diff --git a/CHANGELOG.md b/CHANGELOG.md index 6cb0154d52..6b5616c280 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,1804 +1,1808 @@ # CHANGELOG -## 3.384.11 - 2026-06-16 - -* `Aws\S3` - Added support for annotations. You can now attach up to 1000 annotations (up to 1 MB each) directly to objects and create, retrieve, list, and delete them using new annotation APIs. Also added support for configuring an annotation table in S3 Metadata. -* `Aws\DirectConnect` - Added VIF rate limiting support for AWS Direct Connect, allowing customers to set bandwidth allocations on virtual interfaces to manage traffic on dedicated connections. -* `Aws\Route53Resolver` - Adds supports for PartnerManagedRules -* `Aws\PartnerCentralSelling` - Added Prospecting APIs to convert engagements into AI-enriched leads with scoring insights. Extended Engagement APIs with ProspectingResult and Lead contexts. Added CoSell Scoring to GetAwsOpportunitySummary- quality score, trend, agent-driven recommendations, and engagement classification. -* `Aws\S3Vectors` - Amazon S3 Vectors now supports paginated QueryVectors requests, returning up to 10,000 results per query. -* `Aws\Outposts` - Adds support for creating an order from quotes. -* `Aws\SageMaker` - Add EnableDetailedObservability to Endpoint MetricsConfig. Publishes GPU, host, and framework-native inference metrics to CloudWatch with per-inference-component, availability-zone, and instance dimensions. Adds Inference Component provisioning lifecycle and multi-AZ placement metrics. - -## 3.384.10 - 2026-06-15 - -* `Aws\mgn` - AWS Transform for VMware now supports Amazon FSx for NetApp ONTAP as a target storage. Customers can migrate source server disks directly to FSx for NetApp ONTAP iSCSI LUNs. Target storage is configurable per source server, and compute, network, and storage migrate together in coordinated waves. -* `Aws\DataZone` - Adds support for deleting lineage events in Amazon DataZone. -* `Aws\RDS` - Adding support for RDS SQL Server BYOM and DB2 Community Edition -* `Aws\WAFV2` - AWS WAF now supports AI traffic monetization for CloudFront. Configure payment networks and pricing on your web ACL, use the new Monetize rule action to charge AI agents via x402, and monitor revenue with new GetRevenueStatisticsSummary, GetRevenueStatistics, and ListSettlementRecords APIs. -* `Aws\WorkSpaces` - Added a validation for null check for ImageIds in DescribeWorkspaceImages API request parameters. -* `Aws\CloudWatchLogs` - Added endTimeOffset parameter to Scheduled Queries APIs (Create, Update, Get) enabling bounded time window configuration. Introduced scheduleType filter (CUSTOMER MANAGED, AWS MANAGED) for ListScheduledQueries and exposed it in Get and Update responses. -* `Aws\BedrockRuntime` - InvokeGuardrailChecks API evaluates prompts and responses against safety checks (content filters, prompt attacks, sensitive info) without creating guardrail resources. It's a detect-only API, returning numeric scores so you can build adaptive logic as per your application. - -## 3.384.9 - 2026-06-12 - -* `Aws\BedrockAgentCoreControl` - Added tagging and CMK support for optimizations and an insights feature to identify failure patterns, extract user intents, and summarize execution behavior -* `Aws\DevOpsAgent` - Adds support for Trigger CRUD APIs (CreateTrigger, GetTrigger, UpdateTrigger, DeleteTrigger, ListTriggers) for managing schedule-based automation triggers in DevOps Agent agent spaces. -* `Aws\BedrockAgentCore` - Added tagging and CMK support across optimization, an explanation field in recommendation output, and an insights feature to identify failure patterns, extract user intents, and summarize execution behavior -* `Aws\IAM` - Updating documentation for select service-specific credential APIs -* `Aws\Firehose` - Update KeyARN in DeliveryStreamEncryptionConfigurationInput to accept KMS key ARNs only (not alias ARNs), matching service behavior. -* `Aws\Glue` - Adds support for retrieving Apache Iceberg table metadata via GetTable. Use the new AttributesToGet parameter with LATEST ICEBERG METADATA to receive schema, partition specs, sort orders, and table properties in the response. -* `Aws\SageMakerRuntime` - Added support for inline request payloads to the InvokeEndpointAsync operation to allow users to provide the inference payload directly in the request Body (up to 128,000 bytes) as an alternative to uploading the payload to Amazon S3 and passing InputLocation. -* `Aws\EKS` - Patches missing enum values for EKS updates -* `Aws\ACM` - Certificate transparency logging opt-out is no longer available. Per compliance requirements, all public ACM certificates are automatically recorded in certificate transparency logs. The CertificateTransparencyLoggingPreference option is deprecated. - -## 3.384.8 - 2026-06-11 - -* `Aws\Support` - Adding new BDD representation of endpoint ruleset -* `Aws\BedrockAgentCoreControl` - Supports deterministic metadata for AgentCore Memory -* `Aws\HealthLake` - Adds the UpdateFHIRDatastore API and adds analytics, NLP, and profile configuration support to CreateFHIRDatastore and DescribeFHIRDatastore. -* `Aws\BedrockAgentCore` - Adds support to perform cross account data plane actions on an AgentCore Memory resource -* `Aws\Neptune` - Amazon Neptune now supports IPv6 dual-stack networking. You can create and manage Neptune DB clusters accessible over both IPv4 and IPv6 by specifying NetworkType as DUAL in CreateDBCluster, ModifyDBCluster, RestoreDBClusterFromSnapshot, and RestoreDBClusterToPointInTime API operations -* `Aws\Omics` - Adds support for workflowName in the ListRuns API response. -* `Aws\EKS` - Introduce new CreateCluster parameters for Amazon EKS local clusters on AWS Outposts. Added etcdInstanceType for configuring the EC2 instance type for dedicated etcd instances, and spreadLevel for configuring the placement group spread level for Kubernetes control plane and etcd instances. - -## 3.384.7 - 2026-06-10 - -* `Aws\ConnectHealth` - Add support for MedicalScribeBinaryAudioEvent in the Medical Scribe streaming input. This new event type lets you send audio as a raw binary payload instead of a base64-encoded value -* `Aws\SageMaker` - Add support for G6e instances (ml.g6e.xlarge through ml.g6e.48xlarge) on Amazon SageMaker Notebook Instances. -* `Aws\Lightsail` - This release adds support for Asia Pacific (Hong Kong) (ap-east-1), Europe (Spain) (eu-south-2) and South America (Sao Paulo) (sa-east-1) Regions. -* `Aws\ECS` - Amazon ECS Managed Daemon task definitions now support pidMode and ipcMode parameters. Set shared to allow daemons to share PID or IPC namespaces with co-located tasks on Managed Instances, enabling process tracing and shared memory communication. -* `Aws\Signin` - AWS Sign-In now allows customers to control access to the AWS Management Console using resource-based policies. With this release customers can restrict console access based on network perimeters such as VPC IDs, VPC endpoints, and IP addresses. -* `Aws\EC2` - This release adds support for AMI Watermark which a structured identifier that helps in tracking AMI provenance -* `Aws\MediaLive` - Adding premixer settings to pid and track audio inputs in MediaLIve to allow greater control over mixing audio from multiple source streams including support for AudioPidSelectors made up of multiple audio PIDs. -* `Aws\PrometheusService` - Adds supports for out-of-order sample ingestion (default 1-minute window) and a configurable rule query offset to reduce data loss and improve alerting accuracy. - -## 3.384.6 - 2026-06-09 - -* `Aws\IoTSiteWise` - Adding new BDD representation of endpoint ruleset -* `Aws\Outposts` - Added AWS Outposts APIs for self-service Outposts quoting and ordering. New operations include CreateQuote, GetQuote, UpdateQuote, DeleteQuote, ListQuotes, and ListOrderableInstanceTypes. -* `Aws\BedrockAgentCore` - Add RetryableConflictException (HTTP 409) to InvokeAgentRuntimeCommand and GetAgentCard to prevent orphaned VMs during concurrent session access. The SDK automatically retries this exception with backoff. Enforcement is not yet active and will be enabled in a future service update. -* `Aws\EC2` - Added TagFieldSpecifications to CreateFlowLogs and DescribeFlowLogs APIs. Customers can now specify tag keys in their Flow Logs subscriptions to capture associated EC2 resource tag values in their logs, enabling tag-based visibility. -* `Aws\DynamoDBStreams` - Adding new BDD representation of endpoint ruleset -* `Aws\TimestreamQuery` - Adding new BDD representation of endpoint ruleset -* `Aws\Odb` - Releases Autonomous Database Serverless APIs, autonomousDatabaseOciIntegrationIamRoles, linkedOciTenancyId, linkedOciCompartmentId, and subscriptionErrors fields in GetOciOnboardingStatus API response. -* `Aws\Bedrock` - Adds support for the Amazon Bedrock account-level data retention APIs PutAccountDataRetention and GetAccountDataRetention. -* `Aws\MarketplaceCommerceAnalytics` - Adding new BDD representation of endpoint ruleset -* `Aws\CloudWatch` - This release adds the APIs (AssociateDatasetKmsKey, DisassociateDatasetKmsKey, GetDataset) to manage encryption at rest for OpenTelemetry metrics in CloudWatch using AWS KMS customer managed keys. -* `Aws\TimestreamWrite` - Adding new BDD representation of endpoint ruleset - -## 3.384.5 - 2026-06-08 - -* `Aws\TaxSettings` - Adds support for additional tax information fields for Philippines, Belgium, Chile, France, Poland, and Italy in the Tax Settings API. -* `Aws\Omics` - StartRunBatch API - Add EngineSettings -* `Aws\ComputeOptimizer` - Adds new Idle Recommendation Resource types in the AWS Compute Optimizer API -* `Aws\ObservabilityAdmin` - CloudWatch Observability Admin extends CentralizationRuleForOrganization APIs to support metrics, enabling centralization of metrics across accounts and Regions alongside logs. -* `Aws\MediaPackageV2` - Adds support for DASH Audio Timeline Patternization. This enables your DASH manifests to templatize the repeating patterns that emerge in audio segment timelines. This compacts the total timeline length, utilizing the repeat notation, such that manifests don't grow indefinitely long. -* `Aws\mgn` - AWS Transform discovery tool now supported as network migration input source. You can now use the AWS Transform Discovery tool as a source for network migration alongside modelizeIT, enabling hybrid network migrations for environments running both VMware and non-VMware workloads. -* `Aws\DevOpsAgent` - Add Asset APIs for managing versioned assets and asset files in AWS DevOps Agent agent spaces. -* `Aws\Deadline` - Added optional identityCenterRegion parameter to AssociateMember APIs to allow managing memberships for users and groups in other regions. -* `Aws\CostOptimizationHub` - Adds new Idle Recommendation types in the Cost Optimization Hub API - -## 3.384.4 - 2026-06-05 - -* `Aws\QuickSight` - Adds support for Knowledge Base APIs and Index Capacity API -* `Aws\PaymentCryptography` - Adds CloudFormation support for resource-based policies on AWS Payment Cryptography keys. -* `Aws\MediaConvert` - Adds support for configurable number of Clear Lead segments at the beginning of encrypted output. Adds support for multiple trickplay variants. -* `Aws\DynamoDB` - Adding new BDD representation of endpoint ruleset -* `Aws\EMRServerless` - Adds support for updating max capacity and custom fields while application is started -* `Aws\SageMaker` - This release adds support for MLflow experiment tracking in SageMaker inference optimization. CreateAIRecommendationJob and CreateAIBenchmarkJob now accept an optional OutputConfig.MlflowConfig (MLflow App ARN, experiment, run name) to stream benchmark metrics and artifacts to your own MLflow App. - -## 3.384.3 - 2026-06-04 - -* `Aws\MediaPackageVod` - Adding new BDD representation of endpoint ruleset -* `Aws\SNS` - Adding new BDD representation of endpoint ruleset -* `Aws\CostExplorer` - Adding new BDD representation of endpoint ruleset -* `Aws\SageMakerRuntimeHTTP2` - Adding new BDD representation of endpoint ruleset -* `Aws\GuardDuty` - Remove unsupported RDS field for filter -* `Aws\Wickr` - AWS Wickr now allows network administrators to configure a maximum session duration for non-SSO users in security groups, and display customizable consent popups to users at login for terms of use or compliance acknowledgements. -* `Aws\CloudFormation` - Adding new BDD representation of endpoint ruleset -* `Aws\TaxSettings` - Adding new BDD representation of endpoint ruleset -* `Aws\AmplifyBackend` - Adding new BDD representation of endpoint ruleset -* `Aws\AuditManager` - Adding new BDD representation of endpoint ruleset -* `Aws\AppIntegrationsService` - Adding new BDD representation of endpoint ruleset -* `Aws\Glue` - AWS Glue Interactive Sessions now supports Apache Spark Connect, enabling remote Spark execution over gRPC with minimal client-side dependencies. Adds GetSessionEndpoint and GetDashboardUrl APIs. Modifies CreateSession now accepts SPARK CONNECT session type. -* `Aws\Route53RecoveryReadiness` - Adding new BDD representation of endpoint ruleset -* `Aws\Uxc` - Adding new BDD representation of endpoint ruleset -* `Aws\OpenSearchServerless` - Adding new BDD representation of endpoint ruleset -* `Aws\MediaPackage` - Adding new BDD representation of endpoint ruleset -* `Aws\MWAAServerless` - Adding new BDD representation of endpoint ruleset -* `Aws\WorkDocs` - Adding new BDD representation of endpoint ruleset -* `Aws\kendra` - Adding new BDD representation of endpoint ruleset -* `Aws\ConfigService` - AWS Config now supports internal service-linked rules, allowing AWS service partners to deploy Config rules for customers and use the evaluation results to build enhanced features. -* `Aws\Sustainability` - Adding new BDD representation of endpoint ruleset -* `Aws\Appflow` - Adding new BDD representation of endpoint ruleset -* `Aws\GeoMaps` - Adding new BDD representation of endpoint ruleset -* `Aws\IVS` - adds UpdateAdConfiguration operation to AWS IVS low-latency APIs -* `Aws\SageMaker` - Adds the IncludedData parameter to DescribeModelCard and DescribeModelPackage. Set it to MetadataOnly to retrieve a model card without decrypt permission on the customer managed AWS KMS key (default AllData returns full content). Adds support for the MTRL Job resource in SageMaker Search. -* `Aws\MediaConnect` - BDD bulk update change rollout -* `Aws\SignerData` - Adding new BDD representation of endpoint ruleset -* `Aws\EFS` - Adding new BDD representation of endpoint ruleset -* `Aws\ChimeSDKVoice` - Adding new BDD representation of endpoint ruleset -* `Aws\S3Files` - Adding new BDD representation of endpoint ruleset -* `Aws\EMR` - Added support for Spark Connect interactive sessions on Amazon EMR on EC2 with new APIs - StartSession, GetSession, GetSessionEndpoint, ListSessions, and TerminateSession. Added sessionEnabled field in RunJobFlow and DescribeCluster to enable Spark Connect endpoints on EMR clusters. -* `Aws\ConnectParticipant` - Adding new BDD representation of endpoint ruleset -* `Aws\WorkSpaces` - Adding new BDD representation of endpoint ruleset -* `Aws\MQ` - BDD bulk update change rollout -* `Aws\EC2InstanceConnect` - Adding new BDD representation of endpoint ruleset -* `Aws\Interconnect` - Adding new BDD representation of endpoint ruleset - -## 3.384.2 - 2026-06-03 - -* `Aws\CloudTrailData` - Adding new BDD representation of endpoint ruleset -* `Aws\ApplicationAutoScaling` - Adding new BDD representation of endpoint ruleset -* `Aws\SES` - Adding new BDD representation of endpoint ruleset -* `Aws\Kinesis` - Adding new BDD representation of endpoint ruleset -* `Aws\Firehose` - Adding new BDD representation of endpoint ruleset -* `Aws\ResourceGroups` - Adding new BDD representation of endpoint ruleset -* `Aws\CloudWatchLogs` - Adding new BDD representation of endpoint ruleset -* `Aws\DAX` - Adding new BDD representation of endpoint ruleset -* `Aws\ApiGatewayManagementApi` - Adding new BDD representation of endpoint ruleset -* `Aws\Route53Profiles` - Adding new BDD representation of endpoint ruleset -* `Aws\SocialMessaging` - Adding support for WhatsApp flow APIs and adding AccessDeniedByMetaException for Template APIs -* `Aws\IoTSecureTunneling` - Adding new BDD representation of endpoint ruleset -* `Aws\ARCRegionSwitch` - ARC Region Switch now supports three new execution blocks for multi-Region database workloads-Amazon Aurora Serverless scaling, Amazon Aurora Provisioned scaling, and Amazon Neptune Global Database failover. -* `Aws\DirectConnect` - Adding new BDD representation of endpoint ruleset -* `Aws\IoTEvents` - Adding new BDD representation of endpoint ruleset -* `Aws\WAFRegional` - Adding new BDD representation of endpoint ruleset -* `Aws\CloudFront` - Adding new BDD representation of endpoint ruleset -* `Aws\PinpointSMSVoice` - Adding new BDD representation of endpoint ruleset -* `Aws\ComputeOptimizer` - This release lets customers extend the lookback period for Amazon EBS volume and Amazon ECS rightsizing recommendations to 32 days. -* `Aws\LakeFormation` - Adding new BDD representation of endpoint ruleset -* `Aws\S3Outposts` - Adding new BDD representation of endpoint ruleset -* `Aws\ConnectWisdomService` - Adding new BDD representation of endpoint ruleset -* `Aws\VPCLattice` - Adding new BDD representation of endpoint ruleset -* `Aws\Macie2` - Adding new BDD representation of endpoint ruleset -* `Aws\Inspector2` - Inspector support for enhanced scanning -* `Aws\Connect` - SearchContacts Connect API now supports filtering contacts by the AI Agents involved in handling them -* `Aws\AppFabric` - Adding new BDD representation of endpoint ruleset -* `Aws\CostExplorer` - Added support for target-coverage-based Savings Plans purchase analysis. The StartCommitmentPurchaseAnalysis API now accepts a new TARGET AVERAGE COVERAGE value for AnalysisType, as well as an optional SavingsPlansTargetCoverage field in SavingsPlansPurchaseAnalysisConfiguration -* `Aws\ConnectCampaignService` - Adding new BDD representation of endpoint ruleset -* `Aws\SnowDeviceManagement` - Adding new BDD representation of endpoint ruleset -* `Aws\AppConfigData` - Adding new BDD representation of endpoint ruleset -* `Aws\SecurityLake` - Adding new BDD representation of endpoint ruleset -* `Aws\RDS` - Adding new BDD representation of endpoint ruleset - -## 3.384.1 - 2026-06-03 - -* `Aws\GeoRoutes` - Add "standardRegionalEndpoints" back to fix 'Could not connect to the endpoint URL' - -## 3.384.0 - 2026-06-02 - -* `Aws\S3` - Prevents resources provided to `ObjectUploader` from being closed by Guzzle. -* `Aws\MediaConvert` - Adding new BDD representation of endpoint ruleset -* `Aws\EC2` - Amazon EC2 now supports self-service cancellation of future-dated Capacity Reservations. A cancellation charge applies based on remaining commitment. Customers can generate a cancellation quote to review charges before confirming. -* `Aws\Shield` - Adding new BDD representation of endpoint ruleset -* `Aws\SecretsManager` - Adding new BDD representation of endpoint ruleset -* `Aws\Neptune` - Adding new BDD representation of endpoint ruleset -* `Aws\Pinpoint` - Adding new BDD representation of endpoint ruleset -* `Aws\SageMaker` - Amazon SageMaker Job is a new service to help you manage various workloads related to model fine tuning, evaluation etc. Two job categories are supported today, AgentRFT for multi-turn agentic reinforcement fine tuning, and AgentRFTEvaluation for evaluating base model or trained model from AgentRFT. -* `Aws\Polly` - Adding new BDD representation of endpoint ruleset -* `Aws\SagemakerJobRuntime` - Amazon SageMaker Job Runtime is a new service for managing trajectory data during multi-turn customization jobs. It provides APIs to send inference requests to models during job execution, mark rollouts as complete, and submit reward values for training trajectories. -* `Aws\SFN` - Adding new BDD representation of endpoint ruleset -* `Aws\ElastiCache` - Amazon ElastiCache for Valkey now supports durability. This new capability is enabled through a Multi-AZ transactional log, enabling fast recovery and restart during failures. -* `Aws\TranscribeService` - Release new Language locales including am-ET, es-MX, fa-AF, ht-HT, jv-ID, km-KH, my-MM, sq-AL, ne-NP. The commit shows past locales that have already been release which include cy-gb, ga-ie, gd-gb. -* `Aws\GeoRoutes` - Added Transit and Intermodal travel modes to CalculateRoutes. Plan routes using public transit (bus, subway, train, ferry) or combine transit with driving, taxi, and rental car segments in a single multi-modal route. -* `Aws\MigrationHub` - Adding new BDD representation of endpoint ruleset -* `Aws\MarketplaceMetering` - Adding new BDD representation of endpoint ruleset -* `Aws\STS` - Adding new BDD representation of endpoint ruleset -* `Aws\Transfer` - Adding new BDD representation of endpoint ruleset -* `Aws\ManagedBlockchain` - Adding new BDD representation of endpoint ruleset -* `Aws\MediaStore` - Adding new BDD representation of endpoint ruleset -* `Aws\PI` - Adding new BDD representation of endpoint ruleset -* `Aws\Route53Domains` - Adding new BDD representation of endpoint ruleset -* `Aws\KeyspacesStreams` - Added iterator description to the GetRecords API response for Amazon Keyspaces Change Data Capture (CDC) streams, enabling consumers to track their current position within the stream. -* `Aws\Route53` - Adding new BDD representation of endpoint ruleset -* `Aws\SSO` - Adding new BDD representation of endpoint ruleset -* `Aws\IoT` - Fleet indexing documentation update -* `Aws\RAM` - Adding new BDD representation of endpoint ruleset -* `Aws\MTurk` - Adding new BDD representation of endpoint ruleset -* `Aws\Lambda` - Adds configuration for tag propagation to Lambda-managed resources. -* `Aws\CloudWatch` - Adding new BDD representation of endpoint ruleset -* `Aws\PinpointEmail` - Adding new BDD representation of endpoint ruleset -* `Aws\Redshift` - Adding new BDD representation of endpoint ruleset -* `Aws\GuardDuty` - Amazon GuardDuty Runtime Monitoring now supports 3 new SensitiveFileModified finding types (Persistence, PrivilegeEscalation, DefenseEvasion) that detect when security-sensitive system files are modified on EC2 instances or containers, indicating potential compromise through file tampering. -* `Aws\SSM` - Adding new BDD representation of endpoint ruleset -* `Aws\XRay` - Adding new BDD representation of endpoint ruleset -* `Aws\S3` - Adding new BDD representation of endpoint ruleset -* `Aws\SWF` - Adding new BDD representation of endpoint ruleset -* `Aws\StorageGateway` - Adding new BDD representation of endpoint ruleset -* `Aws\MediaLive` - Adding new BDD representation of endpoint ruleset -* `Aws\LexRuntimeService` - Adding new BDD representation of endpoint ruleset -* `Aws\Snowball` - Adding new BDD representation of endpoint ruleset -* `Aws\ResourceGroupsTaggingAPI` - Adding new BDD representation of endpoint ruleset -* `Aws\Rekognition` - Adding new BDD representation of endpoint ruleset -* `Aws\ServiceCatalog` - Adding new BDD representation of endpoint ruleset -* `Aws\SQS` - Adding new BDD representation of endpoint ruleset -* `Aws\PersonalizeRuntime` - Adding new BDD representation of endpoint ruleset -* `Aws\WAF` - Adding new BDD representation of endpoint ruleset - -## 3.383.2 - 2026-06-01 - -* `Aws\IoTEventsData` - Adding new BDD representation of endpoint ruleset -* `Aws\KinesisAnalytics` - Adding new BDD representation of endpoint ruleset -* `Aws\IoT` - Adding new BDD representation of endpoint ruleset -* `Aws\Lambda` - Adding new BDD representation of endpoint ruleset -* `Aws\Greengrass` - Adding new BDD representation of endpoint ruleset -* `Aws\Amplify` - Adding new BDD representation of endpoint ruleset -* `Aws\GameLift` - Adding new BDD representation of endpoint ruleset -* `Aws\KinesisVideo` - Adding new BDD representation of endpoint ruleset -* `Aws\ConfigService` - Adding new BDD representation of endpoint ruleset -* `Aws\DatabaseMigrationService` - Adding new BDD representation of endpoint ruleset -* `Aws\MarketplaceCatalog` - Adding new BDD representation of endpoint ruleset -* `Aws\IAM` - Adding new BDD representation of endpoint ruleset -* `Aws\ElasticsearchService` - Adding new BDD representation of endpoint ruleset -* `Aws\MediaStoreData` - Adding new BDD representation of endpoint ruleset -* `Aws\AppSync` - Adding new BDD representation of endpoint ruleset -* `Aws\EMR` - Adding new BDD representation of endpoint ruleset -* `Aws\Lightsail` - Adding new BDD representation of endpoint ruleset -* `Aws\CognitoSync` - Adding new BDD representation of endpoint ruleset -* `Aws\KinesisVideoMedia` - Adding new BDD representation of endpoint ruleset -* `Aws\CloudWatchEvents` - Adding new BDD representation of endpoint ruleset -* `Aws\DataPipeline` - Adding new BDD representation of endpoint ruleset -* `Aws\LicenseManager` - Adding new BDD representation of endpoint ruleset -* `Aws\CognitoIdentityProvider` - Add support for multi-region replication, enabling synchronization of user data and configurations to a secondary user pool in a standby Region. Add support for customer managed keys (CMK) in AWS KMS for encrypting user pool data at rest. -* `Aws\Inspector` - Adding new BDD representation of endpoint ruleset -* `Aws\MachineLearning` - Adding new BDD representation of endpoint ruleset -* `Aws\DeviceFarm` - Adding new BDD representation of endpoint ruleset -* `Aws\ElasticLoadBalancingv2` - Adding new BDD representation of endpoint ruleset -* `Aws\ElastiCache` - Adding new BDD representation of endpoint ruleset -* `Aws\Glacier` - Adding new BDD representation of endpoint ruleset -* `Aws\KMS` - Adding new BDD representation of endpoint ruleset -* `Aws\AppMesh` - Adding new BDD representation of endpoint ruleset -* `Aws\QuickSight` - This release adds public APIs for Amazon QuickSight Spaces, Agents, and Flows. Spaces APIs enable management of curated resource collections. Agents APIs provide lifecycle control over AI-powered agents that leverage Spaces. Flows APIs add CRUDL APIs for automated workflows. -* `Aws\CostandUsageReportService` - Adding new BDD representation of endpoint ruleset -* `Aws\CodePipeline` - Adding new BDD representation of endpoint ruleset -* `Aws\CognitoIdentity` - Adding new BDD representation of endpoint ruleset -* `Aws\ElasticLoadBalancing` - Adding new BDD representation of endpoint ruleset -* `Aws\MarketplaceAgreement` - Adding Entitlements in SearchAgreements Response -* `Aws\LexModelBuildingService` - Adding new BDD representation of endpoint ruleset -* `Aws\ECS` - Adding new BDD representation of endpoint ruleset -* `Aws\ElasticBeanstalk` - Adding new BDD representation of endpoint ruleset -* `Aws\DirectoryService` - Adding new BDD representation of endpoint ruleset -* `Aws\ECR` - Adding new BDD representation of endpoint ruleset -* `Aws\Personalize` - Adding new BDD representation of endpoint ruleset -* `Aws\Health` - Adding new BDD representation of endpoint ruleset -* `Aws\ApplicationDiscoveryService` - Adding new BDD representation of endpoint ruleset -* `Aws\DocDB` - Adding new BDD representation of endpoint ruleset - -## 3.383.1 - 2026-05-29 - -* `Aws\` - Fixed per-request cyclic references in retry and validation middleware that caused unbounded memory growth in long-lived processes making repeated API calls. -* `Aws\GroundStation` - Adds support for Alpha-5 satellite number encoding in the Two-Line Element ephemeris format. -* `Aws\PaymentCryptographyData` - Adding new BDD representation of endpoint ruleset -* `Aws\Synthetics` - Adding new BDD representation of endpoint ruleset -* `Aws\CodeDeploy` - Adding new BDD representation of endpoint ruleset -* `Aws\QBusiness` - Adding new BDD representation of endpoint ruleset -* `Aws\ARCZonalShift` - Adding new BDD representation of endpoint ruleset -* `Aws\CloudHSM` - Adding new BDD representation of endpoint ruleset -* `Aws\WorkspacesInstances` - Adding new BDD representation of endpoint ruleset -* `Aws\CloudDirectory` - Adding new BDD representation of endpoint ruleset -* `Aws\Budgets` - Adding new BDD representation of endpoint ruleset -* `Aws\CloudHSMV2` - Adding new BDD representation of endpoint ruleset -* `Aws\BackupGateway` - Adding new BDD representation of endpoint ruleset -* `Aws\Omics` - Add engineSettings to StartRun and GetRun. Add profiles and profileParameterTemplates to GetWorkflow and GetWorkflowVersion. -* `Aws\PersonalizeEvents` - Adding new BDD representation of endpoint ruleset -* `Aws\MWAA` - Adding new BDD representation of endpoint ruleset -* `Aws\EntityResolution` - Adding new BDD representation of endpoint ruleset -* `Aws\Route53RecoveryCluster` - Adding new BDD representation of endpoint ruleset -* `Aws\CodeBuild` - Adding new BDD representation of endpoint ruleset -* `Aws\CloudTrail` - Adding new BDD representation of endpoint ruleset -* `Aws\AutoScaling` - Adding new BDD representation of endpoint ruleset -* `Aws\Athena` - Adding new BDD representation of endpoint ruleset -* `Aws\WAFV2` - Adding new BDD representation of endpoint ruleset -* `Aws\CodeCommit` - Adding new BDD representation of endpoint ruleset -* `Aws\SSMGuiConnect` - Adding new BDD representation of endpoint ruleset -* `Aws\LexRuntimeV2` - Adding new BDD representation of endpoint ruleset -* `Aws\RDSDataService` - RDS Data API arrays (longValues, doubleValues, stringValues, booleanValues) in ExecuteStatement responses now correctly support null elements. Runtime change for JS v3 and .NET. Compile-time change for C plus plus, .NET, Kotlin, Rust. No impact for Java, Python, Ruby, PHP, Go. -* `Aws\Proton` - Adding new BDD representation of endpoint ruleset -* `Aws\Chime` - Adding new BDD representation of endpoint ruleset -* `Aws\SESv2` - This release introduces support for Tenant Suppression Lists -* `Aws\InspectorScan` - Adding new BDD representation of endpoint ruleset -* `Aws\PCS` - Adding new BDD representation of endpoint ruleset -* `Aws\Route53Resolver` - Added BatchCreateFirewallRule, BatchUpdateFirewallRule, BatchDeleteFirewallRule, and ListFirewallRuleTypes APIs. Added FirewallRuleType support to Firewall Rule APIs. -* `Aws\MailManager` - Adding new BDD representation of endpoint ruleset -* `Aws\NetworkFlowMonitor` - Adding new BDD representation of endpoint ruleset -* `Aws\CloudSearchDomain` - Adding new BDD representation of endpoint ruleset -* `Aws\drs` - Adding new BDD representation of endpoint ruleset -* `Aws\ManagedGrafana` - Adding new BDD representation of endpoint ruleset -* `Aws\CodeCatalyst` - Adding new BDD representation of endpoint ruleset -* `Aws\BedrockAgentCoreControl` - Reference your own AWS Secrets Manager secrets when configuring credential providers, giving you control over encryption, rotation, and access policies instead of using service-managed secrets. -* `Aws\QuickSight` - Adds support for creating, updating, describing, listing, and deleting an OAuthClientApplication resource, a new quicksight resource that allows customers to store OAuth configurations to connect to their databases via 3 Legged OAuth. -* `Aws\ApplicationInsights` - Adding new BDD representation of endpoint ruleset -* `Aws\LexModelsV2` - Adding new BDD representation of endpoint ruleset -* `Aws\Bedrock` - Automated Reasoning checks - Added two build workflows for policies. Iterative Refine Policy uses AI to update policy definitions based on test results and feedback. Resolve Policy Ambiguities consolidates ambiguous variables in Automated Reasoning policies, a common source of ambiguous validation. -* `Aws\DirectoryServiceData` - Adding new BDD representation of endpoint ruleset -* `Aws\Account` - Adding new BDD representation of endpoint ruleset -* `Aws\CloudSearch` - Adding new BDD representation of endpoint ruleset -* `Aws\ConnectCampaignsV2` - Adding new BDD representation of endpoint ruleset -* `Aws\ConnectContactLens` - Adding new BDD representation of endpoint ruleset -* `Aws\AutoScalingPlans` - Adding new BDD representation of endpoint ruleset -* `Aws\CodeGuruSecurity` - Adding new BDD representation of endpoint ruleset - -## 3.383.0 - 2026-05-28 - -* `Aws\S3` - Updates `MultipartCopy` to fully align with `CopyObject` metadata directive behavior. When `$config['metadata_directive']` is set to `COPY` (default), source object metadata takes precedence over any matching values provided in `$config['params']`. -* `Aws\ControlCatalog` - AWS Control Catalog - Added GovernedProviders response field and inclusion filter to GetControl and ListControls APIs to identify and filter by cloud provider. Added ParameterRequirementSummary response field indicating parameter requirements. -* `Aws\AugmentedAIRuntime` - Adding new BDD representation of endpoint ruleset -* `Aws\BedrockRuntime` - Support system role in message -* `Aws\PrometheusService` - Adding new BDD representation of endpoint ruleset -* `Aws\Deadline` - Added support for persistent storage on Service-Managed Fleets, allowing customers to configure persistent storage that preserves data across worker sessions which reduces job startup times for workloads with large software installations or asset caches. -* `Aws\SageMakerRuntime` - Adding new BDD representation of endpoint ruleset -* `Aws\SocialMessaging` - Adding new BDD representation of endpoint ruleset -* `Aws\S3Control` - Update the minimum value of MinStorageBytesPercentage in StorageLensPrefixLevel.SelectionCriteria from 0.1 to 1, aligning the model with the documented contract. -* `Aws\IoTTwinMaker` - Adding new BDD representation of endpoint ruleset -* `Aws\VerifiedPermissions` - Adding new BDD representation of endpoint ruleset -* `Aws\CustomerProfiles` - BatchPutProfileObject API adds multiple profile objects to a domain of a given ObjectType in a single API call. -* `Aws\BedrockAgentCoreControl` - Added Harness support for LiteLLM model configuration for third-party model providers. Added S3 and Git skill source types. Added Responses API format for OpenAI and Bedrock models. Added runtimeUserId parameter to InvokeHarness for end-user identification. -* `Aws\CostOptimizationHub` - Adding new BDD representation of endpoint ruleset -* `Aws\CodeGuruReviewer` - Adding new BDD representation of endpoint ruleset -* `Aws\BackupSearch` - Adding new BDD representation of endpoint ruleset -* `Aws\TimestreamInfluxDB` - Adding new BDD representation of endpoint ruleset -* `Aws\IoT` - Adds new connectivity-related fields to Fleet Indexing API requests and responses. -* `Aws\NeptuneGraph` - Adding new BDD representation of endpoint ruleset -* `Aws\Wickr` - Adding new BDD representation of endpoint ruleset -* `Aws\TrustedAdvisor` - Adding new BDD representation of endpoint ruleset -* `Aws\Detective` - Adding new BDD representation of endpoint ruleset -* `Aws\CloudFrontKeyValueStore` - Adding new BDD representation of endpoint ruleset -* `Aws\GroundStation` - Adding new BDD representation of endpoint ruleset -* `Aws\AccessAnalyzer` - Adding new BDD representation of endpoint ruleset -* `Aws\KinesisVideoSignalingChannels` - Adding new BDD representation of endpoint ruleset -* `Aws\SupplyChain` - Adding new BDD representation of endpoint ruleset -* `Aws\MigrationHubStrategyRecommendations` - Adding new BDD representation of endpoint ruleset -* `Aws\AppStream` - Amazon WorkSpaces Applications now supports BYOL (Bring Your Own License). This enables customers to import their own WorkSpaces images and use them in WorkSpaces Applications. -* `Aws\Keyspaces` - Adding new BDD representation of endpoint ruleset -* `Aws\Route53RecoveryControlConfig` - Adding new BDD representation of endpoint ruleset -* `Aws\Braket` - Adding new BDD representation of endpoint ruleset -* `Aws\IoTDataPlane` - Adding GetConnection, ListSubscriptions, and SendDirectMessage APIs to IoT Data Plane -* `Aws\KinesisAnalyticsV2` - Adding new BDD representation of endpoint ruleset -* `Aws\SecurityAgent` - Adding new BDD representation of endpoint ruleset -* `Aws\SSMIncidents` - Adding new BDD representation of endpoint ruleset -* `Aws\ChimeSDKMessaging` - Adding new BDD representation of endpoint ruleset -* `Aws\Artifact` - Adding new BDD representation of endpoint ruleset -* `Aws\BillingConductor` - Adding new BDD representation of endpoint ruleset -* `Aws\NetworkMonitor` - Adding new BDD representation of endpoint ruleset -* `Aws\AmplifyUIBuilder` - Adding new BDD representation of endpoint ruleset -* `Aws\Signin` - Adding new BDD representation of endpoint ruleset -* `Aws\GeoRoutes` - Adding new BDD representation of endpoint ruleset -* `Aws\CodeStarconnections` - Adding new BDD representation of endpoint ruleset -* `Aws\PinpointSMSVoiceV2` - Adding new BDD representation of endpoint ruleset -* `Aws\ChimeSDKMeetings` - Adding new BDD representation of endpoint ruleset -* `Aws\MarketplaceReporting` - Adding new BDD representation of endpoint ruleset -* `Aws\Chatbot` - Adding new BDD representation of endpoint ruleset -* `Aws\BedrockAgentCore` - Added Harness support for LiteLLM model configuration for third-party model providers. Added S3 and Git skill source types. Added Responses API format for OpenAI and Bedrock models. Added runtimeUserId and runtimeClientError to InvokeHarness. -* `Aws\PCS` - This release adds support for configuring scaleDownIdleTimeInSeconds at the compute node group level, allowing customers to set different idle timeouts per node group. Previously this setting was only available at the cluster level. -* `Aws\LookoutEquipment` - Adding new BDD representation of endpoint ruleset -* `Aws\IVS` - Adding new BDD representation of endpoint ruleset -* `Aws\Resiliencehubv2` - This is the initial SDK release for the next generation of Resilience Hub. -* `Aws\RedshiftDataAPIService` - Adding new BDD representation of endpoint ruleset -* `Aws\Bedrock` - Add support for ModelPackageArn in Bedrock's CreateCustomModel API -* `Aws\ARCRegionSwitch` - Adding new BDD representation of endpoint ruleset -* `Aws\FinSpaceData` - Adding new BDD representation of endpoint ruleset -* `Aws\BedrockDataAutomationRuntime` - Adding new BDD representation of endpoint ruleset -* `Aws\OpenSearchServerless` - Adds support for deletion protection on collections, ability to create NEXTGEN collection groups and autoscaling visibility for NEXTGEN collection groups - -## 3.382.2 - 2026-05-27 - -* `Aws\Api` - Cast generated HTTP header values to strings and validate invalid header values. -* `Aws\SavingsPlans` - Adding new BDD representation of endpoint ruleset -* `Aws\ComputeOptimizerAutomation` - Adding new BDD representation of endpoint ruleset -* `Aws\MainframeModernization` - Adding new BDD representation of endpoint ruleset -* `Aws\LocationService` - Adding new BDD representation of endpoint ruleset -* `Aws\Omics` - Adding new BDD representation of endpoint ruleset -* `Aws\SimpleDBv2` - Adding new BDD representation of endpoint ruleset -* `Aws\WorkMailMessageFlow` - Adding new BDD representation of endpoint ruleset -* `Aws\SupportApp` - Adding new BDD representation of endpoint ruleset -* `Aws\EBS` - Adding new BDD representation of endpoint ruleset -* `Aws\IoTDeviceAdvisor` - Adding new BDD representation of endpoint ruleset -* `Aws\MarketplaceDeployment` - Adding new BDD representation of endpoint ruleset -* `Aws\SageMaker` - Adds shared environment support for Restricted Instance Groups (RIGs) on SageMaker HyperPod, enabling cross-RIG workload scheduling and FSx sharing. This unlocks shared CPU-GPU environments needed for cost-efficient RL training (e.g., Nova Forge). Adds p6 instance support for recommendation jobs -* `Aws\ECS` - Add support for Neuron device resource requirements for Amazon ECS -* `Aws\ECRPublic` - Adding new BDD representation of endpoint ruleset -* `Aws\SecurityIR` - Adding new BDD representation of endpoint ruleset -* `Aws\IoTThingsGraph` - Adding new BDD representation of endpoint ruleset -* `Aws\FIS` - Adding new BDD representation of endpoint ruleset -* `Aws\EKSAuth` - Adding new BDD representation of endpoint ruleset -* `Aws\ConnectCases` - Adding new BDD representation of endpoint ruleset -* `Aws\SageMakerFeatureStoreRuntime` - Adding new BDD representation of endpoint ruleset -* `Aws\DataExchange` - Adding new BDD representation of endpoint ruleset -* `Aws\Organizations` - AWS Organizations now emits CloudTrail events (AccountJoinedOrganization, AccountDepartedOrganization) to the management account for membership changes, including join and departure method and timestamp. -* `Aws\mgn` - Adding new BDD representation of endpoint ruleset -* `Aws\EventBridge` - Adding new BDD representation of endpoint ruleset -* `Aws\WellArchitected` - Adding new BDD representation of endpoint ruleset -* `Aws\BedrockDataAutomation` - Matcher Fallback extends the CustomOutputConfiguration for the Document modality in DataAutomationProjects, enabling a fallback blueprint when no match is found. A FALLBACK match status is returned, improving the matching experience and guaranteeing customers always receive CustomOutputResults. -* `Aws\PartnerCentralSelling` - Adding new BDD representation of endpoint ruleset -* `Aws\CloudWatchRUM` - Adding new BDD representation of endpoint ruleset -* `Aws\finspace` - Adding new BDD representation of endpoint ruleset -* `Aws\SSMContacts` - Adding new BDD representation of endpoint ruleset -* `Aws\NovaAct` - Adding new BDD representation of endpoint ruleset -* `Aws\RTBFabric` - Adding new BDD representation of endpoint ruleset -* `Aws\MediaLive` - AWS Elemental MediaLive now supports Smart Subtitles, a new caption source that uses AWS Elemental Inference to automatically generate WebVTT and TTML captions from source audio. Available in English, Spanish, French, German, Italian, and Portuguese. -* `Aws\ElementalInference` - Added support for smart subtitles in Elemental Inference, enabling automatic generation of subtitles for media content. Available in English, Spanish, French, German, Italian, and Portuguese. -* `Aws\ComputeOptimizer` - Adding new BDD representation of endpoint ruleset -* `Aws\DevOpsAgent` - Adding new BDD representation of endpoint ruleset -* `Aws\PcaConnectorAd` - Adding new BDD representation of endpoint ruleset -* `Aws\LaunchWizard` - Adding new BDD representation of endpoint ruleset -* `Aws\IoTFleetWise` - Adding new BDD representation of endpoint ruleset -* `Aws\BCMDashboards` - Adding new BDD representation of endpoint ruleset -* `Aws\ResourceExplorer2` - Adding new BDD representation of endpoint ruleset -* `Aws\DocDBElastic` - Adding new BDD representation of endpoint ruleset -* `Aws\MPA` - Adding new BDD representation of endpoint ruleset -* `Aws\PartnerCentralBenefits` - Adding new BDD representation of endpoint ruleset -* `Aws\MemoryDB` - Adding new BDD representation of endpoint ruleset -* `Aws\Inspector2` - Adding new BDD representation of endpoint ruleset -* `Aws\WorkSpacesWeb` - Adding new BDD representation of endpoint ruleset -* `Aws\OpenSearchService` - OpenSearch will now support multi-segment paths in JWKS URLs. -* `Aws\imagebuilder` - Adding new BDD representation of endpoint ruleset -* `Aws\SsmSap` - Adding new BDD representation of endpoint ruleset -* `Aws\VoiceID` - Adding new BDD representation of endpoint ruleset -* `Aws\PaymentCryptography` - Adding new BDD representation of endpoint ruleset - -## 3.382.1 - 2026-05-26 - -* `Aws\ResourceGroupsTaggingAPI` - The GetResources API now returns MissingTagKeys in ComplianceDetails, listing tag keys defined as required in the ReportRequiredTagBlock block of the effective tag policy that are absent from the resource. -* `Aws\Billing` - Adding new BDD representation of endpoint ruleset -* `Aws\Odb` - Adding new BDD representation of endpoint ruleset -* `Aws\RolesAnywhere` - Adding new BDD representation of endpoint ruleset -* `Aws\EMRServerless` - Adding new BDD representation of endpoint ruleset -* `Aws\ControlCatalog` - Adding new BDD representation of endpoint ruleset -* `Aws\MedicalImaging` - Adding new BDD representation of endpoint ruleset -* `Aws\ChimeSDKMediaPipelines` - Adding new BDD representation of endpoint ruleset -* `Aws\CleanRooms` - Adding new BDD representation of endpoint ruleset -* `Aws\Pipes` - Adding new BDD representation of endpoint ruleset -* `Aws\Batch` - Increase the maximum value of jobExecutionTimeoutMinutes to support longer job timeouts during compute environment infrastructure updates. -* `Aws\Route53GlobalResolver` - Adding new BDD representation of endpoint ruleset -* `Aws\GuardDuty` - Add malware scan support for Continuous Backups, also known as Point-In-Time Recovery Points (PITR). -* `Aws\AIOps` - Adding new BDD representation of endpoint ruleset -* `Aws\BedrockDataAutomation` - Adding new BDD representation of endpoint ruleset -* `Aws\DevOpsGuru` - Adding new BDD representation of endpoint ruleset -* `Aws\CodeConnections` - Adding new BDD representation of endpoint ruleset -* `Aws\MarketplaceAgreement` - Adding new BDD representation of endpoint ruleset -* `Aws\CleanRoomsML` - Adding new BDD representation of endpoint ruleset -* `Aws\Scheduler` - Adding new BDD representation of endpoint ruleset -* `Aws\ApplicationCostProfiler` - Adding new BDD representation of endpoint ruleset -* `Aws\GreengrassV2` - Adding new BDD representation of endpoint ruleset -* `Aws\IdentityStore` - Adding new BDD representation of endpoint ruleset -* `Aws\Budgets` - AWS Budget Name Validation Documentation Updates. -* `Aws\ResilienceHub` - Adding new BDD representation of endpoint ruleset -* `Aws\KinesisVideoWebRTCStorage` - Adding new BDD representation of endpoint ruleset -* `Aws\ConnectHealth` - Adding new BDD representation of endpoint ruleset -* `Aws\S3Tables` - Adding new BDD representation of endpoint ruleset -* `Aws\SSMQuickSetup` - Adding new BDD representation of endpoint ruleset -* `Aws\OSIS` - Adding new BDD representation of endpoint ruleset -* `Aws\Notifications` - Adding new BDD representation of endpoint ruleset -* `Aws\BedrockAgentCoreControl` - Adding new BDD representation of endpoint ruleset -* `Aws\ChimeSDKIdentity` - Adding new BDD representation of endpoint ruleset -* `Aws\RedshiftServerless` - Adding new BDD representation of endpoint ruleset -* `Aws\ivschat` - Adding new BDD representation of endpoint ruleset -* `Aws\SagemakerEdgeManager` - Adding new BDD representation of endpoint ruleset -* `Aws\ServiceQuotas` - Adding new BDD representation of endpoint ruleset -* `Aws\WorkSpacesThinClient` - Adding new BDD representation of endpoint ruleset -* `Aws\MediaPackageV2` - Adding new BDD representation of endpoint ruleset -* `Aws\DataZone` - Added resourceConfigurations and allowUserProvidedConfigurations fields to environment blueprint configuration APIs, enabling customers who migrated from V1 to V2 domains to update resource configurations (such as lineage schedules) programmatically via the SDK. -* `Aws\ObservabilityAdmin` - Adding new BDD representation of endpoint ruleset -* `Aws\PcaConnectorScep` - Adding new BDD representation of endpoint ruleset -* `Aws\PartnerCentralChannel` - Adding new BDD representation of endpoint ruleset -* `Aws\ManagedBlockchainQuery` - Adding new BDD representation of endpoint ruleset -* `Aws\BedrockAgentCore` - Adding new BDD representation of endpoint ruleset -* `Aws\SageMakerGeospatial` - Adding new BDD representation of endpoint ruleset -* `Aws\KeyspacesStreams` - Adding new BDD representation of endpoint ruleset -* `Aws\AppRunner` - Adding new BDD representation of endpoint ruleset -* `Aws\BCMDataExports` - Adding new BDD representation of endpoint ruleset -* `Aws\Backup` - Launching S3 PITR malware scanning support for AWS Backup -* `Aws\Evs` - Adding new BDD representation of endpoint ruleset -* `Aws\ServiceDiscovery` - Adding new BDD representation of endpoint ruleset -* `Aws\IoTManagedIntegrations` - Adding new BDD representation of endpoint ruleset - -## 3.382.0 - 2026-05-22 - -* `Aws\S3` - Adds `metadata_directive` configuration option to `MultipartCopy`. When set to `'COPY'` (the new default), source object metadata (Metadata, CacheControl, ContentDisposition, ContentEncoding, ContentLanguage, ContentType, Expires) is automatically preserved on the destination object. Set to `'REPLACE'` to suppress automatic metadata copying and provide your own via the `params` option. User-provided values in `params` always take precedence over source metadata. - -* `Aws\IoTWireless` - Adding new BDD representation of endpoint ruleset -* `Aws\Invoicing` - Adds support for idempotency with a new ClientToken field for the CreateInvoiceUnit, DeleteInvoiceUnit, UpdateInvoiceUnit, DeleteProcurementPortalPreference, PutProcurementPortalPreference, and UpdateProcurementPortalPreferenceStatus APIs. -* `Aws\DSQL` - Adding new BDD representation of endpoint ruleset -* `Aws\KafkaConnect` - Adding new BDD representation of endpoint ruleset -* `Aws\SecurityAgent` - Adds support for verification scripts on penetration test findings. Customers can now download executable scripts to independently reproduce confirmed vulnerabilities, with instructions and required environment variables provided for each finding. -* `Aws\LicenseManagerLinuxSubscriptions` - Adding new BDD representation of endpoint ruleset -* `Aws\DataZone` - Add support for VPC connection -* `Aws\Bedrock` - Adding new BDD representation of endpoint ruleset -* `Aws\NotificationsContacts` - Adding new BDD representation of endpoint ruleset -* `Aws\MarketplaceDiscovery` - Adding new BDD representation of endpoint ruleset -* `Aws\EC2` - The ModifyInstanceAttribute API now supports modification of EnclaveOptions for the instance as a typed parameter. -* `Aws\GameLiftStreams` - Added new Gen6 stream classes based on the EC2 G6e instance family. These classes are designed for streaming high-fidelity, graphically demanding games and applications that benefit from additional GPU memory and performance. -* `Aws\ApplicationSignals` - Adding new BDD representation of endpoint ruleset -* `Aws\CodeStarNotifications` - Adding new BDD representation of endpoint ruleset -* `Aws\RecycleBin` - Adding new BDD representation of endpoint ruleset -* `Aws\BedrockAgentRuntime` - Adding new BDD representation of endpoint ruleset -* `Aws\SESv2` - Adding new BDD representation of endpoint ruleset -* `Aws\GeoPlaces` - Adding new BDD representation of endpoint ruleset -* `Aws\NetworkFirewall` - Adding new BDD representation of endpoint ruleset -* `Aws\FraudDetector` - Adding new BDD representation of endpoint ruleset -* `Aws\Outposts` - Adding new BDD representation of endpoint ruleset -* `Aws\PI` - Added ListPerformanceAnalysisReportRecommendations API to retrieve recommendations for a performance analysis report. Added analysis configuration support to CreatePerformanceAnalysisReport for enhanced analysis types such as vacuum analysis. -* `Aws\Schemas` - Adding new BDD representation of endpoint ruleset -* `Aws\PartnerCentralAccount` - Adding new BDD representation of endpoint ruleset -* `Aws\LicenseManagerUserSubscriptions` - Adding new BDD representation of endpoint ruleset -* `Aws\Panorama` - Adding new BDD representation of endpoint ruleset -* `Aws\BCMPricingCalculator` - Adding new BDD representation of endpoint ruleset -* `Aws\QConnect` - Added guardrail assessment results to inference spans in the ListSpans API. You can now see which AI Guardrail policies were evaluated, whether content was blocked or masked, and per-policy details for each Bedrock Converse call -* `Aws\Neptunedata` - Adding new BDD representation of endpoint ruleset -* `Aws\ForecastService` - Adding new BDD representation of endpoint ruleset -* `Aws\BCMRecommendedActions` - Adding new BDD representation of endpoint ruleset -* `Aws\EMRContainers` - Adding new BDD representation of endpoint ruleset -* `Aws\SimSpaceWeaver` - Adding new BDD representation of endpoint ruleset -* `Aws\B2bi` - Adding new BDD representation of endpoint ruleset -* `Aws\GlueDataBrew` - Adding new BDD representation of endpoint ruleset -* `Aws\ControlTower` - Adding new BDD representation of endpoint ruleset -* `Aws\MigrationHubRefactorSpaces` - Adding new BDD representation of endpoint ruleset -* `Aws\CustomerProfiles` - Adding new BDD representation of endpoint ruleset -* `Aws\ForecastQueryService` - Adding new BDD representation of endpoint ruleset -* `Aws\OAM` - Adding new BDD representation of endpoint ruleset -* `Aws\FreeTier` - Adding new BDD representation of endpoint ruleset -* `Aws\InternetMonitor` - Adding new BDD representation of endpoint ruleset -* `Aws\S3Vectors` - Adding new BDD representation of endpoint ruleset -* `Aws\SSOOIDC` - Adding new BDD representation of endpoint ruleset -* `Aws\Tnb` - Adding new BDD representation of endpoint ruleset -* `Aws\CloudControlApi` - Adding new BDD representation of endpoint ruleset -* `Aws\IVSRealTime` - Adding new BDD representation of endpoint ruleset -* `Aws\Repostspace` - Adding new BDD representation of endpoint ruleset -* `Aws\AppConfig` - Adding new BDD representation of endpoint ruleset - -## 3.381.6 - 2026-05-21 - -* `Aws\NetworkManager` - Adding new BDD representation of endpoint ruleset -* `Aws\ApiGatewayV2` - Adding new BDD representation of endpoint ruleset -* `Aws\AppStream` - Adding new BDD representation of endpoint ruleset -* `Aws\Route53Resolver` - Adding new BDD representation of endpoint ruleset -* `Aws\MarketplaceEntitlementService` - Adding new BDD representation of endpoint ruleset -* `Aws\ACM` - Adding new BDD representation of endpoint ruleset -* `Aws\IoTJobsDataPlane` - Adding new BDD representation of endpoint ruleset -* `Aws\TranscribeService` - Adding new BDD representation of endpoint ruleset -* `Aws\VerifiedPermissions` - Support hard deleting policy store aliases. Users can now delete an alias and immediately reassign it to a different policy store without waiting for the soft-delete retention period. -* `Aws\CleanRooms` - Collaboration creators can update payment configurations without recreating the collaboration. When multiple payer candidates are configured for a cost type, analysis runners can specify the actual payer at submission time, providing granular control over billing. -* `Aws\MediaTailor` - Adding new BDD representation of endpoint ruleset -* `Aws\Kafka` - Adding new BDD representation of endpoint ruleset -* `Aws\Comprehend` - Adding new BDD representation of endpoint ruleset -* `Aws\ComprehendMedical` - Adding new BDD representation of endpoint ruleset -* `Aws\MediaConnect` - Adds support for controlling the timecode source of NDI flow outputs. -* `Aws\Connect` - Adding new BDD representation of endpoint ruleset -* `Aws\KinesisVideoArchivedMedia` - Adding new BDD representation of endpoint ruleset -* `Aws\CodeGuruProfiler` - Adding new BDD representation of endpoint ruleset -* `Aws\ACMPCA` - Adding new BDD representation of endpoint ruleset -* `Aws\CodeArtifact` - Adding new BDD representation of endpoint ruleset -* `Aws\SSOAdmin` - Adding new BDD representation of endpoint ruleset -* `Aws\Evs` - A new GetDepotUrl API has been added to retrieve a URL for accessing Amazon EVS custom addon packages. Customers can use this URL to configure vSphere Lifecycle Manager (vLCM) as an online depot source, enabling