Update dependency awscli to v1.44.38 [SECURITY]#206
Open
renovate[bot] wants to merge 1 commit intomasterfrom
Open
Update dependency awscli to v1.44.38 [SECURITY]#206renovate[bot] wants to merge 1 commit intomasterfrom
renovate[bot] wants to merge 1 commit intomasterfrom
Conversation
renovate
bot
changed the title
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/pypi-awscli-vulnerability
branch
from
d84d69d to
dc7e2d1
Compare
renovate
bot
changed the title
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/pypi-awscli-vulnerability
branch
2 times, most recently
from
dc7e2d1 to
910ba36
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
==1.42.30→==1.44.38GitHub Vulnerability Alerts
GHSA-747p-wmpv-9c78
Summary
AWS CLI is a command line tool for interacting with AWS services. When the cli_history feature is enabled, the history database file is created with default permissions, potentially allowing other local users on a multi-user system to read the file.
Impact
When cli_history is enabled, AWS CLI stores command history including command parameters and API request/response data in a local SQLite database. On multi-user Unix systems, the default file permissions may allow other local users to read this file, potentially exposing sensitive information. This issue only affects users who have explicitly enabled cli_history, which is disabled by default.
Impacted versions: 1.13.0 - 1.44.37 (v1), 2.0.0 - 2.33.20 (v2)
Patches
This issue has been addressed in the latest versions 2.33.21 and 1.44.38 of AWS CLI. We recommend upgrading to the latest version and ensuring any forked or derivative code is patched to incorporate the new fixes.
Workarounds
Users can manually set restrictive permissions on the history database file. Alternatively, disable cli_history by removing
cli_history = enabledfrom the AWS config file.Resources
If there are any questions or comments about this advisory, contact AWS Security via the vulnerability reporting page or directly via email to [email protected]. Please do not create a public GitHub issue.
Severity
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LRelease Notes
aws/aws-cli (awscli)
v1.44.38Compare Source
=======
ec2: Launching nested virtualization. This feature allows you to run nested VMs inside virtual (non-bare metal) EC2 instances.v1.44.37Compare Source
=======
batch: Add support for listing jobs by share identifier and getting snapshots of active capacity utilization by job queue and share.ec2: R8i instances powered by custom Intel Xeon 6 processors available only on AWS with sustained all-core 3.9 GHz turbo frequencyeks: This release adds support for Windows Server 2025 in Amazon EKS Managed Node Groups.kafkaconnect: Support configurable upper limits on task count during autoscaling operations via maxAutoscalingTaskCount parameter.s3tables: S3 Tables now supports setting partition specifications and sort orders on tables. Partition specs allow users to define how data is organized using transform functions. Sort order configurations enable users to specify sort directions and null ordering preferences for optimized data layout.validate-logscommandv1.44.36Compare Source
=======
bedrock-agentcore: Added AgentCore browser proxy configuration support, allowing routing of browser traffic through HTTP and HTTPS proxy servers with authentication and bypass rules.connect: Amazon Connect now supports per-channel auto-accept and After Contact Work (ACW) timeouts. Configure agents with auto-accept and ACW timeout settings for chat, tasks, emails, and callbacks. Use the new UpdateUserConfig API to manage these settings.eks: Introducing an optional policy field, an IAM policy applied to pod identity associations in addition to IAM role policies. When specified, pod permissions are the intersection of IAM role policies and the policy field, ensuring the principle of least privilege.kafka: Amazon MSK adds three new APIs, CreateTopic, UpdateTopic, and DeleteTopic for managing Kafka topics in your MSK clusters.rds: This release adds backup configuration for RDS and Aurora restores, letting customers set backup retention period and preferred backup window during restore. It also enables viewing backup settings when describing snapshots or automated backups for instances and clusters.v1.44.35Compare Source
=======
connectcampaignsv2: Add the missing event type for WhatsAppec2: Amazon Secondary Networks is a networking feature that provides high-performance, low-latency connectivity for specialized workloads.eks: Amazon EKS adds a new DescribeUpdate update type, VendedLogsUpdate, to support an integration between EKS Auto Mode and Amazon CloudWatch Vended Logs.imagebuilder: EC2 Image Builder now supports wildcard patterns in lifecycle policies with recipes and enhances the experience of tag-scoped policies.lakeformation: Allow cross account v5 in put data lake settingsneptunedata: Added edgeOnlyLoad boolean parameter to Neptune bulk load request. When TRUE, files are loaded in order without scanning. When FALSE (default), the loader scans files first, then loads vertex files before edge files automatically.pcs: Introduces RESUMING state for clusters, compute node groups, and queues.transfer: This release adds a documentation update for MdnResponse of type "ASYNC"v1.44.34Compare Source
=======
bedrock-data-automation-runtime: Add OutputConfiguration to InvokeDataAutomation input and output to support S3 outputdeadline: Adds support for tagging jobs during job creationiot-managed-integrations: Adding support for Custom(General) Authorization in managed integrations for AWS IoT Device Management cloud connectors.partnercentral-selling: Releasing AWS Opportunity Snapshots for SDK release.sagemaker: Adding g7e instance support in Sagemaker Trainingv1.44.33Compare Source
