets) without any code, with filtering, batching, input transformation, and an optional Enrichment stage (Lambda, StepFunctions, ApiGateway, ApiDestinations)
• api-change:stepfunctions: Update stepfunctions command to latest version

v1.27.20

Compare Source

=======

• api-change:accessanalyzer: This release adds support for S3 cross account access points. IAM Access Analyzer will now produce public or cross account findings when it detects bucket delegation to external account access points.
• api-change:athena: This release includes support for using Apache Spark in Amazon Athena.
• api-change:dataexchange: This release enables data providers to license direct access to data in thei...