upgrades of addon components across ESXi hosts. -* `Aws\KendraRanking` - Adding new BDD representation of endpoint ruleset -* `Aws\CleanRoomsML` - Collaboration creators can update payment configurations without recreating the collaboration. When multiple payer candidates are configured for a cost type, analysis runners can specify the actual payer at submission time, providing granular control over billing. -* `Aws\SageMakerMetrics` - Adding new BDD representation of endpoint ruleset -* `Aws\AppRegistry` - Adding new BDD representation of endpoint ruleset -* `Aws\signer` - Adding new BDD representation of endpoint ruleset -* `Aws\MigrationHubConfig` - Adding new BDD representation of endpoint ruleset -* `Aws\BedrockAgentCoreControl` - Adds dataset management APIs for creating, versioning, and managing evaluation datasets. -* `Aws\Cloud9` - Adding new BDD representation of endpoint ruleset -* `Aws\GuardDuty` - Adding new BDD representation of endpoint ruleset -* `Aws\EKS` - Adding new BDD representation of endpoint ruleset -* `Aws\Textract` - Adding new BDD representation of endpoint ruleset -* `Aws\Backup` - Adding new BDD representation of endpoint ruleset -* `Aws\APIGateway` - Adding new BDD representation of endpoint ruleset -* `Aws\HealthLake` - Adding new BDD representation of endpoint ruleset -* `Aws\ServerlessApplicationRepository` - Adding new BDD representation of endpoint ruleset -* `Aws\SecurityHub` - Adding new BDD representation of endpoint ruleset -* `Aws\DLM` - Adding new BDD representation of endpoint ruleset -* `Aws\MigrationHubOrchestrator` - Adding new BDD representation of endpoint ruleset -* `Aws\QApps` - Adding new BDD representation of endpoint ruleset -* `Aws\FMS` - Adding new BDD representation of endpoint ruleset -* `Aws\DataSync` - Adding new BDD representation of endpoint ruleset -* `Aws\BedrockRuntime` - Adding new BDD representation of endpoint ruleset -* `Aws\QuickSight` - Adding new BDD representation of endpoint ruleset -* `Aws\FSx` - Adding new BDD representation of endpoint ruleset -* `Aws\WorkMail` - Adding new BDD representation of endpoint ruleset -* `Aws\GlobalAccelerator` - Adding new BDD representation of endpoint ruleset -* `Aws\Batch` - Clarified CreateComputeEnvironment parameter requirements - serviceRole is required for UNMANAGED compute environments, allocationStrategy is required for EKS compute environments, and compute environments must be created in the ENABLED state. -* `Aws\BedrockAgent` - Adding new BDD representation of endpoint ruleset -* `Aws\Pricing` - Adding new BDD representation of endpoint ruleset -* `Aws\SageMaker` - Add support for disabling home EFS file system creation on SageMaker domains. -* `Aws\Translate` - Adding new BDD representation of endpoint ruleset - -## 3.381.5 - 2026-05-20 - -* `Aws\KMS` - AWS KMS now supports creating grants for AWS service principals using new GranteeServicePrincipal and RetiringServicePrincipal parameters. This release adds SourceArn grant constraint and three condition keys for controlling CreateGrant access. For more information, see Grants in AWS KMS. -* `Aws\PaymentCryptographyData` - GenerateAuthRequestCryptogram API launch. -* `Aws\BedrockRuntime` - Supporting Request Metadata for Invoke Model and Invoke Model with Response Stream -* `Aws\MWAA` - Updated API documentation to describe the PublicAndPrivate webserver access mode. -* `Aws\CustomerProfiles` - Amazon Connect Customer Profiles adds support for item catalog columns in RecommenderSchema, ExcludedColumns in Create and Update Recommender to specify columns to exclude from training, and the ability to disable automatic retraining by setting TrainingFrequency to 0. - -## 3.381.4 - 2026-05-19 - -* `Aws\BedrockAgentCore` - Add RetryableConflictException (HTTP 409) to InvokeAgentRuntime and StopRuntimeSession to prevent orphaned VMs during concurrent session access. The SDK automatically retries this exception with backoff. Enforcement is not yet active and will be enabled in a future service update. -* `Aws\GuardDuty` - Adding support for exposure and vulnerability context from AWS Security Hub in GuardDuty Extended Threat Detection attack sequence findings. -* `Aws\DevOpsAgent` - Added a new serviceType mcpserversigv4 service and association. This provides feature to register MCP sigv4 authorization based MCPs -* `Aws\RTBFabric` - This release is to deprecate 'inboundLinksCount' field in GetResponderGateway response and introduce the new field 'linksRequestedCount' to replace it. -* `Aws\ManagedGrafana` - Introduce degraded workspace status as a possible Amazon Managed Grafana workspace status, and a new field named degraded workspace reason which informs customers why the workspace is degraded in the DescribeWorkspace API response. -* `Aws\SageMaker` - Add support for ml.p5.4xlarge and ml.p5en.48xlarge instances on SageMaker Notebook Instances Platform. - -## 3.381.3 - 2026-05-18 - -* `Aws\QuickSight` - Support for dataset enrichment and geo spatial in new data preparation experience -* `Aws\IVS` - Adds support for up to 3 mediaTailorPlaybackConfiguration objects in an ad configuration resource -* `Aws\Connect` - Amazon Connect Cases now supports SLA durations of up to 2 years (1,051,200 minutes), increased from the previous maximum of 90 days (129,600 minutes). This enables you to track long-running service level agreements for cases that require extended resolution timelines. -* `Aws\Evs` - Amazon EVS now supports up to 32 hosts per EVS environment, increasing the previous host limit to allow a larger scale of VMware workload deployments and reduce operational overhead. -* `Aws\ECS` - Amazon ECS now supports Pause lifecycle hooks for service deployments, allowing customers to automatically pause deployments at specified stages and use the new ContinueServiceDeployment API to continue or roll back with confidence. -* `Aws\AccessAnalyzer` - Services manage service-linked analyzers through dedicated APIs - CreateServiceLinkedAnalyzer and DeleteServiceLinkedAnalyzer that separate service-linked specific operations from customer-managed operations. It also shows up in ListAnalyzers and GetAnalyzer responses. -* `Aws\EC2` - Amazon VPC IP Address Manager (IPAM) now supports tags on IPAM pool allocations, enabling all standard tagging features for allocations including tag-on-create. - -## 3.381.2 - 2026-05-15 - -* `Aws\` - Fix circular reference cycles caused by non-static middleware closures implicitly capturing $this in AwsClient, GlacierClient, Route53Client, S3Client, S3MultiRegionClient, and Middleware. -* `Aws\CloudWatchLogs` - Updating the max limit for start query api parameter. -* `Aws\PartnerCentralSelling` - Enable TCV intake on Opportunity to improve Opportunities Hygiene and downstream revenue attribution. -* `Aws\MediaPackageV2` - This release adds support for AvailabilityStartTimeConfiguration in MediaPackageV2 DASH manifests - -## 3.381.1 - 2026-05-14 - -* `Aws\ManagedGrafana` - Adds support for dual-stack (IPv4 and IPv6) connectivity to Amazon Managed Grafana workspaces. Customers can configure the ipAddressType parameter when creating or updating a workspace to choose between IPv4-only or dual-stack (IPv4 and IPv6) access. -* `Aws\QConnect` - ListModels is an API that returns the available AI models for a Connect Assistant based on its region and AI prompt type. -* `Aws\DataZone` - Adds support for SageMaker Unified Studio notebook operations, including notebook import and export -* `Aws\CloudFront` - Adding a new boolean for OCSP Revocations in Viewer mTLS Create and Update APIs, and adding a new 'Passthrough' option for TrustStore modes -* `Aws\Bedrock` - Advanced Prompt Optimization (AdvPO) allows you to optimize and migrate your prompts for any model on Bedrock by automatically evaluating responses and rewriting prompts to improve performance. This release provides a programmatic way to create, get, list, stop, and delete AdvPO jobs. -* `Aws\mgn` - Introducing new option for security groups mapping - with MAP-DHCP the service translates security rules from your source environment with DHCP compatibility. -* `Aws\DatabaseMigrationService` - Add 9 SDK waiters for DMS Schema Conversion async operations. Eliminates manual polling for import, assessment, conversion, export, and creation jobs. -* `Aws\Glue` - Release --has-databases parameter for AWS Glue get-catalogs API, which filters catalog responses to include only those capable of containing databases, excluding parent catalogs that hold only other catalogs. Remove model-level validation on partition index list size for AWS Glue tables. - -## 3.381.0 - 2026-05-13 - -* `Aws\Endpoints` - Introduces endpoint resolution through a BDD rules based evaluation. - -- Add BDD-based endpoint resolution alongside the existing Tree Ruletset Evaluator. -- Introduce a Bdd package under EndpointV2 namespace containing utilities and components used for resolving an endpoint through BDDs. -- Enhance the EndpointDefinitionProvider to resolve the endpoint rule definitions by giving preference to BDDs "endpoint-bdd-1.json" rules over tree based rules. -- Enhance EndpointProviderV2 to support both, BDD endpoint resolution and Tree - endpoint resolution but also giving preference to BDD resolution. - How is it done? - - The parameter $ruleset now supports instances of BddRuleset, besides of array to preserve existent behavior, and when an instance of BddRuleset is present then a BDD Evaluator is instantiated which will be used to resolve the endpoint. - - Otherwise, if an array or an instance of Ruleset is passed in then, we resolve the endpoint with the Tree based endpoint resolution, which is the current behavior. -- Add a new method "getActiveParameters" in EndpointProviderV2 that is used by - the EndpointV2Middleware to get the active parameters, which internally it just evaluates which rule set property we should be getting the parameters from, either from $bddRuleset if not null or from $ruleset. -- Enhance EndpointV2Middleware to consume the new getActiveParameters. - -* `Aws\ConnectCampaignsV2` - This release added support for Outbound Campaign timezone detection using all available contact methods -* `Aws\Glue` - AWS Glue now defaults the job timeout to 480 minutes for Glue version 5.0 and later when no timeout value is specified. The default remains 2,880 minutes for Glue version 4.0 and earlier. -* `Aws\Batch` - Adds a billing callout to docs regarding using the CE Scale Down Delay feature -* `Aws\DSQL` - Added support for Amazon Aurora DSQL change data capture (CDC) streams that deliver row-level database changes to Amazon Kinesis in JSON format. Includes CreateStream, GetStream, ListStreams, and DeleteStream operations. -* `Aws\Lightsail` - Added OriginIpAddressTypeEnum (ipv4, ipv6, dualstack) and ipAddressType field to Origin and InputOrigin structures for Lightsail CDN distributions. Allows customers to specify how the distribution connects to origins, using IPv4, IPv6, or dualstack networking -* `Aws\BedrockAgentCoreControl` - Adds support for read-only summary APIs for Policy Engine, Policy, and Policy Generation resources, enabling metadata retrieval without KMS decryption for AWS Config integration. -* `Aws\BillingConductor` - Add ConflictException to UpdateCustomLineItem operation. -* `Aws\OpenSearchService` - Adds support for AutomatedSnapshotPauseOptions. -* `Aws\PartnerCentralAccount` - Added ServiceQuotaExceededExceptions for Profile operations -* `Aws\EC2` - Include length limits in the SDK and documentation for text fields in Image (AMI) APIs such as the image name and description -* `Aws\SocialMessaging` - Adds parameters to call the GetWhatsAppMessageTemplate and UpdateWhatsAppMessageTemplate APIs with a template name and language code in place of the template ID. Linked WhatsApp accounts also describe whether the WABA is onboarded to Meta's Marketing Messages API. -* `Aws\Redshift` - Added rg.xlarge and rg.4xlarge to valid NodeType values and updated documentation for CreateCluster, ModifyCluster, ResizeCluster, and RestoreFromClusterSnapshot APIs to reflect RG node type support. -* `Aws\Connect` - This change added three new EventSourceName for schedule notification feature -* `Aws\SageMaker` - Adds execution role session name mode to reflect user identity in Studio. Adds Flexible Training Plans on Studio apps. Adds restricted model packages to control access to proprietary model artifacts via IAM. Fixed instance type parity between inference endpoints and managed shadow tests. -* `Aws\SecurityAgent` - Add support for code reviews, a new resource type that enables automated security-focused static analysis of source code repositories. -* `Aws\PCS` - Add support for Amazon EC2 Interruptible-ODCR -* `Aws\ConnectCases` - Amazon Connect Cases now supports SLA durations of up to 2 years (1,051,200 minutes), increased from the previous maximum of 90 days (129,600 minutes). This enables you to track long-running service level agreements for cases that require extended resolution timelines. -* `Aws\RTBFabric` - Customers can now configure custom domain names for their RTB Fabric gateways. This enables partners to use their own branded domain for RTB traffic instead of the default rtbfabric endpoint -* `Aws\ARCRegionSwitch` - Adds support for enabling and disabling Lambda event source mappings in Region switch plans. -* `Aws\ElasticsearchService` - Adds support for AutomatedSnapshotPauseOptions. -* `Aws\QuickSight` - Adds five new custom permission option for Quick Apps so that these capabilities can be controlled by public SDK and CLI. -* `Aws\SFN` - Updated default SDK endpoints for AWS Step Functions in AWS GovCloud (US) regions. The default Dual-Stack endpoints now resolve to "states-fips" prefixed hostnames. There are no changes to service behavior. No customer action is required. - -## 3.380.3 - 2026-05-07 - -* `Aws\Route53Resolver` - Adds supports for DNS64 on inbound endpoints and IPv6 forwarding through the internet gateway (IGW) on outbound endpoints, making it easier to manage hybrid DNS across IPv4 and IPv6 networks. -* `Aws\BedrockAgentCoreControl` - Launching AgentCore payments - a capability that provides secure, instant microtransaction payments for AI agents to access paid APIs, MCP servers, and content. It handles payment processing for x402 protocol, payment limits, and 3P wallet integrations with Coinbase CDP and Stripe (Privy). -* `Aws\EC2` - DescribeInstanceTypes now accepts an IncludeUnsupportedInRegion parameter. When set, the response also lists instance types that are not available in the current Region. Each instance type includes a SupportedInRegion field indicating its regional availability. -* `Aws\BedrockAgentCore` - Launching AgentCore payments - a capability that provides secure, instant microtransaction payments for AI agents to access paid APIs, MCP servers, and content. It handles payment processing for x402 protocol, payment limits, and 3P wallet integrations with Coinbase CDP and Stripe (Privy). -* `Aws\GuardDuty` - This is a documentation update -* `Aws\Invoicing` - Updated ListInvoiceSummaries API to add new ReceiverRole filter in Request and Response -* `Aws\BCMDataExports` - With this release, customers can configure their data exports to generate additional integration artifacts for Athena and Redshift. - -## 3.380.2 - 2026-05-06 - -* `Aws\imagebuilder` - The ImportDiskImage API now enforces a maximum character limit of 128 characters on the image name field. -* `Aws\MWAA` - Amazon MWAA now supports a PublicAndPrivate webserver access mode. The Airflow web server is accessible over both public and private endpoints, enabling workers in VPCs without internet access to reach the Task API privately while retaining public access to the Airflow UI. -* `Aws\S3` - Validate outpost access point resource name -* `Aws\BedrockAgentCoreControl` - Adds support for bring-your-own file system in AgentCore Runtime. Developers can mount Amazon S3 Files and Amazon EFS access points directly into agent sessions using filesystemConfigurations. -* `Aws\LexModelsV2` - Amazon Lex V2 introduces audio filler support for speech-to-speech bots. Configure melody or typing sounds that play during backend processing to reduce perceived latency and maintain a natural conversational experience for callers. -* `Aws\Glue` - Adds support for a CustomLogGroupPrefix parameter in StartDataQualityRulesetEvaluationRun to specify custom CloudWatch log group paths, and a RulesetName filter in ListDataQualityRulesetEvaluationRuns to filter evaluation runs by ruleset name. -* `Aws\SageMaker` - Amazon SageMaker HyperPod now returns ImageVersionStatus in DescribeCluster, DescribeClusterNode, and ListClusterNodes responses, indicating whether cluster instances are running the latest available image version. -* `Aws\SecurityHub` - Release GenerateRecommendedPolicyV2 and GetRecommendedPolicyV2 APIs. This supports generating and retrieving policy recommendations to remediate unused permissions findings that are now being supported on Security Hub. - -## 3.380.1 - 2026-05-05 - -* `Aws\CleanRoomsML` - Increase max configurable output limits in the Clean Rooms ML configured model algorithm association resource. -* `Aws\Route53Domains` - This release adds the TLDInMaintenance exception. -* `Aws\SageMaker` - Adds support for ml.p5.4xlarge instance type for SageMaker Studio JupyterLab and CodeEditor apps for IAD (us-east-1), NRT (ap-northeast-1), BOM (ap-south-1), CGK (ap-southeast-3), GRU (sa-east-1), PDX (us-west-2), CMH (us-east-2). -* `Aws\OpenSearchService` - Amazon OpenSearch Service now supports VPC egress, enabling outbound traffic from your OpenSearch domain to route privately through your VPC instead of the public internet. -* `Aws\MedicalImaging` - Add support for DICOM Json Metadata Override features in startDICOMImportJob API -* `Aws\MarketplaceAgreement` - With this release, Agreements API provides a programmatic way to generate quotes, accept offers, track charges and entitlements, manage renewals and cancellations, and streamline operations entirely through APIs without navigating to the AWS Marketplace website or AWS Management Console. -* `Aws\MediaTailor` - Added support for Monetization Functions. Monetization Functions let you enrich ad requests with external data and transform session parameters using JSONata expressions, without deploying custom infrastructure. -* `Aws\CloudFront` - Adds support for tagging CloudFront Functions and KeyValueStores resources. - -## 3.380.0 - 2026-05-04 - -* `Aws\Retries` - Adds an opt-in new retry behavior. Set AWS_NEW_RETRIES_2026=true to enable the new path. When the env var is unset (the default), retry behavior is unchanged from previous releases. With the flag enabled, the SDK switches the default retry mode from 'legacy' to 'standard', adopts a throttling-aware token-bucket retry quota (cost 14 for non-throttling, 5 for throttling), reduces the non-throttling base backoff to 50ms, checks max-attempts before quota, honors the x-amz-retry-after header, sleeps without retrying on long-polling operations (SQS, SFN, SWF) when the quota is exhausted, and lets custom deciders supplement (rather than replace) built-in retryability checks. DynamoDB defaults to 4 attempts with a 25ms base; STS treats IDPCommunicationError as transient; S3's existing custom decider keeps its socket carve-out. The flag is intended as an opt-in for early adopters and will become the default in a future release. -* `Aws\GeoRoutes` - Added support for TravelTimeExceedsDriverWorkHours, ViolatedBlockedRoad, and ViolatedVehicleRestriction notice codes to the CalculateRoutes API response. -* `Aws\MediaLive` - Updates the type of the MediaLiveRouterOutputConnectionMap. -* `Aws\BedrockAgentCoreControl` - Amazon Bedrock AgentCore gateways now support MCP Sessions and response streaming from MCP targets. Session timeouts can be set between 15 minutes and 8 hours, and response streaming enables forwarding stream events sent by MCP targets to gateway users. -* `Aws\EC2` - This feature allows customers to change the tunnel bandwidth on existing VPN connections using the ModifyVpnConnectionOptions API -* `Aws\CloudWatchLogs` - Adding an additional optional deliverySourceConfiguration field to PutDeliverySource API. This enables customers to pass service-specific configurations through IngestionHub such as tracing enablement or sampling rates that will be propagated to the source resource. -* `Aws\SecurityAgent` - AWS Security Agent is adding a new target domain verification method for private VPC penetration testing. Additionally, the target domain resource will now have a verification status reason field to surface additional details about domain verification -* `Aws\LexModelBuildingService` - Lex V1 is deprecated, use Lex V2 instead -* `Aws\VPCLattice` - Amazon VPC Lattice now supports privately resolvable DNS resources - -## 3.379.11 - 2026-05-01 - -* `Aws\` - Use WeakReference in PresignUrlMiddleware and EndpointDiscoveryMiddleware to prevent circular reference memory leaks. -* `Aws\QConnect` - Added reasoning details, statusDescription, and timeToFirstTokenMs fields to the ListSpans response in Amazon Q in Connect to provide visibility into model thinking, error diagnostics, and inference latency metrics. -* `Aws\CloudWatchLogs` - Adds support for filtering log groups by tags in the ListLogGroups API via the new logGroupTags parameter. -* `Aws\EntityResolution` - Add support for transitive matching in AWS Entity Resolution rule-based matching workflows. When enabled, records that match through different rules are grouped together into the same match group, allowing related records to be connected across rule levels. -* `Aws\CloudWatch` - This release adds tag support for CloudWatch Dashboards. The PutDashboard API now accepts a Tags parameter, allowing you to tag dashboards at creation time. Additionally, the TagResource, UntagResource, and ListTagsForResource APIs now support dashboard ARNs as resources. -* `Aws\QuickSight` - Add IdentityProviderCACertificatesBundleS3Uri for private CA certs with OAuth datasources. 256-char limit for FontFamily in themes. ControlTitleFormatText on all 13 filters. ControlTitleFontConfiguration. ContextRegion for cross-region identity context. Story,scenario in CreateCustomCapability API. -* `Aws\AppStream` - Amazon WorkSpaces Applications now enables AI agents to securely operate desktop applications. Administrators configure stacks to provide agents access to WorkSpaces. Agents can click, type, and take screenshots. Agents authenticate with AWS IAM credentials with activity logged in AWS CloudTrail. -* `Aws\IAM` - Added guidance for CreateOpenIDConnectProvider to include multiple thumbprints when OIDC discovery and JWKS endpoints use different hosts or certificates -* `Aws\IoT` - AWS IoT HTTP rule actions now support cross-topic batching, combining messages from different MQTT topics into single HTTP requests. - -## 3.379.10 - 2026-04-30 - -* `Aws\BedrockAgentCore` - AgentCore Identity now supports on-behalf-of token exchange OAuth2. AgentCore Memory now supports metadata for LongTerm Memory Records. -* `Aws\EKS` - Vended logs update param for capability vended logs feature -* `Aws\ObservabilityAdmin` - Observability Admin enablement launch for AWS Kafka, Bedrock Agent Core Workload Identity and OTel metric enablement. -* `Aws\Kafka` - Adds support for ZookeeperAccess field to control the Client-Zookeeper connectivity. -* `Aws\DataZone` - Adds support for asynchronous notebook runs -* `Aws\PaymentCryptography` - Adds support for resource-based policies on AWS Payment Cryptography keys, enabling cross-account key sharing. Also adds Multi-Party Approval (MPA) team association APIs for protecting sensitive import root public key operations. -* `Aws\SSOAdmin` - Add InstanceArn and IdentityStoreArn in the response of CreateApplication API and IdentityStoreArn in the response of DescribeApplication API -* `Aws\SageMaker` - Add InstancePools support to Endpoint for flexible provisioning across a prioritized list of instance types. Add Specifications support to InferenceComponent for per-instance-type model configurations. -* `Aws\Route53GlobalResolver` - Adds support for regions in the UpdateGlobalResolver input. -* `Aws\BedrockAgentCoreControl` - AgentCore Identity now supports on-behalf-of token exchange OAuth2. AgentCore Memory now supports metadata for LongTerm Memory Records. - -## 3.379.9 - 2026-04-29 - -* `Aws\Deadline` - Adds support for rtx-pro-server-6000 GPU accelerator for service-managed fleets. -* `Aws\ECR` - Removes support for registry policy V1 -* `Aws\BedrockAgentCore` - Adds batch evaluation for running evaluators against multiple agent sessions with server-side orchestration, AI-powered recommendations for optimizing system prompts and tool descriptions, and AB testing with controlled traffic splitting and statistical significance reporting -* `Aws\BedrockAgentCoreControl` - Adds configuration bundles for versioned, immutable agent configuration snapshots with branch-based lineage -* `Aws\MediaPackageV2` - This feature adds configuration for specifying SCTE marker handling and allow greater control over generated manifest and segment URIs -* `Aws\CloudFront` - Amazon CloudFront now supports cache tag. Tag objects via response headers and invalidate all matching objects in a single request, replacing manual URL tracking and broad wildcards. -* `Aws\Transfer` - This launch will increase the limits for customers to list the contents from the remote directories from 10k to 200k. -* `Aws\GameLift` - Amazon GameLift Servers adds a new DescribeContainerGroupPortMappings API for container fleets, making it easy to discover which connection ports map to your container ports without needing to remotely access the compute. -* `Aws\Account` - Adds AccountState in the response for the GetAccountInformation API. Each state represents a specific phase in the account lifecycle. Use this information to manage account access, automate workflows, or trigger actions based on account state changes. -* `Aws\WorkSpacesWeb` - Allow admins to configure IPv6 ranges on IP Access Settings. - -## 3.379.8 - 2026-04-27 - -* `Aws\OpenSearchService` - Amazon OpenSearch Service now supports JWKS URL configuration for JWT authentication -* `Aws\mgn` - Added network modernization support, enabling customers to edit, resize, merge, and split VPCs and subnets during migration while retaining functional, non-conflicting IP addresses. -* `Aws\Omics` - Enable Public Internet or VPC configuration to BatchRun -* `Aws\CloudWatchLogs` - Adds support for selecting all logs sources and types in a single association. -* `Aws\GameLiftStreams` - Adds Proton 10.0-4 to the list of runtime environment options available when creating an Amazon GameLift Streams application -* `Aws\ApplicationSignals` - Application Signals now supports creating composite Service Level Objectives on Service Operations. Users can now create service SLO on multiple operations. -* `Aws\WorkSpaces` - Added support for Protocol as modified resource and added update failure as modification state -* `Aws\IVS` - Adds tags parameter to the CreateAdConfiguration operation -* `Aws\KMS` - KMS GetKeyLastUsage API provides information on the last successful cryptographic operation performed on KMS keys. This new API provides KMS customers with the last timestamp, CloudTrail eventId, and the cryptographic operation that was performed on the key. -* `Aws\Glue` - Addition of AdditionalAuditContext to GetPartition, GetPartitions, GetTableVersion, and GetTableVersions -* `Aws\BillingConductor` - Add support for Passthrough pricing plan -* `Aws\SageMaker` - Updated API documentation for endpoint MetricsConfig. Added details on supported metric publish frequencies and clarified how EnableEnhancedMetrics controls utilization and invocation metric behavior. - -## 3.379.7 - 2026-04-24 - -* `Aws\ConnectHealth` - Corrected CreateWebAppConfiguration documentation. Adding slash as an allowed character for the Ambient documentation agent to allow pronoun specifications. -* `Aws\Connect` - Amazon Connect is expanding attachment capabilities to give customers greater flexibility and control. Currently limited to predefined file types, the new feature will allow contact center administrators to customize which file extensions and sizes are supported across chat, email, tasks, and cases. -* `Aws\BedrockAgentCoreControl` - Added support for configuring identity providers and inbound authorizers within a private VPC for AWS Bedrock AgentCore, enabling secure network connection without public internet access -* `Aws\Transfer` - AWS Transfer Family now support configurable IP address types for Web Apps of type VPC, enabling customers to select IPv4-only or dual-stack (IPv4 and IPv6) configurations based on their network requirements. -* `Aws\CloudWatchLogs` - Adding nextToken and maxItems to the GetQueryResults API. -* `Aws\Evs` - EVS now supports i7i.metal-24xl EC2 bare metal instance type, delivering high random IOPS performance with real-time latency, ideal for IO intensive and latency-sensitive workloads such as transactional databases, real-time analytics, and AI ML pre-processing. - -## 3.379.6 - 2026-04-23 - -* `Aws\OpenSearchService` - Amazon OpenSearch UI applications now support cross-Region domain association, enabling you to connect OpenSearch Dashboards in one AWS Region to OpenSearch domains in other Regions within the same partition for centralized data visualization. -* `Aws\IoTManagedIntegrations` - Adds "Status" field to provisioning profile operation response types, giving users visibility into the readiness of a provisioning profile to be used for device provisioning. -* `Aws\DataZone` - Releasing For LakehouseProperties attributes in the Connections API's -* `Aws\PCS` - This release adds support for Slurm 25.11 with expedited requeue enabled by default for jobs failing due to node issues, configurable requeue delay, health checks at node startup only, and unauthenticated HTTP endpoints disabled by default for improved security. - -## 3.379.5 - 2026-04-22 - -* `Aws\Lambda` - Add Ruby 4.0 (ruby4.0) support to AWS Lambda. -* `Aws\S3` - This release adds five additional checksum algorithms for S3 data integrity (MD5, SHA-512, XXHash3, XXHash64, XXHash128) and support for S3 Inventory on directory buckets (S3 Express One Zone). -* `Aws\IVS` - Adds support for Amazon IVS server-side ad insertion -* `Aws\BedrockAgentCoreControl` - Adds support for Amazon Bedrock AgentCore Harness control plane APIs, enabling customers to create, manage, and configure managed agent loops with customizable models, tools, memory, and isolated execution environments. -* `Aws\S3Control` - This release adds support for five additional checksum algorithms for data integrity checking in Amazon S3 - MD5, SHA-512, XXHash3, XXHash64, and XXHash128. -* `Aws\BedrockAgentCore` - Adds support for Amazon Bedrock AgentCore Harness data plane APIs, enabling customers to invoke managed agent loops and execute commands on live agent sessions with streaming responses. -* `Aws\EMRServerless` - This release adds support for Spark connect sessions starting with release label emr-7.13.0. -* `Aws\EC2` - Managed resource visibility settings control whether resources that AWS services provision on your behalf within your AWS account appear in your Amazon console views and API list operations. -* `Aws\Batch` - Support of S3Files volume type, container start and stop timeouts. -* `Aws\OpenSearchService` - Adds support for RollbackServiceSoftwareUpdate API -* `Aws\OSIS` - Update the pipeline configuration body character limit for the CreatePipeline API call. -* `Aws\ECS` - GPU health monitoring and auto-repair for ECS Managed Instances -* `Aws\IoTWireless` - Enable customers to optionally specify a desired confidence level for Cellular and WiFi position estimates. Customers can use this to trade off confidence level and radius of uncertainty based on their needs. - -## 3.379.4 - 2026-04-21 - -* `Aws\ComprehendMedical` - This release adds Smithy RPC v2 CBOR as an additional protocol alongside the existing AWS JSON 1.1. The SDK will prioritize its most performant protocol. -* `Aws\MarketplaceEntitlementService` - This release adds Smithy RPC v2 CBOR as an additional protocol alongside the existing AWS JSON 1.1. The SDK will prioritize its most performant protocol. -* `Aws\SageMaker` - SageMaker AI now supports generative AI inference recommendations. Provide your model and workload, and SageMaker AI optimizes configurations, benchmarks them on real GPUs, and returns deployment-ready recommendations with validated metrics, accelerating the path to production from weeks to hours. -* `Aws\GameLift` - This release adds Smithy RPC v2 CBOR as an additional protocol alongside the existing AWS JSON 1.1. The SDK will prioritize its most performant protocol. -* `Aws\NetworkFirewall` - Support for new types of partner managed rulegroups for Network Firewall Service -* `Aws\ComputeOptimizerAutomation` - This release adds Smithy RPC v2 CBOR as an additional protocol alongside the existing AWS JSON 1.0. The SDK will prioritize its most performant protocol. -* `Aws\CognitoIdentityProvider` - Adding dutch language support for Cognito Managed Login and Terms on Console -* `Aws\ComputeOptimizer` - This release adds Smithy RPC v2 CBOR as an additional protocol alongside the existing AWS JSON 1.0. The SDK will prioritize its most performant protocol. -* `Aws\Snowball` - This release adds Smithy RPC v2 CBOR as an additional protocol alongside the existing AWS JSON 1.1. The SDK will prioritize its most performant protocol. - -## 3.379.3 - 2026-04-20 - -* `Aws\BedrockAgentCoreControl` - Supporting listingMode for AgentCore Gateway MCP server targets -* `Aws\Kafka` - Amazon MSK Replicator now supports data migration from external Apache Kafka clusters to Amazon MSK Express brokers. This release adds SaslScram authentication with TLS encryption, enhanced consumer offset synchronization, and customer log forwarding for troubleshooting. -* `Aws\LocationService` - This release adds support for new Job APIs for bulk workloads. The initial job type supported is Address Validation. The new APIs added are StartJob, CancelJob, ListJobs, and GetJob. -* `Aws\Evs` - Amazon EVS now allows you to create connectors to your vCenter appliances and create Windows Server entitlements for virtual machines running in your EVS environments -* `Aws\ObservabilityAdmin` - Enablement for Security Hub v2 via Observability Admin Telemetry Rule for account and organization level. -* `Aws\EC2` - Added Transit Gateway Integration into AWS Client VPN. -* `Aws\GuardDuty` - Expanded support for new suppression rule fields. -* `Aws\ApplicationSignals` - Releasing Second phase of SLO Recommendations where you can create recommended SLOs out-of-the box using CreateSLO API - -## 3.379.2 - 2026-04-17 - -* `Aws\ConnectCampaignsV2` - This release adds support for campaign entry limits configuration and hourly refresh frequency in Amazon Connect Outbound Campaigns. -* `Aws\STS` - The STS client now supports configuring SigV4a through the auth scheme preference setting. SigV4a uses asymmetric cryptography, enabling customers using long-term IAM credentials to continue making STS API calls even when a region is isolated from the partition leader. -* `Aws\GroundStation` - Adds support for updating contacts, listing antennas, and listing ground station reservations. New API operations - UpdateContact, ListContactVersions, DescribeContactVersion, ListAntennas, and ListGroundStationReservations. -* `Aws\CleanRooms` - This release adds support for configurable spark properties for Cleanrooms PySpark workloads. -* `Aws\Neptune` - Improving Documentation for Neptune -* `Aws\SageMaker` - Adds support for providing NetworkInterface for efa enabled instances and Simplified cluster creation for Slurm-orchestrated clusters with optional Lifecycle Script (LCS) configuration. -* `Aws\QuickSight` - Public release of dashboard customization summary, S3 Tables data source type, Athena cross-account connector, custom sorting for controls, and AI-powered analysis generation. -* `Aws\imagebuilder` - ImportDiskImage API adds registerImageOptions for Secure Boot control and custom UEFI data. It adds windowsConfiguration for selecting a specific edition from multi-image .wim files during ISO import. -* `Aws\Connect` - Fixes in SDK for customers using TestCase APIs - -## 3.379.1 - 2026-04-16 - -* `Aws\DataZone` - Launching SMUS IAM domain SDK support -* `Aws\CloudWatchLogs` - Endpoint update for CloudWatch Logs Streaming APIs. -* `Aws\CognitoIdentityProvider` - Adds support for passkey-based multi-factor authentication in Cognito User Pools. Users can authenticate securely using FIDO2-compliant passkeys with user verification, enabling passwordless MFA flows while maintaining backward compatibility with password-based authentication -* `Aws\CustomerProfiles` - Amazon Connect Customer Profiles adds RecommenderSchema CRUD APIs for custom ML training columns. CreateRecommender and CreateRecommenderFilter now accept optional RecommenderSchemaName. -* `Aws\ConnectCases` - Added error handling for service quota limits -* `Aws\DevOpsAgent` - Deprecate the userId from the Chat operations. This update also removes support of AllowVendedLogDeliveryForResource API from AWS SDKs. -* `Aws\CloudWatch` - Update documentation of alarm mute rules start and end date fields -* `Aws\BedrockAgentCore` - Introducing NamespacePath in AgentCore Memory to support hierarchical prefix based memory record retrieval. -* `Aws\AutoScaling` - This release adds support for specifying Availability Zone IDs as an alternative to Availability Zone names when creating or updating Auto Scaling groups. -* `Aws\MediaConvert` - Adds support for Elemental Inference powered smart crop feature, enabling video verticalization -* `Aws\drs` - Updating regex for identification of AWS Regions. -* `Aws\RDS` - Adds a new DescribeServerlessV2PlatformVersions API to describe platform version properties for Aurora Serverless v2. Also introduces a new valid maintenance action value for serverless platform version updates. -* `Aws\Connect` - This release updates the Amazon Connect Rules CRUD APIs to support a new EventSourceName - OnEmailAnalysisAvailable. Use this event source to trigger rules when conversational analytics results are available for email contacts. -* `Aws\AppStream` - Add content redirection to Update Stack - -## 3.379.0 - 2026-04-13 - -* `Aws\Interconnect` - Initial release of AWS Interconnect -- a managed private connectivity service that enables you to create high-speed network connections between your AWS Virtual Private Clouds (VPCs) and your VPCs on other public clouds or your on-premise networks. -* `Aws\CustomerProfiles` - This release introduces changes to SegmentDefinition APIs to support sorting by attributes. -* `Aws\Deadline` - Adds GetMonitorSettings and UpdateMonitorSettings APIs to Deadline Cloud. Enables reading and writing monitor settings as key-value pairs (up to 64 keys per monitor). UpdateMonitorSettings supports upsert and delete (via empty value) semantics and is idempotent. -* `Aws\Glue` - AWS Glue now defaults to Glue version 5.1 for newly created jobs if the Glue version is not specified in the request, and UpdateJob now preserves the existing Glue version of a job when the Glue version is not specified in the update request. -* `Aws\SecurityHub` - Provide organizational unit scoping capability for GetFindingsV2, GetFindingStatisticsV2, GetResourcesV2, GetResourcesStatisticsV2 APIs. -* `Aws\Macie2` - This release adds an optional expectedBucketOwner field to the Macie S3 export configuration, allowing customers to verify bucket ownership before Macie writes results to the destination bucket. - -## 3.378.2 - 2026-04-10 - -* `Aws\Connect` - Conversational Analytics for Email -* `Aws\SageMaker` - Support new SageMaker StartClusterHealthCheck API for on-demand DHC on Hyperpod EKS cluster. Support updated CreateCluster, UpdateCluster, DescribeCluster, BatchAddClusterNodes APIs for flexible instance group on HyperPod cluster -* `Aws\imagebuilder` - Image pipelines can now automatically apply tags to images they create. Set the imageTags property when creating or updating your pipelines to get started. -* `Aws\MediaConvert` - Adds support for MV-HEVC video output and clear lead for AV1 DRM output. -* `Aws\DevOpsAgent` - Devops Agent now supports associate Splunk, Datadog and custom MCP server to an Agent Space. -* `Aws\ECS` - Minor updates to exceptions for completeness -* `Aws\RTBFabric` - Adds optional health check configuration for Responder Gateways with ASG Managed Endpoints. When provided, RTB Fabric continuously probes customers' instance IPs and routes traffic only to healthy ones, reducing errors during deployments, scaling events, and instance failures. -* `Aws\ObservabilityAdmin` - CloudWatch Observability Admin adds support for multi-region telemetry evaluation and telemetry enablement rules. - -## 3.378.1 - 2026-04-09 - -* `Aws\RedshiftDataAPIService` - The BatchExecuteStatement API now supports named SQL parameters, enabling secure batch queries with parameterized values. This enhancement helps prevent SQL injection vulnerabilities and improves query reusability. -* `Aws\BedrockAgentCoreControl` - Initial release for CRUDL in AgentCore Registry Service -* `Aws\SageMaker` - Release support for g7e instance types for SageMaker HyperPod -* `Aws\BedrockAgentCore` - Introducing support for SearchRegistryRecords API on AgentCoreRegistry -* `Aws\MediaConnect` - Adds support for MediaLive Channel-type Router Inputs. -* `Aws\BCMDashboards` - Scheduled email reports of Billing and Cost Management Dashboards - -## 3.378.0 - 2026-04-08 - -* `Aws\drs` - This changes adds support for modifying the replication configuration to support data replication using IPv6. -* `Aws\MediaLive` - MediaLive is adding support for MediaConnect Router by supporting a new output type called MEDIACONNECT ROUTER. This new output type will provide seamless encrypted transport between your MediaLive channel and MediaConnect Router. -* `Aws\IVSRealTime` - Adds support for Amazon IVS real-time streaming redundant ingest. -* `Aws\MarketplaceDiscovery` - AWS Marketplace Discovery API provides an interface that enables programmatic access to the AWS Marketplace catalog, including searching and browsing listings, retrieving product details and fulfillment options, and accessing public and private offer pricing and terms. -* `Aws\Backup` - Adding EKS specific backup vault notification types for AWS Backup. -* `Aws\ECR` - Add UnableToListUpstreamImageReferrersException in ListImageReferrers -* `Aws\Outposts` - Add AWS Outposts APIs to view renewal pricing options and submit renewal requests for Outpost contracts - -## 3.377.0 - 2026-04-07 - -* `Aws\S3Files` - Support for S3 Files, a new shared file system that connects any AWS compute directly with your data in Amazon S3. It provides fast, direct access to all of your S3 data as files with full file system semantics and low-latency performance, without your data ever leaving S3. -* `Aws\Braket` - Added support for t3, g6, and g6e instance types for Hybrid Jobs. -* `Aws\DataZone` - Update Configurations and registerS3AccessGrantLocation as public attributes for cfn -* `Aws\Connect` - The voice enhancement mode used by the agent can now be viewed on the contact record via the DescribeContact api. -* `Aws\EKS` - EKS MNG WarmPool feature to support ASG WarmPool feature. -* `Aws\EC2` - EC2 Capacity Manager adds new dimensions for grouping and filtering capacity metrics, including tag-based dimensions and Account Name. -* `Aws\Lambda` - Launching Lambda integration with S3 Files as a new file system configuration. -* `Aws\DataSync` - Allow IAM role ARNs with IAM Paths for "SecretAccessRoleArn" field in "CustomSecretConfig" -* `Aws\ECS` - This release provides the functionality of mounting Amazon S3 Files to Amazon ECS tasks by adding support for the new S3FilesVolumeConfiguration parameter in ECS RegisterTaskDefinition API. -* `Aws\S3` - Updated list of the valid AWS Region values for the LocationConstraint parameter for general purpose buckets. -* `Aws\Outposts` - This change allows listAssets to surface pending and non-compute asset information. Adds the INSTALLING asset state enum and the STORAGE, POWERSHELF, SWITCH, and NETWORKING AssetTypes. -* `Aws\AccessAnalyzer` - Revert previous additions of API changes. -* `Aws\BedrockAgentCore` - This release includes support for 1) InvokeBrowser API, enabling OS-level control of AgentCore Browser Tool sessions through mouse actions, keyboard input, and screenshots. 2) Added documentation noting that empty sessions are automatically deleted after one day in the ListSessions API. -* `Aws\RTBFabric` - AWS RTB Fabric External Responder gateways now support HTTP in addition to HTTPS for inbound external links. Gateways can accept bid requests on port 80 or serve both protocols simultaneously via listener configuration, giving customers flexible transport options for their bidding infrastructure - -## 3.376.4 - 2026-04-06 - -* `Aws\Deadline` - Added 8 batch APIs (BatchGetJob, BatchGetStep, BatchGetTask, BatchGetSession, BatchGetSessionAction, BatchGetWorker, BatchUpdateJob, BatchUpdateTask) for bulk operations. Monitors can now use an Identity Center instance in a different region via the identityCenterRegion parameter. -* `Aws\AccessAnalyzer` - Brookie helps customers preview the impact of SCPs before deployment using historical access activity. It evaluates attached policies and proposed policy updates using collected access activity through CloudTrail authorization events and reports where currently allowed access will be denied. -* `Aws\Lightsail` - This release adds support for the Asia Pacific (Malaysia) (ap-southeast-5) Region. -* `Aws\Transfer` - AWS Transfer Family Connectors now support IPv6 connectivity, enabling outbound connections to remote SFTP or AS2 servers using IPv4-only or dual-stack (IPv4 and IPv6) configurations based on network requirements. -* `Aws\GeoMaps` - This release updates API reference documentation for Amazon Location Service Maps APIs to reflect regional restrictions for Grab Maps users -* `Aws\GuardDuty` - Migrated to Smithy. No functional changes -* `Aws\DLM` - This release adds support for Fast Snapshot Restore AvailabilityZone Ids in Amazon Data Lifecycle Manager EBS snapshot lifecycle policies. -* `Aws\QConnect` - Added optional originRequestId parameter to SendMessageRequest and ListSpans response in Amazon Q in Connect to support request tracing across service boundaries. -* `Aws\MediaTailor` - This change adds support for Tagging the resource types Programs and Prefetch Schedules - -## 3.376.3 - 2026-04-03 - -* `Aws\Lightsail` - Add support for tagging of Alarm resource type -* `Aws\Bedrock` - Amazon Bedrock Guardrails enforcement configuration APIs now support selective guarding controls for system prompts as well as user and assistant messages, along with SDK support for Amazon Bedrock resource policy APIs. -* `Aws\PaymentCryptography` - Adds optional support to retrieve previously generated import and export tokens to simplify import and export functions -* `Aws\BedrockAgentCoreControl` - Documentation Update for Adds support for three-legged (Authorization Code grant type) OAuth along with predefined MCP tool schema configuration for Amazon Bedrock AgentCore gateway MCP server targets. -* `Aws\CloudWatchLogs` - Added queryDuration, bytesScanned, and userIdentity fields to the QueryInfo response object returned by DescribeQueries. Customers can now view detailed query cost information including who ran the query, how long it took, and the volume of data scanned. -* `Aws\imagebuilder` - Updated pagination token validation for ListContainerRecipes API to support maximum size of 65K characters -* `Aws\MediaLive` - AWS Elemental MediaLive released a new features that allows customers to use HLG 2020 as a color space for AV1 video codec. -* `Aws\BedrockAgent` - Added strict parameter to ToolSpecification to allow users to enforce strict JSON schema adherence for tool input schemas. -* `Aws\Organizations` - Updates close Account quota for member accounts in an Organization. - -## 3.376.2 - 2026-04-02 - -* `Aws\Deadline` - AWS Deadline Cloud now supports configurable scheduling on each queue. The scheduling configuration controls how workers are distributed across jobs. -* `Aws\CloudWatchLogs` - We are pleased to announce that our logs transformation csv processor now has a destination field, allowing you to specify under which parent node parsed columns be placed under. -* `Aws\AppStream` - Amazon WorkSpaces Applications now supports drain mode for instances in multi-session fleets. This capability allows administrators to instruct individual fleet instances to stop accepting new user sessions while allowing existing sessions to continue uninterrupted. -* `Aws\BedrockRuntime` - Relax ToolUseId pattern to allow dots and colons -* `Aws\GeoPlaces` - This release updates API reference documentation for Amazon Location Service Places APIs to reflect regional restrictions for Grab Maps users in ReverseGeocode, Suggest, SearchText, and GetPlace operations -* `Aws\BedrockAgentCoreControl` - Adds support for three-legged (Authorization Code grant type) OAuth along with predefined MCP tool schema configuration for Amazon Bedrock AgentCore gateway MCP server targets. -* `Aws\CloudWatch` - CloudWatch now supports OTel enrichment to make vended metrics for supported AWS resources queryable via PromQL with resource ARN and tag labels, and PromQL alarms for metrics ingested via the OTLP endpoint with multi-contributor evaluation. -* `Aws\Pricing` - This release increases the MaxResults parameter of the GetAttributeValues API from 100 to 10000. -* `Aws\BedrockDataAutomation` - Data Automation Library is a BDA capability that lets you create reusable entity resources to improve extraction accuracy. Libraries support Custom Vocabulary entities that enhance speech recognition for audio and video content with domain-specific terminology shared across projects -* `Aws\Connect` - Include CUSTOMER to evaluation target and participant role. Support Korean, Japanese and Simplified Chinese in evaluation forms. -* `Aws\GameLift` - Amazon GameLift Servers now includes a ComputeName field in game session API responses, making it easier to identify which compute is hosting a game session without cross-referencing IP addresses. - -## 3.376.1 - 2026-04-01 - -* `Aws\GeoRoutes` - This release makes RoutingBoundary optional in CalculateRouteMatrix, set StopDuration with a maximum value of 49999 for CalculateRoutes, set TrailerCount with a maximum value of 4, and introduces region restrictions for Grab Maps users. -* `Aws\Bedrock` - Adds support for Bedrock Batch Inference Job Progress Monitoring -* `Aws\ElastiCache` - Updated SnapshotRetentionLimit documentation for ServerlessCache to correctly describe the parameter as number of days (max 35) instead of number of snapshots. -* `Aws\ECS` - Amazon ECS now supports Managed Daemons with dedicated APIs for registering daemon task definitions, creating daemons, and managing daemon deployments. -* `Aws\BedrockAgentCoreControl` - Adds support for VPC egress private endpoints for Amazon Bedrock AgentCore gateway targets, enabling private connectivity through managed VPC Lattice resources. Also adds IAM credential provider for gateway targets, enabling IAM-based authentication to target endpoints -* `Aws\BedrockAgentCore` - Added the ability to filter out empty sessions when listing sessions. Customers can now retrieve only sessions that still contain events, eliminating the need to check each session individually. No changes required for existing integrations. -* `Aws\OpenSearchService` - Adding Policy-Min-TLS-1-2-RFC9151-FIPS-2024-08 as TLS Policy in Supported Regions -* `Aws\MedicalImaging` - Added new boolean flag to persist metadata updates to all primary image sets in the same study as the requested image set. -* `Aws\ElasticsearchService` - Adding Policy-Min-TLS-1-2-RFC9151-FIPS-2024-08 as TLS Policy in Supported Regions - -## 3.376.0 - 2026-03-31 - -* `Aws\OpenSearchService` - Support RegisterCapability, GetCapability, DeregisterCapability API for AI Assistant feature management for OpenSearch UI Applications -* `Aws\SecurityAgent` - AWS Security Agent is a service that proactively secures applications throughout the development lifecycle with automated security reviews and on-demand penetration testing. -* `Aws\EC2` - This release updates the examples in the documentation for DescribeRegions and DescribeAvailabilityZones. -* `Aws\ACM` - Adds support for searching for ACM certificates using the new SearchCertificates API. -* `Aws\DataExchange` - Support Tags for AWS Data Exchange resource Assets -* `Aws\DataZone` - Adds environmentConfigurationName field to CreateEnvironmentInput and UpdateEnvironmentInput, so that Domain Owners can now recover orphaned environments by recreating deleted configurations with the same name, and will auto-recover orphaned environments -* `Aws\Organizations` - Added Path field to Account and OrganizationalUnit objects in AWS Organizations API responses. -* `Aws\MailManager` - Amazon SES Mail Manager now supports optional TLS policy for accepting unencrypted connections and mTLS authentication for ingress endpoints with configurable trust stores. Two new rule actions are available, Bounce for sending non-delivery reports and Lambda invocation for custom email processing. -* `Aws\GeoMaps` - This release expands map customization options with adjustable contour line density, dark mode support for Hybrid and Satellite views, enhanced traffic information across multiple map styles, and transit and truck travel modes for Monochrome and Hybrid map styles. -* `Aws\DevOpsAgent` - AWS DevOps Agent service General Availability release. -* `Aws\MarketplaceAgreement` - This release adds 8 new APIs for AWS Marketplace sellers. 