=======
arc-region-switch: Updates documentation for ARC Region switch and provides stronger validation for Amazon Aurora Global Database execution block parameters.athena: Reduces the minimum TargetDpus to create or update capacity reservations from 24 to 4.bedrock-agentcore: Support Browser profile persistence (cookies and local storage) across sessions for AgentCore Browser.bedrock-agentcore-control: Support Browser profile persistence (cookies and local storage) across sessions for AgentCore Browser.glue: This release adds the capability to easily create custom AWS Glue connections to data sources with REST APIs.medialive: Outputs using the AV1 codec in CMAF Ingest output groups in MediaLive now have the ability to specify a target bit depth of 8 or 10.neptune-graph: Minor neptune-graph documentation changesram: Added ListSourceAssociations API. Allows RAM resource share owners to list source associations that determine which sources can access resources through service principal associations. Supports filtering by resource share ARN, source ID, source type, or status, with pagination.transfer: Adds support for the customer to send custom HTTP headers and configure an AS2 Connector to receive Asynchronous MDNs from their trading partnerworkspaces: Added support for 12 new graphics-optimized compute types - Graphics.g6 (xlarge, 2xlarge, 4xlarge, 8xlarge, 16xlarge), Graphics.gr6 (4xlarge, 8xlarge), Graphics.g6f (large, xlarge, 2xlarge, 4xlarge), and Graphics.gr6f (4xlarge).v1.44.32Compare Source
=======
bedrock-runtime: Added support for structured outputs to Converse and ConverseStream APIs.connectcases: Amazon Connect Cases now supports larger, multi-line text fields with up to 4,100 characters. Administrators can use the Admin UI to select the appropriate configuration (single-line or multi-line) on a per-field basis, improving case documentation capabilities.eks: Update delete cluster descriptionmedialive: AWS Elemental MediaLive now supports SRT listener mode for inputs and outputs, in addition to the existing SRT caller mode.redshift: We have increased the maximum duration for a deferred maintenance window from 45 days to 60 days for Amazon Redshift provisioned clusters. This enhancement provides customers with greater flexibility in scheduling patching and maintenance activities while also maintaining security compliance.workspaces-web: Support for configuring and managing custom domain names for WorkSpaces Secure Browser portals.v1.44.31Compare Source
=======
batch: AWS Batch Array Job Visibility feature support. Includes new statusSummaryLastUpdatedAt for array job parent DescribeJobs responses for the last time the statusSummary was updated. Includes both statusSummary and statusSummaryLastUpdatedAt in ListJobs responses for array job parents.dynamodb: This change supports the creation of multi-account global tables. It adds two new arguments to CreateTable, GlobalTableSourceArn and GlobalTableSettingsReplicationMode. DescribeTable is also updated to include information about GlobalTableSettingsReplicationMode.endpoint-rules: Update endpoint-rules command to latest versiongeo-maps: Added support for optional style parameters in maps, including 3D terrain and 3D Buildingskinesis: Adds StreamId parameter to AWS Kinesis Data Streams APIs that is reserved for future use.marketplace-catalog: Adds support for Catalog API us-east-1 dualstack endpoint catalog-marketplace.us-east-1.api.awsorganizations: Updated the CloseAccount description.sso-admin: Added new Region management APIs to support multi-Region replication in IAM Identity Center.v1.44.30Compare Source
=======
bedrock-agentcore-control: Adds tagging support for AgentCore Evaluations (evaluator and online evaluation config)cloudfront: Add OriginMTLS support to CloudFront Distribution APIsmpa: Updates to multi-party approval (MPA) service to add support for multi-factor authentication (MFA) for voting operations.v1.44.29Compare Source
=======
connect: This release adds Estimated Wait Time support to the GetContactMetrics API for Amazon Connect.quicksight: Improve SessionTag usage guidelines in the GenerateEmbedURLForAnonymousUser API documentation. Update the GetIdentityContext document with the region support context.v1.44.28Compare Source
=======
ec2: G7e instances feature up to 8 NVIDIA RTX PRO 6000 Blackwell Server Edition GPUs with 768 GB of memory and 5th generation Intel Xeon Scalable processors. Supporting up to 192 vCPUs, 1600 Gbps networking bandwidth with EFA, up to 2 TiB of system memory, and up to 15.2 TB of local NVMe SSD storage.gamelift: Amazon GameLift Servers now supports automatic scaling to and from zero instances based on game session activity. Fleets scale down to zero following a defined period of no game session activity and scale up from zero when game sessions are requested, providing an option for cost optimization.v1.44.27Compare Source
=======
cognito-idp: This release adds support for a new lambda trigger to transform federated user attributes during the authentication with external identity providers on Cognito Managed Login.connect: Adds support for filtering search results based on tags assigned to contacts.ec2: SearchTransitGatewayRoutes API response now includes a NextToken field, enabling pagination when retrieving large sets of transit gateway routes. Pass the returned NextToken value in subsequent requests to retrieve the next page of results.lambda: We are launching ESM Metrics and logging for Kafka ESM to allow customers to monitor Kafka event processing using CloudWatch Metrics and Logs.mediaconnect: This release adds support for NDI flow sources in AWS Elemental MediaConnect. You can now send content to your MediaConnect transport streams directly from your NDI environment using the new NDI source type. Also adds support for LARGE 4X flow size, which can be used when creating CDI JPEG-XS flows.mediaconvert: This release adds a follow source mode for audio output channel count, an AES audio frame wrapping option for MXF outputs, and an option to signal DolbyVision compatibility using the SUPPLEMENTAL-CODECS tag in HLS manifests.s3: Adds support for the UpdateObjectEncryption API to change the server-side encryption type of objects in general purpose buckets.s3control: Adds support for the UpdateObjectEncryption API to change the server-side encryption type of objects in general purpose buckets.v1.44.26Compare Source
=======
connect: Added support for task attachments. The StartTaskContact API now accepts file attachments, enabling customers to include files (.csv, .doc, .docx, .heic, .jfif, .jpeg, .jpg, .mov, .mp4, .pdf, .png, .ppt, .pptx, .rtf, .txt, etc.) when creating Task contacts. Supports up to 5 attachments per task.deadline: AWS Deadline Cloud now supports editing job names and descriptions after submission.ec2: Releasing new EC2 instances. C8gb and M8gb with highest EBS performance, M8gn with 600 Gbps network bandwidth, X8aedz and M8azn with 5GHz AMD processors, X8i with Intel Xeon 6 processors and up to 6TB memory, and Mac-m4max with Apple M4 Max chip for 25 percent faster builds.medialive: AWS Elemental MediaLive released two new features that allows customers 1) to set Output Timecode for AV1 encoder, 2) to set a Custom Epoch for CMAF Ingest and MediaPackage V2 output groups when using Pipeline Locking or Disabled Locking modes.sagemaker: Idle resource sharing enables teams to borrow unused compute resources in your SageMaker HyperPod cluster. This capability maximizes resource utilization by allowing teams to borrow idle compute capacity beyond their allocated compute quotas.gamelift: Add--tagsparameter toupload-buildcommand.v1.44.25Compare Source
=======
connectcases: Amazon Connect now enables you to use tag-based access controls to define who can access specific cases. You can associate tags with case templates and configure security profiles to determine which users can access cases with those tags.ec2: DescribeInstanceTypes API response now includes an additionalFlexibleNetworkInterfaces field, the number of interfaces attachable to an instance when using flexible Elastic Network Adapter (ENA) queues in addition to the base number specified by maximumNetworkInterfaces.evidently: Deprecate all Evidently API for AWS CloudWatch Evidently deprecationgroundstation: Adds support for AWS Ground Station Telemetry.v1.44.24Compare Source
=======
connect: Amazon Connect now offers public APIs to programmatically configure and run automated tests for contact center experiences. Integrate testing into CICD pipelines, run multiple tests at scale, and retrieve results via API to automate validation of voice interactions and workflows.datazone: Added api for deleting data export configuration for a domainqconnect: Fixes incorrect types in the UpdateAssistantAIAgent API request, adds MESSAGE to TargetType enum, and other minor changes.v1.44.23Compare Source
=======
autoscaling: This release adds support for Amazon EC2 Auto Scaling group deletion protectionbudgets: Add Budget FilterExpression and Metrics fields to DescribeBudgetPerformanceHistory to support more granular filtering options.dynamodb: Adds additional waiters to Amazon DynamoDB.ec2: Add better support for fractional GPU instances in DescribeInstanceTypes API. The new fields, logicalGpuCount, gpuPartitionSize, and workload array enable better GPU resource selection and filtering for both full and fractional GPU instance types.endpoint-rules: Update endpoint-rules command to latest versiongamelift: Amazon GameLift Servers Realtime now supports Node.js 24.x runtime on the Amazon Linux 2023 operating system.guardduty: Adding new enum value for ScanStatusReasonhealth: Updates the lower range for the maxResults request property for DescribeAffectedEntities, DescribeAffectedEntitiesForOrganization, DescribeEvents, and DescribeEventsForOrganization API request properties.meteringmarketplace: Customer Identifier parameter deprecation date has been removed. For new implementations, we recommend using the CustomerAWSAccountID. Your current integration will continue to work. When updating your implementation, consider migrating to CustomerAWSAccountID for improved integration.verifiedpermissions: Adding documentation to user guide and API documentation for how customers can create new encrypted policy stores by passing in their customer managed key during policy store creation.v1.44.22Compare Source
=======
bedrock-agentcore: Supports custom browser extensions for AgentCore Browser and increased message payloads up to 100KB per message in an Event for AgentCore Memoryconfig: AWS Config Conformance Packs now support tag-on-create through PutConformancePack API.ec2: Added support of multiple EBS cards. New EbsCardIndex parameter enables attaching volumes to specific EBS cards on supported instance types for improved storage performance.quicksight: Added documentation and model for sheet layout groups - allows sheet elements to be grouped, Added documentation and the feature enables admins to have granular control over connectors under actions, Updated API documentation for PDF Export in Snapshot Export APIsv1.44.21Compare Source