4 APIs for Cancellations (Send, List, Get, Cancel action on AgreementCancellationRequest), 3 APIs for Billing Adjustments (BatchCreate, List, Get action on BillingAdjustmentRequest), and 1 API to List Invoices (ListAgreementInvoiceLineItems) -* `Aws\Odb` - Adds support for EC2 Placement Group integration with ODB Network. The GetOdbNetwork and ListOdbNetworks API responses now include the ec2PlacementGroupIds field. -* `Aws\PinpointSMSVoiceV2` - This release adds RCS for Business messaging and Notify support. RCS lets you create and manage agents, send and receive messages in the US and Canada via SendTextMessage API, and configure SMS fallback. Notify lets you send templated OTP messages globally in minutes with no phone number required. -* `Aws\CloudFront` - This release adds bring your own IP (BYOIP) IPv6 support to CloudFront's CreateAnycastIpList and UpdateAnycastIpList API through the IpamCidrConfigs field. -* `Aws\S3Tables` - S3 Tables now supports nested types when creating tables. Users can define complex column schemas using struct, list, and map types. These types can be composed together to model complex, hierarchical data structures within table schemas. -* `Aws\DatabaseMigrationService` - To successfully connect to the IBM DB2 LUW database server, you may need to specify additional security parameters that are passed to the JDBC driver. These parameters are EncryptionAlgorithm and SecurityMechanism. Both parameters accept integer values. -* `Aws\Sustainability` - This is the first release of the AWS Sustainability SDK, which enables customers to access their sustainability impact data via API. -* `Aws\S3Control` - Adding an optional auditContext parameter to S3 Access Grants credential vending API GetDataAccess to enable job-level audit correlation in S3 CloudTrail logs -* `Aws\QuickSight` - Adds StartAutomationJob and DescribeAutomationJob APIs for automation jobs. Adds three custom permission capabilities that allow admins to control whether users can manage Spaces and chat agents. Adds an OAuthClientCredentials structure to provide OAuth 2.0 client credentials inline to data sources. -* `Aws\S3` - Add Bucket Metrics configuration support to directory buckets -* `Aws\PartnerCentralSelling` - Adding EURO Currency for MRR Amount -* `Aws\ObservabilityAdmin` - This release adds the Bedrock and Security Hub resource types for Omnia Enablement launch for March 31. -* `Aws\KinesisAnalyticsV2` - Support for Flink 2.2 in Managed Service for Apache Flink - -## 3.375.0 - 2026-03-30 - -* `Aws\S3` - Add new features and improvements to S3 Transfer Manager. - -New Features: -- Resume failed multipart uploads -- Resume failed multipart downloads - -Improvements: -- FileDownloadHandler now supports concurrent downloads for improved speed -- Directory operations moved to an independent transfer utility -- Directory operations now support both single object listeners and directory-level listeners, including a directory progress tracker -* `Aws\CloudWatchLogs` - Adds Lookup Tables to CloudWatch Logs for log enrichment using CSV key-value data with KMS encryption support. -* `Aws\AutoScaling` - Adds support for new instance lifecycle states introduced by the instance lifecycle policy and replace root volume features. -* `Aws\SageMaker` - Added support for placement strategy and consolidation for SageMaker inference component endpoints. Customers can now configure how inference component copies are distributed across instances and availability zones (AZs), and enable automatic consolidation to optimizes resource utilization. -* `Aws\OpenSearchService` - Added Cluster Insights API's In OpenSearch Service SDK. -* `Aws\AppStream` - Add support for URL Redirection -* `Aws\ECS` - Adding Local Storage support for ECS Managed Instances by introducing a new field "localStorageConfiguration" for CreateCapacityProvider and UpdateCapacityProvider APIs. -* `Aws\PartnerCentralAccount` - KYB Supplemental Form enables partners who fail business verification to submit additional details and supporting documentation through a self-service form, triggering an automated re-verification without requiring manual intervention from support teams. -* `Aws\Deadline` - AWS Deadline Cloud now supports three new fleet auto scaling settings. With scale out rate, you can configure how quickly workers launch. With worker idle duration, you can set how long workers wait before shutting down. With standby worker count, you can keep idle workers ready for fast job start. -* `Aws\BedrockAgentCore` - Adds Ground Truth support for AgentCore Evaluations (Evaluate) -* `Aws\LakeFormation` - Add setSourceIdentity to DataLakeSettings Parameters -* `Aws\GameLift` - Update CreateScript API documentation. -* `Aws\DevOpsAgent` - AWS DevOps Agent General Availability. - -## 3.374.2 - 2026-03-27 - -* `Aws\Neptunedata` - Minor formatting changes to remove unnecessary symbols. -* `Aws\Omics` - AWS HealthOmics now supports VPC networking, allowing users to connect runs to external resources with NAT gateway, AWS VPC resources, and more. New Configuration APIs support configuring VPC settings. StartRun API now accepts networkingMode and configurationName parameters to enable VPC networking. -* `Aws\BedrockAgentCoreControl` - Adds support for custom code-based evaluators using customer-managed Lambda functions. -* `Aws\BedrockAgentCore` - Adding AgentCore Code Interpreter Node.js Runtime Support with an optional runtime field - -## 3.374.1 - 2026-03-26 - -* `Aws\SageMaker` - Release support for ml.r5d.16xlarge instance types for SageMaker HyperPod -* `Aws\BCMDataExports` - With this release we are providing an option to accounts to have their export delivered to an S3 bucket that is not owned by the account. -* `Aws\CloudWatchLogs` - This release adds parameter support to saved queries in CloudWatch Logs Insights. Define reusable query templates with named placeholders, invoke them using start query. Available in Console, CLI and SDK -* `Aws\TimestreamInfluxDB` - Timestream for InfluxDB adds support for customer defined maintenance windows. This allows customers to define maintenance schedule during resource creation and updates -* `Aws\EMR` - Add StepExecutionRoleArn to RunJobFlow API - -## 3.374.0 - 2026-03-25 - -* `Aws\ApiGatewayV2` - Added DISABLE IN PROGRESS and DISABLE FAILED Portal statuses. -* `Aws\Uxc` - GA release of AccountCustomizations, used to manage account color, visible services, and visible regions settings in the AWS Management Console. -* `Aws\ApplicationSignals` - This release adds support for creating SLOs on RUM appMonitors, Synthetics canaries and services. -* `Aws\Polly` - Add support for Mu-law and A-law codecs for output format -* `Aws\MarketplaceAgreement` - The Variable Payments APIs enable AWS Marketplace Sellers to perform manage their payment requests (send, get, list, cancel). -* `Aws\Batch` - Documentation-only update for AWS Batch. - -## 3.373.9 - 2026-03-24 - -* `Aws\RDS` - Adds support in Aurora PostgreSQL serverless databases for express configuration based creation through WithExpressConfiguration in CreateDbCluster API, and for restoring clusters using RestoreDBClusterToPointInTime and RestoreDBClusterFromSnapshot APIs. -* `Aws\MediaPackageV2` - Reduces the minimum allowed value for startOverWindowSeconds from 60 to 0, allowing customers to effectively disable the start-over window. -* `Aws\OpenSearchServerless` - Adds support for updating the vector options field for existing collections. -* `Aws\BedrockAgentCoreControl` - Adds SDK support for 1) Persist session state in AgentCore Runtime via filesystemConfigurations in CreateAgentRuntime, UpdateAgentRuntime, and GetAgentRuntime APIs, 2) Optional name-based filtering on AgentCore ListBrowserProfiles API. -* `Aws\PCS` - This release adds support for custom slurmdbd and cgroup configuration in AWS PCS. Customers can now specify slurmdbd and cgroup settings to configure database accounting and reporting for their HPC workloads, and control resource allocation and limits for compute jobs. -* `Aws\GameLift` - Amazon GameLift Servers launches UDP ping beacons in the Beijing and Ningxia (China) Regions to help measure real-time network latency for multiplayer games. The ListLocations API is now available in these regions to provide endpoint domain and port information as part of the locations list. - -## 3.373.8 - 2026-03-23 - -* `Aws\Omics` - Adds support for batch workflow runs in Amazon Omics, enabling users to submit, manage, and monitor multiple runs as a single batch. Includes APIs to create, cancel, and delete batches, track submission statuses and counts, list runs within a batch, and configure default settings. -* `Aws\ConnectCases` - You can now use the UpdateRelatedItem API to update the content of comments and custom related items associated with a case. -* `Aws\Batch` - AWS Batch AMI Visibility feature support. Adds read-only batchImageStatus to Ec2Configuration to provide visibility on the status of Batch-vended AMIs used by Compute Environments. -* `Aws\Lightsail` - Add support for tagging of ContactMethod resource type - -## 3.373.7 - 2026-03-20 - -* `Aws\DynamoDB` - Adding ReplicaArn to ReplicaDescription of a global table replica -* `Aws\OpenSearchService` - Added support for Amazon Managed Service for Prometheus (AMP) as a connected data source in OpenSearch UI. Now users can analyze Prometheus metrics in OpenSearch UI without data copy. -* `Aws\VerifiedPermissions` - Adds support for Policy Store Aliases, Policy Names, and Policy Template Names. These are customizable identifiers that can be used in place of Policy Store ids, Policy ids, and Policy Template ids respectively in Amazon Verified Permissions APIs. -* `Aws\Backup` - Fix Typo for S3Backup Options ( S3BackupACLs to BackupACLs) - -## 3.373.6 - 2026-03-19 - -* `Aws\ObservabilityAdmin` - Adding a new field in the CreateCentralizationRuleForOrganization, UpdateCentralizationRuleForOrganization API and updating the GetCentralizationRuleForOrganization API response to include the new field -* `Aws\EC2` - Amazon EC2 Fleet instant mode now supports launching instances into Interruptible Capacity Reservations, enabling customers to use spare capacity shared by Capacity Reservation owners within their AWS Organization. -* `Aws\Polly` - Added bi-directional streaming functionality through a new API, StartSpeechSynthesisStream. This API allows streaming input text through inbound events and receiving audio as part of an output stream simultaneously. -* `Aws\BedrockAgentCore` - This release includes SDK support for the following new features on AgentCore Built In Tools. 1. Enterprise Policies for AgentCore Browser Tool. 2. Root CA Configuration Support for AgentCore Browser Tool and Code Interpreter. 3. API changes to AgentCore Browser Profile APIs -* `Aws\BedrockAgentCoreControl` - Adds support for the following new features. 1. Enterprise Policies support for AgentCore Browser Tool. 2. Root CA Configuration support for AgentCore Browser Tool and Code Interpreter. -* `Aws\Batch` - AWS Batch now supports quota management, enabling administrators to allocate shared compute resources across teams and projects through quota shares with capacity limits, resource-sharing strategies, and priority-based preemption - currently available for SageMaker Training job queues. - -## 3.373.5 - 2026-03-18 - -* `Aws\EC2` - The DescribeInstanceTypes API now returns default connection tracking timeout values for TCP, UDP, and UDP stream via the new connectionTrackingConfiguration field on NetworkInfo. -* `Aws\MediaConvert` - This update adds additional bitrate options for Dolby AC-4 audio outputs. - -## 3.373.4 - 2026-03-17 - -* `Aws\Signature` - Fixes bug in canonicalized query generation when dealing with numeric values -* `Aws\BedrockAgentCoreControl` - Deprecating namespaces field and adding namespaceTemplates. -* `Aws\Glue` - Provide approval to overwrite existing Lake Formation permissions on all child resources with the default permissions specified in 'CreateTableDefaultPermissions' and 'CreateDatabaseDefaultPermissions' when updating catalog. Allowed values are ["Accept","Deny"] . -* `Aws\EMR` - Add S3LoggingConfiguration to Control LogUploads - -## 3.373.3 - 2026-03-16 - -* `Aws\` - Handles errors that comes in the `error_description` field, specifically how SSO-OIDC service has it modeled. -* `Aws\BedrockAgentCore` - Provide support to perform deterministic operations on agent runtime through shell command executions via the new InvokeAgentRuntimeCommand API -* `Aws\Bedrock` - You can now generate policy scenarios on demand using the new GENERATE POLICY SCENARIOS build workflow type. Scenarios will no longer be automatically generated during INGEST CONTENT, REFINE POLICY, and IMPORT POLICY workflows, resulting in faster completion times for these operations. -* `Aws\BedrockAgentCoreControl` - Supporting hosting of public ECR Container Images in AgentCore Runtime -* `Aws\ECS` - Amazon ECS now supports configuring whether tags are propagated to the EC2 Instance Metadata Service (IMDS) for instances launched by the Managed Instances capacity provider. This gives customers control over tag visibility in IMDS when using ECS Managed Instances. - -## 3.373.2 - 2026-03-13 - -* `Aws\ConfigService` - Fix pagination support for DescribeConformancePackCompliance, and update OrganizationConfigRule InputParameters max length to match ConfigRule. -* `Aws\mgn` - Network Migration APIs are now publicly available for direct programmatic access. Customers can now call Network Migration APIs directly without going through AWS Transform (ATX), enabling automation, integration with existing tools, and self-service migration workflows. -* `Aws\QuickSight` - The change adds a new capability named ManageSharedFolders in Custom Permissions -* `Aws\MediaConvert` - This update adds support for Dolby AC-4 audio output, frame rate conversion between non-Dolby Vision inputs to Dolby Vision outputs, and clear lead CMAF HLS output. -* `Aws\Glue` - Add QuerySessionContext to BatchGetPartitionRequest -* `Aws\IVSRealTime` - Updates maximum reconnect window seconds from 60 to 300 for participant replication -* `Aws\MediaLive` - Documents the VideoDescription.ScalingBehavior.SMART(underscore)CROP enum value. -* `Aws\Connect` - Deprecating PredefinedNotificationID field -* `Aws\GameLiftStreams` - Feature launch that enables customers to connect streaming sessions to their own VPCs running in AWS. -* `Aws\APIGateway` - API Gateway now supports an additional security policy "SecurityPolicy-TLS13-1-2-FIPS-PFS-PQ-2025-09" for REST APIs and custom domain names. The new policy is compliant with TLS 1.3, Federal Information Processing Standards (FIPS), Perfect Forward Secrecy (PFS), and post-quantum (PQ) cryptography - -## 3.373.1 - 2026-03-12 - -* `Aws\` - Add support for PHPUnit v10. -- Make data provider static functions. -- Use class attributes instead of annotations for @dataProvider, @covers, and @doesNotPerformAssertions. -- Remove/Replace the usage of expectDeprecation, expectDeprecationMessage, expectDeprecationMessageMatches, expectError, expectErrorMessage, expectNotice, expectNoticeMessage, expectWarning, and expectWarningMessage. -- Migrate phpunit xml config file. -* `Aws\S3` - Adds support for account regional namespaces for general purpose buckets. The account regional namespace is a reserved subdivision of the global bucket namespace where only your account can create general purpose buckets. -* `Aws\ECR` - Add Chainguard to PTC upstreamRegistry enum -* `Aws\DataSync` - DataSync's 3 location types, Hadoop Distributed File System (HDFS), FSx for Windows File Server (FSx Windows), and FSx for NetApp ONTAP (FSx ONTAP) now have credentials managed via Secrets Manager, which may be encrypted with service keys or be configured to use customer-managed keys or secret. - -## 3.373.0 - 2026-03-11 - -* `Aws\WorkSpaces` - Added WINDOWS SERVER 2025 OperatingSystemName. -* `Aws\SimpleDBv2` - Introduced Amazon SimpleDB export functionality enabling domain data export to S3 in JSON format. Added three new APIs StartDomainExport, GetExport, and ListExports via SimpleDBv2 service. Supports cross-region exports and KMS encryption. -* `Aws\Polly` - Added support for the new voices - Ambre (fr-FR), Beatrice (it-IT), Florian (fr-FR), Lennart (de-DE), Lorenzo (it-IT) and Tiffany (en-US). They are available as a Generative voices only. -* `Aws\CustomerProfiles` - Today, Amazon Connect is announcing the ability to filter (include or exclude) recommendations based on properties of items and interactions. -* `Aws\SageMaker` - SageMaker training plans allow you to extend your existing training plans to avoid workload interruptions without workload reconfiguration. When a training plan is approaching expiration, you can extend it directly through the SageMaker AI console or programmatically using the API or AWS CLI. -* `Aws\EKS` - Adds support for a new tier in controlPlaneScalingConfig on EKS Clusters. - -## 3.372.3 - 2026-03-10 - -* `Aws\` - Sorts presigned headers alphabetically. -* `Aws\Kafka` - Add dual stack endpoint to SDK -* `Aws\ConnectCases` - Added functionality for the Required and Hidden case rule types to be conditionally evaluated on up to 5 conditions. -* `Aws\DatabaseMigrationService` - Not need to include to any release notes. The only change is to correct LoadTimeout unit from milliseconds to seconds in RedshiftSettings -* `Aws\BedrockAgentCoreControl` - Adding first class support for AG-UI protocol in AgentCore Runtime. -* `Aws\LexModelsV2` - This release introduces a new generative AI feature called Lex Bot Analyzer. This feature leverage AI to analyze the bot configuration against AWS Lex best practices to identify configuration issues and provides recommendations. - -## 3.372.2 - 2026-03-09 - -* `Aws\Multipart` - Fixes bug in `AbstractUploadManager` where valid falsy values are excluded. -* `Aws\OpenSearchService` - This change enables cross-account and cross-region access for DataSources. Customers can now define access policies on their datasources to allow other AWS accounts to access and query their data. -* `Aws\IAM` - Added support for CloudWatch Logs long-term API keys, currently available in Preview -* `Aws\Route53GlobalResolver` - Adds support for dual stack Global Resolvers and Dictionary-based Domain Generation Firewall Advanced Protection. -* `Aws\mgn` - Adds support for new storeSnapshotOnLocalZone field in ReplicationConfiguration and updateReplicationConfiguration - -## 3.372.1 - 2026-03-06 - -* `Aws\SESv2` - Adds support for longer email message header values, increasing the maximum length from 870 to 995 characters for RFC 5322 compliance. -* `Aws\BedrockAgentCoreControl` - Adds support for streaming memory records in AgentCore Memory -* `Aws\AppIntegrationsService` - This release adds support for webhooks, allowing customers to create an Event Integration with a webhook source. -* `Aws\Deadline` - AWS Deadline Cloud now supports cost scale factors for farms, enabling studios to adjust reported costs to reflect their actual rendering economics. Adjusted costs are reflected in Deadline Cloud's Usage Explorer and Budgets. -* `Aws\BCMDataExports` - Fixed wrong endpoint resolutions in few regions. Added AWS CFN resource schema for BCM Data Exports. Added max value validation for pagination parameter. Fixed ARN format validation for BCM Data Exports resources. Updated size constraints for table properties. Added AccessDeniedException error. -* `Aws\Connect` - Amazon Connect now supports the ability to programmatically configure and run automated tests for contact center experiences for Chat. Integrate testing into CICD pipelines, run multiple tests at scale, and retrieve results via API to automate validation of chat interactions and workflows. -* `Aws\Bedrock` - Amazon Bedrock Guardrails account-level enforcement APIs now support lists for model inclusion and exclusion from guardrail enforcement. -* `Aws\GameLiftStreams` - Added new Gen6 stream classes based on the EC2 G6f instance family. These stream classes provide cost-optimized options for streaming well-optimized or lower-fidelity games on Windows environments. - -## 3.372.0 - 2026-03-05 - -* `Aws\Api` - Adds support for the Smithy RPC V2 CBOR protocol. -* `Aws\EC2` - Added metadata field to CapacityAllocation. -* `Aws\MPA` - Updates to multi-party approval (MPA) service to add support for approval team baseline operations. -* `Aws\ConnectHealth` - Connect-Health SDK is AWS's unified SDK for the Amazon Connect Health offering. It allows healthcare developers to integrate purpose-built agents - such as patient insights, ambient documentation, and medical coding - into their existing applications, including EHRs, telehealth, and revenue cycle. -* `Aws\SageMaker` - Adds support for S3 Bucket Ownership validation for SageMaker Managed MLflow. -* `Aws\SavingsPlans` - Added support for OpenSearch and Neptune Analytics to Database Savings Plans. -* `Aws\GuardDuty` - Added MALICIOUS FILE to IndicatorType enum in MDC Sequence - -## 3.371.5 - 2026-03-04 - -* `Aws\` - Fixes how response with empty bodies for non-seekable streams are handled and adds streaming flag automatically based on the operation. -* `Aws\QuickSight` - Added several new values for Capabilities, increased visual limit per sheet from previous limit to 75, renamed Quick Suite to Quick in several places. -* `Aws\OpenSearchService` - Adding support for DeploymentStrategyOptions -* `Aws\ElasticsearchService` - Adds support for DeploymentStrategyOptions. -* `Aws\GameLift` - Amazon GameLift Servers now offers DDoS protection for Linux-based EC2 and Container Fleets on SDKv5. The player gateway proxy relay network provides traffic validation, per-player rate limiting, and game server IP address obfuscation all with negligible added latency and no additional cost. -* `Aws\Connect` - Added support for configuring additional email addresses on queues in Amazon Connect. Agents can now select an outbound email address and associate additional email addresses for replying to or initiating emails. -* `Aws\ElasticBeanstalk` - As part of this release, Beanstalk introduce a new info type - analyze for request environment info and retrieve environment info operations. When customers request an Al analysis, Elastic Beanstalk runs a script on an instance in their environment and returns an analysis of events, health and logs. - -## 3.371.4 - 2026-03-03 - -* `Aws\` - Add a validation for custom policies to make sure the property `Resource` has not a non allowed character. -* `Aws\PartnerCentralChannel` - Adds the Resold Unified Operations support plan and removes the Resold Business support plan in the CreateRelationship and UpdateRelationship APIs -* `Aws\SageMaker` - This release adds b300 and g7e instance types for SageMaker inference endpoints. -* `Aws\DataZone` - Adding QueryGraph operation to DataZone SDK -* `Aws\CloudWatchLogs` - CloudWatch Logs updates- Added support for the PutBearerTokenAuthentication API to enable or disable bearer token authentication on a log group. For more information, see CloudWatch Logs API documentation. -* `Aws\BedrockAgentCoreControl` - Support for AgentCore Policy GA - -## 3.371.3 - 2026-02-27 - -* `Aws\Health` - Updates the regex for validating availabilityZone strings used in the describe events filters. -* `Aws\RAM` - Resource owners can now specify ResourceShareConfiguration request parameter for CreateResourceShare API including RetainSharingOnAccountLeaveOrganization boolean parameter -* `Aws\Connect` - Deprecate EvaluationReviewMetadata's CreatedBy and CreatedTime, add EvaluationReviewMetadata's RequestedBy and RequestedTime -* `Aws\CustomerProfiles` - This release introduces an optional SourcePriority parameter to the ProfileObjectType APIs, allowing you to control the precedence of object types when ingesting data from multiple sources. Additionally, WebAnalytics and Device have been added as new StandardIdentifier values. -* `Aws\Odb` - ODB Networking Route Management is a feature improvement which allows for implicit creation and deletion of EC2 Routes in the Peer Network Route Table designated by the customer via new optional input. This feature release is combined with Multiple App-VPC functionality for ODB Network Peering(s). -* `Aws\Bedrock` - Added four new model lifecycle date fields, startOfLifeTime, endOfLifeTime, legacyTime, and publicExtendedAccessTime. Adds support for using the Converse API with Bedrock Batch inference jobs. -* `Aws\CognitoIdentityProvider` - Cognito is introducing a two-secret rotation model for app clients, enabling seamless credential rotation without downtime. Dedicated APIs support passing in a custom secret. Custom secrets need to be at least 24 characters. This eliminates reconfiguration needs and reduces security risks. -* `Aws\Batch` - This feature allows customers to specify the minimum time (in minutes) that AWS Batch keeps instances running in a compute environment after all jobs on the instance complete -* `Aws\KeyspacesStreams` - Added support for Change Data Capture (CDC) streams with Duration DataType. -* `Aws\ARCRegionSwitch` - Post-Recovery Workflows enable customers to maintain comprehensive disaster recovery automation. This allows customer SREs and leadership to have complete recovery orchestration from failover through post-recovery preparation, ensuring Regions remain ready for subsequent recovery events. - -## 3.371.2 - 2026-02-26 - -* `Aws\BackupGateway` - This release updates GetGateway API to include deprecationDate and softwareVersion in the response, enabling customers to track gateway software versions and upcoming deprecation dates. -* `Aws\MarketplaceMetering` - Added LicenseArn to ResolveCustomer response and BatchMeterUsage usage records. BatchMeterUsage now accepts LicenseArn in each UsageRecord to report usage at the license level. Added InvalidLicenseException error response for invalid license parameters. -* `Aws\MarketplaceEntitlementService` - Added License Arn as a new optional filter for GetEntitlements and LicenseArn field in each entitlement in the response. -* `Aws\ECS` - Adding support for Capacity Reservations for ECS Managed Instances by introducing a new "capacityOptionType" value of "RESERVED" and new field "capacityReservations" for CreateCapacityProvider and UpdateCapacityProvider APIs. -* `Aws\EC2` - Add c8id, m8id and hpc8a instance types. -* `Aws\SecurityHub` - Security Hub added EXTENDED PLAN integration type to DescribeProductsV2 and added metadata.product.vendor name GroupBy support to GetFindingStatisticsV2 - -## 3.371.1 - 2026-02-25 - -* `Aws\Batch` - AWS Batch documentation update for service job capacity units. -* `Aws\Neptune` - Neptune global clusters now supports tags -* `Aws\WAFV2` - AWS WAF now supports GetTopPathStatisticsByTraffic that provides aggregated statistics on the top URI paths accessed by bot traffic. Use this operation to see which paths receive the most bot traffic, identify the specific bots accessing them, and filter by category, organization, or bot name. -* `Aws\ECR` - Update repository name regex to comply with OCI Distribution Specification -* `Aws\EC2` - Add support for EC2 Capacity Blocks in Local Zones. - -## 3.371.0 - 2026-02-24 - -* `Aws\ElementalInference` - Initial GA launch for AWS Elemental Inference including capabilities of Smart Crop and Live Event Clipping -* `Aws\OpenSearchService` - Fixed HTTP binding for DescribeDomainAutoTunes API to correctly pass request parameters as query parameters in the HTTP request. -* `Aws\PartnerCentralSelling` - Added support for filtering opportunities by target close date in the ListOpportunities API. You can now filter results to return opportunities with a target close date before or after a specified date, enabling more precise opportunity searches based on expected closure timelines. -* `Aws\MediaLive` - AWS Elemental MediaLive - Added support for Elemental Inference for Smart Cropping and Clipping features for MediaLive. -* `Aws\EC2` - Adds httpTokensEnforced property to ModifyInstanceMetadataDefaults API. Set per account or manage organization-wide using declarative policies to prevent IMDSv1-enabled instance launch and block attempts to enable IMDSv1 on existing IMDSv2-only instances. -* `Aws\ElasticsearchService` - Fixed HTTP binding for DescribeDomainAutoTunes API to correctly pass request parameters as query parameters in the HTTP request. -* `Aws\CloudWatch` - This release adds the APIs (PutAlarmMuteRule, ListAlarmMuteRules, GetAlarmMuteRule and DeleteAlarmMuteRule) to manage a new Cloudwatch resource, AlarmMuteRules. AlarmMuteRules allow customers to temporarily mute alarm notifications during expected downtime periods. -* `Aws\ObservabilityAdmin` - Adding a new field in the CreateCentralizationRuleForOrganization, UpdateCentralizationRuleForOrganization API and updating the GetCentralizationRuleForOrganization API response to include the new field - -## 3.370.1 - 2026-02-23 - -* `Aws\DataZone` - Add workflow properties support to connections APIs -* `Aws\ControlCatalog` - Updated ExemptedPrincipalArns parameter documentation for improved accuracy -* `Aws\MediaTailor` - Updated endpoint rule set for dualstack endpoints. Added a new opt-in option to log raw ad decision server requests for Playback Configurations. -* `Aws\ConnectCases` - SearchCases API can now accept 25 fields in the request and response as opposed to the previous limit of 10. DeleteField's hard limit of 100 fields per domain has been lifted. -* `Aws\QuickSight` - Adds support for SEMISTRUCT to InputColumn Type -* `Aws\DynamoDB` - This change supports the creation of multi-account global tables. It adds one new arguments to UpdateTable, GlobalTableSettingsReplicationMode. -* `Aws\Bedrock` - Automated Reasoning checks in Amazon Bedrock Guardrails now support fidelity report generation. The new workflow type assesses policy coverage and accuracy against customer documents. The GetAutomatedReasoningPolicyBuildWorkflowResultAssets API adds support for the three new asset types. -* `Aws\Wickr` - AWS Wickr now provides APIs to manage your Wickr OpenTDF integration. These APIs enable you to test and save your OpenTDF configuration allowing you to manage rooms based on Trusted Data Format attributes. - -## 3.370.0 - 2026-02-20 - -* `Aws\SignerData` - This release introduces AWS Signer Data Plane SDK client supporting GetRevocationStatus API. The new client enables AWS PrivateLink connectivity with both private DNS and VPC endpoint URLs. -* `Aws\SSM` - Add support for AssociationDispatchAssumeRole in AWS SSM State Manager. -* `Aws\ECS` - Migrated to Smithy. No functional changes -* `Aws\TrustedAdvisor` - Adding a new enum attribute(statusReason) to TrustedAdvisorAPI response. This attribute explains reasoning behind check status for certain specific scenarios. -* `Aws\SageMakerRuntime` - Added support for S3OutputPathExtension and Filename parameters to the InvokeEndpointAsync API to allow users to customize the S3 output path and file name for async inference response payloads. -* `Aws\AppStream` - Adding new attribute to disable IMDS v1 APIs for fleet, Image Builder and AppBlockBuilder instances. - -## 3.369.38 - 2026-02-19 - -* `Aws\ECR` - Adds multiple artifact types filter support in ListImageReferrers API. -* `Aws\BCMDashboards` - The Billing and Cost Management GetDashboard API now returns identifier for each widget, enabling users to uniquely identify widgets within their dashboards. -* `Aws\PcaConnectorScep` - AWS Private CA Connector for SCEP now supports AWS PrivateLink, allowing your clients to request certificates from within your Amazon Virtual Private Cloud (VPC) without traversing the public internet. With this launch, you can create VPC endpoints to connect to your SCEP connector privately. - -## 3.369.37 - 2026-02-18 - -* `Aws\` - Add support to named arguments in the AwsClientTrait __call method. -* `Aws\CleanRooms` - This release adds support for federated catalogs in Athena-sourced configured tables. -* `Aws\Connect` - Correcting in-app notifications API documentation. - -## 3.369.36 - 2026-02-17 - -* `Aws\IoTAnalytics` - Removes the `IoTAnalytics` service, which has been deprecated. -* `Aws\WorkSpacesWeb` - Adds support for branding customization without requiring a custom wallpaper. -* `Aws\ManagedGrafana` - This release updates Amazon Managed Grafana's APIs to support customer managed KMS keys. -* `Aws\RDS` - Adds support for the StorageEncryptionType field to specify encryption type for DB clusters, DB instances, snapshots, automated backups, and global clusters. -* `Aws\EC2` - Add Operator field to CreatePlacementGroup and DescribePlacementGroup APIs. - -## 3.369.35 - 2026-02-16 - -* `Aws\` - Removes the `Cloudwatch Evidently` service, which has been deprecated. -* `Aws\Kafka` - Amazon MSK now supports dual-stack connectivity (IPv4 and IPv6) for existing MSK clusters. You can enable dual-stack on existing clusters by specifying the NetworkType parameter in updateConnectivity API. -* `Aws\EC2` - Documentation updates for EC2 Secondary Networks -* `Aws\ECR` - Adds support for enabling blob mounting, and removes support for Clair based image scanning -* `Aws\ARCRegionSwitch` - Clarify documentation on ARC Region Switch start-plan-execution operation -* `Aws\KMS` - Added support for Decrypt and ReEncrypt API's to use dry run feature without ciphertext for authorization validation -* `Aws\QConnect` - Update MessageType enum to include missing types. - -## 3.369.34 - 2026-02-13 - -* `Aws\Connect` - API release for headerr notifications in the admin website. APIs allow customers to publish brief messages (including URLs) to a specified audience, and a new header icon will indicate when unread messages are available. -* `Aws\CloudWatch` - Adding new evaluation states that provides information about the alarm evaluation process. Evaluation error Indicates configuration errors in alarm setup that require review and correction. Evaluation failure Indicates temporary CloudWatch issues. -* `Aws\EC2` - This release adds geography information to EC2 region and availability zone APIs. DescribeRegions now includes a Geography field, while DescribeAvailabilityZones includes both Geography and SubGeography fields, enabling better geographic classification for AWS regions and zones. -* `Aws\SageMaker` - Enable g7e instance type support for SageMaker Processing, and enable single file configuration provisioning for HyperPod Slurm, where customers have the option to use HyperPod API to provide the provisioning parameters. -* `Aws\Inspector2` - Added .Net 10 (dotnet10) and Node 24.x (node24.x) runtime support for lambda package scanning - -## 3.369.33 - 2026-02-12 - -* `Aws\EC2` - Launching nested virtualization. This feature allows you to run nested VMs inside virtual (non-bare metal) EC2 instances. - -## 3.369.32 - 2026-02-11 - -* `Aws\EC2` - R8i instances powered by custom Intel Xeon 6 processors available only on AWS with sustained all-core 3.9 GHz turbo frequency -* `Aws\S3Tables` - S3 Tables now supports setting partition specifications and sort orders on tables. Partition specs allow users to define how data is organized using transform functions. Sort order configurations enable users to specify sort directions and null ordering preferences for optimized data layout. -* `Aws\EKS` - This release adds support for Windows Server 2025 in Amazon EKS Managed Node Groups. -* `Aws\Batch` - Add support for listing jobs by share identifier and getting snapshots of active capacity utilization by job queue and share. -* `Aws\KafkaConnect` - Support configurable upper limits on task count during autoscaling operations via maxAutoscalingTaskCount parameter. - -## 3.369.31 - 2026-02-10 - -* `Aws\Kafka` - Amazon MSK adds three new APIs, CreateTopic, UpdateTopic, and DeleteTopic for managing Kafka topics in your MSK clusters. -* `Aws\Connect` - Amazon Connect now supports per-channel auto-accept and After Contact Work (ACW) timeouts. Configure agents with auto-accept and ACW timeout settings for chat, tasks, emails, and callbacks. Use the new UpdateUserConfig API to manage these settings. -* `Aws\EKS` - Introducing an optional policy field, an IAM policy applied to pod identity associations in addition to IAM role policies. When specified, pod permissions are the intersection of IAM role policies and the policy field, ensuring the principle of least privilege. -* `Aws\BedrockAgentCore` - Added AgentCore browser proxy configuration support, allowing routing of browser traffic through HTTP and HTTPS proxy servers with authentication and bypass rules. -* `Aws\RDS` - This release adds backup configuration for RDS and Aurora restores, letting customers set backup retention period and preferred backup window during restore. It also enables viewing backup settings when describing snapshots or automated backups for instances and clusters. - -## 3.369.30 - 2026-02-09 - -* `Aws\Transfer` - This release adds a documentation update for MdnResponse of type "ASYNC" -* `Aws\EC2` - Amazon Secondary Networks is a networking feature that provides high-performance, low-latency connectivity for specialized workloads. -* `Aws\imagebuilder` - EC2 Image Builder now supports wildcard patterns in lifecycle policies with recipes and enhances the experience of tag-scoped policies. -* `Aws\Neptunedata` - Added edgeOnlyLoad boolean parameter to Neptune bulk load request. When TRUE, files are loaded in order without scanning. When FALSE (default), the loader scans files first, then loads vertex files before edge files automatically. -* `Aws\EKS` - Amazon EKS adds a new DescribeUpdate update type, VendedLogsUpdate, to support an integration between EKS Auto Mode and Amazon CloudWatch Vended Logs. -* `Aws\LakeFormation` - Allow cross account v5 in put data lake settings -* `Aws\PCS` - Introduces RESUMING state for clusters, compute node groups, and queues. -* `Aws\ConnectCampaignsV2` - Add the missing event type for WhatsApp - -## 3.369.29 - 2026-02-06 - -* `Aws\IoTManagedIntegrations` - Adding support for Custom(General) Authorization in managed integrations for AWS IoT Device Management cloud connectors. -* `Aws\PartnerCentralSelling` - Releasing AWS Opportunity Snapshots for SDK release. -* `Aws\SageMaker` - Adding g7e instance support in Sagemaker Training -* `Aws\Deadline` - Adds support for tagging jobs during job creation -* `Aws\BedrockDataAutomationRuntime` - Add OutputConfiguration to InvokeDataAutomation input and output to support S3 output - -## 3.369.28 - 2026-02-05 - -* `Aws\Transfer` - Adds support for the customer to send custom HTTP headers and configure an AS2 Connector to receive Asynchronous MDNs from their trading partner -* `Aws\RAM` - Added ListSourceAssociations API. Allows RAM resource share owners to list source associations that determine which sources can access resources through service principal associations. Supports filtering by resource share ARN, source ID, source type, or status, with pagination. -* `Aws\BedrockAgentCoreControl` - Support Browser profile persistence (cookies and local storage) across sessions for AgentCore Browser. -* `Aws\Athena` - Reduces the minimum TargetDpus to create or update capacity reservations from 24 to 4. -* `Aws\BedrockAgentCore` - Support Browser profile persistence (cookies and local storage) across sessions for AgentCore Browser. -* `Aws\WorkSpaces` - Added support for 12 new graphics-optimized compute types - Graphics.g6 (xlarge, 2xlarge, 4xlarge, 8xlarge, 16xlarge), Graphics.gr6 (4xlarge, 8xlarge), Graphics.g6f (large, xlarge, 2xlarge, 4xlarge), and Graphics.gr6f (4xlarge). -* `Aws\Glue` - This release adds the capability to easily create custom AWS Glue connections to data sources with REST APIs. -* `Aws\NeptuneGraph` - Minor neptune-graph documentation changes -* `Aws\MediaLive` - Outputs using the AV1 codec in CMAF Ingest output groups in MediaLive now have the ability to specify a target bit depth of 8 or 10. -* `Aws\ARCRegionSwitch` - Updates documentation for ARC Region switch and provides stronger validation for Amazon Aurora Global Database execution block parameters. - -## 3.369.27 - 2026-02-04 - -* `Aws\Redshift` - We have increased the maximum duration for a deferred maintenance window from 45 days to 60 days for Amazon Redshift provisioned clusters. This enhancement provides customers with greater flexibility in scheduling patching and maintenance activities while also maintaining security compliance. -* `Aws\EKS` - Update delete cluster description -* `Aws\BedrockRuntime` - Added support for structured outputs to Converse and ConverseStream APIs. -* `Aws\MediaLive` - AWS Elemental MediaLive now supports SRT listener mode for inputs and outputs, in addition to the existing SRT caller mode. -* `Aws\ConnectCases` - Amazon Connect Cases now supports larger, multi-line text fields with up to 4,100 characters. Administrators can use the Admin UI to select the appropriate configuration (single-line or multi-line) on a per-field basis, improving case documentation capabilities. -* `Aws\WorkSpacesWeb` - Support for configuring and managing custom domain names for WorkSpaces Secure Browser portals. - -## 3.369.26 - 2026-02-03 - -* `Aws\GeoMaps` - Added support for optional style parameters in maps, including 3D terrain and 3D Buildings -* `Aws\Kinesis` - Adds StreamId parameter to AWS Kinesis Data Streams APIs that is reserved for future use. -* `Aws\Batch` - AWS Batch Array Job Visibility feature support. Includes new statusSummaryLastUpdatedAt for array job parent DescribeJobs responses for the last time the statusSummary was updated. Includes both statusSummary and statusSummaryLastUpdatedAt in ListJobs responses for array job parents. -* `Aws\SSOAdmin` - Added new Region management APIs to support multi-Region replication in IAM Identity Center. -* `Aws\MarketplaceCatalog` - Adds support for Catalog API us-east-1 dualstack endpoint catalog-marketplace.us-east-1.api.aws -* `Aws\Organizations` - Updated the CloseAccount description. -* `Aws\DynamoDB` - This change supports the creation of multi-account global tables. It adds two new arguments to CreateTable, GlobalTableSourceArn and GlobalTableSettingsReplicationMode. DescribeTable is also updated to include information about GlobalTableSettingsReplicationMode. - -## 3.369.25 - 2026-02-02 - -* `Aws\MPA` - Updates to multi-party approval (MPA) service to add support for multi-factor authentication (MFA) for voting operations. -* `Aws\CloudFront` - Add OriginMTLS support to CloudFront Distribution APIs -* `Aws\BedrockAgentCoreControl` - Adds tagging support for AgentCore Evaluations (evaluator and online evaluation config) - -## 3.369.24 - 2026-01-30 - -* `Aws\Connect` - This release adds Estimated Wait Time support to the GetContactMetrics API for Amazon Connect. -* `Aws\QuickSight` - Improve SessionTag usage guidelines in the GenerateEmbedURLForAnonymousUser API documentation. Update the GetIdentityContext document with the region support context. - -## 3.369.23 - 2026-01-29 - -* `Aws\EC2` - G7e instances feature up to 8 NVIDIA RTX PRO 6000 Blackwell Server Edition GPUs with 768 GB of memory and 5th generation Intel Xeon Scalable processors. Supporting up to 192 vCPUs, 1600 Gbps networking bandwidth with EFA, up to 2 TiB of system memory, and up to 15.2 TB of local NVMe SSD storage. -* `Aws\GameLift` - Amazon GameLift Servers now supports automatic scaling to and from zero instances based on game session activity. Fleets scale down to zero following a defined period of no game session activity and scale up from zero when game sessions are requested, providing an option for cost optimization. - -## 3.369.22 - 2026-01-28 - -* `Aws\Lambda` - We are launching ESM Metrics and logging for Kafka ESM to allow customers to monitor Kafka event processing using CloudWatch Metrics and Logs. -* `Aws\S3` - Adds support for the UpdateObjectEncryption API to change the server-side encryption type of objects in general purpose buckets. -* `Aws\MediaConnect` - This release adds support for NDI flow sources in AWS Elemental MediaConnect. You can now send content to your MediaConnect transport streams directly from your NDI environment using the new NDI source type. Also adds support for LARGE 4X flow size, which can be used when creating CDI JPEG-XS flows. -* `Aws\EC2` - SearchTransitGatewayRoutes API response now includes a NextToken field, enabling pagination when retrieving large sets of transit gateway routes. Pass the returned NextToken value in subsequent requests to retrieve the next page of results. -* `Aws\Connect` - Adds support for filtering search results based on tags assigned to contacts. -* `Aws\CognitoIdentityProvider` - This release adds support for a new lambda trigger to transform federated user attributes during the authentication with external identity providers on Cognito Managed Login. -* `Aws\MediaConvert` - This release adds a follow source mode for audio output channel count, an AES audio frame wrapping option for MXF outputs, and an option to signal DolbyVision compatibility using the SUPPLEMENTAL-CODECS tag in HLS manifests. -* `Aws\S3Control` - Adds support for the UpdateObjectEncryption API to change the server-side encryption type of objects in general purpose buckets. - -## 3.369.21 - 2026-01-27 - -* `Aws\SageMaker` - Idle resource sharing enables teams to borrow unused compute resources in your SageMaker HyperPod cluster. This capability maximizes resource utilization by allowing teams to borrow idle compute capacity beyond their allocated compute quotas. -* `Aws\Deadline` - AWS Deadline Cloud now supports editing job names and descriptions after submission. -* `Aws\MediaLive` - AWS Elemental MediaLive released two new features that allows customers 1) to set Output Timecode for AV1 encoder, 2) to set a Custom Epoch for CMAF Ingest and MediaPackage V2 output groups when using Pipeline Locking or Disabled Locking modes. -* `Aws\Connect` - Added support for task attachments. The StartTaskContact API now accepts file attachments, enabling customers to include files (.csv, .doc, .docx, .heic, .jfif, .jpeg, .jpg, .mov, .mp4, .pdf, .png, .ppt, .pptx, .rtf, .txt, etc.) when creating Task contacts. Supports up to 5 attachments per task. -* `Aws\EC2` - Releasing new EC2 instances. C8gb and M8gb with highest EBS performance, M8gn with 600 Gbps network bandwidth, X8aedz and M8azn with 5GHz AMD processors, X8i with Intel Xeon 6 processors and up to 6TB memory, and Mac-m4max with Apple M4 Max chip for 25 percent faster builds. - -## 3.369.20 - 2026-01-26 - -* `Aws\CloudWatchEvidently` - Deprecate all Evidently API for AWS CloudWatch Evidently deprecation -* `Aws\GroundStation` - Adds support for AWS Ground Station Telemetry. -* `Aws\EC2` - DescribeInstanceTypes API response now includes an additionalFlexibleNetworkInterfaces field, the number of interfaces attachable to an instance when using flexible Elastic Network Adapter (ENA) queues in addition to the base number specified by maximumNetworkInterfaces. -* `Aws\ConnectCases` - Amazon Connect now enables you to use tag-based access controls to define who can access specific cases. You can associate tags with case templates and configure security profiles to determine which users can access cases with those tags. - -## 3.369.19 - 2026-01-23 - -* `Aws\DataZone` - Added api for deleting data export configuration for a domain -* `Aws\QConnect` - Fixes incorrect types in the UpdateAssistantAIAgent API request, adds MESSAGE to TargetType enum, and other minor changes. -* `Aws\Connect` - Amazon Connect now offers public APIs to programmatically configure and run automated tests for contact center experiences. Integrate testing into CICD pipelines, run multiple tests at scale, and retrieve results via API to automate validation of voice interactions and workflows. - -## 3.369.18 - 2026-01-22 - -* `Aws\VerifiedPermissions` - Adding documentation to user guide and API documentation for how customers can create new encrypted policy stores by passing in their customer managed key during policy store creation. -* `Aws\MarketplaceMetering` - Customer Identifier parameter deprecation date has been removed. For new implementations, we recommend using the CustomerAWSAccountID. Your current integration will continue to work. When updating your implementation, consider migrating to CustomerAWSAccountID for improved integration. -* `Aws\DynamoDB` - Adds additional waiters to Amazon DynamoDB. -* `Aws\AutoScaling` - This release adds support for Amazon EC2 Auto Scaling group deletion protection -* `Aws\Budgets` - Add Budget FilterExpression and Metrics fields to DescribeBudgetPerformanceHistory to support more granular filtering options. -* `Aws\Health` - Updates the lower range for the maxResults request property for DescribeAffectedEntities, DescribeAffectedEntitiesForOrganization, DescribeEvents, and DescribeEventsForOrganization API request properties. -* `Aws\EC2` - Add better support for fractional GPU instances in DescribeInstanceTypes API. The new fields, logicalGpuCount, gpuPartitionSize, and workload array enable better GPU resource selection and filtering for both full and fractional GPU instance types. -* `Aws\GuardDuty` - Adding new enum value for ScanStatusReason -* `Aws\GameLift` - Amazon GameLift Servers Realtime now supports Node.js 24.x runtime on the Amazon Linux 2023 operating system. - -## 3.369.17 - 2026-01-21 - -* `Aws\BedrockAgentCore` - Supports custom browser extensions for AgentCore Browser and increased message payloads up to 100KB per message in an Event for AgentCore Memory -* `Aws\EC2` - Added support of multiple EBS cards. New EbsCardIndex parameter enables attaching volumes to specific EBS cards on supported instance types for improved storage performance. -* `Aws\QuickSight` - Added documentation and model for sheet layout groups - allows sheet elements to be grouped, Added documentation and the feature enables admins to have granular control over connectors under actions, Updated API documentation for PDF Export in Snapshot Export APIs -* `Aws\ConfigService` - AWS Config Conformance Packs now support tag-on-create through PutConformancePack API. - -## 3.369.16 - 2026-01-20 - -* `Aws\VerifiedPermissions` - Amazon Verified Permissions now supports encryption of resources by a customer managed KMS key. Customers can now create new encrypted policy stores by passing in their customer managed key during policy store creation. -* `Aws\AutoScaling` - This release adds support for three new filters when describing scaling activities, StartTimeLowerBound, StartTimeUpperBound, and Status. -* `Aws\Keyspaces` - Adds support for managing table pre-warming in Amazon Keyspaces (for Apache Cassandra) -* `Aws\BedrockRuntime` - Added support for extended prompt caching with one hour TTL. -* `Aws\Odb` - Adds support for associating and disassociating IAM roles with Autonomous VM cluster resources through the AssociateIamRoleToResource and DisassociateIamRoleFromResource APIs. The GetCloudAutonomousVmCluster and ListCloudAutonomousVmClusters API responses now include the iamRoles field. -* `Aws\WorkspacesInstances` - Added billing configuration support for WorkSpaces Instances with monthly and hourly billing modes, including new filtering capabilities for instance type searches. - -## 3.369.15 - 2026-01-16 - -* `Aws\Glacier` - Documentation updates for Amazon Glacier's maintenance mode -* `Aws\ResourceExplorer2` - Added ViewName to View-related responses and ServiceViewName to GetServiceView response. -* `Aws\LaunchWizard` - Added UpdateDeployment, ListDeploymentPatternVersions and GetDeploymentPatternVersion APIs for Launch Wizard -* `Aws\Connect` - Adds support to allow customers to create form with Dispute configuration -* `Aws\SageMaker` - Adding security consideration comments for lcc accessing execution role under root access -* `Aws\DataZone` - This release adds support for numeric filtering and complex free-text searches cases for the Search and SearchListings APIs. - -## 3.369.14 - 2026-01-15 - -* `Aws\QConnect` - Fix inference configuration shapes for the CreateAIPrompt and UpdateAIPrompt APIs, Modify Text Length Limit for SendMessage API -* `Aws\EC2` - This release includes documentation updates to support up to four Elastic Volume modifications per Amazon EBS volume within a rolling 24-hour period. -* `Aws\LakeFormation` - API Changes for GTCForLocation feature. Includes a new API, GetTemporaryDataLocationCredentials and updates to the APIs RegisterResource and UpdateResource -* `Aws\OpenSearchServerless` - Collection groups in Amazon OpenSearch Serverless enables to organize multiple collections and enable compute resource sharing across collections with different KMS keys. This shared compute model reduces costs by eliminating the need for separate OpenSearch Compute Units (OCUs) for each KMS key. -* `Aws\CleanRooms` - This release adds support for parameters in PySpark analysis templates. -* `Aws\Deadline` - AWS Deadline Cloud now supports tagging Budget resources with ABAC for permissions management and selecting up to 16 filter values in the monitor and Search API. -* `Aws\Evs` - A new GetVersions API has been added to retrieve VCF, ESX versions, and EC2 instances provided by Amazon EVS. The CreateEnvironment API now allows you to select a VCF version and the CreateEnvironmentHost API introduces a optional esxVersion parameter. -* `Aws\ECS` - Adds support for configuring FIPS in AWS GovCloud (US) Regions via a new ECS Capacity Provider field fipsEnabled. When enabled, instances launched by the capacity provider will use a FIPS-140 enabled AMI. Instances will use FIPS-140 compliant cryptographic modules and AWS FIPS endpoints. - -## 3.369.13 - 2026-01-14 - -* `Aws\RDS` - no feature changes. model migrated to Smithy -* `Aws\Redshift` - Adds support for enabling extra compute resources for automatic optimization during create and modify operations in Amazon Redshift clusters. -* `Aws\RedshiftServerless` - Adds support for enabling extra compute resources for automatic optimization during create and update operations in Amazon Redshift Serverless workgroups. -* `Aws\SocialMessaging` - This release clarifies WhatsApp template operations as a resource-authenticated operation via the parent WhatsApp Business Account. It also introduces new parameters for parameter format, CTA URL link tracking, and template body examples, and increases the phone number ID length. -* `Aws\EKS` - Added support for BOTTLEROCKET NVIDIA FIPS AMIs to AMI types in US regions. -* `Aws\CostExplorer` - Cost Categories added support to BillingView data filter expressions through the new costCategories parameter, enabling users to filter billing views by AWS Cost Categories for more granular cost management and allocation. -* `Aws\Connect` - Amazon Connect makes it easier to manage contact center operating hours by enabling automated scheduling for recurring events like holidays and maintenance windows. Set up recurring patterns (weekly, monthly, etc.) or link to another hours of operation to inherit overrides. - -## 3.369.12 - 2026-01-13 - -* `Aws\DataZone` - Adds support for IAM role subscriptions to Glue table listings via CreateSubscriptionRequest API. Also adds owningIamPrincipalArn filter to List APIs and subscriptionGrantCreationMode parameter to subscription target APIs for controlling grant creation behavior. -* `Aws\Bedrock` - This change will increase TestCase guardContent input size from 1024 to 2028 characters and PolicyBuildDocumentDescription from 2000 to 4000 characters - -## 3.369.11 - 2026-01-12 - -* `Aws\IoTManagedIntegrations` - This release introduces WiFi Simple Setup (WSS) enabling device provisioning via barcode scanning with automated network discovery, authentication, and credential provisioning. Additionally, it introduces 2P Device Capability Rediscovery for updating hub-managed device capabilities post-onboarding. -* `Aws\SageMaker` - Added ultraServerType to the UltraServerInfo structure to support server type identification for SageMaker HyperPod -* `Aws\Billing` - Cost Categories filtering support to BillingView data filter expressions through the new costCategories parameter, enabling