=======
autoscaling: This release adds support for three new filters when describing scaling activities, StartTimeLowerBound, StartTimeUpperBound, and Status.bedrock-runtime: Added support for extended prompt caching with one hour TTL.keyspaces: Adds support for managing table pre-warming in Amazon Keyspaces (for Apache Cassandra)odb: Adds support for associating and disassociating IAM roles with Autonomous VM cluster resources through the AssociateIamRoleToResource and DisassociateIamRoleFromResource APIs. The GetCloudAutonomousVmCluster and ListCloudAutonomousVmClusters API responses now include the iamRoles field.verifiedpermissions: Amazon Verified Permissions now supports encryption of resources by a customer managed KMS key. Customers can now create new encrypted policy stores by passing in their customer managed key during policy store creation.workspaces-instances: Added billing configuration support for WorkSpaces Instances with monthly and hourly billing modes, including new filtering capabilities for instance type searches.v1.44.20Compare Source
=======
connect: Adds support to allow customers to create form with Dispute configurationdatazone: This release adds support for numeric filtering and complex free-text searches cases for the Search and SearchListings APIs.glacier: Documentation updates for Amazon Glacier's maintenance modelaunch-wizard: Added UpdateDeployment, ListDeploymentPatternVersions and GetDeploymentPatternVersion APIs for Launch Wizardresource-explorer-2: Added ViewName to View-related responses and ServiceViewName to GetServiceView response.sagemaker: Adding security consideration comments for lcc accessing execution role under root accessv1.44.19Compare Source
=======
cleanrooms: This release adds support for parameters in PySpark analysis templates.deadline: AWS Deadline Cloud now supports tagging Budget resources with ABAC for permissions management and selecting up to 16 filter values in the monitor and Search API.ec2: This release includes documentation updates to support up to four Elastic Volume modifications per Amazon EBS volume within a rolling 24-hour period.ecs: Adds support for configuring FIPS in AWS GovCloud (US) Regions via a new ECS Capacity Provider field fipsEnabled. When enabled, instances launched by the capacity provider will use a FIPS-140 enabled AMI. Instances will use FIPS-140 compliant cryptographic modules and AWS FIPS endpoints.evs: A new GetVersions API has been added to retrieve VCF, ESX versions, and EC2 instances provided by Amazon EVS. The CreateEnvironment API now allows you to select a VCF version and the CreateEnvironmentHost API introduces a optional esxVersion parameter.lakeformation: API Changes for GTCForLocation feature. Includes a new API, GetTemporaryDataLocationCredentials and updates to the APIs RegisterResource and UpdateResourceopensearchserverless: Collection groups in Amazon OpenSearch Serverless enables to organize multiple collections and enable compute resource sharing across collections with different KMS keys. This shared compute model reduces costs by eliminating the need for separate OpenSearch Compute Units (OCUs) for each KMS key.qconnect: Fix inference configuration shapes for the CreateAIPrompt and UpdateAIPrompt APIs, Modify Text Length Limit for SendMessage APIv1.44.18Compare Source
=======
ce: Cost Categories added support to BillingView data filter expressions through the new costCategories parameter, enabling users to filter billing views by AWS Cost Categories for more granular cost management and allocation.connect: Amazon Connect makes it easier to manage contact center operating hours by enabling automated scheduling for recurring events like holidays and maintenance windows. Set up recurring patterns (weekly, monthly, etc.) or link to another hours of operation to inherit overrides.eks: Added support for BOTTLEROCKET NVIDIA FIPS AMIs to AMI types in US regions.rds: no feature changes. model migrated to Smithyredshift: Adds support for enabling extra compute resources for automatic optimization during create and modify operations in Amazon Redshift clusters.redshift-serverless: Adds support for enabling extra compute resources for automatic optimization during create and update operations in Amazon Redshift Serverless workgroups.socialmessaging: This release clarifies WhatsApp template operations as a resource-authenticated operation via the parent WhatsApp Business Account. It also introduces new parameters for parameter format, CTA URL link tracking, and template body examples, and increases the phone number ID length.v1.44.17Compare Source
=======
bedrock: This change will increase TestCase guardContent input size from 1024 to 2028 characters and PolicyBuildDocumentDescription from 2000 to 4000 charactersdatazone: Adds support for IAM role subscriptions to Glue table listings via CreateSubscriptionRequest API. Also adds owningIamPrincipalArn filter to List APIs and subscriptionGrantCreationMode parameter to subscription target APIs for controlling grant creation behavior.v1.44.16Compare Source
=======
billing: Cost Categories filtering support to BillingView data filter expressions through the new costCategories parameter, enabling users to filter billing views by AWS Cost Categories for more granular cost management and allocation.iot-managed-integrations: This release introduces WiFi Simple Setup (WSS) enabling device provisioning via barcode scanning with automated network discovery, authentication, and credential provisioning. Additionally, it introduces 2P Device Capability Rediscovery for updating hub-managed device capabilities post-onboarding.sagemaker: Added ultraServerType to the UltraServerInfo structure to support server type identification for SageMaker HyperPods3: Adds new parameter--case-conflictthat configures how case conflicts are handled on case-insensitive filesystemsv1.44.15Compare Source