users to filter billing views by AWS Cost Categories for more granular cost management and allocation. - -## 3.369.10 - 2026-01-09 - -* `Aws\CloudFront` - Added EntityLimitExceeded exception handling to the following API operations AssociateDistributionWebACL, AssociateDistributionTenantWebACL, UpdateDistributionWithStagingConfig -* `Aws\Glue` - Adding MaterializedViews task run APIs -* `Aws\TranscribeService` - Adds waiters to Amazon Transcribe. -* `Aws\BedrockAgentCoreControl` - Adds optional field "view" to GetMemory API input to give customers control over whether CMK encrypted data such as strategy decryption or override prompts is returned or not. -* `Aws\MediaLive` - MediaPackage v2 output groups in MediaLive can now accept one additional destination for single pipeline channels and up to two additional destinations for standard channels. MediaPackage v2 destinations now support sending to cross region MediaPackage channels. - -## 3.369.9 - 2026-01-07 - -* `Aws\WorkSpaces` - Add StateMessage and ProgressPercentage fields to DescribeCustomWorkspaceImageImport API response. - -## 3.369.8 - 2026-01-06 - -* `Aws\EMRServerless` - Added support for enabling disk encryption using customer managed AWS KMS keys to CreateApplication, UpdateApplication and StartJobRun APIs. -* `Aws\CostExplorer` - This release updates existing reservation recommendations API to support deployment model. - -## 3.369.7 - 2026-01-05 - -* `Aws\CleanRoomsML` - AWS Clean Rooms ML now supports advanced Spark configurations to optimize SQL performance when creating an MLInputChannel or an audience generation job. - -## 3.369.6 - 2026-01-02 - -* `Aws\S3` - Adds deprecation notices to `S3EncryptionClient` and `S3EncryptionClientV2` -* `Aws\CleanRooms` - Added support for publishing detailed metrics to CloudWatch for operational monitoring of collaborations, including query performance and resource utilization. -* `Aws\IdentityStore` - This change introduces "Roles" attribute for User entities supported by AWS Identity Store SDK. - -## 3.369.5 - 2025-12-30 - -* `Aws\Signature` - Ensure SignatureV4 sorts query parameters by their URL-encoded names before canonicalization, so array-style keys like param[10] no longer disrupt the canonical order and break signature validation. -* `Aws\KafkaConnect` - This change sets the KafkaConnect GovCloud FIPS and FIPS DualStack endpoints to use kafkaconnect instead of kafkaconnect-fips as the service name. This is done to match the Kafka endpoints. -* `Aws\Connect` - Adds support for searching global contacts using the ActiveRegions filter, and pagination support for ListSecurityProfileFlowModules and ListEntitySecurityProfiles. - -## 3.369.4 - 2025-12-29 - -* `Aws\QuickSight` - This release adds support for quick users to be able to perform role upgrades on their own. Additionally it allows admins to make this feature admin or auto approval along with new self upgrade capability that can be restricted by Admins. -* `Aws\Connect` - Changes for Contact for Global Search - -## 3.369.3 - 2025-12-26 - -* `Aws\MediaLive` - AWS Elemental MediaLive now supports Pipeline Locking using Video Alignment as well as linked single pipeline channels to enable cross-channel and cross-region Pipeline Locking workflows. - -## 3.369.2 - 2025-12-23 - -* `Aws\` - Removes `ElasticTranscoderClient` and its dependencies. This service has been deprecated. -* `Aws\PinpointSMSVoiceV2` - This release adds support for the Registration Reviewer feature, which provides generative AI feedback on a phone number or sender ID registration to ensure completeness before sending to downstream (carrier) review. -* `Aws\GeoPlaces` - Adds support for InferredSecondaryAddress place type, Designator in SecondaryAddressComponent and Heading in ReverseGeocode. -* `Aws\S3` - Add additional validation to Outpost bucket names. - -## 3.369.1 - 2025-12-22 - -* `Aws\` - Allow `stdClass` in `Validator` for document types for empty documents to be encoded as JSON objects rather than arrays. -* `Aws\GuardDuty` - Make accountIds a required field in GetRemainingFreeTrialDays API to reflect service behavior. -* `Aws\EC2` - Adds support for linkedGroupId on the CreatePlacementGroup and DescribePlacementGroups APIs. The linkedGroupId parameter is reserved for future use. -* `Aws\PCS` - Change API Reference Documentation for default Mode in Accounting and SlurmRest -* `Aws\ConfigService` - Added supported resourceTypes for Config from July to November 2025 - -## 3.369.0 - 2025-12-19 - -* `Aws\EMRServerless` - Added JobLevelCostAllocationConfiguration field to enable cost allocation reporting at the job level, providing more granular visibility into EMR Serverless charges -* `Aws\Connect` - Adding support for Custom Metrics and Pre-Defined Attributes to GetCurrentMetricData API. -* `Aws\QBusiness` - It is a internal bug fix for region expansion -* `Aws\IoT` - This release adds event-based logging feature that enables granular event logging controls for AWS IoT logs. -* `Aws\WorkSpacesWeb` - Add support for WebAuthn under user settings. -* `Aws\ARCRegionSwitch` - Automatic Plan Execution Reports allow customers to maintain a concise record of their Region switch Plan executions. This enables customer SREs and leadership to have a clear view of their recovery posture based on the generated reports for their Plan executions. -* `Aws\Wickr` - AWS Wickr now provides a suite of admin APIs to allow you to programmatically manage secure communication for Wickr networks at scale. These APIs enable you to automate administrative workflows including user lifecycle management, network configuration, and security group administration. - -## 3.368.2 - 2025-12-18 - -* `Aws\SsmSap` - Added "Stopping" for the HANA Database Status. -* `Aws\OpenSearchService` - Amazon OpenSearch Service adds support for warm nodes, enabling new multi-tier architecture. -* `Aws\ECR` - Adds support for ECR Create On Push -* `Aws\BedrockDataAutomation` - Blueprint Optimization (BPO) is a new Amazon Bedrock Data Automation (BDA) capability that improves blueprint inference accuracy using example content assets and ground truth data. BPO works by generating better instructions for fields in the Blueprint using provided data. -* `Aws\SESv2` - Amazon SES introduces Email Validation feature which checks email addresses for syntax errors, domain validity, and risky addresses to help maintain deliverability and protect sender reputation. SES also adds resource tagging and ABAC support for EmailTemplates and CustomVerificationEmailTemplates. -* `Aws\IoT` - This release adds message batching for the IoT Rules Engine HTTP action. -* `Aws\Artifact` - Add support for ListReportVersions API for the calling AWS account. -* `Aws\CleanRooms` - Adding support for collaboration change requests requiring an approval workflow. Adding support for change requests that grant or revoke results receiver ability and modifying auto approved change types in an existing collaboration. -* `Aws\AppStream` - Added support for new operating systems (1) Ubuntu 24.04 Pro LTS on Elastic fleets, and (2) Microsoft Server 2025 on Always-On and On-Demand fleets -* `Aws\BedrockAgentCoreControl` - Feature to support header exchanges between Bedrock AgentCore Gateway Targets and client, along with propagating query parameter to the configured targets. -* `Aws\ARCRegionSwitch` - New API to list Route 53 health checks created by ARC region switch for a plan in a specific AWS Region using the Region switch Regional data plane. -* `Aws\ECS` - Adding support for Event Windows via a new ECS account setting "fargateEventWindows". When enabled, ECS Fargate will use the configured event window for patching tasks. Introducing "CapacityOptionType" for CreateCapacityProvider API, allowing support for Spot capacity for ECS Managed Instances. -* `Aws\EC2` - This release adds AvailabilityZoneId support for CreateFleet, ModifyFleet, DescribeFleets, RequestSpotFleet, ModifySpotFleetRequests and DescribeSpotFleetRequests APIs. - -## 3.368.1 - 2025-12-17 - -* `Aws\MediaConvert` - Adds support for tile encoding in HEVC and audio for video overlays. -* `Aws\GameLiftStreams` - Added new stream group operation parameters for scale-on-demand capacity with automatic prewarming. Added new Gen6 stream classes based on the EC2 G6 instance family. Added new StartStreamSession parameter for exposure of real-time performance stats to clients. -* `Aws\PaymentCryptography` - Support for AS2805 standard. Modifications to import-key and export-key to support AS2805 variants. -* `Aws\PaymentCryptographyData` - Support for AS2805 standard. New API GenerateAs2805KekValidation and changes to translate pin, GenerateMac and VerifyMac to support AS2805 key variants. -* `Aws\SageMaker` - Adding the newly launched p6-b300.48xlarge ec2 instance support in Sagemaker(Hyperpod,Training and Sceptor) -* `Aws\KafkaConnect` - Support dual-stack network connectivity for connectors via NetworkType field. -* `Aws\GuardDuty` - Add support for dbiResourceId in finding. -* `Aws\InspectorScan` - Adds an additional OutputFormat -* `Aws\MediaPackageV2` - This release adds support for SPEKE V2 content key encryption in MediaPackage v2 Origin Endpoints. - -## 3.368.0 - 2025-12-16 - -* `Aws\S3` - A new `S3EncryptionClient` implementation and a new `KmsMaterialProvider` implementation. `S3EncryptionClientV3` now supports writing and reading objects with Key Commitment. `KmsMaterialProviderV3` now supports verifying supplied encryption context on `decryptCek` calls. -* `Aws\TimestreamInfluxDB` - This release adds support for rebooting InfluxDB DbInstances and DbClusters -* `Aws\IoT` - Add support for dynamic payloads in IoT Device Management Commands - -## 3.367.3 - 2025-12-15 - -* `Aws\MediaTailor` - Added support for Ad Decision Server Configuration enabling HTTP POST requests with custom bodies, headers, GZIP compression, and dynamic variables. No changes required for existing GET request configurations. -* `Aws\Connect` - Amazon Connect now supports outbound WhatsApp contacts via the Send message block or StartOutboundChatContact API. Send proactive messages for surveys, reminders, and updates. Offer customers the option to switch to WhatsApp while in queue, eliminating hold time. -* `Aws\BedrockAgentCoreControl` - This release updates broken links for AgentCore Policy APIs in the AWS CLI and SDK resources. -* `Aws\Glacier` - Documentation updates for Amazon Glacier's maintenance mode -* `Aws\Route53Resolver` - Adds support for enabling detailed metrics on Route 53 Resolver endpoints using RniEnhancedMetricsEnabled and TargetNameServerMetricsEnabled in the CreateResolverEndpoint and UpdateResolverEndpoint APIs, providing enhanced visibility into Resolver endpoint and target name server performance. -* `Aws\CloudWatchLogs` - This release allows you to import your historical CloudTrail Lake data into CloudWatch with a few steps, enabling you to easily consolidate operational, security, and compliance data in one place. -* `Aws\EC2` - EC2 Capacity Manager now supports SpotTotalCount, SpotTotalInterruptions and SpotInterruptionRate metrics for both vCPU and instance units. -* `Aws\S3` - This release adds support for the new optional field 'LifecycleExpirationDate' in S3 Inventory configurations. -* `Aws\Health` - Updating Health API endpoint generation for dualstack only regions -* `Aws\EntityResolution` - Support Customer Profiles Integration for AWS Entity Resolution -* `Aws\ServiceQuotas` - Add support for SQ Dashboard Api - -## 3.367.2 - 2025-12-12 - -* `Aws\WorkSpacesWeb` - Adds support for portal branding customization, enabling administrators to personalize end-user portals with custom assets. -* `Aws\Connect` - Amazon Connect now offers automated post-chat surveys triggered when customers end conversations. This captures timely feedback while experience is fresh, using either a no-code form builder or Amazon Lex-powered interactive surveys. -* `Aws\BCMRecommendedActions` - Added new freetier action types to RecommendedAction.type. -* `Aws\DataSync` - Adds Enhanced mode support for NFS and SMB locations. SMB credentials are now managed via Secrets Manager, and may be encrypted with service or customer managed keys. Increases AgentArns maximum count to 8 (max 4 per TaskMode). Adds folder counters to DescribeTaskExecution for Enhanced mode tasks. - -## 3.367.1 - 2025-12-11 - -* `Aws\SESv2` - Update GetEmailIdentity and CreateEmailIdentity response to include SigningHostedZone in DkimAttributes. Updated PutEmailIdentityDkimSigningAttributes Response to include SigningHostedZone. -* `Aws\Lambda` - Add Dotnet 10 (dotnet10) support to AWS Lambda. -* `Aws\QuickSight` - This release adds new GetIdentityContext API, Dashboard customization options for tables and pivot tables, Visual styling options- borders and decals, map GeocodingPreferences, KeyPairCredentials for DataSourceCredentials. Snapshot APIs now support registered users. Parameters limit increased to 400 -* `Aws\Organizations` - Add support for policy operations on the NETWORK SECURITY DIRECTOR POLICY policy type. -* `Aws\SecretsManager` - Add SortBy parameter to ListSecrets - -## 3.367.0 - 2025-12-10 - -* `Aws\S3` - A new S3 Transfer Manager implementation with multipart download capabilities. It allows better ways to configure each operation. Includes Progress Tracking, Transfer Event Listeners, and Automatic Multipart Uploads/Downloads. -* `Aws\signer` - Adds support for Signer GetRevocationStatus with updated endpoints -* `Aws\Odb` - The following APIs now return CloudExadataInfrastructureArn and OdbNetworkArn fields for improved resource identification and AWS service integration - GetCloudVmCluster, ListCloudVmClusters, GetCloudAutonomousVmCluster, and ListCloudAutonomousVmClusters. -* `Aws\BillingConductor` - Launch itemized custom line item and service line item filter -* `Aws\CloudWatch` - This release introduces two additional protocols AWS JSON 1.1 and Smithy RPC v2 CBOR, replacing the currently utilized one, AWSQuery. AWS SDKs will prioritize the protocol that is the most performant for each language. -* `Aws\PartnerCentralSelling` - Adds support for the new Project.AwsPartition field on Opportunity and AWS Opportunity Summary. Use this field to specify the AWS partition where the opportunity will be deployed. -* `Aws\OpenSearchService` - The CreateApplication API now supports an optional kms key arn parameter to allow customers to specify a CMK for application encryption. -* `Aws\Bedrock` - Automated Reasoning checks in Amazon Bedrock Guardrails is capable of generating policy scenarios to validate policies. The GetAutomatedReasoningPolicyBuildWorkflowResultAssets API now adds POLICY SCENARIO asset type, allowing customers to retrieve scenarios generated by the build workflow. - -## 3.366.4 - 2025-12-09 - -* `Aws\IVSRealTime` - Token Exchange introduces seamless token exchange capabilities for IVS RTX, enabling customers to upgrade or downgrade token capabilities and update token attributes within the IVS client SDK without forcing clients to disconnect and reconnect. -* `Aws\Account` - This release adds a new API (GetGovCloudAccountInformation) used to retrieve information about a linked GovCloud account from the standard AWS partition. -* `Aws\Route53` - Amazon Route 53 now supports the EU (Germany) Region (eusc-de-east-1) for latency records, geoproximity records, and private DNS for Amazon VPCs in that region -* `Aws\AppSync` - Update Event API to require EventConfig parameter in creation and update requests. -* `Aws\GuardDuty` - Adding support for Ec2LaunchTemplate Version field -* `Aws\mgn` - Added parameters encryption, IPv4/IPv6 protocol configuration, and enhanced tagging support for replication operations. - -## 3.366.3 - 2025-12-08 - -* `Aws\EC2` - Amazon EC2 P6-B300 instances provide 8x NVIDIA Blackwell Ultra GPUs with 2.1 TB high bandwidth GPU memory, 6.4 Tbps EFA networking, 300 Gbps dedicated ENA throughput, and 4 TB of system memory. Amazon EC2 C8a instances are powered by 5th Gen AMD EPYC processors with a maximum frequency of 4.5 GHz. -* `Aws\RolesAnywhere` - Increases certificate string length for trust anchor source data to support ML-DSA certificates. -* `Aws\PartnerCentralSelling` - Deal Sizing Service for AI-based deal size estimation with AWS service-level breakdown, supporting Expansion and Migration deals across Technology, and Reseller partner cohorts, including Pricing Calculator AddOn for MAP deals and funding incentives. -* `Aws\RDS` - Adding support for tagging RDS Instance/Cluster Automated Backups -* `Aws\IdentityStore` - Updating AWS Identity Store APIs to support Attribute Extensions capability, with the first release adding Enterprise Attributes. This launch aligns Identity Store APIs with SCIM for enterprise attributes, reducing cases when customers are forced to use SCIM due to lack of SigV4 API support. -* `Aws\RedshiftServerless` - Added GetIdentityCenterAuthToken API to retrieve encrypted authentication tokens for Identity Center integrated serverless workgroups. This API enables programmatic access to secure Identity Center tokens with proper error handling and parameter validation across supported SDK languages. -* `Aws\SESv2` - Update Mail Manager Archive ARN validation -* `Aws\CostExplorer` - Add support for Cost Category resource associations including filtering by resource type on ListCostCategoryDefinitions and new ListCostCategoryResourceAssociations API. - -## 3.366.2 - 2025-12-05 - -* `Aws\` - Enhance exponential delay calculation to reduce the possibilities of having 0 as the delay. -* `Aws\SESv2` - Updating the desired url for `PutEmailIdentityDkimSigningAttributes` from v1 to v2 -* `Aws\PartnerCentralAccount` - Adding Verification API's to Partner Central Account SDK. -* `Aws\ECS` - Updating stop-task API to encapsulate containers with custom stop signal -* `Aws\Inspector2` - This release adds a new ScanStatus called "Unsupported Code Artifacts". This ScanStatus will be returned when a Lambda function was not code scanned because it has unsupported code artifacts. -* `Aws\IAM` - Adding the ExpirationTime attribute to the delegation request resource. - -## 3.366.1 - 2025-12-04 - -* `Aws\Lambda` - Add DisallowedByVpcEncryptionControl to the LastUpdateStatusReasonCode and StateReasonCode enums to represent failures caused by VPC Encryption Controls. - -## 3.366.0 - 2025-12-03 - -* `Aws\` - Adds support for PHP 8.5 -* `Aws\Bedrock` - Adding support in Amazon Bedrock to customize models with reinforcement fine-tuning (RFT) and support for updating the existing Custom Model Deployments. -* `Aws\SageMaker` - Introduces Serverless training: A fully managed compute infrastructure that abstracts away all infrastructure complexity, allowing you to focus purely on model development. Added AI model customization assets used to train, refine, and evaluate custom models during the model customization process. - -## 3.365.0 - 2025-12-02 - -* `Aws\` - Fixed an issue in NonSeekableStreamDecodingEventStreamIterator where partial reads from non-seekable streams could result in truncated payloads and CRC mismatches. -* `Aws\RDS` - RDS Oracle and SQL Server: Add support for adding, modifying, and removing additional storage volumes, offering up to 256TiB storage; RDS SQL Server: Support Developer Edition via custom engine versions for development and testing purposes; M7i/R7i instances with Optimize CPU for cost savings. -* `Aws\S3Tables` - Add storage class, replication, and table record expiration features to S3 Tables. -* `Aws\S3Vectors` - Amazon S3 Vectors provides cost-effective, elastic, and durable vector storage for queries based on semantic meaning and similarity. -* `Aws\Lambda` - Launching Lambda durable functions - a new feature to build reliable multi-step applications and AI workflows natively within the Lambda developer experience. -* `Aws\CostExplorer` - This release updates existing Savings Plans Purchase Analyzer and Recommendations APIs to support Database Savings Plans. -* `Aws\OpenSearchServerless` - GPU-acceleration helps you build large-scale vector databases faster and more efficiently. You can enable this feature on new OpenSearch domains and OpenSearch Serverless collections. This feature uses GPU-acceleration to reduce the time needed to index data into vector indexes. -* `Aws\SavingsPlans` - Added support for Amazon Database Savings Plans -* `Aws\BedrockAgentCore` - Support for AgentCore Evaluations and Episodic memory strategy for AgentCore Memory. -* `Aws\S3` - New S3 Storage Class FSX_ONTAP -* `Aws\GuardDuty` - Adding support for extended threat detection for Amazon EC2 and Amazon ECS. Adding support for wild card suppression rules. -* `Aws\Bedrock` - Adds the audioDataDeliveryEnabled boolean field to the Model Invocation Logging Configuration. -* `Aws\CloudWatchLogs` - CloudWatch Logs adds managed S3 Tables integration to access logs using other analytical tools, as well as facets and field indexing to simplify log analytics in CloudWatch Logs Insights. -* `Aws\OpenSearchService` - GPU-acceleration helps you build large-scale vector databases faster and more efficiently. You can enable this feature on new OpenSearch domains and OpenSearch Serverless collections. This feature uses GPU-acceleration to reduce the time needed to index data into vector indexes. -* `Aws\NovaAct` - Initial release of Nova Act SDK. The Nova Act service enables customers to build and manage fleets of agents for automating production UI workflows with high reliability, fastest time-to-value, and ease of implementation at scale. -* `Aws\BedrockRuntime` - Adds support for Audio Blocks and Streaming Image Output plus new Stop Reasons of malformed_model_output and malformed_tool_use. -* `Aws\BedrockAgentCoreControl` - Supports AgentCore Evaluations, Policy, Episodic Memory Strategy, Resource Based Policy for Runtime and Gateway APIs, API Gateway Rest API Targets and enhances JWT authorizer. -* `Aws\SecurityHub` - ITSM enhancements: DRYRUN mode for testing ticket creation, ServiceNow now uses AWS Secrets Manager for credentials, ConnectorRegistrationsV2 renamed to RegisterConnectorV2, added ServiceQuotaExceededException error, and ConnectorStatus visibility in CreateConnectorV2. -* `Aws\SageMaker` - Added support for serverless MLflow Apps. Added support for new HubContentTypes (DataSet and JsonDoc) in Private Hub for AI model customization assets, enabling tracking and management of training datasets and evaluators (reward functions/prompts) throughout the ML lifecycle. -* `Aws\DataZone` - Amazon DataZone now supports exporting Catalog datasets as Amazon S3 tables, and provides automatic business glossary term suggestions for data assets. -* `Aws\FSx` - S3 Access Points support for FSx for NetApp ONTAP -* `Aws\ObservabilityAdmin` - CloudWatch Observability Admin adds pipelines configuration for third party log ingestion and transformation of all logs ingested, integration of CloudWatch logs with S3 Tables, and AWS account or organization level enablement for 7 AWS services. -* `Aws\S3Control` - Add support for S3 Storage Lens Advanced Performance Metrics, Expanded Prefixes metrics report, and export to S3 Tables. - -## 3.364.0 - 2025-12-01 - -* `Aws\Connect` - This is a combined re:Invent release for Amazon Connect. -* `Aws\CustomerProfiles` - This release introduces, CRUD APIs for the DomainObjectType and Recommender resources, APIs to offer statistical insights on Object Type Attributes, Changes to SegmentDefinition APIs to support SQL queries to create Segments, and Changes to Domain APIs to support Data Store. -* `Aws\CleanRooms` - AWS Clean Rooms now supports privacy-enhancing synthetic dataset generation for custom ML training. -* `Aws\PartnerCentralSelling` - New Features: Lead Management APIs for capturing and nurturing leads Lead invitation support for partner collaboration Lead-to-opportunity conversion operations AWS Marketplace OfferSets support for opportunities -* `Aws\Personalize` - This release adds support for includedDatasetColumns and performIncrementalUpdate in solution APIs, and rankingInfluence in campaign and batch inference APIs. -* `Aws\PartnerCentralAccount` - Initial GA launch of Partner Central Account -* `Aws\MarketplaceCatalog` - This release introduces offer set entity in AWS Marketplace Catalog API to enable multi-product transaction. Offer set enables sellers to group multiple private offers into a single-click purchase experience, simplifying procurement for customers purchasing multi-product solutions. -* `Aws\AppIntegrationsService` - This release adds support for MCP servers via the ApplicationType field, allowing customers to register their Bedrock AgentCore gateways as third party applications. -* `Aws\BedrockAgent` - Support audio and video ingestion on Bedrock Knowledge Bases. -* `Aws\Lambda` - Launching Lambda Managed Instances - a new feature to run Lambda on EC2. -* `Aws\ConnectCampaignsV2` - This release added support for new WhatsApp channel and Journey type outbound campaign -* `Aws\Route53GlobalResolver` - Add SDK for Amazon Route 53 Global Resolver, a fully managed DNS resolver service that offers broad DNS-filtering security controls. -* `Aws\BedrockAgentRuntime` - Support audio and video content retrieval on Bedrock Knowledge Bases. -* `Aws\CleanRoomsML` - AWS Clean Rooms ML now supports privacy-enhancing synthetic dataset generation for custom ML training. -* `Aws\Glue` - feature: Glue: Add support for Iceberg materialized view in Glue Data Catalog, including updated CreateTable API to support materialized views and new APIs for managing data refresh for materialized views. feature: Glue: Add support for Iceberg table encryption keys and struct field defaults. -* `Aws\LexModelsV2` - Adds support for speech-to-speech models for human-like, adaptive, and expressive voice interactions. Also adds support for speech model preference, allowing customers to select which speech model they want to use for speech-to-text requests. -* `Aws\EKS` - This release adds support for EKS Capabilities -* `Aws\ConnectParticipant` - Amazon Connect now supports message processing that intercepts and processes chat messages before they reach any participant. -* `Aws\QConnect` - New AIAgent types: Orchestration for ModelContextProtocol tool integration, CaseSummary for Amazon Connect Case summaries, NoteTaker for Agent Assistance notes. Added ListSpans and Retrieve APIs. Enhanced Q in Connect AssistantAssociationType to support Bring Your Own Bedrock Knowledge Bases. -* `Aws\PartnerCentralBenefits` - Initial GA launch of Partner Central Benefits -* `Aws\MarketplaceAgreement` - This release supports 1/multi-product transactions via offer sets. DescribeAgreement and SearchAgreements APIs now return offer set IDs. SearchAgreements also supports filtering by offer set ID and 2/variable payment pricing terms will be returned through GetAgreementTerms. - -## 3.363.3 - 2025-11-26 - -* `Aws\ComputeOptimizer` - Compute Optimizer now identifies idle NAT Gateway resources for cost optimization based on traffic patterns and backup configuration analysis. Access recommendations via the GetIdleRecommendations API. -* `Aws\CostOptimizationHub` - This release enables AWS Cost Optimization Hub to show cost optimization recommendations for NAT Gateway. -* `Aws\BedrockRuntime` - Bedrock Runtime Reserved Service Support - -## 3.363.2 - 2025-11-25 - -* `Aws\EC2` - This release adds support to view Network firewall proxy appliances attached to an existing NAT Gateway via DescribeNatGateways API NatGatewayAttachedAppliance structure. -* `Aws\Route53` - Adds support for new route53 feature: accelerated recovery. -* `Aws\Organizations` - Add support for policy operations on the S3_POLICY and BEDROCK_POLICY policy type. -* `Aws\NetworkFirewall` - Network Firewall release of the Proxy feature. - -## 3.363.1 - 2025-11-24 - -* `Aws\CloudFront` - Add TrustStore, ConnectionFunction APIs to CloudFront SDK -* `Aws\CloudWatchLogs` - New CloudWatch Logs feature - LogGroup Deletion Protection, a capability that allows customers to safeguard their critical CloudWatch log groups from accidental or unintended deletion. - -## 3.363.0 - 2025-11-21 - -* `Aws\SecurityIR` - Add ListInvestigations and SendFeedback APIs to support SecurityIR AI agents -* `Aws\MailManager` - Add support for resources in the aws-eusc partition. -* `Aws\ECR` - Add support for ECR managed signing -* `Aws\Athena` - Introduces Spark workgroup features including log persistence, S3/CloudWatch delivery, UI and History Server APIs, and SparkConnect 3.5.6 support. Adds DPU usage limits at workgroup and query levels as well as DPU usage tracking for Capacity Reservation queries to optimize performance and costs. -* `Aws\CloudFormation` - Adds the DependsOn field to the AutoDeployment configuration parameter for CreateStackSet, UpdateStackSet, and DescribeStackSet APIs, allowing users to set and read auto-deployment dependencies between StackSets -* `Aws\KMS` - Support for on-demand rotation of AWS KMS Multi-Region keys with imported key material -* `Aws\KinesisVideo` - This release adds support for Tiered Storage -* `Aws\APIGateway` - API Gateway supports VPC link V2 for REST APIs. -* `Aws\Odb` - Adds AssociateIamRoleToResource and DisassociateIamRoleFromResource APIs for managing IAM roles. Enhances CreateOdbNetwork and UpdateOdbNetwork APIs with KMS, STS, and cross-region S3 parameters. Adds OCI identity domain support to InitializeService API. -* `Aws\BedrockAgentCoreControl` - Support for agentcore gateway interceptor configurations and NONE authorizer type -* `Aws\ComputeOptimizerAutomation` - Initial release of AWS Compute Optimizer Automation. Create automation rules to implement recommended actions on a recurring schedule based on your specified criteria. Supported actions include: snapshot and delete unattached EBS volumes and upgrade volume types to the latest generation. -* `Aws\RDS` - Add support for Upgrade Rollout Order -* `Aws\SESv2` - Added support for new SES regions - Asia Pacific (Malaysia) and Canada (Calgary) -* `Aws\Organizations` - Add support for policy operations on the UPGRADE_ROLLOUT_POLICY policy type. -* `Aws\ControlTower` - The manifest field is now optional for the AWS Control Tower CreateLandingZone and UpdateLandingZone APIs for Landing Zone version 4.0 -* `Aws\MediaPackageV2` - Adds support for excluding session key tags from HLS multivariant playlists -* `Aws\Connect` - New APIs to support aliases and versions for ContactFlowModule. Updated ContactFlowModule APIs to support custom blocks. -* `Aws\QConnect` - This release introduces two new messaging channel subtypes: Push, WhatsApp, under MessageTemplate which is a resource in Amazon Q in Connect. -* `Aws\BedrockRuntime` - Add support to automatically enforce safeguards across accounts within an AWS Organization. -* `Aws\ElasticLoadBalancingv2` - This release adds the health check log feature in ALB, allowing customers to send detailed target health check log data directly to their designated Amazon S3 bucket. -* `Aws\BedrockDataAutomationRuntime` - Adding new fields to GetDataAutomationStatus: jobSubmissionTime, jobCompletionTime, and jobDurationInSeconds -* `Aws\Bedrock` - Add support to automatically enforce safeguards across accounts within an AWS Organization. -* `Aws\EKS` - Adds support for controlPlaneScalingConfig on EKS Clusters. -* `Aws\MarketplaceMetering` - Endpoint update for new region -* `Aws\EC2` - This release adds a new capability to create and manage interruptible EC2 Capacity Reservations. -* `Aws\Lambda` - Launching Enhanced Error Handling and ESM Grouping capabilities for Kafka ESMs -* `Aws\RedshiftServerless` - Added UpdateLakehouseConfiguration API to manage Amazon Redshift Federated Permissions and AWS IAM Identity Center trusted identity propagation for namespaces. -* `Aws\LexModelsV2` - Adds support for Intent Disambiguation, allowing resolution of ambiguous user inputs when multiple intents match by presenting clarifying questions to users. Also adds Speech Detection Sensitivity configuration for optimizing voice activity detection sensitivity levels in various noise environments. -* `Aws\QuickSight` - Amazon Quick Suite now supports QuickChat as an embedding type when calling the GenerateEmbedUrlForRegisteredUser API, enabling developers to embed conversational AI agents directly into their applications. -* `Aws\SageMaker` - Enhanced SageMaker HyperPod instance groups with support for MinInstanceCount, CapacityRequirements (Spot/On-Demand), and KubernetesConfig (labels and taints). Also Added speculative decoding and MaxInstanceCount for model optimization jobs. -* `Aws\MarketplaceEntitlementService` - Endpoint update for new region -* `Aws\Transfer` - Adds support for creating Webapps accessible from a VPC. -* `Aws\Invoicing` - Added the CreateProcurementPortalPreference, GetProcurementPortalPreference, PutProcurementPortalPreference, UpdateProcurementPortalPreferenceStatus, ListProcurementPortalPreferences and DeleteProcurementPortalPreference APIs for procurement portal preference management. -* `Aws\Redshift` - Added support for Amazon Redshift Federated Permissions and AWS IAM Identity Center trusted identity propagation. - -## 3.362.1 - 2025-11-20 - -* `Aws\Organizations` - Added new APIs for Billing Transfer, new policy type INSPECTOR_POLICY, and allow an account to transfer between organizations -* `Aws\DeviceFarm` - Add support for environment variables and an IAM execution role. -* `Aws\DatabaseMigrationService` - Added support for customer-managed KMS key (CMK) for encryption for import private key certificate. Additionally added Amazon SageMaker Lakehouse endpoint used for zero-ETL integrations with data warehouses. -* `Aws\ApplicationSignals` - Amazon CloudWatch Application Signals now supports un-instrumented services discovery, cross-account views, and change history, helping SRE and DevOps teams monitor and troubleshoot their large-scale distributed applications. -* `Aws\SecurityHub` - Release Findings and Resources Trends APIs- GetFindingsTrendsV2 and GetResourcesTrendsV2. This supports time-series aggregated counts with composite filtering for 1-year of historical data analysis of Findings and Resources. -* `Aws\Glue` - Added FunctionType parameter to Glue GetuserDefinedFunctions. -* `Aws\LicenseManager` - Added cross-account resource aggregation via license asset groups and expiry tracking for Self-Managed Licenses. Extended Org-Wide View to Self-Managed Licenses, added reporting for license asset groups, and removed Athena/Glue dependencies for cross-account resource discovery in commercial regions. -* `Aws\BedrockDataAutomationRuntime` - Bedrock Data Automation Runtime Sync API -* `Aws\CloudFront` - This release adds support for bring your own IP (BYOIP) to CloudFront's CreateAnycastIpList API through an optional IpamCidrConfigs field. -* `Aws\RDS` - Add support for VPC Encryption Controls. -* `Aws\BedrockAgentCore` - Bedrock AgentCore Memory release for redriving memory extraction jobs (StartMemoryExtractionJob and ListMemoryExtractionJob) -* `Aws\imagebuilder` - EC2 Image Builder now enables the distribution of existing AMIs, retry distribution, and define distribution workflows. It also supports automatic versioning for recipes and components, allowing automatic version increments and dynamic referencing in pipelines. -* `Aws\AutoScaling` - This release adds support for three new features: 1) Image ID overrides in mixed instances policy, 2) Replace Root Volume - a new strategy for Instance Refresh, and 3) Instance Lifecycle Policy for enhanced instance lifecycle management. -* `Aws\RecycleBin` - Add support for EBS volume in Recycle Bin -* `Aws\QuickSight` - Introducing comprehensive theme styling controls. New features include border customization (radius, width, color), flexible padding controls, background styling for cards and sheets, centralized typography management, and visual-level override support across layouts. -* `Aws\ECS` - Launching Amazon ECS Express Mode - a new feature that enables developers to quickly launch highly available, scalable containerized applications with a single command. -* `Aws\Connect` - Add optional ability to exclude users from send notification actions for Contact Lens Rules. -* `Aws\DataSync` - The partition value "aws-eusc" is now permitted for ARN (Amazon Resource Name) fields. -* `Aws\EMR` - Add support for configuring S3 destination for step logs on a per-step basis. -* `Aws\CloudTrail` - AWS launches CloudTrail aggregated events to simplify monitoring of data events at scale. This feature delivers both granular and summarized data events for resources like S3/Lambda, helping security teams identify patterns without custom aggregation logic. -* `Aws\EC2` - This release adds support for multiple features including: VPC Encryption Control for the status of traffic flow; S2S VPN BGP Logging; TGW Flexible Costs; IPAM allocation of static IPs from IPAM pools to CF Anycast IP lists used on CloudFront distribution; and EBS Volume Integration with Recycle Bin -* `Aws\SageMaker` - Added training plan support for inference endpoints. Added HyperPod task governance with accelerator partition-based quota allocation. Added BatchRebootClusterNodes and BatchReplaceClusterNodes APIs. Updated ListClusterNodes to include privateDnsHostName. -* `Aws\Kinesis` - Kinesis Data Streams now supports up to 50 Enhance Fan-out consumers for On-demand Advantage Streams. On-demand Standard and Provisioned streams will continue with the existing limit of 20 consumers for Enhanced Fan-out. -* `Aws\Braket` - Add support for Braket spending limits. -* `Aws\LakeFormation` - Added ServiceIntegrations as a request parameter for CreateLakeFormationIdentityCenterConfigurationRequest and UpdateLakeFormationIdentityCenterConfigurationRequest and response parameter for DescribeLakeFormationIdentityCenterConfigurationResponse -* `Aws\ElasticLoadBalancingv2` - This release adds the target optimizer feature in ALB, enabling strict concurrency enforcement on targets. -* `Aws\RedshiftDataAPIService` - Increasing the length limit of Statement Name from 500 to 2048. -* `Aws\NetworkManager` - This release adds support for Cloud WAN Routing Policy providing customers sophisticated routing controls to better manage their global networks -* `Aws\S3` - Enable / Disable ABAC on a general purpose bucket. -* `Aws\Budgets` - Add BillingViewHealthStatusException to DescribeBudgetPerformanceHistory and ServiceQuotaExceededException to UpdateBudget for improved error handling with Billing Views. -* `Aws\BedrockDataAutomation` - Added support for Synchronous project type and PII Detection and Redaction -* `Aws\DSQL` - Added clusterVpcEndpoint field to GetVpcEndpointServiceName API response, returning the VPC connection endpoint for the cluster - +## 3.385.0 - 2026-06-16 + +* `Aws\S3` - Added support for copying tags and annotations to the destination object in `MultipartCopy`. Set `tags_directive` and `annotations_directive` to override individually. Tag and annotation work runs only when explicitly opted in to preserve backwards compatibility. + +## 3.384.11 - 2026-06-16 + +* `Aws\S3` - Added support for annotations. You can now attach up to 1000 annotations (up to 1 MB each) directly to objects and create, retrieve, list, and delete them using new annotation APIs. Also added support for configuring an annotation table in S3 Metadata. +* `Aws\DirectConnect` - Added VIF rate limiting support for AWS Direct Connect, allowing customers to set bandwidth allocations on virtual interfaces to manage traffic on dedicated connections. +* `Aws\Route53Resolver` - Adds supports for PartnerManagedRules +* `Aws\PartnerCentralSelling` - Added Prospecting APIs to convert engagements into AI-enriched leads with scoring insights. Extended Engagement APIs with ProspectingResult and Lead contexts. Added CoSell Scoring to GetAwsOpportunitySummary- quality score, trend, agent-driven recommendations, and engagement classification. +* `Aws\S3Vectors` - Amazon S3 Vectors now supports paginated QueryVectors requests, returning up to 10,000 results per query. +* `Aws\Outposts` - Adds support for creating an order from quotes. +* `Aws\SageMaker` - Add EnableDetailedObservability to Endpoint MetricsConfig. Publishes GPU, host, and framework-native inference metrics to CloudWatch with per-inference-component, availability-zone, and instance dimensions. Adds Inference Component provisioning lifecycle and multi-AZ placement metrics. + +## 3.384.10 - 2026-06-15 + +* `Aws\mgn` - AWS Transform for VMware now supports Amazon FSx for NetApp ONTAP as a target storage. Customers can migrate source server disks directly to FSx for NetApp ONTAP iSCSI LUNs. Target storage is configurable per source server, and compute, network, and storage migrate together in coordinated waves. +* `Aws\DataZone` - Adds support for deleting lineage events in Amazon DataZone. +* `Aws\RDS` - Adding support for RDS SQL Server BYOM and DB2 Community Edition +* `Aws\WAFV2` - AWS WAF now supports AI traffic monetization for CloudFront. Configure payment networks and pricing on your web ACL, use the new Monetize rule action to charge AI agents via x402, and monitor revenue with new GetRevenueStatisticsSummary, GetRevenueStatistics, and ListSettlementRecords APIs. +* `Aws\WorkSpaces` - Added a validation for null check for ImageIds in DescribeWorkspaceImages API request parameters. +* `Aws\CloudWatchLogs` - Added endTimeOffset parameter to Scheduled Queries APIs (Create, Update, Get) enabling bounded time window configuration. Introduced scheduleType filter (CUSTOMER MANAGED, AWS MANAGED) for ListScheduledQueries and exposed it in Get and Update responses. +* `Aws\BedrockRuntime` - InvokeGuardrailChecks API evaluates prompts and responses against safety checks (content filters, prompt attacks, sensitive info) without creating guardrail resources. It's a detect-only API, returning numeric scores so you can build adaptive logic as per your application. + +## 3.384.9 - 2026-06-12 + +* `Aws\BedrockAgentCoreControl` - Added tagging and CMK support for optimizations and an insights feature to identify failure patterns, extract user intents, and summarize execution behavior +* `Aws\DevOpsAgent` - Adds support for Trigger CRUD APIs (CreateTrigger, GetTrigger, UpdateTrigger, DeleteTrigger, ListTriggers) for managing schedule-based automation triggers in DevOps Agent agent spaces. +* `Aws\BedrockAgentCore` - Added tagging and CMK support across optimization, an explanation field in recommendation output, and an insights feature to identify failure patterns, extract user intents, and summarize execution behavior +* `Aws\IAM` - Updating documentation for select service-specific credential APIs +* `Aws\Firehose` - Update KeyARN in DeliveryStreamEncryptionConfigurationInput to accept KMS key ARNs only (not alias ARNs), matching service behavior. +* `Aws\Glue` - Adds support for retrieving Apache Iceberg table metadata via GetTable. Use the new AttributesToGet parameter with LATEST ICEBERG METADATA to receive schema, partition specs, sort orders, and table properties in the response. +* `Aws\SageMakerRuntime` - Added support for inline request payloads to the InvokeEndpointAsync operation to allow users to provide the inference payload directly in the request Body (up to 128,000 bytes) as an alternative to uploading the payload to Amazon S3 and passing InputLocation. +* `Aws\EKS` - Patches missing enum values for EKS updates +* `Aws\ACM` - Certificate transparency logging opt-out is no longer available. Per compliance requirements, all public ACM certificates are automatically recorded in certificate transparency logs. The CertificateTransparencyLoggingPreference option is deprecated. + +## 3.384.8 - 2026-06-11 + +* `Aws\Support` - Adding new BDD representation of endpoint ruleset +* `Aws\BedrockAgentCoreControl` - Supports deterministic metadata for AgentCore Memory +* `Aws\HealthLake` - Adds the UpdateFHIRDatastore API and adds analytics, NLP, and profile configuration support to CreateFHIRDatastore and DescribeFHIRDatastore. +* `Aws\BedrockAgentCore` - Adds support to perform cross account data plane actions on an AgentCore Memory resource +* `Aws\Neptune` - Amazon Neptune now supports IPv6 dual-stack networking. You can create and manage Neptune DB clusters accessible over both IPv4 and IPv6 by specifying NetworkType as DUAL in CreateDBCluster, ModifyDBCluster, RestoreDBClusterFromSnapshot, and RestoreDBClusterToPointInTime API operations +* `Aws\Omics` - Adds support for workflowName in the ListRuns API response. +* `Aws\EKS` - Introduce new CreateCluster parameters for Amazon EKS local clusters on AWS Outposts. Added etcdInstanceType for configuring the EC2 instance type for dedicated etcd instances, and spreadLevel for configuring the placement group spread level for Kubernetes control plane and etcd instances. + +## 3.384.7 - 2026-06-10 + +* `Aws\ConnectHealth` - Add support for MedicalScribeBinaryAudioEvent in the Medical Scribe streaming input. This new event type lets you send audio as a raw binary payload instead of a base64-encoded value +* `Aws\SageMaker` - Add support for G6e instances (ml.g6e.xlarge through ml.g6e.48xlarge) on Amazon SageMaker Notebook Instances. +* `Aws\Lightsail` - This release adds support for Asia Pacific (Hong Kong) (ap-east-1), Europe (Spain) (eu-south-2) and South America (Sao Paulo) (sa-east-1) Regions. +* `Aws\ECS` - Amazon ECS Managed Daemon task definitions now support pidMode and ipcMode parameters. Set shared to allow daemons to share PID or IPC namespaces with co-located tasks on Managed Instances, enabling process tracing and shared memory communication. +* `Aws\Signin` - AWS Sign-In now allows customers to control access to the AWS Management Console using resource-based policies. With this release customers can restrict console access based on network perimeters such as VPC IDs, VPC endpoints, and IP addresses. +* `Aws\EC2` - This release adds support for AMI Watermark which a structured identifier that helps in tracking AMI provenance +* `Aws\MediaLive` - Adding premixer settings to pid and track audio inputs in MediaLIve to allow greater control over mixing audio from multiple source streams including support for AudioPidSelectors made up of multiple audio PIDs. +* `Aws\PrometheusService` - Adds supports for out-of-order sample ingestion (default 1-minute window) and a configurable rule query offset to reduce data loss and improve alerting accuracy. + +## 3.384.6 - 2026-06-09 + +* `Aws\IoTSiteWise` - Adding new BDD representation of endpoint ruleset +* `Aws\Outposts` - Added AWS Outposts APIs for self-service Outposts quoting and ordering. New operations include CreateQuote, GetQuote, UpdateQuote, DeleteQuote, ListQuotes, and ListOrderableInstanceTypes. +* `Aws\BedrockAgentCore` - Add RetryableConflictException (HTTP 409) to InvokeAgentRuntimeCommand and GetAgentCard to prevent orphaned VMs during concurrent session access. The SDK automatically retries this exception with backoff. Enforcement is not yet active and will be enabled in a future service update. +* `Aws\EC2` - Added TagFieldSpecifications to CreateFlowLogs and DescribeFlowLogs APIs. Customers can now specify tag keys in their Flow Logs subscriptions to capture associated EC2 resource tag values in their logs, enabling tag-based visibility. +* `Aws\DynamoDBStreams` - Adding new BDD representation of endpoint ruleset +* `Aws\TimestreamQuery` - Adding new BDD representation of endpoint ruleset +* `Aws\Odb` - Releases Autonomous Database Serverless APIs, autonomousDatabaseOciIntegrationIamRoles, linkedOciTenancyId, linkedOciCompartmentId, and subscriptionErrors fields in GetOciOnboardingStatus API response. +* `Aws\Bedrock` - Adds support for the Amazon Bedrock account-level data retention APIs PutAccountDataRetention and GetAccountDataRetention. +* `Aws\MarketplaceCommerceAnalytics` - Adding new BDD representation of endpoint ruleset +* `Aws\CloudWatch` - This release adds the APIs (AssociateDatasetKmsKey, DisassociateDatasetKmsKey, GetDataset) to manage encryption at rest for OpenTelemetry metrics in CloudWatch using AWS KMS customer managed keys. +* `Aws\TimestreamWrite` - Adding new BDD representation of endpoint ruleset + +## 3.384.5 - 2026-06-08 + +* `Aws\TaxSettings` - Adds support for additional tax information fields for Philippines, Belgium, Chile, France, Poland, and Italy in the Tax Settings API. +* `Aws\Omics` - StartRunBatch API - Add EngineSettings +* `Aws\ComputeOptimizer` - Adds new Idle Recommendation Resource types in the AWS Compute Optimizer API +* `Aws\ObservabilityAdmin` - CloudWatch Observability Admin extends CentralizationRuleForOrganization APIs to support metrics, enabling centralization of metrics across accounts and Regions alongside logs. +* `Aws\MediaPackageV2` - Adds support for DASH Audio Timeline Patternization. This enables your DASH manifests to templatize the repeating patterns that emerge in audio segment timelines. This compacts the total timeline length, utilizing the repeat notation, such that manifests don't grow indefinitely long. +* `Aws\mgn` - AWS Transform discovery tool now supported as network migration input source. You can now use the AWS Transform Discovery tool as a source for network migration alongside modelizeIT, enabling hybrid network migrations for environments running both VMware and non-VMware workloads. +* `Aws\DevOpsAgent` - Add Asset APIs for managing versioned assets and asset files in AWS DevOps Agent agent spaces. +* `Aws\Deadline` - Added optional identityCenterRegion parameter to AssociateMember APIs to allow managing memberships for users and groups in other regions. +* `Aws\CostOptimizationHub` - Adds new Idle Recommendation types in the Cost Optimization Hub API + +## 3.384.4 - 2026-06-05 + +* `Aws\QuickSight` - Adds support for Knowledge Base APIs and Index Capacity API +* `Aws\PaymentCryptography` - Adds CloudFormation support for resource-based policies on AWS Payment Cryptography keys. +* `Aws\MediaConvert` - Adds support for configurable number of Clear Lead segments at the beginning of encrypted output. Adds support for multiple trickplay variants. +* `Aws\DynamoDB` - Adding new BDD representation of endpoint ruleset +* `Aws\EMRServerless` - Adds support for updating max capacity and custom fields while application is started +* `Aws\SageMaker` - This release adds support for MLflow experiment tracking in SageMaker inference optimization. CreateAIRecommendationJob and CreateAIBenchmarkJob now accept an optional OutputConfig.MlflowConfig (MLflow App ARN, experiment, run name) to stream benchmark metrics and artifacts to your own MLflow App. + +## 3.384.3 - 2026-06-04 + +* `Aws\MediaPackageVod` - Adding new BDD representation of endpoint ruleset +* `Aws\SNS` - Adding new BDD representation of endpoint ruleset +* `Aws\CostExplorer` - Adding new BDD representation of endpoint ruleset +* `Aws\SageMakerRuntimeHTTP2` - Adding new BDD representation of endpoint ruleset +* `Aws\GuardDuty` - Remove unsupported RDS field for filter +* `Aws\Wickr` - AWS Wickr now allows network administrators to configure a maximum session duration for non-SSO users in security groups, and display customizable consent popups to users at login for terms of use or compliance acknowledgements. +* `Aws\CloudFormation` - Adding new BDD representation of endpoint ruleset +* `Aws\TaxSettings` - Adding new BDD representation of endpoint ruleset +* `Aws\AmplifyBackend` - Adding new BDD representation of endpoint ruleset +* `Aws\AuditManager` - Adding new BDD representation of endpoint ruleset +* `Aws\AppIntegrationsService` - Adding new BDD representation of endpoint ruleset +* `Aws\Glue` - AWS Glue Interactive Sessions now supports Apache Spark Connect, enabling remote Spark execution over gRPC with minimal client-side dependencies. Adds GetSessionEndpoint and GetDashboardUrl APIs. Modifies CreateSession now accepts SPARK CONNECT session type. +* `Aws\Route53RecoveryReadiness` - Adding new BDD representation of endpoint ruleset +* `Aws\Uxc` - Adding new BDD representation of endpoint ruleset +* `Aws\OpenSearchServerless` - Adding new BDD representation of endpoint ruleset +* `Aws\MediaPackage` - Adding new BDD representation of endpoint ruleset +* `Aws\MWAAServerless` - Adding new BDD representation of endpoint ruleset +* `Aws\WorkDocs` - Adding new BDD representation of endpoint ruleset +* `Aws\kendra` - Adding new BDD representation of endpoint ruleset +* `Aws\ConfigService` - AWS Config now supports internal service-linked rules, allowing AWS service partners to deploy Config rules for customers and use the evaluation results to build enhanced features. +* `Aws\Sustainability` - Adding new BDD representation of endpoint ruleset +* `Aws\Appflow` - Adding new BDD representation of endpoint ruleset +* `Aws\GeoMaps` - Adding new BDD representation of endpoint ruleset +* `Aws\IVS` - adds UpdateAdConfiguration operation to AWS IVS low-latency APIs +* `Aws\SageMaker` - Adds the IncludedData parameter to DescribeModelCard and DescribeModelPackage. Set it to MetadataOnly to retrieve a model card without decrypt permission on the customer managed AWS KMS key (default AllData returns full content). Adds support for the MTRL Job resource in SageMaker Search. +* `Aws\MediaConnect` - BDD bulk update change rollout +* `Aws\SignerData` - Adding new BDD representation of endpoint ruleset +* `Aws\EFS` - Adding new BDD representation of endpoint ruleset +* `Aws\ChimeSDKVoice` - Adding new BDD representation of endpoint ruleset +* `Aws\S3Files` - Adding new BDD representation of endpoint ruleset +* `Aws\EMR` - Added support for Spark Connect interactive sessions on Amazon EMR on EC2 with new APIs - StartSession, GetSession, GetSessionEndpoint, ListSessions, and TerminateSession. Added sessionEnabled field in RunJobFlow and DescribeCluster to enable Spark Connect endpoints on EMR clusters. +* `Aws\ConnectParticipant` - Adding new BDD representation of endpoint ruleset +* `Aws\WorkSpaces` - Adding new BDD representation of endpoint ruleset +* `Aws\MQ` - BDD bulk update change rollout +* `Aws\EC2InstanceConnect` - Adding new BDD representation of endpoint ruleset +* `Aws\Interconnect` - Adding new BDD representation of endpoint ruleset + +## 3.384.2 - 2026-06-03 + +* `Aws\CloudTrailData` - Adding new BDD representation of endpoint ruleset +* `Aws\ApplicationAutoScaling` - Adding new BDD representation of endpoint ruleset +* `Aws\SES` - Adding new BDD representation of endpoint ruleset +* `Aws\Kinesis` - Adding new BDD representation of endpoint ruleset +* `Aws\Firehose` - Adding new BDD representation of endpoint ruleset +* `Aws\ResourceGroups` - Adding new BDD representation of endpoint ruleset +* `Aws\CloudWatchLogs` - Adding new BDD representation of endpoint ruleset +* `Aws\DAX` - Adding new BDD representation of endpoint ruleset +* `Aws\ApiGatewayManagementApi` - Adding new BDD representation of endpoint ruleset +* `Aws\Route53Profiles` - Adding new BDD representation of endpoint ruleset +* `Aws\SocialMessaging` - Adding support for WhatsApp flow APIs and adding AccessDeniedByMetaException for