=======
bedrock-agentcore-control: Adds optional field "view" to GetMemory API input to give customers control over whether CMK encrypted data such as strategy decryption or override prompts is returned or not.cloudfront: Added EntityLimitExceeded exception handling to the following API operations AssociateDistributionWebACL, AssociateDistributionTenantWebACL, UpdateDistributionWithStagingConfigglue: Adding MaterializedViews task run APIsmedialive: MediaPackage v2 output groups in MediaLive can now accept one additional destination for single pipeline channels and up to two additional destinations for standard channels. MediaPackage v2 destinations now support sending to cross region MediaPackage channels.transcribe: Adds waiters to Amazon Transcribe.v1.44.14Compare Source
=======
workspaces: Add StateMessage and ProgressPercentage fields to DescribeCustomWorkspaceImageImport API response.v1.44.13Compare Source
=======
ce: This release updates existing reservation recommendations API to support deployment model.emr-serverless: Added support for enabling disk encryption using customer managed AWS KMS keys to CreateApplication, UpdateApplication and StartJobRun APIs.v1.44.12Compare Source
=======
cleanroomsml: AWS Clean Rooms ML now supports advanced Spark configurations to optimize SQL performance when creating an MLInputChannel or an audience generation job.v1.44.11Compare Source
=======
s3: Reverts addition of--case-conflictfeature which caused a performance regression when copying from S3 to large local directoriesv1.44.10Compare Source
=======
cleanrooms: Added support for publishing detailed metrics to CloudWatch for operational monitoring of collaborations, including query performance and resource utilization.identitystore: This change introduces "Roles" attribute for User entities supported by AWS Identity Store SDK.v1.44.9Compare Source
======
connect: Adds support for searching global contacts using the ActiveRegions filter, and pagination support for ListSecurityProfileFlowModules and ListEntitySecurityProfiles.endpoint-rules: Update endpoint-rules command to latest versionkafkaconnect: This change sets the KafkaConnect GovCloud FIPS and FIPS DualStack endpoints to use kafkaconnect instead of kafkaconnect-fips as the service name. This is done to match the Kafka endpoints.v1.44.8Compare Source
======
connect: Changes for Contact for Global Searchquicksight: This release adds support for quick users to be able to perform role upgrades on their own. Additionally it allows admins to make this feature admin or auto approval along with new self upgrade capability that can be restricted by Admins.v1.44.7Compare Source
=======
bedrock: Amazon Bedrock Guardrails enforcement configuration APIs now support selective guarding controls for system prompts as well as user and assistant messages, along with SDK support for Amazon Bedrock resource policy APIs.bedrock-agent: Added strict parameter to ToolSpecification to allow users to enforce strict JSON schema adherence for tool input schemas.bedrock-agentcore-control: Documentation Update for Adds support for three-legged (Authorization Code grant type) OAuth along with predefined MCP tool schema configuration for Amazon Bedrock AgentCore gateway MCP server targets.imagebuilder: Updated pagination token validation for ListContainerRecipes API to support maximum size of 65K characterslightsail: Add support for tagging of Alarm resource typelogs: Added queryDuration, bytesScanned, and userIdentity fields to the QueryInfo response object returned by DescribeQueries. Customers can now view detailed query cost information including who ran the query, how long it took, and the volume of data scanned.medialive: AWS Elemental MediaLive released a new features that allows customers to use HLG 2020 as a color space for AV1 video codec.organizations: Updates close Account quota for member accounts in an Organization.payment-cryptography: Adds optional support to retrieve previously generated import and export tokens to simplify import and export functionsv1.44.6Compare Source
=======
appstream: Add support for URL Redirectionautoscaling: Adds support for new instance lifecycle states introduced by the instance lifecycle policy and replace root volume features.bedrock-agentcore: Adds Ground Truth support for AgentCore Evaluations (Evaluate)deadline: AWS Deadline Cloud now supports three new fleet auto scaling settings. With scale out rate, you can configure how quickly workers launch. With worker idle duration, you can set how long workers wait before shutting down. With standby worker count, you can keep idle workers ready for fast job start.devops-agent: AWS DevOps Agent General Availability.ecs: Adding Local Storage support for ECS Managed Instances by introducing a new field "localStorageConfiguration" for CreateCapacityProvider and UpdateCapacityProvider APIs.endpoint-rules: Update endpoint-rules command to latest versiongamelift: Update CreateScript API documentation.lakeformation: Add setSourceIdentity to DataLakeSettings Parameterslogs: Adds Lookup Tables to CloudWatch Logs for log enrichment using CSV key-value data with KMS encryption support.opensearch: Added Cluster Insights API's In OpenSearch Service SDK.partnercentral-account: KYB Supplemental Form enables partners who fail business verification to submit additional details and supporting documentation through a self-service form, triggering an automated re-verification without requiring manual intervention from support teams.sagemaker: Added support for placement strategy and consolidation for SageMaker inference component endpoints. Customers can now configure how inference component copies are distributed across instances and availability zones (AZs), and enable automatic consolidation to optimizes resource utilization.s3: Added support for opting out of Amazon S3 Express session authentication via the newAWS_S3_DISABLE_EXPRESS_SESSION_AUTHenvironment variable, or thes3_disable_express_session_authshared configuration setting.v1.44.5Compare Source