Template APIs +* `Aws\IoTSecureTunneling` - Adding new BDD representation of endpoint ruleset +* `Aws\ARCRegionSwitch` - ARC Region Switch now supports three new execution blocks for multi-Region database workloads-Amazon Aurora Serverless scaling, Amazon Aurora Provisioned scaling, and Amazon Neptune Global Database failover. +* `Aws\DirectConnect` - Adding new BDD representation of endpoint ruleset +* `Aws\IoTEvents` - Adding new BDD representation of endpoint ruleset +* `Aws\WAFRegional` - Adding new BDD representation of endpoint ruleset +* `Aws\CloudFront` - Adding new BDD representation of endpoint ruleset +* `Aws\PinpointSMSVoice` - Adding new BDD representation of endpoint ruleset +* `Aws\ComputeOptimizer` - This release lets customers extend the lookback period for Amazon EBS volume and Amazon ECS rightsizing recommendations to 32 days. +* `Aws\LakeFormation` - Adding new BDD representation of endpoint ruleset +* `Aws\S3Outposts` - Adding new BDD representation of endpoint ruleset +* `Aws\ConnectWisdomService` - Adding new BDD representation of endpoint ruleset +* `Aws\VPCLattice` - Adding new BDD representation of endpoint ruleset +* `Aws\Macie2` - Adding new BDD representation of endpoint ruleset +* `Aws\Inspector2` - Inspector support for enhanced scanning +* `Aws\Connect` - SearchContacts Connect API now supports filtering contacts by the AI Agents involved in handling them +* `Aws\AppFabric` - Adding new BDD representation of endpoint ruleset +* `Aws\CostExplorer` - Added support for target-coverage-based Savings Plans purchase analysis. The StartCommitmentPurchaseAnalysis API now accepts a new TARGET AVERAGE COVERAGE value for AnalysisType, as well as an optional SavingsPlansTargetCoverage field in SavingsPlansPurchaseAnalysisConfiguration +* `Aws\ConnectCampaignService` - Adding new BDD representation of endpoint ruleset +* `Aws\SnowDeviceManagement` - Adding new BDD representation of endpoint ruleset +* `Aws\AppConfigData` - Adding new BDD representation of endpoint ruleset +* `Aws\SecurityLake` - Adding new BDD representation of endpoint ruleset +* `Aws\RDS` - Adding new BDD representation of endpoint ruleset + +## 3.384.1 - 2026-06-03 + +* `Aws\GeoRoutes` - Add "standardRegionalEndpoints" back to fix 'Could not connect to the endpoint URL' + +## 3.384.0 - 2026-06-02 + +* `Aws\S3` - Prevents resources provided to `ObjectUploader` from being closed by Guzzle. +* `Aws\MediaConvert` - Adding new BDD representation of endpoint ruleset +* `Aws\EC2` - Amazon EC2 now supports self-service cancellation of future-dated Capacity Reservations. A cancellation charge applies based on remaining commitment. Customers can generate a cancellation quote to review charges before confirming. +* `Aws\Shield` - Adding new BDD representation of endpoint ruleset +* `Aws\SecretsManager` - Adding new BDD representation of endpoint ruleset +* `Aws\Neptune` - Adding new BDD representation of endpoint ruleset +* `Aws\Pinpoint` - Adding new BDD representation of endpoint ruleset +* `Aws\SageMaker` - Amazon SageMaker Job is a new service to help you manage various workloads related to model fine tuning, evaluation etc. Two job categories are supported today, AgentRFT for multi-turn agentic reinforcement fine tuning, and AgentRFTEvaluation for evaluating base model or trained model from AgentRFT. +* `Aws\Polly` - Adding new BDD representation of endpoint ruleset +* `Aws\SagemakerJobRuntime` - Amazon SageMaker Job Runtime is a new service for managing trajectory data during multi-turn customization jobs. It provides APIs to send inference requests to models during job execution, mark rollouts as complete, and submit reward values for training trajectories. +* `Aws\SFN` - Adding new BDD representation of endpoint ruleset +* `Aws\ElastiCache` - Amazon ElastiCache for Valkey now supports durability. This new capability is enabled through a Multi-AZ transactional log, enabling fast recovery and restart during failures. +* `Aws\TranscribeService` - Release new Language locales including am-ET, es-MX, fa-AF, ht-HT, jv-ID, km-KH, my-MM, sq-AL, ne-NP. The commit shows past locales that have already been release which include cy-gb, ga-ie, gd-gb. +* `Aws\GeoRoutes` - Added Transit and Intermodal travel modes to CalculateRoutes. Plan routes using public transit (bus, subway, train, ferry) or combine transit with driving, taxi, and rental car segments in a single multi-modal route. +* `Aws\MigrationHub` - Adding new BDD representation of endpoint ruleset +* `Aws\MarketplaceMetering` - Adding new BDD representation of endpoint ruleset +* `Aws\STS` - Adding new BDD representation of endpoint ruleset +* `Aws\Transfer` - Adding new BDD representation of endpoint ruleset +* `Aws\ManagedBlockchain` - Adding new BDD representation of endpoint ruleset +* `Aws\MediaStore` - Adding new BDD representation of endpoint ruleset +* `Aws\PI` - Adding new BDD representation of endpoint ruleset +* `Aws\Route53Domains` - Adding new BDD representation of endpoint ruleset +* `Aws\KeyspacesStreams` - Added iterator description to the GetRecords API response for Amazon Keyspaces Change Data Capture (CDC) streams, enabling consumers to track their current position within the stream. +* `Aws\Route53` - Adding new BDD representation of endpoint ruleset +* `Aws\SSO` - Adding new BDD representation of endpoint ruleset +* `Aws\IoT` - Fleet indexing documentation update +* `Aws\RAM` - Adding new BDD representation of endpoint ruleset +* `Aws\MTurk` - Adding new BDD representation of endpoint ruleset +* `Aws\Lambda` - Adds configuration for tag propagation to Lambda-managed resources. +* `Aws\CloudWatch` - Adding new BDD representation of endpoint ruleset +* `Aws\PinpointEmail` - Adding new BDD representation of endpoint ruleset +* `Aws\Redshift` - Adding new BDD representation of endpoint ruleset +* `Aws\GuardDuty` - Amazon GuardDuty Runtime Monitoring now supports 3 new SensitiveFileModified finding types (Persistence, PrivilegeEscalation, DefenseEvasion) that detect when security-sensitive system files are modified on EC2 instances or containers, indicating potential compromise through file tampering. +* `Aws\SSM` - Adding new BDD representation of endpoint ruleset +* `Aws\XRay` - Adding new BDD representation of endpoint ruleset +* `Aws\S3` - Adding new BDD representation of endpoint ruleset +* `Aws\SWF` - Adding new BDD representation of endpoint ruleset +* `Aws\StorageGateway` - Adding new BDD representation of endpoint ruleset +* `Aws\MediaLive` - Adding new BDD representation of endpoint ruleset +* `Aws\LexRuntimeService` - Adding new BDD representation of endpoint ruleset +* `Aws\Snowball` - Adding new BDD representation of endpoint ruleset +* `Aws\ResourceGroupsTaggingAPI` - Adding new BDD representation of endpoint ruleset +* `Aws\Rekognition` - Adding new BDD representation of endpoint ruleset +* `Aws\ServiceCatalog` - Adding new BDD representation of endpoint ruleset +* `Aws\SQS` - Adding new BDD representation of endpoint ruleset +* `Aws\PersonalizeRuntime` - Adding new BDD representation of endpoint ruleset +* `Aws\WAF` - Adding new BDD representation of endpoint ruleset + +## 3.383.2 - 2026-06-01 + +* `Aws\IoTEventsData` - Adding new BDD representation of endpoint ruleset +* `Aws\KinesisAnalytics` - Adding new BDD representation of endpoint ruleset +* `Aws\IoT` - Adding new BDD representation of endpoint ruleset +* `Aws\Lambda` - Adding new BDD representation of endpoint ruleset +* `Aws\Greengrass` - Adding new BDD representation of endpoint ruleset +* `Aws\Amplify` - Adding new BDD representation of endpoint ruleset +* `Aws\GameLift` - Adding new BDD representation of endpoint ruleset +* `Aws\KinesisVideo` - Adding new BDD representation of endpoint ruleset +* `Aws\ConfigService` - Adding new BDD representation of endpoint ruleset +* `Aws\DatabaseMigrationService` - Adding new BDD representation of endpoint ruleset +* `Aws\MarketplaceCatalog` - Adding new BDD representation of endpoint ruleset +* `Aws\IAM` - Adding new BDD representation of endpoint ruleset +* `Aws\ElasticsearchService` - Adding new BDD representation of endpoint ruleset +* `Aws\MediaStoreData` - Adding new BDD representation of endpoint ruleset +* `Aws\AppSync` - Adding new BDD representation of endpoint ruleset +* `Aws\EMR` - Adding new BDD representation of endpoint ruleset +* `Aws\Lightsail` - Adding new BDD representation of endpoint ruleset +* `Aws\CognitoSync` - Adding new BDD representation of endpoint ruleset +* `Aws\KinesisVideoMedia` - Adding new BDD representation of endpoint ruleset +* `Aws\CloudWatchEvents` - Adding new BDD representation of endpoint ruleset +* `Aws\DataPipeline` - Adding new BDD representation of endpoint ruleset +* `Aws\LicenseManager` - Adding new BDD representation of endpoint ruleset +* `Aws\CognitoIdentityProvider` - Add support for multi-region replication, enabling synchronization of user data and configurations to a secondary user pool in a standby Region. Add support for customer managed keys (CMK) in AWS KMS for encrypting user pool data at rest. +* `Aws\Inspector` - Adding new BDD representation of endpoint ruleset +* `Aws\MachineLearning` - Adding new BDD representation of endpoint ruleset +* `Aws\DeviceFarm` - Adding new BDD representation of endpoint ruleset +* `Aws\ElasticLoadBalancingv2` - Adding new BDD representation of endpoint ruleset +* `Aws\ElastiCache` - Adding new BDD representation of endpoint ruleset +* `Aws\Glacier` - Adding new BDD representation of endpoint ruleset +* `Aws\KMS` - Adding new BDD representation of endpoint ruleset +* `Aws\AppMesh` - Adding new BDD representation of endpoint ruleset +* `Aws\QuickSight` - This release adds public APIs for Amazon QuickSight Spaces, Agents, and Flows. Spaces APIs enable management of curated resource collections. Agents APIs provide lifecycle control over AI-powered agents that leverage Spaces. Flows APIs add CRUDL APIs for automated workflows. +* `Aws\CostandUsageReportService` - Adding new BDD representation of endpoint ruleset +* `Aws\CodePipeline` - Adding new BDD representation of endpoint ruleset +* `Aws\CognitoIdentity` - Adding new BDD representation of endpoint ruleset +* `Aws\ElasticLoadBalancing` - Adding new BDD representation of endpoint ruleset +* `Aws\MarketplaceAgreement` - Adding Entitlements in SearchAgreements Response +* `Aws\LexModelBuildingService` - Adding new BDD representation of endpoint ruleset +* `Aws\ECS` - Adding new BDD representation of endpoint ruleset +* `Aws\ElasticBeanstalk` - Adding new BDD representation of endpoint ruleset +* `Aws\DirectoryService` - Adding new BDD representation of endpoint ruleset +* `Aws\ECR` - Adding new BDD representation of endpoint ruleset +* `Aws\Personalize` - Adding new BDD representation of endpoint ruleset +* `Aws\Health` - Adding new BDD representation of endpoint ruleset +* `Aws\ApplicationDiscoveryService` - Adding new BDD representation of endpoint ruleset +* `Aws\DocDB` - Adding new BDD representation of endpoint ruleset + +## 3.383.1 - 2026-05-29 + +* `Aws\` - Fixed per-request cyclic references in retry and validation middleware that caused unbounded memory growth in long-lived processes making repeated API calls. +* `Aws\GroundStation` - Adds support for Alpha-5 satellite number encoding in the Two-Line Element ephemeris format. +* `Aws\PaymentCryptographyData` - Adding new BDD representation of endpoint ruleset +* `Aws\Synthetics` - Adding new BDD representation of endpoint ruleset +* `Aws\CodeDeploy` - Adding new BDD representation of endpoint ruleset +* `Aws\QBusiness` - Adding new BDD representation of endpoint ruleset +* `Aws\ARCZonalShift` - Adding new BDD representation of endpoint ruleset +* `Aws\CloudHSM` - Adding new BDD representation of endpoint ruleset +* `Aws\WorkspacesInstances` - Adding new BDD representation of endpoint ruleset +* `Aws\CloudDirectory` - Adding new BDD representation of endpoint ruleset +* `Aws\Budgets` - Adding new BDD representation of endpoint ruleset +* `Aws\CloudHSMV2` - Adding new BDD representation of endpoint ruleset +* `Aws\BackupGateway` - Adding new BDD representation of endpoint ruleset +* `Aws\Omics` - Add engineSettings to StartRun and GetRun. Add profiles and profileParameterTemplates to GetWorkflow and GetWorkflowVersion. +* `Aws\PersonalizeEvents` - Adding new BDD representation of endpoint ruleset +* `Aws\MWAA` - Adding new BDD representation of endpoint ruleset +* `Aws\EntityResolution` - Adding new BDD representation of endpoint ruleset +* `Aws\Route53RecoveryCluster` - Adding new BDD representation of endpoint ruleset +* `Aws\CodeBuild` - Adding new BDD representation of endpoint ruleset +* `Aws\CloudTrail` - Adding new BDD representation of endpoint ruleset +* `Aws\AutoScaling` - Adding new BDD representation of endpoint ruleset +* `Aws\Athena` - Adding new BDD representation of endpoint ruleset +* `Aws\WAFV2` - Adding new BDD representation of endpoint ruleset +* `Aws\CodeCommit` - Adding new BDD representation of endpoint ruleset +* `Aws\SSMGuiConnect` - Adding new BDD representation of endpoint ruleset +* `Aws\LexRuntimeV2` - Adding new BDD representation of endpoint ruleset +* `Aws\RDSDataService` - RDS Data API arrays (longValues, doubleValues, stringValues, booleanValues) in ExecuteStatement responses now correctly support null elements. Runtime change for JS v3 and .NET. Compile-time change for C plus plus, .NET, Kotlin, Rust. No impact for Java, Python, Ruby, PHP, Go. +* `Aws\Proton` - Adding new BDD representation of endpoint ruleset +* `Aws\Chime` - Adding new BDD representation of endpoint ruleset +* `Aws\SESv2` - This release introduces support for Tenant Suppression Lists +* `Aws\InspectorScan` - Adding new BDD representation of endpoint ruleset +* `Aws\PCS` - Adding new BDD representation of endpoint ruleset +* `Aws\Route53Resolver` - Added BatchCreateFirewallRule, BatchUpdateFirewallRule, BatchDeleteFirewallRule, and ListFirewallRuleTypes APIs. Added FirewallRuleType support to Firewall Rule APIs. +* `Aws\MailManager` - Adding new BDD representation of endpoint ruleset +* `Aws\NetworkFlowMonitor` - Adding new BDD representation of endpoint ruleset +* `Aws\CloudSearchDomain` - Adding new BDD representation of endpoint ruleset +* `Aws\drs` - Adding new BDD representation of endpoint ruleset +* `Aws\ManagedGrafana` - Adding new BDD representation of endpoint ruleset +* `Aws\CodeCatalyst` - Adding new BDD representation of endpoint ruleset +* `Aws\BedrockAgentCoreControl` - Reference your own AWS Secrets Manager secrets when configuring credential providers, giving you control over encryption, rotation, and access policies instead of using service-managed secrets. +* `Aws\QuickSight` - Adds support for creating, updating, describing, listing, and deleting an OAuthClientApplication resource, a new quicksight resource that allows customers to store OAuth configurations to connect to their databases via 3 Legged OAuth. +* `Aws\ApplicationInsights` - Adding new BDD representation of endpoint ruleset +* `Aws\LexModelsV2` - Adding new BDD representation of endpoint ruleset +* `Aws\Bedrock` - Automated Reasoning checks - Added two build workflows for policies. Iterative Refine Policy uses AI to update policy definitions based on test results and feedback. Resolve Policy Ambiguities consolidates ambiguous variables in Automated Reasoning policies, a common source of ambiguous validation. +* `Aws\DirectoryServiceData` - Adding new BDD representation of endpoint ruleset +* `Aws\Account` - Adding new BDD representation of endpoint ruleset +* `Aws\CloudSearch` - Adding new BDD representation of endpoint ruleset +* `Aws\ConnectCampaignsV2` - Adding new BDD representation of endpoint ruleset +* `Aws\ConnectContactLens` - Adding new BDD representation of endpoint ruleset +* `Aws\AutoScalingPlans` - Adding new BDD representation of endpoint ruleset +* `Aws\CodeGuruSecurity` - Adding new BDD representation of endpoint ruleset + +## 3.383.0 - 2026-05-28 + +* `Aws\S3` - Updates `MultipartCopy` to fully align with `CopyObject` metadata directive behavior. When `$config['metadata_directive']` is set to `COPY` (default), source object metadata takes precedence over any matching values provided in `$config['params']`. +* `Aws\ControlCatalog` - AWS Control Catalog - Added GovernedProviders response field and inclusion filter to GetControl and ListControls APIs to identify and filter by cloud provider. Added ParameterRequirementSummary response field indicating parameter requirements. +* `Aws\AugmentedAIRuntime` - Adding new BDD representation of endpoint ruleset +* `Aws\BedrockRuntime` - Support system role in message +* `Aws\PrometheusService` - Adding new BDD representation of endpoint ruleset +* `Aws\Deadline` - Added support for persistent storage on Service-Managed Fleets, allowing customers to configure persistent storage that preserves data across worker sessions which reduces job startup times for workloads with large software installations or asset caches. +* `Aws\SageMakerRuntime` - Adding new BDD representation of endpoint ruleset +* `Aws\SocialMessaging` - Adding new BDD representation of endpoint ruleset +* `Aws\S3Control` - Update the minimum value of MinStorageBytesPercentage in StorageLensPrefixLevel.SelectionCriteria from 0.1 to 1, aligning the model with the documented contract. +* `Aws\IoTTwinMaker` - Adding new BDD representation of endpoint ruleset +* `Aws\VerifiedPermissions` - Adding new BDD representation of endpoint ruleset +* `Aws\CustomerProfiles` - BatchPutProfileObject API adds multiple profile objects to a domain of a given ObjectType in a single API call. +* `Aws\BedrockAgentCoreControl` - Added Harness support for LiteLLM model configuration for third-party model providers. Added S3 and Git skill source types. Added Responses API format for OpenAI and Bedrock models. Added runtimeUserId parameter to InvokeHarness for end-user identification. +* `Aws\CostOptimizationHub` - Adding new BDD representation of endpoint ruleset +* `Aws\CodeGuruReviewer` - Adding new BDD representation of endpoint ruleset +* `Aws\BackupSearch` - Adding new BDD representation of endpoint ruleset +* `Aws\TimestreamInfluxDB` - Adding new BDD representation of endpoint ruleset +* `Aws\IoT` - Adds new connectivity-related fields to Fleet Indexing API requests and responses. +* `Aws\NeptuneGraph` - Adding new BDD representation of endpoint ruleset +* `Aws\Wickr` - Adding new BDD representation of endpoint ruleset +* `Aws\TrustedAdvisor` - Adding new BDD representation of endpoint ruleset +* `Aws\Detective` - Adding new BDD representation of endpoint ruleset +* `Aws\CloudFrontKeyValueStore` - Adding new BDD representation of endpoint ruleset +* `Aws\GroundStation` - Adding new BDD representation of endpoint ruleset +* `Aws\AccessAnalyzer` - Adding new BDD representation of endpoint ruleset +* `Aws\KinesisVideoSignalingChannels` - Adding new BDD representation of endpoint ruleset +* `Aws\SupplyChain` - Adding new BDD representation of endpoint ruleset +* `Aws\MigrationHubStrategyRecommendations` - Adding new BDD representation of endpoint ruleset +* `Aws\AppStream` - Amazon WorkSpaces Applications now supports BYOL (Bring Your Own License). This enables customers to import their own WorkSpaces images and use them in WorkSpaces Applications. +* `Aws\Keyspaces` - Adding new BDD representation of endpoint ruleset +* `Aws\Route53RecoveryControlConfig` - Adding new BDD representation of endpoint ruleset +* `Aws\Braket` - Adding new BDD representation of endpoint ruleset +* `Aws\IoTDataPlane` - Adding GetConnection, ListSubscriptions, and SendDirectMessage APIs to IoT Data Plane +* `Aws\KinesisAnalyticsV2` - Adding new BDD representation of endpoint ruleset +* `Aws\SecurityAgent` - Adding new BDD representation of endpoint ruleset +* `Aws\SSMIncidents` - Adding new BDD representation of endpoint ruleset +* `Aws\ChimeSDKMessaging` - Adding new BDD representation of endpoint ruleset +* `Aws\Artifact` - Adding new BDD representation of endpoint ruleset +* `Aws\BillingConductor` - Adding new BDD representation of endpoint ruleset +* `Aws\NetworkMonitor` - Adding new BDD representation of endpoint ruleset +* `Aws\AmplifyUIBuilder` - Adding new BDD representation of endpoint ruleset +* `Aws\Signin` - Adding new BDD representation of endpoint ruleset +* `Aws\GeoRoutes` - Adding new BDD representation of endpoint ruleset +* `Aws\CodeStarconnections` - Adding new BDD representation of endpoint ruleset +* `Aws\PinpointSMSVoiceV2` - Adding new BDD representation of endpoint ruleset +* `Aws\ChimeSDKMeetings` - Adding new BDD representation of endpoint ruleset +* `Aws\MarketplaceReporting` - Adding new BDD representation of endpoint ruleset +* `Aws\Chatbot` - Adding new BDD representation of endpoint ruleset +* `Aws\BedrockAgentCore` - Added Harness support for LiteLLM model configuration for third-party model providers. Added S3 and Git skill source types. Added Responses API format for OpenAI and Bedrock models. Added runtimeUserId and runtimeClientError to InvokeHarness. +* `Aws\PCS` - This release adds support for configuring scaleDownIdleTimeInSeconds at the compute node group level, allowing customers to set different idle timeouts per node group. Previously this setting was only available at the cluster level. +* `Aws\LookoutEquipment` - Adding new BDD representation of endpoint ruleset +* `Aws\IVS` - Adding new BDD representation of endpoint ruleset +* `Aws\Resiliencehubv2` - This is the initial SDK release for the next generation of Resilience Hub. +* `Aws\RedshiftDataAPIService` - Adding new BDD representation of endpoint ruleset +* `Aws\Bedrock` - Add support for ModelPackageArn in Bedrock's CreateCustomModel API +* `Aws\ARCRegionSwitch` - Adding new BDD representation of endpoint ruleset +* `Aws\FinSpaceData` - Adding new BDD representation of endpoint ruleset +* `Aws\BedrockDataAutomationRuntime` - Adding new BDD representation of endpoint ruleset +* `Aws\OpenSearchServerless` - Adds support for deletion protection on collections, ability to create NEXTGEN collection groups and autoscaling visibility for NEXTGEN collection groups + +## 3.382.2 - 2026-05-27 + +* `Aws\Api` - Cast generated HTTP header values to strings and validate invalid header values. +* `Aws\SavingsPlans` - Adding new BDD representation of endpoint ruleset +* `Aws\ComputeOptimizerAutomation` - Adding new BDD representation of endpoint ruleset +* `Aws\MainframeModernization` - Adding new BDD representation of endpoint ruleset +* `Aws\LocationService` - Adding new BDD representation of endpoint ruleset +* `Aws\Omics` - Adding new BDD representation of endpoint ruleset +* `Aws\SimpleDBv2` - Adding new BDD representation of endpoint ruleset +* `Aws\WorkMailMessageFlow` - Adding new BDD representation of endpoint ruleset +* `Aws\SupportApp` - Adding new BDD representation of endpoint ruleset +* `Aws\EBS` - Adding new BDD representation of endpoint ruleset +* `Aws\IoTDeviceAdvisor` - Adding new BDD representation of endpoint ruleset +* `Aws\MarketplaceDeployment` - Adding new BDD representation of endpoint ruleset +* `Aws\SageMaker` - Adds shared environment support for Restricted Instance Groups (RIGs) on SageMaker HyperPod, enabling cross-RIG workload scheduling and FSx sharing. This unlocks shared CPU-GPU environments needed for cost-efficient RL training (e.g., Nova Forge). Adds p6 instance support for recommendation jobs +* `Aws\ECS` - Add support for Neuron device resource requirements for Amazon ECS +* `Aws\ECRPublic` - Adding new BDD representation of endpoint ruleset +* `Aws\SecurityIR` - Adding new BDD representation of endpoint ruleset +* `Aws\IoTThingsGraph` - Adding new BDD representation of endpoint ruleset +* `Aws\FIS` - Adding new BDD representation of endpoint ruleset +* `Aws\EKSAuth` - Adding new BDD representation of endpoint ruleset +* `Aws\ConnectCases` - Adding new BDD representation of endpoint ruleset +* `Aws\SageMakerFeatureStoreRuntime` - Adding new BDD representation of endpoint ruleset +* `Aws\DataExchange` - Adding new BDD representation of endpoint ruleset +* `Aws\Organizations` - AWS Organizations now emits CloudTrail events (AccountJoinedOrganization, AccountDepartedOrganization) to the management account for membership changes, including join and departure method and timestamp. +* `Aws\mgn` - Adding new BDD representation of endpoint ruleset +* `Aws\EventBridge` - Adding new BDD representation of endpoint ruleset +* `Aws\WellArchitected` - Adding new BDD representation of endpoint ruleset +* `Aws\BedrockDataAutomation` - Matcher Fallback extends the CustomOutputConfiguration for the Document modality in DataAutomationProjects, enabling a fallback blueprint when no match is found. A FALLBACK match status is returned, improving the matching experience and guaranteeing customers always receive CustomOutputResults. +* `Aws\PartnerCentralSelling` - Adding new BDD representation of endpoint ruleset +* `Aws\CloudWatchRUM` - Adding new BDD representation of endpoint ruleset +* `Aws\finspace` - Adding new BDD representation of endpoint ruleset +* `Aws\SSMContacts` - Adding new BDD representation of endpoint ruleset +* `Aws\NovaAct` - Adding new BDD representation of endpoint ruleset +* `Aws\RTBFabric` - Adding new BDD representation of endpoint ruleset +* `Aws\MediaLive` - AWS Elemental MediaLive now supports Smart Subtitles, a new caption source that uses AWS Elemental Inference to automatically generate WebVTT and TTML captions from source audio. Available in English, Spanish, French, German, Italian, and Portuguese. +* `Aws\ElementalInference` - Added support for smart subtitles in Elemental Inference, enabling automatic generation of subtitles for media content. Available in English, Spanish, French, German, Italian, and Portuguese. +* `Aws\ComputeOptimizer` - Adding new BDD representation of endpoint ruleset +* `Aws\DevOpsAgent` - Adding new BDD representation of endpoint ruleset +* `Aws\PcaConnectorAd` - Adding new BDD representation of endpoint ruleset +* `Aws\LaunchWizard` - Adding new BDD representation of endpoint ruleset +* `Aws\IoTFleetWise` - Adding new BDD representation of endpoint ruleset +* `Aws\BCMDashboards` - Adding new BDD representation of endpoint ruleset +* `Aws\ResourceExplorer2` - Adding new BDD representation of endpoint ruleset +* `Aws\DocDBElastic` - Adding new BDD representation of endpoint ruleset +* `Aws\MPA` - Adding new BDD representation of endpoint ruleset +* `Aws\PartnerCentralBenefits` - Adding new BDD representation of endpoint ruleset +* `Aws\MemoryDB` - Adding new BDD representation of endpoint ruleset +* `Aws\Inspector2` - Adding new BDD representation of endpoint ruleset +* `Aws\WorkSpacesWeb` - Adding new BDD representation of endpoint ruleset +* `Aws\OpenSearchService` - OpenSearch will now support multi-segment paths in JWKS URLs. +* `Aws\imagebuilder` - Adding new BDD representation of endpoint ruleset +* `Aws\SsmSap` - Adding new BDD representation of endpoint ruleset +* `Aws\VoiceID` - Adding new BDD representation of endpoint ruleset +* `Aws\PaymentCryptography` - Adding new BDD representation of endpoint ruleset + +## 3.382.1 - 2026-05-26 + +* `Aws\ResourceGroupsTaggingAPI` - The GetResources API now returns MissingTagKeys in ComplianceDetails, listing tag keys defined as required in the ReportRequiredTagBlock block of the effective tag policy that are absent from the resource. +* `Aws\Billing` - Adding new BDD representation of endpoint ruleset +* `Aws\Odb` - Adding new BDD representation of endpoint ruleset +* `Aws\RolesAnywhere` - Adding new BDD representation of endpoint ruleset +* `Aws\EMRServerless` - Adding new BDD representation of endpoint ruleset +* `Aws\ControlCatalog` - Adding new BDD representation of endpoint ruleset +* `Aws\MedicalImaging` - Adding new BDD representation of endpoint ruleset +* `Aws\ChimeSDKMediaPipelines` - Adding new BDD representation of endpoint ruleset +* `Aws\CleanRooms` - Adding new BDD representation of endpoint ruleset +* `Aws\Pipes` - Adding new BDD representation of endpoint ruleset +* `Aws\Batch` - Increase the maximum value of jobExecutionTimeoutMinutes to support longer job timeouts during compute environment infrastructure updates. +* `Aws\Route53GlobalResolver` - Adding new BDD representation of endpoint ruleset +* `Aws\GuardDuty` - Add malware scan support for Continuous Backups, also known as Point-In-Time Recovery Points (PITR). +* `Aws\AIOps` - Adding new BDD representation of endpoint ruleset +* `Aws\BedrockDataAutomation` - Adding new BDD representation of endpoint ruleset +* `Aws\DevOpsGuru` - Adding new BDD representation of endpoint ruleset +* `Aws\CodeConnections` - Adding new BDD representation of endpoint ruleset +* `Aws\MarketplaceAgreement` - Adding new BDD representation of endpoint ruleset +* `Aws\CleanRoomsML` - Adding new BDD representation of endpoint ruleset +* `Aws\Scheduler` - Adding new BDD representation of endpoint ruleset +* `Aws\ApplicationCostProfiler` - Adding new BDD representation of endpoint ruleset +* `Aws\GreengrassV2` - Adding new BDD representation of endpoint ruleset +* `Aws\IdentityStore` - Adding new BDD representation of endpoint ruleset +* `Aws\Budgets` - AWS Budget Name Validation Documentation Updates. +* `Aws\ResilienceHub` - Adding new BDD representation of endpoint ruleset +* `Aws\KinesisVideoWebRTCStorage` - Adding new BDD representation of endpoint ruleset +* `Aws\ConnectHealth` - Adding new BDD representation of endpoint ruleset +* `Aws\S3Tables` - Adding new BDD representation of endpoint ruleset +* `Aws\SSMQuickSetup` - Adding new BDD representation of endpoint ruleset +* `Aws\OSIS` - Adding new BDD representation of endpoint ruleset +* `Aws\Notifications` - Adding new BDD representation of endpoint ruleset +* `Aws\BedrockAgentCoreControl` - Adding new BDD representation of endpoint ruleset +* `Aws\ChimeSDKIdentity` - Adding new BDD representation of endpoint ruleset +* `Aws\RedshiftServerless` - Adding new BDD representation of endpoint ruleset +* `Aws\ivschat` - Adding new BDD representation of endpoint ruleset +* `Aws\SagemakerEdgeManager` - Adding new BDD representation of endpoint ruleset +* `Aws\ServiceQuotas` - Adding new BDD representation of endpoint ruleset +* `Aws\WorkSpacesThinClient` - Adding new BDD representation of endpoint ruleset +* `Aws\MediaPackageV2` - Adding new BDD representation of endpoint ruleset +* `Aws\DataZone` - Added resourceConfigurations and allowUserProvidedConfigurations fields to environment blueprint configuration APIs, enabling customers who migrated from V1 to V2 domains to update resource configurations (such as lineage schedules) programmatically via the SDK. +* `Aws\ObservabilityAdmin` - Adding new BDD representation of endpoint ruleset +* `Aws\PcaConnectorScep` - Adding new BDD representation of endpoint ruleset +* `Aws\PartnerCentralChannel` - Adding new BDD representation of endpoint ruleset +* `Aws\ManagedBlockchainQuery` - Adding new BDD representation of endpoint ruleset +* `Aws\BedrockAgentCore` - Adding new BDD representation of endpoint ruleset +* `Aws\SageMakerGeospatial` - Adding new BDD representation of endpoint ruleset +* `Aws\KeyspacesStreams` - Adding new BDD representation of endpoint ruleset +* `Aws\AppRunner` - Adding new BDD representation of endpoint ruleset +* `Aws\BCMDataExports` - Adding new BDD representation of endpoint ruleset +* `Aws\Backup` - Launching S3 PITR malware scanning support for AWS Backup +* `Aws\Evs` - Adding new BDD representation of endpoint ruleset +* `Aws\ServiceDiscovery` - Adding new BDD representation of endpoint ruleset +* `Aws\IoTManagedIntegrations` - Adding new BDD representation of endpoint ruleset + +## 3.382.0 - 2026-05-22 + +* `Aws\S3` - Adds `metadata_directive` configuration option to `MultipartCopy`. When set to `'COPY'` (the new default), source object metadata (Metadata, CacheControl, ContentDisposition, ContentEncoding, ContentLanguage, ContentType, Expires) is automatically preserved on the destination object. Set to `'REPLACE'` to suppress automatic metadata copying and provide your own via the `params` option. User-provided values in `params` always take precedence over source metadata. + +* `Aws\IoTWireless` - Adding new BDD representation of endpoint ruleset +* `Aws\Invoicing` - Adds support for idempotency with a new ClientToken field for the CreateInvoiceUnit, DeleteInvoiceUnit, UpdateInvoiceUnit, DeleteProcurementPortalPreference, PutProcurementPortalPreference, and UpdateProcurementPortalPreferenceStatus APIs. +* `Aws\DSQL` - Adding new BDD representation of endpoint ruleset +* `Aws\KafkaConnect` - Adding new BDD representation of endpoint ruleset +* `Aws\SecurityAgent` - Adds support for verification scripts on penetration test findings. Customers can now download executable scripts to independently reproduce confirmed vulnerabilities, with instructions and required environment variables provided for each finding. +* `Aws\LicenseManagerLinuxSubscriptions` - Adding new BDD representation of endpoint ruleset +* `Aws\DataZone` - Add support for VPC connection +* `Aws\Bedrock` - Adding new BDD representation of endpoint ruleset +* `Aws\NotificationsContacts` - Adding new BDD representation of endpoint ruleset +* `Aws\MarketplaceDiscovery` - Adding new BDD representation of endpoint ruleset +* `Aws\EC2` - The ModifyInstanceAttribute API now supports modification of EnclaveOptions for the instance as a typed parameter. +* `Aws\GameLiftStreams` - Added new Gen6 stream classes based on the EC2 G6e instance family. These classes are designed for streaming high-fidelity, graphically demanding games and applications that benefit from additional GPU memory and performance. +* `Aws\ApplicationSignals` - Adding new BDD representation of endpoint ruleset +* `Aws\CodeStarNotifications` - Adding new BDD representation of endpoint ruleset +* `Aws\RecycleBin` - Adding new BDD representation of endpoint ruleset +* `Aws\BedrockAgentRuntime` - Adding new BDD representation of endpoint ruleset +* `Aws\SESv2` - Adding new BDD representation of endpoint ruleset +* `Aws\GeoPlaces` - Adding new BDD representation of endpoint ruleset +* `Aws\NetworkFirewall` - Adding new BDD representation of endpoint ruleset +* `Aws\FraudDetector` - Adding new BDD representation of endpoint ruleset +* `Aws\Outposts` - Adding new BDD representation of endpoint ruleset +* `Aws\PI` - Added ListPerformanceAnalysisReportRecommendations API to retrieve recommendations for a performance analysis report. Added analysis configuration support to CreatePerformanceAnalysisReport for enhanced analysis types such as vacuum analysis. +* `Aws\Schemas` - Adding new BDD representation of endpoint ruleset +* `Aws\PartnerCentralAccount` - Adding new BDD representation of endpoint ruleset +* `Aws\LicenseManagerUserSubscriptions` - Adding new BDD representation of endpoint ruleset +* `Aws\Panorama` - Adding new BDD representation of endpoint ruleset +* `Aws\BCMPricingCalculator` - Adding new BDD representation of endpoint ruleset +* `Aws\QConnect` - Added guardrail assessment results to inference spans in the ListSpans API. You can now see which AI Guardrail policies were evaluated, whether content was blocked or masked, and per-policy details for each Bedrock Converse call +* `Aws\Neptunedata` - Adding new BDD representation of endpoint ruleset +* `Aws\ForecastService` - Adding new BDD representation of endpoint ruleset +* `Aws\BCMRecommendedActions` - Adding new BDD representation of endpoint ruleset +* `Aws\EMRContainers` - Adding new BDD representation of endpoint ruleset +* `Aws\SimSpaceWeaver` - Adding new BDD representation of endpoint ruleset +* `Aws\B2bi` - Adding new BDD representation of endpoint ruleset +* `Aws\GlueDataBrew` - Adding new BDD representation of endpoint ruleset +* `Aws\ControlTower` - Adding new BDD representation of endpoint ruleset +* `Aws\MigrationHubRefactorSpaces` - Adding new BDD representation of endpoint ruleset +* `Aws\CustomerProfiles` - Adding new BDD representation of endpoint ruleset +* `Aws\ForecastQueryService` - Adding new BDD representation of endpoint ruleset +* `Aws\OAM` - Adding new BDD representation of endpoint ruleset +* `Aws\FreeTier` - Adding new BDD representation of endpoint ruleset +* `Aws\InternetMonitor` - Adding new BDD representation of endpoint ruleset +* `Aws\S3Vectors` - Adding new BDD representation of endpoint ruleset +* `Aws\SSOOIDC` - Adding new BDD representation of endpoint ruleset +* `Aws\Tnb` - Adding new BDD representation of endpoint ruleset +* `Aws\CloudControlApi` - Adding new BDD representation of endpoint ruleset +* `Aws\IVSRealTime` - Adding new BDD representation of endpoint ruleset +* `Aws\Repostspace` - Adding new BDD representation of endpoint ruleset +* `Aws\AppConfig` - Adding new BDD representation of endpoint ruleset + +## 3.381.6 - 2026-05-21 + +* `Aws\NetworkManager` - Adding new BDD representation of endpoint ruleset +* `Aws\ApiGatewayV2` - Adding new BDD representation of endpoint ruleset +* `Aws\AppStream` - Adding new BDD representation of endpoint ruleset +* `Aws\Route53Resolver` - Adding new BDD representation of endpoint ruleset +* `Aws\MarketplaceEntitlementService` - Adding new BDD representation of endpoint ruleset +* `Aws\ACM` - Adding new BDD representation of endpoint ruleset +* `Aws\IoTJobsDataPlane` - Adding new BDD representation of endpoint ruleset +* `Aws\TranscribeService` - Adding new BDD representation of endpoint ruleset +* `Aws\VerifiedPermissions` - Support hard deleting policy store aliases. Users can now delete an alias and immediately reassign it to a different policy store without waiting for the soft-delete retention period. +* `Aws\CleanRooms` - Collaboration creators can update payment configurations without recreating the collaboration. When multiple payer candidates are configured for a cost type, analysis runners can specify the actual payer at submission time, providing granular control over billing. +* `Aws\MediaTailor` - Adding new BDD representation of endpoint ruleset +* `Aws\Kafka` - Adding new BDD representation of endpoint ruleset +* `Aws\Comprehend` - Adding new BDD representation of endpoint ruleset +* `Aws\ComprehendMedical` - Adding new BDD representation of endpoint ruleset +* `Aws\MediaConnect` - Adds support for controlling the timecode source of NDI flow outputs. +* `Aws\Connect` - Adding new BDD representation of endpoint ruleset +* `Aws\KinesisVideoArchivedMedia` - Adding new BDD representation of endpoint ruleset +* `Aws\CodeGuruProfiler` - Adding new BDD representation of endpoint ruleset +* `Aws\ACMPCA` - Adding new BDD representation of endpoint ruleset +* `Aws\CodeArtifact` - Adding new BDD representation of endpoint ruleset +* `Aws\SSOAdmin` - Adding new BDD representation of endpoint ruleset +* `Aws\Evs` - A new GetDepotUrl API has been added to retrieve a URL for accessing Amazon EVS custom addon packages. Customers can use this URL to configure vSphere Lifecycle Manager (vLCM) as an online depot source, enabling upgrades of addon components across ESXi hosts. +* `Aws\KendraRanking` - Adding new BDD representation of endpoint ruleset +* `Aws\CleanRoomsML` - Collaboration creators can update payment configurations without recreating the collaboration. When multiple payer candidates are configured for a cost type, analysis runners can specify the actual payer at submission time, providing granular control over billing. +* `Aws\SageMakerMetrics` - Adding new BDD representation of endpoint ruleset +* `Aws\AppRegistry` - Adding new BDD representation of endpoint ruleset +* `Aws\signer` - Adding new BDD representation of endpoint ruleset +* `Aws\MigrationHubConfig` - Adding new BDD representation of endpoint ruleset +* `Aws\BedrockAgentCoreControl` - Adds dataset management APIs for creating, versioning, and managing evaluation datasets. +* `Aws\Cloud9` - Adding new BDD representation of endpoint ruleset +* `Aws\GuardDuty` - Adding new BDD representation of endpoint ruleset +* `Aws\EKS` - Adding new BDD representation of endpoint ruleset +* `Aws\Textract` - Adding new BDD representation of endpoint ruleset +* `Aws\Backup` - Adding new BDD representation of endpoint ruleset +* `Aws\APIGateway` - Adding new BDD representation of endpoint ruleset +* `Aws\HealthLake` - Adding new BDD representation of endpoint ruleset +* `Aws\ServerlessApplicationRepository` - Adding new BDD representation of endpoint ruleset +* `Aws\SecurityHub` - Adding new BDD representation of endpoint ruleset +* `Aws\DLM` - Adding new BDD representation of endpoint ruleset +* `Aws\MigrationHubOrchestrator` - Adding new BDD representation of endpoint ruleset +* `Aws\QApps` - Adding new BDD representation of endpoint ruleset +* `Aws\FMS` - Adding new BDD representation of endpoint ruleset +* `Aws\DataSync` - Adding new BDD representation of endpoint ruleset +* `Aws\BedrockRuntime` - Adding new BDD representation of endpoint ruleset +* `Aws\QuickSight` - Adding new BDD representation of endpoint ruleset +* `Aws\FSx` - Adding new BDD representation of endpoint ruleset +* `Aws\WorkMail` - Adding new BDD representation of endpoint ruleset +* `Aws\GlobalAccelerator` - Adding new BDD representation of endpoint ruleset +* `Aws\Batch` - Clarified CreateComputeEnvironment parameter requirements - serviceRole is required for UNMANAGED compute environments, allocationStrategy is required for EKS compute environments, and compute environments must be created in the ENABLED state. +* `Aws\BedrockAgent` - Adding new BDD representation of endpoint ruleset +* `Aws\Pricing` - Adding new BDD representation of endpoint ruleset +* `Aws\SageMaker` - Add support for disabling home EFS file system creation on SageMaker domains. +* `Aws\Translate` - Adding new BDD representation of endpoint ruleset + +## 3.381.5 - 2026-05-20 + +* `Aws\KMS` - AWS KMS now supports creating grants for AWS service principals using new GranteeServicePrincipal and RetiringServicePrincipal parameters. This release adds SourceArn grant constraint and three condition keys for controlling CreateGrant access. For more information, see Grants in AWS KMS. +* `Aws\PaymentCryptographyData` - GenerateAuthRequestCryptogram API launch. +* `Aws\BedrockRuntime` - Supporting Request Metadata for Invoke Model and Invoke Model with Response Stream +* `Aws\MWAA` - Updated API documentation to describe the PublicAndPrivate webserver access mode. +* `Aws\CustomerProfiles` - Amazon Connect Customer Profiles adds support for item catalog columns in RecommenderSchema, ExcludedColumns in Create and Update Recommender to specify columns to exclude from training, and the ability to disable automatic retraining by setting TrainingFrequency to 0. + +## 3.381.4 - 2026-05-19 + +* `Aws\BedrockAgentCore` - Add RetryableConflictException (HTTP 409) to InvokeAgentRuntime and StopRuntimeSession to prevent orphaned VMs during concurrent session access. The SDK automatically retries this exception with backoff. Enforcement is not yet active and will be enabled in a future service update. +* `Aws\GuardDuty` - Adding support for exposure and vulnerability context from AWS Security Hub in GuardDuty Extended Threat Detection attack sequence findings. +* `Aws\DevOpsAgent` - Added a new serviceType mcpserversigv4 service and association. This provides feature to register MCP sigv4 authorization based MCPs +* `Aws\RTBFabric` - This release is to deprecate 'inboundLinksCount' field in GetResponderGateway response and introduce the new field 'linksRequestedCount' to replace it. +* `Aws\ManagedGrafana` - Introduce degraded workspace status as a possible Amazon Managed Grafana workspace status, and a new field named degraded workspace reason which informs customers why the workspace is degraded in the DescribeWorkspace API response. +* `Aws\SageMaker` - Add support for ml.p5.4xlarge and ml.p5en.48xlarge instances on SageMaker Notebook Instances Platform. + +## 3.381.3 - 2026-05-18 + +* `Aws\QuickSight` - Support for dataset enrichment and geo spatial in new data preparation experience +* `Aws\IVS` - Adds support for up to 3 mediaTailorPlaybackConfiguration objects in an ad configuration resource +* `Aws\Connect` - Amazon Connect Cases now supports SLA durations of up to 2 years (1,051,200 minutes), increased from the previous maximum of 90 days (129,600 minutes). This enables you to track long-running service level agreements for cases that require extended resolution timelines. +* `Aws\Evs` - Amazon EVS now supports up to 32 hosts per EVS environment, increasing the previous host limit to allow a larger scale of VMware workload deployments and reduce operational overhead. +* `Aws\ECS` - Amazon ECS now supports Pause lifecycle hooks for service deployments, allowing customers to automatically pause deployments at specified stages and use the new ContinueServiceDeployment API to continue or roll back with confidence. +* `Aws\AccessAnalyzer` - Services manage service-linked analyzers through dedicated APIs - CreateServiceLinkedAnalyzer and DeleteServiceLinkedAnalyzer that separate service-linked specific operations from customer-managed operations. It also shows up in ListAnalyzers and GetAnalyzer responses. +* `Aws\EC2` - Amazon VPC IP Address Manager (IPAM) now supports tags on IPAM pool allocations, enabling all standard tagging features for allocations including tag-on-create. + +## 3.381.2 - 2026-05-15 + +* `Aws\` - Fix circular reference cycles caused by non-static middleware closures implicitly capturing $this in AwsClient, GlacierClient, Route53Client, S3Client, S3MultiRegionClient, and Middleware. +* `Aws\CloudWatchLogs` - Updating the max limit for start query api parameter. +* `Aws\PartnerCentralSelling` - Enable TCV intake on Opportunity to improve Opportunities Hygiene and downstream revenue attribution. +* `Aws\MediaPackageV2` - This release adds support for AvailabilityStartTimeConfiguration in MediaPackageV2 DASH manifests + +## 3.381.1 - 2026-05-14 + +* `Aws\ManagedGrafana` - Adds support for dual-stack (IPv4 and IPv6) connectivity to Amazon Managed Grafana workspaces. Customers can configure the ipAddressType parameter when creating or updating a workspace to choose between IPv4-only or dual-stack (IPv4 and IPv6) access. +* `Aws\QConnect` - ListModels is an API that returns the available AI models for a Connect Assistant based on its region and AI prompt type. +* `Aws\DataZone` - Adds support for SageMaker Unified Studio notebook operations, including notebook import and export +* `Aws\CloudFront` - Adding a new boolean for OCSP Revocations in Viewer mTLS Create and Update APIs, and adding a new 'Passthrough' option for TrustStore modes +* `Aws\Bedrock` - Advanced Prompt Optimization (AdvPO) allows you to optimize and migrate your prompts for any model on Bedrock by automatically evaluating responses and rewriting prompts to improve performance. This release provides a programmatic way to create, get, list, stop, and delete AdvPO jobs. +* `Aws\mgn` - Introducing new option for security groups mapping - with MAP-DHCP the service translates security rules from your source environment with DHCP compatibility. +* `Aws\DatabaseMigrationService` - Add 9 SDK waiters for DMS Schema Conversion async operations. Eliminates manual polling for import, assessment, conversion, export, and creation jobs. +* `Aws\Glue` - Release --has-databases parameter for AWS Glue get-catalogs API, which filters catalog responses to include only those capable of containing databases, excluding parent catalogs that hold only other catalogs. Remove model-level validation on partition index list size for AWS Glue tables. + +## 3.381.0 - 2026-05-13 + +* `Aws\Endpoints` - Introduces endpoint resolution through a BDD rules based evaluation. + +- Add BDD-based endpoint resolution alongside the existing Tree Ruletset Evaluator. +- Introduce a Bdd package under EndpointV2 namespace containing utilities and components used for resolving an endpoint through BDDs. +- Enhance the EndpointDefinitionProvider to resolve the endpoint rule definitions by giving preference to BDDs "endpoint-bdd-1.json" rules over tree based rules. +- Enhance EndpointProviderV2 to support both, BDD endpoint resolution and Tree + endpoint resolution but also giving preference to BDD resolution. + How is it done? + - The parameter $ruleset now supports instances of BddRuleset, besides of array to preserve existent behavior, and when an instance of BddRuleset is present then a BDD Evaluator is instantiated which will be used to resolve the endpoint. + - Otherwise, if an array or an instance of Ruleset is passed in then, we resolve the endpoint with the Tree based endpoint resolution, which is the current behavior. +- Add a new method "getActiveParameters" in EndpointProviderV2 that is used by + the EndpointV2Middleware to get the active parameters, which internally it just evaluates which rule set property we should be getting the parameters from, either from $bddRuleset if not null or from $ruleset. +- Enhance EndpointV2Middleware to consume the new getActiveParameters. + +* `Aws\ConnectCampaignsV2` - This release added support for Outbound Campaign timezone detection using all available contact methods +* `Aws\Glue` - AWS Glue now defaults the job timeout to 480 minutes for Glue version 5.0 and later when no timeout value is specified. The default remains 2,880 minutes for Glue version 4.0 and earlier. +* `Aws\Batch` - Adds a billing callout to docs regarding using the CE Scale Down Delay feature +* `Aws\DSQL` - Added support for Amazon Aurora DSQL change data capture (CDC) streams that deliver row-level database changes to Amazon Kinesis in JSON format. Includes CreateStream, GetStream, ListStreams, and DeleteStream operations. +* `Aws\Lightsail` - Added OriginIpAddressTypeEnum (ipv4, ipv6, dualstack) and ipAddressType field to Origin and InputOrigin structures for Lightsail CDN distributions. Allows customers to specify how the distribution connects to origins, using IPv4, IPv6, or dualstack networking +* `Aws\BedrockAgentCoreControl` - Adds support for read-only summary APIs for Policy Engine, Policy, and Policy Generation resources, enabling metadata retrieval without KMS decryption for AWS Config integration. +* `Aws\BillingConductor` - Add ConflictException to UpdateCustomLineItem operation. +* `Aws\OpenSearchService` - Adds support for AutomatedSnapshotPauseOptions. +* `Aws\PartnerCentralAccount` - Added ServiceQuotaExceededExceptions for Profile operations +* `Aws\EC2` - Include length limits in the SDK and documentation for text fields in Image (AMI) APIs such as the image name and description +* `Aws\SocialMessaging` - Adds parameters to call the GetWhatsAppMessageTemplate and UpdateWhatsAppMessageTemplate APIs with a template name and language code in place of the template ID. Linked WhatsApp accounts also describe whether the WABA is onboarded to Meta's Marketing Messages API. +* `Aws\Redshift` - Added rg.xlarge and rg.4xlarge to valid NodeType values and updated documentation for CreateCluster, ModifyCluster, ResizeCluster, and RestoreFromClusterSnapshot APIs to reflect RG node type support. +* `Aws\Connect` - This change added three new EventSourceName for schedule notification feature +* `Aws\SageMaker` - Adds execution role session name mode to reflect user identity in Studio. Adds Flexible Training Plans on Studio apps. Adds restricted model packages to control access to proprietary model artifacts via IAM. Fixed instance type parity between inference endpoints and managed shadow tests. +* `Aws\SecurityAgent` - Add support for code reviews, a new resource type that enables automated security-focused static analysis of source code repositories. +* `Aws\PCS` - Add support for Amazon EC2 Interruptible-ODCR +* `Aws\ConnectCases` - Amazon Connect Cases now supports SLA durations of up to 2 years (1,051,200 minutes), increased from the previous maximum of 90 days (129,600 minutes). This enables you to track long-running service level agreements for cases that require extended resolution timelines. +* `Aws\RTBFabric` - Customers can now configure custom domain names for their RTB Fabric gateways. This enables partners to use their own branded domain for RTB traffic instead of the default rtbfabric endpoint +* `Aws\ARCRegionSwitch` - Adds support for enabling and disabling Lambda event source mappings in Region switch plans. +* `Aws\ElasticsearchService` - Adds support for AutomatedSnapshotPauseOptions. +* `Aws\QuickSight` - Adds five new custom permission option for Quick Apps so that these capabilities can be controlled by public SDK and CLI. +* `Aws\SFN` - Updated default SDK endpoints for AWS Step Functions in AWS GovCloud (US) regions. The default Dual-Stack endpoints now resolve to "states-fips" prefixed hostnames. There are no changes to service behavior. No customer action is required. + +## 3.380.3 - 2026-05-07 + +* `Aws\Route53Resolver` - Adds supports for DNS64 on inbound endpoints and IPv6 forwarding through the internet gateway (IGW) on outbound endpoints, making it easier to manage hybrid DNS across IPv4 and IPv6 networks. +* `Aws\BedrockAgentCoreControl` - Launching AgentCore payments - a capability that provides secure, instant microtransaction payments for AI agents to access paid APIs, MCP servers, and content. It handles payment processing for x402 protocol, payment limits, and 3P wallet integrations with Coinbase CDP and Stripe (Privy). +* `Aws\EC2` - DescribeInstanceTypes now accepts an IncludeUnsupportedInRegion parameter. When set, the response also lists instance types that are not available in the current Region. Each instance type includes a SupportedInRegion field indicating its regional availability. +* `Aws\BedrockAgentCore` - Launching AgentCore payments - a capability that provides secure, instant microtransaction payments for AI agents to access paid APIs, MCP servers, and content. It handles payment processing for x402 protocol, payment limits, and 3P wallet integrations with Coinbase CDP and Stripe (Privy). +* `Aws\GuardDuty` - This is a documentation update +* `Aws\Invoicing` - Updated ListInvoiceSummaries API to add new ReceiverRole filter in Request and Response +* `Aws\BCMDataExports` - With this release, customers can configure their data exports to generate additional integration artifacts for Athena and Redshift. + +## 3.380.2 - 2026-05-06 + +* `Aws\imagebuilder` - The ImportDiskImage API now enforces a maximum character limit of 128 characters on the image name field. +* `Aws\MWAA` - Amazon MWAA now supports a PublicAndPrivate webserver access mode. The Airflow web server is accessible over both public and private endpoints, enabling workers in VPCs without internet access to reach the Task API privately while retaining public access to the Airflow UI. +* `Aws\S3` - Validate outpost access point resource name +* `Aws\BedrockAgentCoreControl` - Adds support for bring-your-own file system in AgentCore Runtime. Developers can mount Amazon S3 Files and Amazon EFS access points directly into agent sessions using filesystemConfigurations. +* `Aws\LexModelsV2` - Amazon Lex V2 introduces audio filler support for speech-to-speech bots. Configure melody or typing sounds that play during backend processing to reduce perceived latency and maintain a natural conversational experience for callers. +* `Aws\Glue` - Adds support for a CustomLogGroupPrefix parameter in StartDataQualityRulesetEvaluationRun to specify custom CloudWatch log group paths, and a RulesetName filter in ListDataQualityRulesetEvaluationRuns to filter evaluation runs by ruleset name. +* `Aws\SageMaker` - Amazon SageMaker HyperPod now returns ImageVersionStatus in DescribeCluster, DescribeClusterNode, and ListClusterNodes responses, indicating whether cluster instances are running the latest available image version. +* `Aws\SecurityHub` - Release GenerateRecommendedPolicyV2 and GetRecommendedPolicyV2 APIs. This supports generating and retrieving policy recommendations to remediate unused permissions findings that are now being supported on Security Hub. + +## 3.380.1 - 2026-05-05 + +* `Aws\CleanRoomsML` - Increase max configurable output limits in the Clean Rooms ML configured model algorithm association resource. +* `Aws\Route53Domains` - This release adds the TLDInMaintenance exception. +* `Aws\SageMaker` - Adds support for ml.p5.4xlarge instance type for SageMaker Studio JupyterLab and CodeEditor apps for IAD (us-east-1), NRT (ap-northeast-1), BOM (ap-south-1), CGK (ap-southeast-3), GRU (sa-east-1), PDX (us-west-2), CMH (us-east-2). +* `Aws\OpenSearchService` - Amazon OpenSearch Service now supports VPC egress, enabling outbound traffic from your OpenSearch domain to route privately through your VPC instead of the public internet. +* `Aws\MedicalImaging` - Add support for DICOM Json Metadata Override features in startDICOMImportJob API +* `Aws\MarketplaceAgreement` - With this release, Agreements API provides a programmatic way to generate quotes, accept offers, track charges and entitlements, manage renewals and cancellations, and streamline operations entirely through APIs without navigating to the AWS Marketplace website or AWS Management Console. +* `Aws\MediaTailor` - Added support for Monetization Functions. Monetization Functions let you enrich ad requests with external data and transform session parameters using JSONata expressions, without deploying custom infrastructure. +* `Aws\CloudFront` - Adds support for tagging CloudFront Functions and KeyValueStores resources. + +## 3.380.0 - 2026-05-04 + +* `Aws\Retries` - Adds an opt-in new retry behavior. Set AWS_NEW_RETRIES_2026=true to enable the new path. When the env var is unset (the default), retry behavior is unchanged from previous releases. With the flag enabled, the SDK switches the default retry mode from 'legacy' to 'standard', adopts a throttling-aware token-bucket retry quota (cost 14 for non-throttling, 5 for throttling), reduces the non-throttling base backoff to 50ms, checks max-attempts before quota, honors the x-amz-retry-after header, sleeps without retrying on long-polling operations (SQS, SFN, SWF) when the quota is exhausted, and lets custom deciders supplement (rather than replace) built-in retryability checks. DynamoDB defaults to 4 attempts with a 25ms base; STS treats IDPCommunicationError as transient; S3's existing custom decider keeps its socket carve-out. The flag is intended as an opt-in for early adopters and will become the default in a future release. +* `Aws\GeoRoutes` - Added support for TravelTimeExceedsDriverWorkHours, ViolatedBlockedRoad, and ViolatedVehicleRestriction notice codes to the CalculateRoutes API response. +* `Aws\MediaLive` - Updates the type of the MediaLiveRouterOutputConnectionMap. +* `Aws\BedrockAgentCoreControl` - Amazon Bedrock AgentCore gateways now support MCP Sessions and response streaming from MCP targets. Session timeouts can be set between 15 minutes and 8 hours, and response streaming enables forwarding stream events sent by MCP targets to gateway users. +* `Aws\EC2` - This feature allows customers to change the tunnel bandwidth on existing VPN connections using the ModifyVpnConnectionOptions API +* `Aws\CloudWatchLogs` - Adding an additional optional deliverySourceConfiguration field to PutDeliverySource API. This enables customers to pass service-specific configurations through IngestionHub such as tracing enablement or sampling rates that will be propagated to the source resource. +* `Aws\SecurityAgent` - AWS Security Agent is adding a new target domain verification method for private VPC penetration testing. Additionally, the target domain resource will now have a verification status reason field to surface additional details about domain verification +* `Aws\LexModelBuildingService` - Lex V1 is deprecated, use Lex V2 instead +* `Aws\VPCLattice` - Amazon VPC Lattice now supports privately resolvable DNS resources + +## 3.379.11 - 2026-05-01 + +* `Aws\` - Use WeakReference in PresignUrlMiddleware and EndpointDiscoveryMiddleware to prevent circular reference memory leaks. +* `Aws\QConnect` - Added reasoning details, statusDescription, and timeToFirstTokenMs fields to the ListSpans response in Amazon Q in Connect to provide visibility into model thinking, error diagnostics, and inference latency metrics. +* `Aws\CloudWatchLogs` - Adds support for filtering log groups by tags in the ListLogGroups API via the new logGroupTags parameter. +* `Aws\EntityResolution` - Add support for transitive matching in AWS Entity Resolution rule-based matching workflows. When enabled, records that match through different rules are grouped together into the same match group, allowing related records to be connected across rule levels. +* `Aws\CloudWatch` - This release adds tag support for CloudWatch Dashboards. The PutDashboard API now accepts a Tags parameter, allowing you to tag dashboards at creation time. Additionally, the TagResource, UntagResource, and ListTagsForResource APIs now support dashboard ARNs as resources. +* `Aws\QuickSight` - Add IdentityProviderCACertificatesBundleS3Uri for private CA certs with OAuth datasources. 