=======
bedrock: You can now generate policy scenarios on demand using the new GENERATE POLICY SCENARIOS build workflow type. Scenarios will no longer be automatically generated during INGEST CONTENT, REFINE POLICY, and IMPORT POLICY workflows, resulting in faster completion times for these operations.bedrock-agentcore: Provide support to perform deterministic operations on agent runtime through shell command executions via the new InvokeAgentRuntimeCommand APIbedrock-agentcore-control: Supporting hosting of public ECR Container Images in AgentCore Runtimeecs: Amazon ECS now supports configuring whether tags are propagated to the EC2 Instance Metadata Service (IMDS) for instances launched by the Managed Instances capacity provider. This gives customers control over tag visibility in IMDS when using ECS Managed Instances.v1.44.4Compare Source
=======
arc-region-switch: Post-Recovery Workflows enable customers to maintain comprehensive disaster recovery automation. This allows customer SREs and leadership to have complete recovery orchestration from failover through post-recovery preparation, ensuring Regions remain ready for subsequent recovery events.batch: This feature allows customers to specify the minimum time (in minutes) that AWS Batch keeps instances running in a compute environment after all jobs on the instance completebedrock: Added four new model lifecycle date fields, startOfLifeTime, endOfLifeTime, legacyTime, and publicExtendedAccessTime. Adds support for using the Converse API with Bedrock Batch inference jobs.cognito-idp: Cognito is introducing a two-secret rotation model for app clients, enabling seamless credential rotation without downtime. Dedicated APIs support passing in a custom secret. Custom secrets need to be at least 24 characters. This eliminates reconfiguration needs and reduces security risks.connect: Deprecate EvaluationReviewMetadata's CreatedBy and CreatedTime, add EvaluationReviewMetadata's RequestedBy and RequestedTimecustomer-profiles: This release introduces an optional SourcePriority parameter to the ProfileObjectType APIs, allowing you to control the precedence of object types when ingesting data from multiple sources. Additionally, WebAnalytics and Device have been added as new StandardIdentifier values.health: Updates the regex for validating availabilityZone strings used in the describe events filters.keyspacesstreams: Added support for Change Data Capture (CDC) streams with Duration DataType.odb: ODB Networking Route Management is a feature improvement which allows for implicit creation and deletion of EC2 Routes in the Peer Network Route Table designated by the customer via new optional input. This feature release is combined with Multiple App-VPC functionality for ODB Network Peering(s).ram: Resource owners can now specify ResourceShareConfiguration request parameter for CreateResourceShare API including RetainSharingOnAccountLeaveOrganization boolean parameterv1.44.3Compare Source
=======
cloudwatch: Adding new evaluation states that provides information about the alarm evaluation process. Evaluation error Indicates configuration errors in alarm setup that require review and correction. Evaluation failure Indicates temporary CloudWatch issues.connect: API release for headerr notifications in the admin website. APIs allow customers to publish brief messages (including URLs) to a specified audience, and a new header icon will indicate when unread messages are available.ec2: This release adds geography information to EC2 region and availability zone APIs. DescribeRegions now includes a Geography field, while DescribeAvailabilityZones includes both Geography and SubGeography fields, enabling better geographic classification for AWS regions and zones.inspector2: Added .Net 10 (dotnet10) and Node 24.x (node24.x) runtime support for lambda package scanningsagemaker: Enable g7e instance type support for SageMaker Processing, and enable single file configuration provisioning for HyperPod Slurm, where customers have the option to use HyperPod API to provide the provisioning parameters.v1.44.2Compare Source
=======
connect: This release adds Estimated Wait Time support to the GetContactMetrics API for Amazon Connect.quicksight: Improve SessionTag usage guidelines in the GenerateEmbedURLForAnonymousUser API documentation. Update the GetIdentityContext document with the region support context.v1.44.1Compare Source
=======