256-char limit for FontFamily in themes. ControlTitleFormatText on all 13 filters. ControlTitleFontConfiguration. ContextRegion for cross-region identity context. Story,scenario in CreateCustomCapability API. +* `Aws\AppStream` - Amazon WorkSpaces Applications now enables AI agents to securely operate desktop applications. Administrators configure stacks to provide agents access to WorkSpaces. Agents can click, type, and take screenshots. Agents authenticate with AWS IAM credentials with activity logged in AWS CloudTrail. +* `Aws\IAM` - Added guidance for CreateOpenIDConnectProvider to include multiple thumbprints when OIDC discovery and JWKS endpoints use different hosts or certificates +* `Aws\IoT` - AWS IoT HTTP rule actions now support cross-topic batching, combining messages from different MQTT topics into single HTTP requests. + +## 3.379.10 - 2026-04-30 + +* `Aws\BedrockAgentCore` - AgentCore Identity now supports on-behalf-of token exchange OAuth2. AgentCore Memory now supports metadata for LongTerm Memory Records. +* `Aws\EKS` - Vended logs update param for capability vended logs feature +* `Aws\ObservabilityAdmin` - Observability Admin enablement launch for AWS Kafka, Bedrock Agent Core Workload Identity and OTel metric enablement. +* `Aws\Kafka` - Adds support for ZookeeperAccess field to control the Client-Zookeeper connectivity. +* `Aws\DataZone` - Adds support for asynchronous notebook runs +* `Aws\PaymentCryptography` - Adds support for resource-based policies on AWS Payment Cryptography keys, enabling cross-account key sharing. Also adds Multi-Party Approval (MPA) team association APIs for protecting sensitive import root public key operations. +* `Aws\SSOAdmin` - Add InstanceArn and IdentityStoreArn in the response of CreateApplication API and IdentityStoreArn in the response of DescribeApplication API +* `Aws\SageMaker` - Add InstancePools support to Endpoint for flexible provisioning across a prioritized list of instance types. Add Specifications support to InferenceComponent for per-instance-type model configurations. +* `Aws\Route53GlobalResolver` - Adds support for regions in the UpdateGlobalResolver input. +* `Aws\BedrockAgentCoreControl` - AgentCore Identity now supports on-behalf-of token exchange OAuth2. AgentCore Memory now supports metadata for LongTerm Memory Records. + +## 3.379.9 - 2026-04-29 + +* `Aws\Deadline` - Adds support for rtx-pro-server-6000 GPU accelerator for service-managed fleets. +* `Aws\ECR` - Removes support for registry policy V1 +* `Aws\BedrockAgentCore` - Adds batch evaluation for running evaluators against multiple agent sessions with server-side orchestration, AI-powered recommendations for optimizing system prompts and tool descriptions, and AB testing with controlled traffic splitting and statistical significance reporting +* `Aws\BedrockAgentCoreControl` - Adds configuration bundles for versioned, immutable agent configuration snapshots with branch-based lineage +* `Aws\MediaPackageV2` - This feature adds configuration for specifying SCTE marker handling and allow greater control over generated manifest and segment URIs +* `Aws\CloudFront` - Amazon CloudFront now supports cache tag. Tag objects via response headers and invalidate all matching objects in a single request, replacing manual URL tracking and broad wildcards. +* `Aws\Transfer` - This launch will increase the limits for customers to list the contents from the remote directories from 10k to 200k. +* `Aws\GameLift` - Amazon GameLift Servers adds a new DescribeContainerGroupPortMappings API for container fleets, making it easy to discover which connection ports map to your container ports without needing to remotely access the compute. +* `Aws\Account` - Adds AccountState in the response for the GetAccountInformation API. Each state represents a specific phase in the account lifecycle. Use this information to manage account access, automate workflows, or trigger actions based on account state changes. +* `Aws\WorkSpacesWeb` - Allow admins to configure IPv6 ranges on IP Access Settings. + +## 3.379.8 - 2026-04-27 + +* `Aws\OpenSearchService` - Amazon OpenSearch Service now supports JWKS URL configuration for JWT authentication +* `Aws\mgn` - Added network modernization support, enabling customers to edit, resize, merge, and split VPCs and subnets during migration while retaining functional, non-conflicting IP addresses. +* `Aws\Omics` - Enable Public Internet or VPC configuration to BatchRun +* `Aws\CloudWatchLogs` - Adds support for selecting all logs sources and types in a single association. +* `Aws\GameLiftStreams` - Adds Proton 10.0-4 to the list of runtime environment options available when creating an Amazon GameLift Streams application +* `Aws\ApplicationSignals` - Application Signals now supports creating composite Service Level Objectives on Service Operations. Users can now create service SLO on multiple operations. +* `Aws\WorkSpaces` - Added support for Protocol as modified resource and added update failure as modification state +* `Aws\IVS` - Adds tags parameter to the CreateAdConfiguration operation +* `Aws\KMS` - KMS GetKeyLastUsage API provides information on the last successful cryptographic operation performed on KMS keys. This new API provides KMS customers with the last timestamp, CloudTrail eventId, and the cryptographic operation that was performed on the key. +* `Aws\Glue` - Addition of AdditionalAuditContext to GetPartition, GetPartitions, GetTableVersion, and GetTableVersions +* `Aws\BillingConductor` - Add support for Passthrough pricing plan +* `Aws\SageMaker` - Updated API documentation for endpoint MetricsConfig. Added details on supported metric publish frequencies and clarified how EnableEnhancedMetrics controls utilization and invocation metric behavior. + +## 3.379.7 - 2026-04-24 + +* `Aws\ConnectHealth` - Corrected CreateWebAppConfiguration documentation. Adding slash as an allowed character for the Ambient documentation agent to allow pronoun specifications. +* `Aws\Connect` - Amazon Connect is expanding attachment capabilities to give customers greater flexibility and control. Currently limited to predefined file types, the new feature will allow contact center administrators to customize which file extensions and sizes are supported across chat, email, tasks, and cases. +* `Aws\BedrockAgentCoreControl` - Added support for configuring identity providers and inbound authorizers within a private VPC for AWS Bedrock AgentCore, enabling secure network connection without public internet access +* `Aws\Transfer` - AWS Transfer Family now support configurable IP address types for Web Apps of type VPC, enabling customers to select IPv4-only or dual-stack (IPv4 and IPv6) configurations based on their network requirements. +* `Aws\CloudWatchLogs` - Adding nextToken and maxItems to the GetQueryResults API. +* `Aws\Evs` - EVS now supports i7i.metal-24xl EC2 bare metal instance type, delivering high random IOPS performance with real-time latency, ideal for IO intensive and latency-sensitive workloads such as transactional databases, real-time analytics, and AI ML pre-processing. + +## 3.379.6 - 2026-04-23 + +* `Aws\OpenSearchService` - Amazon OpenSearch UI applications now support cross-Region domain association, enabling you to connect OpenSearch Dashboards in one AWS Region to OpenSearch domains in other Regions within the same partition for centralized data visualization. +* `Aws\IoTManagedIntegrations` - Adds "Status" field to provisioning profile operation response types, giving users visibility into the readiness of a provisioning profile to be used for device provisioning. +* `Aws\DataZone` - Releasing For LakehouseProperties attributes in the Connections API's +* `Aws\PCS` - This release adds support for Slurm 25.11 with expedited requeue enabled by default for jobs failing due to node issues, configurable requeue delay, health checks at node startup only, and unauthenticated HTTP endpoints disabled by default for improved security. + +## 3.379.5 - 2026-04-22 + +* `Aws\Lambda` - Add Ruby 4.0 (ruby4.0) support to AWS Lambda. +* `Aws\S3` - This release adds five additional checksum algorithms for S3 data integrity (MD5, SHA-512, XXHash3, XXHash64, XXHash128) and support for S3 Inventory on directory buckets (S3 Express One Zone). +* `Aws\IVS` - Adds support for Amazon IVS server-side ad insertion +* `Aws\BedrockAgentCoreControl` - Adds support for Amazon Bedrock AgentCore Harness control plane APIs, enabling customers to create, manage, and configure managed agent loops with customizable models, tools, memory, and isolated execution environments. +* `Aws\S3Control` - This release adds support for five additional checksum algorithms for data integrity checking in Amazon S3 - MD5, SHA-512, XXHash3, XXHash64, and XXHash128. +* `Aws\BedrockAgentCore` - Adds support for Amazon Bedrock AgentCore Harness data plane APIs, enabling customers to invoke managed agent loops and execute commands on live agent sessions with streaming responses. +* `Aws\EMRServerless` - This release adds support for Spark connect sessions starting with release label emr-7.13.0. +* `Aws\EC2` - Managed resource visibility settings control whether resources that AWS services provision on your behalf within your AWS account appear in your Amazon console views and API list operations. +* `Aws\Batch` - Support of S3Files volume type, container start and stop timeouts. +* `Aws\OpenSearchService` - Adds support for RollbackServiceSoftwareUpdate API +* `Aws\OSIS` - Update the pipeline configuration body character limit for the CreatePipeline API call. +* `Aws\ECS` - GPU health monitoring and auto-repair for ECS Managed Instances +* `Aws\IoTWireless` - Enable customers to optionally specify a desired confidence level for Cellular and WiFi position estimates. Customers can use this to trade off confidence level and radius of uncertainty based on their needs. + +## 3.379.4 - 2026-04-21 + +* `Aws\ComprehendMedical` - This release adds Smithy RPC v2 CBOR as an additional protocol alongside the existing AWS JSON 1.1. The SDK will prioritize its most performant protocol. +* `Aws\MarketplaceEntitlementService` - This release adds Smithy RPC v2 CBOR as an additional protocol alongside the existing AWS JSON 1.1. The SDK will prioritize its most performant protocol. +* `Aws\SageMaker` - SageMaker AI now supports generative AI inference recommendations. Provide your model and workload, and SageMaker AI optimizes configurations, benchmarks them on real GPUs, and returns deployment-ready recommendations with validated metrics, accelerating the path to production from weeks to hours. +* `Aws\GameLift` - This release adds Smithy RPC v2 CBOR as an additional protocol alongside the existing AWS JSON 1.1. The SDK will prioritize its most performant protocol. +* `Aws\NetworkFirewall` - Support for new types of partner managed rulegroups for Network Firewall Service +* `Aws\ComputeOptimizerAutomation` - This release adds Smithy RPC v2 CBOR as an additional protocol alongside the existing AWS JSON 1.0. The SDK will prioritize its most performant protocol. +* `Aws\CognitoIdentityProvider` - Adding dutch language support for Cognito Managed Login and Terms on Console +* `Aws\ComputeOptimizer` - This release adds Smithy RPC v2 CBOR as an additional protocol alongside the existing AWS JSON 1.0. The SDK will prioritize its most performant protocol. +* `Aws\Snowball` - This release adds Smithy RPC v2 CBOR as an additional protocol alongside the existing AWS JSON 1.1. The SDK will prioritize its most performant protocol. + +## 3.379.3 - 2026-04-20 + +* `Aws\BedrockAgentCoreControl` - Supporting listingMode for AgentCore Gateway MCP server targets +* `Aws\Kafka` - Amazon MSK Replicator now supports data migration from external Apache Kafka clusters to Amazon MSK Express brokers. This release adds SaslScram authentication with TLS encryption, enhanced consumer offset synchronization, and customer log forwarding for troubleshooting. +* `Aws\LocationService` - This release adds support for new Job APIs for bulk workloads. The initial job type supported is Address Validation. The new APIs added are StartJob, CancelJob, ListJobs, and GetJob. +* `Aws\Evs` - Amazon EVS now allows you to create connectors to your vCenter appliances and create Windows Server entitlements for virtual machines running in your EVS environments +* `Aws\ObservabilityAdmin` - Enablement for Security Hub v2 via Observability Admin Telemetry Rule for account and organization level. +* `Aws\EC2` - Added Transit Gateway Integration into AWS Client VPN. +* `Aws\GuardDuty` - Expanded support for new suppression rule fields. +* `Aws\ApplicationSignals` - Releasing Second phase of SLO Recommendations where you can create recommended SLOs out-of-the box using CreateSLO API + +## 3.379.2 - 2026-04-17 + +* `Aws\ConnectCampaignsV2` - This release adds support for campaign entry limits configuration and hourly refresh frequency in Amazon Connect Outbound Campaigns. +* `Aws\STS` - The STS client now supports configuring SigV4a through the auth scheme preference setting. SigV4a uses asymmetric cryptography, enabling customers using long-term IAM credentials to continue making STS API calls even when a region is isolated from the partition leader. +* `Aws\GroundStation` - Adds support for updating contacts, listing antennas, and listing ground station reservations. New API operations - UpdateContact, ListContactVersions, DescribeContactVersion, ListAntennas, and ListGroundStationReservations. +* `Aws\CleanRooms` - This release adds support for configurable spark properties for Cleanrooms PySpark workloads. +* `Aws\Neptune` - Improving Documentation for Neptune +* `Aws\SageMaker` - Adds support for providing NetworkInterface for efa enabled instances and Simplified cluster creation for Slurm-orchestrated clusters with optional Lifecycle Script (LCS) configuration. +* `Aws\QuickSight` - Public release of dashboard customization summary, S3 Tables data source type, Athena cross-account connector, custom sorting for controls, and AI-powered analysis generation. +* `Aws\imagebuilder` - ImportDiskImage API adds registerImageOptions for Secure Boot control and custom UEFI data. It adds windowsConfiguration for selecting a specific edition from multi-image .wim files during ISO import. +* `Aws\Connect` - Fixes in SDK for customers using TestCase APIs + +## 3.379.1 - 2026-04-16 + +* `Aws\DataZone` - Launching SMUS IAM domain SDK support +* `Aws\CloudWatchLogs` - Endpoint update for CloudWatch Logs Streaming APIs. +* `Aws\CognitoIdentityProvider` - Adds support for passkey-based multi-factor authentication in Cognito User Pools. Users can authenticate securely using FIDO2-compliant passkeys with user verification, enabling passwordless MFA flows while maintaining backward compatibility with password-based authentication +* `Aws\CustomerProfiles` - Amazon Connect Customer Profiles adds RecommenderSchema CRUD APIs for custom ML training columns. CreateRecommender and CreateRecommenderFilter now accept optional RecommenderSchemaName. +* `Aws\ConnectCases` - Added error handling for service quota limits +* `Aws\DevOpsAgent` - Deprecate the userId from the Chat operations. This update also removes support of AllowVendedLogDeliveryForResource API from AWS SDKs. +* `Aws\CloudWatch` - Update documentation of alarm mute rules start and end date fields +* `Aws\BedrockAgentCore` - Introducing NamespacePath in AgentCore Memory to support hierarchical prefix based memory record retrieval. +* `Aws\AutoScaling` - This release adds support for specifying Availability Zone IDs as an alternative to Availability Zone names when creating or updating Auto Scaling groups. +* `Aws\MediaConvert` - Adds support for Elemental Inference powered smart crop feature, enabling video verticalization +* `Aws\drs` - Updating regex for identification of AWS Regions. +* `Aws\RDS` - Adds a new DescribeServerlessV2PlatformVersions API to describe platform version properties for Aurora Serverless v2. Also introduces a new valid maintenance action value for serverless platform version updates. +* `Aws\Connect` - This release updates the Amazon Connect Rules CRUD APIs to support a new EventSourceName - OnEmailAnalysisAvailable. Use this event source to trigger rules when conversational analytics results are available for email contacts. +* `Aws\AppStream` - Add content redirection to Update Stack + +## 3.379.0 - 2026-04-13 + +* `Aws\Interconnect` - Initial release of AWS Interconnect -- a managed private connectivity service that enables you to create high-speed network connections between your AWS Virtual Private Clouds (VPCs) and your VPCs on other public clouds or your on-premise networks. +* `Aws\CustomerProfiles` - This release introduces changes to SegmentDefinition APIs to support sorting by attributes. +* `Aws\Deadline` - Adds GetMonitorSettings and UpdateMonitorSettings APIs to Deadline Cloud. Enables reading and writing monitor settings as key-value pairs (up to 64 keys per monitor). UpdateMonitorSettings supports upsert and delete (via empty value) semantics and is idempotent. +* `Aws\Glue` - AWS Glue now defaults to Glue version 5.1 for newly created jobs if the Glue version is not specified in the request, and UpdateJob now preserves the existing Glue version of a job when the Glue version is not specified in the update request. +* `Aws\SecurityHub` - Provide organizational unit scoping capability for GetFindingsV2, GetFindingStatisticsV2, GetResourcesV2, GetResourcesStatisticsV2 APIs. +* `Aws\Macie2` - This release adds an optional expectedBucketOwner field to the Macie S3 export configuration, allowing customers to verify bucket ownership before Macie writes results to the destination bucket. + +## 3.378.2 - 2026-04-10 + +* `Aws\Connect` - Conversational Analytics for Email +* `Aws\SageMaker` - Support new SageMaker StartClusterHealthCheck API for on-demand DHC on Hyperpod EKS cluster. Support updated CreateCluster, UpdateCluster, DescribeCluster, BatchAddClusterNodes APIs for flexible instance group on HyperPod cluster +* `Aws\imagebuilder` - Image pipelines can now automatically apply tags to images they create. Set the imageTags property when creating or updating your pipelines to get started. +* `Aws\MediaConvert` - Adds support for MV-HEVC video output and clear lead for AV1 DRM output. +* `Aws\DevOpsAgent` - Devops Agent now supports associate Splunk, Datadog and custom MCP server to an Agent Space. +* `Aws\ECS` - Minor updates to exceptions for completeness +* `Aws\RTBFabric` - Adds optional health check configuration for Responder Gateways with ASG Managed Endpoints. When provided, RTB Fabric continuously probes customers' instance IPs and routes traffic only to healthy ones, reducing errors during deployments, scaling events, and instance failures. +* `Aws\ObservabilityAdmin` - CloudWatch Observability Admin adds support for multi-region telemetry evaluation and telemetry enablement rules. + +## 3.378.1 - 2026-04-09 + +* `Aws\RedshiftDataAPIService` - The BatchExecuteStatement API now supports named SQL parameters, enabling secure batch queries with parameterized values. This enhancement helps prevent SQL injection vulnerabilities and improves query reusability. +* `Aws\BedrockAgentCoreControl` - Initial release for CRUDL in AgentCore Registry Service +* `Aws\SageMaker` - Release support for g7e instance types for SageMaker HyperPod +* `Aws\BedrockAgentCore` - Introducing support for SearchRegistryRecords API on AgentCoreRegistry +* `Aws\MediaConnect` - Adds support for MediaLive Channel-type Router Inputs. +* `Aws\BCMDashboards` - Scheduled email reports of Billing and Cost Management Dashboards + +## 3.378.0 - 2026-04-08 + +* `Aws\drs` - This changes adds support for modifying the replication configuration to support data replication using IPv6. +* `Aws\MediaLive` - MediaLive is adding support for MediaConnect Router by supporting a new output type called MEDIACONNECT ROUTER. This new output type will provide seamless encrypted transport between your MediaLive channel and MediaConnect Router. +* `Aws\IVSRealTime` - Adds support for Amazon IVS real-time streaming redundant ingest. +* `Aws\MarketplaceDiscovery` - AWS Marketplace Discovery API provides an interface that enables programmatic access to the AWS Marketplace catalog, including searching and browsing listings, retrieving product details and fulfillment options, and accessing public and private offer pricing and terms. +* `Aws\Backup` - Adding EKS specific backup vault notification types for AWS Backup. +* `Aws\ECR` - Add UnableToListUpstreamImageReferrersException in ListImageReferrers +* `Aws\Outposts` - Add AWS Outposts APIs to view renewal pricing options and submit renewal requests for Outpost contracts + +## 3.377.0 - 2026-04-07 + +* `Aws\S3Files` - Support for S3 Files, a new shared file system that connects any AWS compute directly with your data in Amazon S3. It provides fast, direct access to all of your S3 data as files with full file system semantics and low-latency performance, without your data ever leaving S3. +* `Aws\Braket` - Added support for t3, g6, and g6e instance types for Hybrid Jobs. +* `Aws\DataZone` - Update Configurations and registerS3AccessGrantLocation as public attributes for cfn +* `Aws\Connect` - The voice enhancement mode used by the agent can now be viewed on the contact record via the DescribeContact api. +* `Aws\EKS` - EKS MNG WarmPool feature to support ASG WarmPool feature. +* `Aws\EC2` - EC2 Capacity Manager adds new dimensions for grouping and filtering capacity metrics, including tag-based dimensions and Account Name. +* `Aws\Lambda` - Launching Lambda integration with S3 Files as a new file system configuration. +* `Aws\DataSync` - Allow IAM role ARNs with IAM Paths for "SecretAccessRoleArn" field in "CustomSecretConfig" +* `Aws\ECS` - This release provides the functionality of mounting Amazon S3 Files to Amazon ECS tasks by adding support for the new S3FilesVolumeConfiguration parameter in ECS RegisterTaskDefinition API. +* `Aws\S3` - Updated list of the valid AWS Region values for the LocationConstraint parameter for general purpose buckets. +* `Aws\Outposts` - This change allows listAssets to surface pending and non-compute asset information. Adds the INSTALLING asset state enum and the STORAGE, POWERSHELF, SWITCH, and NETWORKING AssetTypes. +* `Aws\AccessAnalyzer` - Revert previous additions of API changes. +* `Aws\BedrockAgentCore` - This release includes support for 1) InvokeBrowser API, enabling OS-level control of AgentCore Browser Tool sessions through mouse actions, keyboard input, and screenshots. 2) Added documentation noting that empty sessions are automatically deleted after one day in the ListSessions API. +* `Aws\RTBFabric` - AWS RTB Fabric External Responder gateways now support HTTP in addition to HTTPS for inbound external links. Gateways can accept bid requests on port 80 or serve both protocols simultaneously via listener configuration, giving customers flexible transport options for their bidding infrastructure + +## 3.376.4 - 2026-04-06 + +* `Aws\Deadline` - Added 8 batch APIs (BatchGetJob, BatchGetStep, BatchGetTask, BatchGetSession, BatchGetSessionAction, BatchGetWorker, BatchUpdateJob, BatchUpdateTask) for bulk operations. Monitors can now use an Identity Center instance in a different region via the identityCenterRegion parameter. +* `Aws\AccessAnalyzer` - Brookie helps customers preview the impact of SCPs before deployment using historical access activity. It evaluates attached policies and proposed policy updates using collected access activity through CloudTrail authorization events and reports where currently allowed access will be denied. +* `Aws\Lightsail` - This release adds support for the Asia Pacific (Malaysia) (ap-southeast-5) Region. +* `Aws\Transfer` - AWS Transfer Family Connectors now support IPv6 connectivity, enabling outbound connections to remote SFTP or AS2 servers using IPv4-only or dual-stack (IPv4 and IPv6) configurations based on network requirements. +* `Aws\GeoMaps` - This release updates API reference documentation for Amazon Location Service Maps APIs to reflect regional restrictions for Grab Maps users +* `Aws\GuardDuty` - Migrated to Smithy. No functional changes +* `Aws\DLM` - This release adds support for Fast Snapshot Restore AvailabilityZone Ids in Amazon Data Lifecycle Manager EBS snapshot lifecycle policies. +* `Aws\QConnect` - Added optional originRequestId parameter to SendMessageRequest and ListSpans response in Amazon Q in Connect to support request tracing across service boundaries. +* `Aws\MediaTailor` - This change adds support for Tagging the resource types Programs and Prefetch Schedules + +## 3.376.3 - 2026-04-03 + +* `Aws\Lightsail` - Add support for tagging of Alarm resource type +* `Aws\Bedrock` - Amazon Bedrock Guardrails enforcement configuration APIs now support selective guarding controls for system prompts as well as user and assistant messages, along with SDK support for Amazon Bedrock resource policy APIs. +* `Aws\PaymentCryptography` - Adds optional support to retrieve previously generated import and export tokens to simplify import and export functions +* `Aws\BedrockAgentCoreControl` - Documentation Update for Adds support for three-legged (Authorization Code grant type) OAuth along with predefined MCP tool schema configuration for Amazon Bedrock AgentCore gateway MCP server targets. +* `Aws\CloudWatchLogs` - Added queryDuration, bytesScanned, and userIdentity fields to the QueryInfo response object returned by DescribeQueries. Customers can now view detailed query cost information including who ran the query, how long it took, and the volume of data scanned. +* `Aws\imagebuilder` - Updated pagination token validation for ListContainerRecipes API to support maximum size of 65K characters +* `Aws\MediaLive` - AWS Elemental MediaLive released a new features that allows customers to use HLG 2020 as a color space for AV1 video codec. +* `Aws\BedrockAgent` - Added strict parameter to ToolSpecification to allow users to enforce strict JSON schema adherence for tool input schemas. +* `Aws\Organizations` - Updates close Account quota for member accounts in an Organization. + +## 3.376.2 - 2026-04-02 + +* `Aws\Deadline` - AWS Deadline Cloud now supports configurable scheduling on each queue. The scheduling configuration controls how workers are distributed across jobs. +* `Aws\CloudWatchLogs` - We are pleased to announce that our logs transformation csv processor now has a destination field, allowing you to specify under which parent node parsed columns be placed under. +* `Aws\AppStream` - Amazon WorkSpaces Applications now supports drain mode for instances in multi-session fleets. This capability allows administrators to instruct individual fleet instances to stop accepting new user sessions while allowing existing sessions to continue uninterrupted. +* `Aws\BedrockRuntime` - Relax ToolUseId pattern to allow dots and colons +* `Aws\GeoPlaces` - This release updates API reference documentation for Amazon Location Service Places APIs to reflect regional restrictions for Grab Maps users in ReverseGeocode, Suggest, SearchText, and GetPlace operations +* `Aws\BedrockAgentCoreControl` - Adds support for three-legged (Authorization Code grant type) OAuth along with predefined MCP tool schema configuration for Amazon Bedrock AgentCore gateway MCP server targets. +* `Aws\CloudWatch` - CloudWatch now supports OTel enrichment to make vended metrics for supported AWS resources queryable via PromQL with resource ARN and tag labels, and PromQL alarms for metrics ingested via the OTLP endpoint with multi-contributor evaluation. +* `Aws\Pricing` - This release increases the MaxResults parameter of the GetAttributeValues API from 100 to 10000. +* `Aws\BedrockDataAutomation` - Data Automation Library is a BDA capability that lets you create reusable entity resources to improve extraction accuracy. Libraries support Custom Vocabulary entities that enhance speech recognition for audio and video content with domain-specific terminology shared across projects +* `Aws\Connect` - Include CUSTOMER to evaluation target and participant role. Support Korean, Japanese and Simplified Chinese in evaluation forms. +* `Aws\GameLift` - Amazon GameLift Servers now includes a ComputeName field in game session API responses, making it easier to identify which compute is hosting a game session without cross-referencing IP addresses. + +## 3.376.1 - 2026-04-01 + +* `Aws\GeoRoutes` - This release makes RoutingBoundary optional in CalculateRouteMatrix, set StopDuration with a maximum value of 49999 for CalculateRoutes, set TrailerCount with a maximum value of 4, and introduces region restrictions for Grab Maps users. +* `Aws\Bedrock` - Adds support for Bedrock Batch Inference Job Progress Monitoring +* `Aws\ElastiCache` - Updated SnapshotRetentionLimit documentation for ServerlessCache to correctly describe the parameter as number of days (max 35) instead of number of snapshots. +* `Aws\ECS` - Amazon ECS now supports Managed Daemons with dedicated APIs for registering daemon task definitions, creating daemons, and managing daemon deployments. +* `Aws\BedrockAgentCoreControl` - Adds support for VPC egress private endpoints for Amazon Bedrock AgentCore gateway targets, enabling private connectivity through managed VPC Lattice resources. Also adds IAM credential provider for gateway targets, enabling IAM-based authentication to target endpoints +* `Aws\BedrockAgentCore` - Added the ability to filter out empty sessions when listing sessions. Customers can now retrieve only sessions that still contain events, eliminating the need to check each session individually. No changes required for existing integrations. +* `Aws\OpenSearchService` - Adding Policy-Min-TLS-1-2-RFC9151-FIPS-2024-08 as TLS Policy in Supported Regions +* `Aws\MedicalImaging` - Added new boolean flag to persist metadata updates to all primary image sets in the same study as the requested image set. +* `Aws\ElasticsearchService` - Adding Policy-Min-TLS-1-2-RFC9151-FIPS-2024-08 as TLS Policy in Supported Regions + +## 3.376.0 - 2026-03-31 + +* `Aws\OpenSearchService` - Support RegisterCapability, GetCapability, DeregisterCapability API for AI Assistant feature management for OpenSearch UI Applications +* `Aws\SecurityAgent` - AWS Security Agent is a service that proactively secures applications throughout the development lifecycle with automated security reviews and on-demand penetration testing. +* `Aws\EC2` - This release updates the examples in the documentation for DescribeRegions and DescribeAvailabilityZones. +* `Aws\ACM` - Adds support for searching for ACM certificates using the new SearchCertificates API. +* `Aws\DataExchange` - Support Tags for AWS Data Exchange resource Assets +* `Aws\DataZone` - Adds environmentConfigurationName field to CreateEnvironmentInput and UpdateEnvironmentInput, so that Domain Owners can now recover orphaned environments by recreating deleted configurations with the same name, and will auto-recover orphaned environments +* `Aws\Organizations` - Added Path field to Account and OrganizationalUnit objects in AWS Organizations API responses. +* `Aws\MailManager` - Amazon SES Mail Manager now supports optional TLS policy for accepting unencrypted connections and mTLS authentication for ingress endpoints with configurable trust stores. Two new rule actions are available, Bounce for sending non-delivery reports and Lambda invocation for custom email processing. +* `Aws\GeoMaps` - This release expands map customization options with adjustable contour line density, dark mode support for Hybrid and Satellite views, enhanced traffic information across multiple map styles, and transit and truck travel modes for Monochrome and Hybrid map styles. +* `Aws\DevOpsAgent` - AWS DevOps Agent service General Availability release. +* `Aws\MarketplaceAgreement` - This release adds 8 new APIs for AWS Marketplace sellers. 4 APIs for Cancellations (Send, List, Get, Cancel action on AgreementCancellationRequest), 3 APIs for Billing Adjustments (BatchCreate, List, Get action on BillingAdjustmentRequest), and 1 API to List Invoices (ListAgreementInvoiceLineItems) +* `Aws\Odb` - Adds support for EC2 Placement Group integration with ODB Network. The GetOdbNetwork and ListOdbNetworks API responses now include the ec2PlacementGroupIds field. +* `Aws\PinpointSMSVoiceV2` - This release adds RCS for Business messaging and Notify support. RCS lets you create and manage agents, send and receive messages in the US and Canada via SendTextMessage API, and configure SMS fallback. Notify lets you send templated OTP messages globally in minutes with no phone number required. +* `Aws\CloudFront` - This release adds bring your own IP (BYOIP) IPv6 support to CloudFront's CreateAnycastIpList and UpdateAnycastIpList API through the IpamCidrConfigs field. +* `Aws\S3Tables` - S3 Tables now supports nested types when creating tables. Users can define complex column schemas using struct, list, and map types. These types can be composed together to model complex, hierarchical data structures within table schemas. +* `Aws\DatabaseMigrationService` - To successfully connect to the IBM DB2 LUW database server, you may need to specify additional security parameters that are passed to the JDBC driver. These parameters are EncryptionAlgorithm and SecurityMechanism. Both parameters accept integer values. +* `Aws\Sustainability` - This is the first release of the AWS Sustainability SDK, which enables customers to access their sustainability impact data via API. +* `Aws\S3Control` - Adding an optional auditContext parameter to S3 Access Grants credential vending API GetDataAccess to enable job-level audit correlation in S3 CloudTrail logs +* `Aws\QuickSight` - Adds StartAutomationJob and DescribeAutomationJob APIs for automation jobs. Adds three custom permission capabilities that allow admins to control whether users can manage Spaces and chat agents. Adds an OAuthClientCredentials structure to provide OAuth 2.0 client credentials inline to data sources. +* `Aws\S3` - Add Bucket Metrics configuration support to directory buckets +* `Aws\PartnerCentralSelling` - Adding EURO Currency for MRR Amount +* `Aws\ObservabilityAdmin` - This release adds the Bedrock and Security Hub resource types for Omnia Enablement launch for March 31. +* `Aws\KinesisAnalyticsV2` - Support for Flink 2.2 in Managed Service for Apache Flink + +## 3.375.0 - 2026-03-30 + +* `Aws\S3` - Add new features and improvements to S3 Transfer Manager. + +New Features: +- Resume failed multipart uploads +- Resume failed multipart downloads + +Improvements: +- FileDownloadHandler now supports concurrent downloads for improved speed +- Directory operations moved to an independent transfer utility +- Directory operations now support both single object listeners and directory-level listeners, including a directory progress tracker +* `Aws\CloudWatchLogs` - Adds Lookup Tables to CloudWatch Logs for log enrichment using CSV key-value data with KMS encryption support. +* `Aws\AutoScaling` - Adds support for new instance lifecycle states introduced by the instance lifecycle policy and replace root volume features. +* `Aws\SageMaker` - Added support for placement strategy and consolidation for SageMaker inference component endpoints. Customers can now configure how inference component copies are distributed across instances and availability zones (AZs), and enable automatic consolidation to optimizes resource utilization. +* `Aws\OpenSearchService` - Added Cluster Insights API's In OpenSearch Service SDK. +* `Aws\AppStream` - Add support for URL Redirection +* `Aws\ECS` - Adding Local Storage support for ECS Managed Instances by introducing a new field "localStorageConfiguration" for CreateCapacityProvider and UpdateCapacityProvider APIs. +* `Aws\PartnerCentralAccount` - KYB Supplemental Form enables partners who fail business verification to submit additional details and supporting documentation through a self-service form, triggering an automated re-verification without requiring manual intervention from support teams. +* `Aws\Deadline` - AWS Deadline Cloud now supports three new fleet auto scaling settings. With scale out rate, you can configure how quickly workers launch. With worker idle duration, you can set how long workers wait before shutting down. With standby worker count, you can keep idle workers ready for fast job start. +* `Aws\BedrockAgentCore` - Adds Ground Truth support for AgentCore Evaluations (Evaluate) +* `Aws\LakeFormation` - Add setSourceIdentity to DataLakeSettings Parameters +* `Aws\GameLift` - Update CreateScript API documentation. +* `Aws\DevOpsAgent` - AWS DevOps Agent General Availability. + +## 3.374.2 - 2026-03-27 + +* `Aws\Neptunedata` - Minor formatting changes to remove unnecessary symbols. +* `Aws\Omics` - AWS HealthOmics now supports VPC networking, allowing users to connect runs to external resources with NAT gateway, AWS VPC resources, and more. New Configuration APIs support configuring VPC settings. StartRun API now accepts networkingMode and configurationName parameters to enable VPC networking. +* `Aws\BedrockAgentCoreControl` - Adds support for custom code-based evaluators using customer-managed Lambda functions. +* `Aws\BedrockAgentCore` - Adding AgentCore Code Interpreter Node.js Runtime Support with an optional runtime field + +## 3.374.1 - 2026-03-26 + +* `Aws\SageMaker` - Release support for ml.r5d.16xlarge instance types for SageMaker HyperPod +* `Aws\BCMDataExports` - With this release we are providing an option to accounts to have their export delivered to an S3 bucket that is not owned by the account. +* `Aws\CloudWatchLogs` - This release adds parameter support to saved queries in CloudWatch Logs Insights. Define reusable query templates with named placeholders, invoke them using start query. Available in Console, CLI and SDK +* `Aws\TimestreamInfluxDB` - Timestream for InfluxDB adds support for customer defined maintenance windows. This allows customers to define maintenance schedule during resource creation and updates +* `Aws\EMR` - Add StepExecutionRoleArn to RunJobFlow API + +## 3.374.0 - 2026-03-25 + +* `Aws\ApiGatewayV2` - Added DISABLE IN PROGRESS and DISABLE FAILED Portal statuses. +* `Aws\Uxc` - GA release of AccountCustomizations, used to manage account color, visible services, and visible regions settings in the AWS Management Console. +* `Aws\ApplicationSignals` - This release adds support for creating SLOs on RUM appMonitors, Synthetics canaries and services. +* `Aws\Polly` - Add support for Mu-law and A-law codecs for output format +* `Aws\MarketplaceAgreement` - The Variable Payments APIs enable AWS Marketplace Sellers to perform manage their payment requests (send, get, list, cancel). +* `Aws\Batch` - Documentation-only update for AWS Batch. + +## 3.373.9 - 2026-03-24 + +* `Aws\RDS` - Adds support in Aurora PostgreSQL serverless databases for express configuration based creation through WithExpressConfiguration in CreateDbCluster API, and for restoring clusters using RestoreDBClusterToPointInTime and RestoreDBClusterFromSnapshot APIs. +* `Aws\MediaPackageV2` - Reduces the minimum allowed value for startOverWindowSeconds from 60 to 0, allowing customers to effectively disable the start-over window. +* `Aws\OpenSearchServerless` - Adds support for updating the vector options field for existing collections. +* `Aws\BedrockAgentCoreControl` - Adds SDK support for 1) Persist session state in AgentCore Runtime via filesystemConfigurations in CreateAgentRuntime, UpdateAgentRuntime, and GetAgentRuntime APIs, 2) Optional name-based filtering on AgentCore ListBrowserProfiles API. +* `Aws\PCS` - This release adds support for custom slurmdbd and cgroup configuration in AWS PCS. Customers can now specify slurmdbd and cgroup settings to configure database accounting and reporting for their HPC workloads, and control resource allocation and limits for compute jobs. +* `Aws\GameLift` - Amazon GameLift Servers launches UDP ping beacons in the Beijing and Ningxia (China) Regions to help measure real-time network latency for multiplayer games. The ListLocations API is now available in these regions to provide endpoint domain and port information as part of the locations list. + +## 3.373.8 - 2026-03-23 + +* `Aws\Omics` - Adds support for batch workflow runs in Amazon Omics, enabling users to submit, manage, and monitor multiple runs as a single batch. Includes APIs to create, cancel, and delete batches, track submission statuses and counts, list runs within a batch, and configure default settings. +* `Aws\ConnectCases` - You can now use the UpdateRelatedItem API to update the content of comments and custom related items associated with a case. +* `Aws\Batch` - AWS Batch AMI Visibility feature support. Adds read-only batchImageStatus to Ec2Configuration to provide visibility on the status of Batch-vended AMIs used by Compute Environments. +* `Aws\Lightsail` - Add support for tagging of ContactMethod resource type + +## 3.373.7 - 2026-03-20 + +* `Aws\DynamoDB` - Adding ReplicaArn to ReplicaDescription of a global table replica +* `Aws\OpenSearchService` - Added support for Amazon Managed Service for Prometheus (AMP) as a connected data source in OpenSearch UI. Now users can analyze Prometheus metrics in OpenSearch UI without data copy. +* `Aws\VerifiedPermissions` - Adds support for Policy Store Aliases, Policy Names, and Policy Template Names. These are customizable identifiers that can be used in place of Policy Store ids, Policy ids, and Policy Template ids respectively in Amazon Verified Permissions APIs. +* `Aws\Backup` - Fix Typo for S3Backup Options ( S3BackupACLs to BackupACLs) + +## 3.373.6 - 2026-03-19 + +* `Aws\ObservabilityAdmin` - Adding a new field in the CreateCentralizationRuleForOrganization, UpdateCentralizationRuleForOrganization API and updating the GetCentralizationRuleForOrganization API response to include the new field +* `Aws\EC2` - Amazon EC2 Fleet instant mode now supports launching instances into Interruptible Capacity Reservations, enabling customers to use spare capacity shared by Capacity Reservation owners within their AWS Organization. +* `Aws\Polly` - Added bi-directional streaming functionality through a new API, StartSpeechSynthesisStream. This API allows streaming input text through inbound events and receiving audio as part of an output stream simultaneously. +* `Aws\BedrockAgentCore` - This release includes SDK support for the following new features on AgentCore Built In Tools. 1. Enterprise Policies for AgentCore Browser Tool. 2. Root CA Configuration Support for AgentCore Browser Tool and Code Interpreter. 3. API changes to AgentCore Browser Profile APIs +* `Aws\BedrockAgentCoreControl` - Adds support for the following new features. 1. Enterprise Policies support for AgentCore Browser Tool. 2. Root CA Configuration support for AgentCore Browser Tool and Code Interpreter. +* `Aws\Batch` - AWS Batch now supports quota management, enabling administrators to allocate shared compute resources across teams and projects through quota shares with capacity limits, resource-sharing strategies, and priority-based preemption - currently available for SageMaker Training job queues. + +## 3.373.5 - 2026-03-18 + +* `Aws\EC2` - The DescribeInstanceTypes API now returns default connection tracking timeout values for TCP, UDP, and UDP stream via the new connectionTrackingConfiguration field on NetworkInfo. +* `Aws\MediaConvert` - This update adds additional bitrate options for Dolby AC-4 audio outputs. + +## 3.373.4 - 2026-03-17 + +* `Aws\Signature` - Fixes bug in canonicalized query generation when dealing with numeric values +* `Aws\BedrockAgentCoreControl` - Deprecating namespaces field and adding namespaceTemplates. +* `Aws\Glue` - Provide approval to overwrite existing Lake Formation permissions on all child resources with the default permissions specified in 'CreateTableDefaultPermissions' and 'CreateDatabaseDefaultPermissions' when updating catalog. Allowed values are ["Accept","Deny"] . +* `Aws\EMR` - Add S3LoggingConfiguration to Control LogUploads + +## 3.373.3 - 2026-03-16 + +* `Aws\` - Handles errors that comes in the `error_description` field, specifically how SSO-OIDC service has it modeled. +* `Aws\BedrockAgentCore` - Provide support to perform deterministic operations on agent runtime through shell command executions via the new InvokeAgentRuntimeCommand API +* `Aws\Bedrock` - You can now generate policy scenarios on demand using the new GENERATE POLICY SCENARIOS build workflow type. Scenarios will no longer be automatically generated during INGEST CONTENT, REFINE POLICY, and IMPORT POLICY workflows, resulting in faster completion times for these operations. +* `Aws\BedrockAgentCoreControl` - Supporting hosting of public ECR Container Images in AgentCore Runtime +* `Aws\ECS` - Amazon ECS now supports configuring whether tags are propagated to the EC2 Instance Metadata Service (IMDS) for instances launched by the Managed Instances capacity provider. This gives customers control over tag visibility in IMDS when using ECS Managed Instances. + +## 3.373.2 - 2026-03-13 + +* `Aws\ConfigService` - Fix pagination support for DescribeConformancePackCompliance, and update OrganizationConfigRule InputParameters max length to match ConfigRule. +* `Aws\mgn` - Network Migration APIs are now publicly available for direct programmatic access. Customers can now call Network Migration APIs directly without going through AWS Transform (ATX), enabling automation, integration with existing tools, and self-service migration workflows. +* `Aws\QuickSight` - The change adds a new capability named ManageSharedFolders in Custom Permissions +* `Aws\MediaConvert` - This update adds support for Dolby AC-4 audio output, frame rate conversion between non-Dolby Vision inputs to Dolby Vision outputs, and clear lead CMAF HLS output. +* `Aws\Glue` - Add QuerySessionContext to BatchGetPartitionRequest +* `Aws\IVSRealTime` - Updates maximum reconnect window seconds from 60 to 300 for participant replication +* `Aws\MediaLive` - Documents the VideoDescription.ScalingBehavior.SMART(underscore)CROP enum value. +* `Aws\Connect` - Deprecating PredefinedNotificationID field +* `Aws\GameLiftStreams` - Feature launch that enables customers to connect streaming sessions to their own VPCs running in AWS. +* `Aws\APIGateway` - API Gateway now supports an additional security policy "SecurityPolicy-TLS13-1-2-FIPS-PFS-PQ-2025-09" for REST APIs and custom domain names. The new policy is compliant with TLS 1.3, Federal Information Processing Standards (FIPS), Perfect Forward Secrecy (PFS), and post-quantum (PQ) cryptography + +## 3.373.1 - 2026-03-12 + +* `Aws\` - Add support for PHPUnit v10. +- Make data provider static functions. +- Use class attributes instead of annotations for @dataProvider, @covers, and @doesNotPerformAssertions. +- Remove/Replace the usage of expectDeprecation, expectDeprecationMessage, expectDeprecationMessageMatches, expectError, expectErrorMessage, expectNotice, expectNoticeMessage, expectWarning, and expectWarningMessage. +- Migrate phpunit xml config file. +* `Aws\S3` - Adds support for account regional namespaces for general purpose buckets. The account regional namespace is a reserved subdivision of the global bucket namespace where only your account can create general purpose buckets. +* `Aws\ECR` - Add Chainguard to PTC upstreamRegistry enum +* `Aws\DataSync` - DataSync's 3 location types, Hadoop Distributed File System (HDFS), FSx for Windows File Server (FSx Windows), and FSx for NetApp ONTAP (FSx ONTAP) now have credentials managed via Secrets Manager, which may be encrypted with service keys or be configured to use customer-managed keys or secret. + +## 3.373.0 - 2026-03-11 + +* `Aws\WorkSpaces` - Added WINDOWS SERVER 2025 OperatingSystemName. +* `Aws\SimpleDBv2` - Introduced Amazon SimpleDB export functionality enabling domain data export to S3 in JSON format. Added three new APIs StartDomainExport, GetExport, and ListExports via SimpleDBv2 service. Supports cross-region exports and KMS encryption. +* `Aws\Polly` - Added support for the new voices - Ambre (fr-FR), Beatrice (it-IT), Florian (fr-FR), Lennart (de-DE), Lorenzo (it-IT) and Tiffany (en-US). They are available as a Generative voices only. +* `Aws\CustomerProfiles` - Today, Amazon Connect is announcing the ability to filter (include or exclude) recommendations based on properties of items and interactions. +* `Aws\SageMaker` - SageMaker training plans allow you to extend your existing training plans to avoid workload interruptions without workload reconfiguration. When a training plan is approaching expiration, you can extend it directly through the SageMaker AI console or programmatically using the API or AWS CLI. +* `Aws\EKS` - Adds support for a new tier in controlPlaneScalingConfig on EKS Clusters. + +## 3.372.3 - 2026-03-10 + +* `Aws\` - Sorts presigned headers alphabetically. +* `Aws\Kafka` - Add dual stack endpoint to SDK +* `Aws\ConnectCases` - Added functionality for the Required and Hidden case rule types to be conditionally evaluated on up to 5 conditions. +* `Aws\DatabaseMigrationService` - Not need to include to any release notes. The only change is to correct LoadTimeout unit from milliseconds to seconds in RedshiftSettings +* `Aws\BedrockAgentCoreControl` - Adding first class support for AG-UI protocol in AgentCore Runtime. +* `Aws\LexModelsV2` - This release introduces a new generative AI feature called Lex Bot Analyzer. This feature leverage AI to analyze the bot configuration against AWS Lex best practices to identify configuration issues and provides recommendations. + +## 3.372.2 - 2026-03-09 + +* `Aws\Multipart` - Fixes bug in `AbstractUploadManager` where valid falsy values are excluded. +* `Aws\OpenSearchService` - This change enables cross-account and cross-region access for DataSources. Customers can now define access policies on their datasources to allow other AWS accounts to access and query their data. +* `Aws\IAM` - Added support for CloudWatch Logs long-term API keys, currently available in Preview +* `Aws\Route53GlobalResolver` - Adds support for dual stack Global Resolvers and Dictionary-based Domain Generation Firewall Advanced Protection. +* `Aws\mgn` - Adds support for new storeSnapshotOnLocalZone field in ReplicationConfiguration and updateReplicationConfiguration + +## 3.372.1 - 2026-03-06 + +* `Aws\SESv2` - Adds support for longer email message header values, increasing the maximum length from 870 to 995 characters for RFC 5322 compliance. +* `Aws\BedrockAgentCoreControl` - Adds support for streaming memory records in AgentCore Memory +* `Aws\AppIntegrationsService` - This release adds support for webhooks, allowing customers to create an Event Integration with a webhook source. +* `Aws\Deadline` - AWS Deadline Cloud now supports cost scale factors for farms, enabling studios to adjust reported costs to reflect their actual rendering economics. Adjusted costs are reflected in Deadline Cloud's Usage Explorer and Budgets. +* `Aws\BCMDataExports` - Fixed wrong endpoint resolutions in few regions. Added AWS CFN resource schema for BCM Data Exports. Added max value validation for pagination parameter. Fixed ARN format validation for BCM Data Exports resources. Updated size constraints for table properties. Added AccessDeniedException error. +* `Aws\Connect` - Amazon Connect now supports the ability to programmatically configure and run automated tests for contact center experiences for Chat. Integrate testing into CICD pipelines, run multiple tests at scale, and retrieve results via API to automate validation of chat interactions and workflows. +* `Aws\Bedrock` - Amazon Bedrock Guardrails account-level enforcement APIs now support lists for model inclusion and exclusion from guardrail enforcement. +* `Aws\GameLiftStreams` - Added new Gen6 stream classes based on the EC2 G6f instance family. These stream classes provide cost-optimized options for streaming well-optimized or lower-fidelity games on Windows environments. + +## 3.372.0 - 2026-03-05 + +* `Aws\Api` - Adds support for the Smithy RPC V2 CBOR protocol. +* `Aws\EC2` - Added metadata field to CapacityAllocation. +* `Aws\MPA` - Updates to multi-party approval (MPA) service to add support for approval team baseline operations. +* `Aws\ConnectHealth` - Connect-Health SDK is AWS's unified SDK for the Amazon Connect Health offering. It allows healthcare developers to integrate purpose-built agents - such as patient insights, ambient documentation, and medical coding - into their existing applications, including EHRs, telehealth, and revenue cycle. +* `Aws\SageMaker` - Adds support for S3 Bucket Ownership validation for SageMaker Managed MLflow. +* `Aws\SavingsPlans` - Added support for OpenSearch and Neptune Analytics to Database Savings Plans. +* `Aws\GuardDuty` - Added MALICIOUS FILE to IndicatorType enum in MDC Sequence + +## 3.371.5 - 2026-03-04 + +* `Aws\` - Fixes how response with empty bodies for non-seekable streams are handled and adds streaming flag automatically based on the operation. +* `Aws\QuickSight` - Added several new values for Capabilities, increased visual limit per sheet from previous limit to 75, renamed Quick Suite to Quick in several places. +* `Aws\OpenSearchService` - Adding support for DeploymentStrategyOptions +* `Aws\ElasticsearchService` - Adds support for DeploymentStrategyOptions. +* `Aws\GameLift` - Amazon GameLift Servers now offers DDoS protection for Linux-based EC2 and Container Fleets on SDKv5. The player gateway proxy relay network provides traffic validation, per-player rate limiting, and game server IP address obfuscation all with negligible added latency and no additional cost. +* `Aws\Connect` - Added support for configuring additional email addresses on queues in Amazon Connect. Agents can now select an outbound email address and associate additional email addresses for replying to or initiating emails. +* `Aws\ElasticBeanstalk` - As part of this release, Beanstalk introduce a new info type - analyze for request environment info and retrieve environment info operations. When customers request an Al analysis, Elastic Beanstalk runs a script on an instance in their environment and returns an analysis of events, health and logs. + +## 3.371.4 - 2026-03-03 + +* `Aws\` - Add a validation for custom policies to make sure the property `Resource` has not a non allowed character. +* `Aws\PartnerCentralChannel` - Adds the Resold Unified Operations support plan and removes the Resold Business support plan in the CreateRelationship and UpdateRelationship APIs +* `Aws\SageMaker` - This release adds b300 and g7e instance types for SageMaker inference endpoints. +* `Aws\DataZone` - Adding QueryGraph operation to DataZone SDK +* `Aws\CloudWatchLogs` - CloudWatch Logs updates- Added support for the PutBearerTokenAuthentication API to enable or disable bearer token authentication on a log group. For more information, see CloudWatch Logs API documentation. +* `Aws\BedrockAgentCoreControl` - Support for AgentCore Policy GA + +## 3.371.3 - 2026-02-27 + +* `Aws\Health` - Updates the regex for validating availabilityZone strings used in the describe events filters. +* `Aws\RAM` - Resource owners can now specify ResourceShareConfiguration request parameter for CreateResourceShare API including RetainSharingOnAccountLeaveOrganization boolean parameter +* `Aws\Connect` - Deprecate EvaluationReviewMetadata's CreatedBy and CreatedTime, add EvaluationReviewMetadata's RequestedBy and RequestedTime +* `Aws\CustomerProfiles` - This release introduces an optional SourcePriority parameter to the ProfileObjectType APIs, allowing you to control the precedence of object types when ingesting data from multiple sources. Additionally, WebAnalytics and Device have been added as new StandardIdentifier values. +* `Aws\Odb` - ODB Networking Route Management is a feature improvement which allows for implicit creation and deletion of EC2 Routes in the Peer Network Route Table designated by the customer via new optional input. This feature release is combined with Multiple App-VPC functionality for ODB Network Peering(s). +* `Aws\Bedrock` - Added four new model lifecycle date fields, startOfLifeTime, endOfLifeTime, legacyTime, and publicExtendedAccessTime. Adds support for using the Converse API with Bedrock Batch inference jobs. +* `Aws\CognitoIdentityProvider` - Cognito is introducing a two-secret rotation model for app clients, enabling seamless credential rotation without downtime. Dedicated APIs support passing in a custom secret. Custom secrets need to be at least 24 characters. This eliminates reconfiguration needs and reduces security risks. +* `Aws\Batch` - This feature allows customers to specify the minimum time (in minutes) that AWS Batch keeps instances running in a compute environment after all jobs on the instance complete +* `Aws\KeyspacesStreams` - Added support for Change Data Capture (CDC) streams with Duration DataType. +* `Aws\ARCRegionSwitch` - Post-Recovery Workflows enable customers to maintain comprehensive disaster recovery automation. This allows customer SREs and leadership to have complete recovery orchestration from failover through post-recovery preparation, ensuring Regions remain ready for subsequent recovery events. + +## 3.371.2 - 2026-02-26 + +* `Aws\BackupGateway` - This release updates GetGateway API to include deprecationDate and softwareVersion in the response, enabling customers to track gateway software versions and upcoming deprecation dates. +* `Aws\MarketplaceMetering` - Added LicenseArn to ResolveCustomer response and BatchMeterUsage usage records. BatchMeterUsage now accepts LicenseArn in each UsageRecord to report usage at the license level. Added InvalidLicenseException error response for invalid license parameters. +* `Aws\MarketplaceEntitlementService` - Added License Arn as a new optional filter for GetEntitlements and LicenseArn field in each entitlement in the response. +* `Aws\ECS` - Adding support for Capacity Reservations for ECS Managed Instances by introducing a new "capacityOptionType" value of "RESERVED" and new field "capacityReservations" for CreateCapacityProvider and UpdateCapacityProvider APIs. +* `Aws\EC2` - Add c8id, m8id and hpc8a instance types. +* `Aws\SecurityHub` - Security Hub added EXTENDED PLAN integration type to DescribeProductsV2 and added metadata.product.vendor name GroupBy support to GetFindingStatisticsV2 + +## 3.371.1 - 2026-02-25 + +* `Aws\Batch` - AWS Batch documentation update for service job capacity units. +* `Aws\Neptune` - Neptune global clusters now supports tags +* `Aws\WAFV2` - AWS WAF now supports GetTopPathStatisticsByTraffic that provides aggregated statistics on the top URI paths accessed by bot traffic. Use this operation to see which paths receive the most bot traffic, identify the specific bots accessing them, and filter by category, organization, or bot name. +* `Aws\ECR` - Update repository name regex to comply with OCI Distribution Specification +* `Aws\EC2` - Add support for EC2 Capacity Blocks in Local Zones. + +## 3.371.0 - 2026-02-24 + +* `Aws\ElementalInference` - Initial GA launch for AWS Elemental Inference including capabilities of Smart Crop and Live Event Clipping +* `Aws\OpenSearchService` - Fixed HTTP binding for DescribeDomainAutoTunes API to correctly pass request parameters as query parameters in the HTTP request. +* `Aws\PartnerCentralSelling` - Added support for filtering opportunities by target close date in the ListOpportunities API. You can now filter results to return opportunities with a target close date before or after a specified date, enabling more precise opportunity searches based on expected closure timelines. +* `Aws\MediaLive` - AWS Elemental MediaLive - Added support for Elemental Inference for Smart Cropping and Clipping features for MediaLive. +* `Aws\EC2` - Adds httpTokensEnforced property to ModifyInstanceMetadataDefaults API. Set per account or manage organization-wide using declarative policies to prevent IMDSv1-enabled instance launch and block attempts to enable IMDSv1 on existing IMDSv2-only instances. +* `Aws\ElasticsearchService` - Fixed HTTP binding for DescribeDomainAutoTunes API to correctly pass request parameters as query parameters in the HTTP request. +* `Aws\CloudWatch` - This release adds the APIs (PutAlarmMuteRule, ListAlarmMuteRules, GetAlarmMuteRule and DeleteAlarmMuteRule) to manage a new Cloudwatch resource, AlarmMuteRules. AlarmMuteRules allow customers to temporarily mute alarm notifications during expected downtime periods. +* `Aws\ObservabilityAdmin` - Adding a new field in the CreateCentralizationRuleForOrganization, UpdateCentralizationRuleForOrganization API and updating the GetCentralizationRuleForOrganization API response to include the new field + +## 3.370.1 - 2026-02-23 + +* `Aws\DataZone` - Add workflow properties support to connections APIs +* `Aws\ControlCatalog` - Updated ExemptedPrincipalArns parameter documentation for improved accuracy +* `Aws\MediaTailor` - Updated endpoint rule set for dualstack endpoints. Added a new opt-in option to log raw ad decision server requests for Playback Configurations. +* `Aws\ConnectCases` - SearchCases API can now accept 25 fields in the request and response as opposed to the previous limit of 10. DeleteField's hard limit of 100 fields per domain has been lifted. +* `Aws\QuickSight` - Adds support for SEMISTRUCT to InputColumn Type +* `Aws\DynamoDB` - This change supports the creation of multi-account global tables. It adds one new arguments to UpdateTable, GlobalTableSettingsReplicationMode. +* `Aws\Bedrock` - Automated Reasoning checks in Amazon Bedrock Guardrails now support fidelity report generation. The new workflow type assesses policy coverage and accuracy against customer documents. The GetAutomatedReasoningPolicyBuildWorkflowResultAssets API adds support for the three new asset types. +* `Aws\Wickr` - AWS Wickr now provides APIs to manage your Wickr OpenTDF integration. These APIs enable you to test and save your OpenTDF configuration allowing you to manage rooms based on Trusted Data Format attributes. + +## 3.370.0 - 2026-02-20 + +* `Aws\SignerData` - This release introduces AWS Signer Data Plane SDK client supporting GetRevocationStatus API. The new client enables AWS PrivateLink connectivity with both private DNS and VPC endpoint URLs. +* `Aws\SSM` - Add support for AssociationDispatchAssumeRole in AWS SSM State Manager. +* `Aws\ECS` - Migrated to Smithy. No functional changes +* `Aws\TrustedAdvisor` - Adding a new enum attribute(statusReason) to TrustedAdvisorAPI response. This attribute explains reasoning behind check status for certain specific scenarios. +* `Aws\SageMakerRuntime` - Added support for S3OutputPathExtension and Filename parameters to the InvokeEndpointAsync API to allow users to customize the S3 output path and file name for async inference response payloads. +* `Aws\AppStream` - Adding new attribute to disable IMDS v1 APIs for fleet, Image Builder and AppBlockBuilder instances. + +## 3.369.38 - 2026-02-19 + +* `Aws\ECR` - Adds multiple artifact types filter support in ListImageReferrers API. +* `Aws\BCMDashboards` - The Billing and Cost Management GetDashboard API now returns identifier for each widget, enabling users to uniquely identify widgets within their dashboards. +* `Aws\PcaConnectorScep` - AWS Private CA Connector for SCEP now supports AWS PrivateLink, allowing your clients to request certificates from within your Amazon Virtual Private Cloud (VPC) without traversing the public internet. With this launch, you can create VPC endpoints to connect to your SCEP connector privately. + +## 3.369.37 - 2026-02-18 + +* `Aws\` - Add support to named arguments in the AwsClientTrait __call method. +* `Aws\CleanRooms` - This release adds support for federated catalogs in Athena-sourced configured tables. +* `Aws\Connect` - Correcting in-app notifications API documentation. + +## 3.369.36 - 2026-02-17 + +* `Aws\IoTAnalytics` - Removes the `IoTAnalytics` service, which has been deprecated. +* `Aws\WorkSpacesWeb` - Adds support for branding customization without requiring a custom wallpaper. +* `Aws\ManagedGrafana` - This release updates Amazon Managed Grafana's APIs to support customer managed KMS keys. +* `Aws\RDS` - Adds support for the StorageEncryptionType field to specify encryption type for DB clusters, DB instances, snapshots, automated backups, and global clusters. +* `Aws\EC2` - Add Operator field to CreatePlacementGroup and DescribePlacementGroup APIs. + +## 3.369.35 - 2026-02-16 + +* `Aws\` - Removes the `Cloudwatch Evidently` service, which has been deprecated. +* `Aws\Kafka` - Amazon MSK now supports dual-stack connectivity (IPv4 and IPv6) for existing MSK clusters. You can enable dual-stack on existing clusters by specifying the NetworkType parameter in updateConnectivity API. +* `Aws\EC2` - Documentation updates for EC2 Secondary Networks +* `Aws\ECR` - Adds support for enabling blob mounting, and removes support for Clair based image scanning +* `Aws\ARCRegionSwitch` - Clarify documentation on ARC Region Switch start-plan-execution operation +* `Aws\KMS` - Added support for Decrypt and ReEncrypt API's to use dry run feature without ciphertext for authorization validation +* `Aws\QConnect` - Update MessageType enum to include missing types. + +## 3.369.34 - 2026-02-13 + +* `Aws\Connect` - API release for headerr notifications in the admin website. APIs allow customers to publish brief messages (including URLs) to a specified audience, and a new header icon will indicate when unread messages are available. +* `Aws\CloudWatch` - Adding new evaluation states that provides information about the alarm evaluation process. Evaluation error Indicates configuration errors in alarm setup that require review and correction. Evaluation failure Indicates temporary CloudWatch issues. +* `Aws\EC2` - This release adds geography information to EC2 region and availability zone APIs. DescribeRegions now includes a Geography field, while DescribeAvailabilityZones includes both Geography and SubGeography fields, enabling better geographic classification for AWS regions and zones. +* `Aws\SageMaker` - Enable g7e instance type support for SageMaker Processing, and enable single file configuration provisioning for HyperPod Slurm, where customers have the option to use HyperPod API to provide the provisioning parameters. +* `Aws\Inspector2` - Added .Net 10 (dotnet10) and Node 24.x (node24.x) runtime support for lambda package scanning + +## 3.369.33 - 2026-02-12 + +* `Aws\EC2` - Launching nested virtualization. This feature allows you to run nested VMs inside virtual (non-bare metal) EC2 instances. + +## 3.369.32 - 2026-02-11 + +* `Aws\EC2` - R8i instances powered by custom Intel Xeon 6 processors available only on AWS with sustained all-core 3.9 GHz turbo frequency +* `Aws\S3Tables` - S3 Tables now supports setting partition specifications and sort orders on tables. Partition specs allow users to define how data is organized using transform functions. Sort order configurations enable users to specify sort directions and null ordering preferences for optimized data layout. +* `Aws\EKS` - This release adds support for Windows Server 2025 in Amazon EKS Managed Node Groups. +* `Aws\Batch` - Add support for listing jobs by share identifier and getting snapshots of active capacity utilization by job queue and share. +* `Aws\KafkaConnect` - Support configurable upper limits on task count during autoscaling operations via maxAutoscalingTaskCount parameter. + +## 3.369.31 - 2026-02-10 + +* `Aws\Kafka` - Amazon MSK adds three new APIs, CreateTopic, UpdateTopic, and DeleteTopic for managing Kafka topics in your MSK clusters. +* `Aws\Connect` - Amazon Connect now supports per-channel auto-accept and After Contact Work (ACW) timeouts. Configure agents with auto-accept and ACW timeout settings for chat, tasks, emails, and callbacks. Use the new UpdateUserConfig API to manage these settings. +* `Aws\EKS` - Introducing an optional policy field, an IAM policy applied to pod identity associations in addition to IAM role policies. When specified, pod permissions are the intersection of IAM role policies and the policy field, ensuring the principle of least privilege. +* `Aws\BedrockAgentCore` - Added AgentCore browser proxy configuration support, allowing routing of browser traffic through HTTP and HTTPS proxy servers with authentication and bypass rules. +* `Aws\RDS` - This release adds backup configuration for RDS and Aurora restores, letting customers set backup retention period and preferred backup window during restore. It also enables viewing backup settings when describing snapshots or automated backups for instances and clusters. + +## 3.369.30 - 2026-02-09 + +* `Aws\Transfer` - This release adds a documentation update for MdnResponse of type "ASYNC" +* `Aws\EC2` - Amazon Secondary Networks is a networking feature that provides high-performance, low-latency connectivity for specialized workloads. +* `Aws\imagebuilder` - EC2 Image Builder now supports wildcard patterns in lifecycle policies with recipes and enhances the experience of tag-scoped policies. +* `Aws\Neptunedata` - Added edgeOnlyLoad boolean parameter to Neptune bulk load request. When TRUE, files are loaded in order without scanning. When FALSE (default), the loader scans files first, then loads vertex files before edge files automatically. +* `Aws\EKS` - Amazon EKS adds a new DescribeUpdate update type, VendedLogsUpdate, to support an integration between EKS Auto Mode and Amazon CloudWatch Vended Logs. +* `Aws\LakeFormation` - Allow cross account v5 in put data lake settings +* `Aws\PCS` - Introduces RESUMING state for clusters, compute node groups, and queues. +* `Aws\ConnectCampaignsV2` - Add the missing event type for WhatsApp + +## 3.369.29 - 2026-02-06 + +* `Aws\IoTManagedIntegrations` - Adding support for Custom(General) Authorization in managed integrations for AWS IoT Device Management cloud connectors. +* `Aws\PartnerCentralSelling` - Releasing AWS Opportunity Snapshots for SDK release. +* `Aws\SageMaker` - Adding g7e instance support in Sagemaker Training +* `Aws\Deadline` - Adds support for tagging jobs during job creation +* `Aws\BedrockDataAutomationRuntime` - Add OutputConfiguration to InvokeDataAutomation input and output to support S3 output + +## 3.369.28 - 2026-02-05 + +* `Aws\Transfer` - Adds support for the customer to send custom HTTP headers and configure an AS2 Connector to receive Asynchronous MDNs from their trading partner +* `Aws\RAM` - Added ListSourceAssociations API. Allows RAM resource share owners to list source associations that determine which sources can access resources through service principal associations. Supports filtering by resource share ARN, source ID, source type, or status, with pagination. +* `Aws\BedrockAgentCoreControl` - Support Browser profile persistence (cookies and local storage) across sessions for AgentCore Browser. +* `Aws\Athena` - Reduces the minimum TargetDpus to create or update capacity reservations from 24 to 4. +* `Aws\BedrockAgentCore` - Support Browser profile persistence (cookies and local storage) across sessions for AgentCore Browser. +* `Aws\WorkSpaces` - Added support for 12 new graphics-optimized compute types - Graphics.g6 (xlarge, 2xlarge, 4xlarge, 8xlarge, 16xlarge), Graphics.gr6 (4xlarge, 8xlarge), Graphics.g6f (large, xlarge, 2xlarge, 4xlarge), and Graphics.gr6f (4xlarge). +* `Aws\Glue` - This release adds the capability to easily create custom AWS Glue connections to data sources with REST APIs. +* `Aws\NeptuneGraph` - Minor neptune-graph documentation changes +* `Aws\MediaLive` - Outputs using the AV1 codec in CMAF Ingest output groups in MediaLive now have the ability to specify a target bit depth of 8 or 10. +* `Aws\ARCRegionSwitch` - Updates documentation for ARC Region switch and provides stronger validation for Amazon Aurora Global Database execution block parameters. + +## 3.369.27 - 2026-02-04 + +* `Aws\Redshift` - We have increased the maximum duration for a deferred maintenance window from 45 days to 60 days for Amazon Redshift provisioned clusters. This enhancement provides customers with greater flexibility in scheduling patching and maintenance activities while also maintaining security compliance. +* `Aws\EKS` - Update delete cluster description +* `Aws\BedrockRuntime` - Added support for structured outputs to Converse and ConverseStream APIs. +* `Aws\MediaLive` - AWS Elemental MediaLive now supports SRT listener mode for inputs and outputs, in addition to the existing SRT caller mode. +* `Aws\ConnectCases` - Amazon Connect Cases now supports larger, multi-line text fields with up to 4,100 characters. Administrators can use the Admin UI to select the appropriate configuration (single-line or multi-line) on a per-field basis, improving case documentation capabilities. +* `Aws\WorkSpacesWeb` - Support for configuring and managing custom domain names for WorkSpaces Secure Browser portals. + +## 3.369.26 - 2026-02-03 + +* `Aws\GeoMaps` - Added support for optional style parameters in maps, including 3D terrain and 3D Buildings +* `Aws\Kinesis` - Adds StreamId parameter to AWS Kinesis Data Streams APIs that is reserved for future use. +* `Aws\Batch` - AWS Batch Array Job Visibility feature support. Includes new statusSummaryLastUpdatedAt for array job parent DescribeJobs responses for the last time the statusSummary was updated. Includes both statusSummary and statusSummaryLastUpdatedAt in ListJobs responses for array job parents. +* `Aws\SSOAdmin` - Added new Region management APIs to support multi-Region replication in IAM Identity Center. +* `Aws\MarketplaceCatalog` - Adds support for Catalog API us-east-1 dualstack endpoint catalog-marketplace.us-east-1.api.aws +* `Aws\Organizations` - Updated the CloseAccount description. +* `Aws\DynamoDB` - This change supports the creation of multi-account global tables. It adds two new arguments to CreateTable, GlobalTableSourceArn and GlobalTableSettingsReplicationMode. DescribeTable is also updated to include information about GlobalTableSettingsReplicationMode. + +## 3.369.25 - 2026-02-02 + +* `Aws\MPA` - Updates to multi-party approval (MPA) service to add support for multi-factor authentication (MFA) for voting operations. +* `Aws\CloudFront` - Add OriginMTLS support to CloudFront Distribution APIs +* `Aws\BedrockAgentCoreControl` - Adds tagging support for AgentCore Evaluations (evaluator and online evaluation config) + +## 3.369.24 - 2026-01-30 + +* `Aws\Connect` - This release adds Estimated Wait Time support to the GetContactMetrics API for Amazon Connect. +* `Aws\QuickSight` - Improve SessionTag usage guidelines in the GenerateEmbedURLForAnonymousUser API documentation. Update the GetIdentityContext document with the region support context. + +## 3.369.23 - 2026-01-29 + +* `Aws\EC2` - G7e instances feature up to 8 NVIDIA RTX PRO 6000 Blackwell Server Edition GPUs with 768 GB of memory and 5th generation Intel Xeon Scalable processors. Supporting up to 192 vCPUs, 1600 Gbps networking bandwidth with EFA, up to 2 TiB of system memory, and up to 15.2 TB of local NVMe SSD storage. +* `Aws\GameLift` - Amazon GameLift Servers now supports automatic scaling to and from zero instances based on game session activity. Fleets scale down to zero following a defined period of no game session activity and scale up from zero when game sessions are requested, providing an option for cost optimization. + +## 3.369.22 - 2026-01-28 + +* `Aws\Lambda` - We are launching ESM Metrics and logging for Kafka ESM to allow customers to monitor Kafka event processing using CloudWatch Metrics and Logs. +* `Aws\S3` - Adds support for the UpdateObjectEncryption API to change the server-side encryption type of objects in general purpose buckets. +* `Aws\MediaConnect` - This release adds support for NDI flow sources in AWS Elemental MediaConnect. You can now send content to your MediaConnect transport streams directly from your NDI environment using the new NDI source type. Also adds support for LARGE 4X flow size, which can be used when creating CDI JPEG-XS flows. +* `Aws\EC2` - SearchTransitGatewayRoutes API response now includes a NextToken field, enabling pagination when retrieving large sets of transit gateway routes. Pass the returned NextToken value in subsequent requests to retrieve the next page of results. +* `Aws\Connect` - Adds support for filtering search results based on tags assigned to contacts. +* `Aws\CognitoIdentityProvider` - This release adds support for a new lambda trigger to transform federated user attributes during the authentication with external identity providers on Cognito Managed Login. +* `Aws\MediaConvert` - This release adds a follow source mode for audio output channel count, an AES audio frame wrapping option for MXF outputs, and an option to signal DolbyVision compatibility using the SUPPLEMENTAL-CODECS tag in HLS manifests. +* `Aws\S3Control` - Adds support for the UpdateObjectEncryption API to change the server-side encryption type of objects in general purpose buckets. + +## 3.369.21 - 2026-01-27 + +* `Aws\SageMaker` - Idle resource sharing enables teams to borrow unused compute resources in your SageMaker HyperPod cluster. This capability maximizes resource utilization by allowing teams to borrow idle compute capacity beyond their allocated compute quotas. +* `Aws\Deadline` - AWS Deadline Cloud now supports editing job names and descriptions after submission. +* `Aws\MediaLive` - AWS Elemental MediaLive released two new features that allows customers 1) to set Output Timecode for AV1 encoder, 2) to set a Custom Epoch for CMAF Ingest and MediaPackage V2 output groups when using Pipeline Locking or Disabled Locking modes. +* `Aws\Connect` - Added support for task attachments. The StartTaskContact API now accepts file attachments, enabling customers to include files (.csv, .doc, .docx, .heic, .jfif, .jpeg, .jpg, .mov, .mp4, .pdf, .png, .ppt, .pptx, .rtf, .txt, etc.) when creating Task contacts. Supports up to 5 attachments per task. +* `Aws\EC2` - Releasing new EC2 instances. C8gb and M8gb with highest EBS performance, M8gn with 600 Gbps network bandwidth, X8aedz and M8azn with 5GHz AMD processors, X8i with Intel Xeon 6 processors and up to 6TB memory, and Mac-m4max with Apple M4 Max chip for 25 percent faster builds. + +## 3.369.20 - 2026-01-26 + +* `Aws\CloudWatchEvidently` - Deprecate all Evidently API for AWS CloudWatch Evidently deprecation +* `Aws\GroundStation` - Adds support for AWS Ground Station Telemetry. +* `Aws\EC2` - DescribeInstanceTypes API response now includes an additionalFlexibleNetworkInterfaces field, the number of interfaces attachable to an instance when using flexible Elastic Network Adapter (ENA) queues in addition to the base number specified by maximumNetworkInterfaces. +* `Aws\ConnectCases` - Amazon Connect now enables you to use tag-based access controls to define who can access specific cases. You can associate tags with case templates and configure security profiles to determine which users can access cases with those tags. + +## 3.369.19 - 2026-01-23 + +* `Aws\DataZone` - Added api for deleting data export configuration for a domain +* `Aws\QConnect` - Fixes incorrect types in the UpdateAssistantAIAgent API request, adds MESSAGE to TargetType enum, and other minor changes. +* `Aws\Connect` - Amazon Connect now offers public APIs to programmatically configure and run automated tests for contact center experiences. Integrate testing into CICD pipelines, run multiple tests at scale, and retrieve results via API to automate validation of voice interactions and workflows. + +## 3.369.18 - 2026-01-22 + +* `Aws\VerifiedPermissions` - Adding documentation to user guide and API documentation for how customers can create new encrypted policy stores by passing in their customer managed key during policy store creation. +* `Aws\MarketplaceMetering` - Customer Identifier parameter deprecation date has been removed. For new implementations, we recommend using the CustomerAWSAccountID. Your current integration will continue to work. When updating your implementation, consider migrating to CustomerAWSAccountID for improved integration. +* `Aws\DynamoDB` - Adds additional waiters to Amazon DynamoDB. +* `Aws\AutoScaling` - This release adds support for Amazon EC2 Auto Scaling group deletion protection +* `Aws\Budgets` - Add Budget FilterExpression and Metrics fields to DescribeBudgetPerformanceHistory to support more granular filtering options. +* `Aws\Health` - Updates the lower range for the maxResults request property for DescribeAffectedEntities, DescribeAffectedEntitiesForOrganization, DescribeEvents, and DescribeEventsForOrganization API request properties. +* `Aws\EC2` - Add better support for fractional GPU instances in DescribeInstanceTypes API. The new fields, logicalGpuCount, gpuPartitionSize, and workload array enable better GPU resource selection and filtering for both full and fractional GPU instance types. +* `Aws\GuardDuty` - Adding new enum value for ScanStatusReason +* `Aws\GameLift` - Amazon GameLift Servers Realtime now supports Node.js 24.x runtime on the Amazon Linux 2023 operating system. + +## 3.369.17 - 2026-01-21 + +* `Aws\BedrockAgentCore` - Supports custom browser extensions for AgentCore Browser and increased message payloads up to 100KB per message in an Event for AgentCore Memory +* `Aws\EC2` - Added support of multiple EBS cards. New EbsCardIndex parameter enables attaching volumes to specific EBS cards on supported instance types for improved storage performance. +* `Aws\QuickSight` - Added documentation and model for sheet layout groups - allows sheet elements to be grouped, Added documentation and the feature enables admins to have granular control over connectors under actions, Updated API documentation for PDF Export in Snapshot Export APIs +* `Aws\ConfigService` - AWS Config Conformance Packs now support tag-on-create through PutConformancePack API. + +## 3.369.16 - 2026-01-20 + +* `Aws\VerifiedPermissions` - Amazon Verified Permissions now supports encryption of resources by a customer managed KMS key. Customers can now create new encrypted policy stores by passing in their customer managed key during policy store creation. +* `Aws\AutoScaling` - This release adds support for three new filters when describing scaling activities, StartTimeLowerBound, StartTimeUpperBound, and Status. +* `Aws\Keyspaces` - Adds support for managing table pre-warming in Amazon Keyspaces (for Apache Cassandra) +* `Aws\BedrockRuntime` - Added support for extended prompt caching with one hour TTL. +* `Aws\Odb` - Adds support for associating and disassociating IAM roles with Autonomous VM cluster resources through the AssociateIamRoleToResource and DisassociateIamRoleFromResource APIs. The GetCloudAutonomousVmCluster and ListCloudAutonomousVmClusters API responses now include the iamRoles field. +* `Aws\WorkspacesInstances` - Added billing configuration support for WorkSpaces Instances with monthly and hourly billing modes, including new filtering capabilities for instance type searches. + +## 3.369.15 - 2026-01-16 + +* `Aws\Glacier` - Documentation updates for Amazon Glacier's maintenance mode +* `Aws\ResourceExplorer2` - Added ViewName to View-related responses and ServiceViewName to GetServiceView response. +* `Aws\LaunchWizard` - Added UpdateDeployment, ListDeploymentPatternVersions and GetDeploymentPatternVersion APIs for Launch Wizard +* `Aws\Connect` - Adds support to allow customers to create form with Dispute configuration +* `Aws\SageMaker` - Adding security consideration comments for lcc accessing execution role under root access +* `Aws\DataZone` - This release adds support for numeric filtering and complex free-text searches cases for the Search and SearchListings APIs. + +## 3.369.14 - 2026-01-15 + +* `Aws\QConnect` - Fix inference configuration shapes for the CreateAIPrompt and UpdateAIPrompt APIs, Modify Text Length Limit for SendMessage API +* `Aws\EC2` - This release includes documentation updates to support up to four Elastic Volume modifications per Amazon EBS volume within a rolling 24-hour period. +* `Aws\LakeFormation` - API Changes for GTCForLocation feature. Includes a new API, GetTemporaryDataLocationCredentials and updates to the APIs RegisterResource and UpdateResource +* `Aws\OpenSearchServerless` - Collection groups in Amazon OpenSearch Serverless enables to organize multiple collections and enable compute resource sharing across collections with different KMS keys. This shared compute model reduces costs by eliminating the need for separate OpenSearch Compute Units (OCUs) for each KMS key. +* `Aws\CleanRooms` - This release adds support for parameters in PySpark analysis templates. +* `Aws\Deadline` - AWS Deadline Cloud now supports tagging Budget resources with ABAC for permissions management and selecting up to 16 filter values in the monitor and Search API. +* `Aws\Evs` - A new GetVersions API has been added to retrieve VCF, ESX versions, and EC2 instances provided by Amazon EVS. The CreateEnvironment API now allows you to select a VCF version and the CreateEnvironmentHost API introduces a optional esxVersion parameter. +* `Aws\ECS` - Adds support for configuring FIPS in AWS GovCloud (US) Regions via a new ECS Capacity Provider field fipsEnabled. When enabled, instances launched by the capacity provider will use a FIPS-140 enabled AMI. Instances will use FIPS-140 compliant cryptographic modules and AWS FIPS endpoints. + +## 3.369.13 - 2026-01-14 + +* `Aws\RDS` - no feature changes. model migrated to Smithy +* `Aws\Redshift` - Adds support for enabling extra compute resources for automatic optimization during create and modify operations in Amazon Redshift clusters. +* `Aws\RedshiftServerless` - Adds support for enabling extra compute resources for automatic optimization during create and update operations in Amazon Redshift Serverless workgroups. +* `Aws\SocialMessaging` - This release clarifies WhatsApp template operations as a resource-authenticated operation via the parent WhatsApp Business Account. It also introduces new parameters for parameter format, CTA URL link tracking, and template body examples, and increases the phone number ID length. +* `Aws\EKS` - Added support for BOTTLEROCKET NVIDIA FIPS AMIs to AMI types in US regions. +* `Aws\CostExplorer` - Cost Categories added support to BillingView data filter expressions through the new costCategories parameter, enabling users to filter billing views by AWS Cost Categories for more granular cost management and allocation. +* `Aws\Connect` - Amazon Connect makes it easier to manage contact center operating hours by enabling automated scheduling for recurring events like holidays and maintenance windows. Set up recurring patterns (weekly, monthly, etc.) or link to another hours of operation to inherit overrides. + +## 3.369.12 - 2026-01-13 + +* `Aws\DataZone` - Adds support for IAM role subscriptions to Glue table listings via CreateSubscriptionRequest API. Also adds owningIamPrincipalArn filter to List APIs and subscriptionGrantCreationMode parameter to subscription target APIs for controlling grant creation behavior. +* `Aws\Bedrock` - This change will increase TestCase guardContent input size from 1024 to 2028 characters and PolicyBuildDocumentDescription from 2000 to 4000 characters + +## 3.369.11 - 2026-01-12 + +* `Aws\IoTManagedIntegrations` - This release introduces WiFi Simple Setup (WSS) enabling device provisioning via barcode scanning with automated network discovery, authentication, and credential provisioning. Additionally, it introduces 2P Device Capability Rediscovery for updating hub-managed device capabilities post-onboarding. +* `Aws\SageMaker` - Added ultraServerType to the UltraServerInfo structure to support server type identification for SageMaker HyperPod +* `Aws\Billing` - Cost Categories filtering support to BillingView data filter expressions through the new costCategories parameter, enabling users to filter billing views by AWS Cost Categories for more granular cost management and allocation. + +## 3.369.10 - 2026-01-09 + +* `Aws\CloudFront` - Added EntityLimitExceeded exception handling to the following API operations AssociateDistributionWebACL, AssociateDistributionTenantWebACL, UpdateDistributionWithStagingConfig +* `Aws\Glue` - Adding MaterializedViews task run APIs +* `Aws\TranscribeService` - Adds waiters to Amazon Transcribe. +* `Aws\BedrockAgentCoreControl` - Adds optional field "view" to GetMemory API input to give customers control over whether CMK encrypted data such as strategy decryption or override prompts is returned or not. +* `Aws\MediaLive` - MediaPackage v2 output groups in MediaLive can now accept one additional destination for single pipeline channels and up to two additional destinations for standard channels. MediaPackage v2 destinations now support sending to cross region MediaPackage channels. + +## 3.369.9 - 2026-01-07 + +* `Aws\WorkSpaces` - Add StateMessage and ProgressPercentage fields to DescribeCustomWorkspaceImageImport API response. + +## 3.369.8 - 2026-01-06 + +* `Aws\EMRServerless` - Added support for enabling disk encryption using customer managed AWS KMS keys to CreateApplication, UpdateApplication and StartJobRun APIs. +* `Aws\CostExplorer` - This release updates existing reservation recommendations API to support deployment model. + +## 3.369.7 - 2026-01-05 + +* `Aws\CleanRoomsML` - AWS Clean Rooms ML now supports advanced Spark configurations to optimize SQL performance when creating an MLInputChannel or an audience generation job. + +## 3.369.6 - 2026-01-02 + +* `Aws\S3` - Adds deprecation notices to `S3EncryptionClient` and `S3EncryptionClientV2` +* `Aws\CleanRooms` - Added support for publishing detailed metrics to CloudWatch for operational monitoring of collaborations, including query performance and resource utilization. +* `Aws\IdentityStore` - This change introduces "Roles" attribute for User entities supported by AWS Identity Store SDK. + +## 3.369.5 - 2025-12-30 + +* `Aws\Signature` - Ensure SignatureV4 sorts query parameters by their URL-encoded names before canonicalization, so array-style keys like param[10] no longer disrupt the canonical order and break signature validation. +* `Aws\KafkaConnect` - This change sets the KafkaConnect GovCloud FIPS and FIPS DualStack endpoints to use kafkaconnect instead of kafkaconnect-fips as the service name. This is done to match the Kafka endpoints. +* `Aws\Connect` - Adds support for searching global contacts using the ActiveRegions filter, and pagination support for ListSecurityProfileFlowModules and ListEntitySecurityProfiles. + +## 3.369.4 - 2025-12-29 + +* `Aws\QuickSight` - This release adds support for quick users to be able to perform role upgrades on their own. Additionally it allows admins to make this feature admin or auto approval along with new self upgrade capability that can be restricted by Admins. +* `Aws\Connect` - Changes for Contact for Global Search + +## 3.369.3 - 2025-12-26 + +* `Aws\MediaLive` - AWS Elemental MediaLive now supports Pipeline Locking using Video Alignment as well as linked single pipeline channels to enable cross-channel and cross-region Pipeline Locking workflows. + +## 3.369.2 - 2025-12-23 + +* `Aws\` - Removes `ElasticTranscoderClient` and its dependencies. This service has been deprecated. +* `Aws\PinpointSMSVoiceV2` - This release adds support for the Registration Reviewer feature, which provides generative AI feedback on a phone number or sender ID registration to ensure completeness before sending to downstream (carrier) review. +* `Aws\GeoPlaces` - Adds support for InferredSecondaryAddress place type, Designator in SecondaryAddressComponent and Heading in ReverseGeocode. +* `Aws\S3` - Add additional validation to Outpost bucket names. + +## 3.369.1 - 2025-12-22 + +* `Aws\` - Allow `stdClass` in `Validator` for document types for empty documents to be encoded as JSON objects rather than arrays. +* `Aws\GuardDuty` - Make accountIds a required field in GetRemainingFreeTrialDays API to reflect service behavior. +* `Aws\EC2` - Adds support for linkedGroupId on the CreatePlacementGroup and DescribePlacementGroups APIs. The linkedGroupId parameter is reserved for future use. +* `Aws\PCS` - Change API Reference Documentation for default Mode in Accounting and SlurmRest +* `Aws\ConfigService` - Added supported resourceTypes for Config from July to November 2025 + +## 3.369.0 - 2025-12-19 + +* `Aws\EMRServerless` - Added JobLevelCostAllocationConfiguration field to enable cost allocation reporting at the job level, providing more granular visibility into EMR Serverless charges +* `Aws\Connect` - Adding support for Custom Metrics and Pre-Defined Attributes to GetCurrentMetricData API. +* `Aws\QBusiness` - It is a internal bug fix for region expansion +* `Aws\IoT` - This release adds event-based logging feature that enables granular event logging controls for AWS IoT logs. +* `Aws\WorkSpacesWeb` - Add support for WebAuthn under user settings. +* `Aws\ARCRegionSwitch` - Automatic Plan Execution Reports allow customers to maintain a concise record of their Region switch Plan executions. This enables customer SREs and leadership to have a clear view of their recovery posture based on the generated reports for their Plan executions. +* `Aws\Wickr` - AWS Wickr now provides a suite of admin APIs to allow you to programmatically manage secure communication for Wickr networks at scale. These APIs enable you to automate administrative workflows including user lifecycle management, network configuration, and security group administration. + +## 3.368.2 - 2025-12-18 + +* `Aws\SsmSap` - Added "Stopping" for the HANA Database Status. +* `Aws\OpenSearchService` - Amazon OpenSearch Service adds support for warm nodes, enabling new multi-tier architecture. +* `Aws\ECR` - Adds support for ECR Create On Push +* `Aws\BedrockDataAutomation` - Blueprint Optimization (BPO) is a new Amazon Bedrock Data Automation (BDA) capability that improves blueprint inference accuracy using example content assets and ground truth data. BPO works by generating better instructions for fields in the Blueprint using provided data. +* `Aws\SESv2` - Amazon SES introduces Email Validation feature which checks email addresses for syntax errors, domain validity, and risky addresses to help maintain deliverability and protect sender reputation. SES also adds resource tagging and ABAC support for EmailTemplates and CustomVerificationEmailTemplates. +* `Aws\IoT` - This release adds message batching for the IoT Rules Engine HTTP action. +* `Aws\Artifact` - Add support for ListReportVersions API for the calling AWS account. +* `Aws\CleanRooms` - Adding support for collaboration change requests requiring an approval workflow. Adding support for change requests that grant or revoke results receiver ability and modifying auto approved change types in an existing collaboration. +* `Aws\AppStream` - Added support for new operating systems (1) Ubuntu 24.04 Pro LTS on Elastic fleets, and (2) Microsoft Server 2025 on Always-On and On-Demand fleets +* `Aws\BedrockAgentCoreControl` - Feature to support header exchanges between Bedrock AgentCore Gateway Targets and client, along with propagating query parameter to the configured targets. +* `Aws\ARCRegionSwitch` - New API to list Route 53 health checks created by ARC region switch for a plan in a specific AWS Region using the Region switch Regional data plane. +* `Aws\ECS` - Adding support for Event Windows via a new ECS account setting "fargateEventWindows". When enabled, ECS Fargate will use the configured event window for patching tasks. Introducing "CapacityOptionType" for CreateCapacityProvider API, allowing support for Spot capacity for ECS Managed Instances. +* `Aws\EC2` - This release adds AvailabilityZoneId support for CreateFleet, ModifyFleet, DescribeFleets, RequestSpotFleet, ModifySpotFleetRequests and DescribeSpotFleetRequests APIs. + +## 3.368.1 - 2025-12-17 + +* `Aws\MediaConvert` - Adds support for tile encoding in HEVC and audio for video overlays. +* `Aws\GameLiftStreams` - Added new stream group operation parameters for scale-on-demand capacity with automatic prewarming. Added new Gen6 stream classes based on the EC2 G6 instance family. Added new StartStreamSession parameter for exposure of real-time performance stats to clients. +* `Aws\PaymentCryptography` - Support for AS2805 standard. Modifications to import-key and export-key to support AS2805 variants. +* `Aws\PaymentCryptographyData` - Support for AS2805 standard. New API GenerateAs2805KekValidation and changes to translate pin, GenerateMac and VerifyMac to support AS2805 key variants. +* `Aws\SageMaker` - Adding the newly launched p6-b300.48xlarge ec2 instance support in Sagemaker(Hyperpod,Training and Sceptor) +* `Aws\KafkaConnect` - Support dual-stack network connectivity for connectors via NetworkType field. +* `Aws\GuardDuty` - Add support for dbiResourceId in finding. +* `Aws\InspectorScan` - Adds an additional OutputFormat +* `Aws\MediaPackageV2` - This release adds support for SPEKE V2 content key encryption in MediaPackage v2 Origin Endpoints. + +## 3.368.0 - 2025-12-16 + +* `Aws\S3` - A new `S3EncryptionClient` implementation and a new `KmsMaterialProvider` implementation. `S3EncryptionClientV3` now supports writing and reading objects with Key Commitment. `KmsMaterialProviderV3` now supports verifying supplied encryption context on `decryptCek` calls. +* `Aws\TimestreamInfluxDB` - This release adds support for rebooting InfluxDB DbInstances and DbClusters +* `Aws\IoT` - Add support for dynamic payloads in IoT Device Management Commands + +## 3.367.3 - 2025-12-15 + +* `Aws\MediaTailor` - Added support for Ad Decision Server Configuration enabling HTTP POST requests with custom bodies, headers, GZIP compression, and dynamic variables. No changes required for existing GET request configurations. +* `Aws\Connect` - Amazon Connect now supports outbound WhatsApp contacts via the Send message block or StartOutboundChatContact API. Send proactive messages for surveys, reminders, and updates. Offer customers the option to switch to WhatsApp while in queue, eliminating hold time. +* `Aws\BedrockAgentCoreControl` - This release updates broken links for AgentCore Policy APIs in the AWS CLI and SDK resources. +* `Aws\Glacier` - Documentation updates for Amazon Glacier's maintenance mode +* `Aws\Route53Resolver` - Adds support for enabling detailed metrics on Route 53 Resolver endpoints using RniEnhancedMetricsEnabled and TargetNameServerMetricsEnabled in the CreateResolverEndpoint and UpdateResolverEndpoint APIs, providing enhanced visibility into Resolver endpoint and target name server performance. +* `Aws\CloudWatchLogs` - This release allows you to import your historical CloudTrail Lake data into CloudWatch with a few steps, enabling you to easily consolidate operational, security, and compliance data in one place. +* `Aws\EC2` - EC2 Capacity Manager now supports SpotTotalCount, SpotTotalInterruptions and SpotInterruptionRate metrics for both vCPU and instance units. +* `Aws\S3` - This release adds support for the new optional field 'LifecycleExpirationDate' in S3 Inventory configurations. +* `Aws\Health` - Updating Health API endpoint generation for dualstack only regions +* `Aws\EntityResolution` - Support Customer Profiles Integration for AWS Entity Resolution +* `Aws\ServiceQuotas` - Add support for SQ Dashboard Api + +## 3.367.2 - 2025-12-12 + +* `Aws\WorkSpacesWeb` - Adds support for portal branding customization, enabling administrators to personalize end-user portals with custom assets. +* `Aws\Connect` - Amazon Connect now offers automated post-chat surveys triggered when customers end conversations. This captures timely feedback while experience is fresh, using either a no-code form builder or Amazon Lex-powered interactive surveys. +* `Aws\BCMRecommendedActions` - Added new freetier action types to RecommendedAction.type. +* `Aws\DataSync` - Adds Enhanced mode support for NFS and SMB locations. SMB credentials are now managed via Secrets Manager, and may be encrypted with service or customer managed keys. Increases AgentArns maximum count to 8 (max 4 per TaskMode). Adds folder counters to DescribeTaskExecution for Enhanced mode tasks. + +## 3.367.1 - 2025-12-11 + +* `Aws\SESv2` - Update GetEmailIdentity and CreateEmailIdentity response to include SigningHostedZone in DkimAttributes. Updated PutEmailIdentityDkimSigningAttributes Response to include SigningHostedZone. +* `Aws\Lambda` - Add Dotnet 10 (dotnet10) support to AWS Lambda. +* `Aws\QuickSight` - This release adds new GetIdentityContext API, Dashboard customization options for tables and pivot tables, Visual styling options- borders and decals, map GeocodingPreferences, KeyPairCredentials for DataSourceCredentials. Snapshot APIs now support registered users. Parameters limit increased to 400 +* `Aws\Organizations` - Add support for policy operations on the NETWORK SECURITY DIRECTOR POLICY policy type. +* `Aws\SecretsManager` - Add SortBy parameter to ListSecrets + +## 3.367.0 - 2025-12-10 + +* `Aws\S3` - A new S3 Transfer Manager implementation with multipart download capabilities. It allows better ways to configure each operation. Includes Progress Tracking, Transfer Event Listeners, and Automatic Multipart Uploads/Downloads. +* `Aws\signer` - Adds support for Signer GetRevocationStatus with updated endpoints +* `Aws\Odb` - The following APIs now return CloudExadataInfrastructureArn and OdbNetworkArn fields for improved resource identification and AWS service integration - GetCloudVmCluster, ListCloudVmClusters, GetCloudAutonomousVmCluster, and ListCloudAutonomousVmClusters. +* `Aws\BillingConductor` - Launch itemized custom line item and service line item filter +* `Aws\CloudWatch` - This release introduces two additional protocols AWS JSON 1.1 and Smithy RPC v2 CBOR, replacing the currently utilized one, AWSQuery. AWS SDKs will prioritize the protocol that is the most performant for each language. +* `Aws\PartnerCentralSelling` - Adds support for the new Project.AwsPartition field on Opportunity and AWS Opportunity Summary. Use this field to specify the AWS partition where the opportunity will be deployed. +* `Aws\OpenSearchService` - The CreateApplication API now supports an optional kms key arn parameter to allow customers to specify a CMK for application encryption. +* `Aws\Bedrock` - Automated Reasoning checks in Amazon Bedrock Guardrails is capable of generating policy scenarios to validate policies. The GetAutomatedReasoningPolicyBuildWorkflowResultAssets API now adds POLICY SCENARIO asset type, allowing customers to retrieve scenarios generated by the build workflow. + +## 3.366.4 - 2025-12-09 + +* `Aws\IVSRealTime` - Token Exchange introduces seamless token exchange capabilities for IVS RTX, enabling customers to upgrade or downgrade token capabilities and update token attributes within the IVS client SDK without forcing clients to disconnect and reconnect. +* `Aws\Account` - This release adds a new API (GetGovCloudAccountInformation) used to retrieve information about a linked GovCloud account from the standard AWS partition. +* `Aws\Route53` - Amazon Route 53 now supports the EU (Germany) Region (eusc-de-east-1) for latency records, geoproximity records, and private DNS for Amazon VPCs in that region +* `Aws\AppSync` - Update Event API to require EventConfig parameter in creation and update requests. +* `Aws\GuardDuty` - Adding support for Ec2LaunchTemplate Version field +* `Aws\mgn` - Added parameters encryption, IPv4/IPv6 protocol configuration, and enhanced tagging support for replication operations. + +## 3.366.3 - 2025-12-08 + +* `Aws\EC2` - Amazon EC2 P6-B300 instances provide 8x NVIDIA Blackwell Ultra GPUs with 2.1 TB high bandwidth GPU memory, 6.4 Tbps EFA networking, 300 Gbps dedicated ENA throughput, and 4 TB of system memory. Amazon EC2 C8a instances are powered by 5th Gen AMD EPYC processors with a maximum frequency of 4.5 GHz. +* `Aws\RolesAnywhere` - Increases certificate string length for trust anchor source data to support ML-DSA certificates. +* `Aws\PartnerCentralSelling` - Deal