cleanrooms: This release adds support for parameters in PySpark analysis templates.deadline: AWS Deadline Cloud now supports tagging Budget resources with ABAC for permissions management and selecting up to 16 filter values in the monitor and Search API.ec2: This release includes documentation updates to support up to four Elastic Volume modifications per Amazon EBS volume within a rolling 24-hour period.ecs: Adds support for configuring FIPS in AWS GovCloud (US) Regions via a new ECS Capacity Provider field fipsEnabled. When enabled, instances launched by the capacity provider will use a FIPS-140 enabled AMI. Instances will use FIPS-140 compliant cryptographic modules and AWS FIPS endpoints.evs: A new GetVersions API has been added to retrieve VCF, ESX versions, and EC2 instances provided by Amazon EVS. The CreateEnvironment API now allows you to select a VCF version and the CreateEnvironmentHost API introduces a optional esxVersion parameter.lakeformation: API Changes for GTCForLocation feature. Includes a new API, GetTemporaryDataLocationCredentials and updates to the APIs RegisterResource and UpdateResourceopensearchserverless: Collection groups in Amazon OpenSearch Serverless enables to organize multiple collections and enable compute resource sharing across collections with different KMS keys. This shared compute model reduces costs by eliminating the need for separate OpenSearch Compute Units (OCUs) for each KMS key.qconnect: Fix inference configuration shapes for the CreateAIPrompt and UpdateAIPrompt APIs, Modify Text Length Limit for SendMessage APIv1.44.0Compare Source
======
bedrock-agentcore-control: This release updates broken links for AgentCore Policy APIs in the AWS CLI and SDK resources.connect: Amazon Connect now supports outbound WhatsApp contacts via the Send message block or StartOutboundChatContact API. Send proactive messages for surveys, reminders, and updates. Offer customers the option to switch to WhatsApp while in queue, eliminating hold time.ec2: EC2 Capacity Manager now supports SpotTotalCount, SpotTotalInterruptions and SpotInterruptionRate metrics for both vCPU and instance units.endpoint-rules: Update endpoint-rules command to latest versionentityresolution: Support Customer Profiles Integration for AWS Entity Resolutionglacier: Documentation updates for Amazon Glacier's maintenance modehealth: Updating Health API endpoint generation for dualstack only regionslogs: This release allows you to import your historical CloudTrail Lake data into CloudWatch with a few steps, enabling you to easily consolidate operational, security, and compliance data in one place.mediatailor: Added support for Ad Decision Server Configuration enabling HTTP POST requests with custom bodies, headers, GZIP compression, and dynamic variables. No changes required for existing GET request configurations.route53resolver: Adds support for enabling detailed metrics on Route 53 Resolver endpoints using RniEnhancedMetricsEnabled and TargetNameServerMetricsEnabled in the CreateResolverEndpoint and UpdateResolverEndpoint APIs, providing enhanced visibility into Resolver endpoint and target name server performance.s3: This release adds support for the new optional field 'LifecycleExpirationDate' in S3 Inventory configurations.service-quotas: Add support for SQ Dashboard Api--v2-debugflag andAWS_CLI_UPGRADE_DEBUG_MODEenvironment variable that detects breaking changes for AWS CLI v2 for entered commands.v1.43.15Compare Source
=======
bcm-recommended-actions: Added new freetier action types to RecommendedAction.type.connect: Amazon Connect now offers automated post-chat surveys triggered when customers end conversations. This captures timely feedback while experience is fresh, using either a no-code form builder or Amazon Lex-powered interactive surveys.datasync: Adds Enhanced mode support for NFS and SMB locations. SMB credentials are now managed via Secrets Manager, and may be encrypted with service or customer managed keys. Increases AgentArns maximum count to 8 (max 4 per TaskMode). Adds folder counters to DescribeTaskExecution for Enhanced mode tasks.workspaces-web: Adds support for portal branding customization, enabling administrators to personalize end-user portals with custom assets.v1.43.14Compare Source
=======
lambda: Add Dotnet 10 (dotnet10) support to AWS Lambda.organizations: Add support for policy operations on the NETWORK SECURITY DIRECTOR POLICY policy type.quicksight: This release adds new GetIdentityContext API, Dashboard customization options for tables and pivot tables, Visual styling options- borders and decals, map GeocodingPreferences, KeyPairCredentials for DataSourceCredentials. Snapshot APIs now support registered users. Parameters limit increased to 400secretsmanager: Add SortBy parameter to ListSecretssesv2: Update GetEmailIdentity and CreateEmailIdentity response to include SigningHostedZone in DkimAttributes. Updated PutEmailIdentityDkimSigningAttributes Response to include SigningHostedZone.v1.43.13Compare Source
=======
bedrock: Automated Reasoning checks in Amazon Bedrock Guardrails is capable of generating policy scenarios to validate policies. The GetAutomatedReasoningPolicyBuildWorkflowResultAssets API now adds POLICY SCENARIO asset type, allowing customers to retrieve scenarios generated by the build workflow.billingconductor: Launch itemized custom line item and service line item filtercloudwatch: This release introduces two additional protocols AWS JSON 1.1 and Smithy RPC v2 CBOR, replacing the currently utilized one, AWSQuery. AWS SDKs will prioritize the protocol that is the most performant for each language.odb: The following APIs now return CloudExadataInfrastructureArn and OdbNetworkArn fields for improved resource identification and AWS service integration - GetCloudVmCluster, ListCloudVmClusters, GetCloudAutonomousVmCluster, and ListCloudAutonomousVmClusters.opensearch: The CreateApplication API now supports an optional kms key arn parameter to allow customers to specify a CMK for application encryption.partnercentral-selling: Adds support for the new Project.AwsPartition field on Opportunity and AWS Opportunity Summary. Use this field to specify the AWS partition where the opportunity will be deployed.signer: Adds support for Signer GetRevocationStatus with updated endpointsv1.43.12Compare Source
=======
account: This release adds a new API (GetGovCloudAccountInformation) used to retrieve information about a linked GovCloud account from the standard AWS partition.appsync: Update Event API to require EventConfig parameter in creation and update requests.endpoint-rules: Update endpoint-rules command to latest versionguardduty: Adding support for Ec2LaunchTemplate Version fieldivs-realtime: Token Exchange introduces seamless token exchange capabilities for IVS RTX, enabling customers to upgrade or downgrade token capabilities and update token attributes within the IVS client SDK without forcing clients to disconnect and reconnect.mgn: Added parameters encryption, IPv4/IPv6 protocol configuration, and enhanced tagging support for replication operations.route53: Amazon Route 53 now supports the EU (Germany) Region (eusc-de-east-1) for latency records, geoproximity records, and private DNS for Amazon VPCs in that regionv1.43.11Compare Source
=======
ce: Add support for Cost Category resource associations including filtering by resource type on ListCostCategoryDefinitions and new ListCostCategoryResourceAssociations API.ec2: Amazon EC2 P6-B300 instances provide 8x NVIDIA Blackwell Ultra GPUs with 2.1 TB high bandwidth GPU memory, 6.4 Tbps EFA networking, 300 Gbps dedicated ENA throughput, and 4 TB of system memory. Amazon EC2 C8a instances are powered by 5th Gen AMD EPYC processors with a maximum frequency of 4.5 GHz.identitystore: Updating AWS Identity Store APIs to support Attribute Extensions capability, with the first release adding Enterprise Attributes. This launch aligns Identity Store APIs with SCIM for enterprise attributes, reducing cases when customers are forced to use SCIM due to lack of SigV4 API support.partnercentral-selling: Deal Sizing Service for AI-based deal size estimation with AWS service-level breakdown, supporting Expansion and Migration deals across Technology, and Reseller partner cohorts, including Pricing Calculator AddOn for MAP deals and funding incentives.rds: Adding support for tagging RDS Instance/Cluster Automated Backupsredshift-serverless: Added GetIdentityCenterAuthToken API to retrieve encrypted authentication tokens for Identity Center integrated serverless workgroups. This API enables programmatic access to secure Identity Center tokens with proper error handling and parameter validation across supported SDK languages.rolesanywhere: Increases certificate string length for trust anchor source data to support ML-DSA certificates.sesv2: Update Mail Manager Archive ARN validationv1.43.10Compare Source
=======
ecs: Updating stop-task API to encapsulate containers with custom stop signaliam: Adding the ExpirationTime attribute to the delegation request resource.inspector2: This release adds a new ScanStatus called "Unsupported Code Artifacts". This ScanStatus will be returned when a Lambda function was not code scanned because it has unsupported code artifacts.partnercentral-account: Adding Verification API's to Partner Central Account SDK.sesv2: Updating the desired url forPutEmailIdentityDkimSigningAttributesfrom v1 to v2v1.43.9Compare Source
======
lambda: Add DisallowedByVpcEncryptionControl to the LastUpdateStatusReasonCode and StateReasonCode enums to represent failures caused by VPC Encryption Controls.v1.43.8Compare Source
======
bedrock: Adding support in Amazon Bedrock to customize models with reinforcement fine-tuning (RFT) and support for updating the existing Custom Model Deployments.sagemaker: Introduces Serverless training: A fully managed compute infrastructure that abstracts away all infrastructure complexity, allowing you to focus purely on model development.Added AI model customization assets used to train, refine, and evaluate custom models during the model customization process.
v1.43.7Compare Source
======
bedrock: Adds the audioDataDeliveryEnabled boolean field to the Model Invocation Logging Configuration.bedrock-agentcore: Support for AgentCore Evaluations and Episodic memory strategy for AgentCore Memory.bedrock-agentcore-control: Supports AgentCore Evaluations, Policy, Episodic Memory Strategy, Resource Based Policy for Runtime and Gateway APIs, API Gateway Rest API Targets and enhances JWT authorizer.bedrock-runtime: Adds support for Audio Blocks and Streaming Image Output plus new Stop Reasons of malformed_model_output and malformed_tool_use.ce: This release updates existing Savings Plans Purchase Analyzer and Recommendations APIs to support Database Savings Plans.datazone: Amazon DataZone now supports exporting Catalog datasets as Amazon S3 tables, and provides automatic business glossary term suggestions for data assets.endpoint-rules: Update endpoint-rules command to latest versionfsx: S3 Access Points support for FSx for NetApp ONTAPguardduty: Adding support for extended threat detection for Amazon EC2 and Amazon ECS. Adding support for wild card suppression rules.lambda: Launching Lambda durable functions - a new feature to build reliable multi-step applications and AI workflows natively within the Lambda developer experience.logs: CloudWatch Logs adds managed S3 Tables integration to access logs using other analytical tools, as well as facets and field indexing to simplify log analytics in CloudWatch Logs Insights.nova-act: Initial release of Nova Act SDK. The Nova Act service enables customers to build and managConfiguration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.