Sizing Service for AI-based deal size estimation with AWS service-level breakdown, supporting Expansion and Migration deals across Technology, and Reseller partner cohorts, including Pricing Calculator AddOn for MAP deals and funding incentives. +* `Aws\RDS` - Adding support for tagging RDS Instance/Cluster Automated Backups +* `Aws\IdentityStore` - Updating AWS Identity Store APIs to support Attribute Extensions capability, with the first release adding Enterprise Attributes. This launch aligns Identity Store APIs with SCIM for enterprise attributes, reducing cases when customers are forced to use SCIM due to lack of SigV4 API support. +* `Aws\RedshiftServerless` - Added GetIdentityCenterAuthToken API to retrieve encrypted authentication tokens for Identity Center integrated serverless workgroups. This API enables programmatic access to secure Identity Center tokens with proper error handling and parameter validation across supported SDK languages. +* `Aws\SESv2` - Update Mail Manager Archive ARN validation +* `Aws\CostExplorer` - Add support for Cost Category resource associations including filtering by resource type on ListCostCategoryDefinitions and new ListCostCategoryResourceAssociations API. + +## 3.366.2 - 2025-12-05 + +* `Aws\` - Enhance exponential delay calculation to reduce the possibilities of having 0 as the delay. +* `Aws\SESv2` - Updating the desired url for `PutEmailIdentityDkimSigningAttributes` from v1 to v2 +* `Aws\PartnerCentralAccount` - Adding Verification API's to Partner Central Account SDK. +* `Aws\ECS` - Updating stop-task API to encapsulate containers with custom stop signal +* `Aws\Inspector2` - This release adds a new ScanStatus called "Unsupported Code Artifacts". This ScanStatus will be returned when a Lambda function was not code scanned because it has unsupported code artifacts. +* `Aws\IAM` - Adding the ExpirationTime attribute to the delegation request resource. + +## 3.366.1 - 2025-12-04 + +* `Aws\Lambda` - Add DisallowedByVpcEncryptionControl to the LastUpdateStatusReasonCode and StateReasonCode enums to represent failures caused by VPC Encryption Controls. + +## 3.366.0 - 2025-12-03 + +* `Aws\` - Adds support for PHP 8.5 +* `Aws\Bedrock` - Adding support in Amazon Bedrock to customize models with reinforcement fine-tuning (RFT) and support for updating the existing Custom Model Deployments. +* `Aws\SageMaker` - Introduces Serverless training: A fully managed compute infrastructure that abstracts away all infrastructure complexity, allowing you to focus purely on model development. Added AI model customization assets used to train, refine, and evaluate custom models during the model customization process. + +## 3.365.0 - 2025-12-02 + +* `Aws\` - Fixed an issue in NonSeekableStreamDecodingEventStreamIterator where partial reads from non-seekable streams could result in truncated payloads and CRC mismatches. +* `Aws\RDS` - RDS Oracle and SQL Server: Add support for adding, modifying, and removing additional storage volumes, offering up to 256TiB storage; RDS SQL Server: Support Developer Edition via custom engine versions for development and testing purposes; M7i/R7i instances with Optimize CPU for cost savings. +* `Aws\S3Tables` - Add storage class, replication, and table record expiration features to S3 Tables. +* `Aws\S3Vectors` - Amazon S3 Vectors provides cost-effective, elastic, and durable vector storage for queries based on semantic meaning and similarity. +* `Aws\Lambda` - Launching Lambda durable functions - a new feature to build reliable multi-step applications and AI workflows natively within the Lambda developer experience. +* `Aws\CostExplorer` - This release updates existing Savings Plans Purchase Analyzer and Recommendations APIs to support Database Savings Plans. +* `Aws\OpenSearchServerless` - GPU-acceleration helps you build large-scale vector databases faster and more efficiently. You can enable this feature on new OpenSearch domains and OpenSearch Serverless collections. This feature uses GPU-acceleration to reduce the time needed to index data into vector indexes. +* `Aws\SavingsPlans` - Added support for Amazon Database Savings Plans +* `Aws\BedrockAgentCore` - Support for AgentCore Evaluations and Episodic memory strategy for AgentCore Memory. +* `Aws\S3` - New S3 Storage Class FSX_ONTAP +* `Aws\GuardDuty` - Adding support for extended threat detection for Amazon EC2 and Amazon ECS. Adding support for wild card suppression rules. +* `Aws\Bedrock` - Adds the audioDataDeliveryEnabled boolean field to the Model Invocation Logging Configuration. +* `Aws\CloudWatchLogs` - CloudWatch Logs adds managed S3 Tables integration to access logs using other analytical tools, as well as facets and field indexing to simplify log analytics in CloudWatch Logs Insights. +* `Aws\OpenSearchService` - GPU-acceleration helps you build large-scale vector databases faster and more efficiently. You can enable this feature on new OpenSearch domains and OpenSearch Serverless collections. This feature uses GPU-acceleration to reduce the time needed to index data into vector indexes. +* `Aws\NovaAct` - Initial release of Nova Act SDK. The Nova Act service enables customers to build and manage fleets of agents for automating production UI workflows with high reliability, fastest time-to-value, and ease of implementation at scale. +* `Aws\BedrockRuntime` - Adds support for Audio Blocks and Streaming Image Output plus new Stop Reasons of malformed_model_output and malformed_tool_use. +* `Aws\BedrockAgentCoreControl` - Supports AgentCore Evaluations, Policy, Episodic Memory Strategy, Resource Based Policy for Runtime and Gateway APIs, API Gateway Rest API Targets and enhances JWT authorizer. +* `Aws\SecurityHub` - ITSM enhancements: DRYRUN mode for testing ticket creation, ServiceNow now uses AWS Secrets Manager for credentials, ConnectorRegistrationsV2 renamed to RegisterConnectorV2, added ServiceQuotaExceededException error, and ConnectorStatus visibility in CreateConnectorV2. +* `Aws\SageMaker` - Added support for serverless MLflow Apps. Added support for new HubContentTypes (DataSet and JsonDoc) in Private Hub for AI model customization assets, enabling tracking and management of training datasets and evaluators (reward functions/prompts) throughout the ML lifecycle. +* `Aws\DataZone` - Amazon DataZone now supports exporting Catalog datasets as Amazon S3 tables, and provides automatic business glossary term suggestions for data assets. +* `Aws\FSx` - S3 Access Points support for FSx for NetApp ONTAP +* `Aws\ObservabilityAdmin` - CloudWatch Observability Admin adds pipelines configuration for third party log ingestion and transformation of all logs ingested, integration of CloudWatch logs with S3 Tables, and AWS account or organization level enablement for 7 AWS services. +* `Aws\S3Control` - Add support for S3 Storage Lens Advanced Performance Metrics, Expanded Prefixes metrics report, and export to S3 Tables. + +## 3.364.0 - 2025-12-01 + +* `Aws\Connect` - This is a combined re:Invent release for Amazon Connect. +* `Aws\CustomerProfiles` - This release introduces, CRUD APIs for the DomainObjectType and Recommender resources, APIs to offer statistical insights on Object Type Attributes, Changes to SegmentDefinition APIs to support SQL queries to create Segments, and Changes to Domain APIs to support Data Store. +* `Aws\CleanRooms` - AWS Clean Rooms now supports privacy-enhancing synthetic dataset generation for custom ML training. +* `Aws\PartnerCentralSelling` - New Features: Lead Management APIs for capturing and nurturing leads Lead invitation support for partner collaboration Lead-to-opportunity conversion operations AWS Marketplace OfferSets support for opportunities +* `Aws\Personalize` - This release adds support for includedDatasetColumns and performIncrementalUpdate in solution APIs, and rankingInfluence in campaign and batch inference APIs. +* `Aws\PartnerCentralAccount` - Initial GA launch of Partner Central Account +* `Aws\MarketplaceCatalog` - This release introduces offer set entity in AWS Marketplace Catalog API to enable multi-product transaction. Offer set enables sellers to group multiple private offers into a single-click purchase experience, simplifying procurement for customers purchasing multi-product solutions. +* `Aws\AppIntegrationsService` - This release adds support for MCP servers via the ApplicationType field, allowing customers to register their Bedrock AgentCore gateways as third party applications. +* `Aws\BedrockAgent` - Support audio and video ingestion on Bedrock Knowledge Bases. +* `Aws\Lambda` - Launching Lambda Managed Instances - a new feature to run Lambda on EC2. +* `Aws\ConnectCampaignsV2` - This release added support for new WhatsApp channel and Journey type outbound campaign +* `Aws\Route53GlobalResolver` - Add SDK for Amazon Route 53 Global Resolver, a fully managed DNS resolver service that offers broad DNS-filtering security controls. +* `Aws\BedrockAgentRuntime` - Support audio and video content retrieval on Bedrock Knowledge Bases. +* `Aws\CleanRoomsML` - AWS Clean Rooms ML now supports privacy-enhancing synthetic dataset generation for custom ML training. +* `Aws\Glue` - feature: Glue: Add support for Iceberg materialized view in Glue Data Catalog, including updated CreateTable API to support materialized views and new APIs for managing data refresh for materialized views. feature: Glue: Add support for Iceberg table encryption keys and struct field defaults. +* `Aws\LexModelsV2` - Adds support for speech-to-speech models for human-like, adaptive, and expressive voice interactions. Also adds support for speech model preference, allowing customers to select which speech model they want to use for speech-to-text requests. +* `Aws\EKS` - This release adds support for EKS Capabilities +* `Aws\ConnectParticipant` - Amazon Connect now supports message processing that intercepts and processes chat messages before they reach any participant. +* `Aws\QConnect` - New AIAgent types: Orchestration for ModelContextProtocol tool integration, CaseSummary for Amazon Connect Case summaries, NoteTaker for Agent Assistance notes. Added ListSpans and Retrieve APIs. Enhanced Q in Connect AssistantAssociationType to support Bring Your Own Bedrock Knowledge Bases. +* `Aws\PartnerCentralBenefits` - Initial GA launch of Partner Central Benefits +* `Aws\MarketplaceAgreement` - This release supports 1/multi-product transactions via offer sets. DescribeAgreement and SearchAgreements APIs now return offer set IDs. SearchAgreements also supports filtering by offer set ID and 2/variable payment pricing terms will be returned through GetAgreementTerms. + +## 3.363.3 - 2025-11-26 + +* `Aws\ComputeOptimizer` - Compute Optimizer now identifies idle NAT Gateway resources for cost optimization based on traffic patterns and backup configuration analysis. Access recommendations via the GetIdleRecommendations API. +* `Aws\CostOptimizationHub` - This release enables AWS Cost Optimization Hub to show cost optimization recommendations for NAT Gateway. +* `Aws\BedrockRuntime` - Bedrock Runtime Reserved Service Support + +## 3.363.2 - 2025-11-25 + +* `Aws\EC2` - This release adds support to view Network firewall proxy appliances attached to an existing NAT Gateway via DescribeNatGateways API NatGatewayAttachedAppliance structure. +* `Aws\Route53` - Adds support for new route53 feature: accelerated recovery. +* `Aws\Organizations` - Add support for policy operations on the S3_POLICY and BEDROCK_POLICY policy type. +* `Aws\NetworkFirewall` - Network Firewall release of the Proxy feature. + +## 3.363.1 - 2025-11-24 + +* `Aws\CloudFront` - Add TrustStore, ConnectionFunction APIs to CloudFront SDK +* `Aws\CloudWatchLogs` - New CloudWatch Logs feature - LogGroup Deletion Protection, a capability that allows customers to safeguard their critical CloudWatch log groups from accidental or unintended deletion. + +## 3.363.0 - 2025-11-21 + +* `Aws\SecurityIR` - Add ListInvestigations and SendFeedback APIs to support SecurityIR AI agents +* `Aws\MailManager` - Add support for resources in the aws-eusc partition. +* `Aws\ECR` - Add support for ECR managed signing +* `Aws\Athena` - Introduces Spark workgroup features including log persistence, S3/CloudWatch delivery, UI and History Server APIs, and SparkConnect 3.5.6 support. Adds DPU usage limits at workgroup and query levels as well as DPU usage tracking for Capacity Reservation queries to optimize performance and costs. +* `Aws\CloudFormation` - Adds the DependsOn field to the AutoDeployment configuration parameter for CreateStackSet, UpdateStackSet, and DescribeStackSet APIs, allowing users to set and read auto-deployment dependencies between StackSets +* `Aws\KMS` - Support for on-demand rotation of AWS KMS Multi-Region keys with imported key material +* `Aws\KinesisVideo` - This release adds support for Tiered Storage +* `Aws\APIGateway` - API Gateway supports VPC link V2 for REST APIs. +* `Aws\Odb` - Adds AssociateIamRoleToResource and DisassociateIamRoleFromResource APIs for managing IAM roles. Enhances CreateOdbNetwork and UpdateOdbNetwork APIs with KMS, STS, and cross-region S3 parameters. Adds OCI identity domain support to InitializeService API. +* `Aws\BedrockAgentCoreControl` - Support for agentcore gateway interceptor configurations and NONE authorizer type +* `Aws\ComputeOptimizerAutomation` - Initial release of AWS Compute Optimizer Automation. Create automation rules to implement recommended actions on a recurring schedule based on your specified criteria. Supported actions include: snapshot and delete unattached EBS volumes and upgrade volume types to the latest generation. +* `Aws\RDS` - Add support for Upgrade Rollout Order +* `Aws\SESv2` - Added support for new SES regions - Asia Pacific (Malaysia) and Canada (Calgary) +* `Aws\Organizations` - Add support for policy operations on the UPGRADE_ROLLOUT_POLICY policy type. +* `Aws\ControlTower` - The manifest field is now optional for the AWS Control Tower CreateLandingZone and UpdateLandingZone APIs for Landing Zone version 4.0 +* `Aws\MediaPackageV2` - Adds support for excluding session key tags from HLS multivariant playlists +* `Aws\Connect` - New APIs to support aliases and versions for ContactFlowModule. Updated ContactFlowModule APIs to support custom blocks. +* `Aws\QConnect` - This release introduces two new messaging channel subtypes: Push, WhatsApp, under MessageTemplate which is a resource in Amazon Q in Connect. +* `Aws\BedrockRuntime` - Add support to automatically enforce safeguards across accounts within an AWS Organization. +* `Aws\ElasticLoadBalancingv2` - This release adds the health check log feature in ALB, allowing customers to send detailed target health check log data directly to their designated Amazon S3 bucket. +* `Aws\BedrockDataAutomationRuntime` - Adding new fields to GetDataAutomationStatus: jobSubmissionTime, jobCompletionTime, and jobDurationInSeconds +* `Aws\Bedrock` - Add support to automatically enforce safeguards across accounts within an AWS Organization. +* `Aws\EKS` - Adds support for controlPlaneScalingConfig on EKS Clusters. +* `Aws\MarketplaceMetering` - Endpoint update for new region +* `Aws\EC2` - This release adds a new capability to create and manage interruptible EC2 Capacity Reservations. +* `Aws\Lambda` - Launching Enhanced Error Handling and ESM Grouping capabilities for Kafka ESMs +* `Aws\RedshiftServerless` - Added UpdateLakehouseConfiguration API to manage Amazon Redshift Federated Permissions and AWS IAM Identity Center trusted identity propagation for namespaces. +* `Aws\LexModelsV2` - Adds support for Intent Disambiguation, allowing resolution of ambiguous user inputs when multiple intents match by presenting clarifying questions to users. Also adds Speech Detection Sensitivity configuration for optimizing voice activity detection sensitivity levels in various noise environments. +* `Aws\QuickSight` - Amazon Quick Suite now supports QuickChat as an embedding type when calling the GenerateEmbedUrlForRegisteredUser API, enabling developers to embed conversational AI agents directly into their applications. +* `Aws\SageMaker` - Enhanced SageMaker HyperPod instance groups with support for MinInstanceCount, CapacityRequirements (Spot/On-Demand), and KubernetesConfig (labels and taints). Also Added speculative decoding and MaxInstanceCount for model optimization jobs. +* `Aws\MarketplaceEntitlementService` - Endpoint update for new region +* `Aws\Transfer` - Adds support for creating Webapps accessible from a VPC. +* `Aws\Invoicing` - Added the CreateProcurementPortalPreference, GetProcurementPortalPreference, PutProcurementPortalPreference, UpdateProcurementPortalPreferenceStatus, ListProcurementPortalPreferences and DeleteProcurementPortalPreference APIs for procurement portal preference management. +* `Aws\Redshift` - Added support for Amazon Redshift Federated Permissions and AWS IAM Identity Center trusted identity propagation. + +## 3.362.1 - 2025-11-20 + +* `Aws\Organizations` - Added new APIs for Billing Transfer, new policy type INSPECTOR_POLICY, and allow an account to transfer between organizations +* `Aws\DeviceFarm` - Add support for environment variables and an IAM execution role. +* `Aws\DatabaseMigrationService` - Added support for customer-managed KMS key (CMK) for encryption for import private key certificate. Additionally added Amazon SageMaker Lakehouse endpoint used for zero-ETL integrations with data warehouses. +* `Aws\ApplicationSignals` - Amazon CloudWatch Application Signals now supports un-instrumented services discovery, cross-account views, and change history, helping SRE and DevOps teams monitor and troubleshoot their large-scale distributed applications. +* `Aws\SecurityHub` - Release Findings and Resources Trends APIs- GetFindingsTrendsV2 and GetResourcesTrendsV2. This supports time-series aggregated counts with composite filtering for 1-year of historical data analysis of Findings and Resources. +* `Aws\Glue` - Added FunctionType parameter to Glue GetuserDefinedFunctions. +* `Aws\LicenseManager` - Added cross-account resource aggregation via license asset groups and expiry tracking for Self-Managed Licenses. Extended Org-Wide View to Self-Managed Licenses, added reporting for license asset groups, and removed Athena/Glue dependencies for cross-account resource discovery in commercial regions. +* `Aws\BedrockDataAutomationRuntime` - Bedrock Data Automation Runtime Sync API +* `Aws\CloudFront` - This release adds support for bring your own IP (BYOIP) to CloudFront's CreateAnycastIpList API through an optional IpamCidrConfigs field. +* `Aws\RDS` - Add support for VPC Encryption Controls. +* `Aws\BedrockAgentCore` - Bedrock AgentCore Memory release for redriving memory extraction jobs (StartMemoryExtractionJob and ListMemoryExtractionJob) +* `Aws\imagebuilder` - EC2 Image Builder now enables the distribution of existing AMIs, retry distribution, and define distribution workflows. It also supports automatic versioning for recipes and components, allowing automatic version increments and dynamic referencing in pipelines. +* `Aws\AutoScaling` - This release adds support for three new features: 1) Image ID overrides in mixed instances policy, 2) Replace Root Volume - a new strategy for Instance Refresh, and 3) Instance Lifecycle Policy for enhanced instance lifecycle management. +* `Aws\RecycleBin` - Add support for EBS volume in Recycle Bin +* `Aws\QuickSight` - Introducing comprehensive theme styling controls. New features include border customization (radius, width, color), flexible padding controls, background styling for cards and sheets, centralized typography management, and visual-level override support across layouts. +* `Aws\ECS` - Launching Amazon ECS Express Mode - a new feature that enables developers to quickly launch highly available, scalable containerized applications with a single command. +* `Aws\Connect` - Add optional ability to exclude users from send notification actions for Contact Lens Rules. +* `Aws\DataSync` - The partition value "aws-eusc" is now permitted for ARN (Amazon Resource Name) fields. +* `Aws\EMR` - Add support for configuring S3 destination for step logs on a per-step basis. +* `Aws\CloudTrail` - AWS launches CloudTrail aggregated events to simplify monitoring of data events at scale. This feature delivers both granular and summarized data events for resources like S3/Lambda, helping security teams identify patterns without custom aggregation logic. +* `Aws\EC2` - This release adds support for multiple features including: VPC Encryption Control for the status of traffic flow; S2S VPN BGP Logging; TGW Flexible Costs; IPAM allocation of static IPs from IPAM pools to CF Anycast IP lists used on CloudFront distribution; and EBS Volume Integration with Recycle Bin +* `Aws\SageMaker` - Added training plan support for inference endpoints. Added HyperPod task governance with accelerator partition-based quota allocation. Added BatchRebootClusterNodes and BatchReplaceClusterNodes APIs. Updated ListClusterNodes to include privateDnsHostName. +* `Aws\Kinesis` - Kinesis Data Streams now supports up to 50 Enhance Fan-out consumers for On-demand Advantage Streams. On-demand Standard and Provisioned streams will continue with the existing limit of 20 consumers for Enhanced Fan-out. +* `Aws\Braket` - Add support for Braket spending limits. +* `Aws\LakeFormation` - Added ServiceIntegrations as a request parameter for CreateLakeFormationIdentityCenterConfigurationRequest and UpdateLakeFormationIdentityCenterConfigurationRequest and response parameter for DescribeLakeFormationIdentityCenterConfigurationResponse +* `Aws\ElasticLoadBalancingv2` - This release adds the target optimizer feature in ALB, enabling strict concurrency enforcement on targets. +* `Aws\RedshiftDataAPIService` - Increasing the length limit of Statement Name from 500 to 2048. +* `Aws\NetworkManager` - This release adds support for Cloud WAN Routing Policy providing customers sophisticated routing controls to better manage their global networks +* `Aws\S3` - Enable / Disable ABAC on a general purpose bucket. +* `Aws\Budgets` - Add BillingViewHealthStatusException to DescribeBudgetPerformanceHistory and ServiceQuotaExceededException to UpdateBudget for improved error handling with Billing Views. +* `Aws\BedrockDataAutomation` - Added support for Synchronous project type and PII Detection and Redaction +* `Aws\DSQL` - Added clusterVpcEndpoint field to GetVpcEndpointServiceName API response, returning the VPC connection endpoint for the cluster + ## 3.362.0 - 2025-11-19 * `Aws\Credentials` - Adds `LoginCredentialProvider`, which supports AWS Console sign-in credentials through the `aws login` CLI workflow. diff --git a/features/bootstrap/Aws/Test/Integ/BatchingContext.php b/features/bootstrap/Aws/Test/Integ/BatchingContext.php deleted file mode 100644 index fefeb4953a..0000000000 --- a/features/bootstrap/Aws/Test/Integ/BatchingContext.php +++ /dev/null @@ -1,231 +0,0 @@ -client = self::getSdk()->createClient($service); - } - - /** - * @BeforeFeature @dynamodb - * - * @param BeforeFeatureScope $scope - */ - public static function setUpDynamoTable(BeforeFeatureScope $scope) - { - self::$resource = self::getResourcePrefix() - . str_replace(' ', '-', strtolower($scope->getName())); - - $client = self::getSdk()->createDynamoDb(); - $client->createTable([ - 'TableName' => self::$resource, - 'AttributeDefinitions' => [ - ['AttributeName' => 'id', 'AttributeType' => 'N'] - ], - 'KeySchema' => [ - ['AttributeName' => 'id', 'KeyType' => 'HASH'] - ], - 'ProvisionedThroughput' => [ - 'ReadCapacityUnits' => 1, - 'WriteCapacityUnits' => 1 - ] - ]); - - $client->waitUntil('TableExists', ['TableName' => self::$resource]); - } - - /** - * @AfterFeature @dynamodb - * - * @param AfterFeatureScope $scope - */ - public static function tearDownDynamoTable(AfterFeatureScope $scope) - { - self::getSdk() - ->createDynamoDb() - ->deleteTable(['TableName' => self::$resource]); - - self::$resource = null; - } - - /** - * @BeforeFeature @sqs - * - * @param BeforeFeatureScope $scope - */ - public static function setUpQueue(BeforeFeatureScope $scope) - { - $sqs = self::getSdk()->createSqs(); - self::$resource = self::getResourcePrefix() - . preg_replace('/\W/', '-', strtolower($scope->getName())); - - $sqs->createQueue(['QueueName' => self::$resource]); - $sqs->waitUntil('QueueExists', ['QueueName' => self::$resource]); - } - - /** - * @AfterFeature @sqs - * - * @param AfterFeatureScope $scope - */ - public static function tearDownQueue(AfterFeatureScope $scope) - { - $sqs = self::getSdk() - ->createSqs(); - - $sqs->deleteQueue([ - 'QueueUrl' => $sqs->getQueueUrl([ - 'QueueName' => self::$resource, - ])['QueueUrl'] - ]); - - self::$resource = null; - } - - /** - * @When /^I create a WriteRequestBatch with a batch size of (\d+) and a pool size of (\d+)$/ - */ - public function iCreateAWriteRequestBatch($batchSize, $poolSize) - { - $this->batch = new WriteRequestBatch($this->client, [ - 'table' => self::$resource, - 'batch_size' => $batchSize, - 'pool_size' => $poolSize, - 'before' => function () { - $this->flushCount++; - }, - 'error' => function (AwsException $e) { - trigger_error($e->getMessage(), E_USER_WARNING); - } - ]); - } - - /** - * @When /^I put (\d+) items in the batch$/ - */ - public function iPutItemsInTheBatch($itemCount) - { - for ($i = 0; $i < $itemCount; $i++) { - $this->batch->put(['id' => ['N' => (string) $i]]); - } - } - - /** - * @When I flush the batch - */ - public function iFlushTheBatch() - { - $this->batch->flush(); - } - - /** - * @Then /^(\d+) items should have been written$/ - */ - public function itemsShouldHaveBeenWritten($itemCount) - { - $actualItems = $this->client->getIterator('Scan', [ - 'TableName' => self::$resource, - ]); - - Assert::assertSame((int) $itemCount, iterator_count($actualItems)); - } - - /** - * @Then /^the batch should have been flushed at least (\d+) times$/ - */ - public function theBatchShouldHaveBeenFlushedTimes($flushCount) - { - Assert::assertGreaterThanOrEqual((int) $flushCount, $this->flushCount); - } - - /** - * @Given /^I have put (\d+) messages in a queue$/ - */ - public function iHavePutMessagesInAQueue($messageCount) - { - $queueUrl = $this->client - ->getQueueUrl(['QueueName' => self::$resource])['QueueUrl']; - for ($i = 0; $i < $messageCount; $i++) { - $this->client->sendMessage([ - 'QueueUrl' => $queueUrl, - 'MessageBody' => json_encode(['testing' => 'testing']), - ]); - } - } - - /** - * @When /^I delete a batch of (\d+) messages$/ - */ - public function iDeleteABatchOfMessages($messageCount) - { - $queueUrl = $this->client - ->getQueueUrl(['QueueName' => self::$resource])['QueueUrl']; - $messages = []; - while (count($messages) < $messageCount) { - $result = $this->client->receiveMessage([ - 'QueueUrl' => $queueUrl, - 'MaxNumberOfMessages' => $messageCount, - ]); - - foreach ($result['Messages'] as $message) { - $messages[$message['MessageId']] = [ - 'Id' => $message['MessageId'], - 'ReceiptHandle' => $message['ReceiptHandle'], - ]; - } - } - - $this->response = $this->client - ->deleteMessageBatch([ - 'QueueUrl' => $queueUrl, - 'Entries' => array_values($messages), - ]); - } - - /** - * @Then /^(\d+) messages should have been deleted from the queue$/ - */ - public function messagesShouldHaveBeenDeletedFromTheQueue($messageCount) - { - $failedCount = !empty($this->response['Failed']) - ? count($this->response['Failed']) - : 0; - $successfulCount = !empty($this->response['Successful']) - ? count($this->response['Successful']) - : 0; - - Assert::assertSame((int) $messageCount, $failedCount + $successfulCount); - } -} diff --git a/features/bootstrap/Aws/Test/Integ/BlockingContext.php b/features/bootstrap/Aws/Test/Integ/BlockingContext.php deleted file mode 100644 index fa4ff140d4..0000000000 --- a/features/bootstrap/Aws/Test/Integ/BlockingContext.php +++ /dev/null @@ -1,155 +0,0 @@ -client = self::getSdk()->createClient($service); - } - - /** - * @When I create a table named :table - */ - public function iCreateATableNamed($table) - { - $this->client->createTable([ - 'TableName' => self::getResourcePrefix() . "-$table", - 'AttributeDefinitions' => [ - ['AttributeName' => 'id', 'AttributeType' => 'N'] - ], - 'KeySchema' => [ - ['AttributeName' => 'id', 'KeyType' => 'HASH'] - ], - 'ProvisionedThroughput' => [ - 'ReadCapacityUnits' => 20, - 'WriteCapacityUnits' => 20 - ] - ]); - } - - /** - * @When wait for the table named :table to exist - */ - public function waitForTheTableNamedToExist($table) - { - $this->client->waitUntil('TableExists', [ - 'TableName' => self::getResourcePrefix() . "-$table", - ]); - } - - /** - * @When the table named :table exists - */ - public function theTableNamedWillExist($table) - { - self::getSdk(['http' => ['synchronous' => true]]) - ->createDynamoDb() - ->describeTable(['TableName' => self::getResourcePrefix() . "-$table"]); - } - - /** - * @Then I can delete the table named :table - */ - public function iCanDeleteTheTableNamed($table) - { - $this->client->deleteTable([ - 'TableName' => self::getResourcePrefix() . "-$table", - ]); - } - - /** - * @Then wait for the table named :table to be deleted - */ - public function waitForTheTableNamedToBeDeleted($table) - { - $this->client->waitUntil('TableNotExists', [ - 'TableName' => self::getResourcePrefix() . "-$table", - ]); - } - - /** - * @Then the table named :table does not exist - */ - public function theTableNamedWillNotExist($table) - { - try { - $this->theTableNamedWillExist($table); - Assert::fail("$table exists but should not."); - } catch (DynamoDbException $e) { - Assert::assertSame('ResourceNotFoundException', $e->getAwsErrorCode()); - } - } - - /** - * @When I create a promise to create and await a table named :table - */ - public function iCreateAPromiseToCreateAndAwaitATableNamed($table) - { - $this->promises []= $this->client->createTableAsync([ - 'TableName' => self::getResourcePrefix() . "-$table", - 'AttributeDefinitions' => [ - ['AttributeName' => 'id', 'AttributeType' => 'N'] - ], - 'KeySchema' => [ - ['AttributeName' => 'id', 'KeyType' => 'HASH'] - ], - 'ProvisionedThroughput' => [ - 'ReadCapacityUnits' => 20, - 'WriteCapacityUnits' => 20 - ] - ]) - ->then(function () use ($table) { - return $this->client - ->getWaiter('TableExists', [ - 'TableName' => self::getResourcePrefix() . "-$table", - ])->promise(); - }); - } - - /** - * @Then I can wait on all promises - */ - public function iCanWaitOnAllPromises() - { - Promise\Utils::all($this->promises) - ->wait(); - } - - /** - * @When I create a promise to delete and await the purging of the table named :table - */ - public function iCreateAPromiseToDeleteAndAwaitThePurgingOfTheTableNamed($table) - { - $this->promises []= $this->client - ->deleteTableAsync([ - 'TableName' => self::getResourcePrefix() . "-$table", - ])->then(function () use ($table) { - return $this->client - ->getWaiter('TableNotExists', [ - 'TableName' => self::getResourcePrefix() . "-$table", - ])->promise(); - }); - } -} diff --git a/features/bootstrap/Aws/Test/Integ/ConcurrencyContext.php b/features/bootstrap/Aws/Test/Integ/ConcurrencyContext.php deleted file mode 100644 index a6bb73baa4..0000000000 --- a/features/bootstrap/Aws/Test/Integ/ConcurrencyContext.php +++ /dev/null @@ -1,175 +0,0 @@ -createS3(); - - self::$bucket = self::getResourcePrefix() - . str_replace(' ', '-', strtolower($scope->getName())); - - $client->createBucket(['Bucket' => self::$bucket]); - $client->waitUntil('BucketExists', ['Bucket' => self::$bucket]); - } - - /** - * @AfterFeature @s3 - * - * @param AfterFeatureScope $scope - */ - public static function tearDownS3Bucket(AfterFeatureScope $scope) - { - $client = self::getSdk()->createS3(); - - $client->deleteMatchingObjects(self::$bucket, '', '//'); - $client->deleteBucket(['Bucket' => self::$bucket]); - - self::$bucket = null; - } - - /** - * @Given I have a :service client - */ - public function iHaveAClient($service) - { - $this->client = self::getSdk()->createClient($service); - } - - /** - * @When I call the :command API - */ - public function iCallTheApi($command) - { - $this->result = $this->client->{$command}(); - } - - /** - * @Then the value at :key should be a :type - */ - public function theValueAtShouldBeA($key, $type) - { - Assert::assertInstanceOf(Result::class, $this->result); - $methodName = 'assertIs' . ucfirst($type); - call_user_func( - [Assert::class, $methodName], - $this->result->search($key) - ); - } - - /** - * @When I call the :command API asynchronously - */ - public function iCallTheApiAsynchronously($command) - { - $this->promise = call_user_func([$this->client, "{$command}Async"]); - } - - /** - * @When I wait on the promise - */ - public function thenWaitOnThePromise() - { - $this->result = $this->promise->wait(); - } - - /** - * @Given a promise composed of the following asynchronous operations: - */ - public function aPromiseComposedOfTheFollowingAsynchronousOperations(TableNode $table) - { - $this->promise = Promise\Utils::all(array_map(function (array $row) { - return call_user_func( - [ - self::getSdk()->createClient($row['service']), - "{$row['command']}Async", - ], - json_decode($row['payload'], true) ?: [] - ); - }, iterator_to_array($table))); - } - - /** - * @Given a pool composed of the following commands: - */ - public function aPoolComposedOfTheFollowingCommands(TableNode $table) - { - $this->commands = array_map(function (array $row) { - return self::getSdk() - ->createClient($row['service']) - ->getCommand( - $row['command'], - json_decode($row['payload'], true) ?: [] - ); - }, iterator_to_array($table)); - } - - /** - * @When I send the commands as a batch to :service - */ - public function iSendTheCommandsAsABatchTo($service) - { - $this->result = CommandPool::batch( - self::getSdk()->createClient($service), - $this->commands - ); - } - - /** - * @Then there should be :count results - */ - public function thereShouldBeResults($count) - { - Assert::assertCount((int) $count, $this->result); - } - - /** - * @Then there should be :count value at :path - */ - public function thereShouldBeValueAt($count, $path) - { - Assert::assertCount((int) $count, array_unique( - JmesPath\search($path, $this->result) - )); - } -} diff --git a/features/bootstrap/Aws/Test/Integ/IntegUtils.php b/features/bootstrap/Aws/Test/Integ/IntegUtils.php deleted file mode 100644 index 46bdd1e6f0..0000000000 --- a/features/bootstrap/Aws/Test/Integ/IntegUtils.php +++ /dev/null @@ -1,62 +0,0 @@ - 'us-east-1', - 'version' => 'latest', - 'ua_append' => 'PHPUnit/Integration' - ]); - } - - public static function log($message) - { - fwrite(STDERR, date('c') . ': ' . $message . "\n"); - } - - /** - * Get the resource prefix to add to created resources - * - * @return string - */ - public static function getResourcePrefix() - { - if (!isset($_SERVER['PREFIX']) || $_SERVER['PREFIX'] == 'hostname') { - $_SERVER['PREFIX'] = crc32(gethostname()) . rand(0, 10000); - } - - return $_SERVER['PREFIX']; - } - - /** - * Disable client-side monitoring if local config has it enabled - * - * @BeforeSuite - */ - public static function disableCsm() - { - self::$originalCsmEnabled = getenv( - \Aws\ClientSideMonitoring\ConfigurationProvider::ENV_ENABLED - ); - putenv(\Aws\ClientSideMonitoring\ConfigurationProvider::ENV_ENABLED - . '=false' - ); - } - - /** - * Restore original client-side monitoring enabled flag - * - * @AfterSuite - */ - public static function restoreCsmConfig() - { - putenv(\Aws\ClientSideMonitoring\ConfigurationProvider::ENV_ENABLED . - '=' . self::$originalCsmEnabled - ); - } -} diff --git a/features/bootstrap/Aws/Test/Integ/MultipartContext.php b/features/bootstrap/Aws/Test/Integ/MultipartContext.php deleted file mode 100644 index 528d407c99..0000000000 --- a/features/bootstrap/Aws/Test/Integ/MultipartContext.php +++ /dev/null @@ -1,389 +0,0 @@ -stream = Psr7\Utils::streamFor(Psr7\Utils::tryFopen(self::$tempFile, 'r')); - } - - /** - * @Given I have an s3 client and an uploaded file named :filename - */ - public function iHaveAnS3ClientAndAnUploadedFileNamed($filename) - { - $this->s3Client = self::getSdk()->createS3(); - $this->filename = $filename; - $this->s3Client->putObject([ - 'Bucket' => self::getResourceName(), - 'Key' => $filename, - 'Body' => 'foo' - ]); - $ex = $this->s3Client->getObject( [ - 'Bucket' => self::getResourceName(), - 'Key' => $filename])['Body']; - } - - /** - * @When /^I upload the stream to S3 with a concurrency factor of "(\d+)"$/ - */ - public function iUploadTheStreamToS3WithAConcurrencyFactorOf($concurrency) - { - $client = self::getSdk()->createS3(); - $uploader = new S3MultipartUploader($client, $this->stream, [ - 'bucket' => self::getResourceName(), - 'key' => get_class($this->stream) . $concurrency, - 'concurrency' => $concurrency, - ]); - - try { - $this->result = $uploader->upload(); - } catch (MultipartUploadException $e) { - $client->abortMultipartUpload($e->getState()->getId()); - $message = "=====\n"; - while ($e) { - $message .= $e->getMessage() . "\n"; - $e = $e->getPrevious(); - } - $message .= "=====\n"; - Assert::fail($message); - } - } - - /** - * @When /^I upload the stream to Glacier with a concurrency factor of "(\d+)"$/ - */ - public function iUploadTheStreamToGlacierWithAConcurrencyFactorOf($concurrency) - { - $client = self::getSdk()->createGlacier(); - $uploader = new GlacierMultipartUploader($client, $this->stream, [ - 'vault_name' => self::RESOURCE_POSTFIX, - 'archive_description' => get_class($this->stream) . $concurrency, - 'concurrency' => $concurrency, - ]); - - try { - $this->result = $uploader->upload(); - } catch (MultipartUploadException $e) { - $client->abortMultipartUpload($e->getState()->getId()); - $message = "=====\n"; - while ($e) { - $message .= $e->getMessage() . "\n"; - $e = $e->getPrevious(); - } - $message .= "=====\n"; - Assert::fail($message); - } - } - - /** - * @When I call multipartCopy on :filename to a new key in the same bucket - */ - public function iCallMultipartCopyOnToANewKeyInTheSameBucket($filename) - { - $bucketName = self::getResourceName(); - //if it has a question mark, use overloaded source parameter - $source = strpos($filename, '?') !== false - ? ['source_key' => $filename, 'source_bucket' => $bucketName] - : '/' . $bucketName . '/' . $filename; - - $copier = new MultipartCopy( - $this->s3Client, - $source, - ['bucket' => $bucketName, 'key' => $filename . "-copy"] - ); - - try { - $this->result = $copier->copy(); - } catch (MultipartUploadException $e) { - $this->s3Client->abortMultipartUpload($e->getState()->getId()); - $message = "=====\n"; - while ($e) { - $message .= $e->getMessage() . "\n"; - $e = $e->getPrevious(); - } - $message .= "=====\n"; - Assert::fail($message); - } - } - - /** - * @Then /^the result should contain a\(n\) "([^"]+)"$/ - */ - public function theResultShouldContainA($key) - { - Assert::assertArrayHasKey($key, $this->result); - } - - /** - * @Then the new file should be in the bucket copied from :filename - */ - public function theNewFileShouldBeInTheBucket($filename) - { - Assert::assertEquals( - 'foo', - $this->s3Client->getObject([ - 'Bucket' => self::getResourceName(), - 'Key' => $filename . '-copy', - ])['Body']->getContents() - ); - } - - /** - * @Given I have an s3 client and an uploaded file named :filename with metadata - */ - public function iHaveAnS3ClientAndAnUploadedFileNamedWithMetadata($filename) - { - $this->s3Client = self::getSdk()->createS3(); - $this->filename = $filename; - $this->s3Client->putObject([ - 'Bucket' => self::getResourceName(), - 'Key' => $filename, - 'Body' => 'foo', - 'Metadata' => [ - 'test-key' => 'test-value', - 'another-key' => 'another-value', - ], - 'CacheControl' => 'max-age=3600', - 'ContentDisposition' => 'attachment; filename="test.txt"', - ]); - } - - /** - * @When I call multipartCopy on :filename with metadata_directive :directive and custom metadata - */ - public function iCallMultipartCopyWithDirectiveAndCustomMetadata($filename, $directive) - { - $bucketName = self::getResourceName(); - $source = '/' . $bucketName . '/' . $filename; - - $copier = new MultipartCopy( - $this->s3Client, - $source, - [ - 'bucket' => $bucketName, - 'key' => $filename . '-copy', - 'metadata_directive' => $directive, - 'params' => [ - 'Metadata' => ['custom-key' => 'custom-value'], - 'ContentType' => 'text/plain', - ], - ] - ); - - try { - $this->result = $copier->copy(); - } catch (MultipartUploadException $e) { - $this->s3Client->abortMultipartUpload($e->getState()->getId()); - Assert::fail($e->getMessage()); - } - } - - /** - * @When I call multipartCopy on :filename with metadata_directive :directive and no metadata - */ - public function iCallMultipartCopyWithDirectiveAndNoMetadata($filename, $directive) - { - $bucketName = self::getResourceName(); - $source = '/' . $bucketName . '/' . $filename; - - $copier = new MultipartCopy( - $this->s3Client, - $source, - [ - 'bucket' => $bucketName, - 'key' => $filename . '-copy', - 'metadata_directive' => $directive, - ] - ); - - try { - $this->result = $copier->copy(); - } catch (MultipartUploadException $e) { - $this->s3Client->abortMultipartUpload($e->getState()->getId()); - Assert::fail($e->getMessage()); - } - } - - /** - * @Then the copied file :destKey should have the same metadata as :sourceKey - */ - public function theCopiedFileShouldHaveTheSameMetadataAs($destKey, $sourceKey) - { - $bucketName = self::getResourceName(); - - $sourceHead = $this->s3Client->headObject([ - 'Bucket' => $bucketName, - 'Key' => $sourceKey, - ]); - $destHead = $this->s3Client->headObject([ - 'Bucket' => $bucketName, - 'Key' => $destKey, - ]); - - Assert::assertEquals( - $sourceHead['Metadata'], - $destHead['Metadata'], - 'User-defined metadata should be preserved' - ); - Assert::assertEquals( - $sourceHead['CacheControl'], - $destHead['CacheControl'], - 'CacheControl should be preserved' - ); - Assert::assertEquals( - $sourceHead['ContentDisposition'], - $destHead['ContentDisposition'], - 'ContentDisposition should be preserved' - ); - } - - /** - * @Then the copied file :destKey should have the custom metadata - */ - public function theCopiedFileShouldHaveTheCustomMetadata($destKey) - { - $bucketName = self::getResourceName(); - - $destHead = $this->s3Client->headObject([ - 'Bucket' => $bucketName, - 'Key' => $destKey, - ]); - - Assert::assertEquals( - ['custom-key' => 'custom-value'], - $destHead['Metadata'], - 'Destination should have only the custom metadata' - ); - Assert::assertEquals( - 'text/plain', - $destHead['ContentType'], - 'ContentType should be the user-provided value' - ); - } - - /** - * @Then the copied file :destKey should have no user-defined metadata - */ - public function theCopiedFileShouldHaveNoUserDefinedMetadata($destKey) - { - $bucketName = self::getResourceName(); - - $destHead = $this->s3Client->headObject([ - 'Bucket' => $bucketName, - 'Key' => $destKey, - ]); - - Assert::assertEmpty( - $destHead['Metadata'], - 'Destination should have no user-defined metadata' - ); - } - - /** - * @Given I have a non-seekable read stream - */ - public function iHaveANonSeekableReadStream() - { - $this->iHaveASeekableReadStream(); - $this->stream = new NoSeekStream($this->stream); - } - - /** - * @BeforeSuite - */ - public static function createTempFile() - { - self::$tempFile = tempnam(sys_get_temp_dir(), self::getResourceName()); - file_put_contents(self::$tempFile, str_repeat('x', 10 * self::MB + 1024)); - } - - /** - * @AfterSuite - */ - public static function deleteTempFile() - { - unlink(self::$tempFile); - } - - /** - * @BeforeFeature @s3 - */ - public static function createTestBucket() - { - $client = self::getSdk()->createS3(); - if (!$client->doesBucketExist(self::getResourceName())) { - $client->createBucket(['Bucket' => self::getResourceName()]); - $client->waitUntil('BucketExists', ['Bucket' => self::getResourceName()]); - } - } - - /** - * @AfterFeature @s3 - */ - public static function deleteTestBucket() - { - $client = self::getSdk()->createS3(); - BatchDelete::fromListObjects($client, ['Bucket' => self::getResourceName()])->delete(); - $client->deleteBucket(['Bucket' => self::getResourceName()]); - $client->waitUntil('BucketNotExists', ['Bucket' => self::getResourceName()]); - } - - /** - * @BeforeFeature @glacier - */ - public static function createTestVault() - { - $client = self::getSdk()->createGlacier(); - $client->createVault(['vaultName' => self::RESOURCE_POSTFIX]); - $client->waitUntil('VaultExists', ['vaultName' => self::RESOURCE_POSTFIX]); - } - - private static function getResourceName() - { - static $bucketName; - - if (empty($bucketName)) { - $bucketName = self::getResourcePrefix() . self::RESOURCE_POSTFIX; - } - - return $bucketName; - } -} diff --git a/features/bootstrap/Aws/Test/Integ/NativeStreamContext.php b/features/bootstrap/Aws/Test/Integ/NativeStreamContext.php deleted file mode 100644 index de459dfa36..0000000000 --- a/features/bootstrap/Aws/Test/Integ/NativeStreamContext.php +++ /dev/null @@ -1,176 +0,0 @@ -handle)) { - fclose($this->handle); - } - } - - /** - * @BeforeFeature @s3 - * - * @param BeforeFeatureScope $scope - */ - public static function setUpS3Bucket(BeforeFeatureScope $scope) - { - $client = self::getSdk() - ->createS3(); - - self::$bucket = self::getResourcePrefix() - . str_replace(' ', '-', strtolower($scope->getName())); - - $client->createBucket(['Bucket' => self::$bucket]); - $client->waitUntil('BucketExists', ['Bucket' => self::$bucket]); - } - - /** - * @AfterFeature @s3 - * - * @param AfterFeatureScope $scope - */ - public static function tearDownS3Bucket(AfterFeatureScope $scope) - { - $client = self::getSdk()->createS3(); - - $client->deleteMatchingObjects(self::$bucket, '', '//'); - $client->deleteBucket(['Bucket' => self::$bucket]); - - self::$bucket = null; - } - - /** - * @Given I have a :service client - */ - public function iHaveAClient($service) - { - $this->client = self::getSdk()->createClient($service); - } - - /** - * @Given have registered an s3 stream wrapper - */ - public function haveRegisteredAnS3StreamWrapper() - { - $this->client->registerStreamWrapper(); - } - - /** - * @Given I create a subdirectory :subdir with mkdir - */ - public function iCreateASubdirectory($subdir) - { - mkdir($this->getS3Path($subdir), 520); - sleep(1); - } - - /** - * @When /^I call (\w+) on the (\S+) path$/ - */ - public function iCallOnThePath($method, $path) - { - $this->callSucceeded = call_user_func($method, $this->getS3Path($path)); - } - - /** - * @Then /^the call should return (true|false)$/ - */ - public function theCallShouldReturn($booleanString) - { - Assert::assertSame( - filter_var($booleanString, FILTER_VALIDATE_BOOLEAN), - $this->callSucceeded - ); - } - - /** - * @Given I have a file at :path with the content :contents - */ - public function iHaveAFileAtWithTheContent($path, $contents) - { - Assert::assertGreaterThan( - 0, - file_put_contents($this->getS3Path($path), $contents) - ); - } - - /** - * @Given I have a file at :path with no content - */ - public function iHaveAFileAtWithNoContent($path) - { - Assert::assertSame(0, file_put_contents($this->getS3Path($path), '')); - } - - /** - * @Then the file at :arg1 should contain :arg2 - */ - public function theFileAtShouldContain($key, $contents) - { - Assert::assertStringEqualsFile($this->getS3Path($key), $contents); - } - - /** - * @Given I have a read handle on the file at :arg1 - */ - public function iHaveAReadHandleOnTheFileAt($key) - { - $this->handle = fopen($this->getS3Path($key), 'r'); - } - - /** - * @Then /^reading (\d+) bytes should return (.+)$/ - */ - public function readingBytesShouldReturn($byteCount, $expected) - { - Assert::assertSame($expected, fread($this->handle, $byteCount)); - } - - /** - * @Then /^calling fstat should report a size of (\d+)$/ - */ - public function callingFstatShouldReportASizeOf($size) - { - Assert::assertSame((int) $size, fstat($this->handle)['size']); - } - - /** - * @Then scanning the directory at :dir should return a list with one member named :file - */ - public function scanningTheDirectoryAtShouldReturnAListWithOneMemberNamed($dir, $file) - { - Assert::assertSame([$file], scandir($this->getS3Path($dir))); - } - - private function getS3Path($path) - { - return 's3://' . self::$bucket . '/' . ltrim($path, '/'); - } -} diff --git a/features/bootstrap/Aws/Test/Integ/S3Context.php b/features/bootstrap/Aws/Test/Integ/S3Context.php deleted file mode 100644 index 7e919db0d4..0000000000 --- a/features/bootstrap/Aws/Test/Integ/S3Context.php +++ /dev/null @@ -1,390 +0,0 @@ -createS3(); - if (!$client->doesBucketExistV2(self::getResourceName())) { - $client->createBucket(['Bucket' => self::getResourceName()]); - $client->waitUntil('BucketExists', [ - 'Bucket' => self::getResourceName(), - ]); - } - } - - /** - * @AfterSuite - */ - public static function deleteTestBucket() - { - $client = self::getSdk()->createS3(); - - $result = self::executeWithRetries( - $client, - 'listObjectsV2', - ['Bucket' => self::getResourceName()], - 10, - [404] - ); - - // Delete objects & wait until no longer available before deleting bucket - $client->deleteMatchingObjects(self::getResourceName(), '', '//'); - if (!empty($result['Contents']) && is_array($result['Contents'])) { - foreach ($result['Contents'] as $object) { - $client->waitUntil('ObjectNotExists', [ - 'Bucket' => self::getResourceName(), - 'Key' => $object['Key'], - '@waiter' => [ - 'maxAttempts' => 60, - 'delay' => 10, - ], - ]); - } - } - - // Delete bucket - $result = self::executeWithRetries( - $client, - 'deleteBucket', - ['Bucket' => self::getResourceName()], - 10, - [404] - ); - - // Use account number to generate a unique bucket name - $sts = new StsClient([ - 'version' => 'latest', - 'region' => 'us-east-1' - ]); - $identity = $sts->getCallerIdentity([]); - $logBucket = self::INTEG_LOG_BUCKET_PREFIX . "-{$identity['Account']}"; - - // Log bucket deletion result - if (!($client->doesBucketExistV2($logBucket))) { - $client->createBucket([ - 'Bucket' => $logBucket - ]); - } - $client->putObject([ - 'Bucket' => $logBucket, - 'Key' => self::getResourceName() . '-' . date('Y-M-d__H_i_s'), - 'Body' => print_r($result->toArray(), true) - ]); - - // Wait until bucket is no longer available - $client->waitUntil('BucketNotExists', [ - 'Bucket' => self::getResourceName(), - ]); - } - - /** - * @Given I have uploaded an object to S3 with a key of :key and a body of :body - */ - public function iHaveUploadedThatStringToSWithAKeyOfAndABodyOf($key, $body) - { - self::getSdk() - ->createS3() - ->putObject([ - 'Bucket' => self::getResourceName(), - 'Key' => $key, - 'Body' => $body, - ]); - } - - /** - * @When I create a pre-signed request for a :command command with: - */ - public function iCreateAPreSignedUrlForACommandWith( - $commandName, - TableNode $table - ) { - $args = ['Bucket' => self::getResourceName()]; - foreach ($table as $row) { - $args[$row['key']] = $row['value']; - } - $client = self::getSdk()->createS3(); - $command = $client->getCommand($commandName, $args); - $this->presignedRequest = $client - ->createPresignedRequest($command, '+1 hour'); - } - - /** - * @Then the contents of the response to the presigned request should be :body - */ - public function theContentsAtThePresignedUrlShouldBe($body) - { - // Not using assertStringFileEquals here due to issues with remote files - Assert::assertEquals( - $body, - file_get_contents($this->presignedRequest->getUri()) - ); - } - - /** - * @Given I send the pre-signed request - */ - public function iSendThePreSignedRequest() - { - (new Client)->send($this->presignedRequest); - } - - /** - * @Given I change the body of the pre-signed request to be :body - */ - public function iChangeTheBodyOfThePreSignedRequestToBe($body) - { - $this->presignedRequest = $this->presignedRequest - ->withBody(Psr7\Utils::streamFor($body)); - } - - /** - * @Given I have an s3 client and I have a file - */ - public function iHaveAnClientAndIHaveAFile() - { - $this->s3Client = self::getSdk()->createS3(); - $this->stream = Psr7\Utils::streamFor(Psr7\Utils::tryFopen(self::$tempFile, 'r')); - } - - /** - * @Given I have an array of form inputs as following: - */ - public function iHaveAnArrayOfFormInputsAsFollowing(TableNode $table) - { - foreach ($table as $row) { - $this->formInputs += [$row['key'] => $row['value']]; - } - } - - /** - * @Given I provide an array of policy conditions as following: - */ - public function iProvideAnArrayOfPolicyConditionsAsFollowing(TableNode $table) - { - $this->options = [ - ["bucket" => self::getResourceName()], - ["starts-with", '$key', ""], - ]; - foreach ($table as $row) { - $this->options[] = [$row['key'] => $row['value']]; - } - } - - /** - * @Given I want the policy expires after :expires - */ - public function iWantThePolicyExpiresAfter($expires) - { - $this->expires = $expires; - } - - /** - * @When I create a POST object SigV4 with inputs and policy - */ - public function iCreateAPostObjectSigvWithInputsAndPolicy2() - { - $postObject = new PostObjectV4( - $this->s3Client, - self::getResourceName(), - $this->formInputs, - $this->options, - $this->expires - ); - - $this->preparePostData($postObject); - } - - /** - * @When I make a HTTP POST request - */ - public function iMakeAHttpPostRequest() - { - try { - (new Client)->request( - $this->attributes['method'], - $this->attributes['action'], - [ - 'multipart' => $this->inputs, - ] - ); - } catch (\GuzzleHttp\Exception\ClientException $e) { - echo $e->getResponse()->getBody(); - } - } - - /** - * @Then the file called :filename is uploaded - */ - public function theFileCalledIsUploaded($filename) - { - Assert::assertTrue($this->s3Client->doesObjectExist( - self::getResourceName(), - $filename - )); - - $fileContents = str_repeat('x', 128 * 1024); - Assert::assertEquals( - $fileContents, - $this->s3Client->getObject([ - 'Bucket' => self::getResourceName(), - 'Key' => $filename, - ])['Body']->getContents() - ); - } - - /** - * @Given I have uploaded an object to S3 with BucketKey enabled - */ - public function iHaveUploadedAnObjectToS3WithBucketKeyEnabled() - { - self::getSdk() - ->createS3() - ->putObject([ - 'Bucket' => self::getResourceName(), - 'Key' => 'test.dat', - 'Body' => 'foo', - 'BucketKeyEnabled' => true, - 'ServerSideEncryption' => 'aws:kms' - ]); - } - - /** - * @Then I can verify Bucket Key is enabled at the object level - */ - public function iCanVerifyBucketKeyIsEnabledAtTheObjectLevel() - { - $response = self::getSdk() - ->createS3() - ->headObject([ - 'Bucket' => self::getResourceName(), - 'Key' => 'test.dat', - ]); - $responseHeaders = $response['@metadata']['headers']; - Assert::assertEquals( - 'true', - $responseHeaders['x-amz-server-side-encryption-bucket-key-enabled'] - ); - } - - /** - * Prepare form inputs and attribute for POST - */ - private function preparePostData($postObject) - { - $this->attributes = $postObject->getFormAttributes(); - foreach ($postObject->getFormInputs() as $name => $contents) { - $this->inputs[] = [ - 'name' => $name, - 'contents' => $contents, - ]; - } - $this->inputs[] = [ - 'name' => 'file', - 'contents' => $this->stream, - 'filename' => 'file.ext', - ]; - } - - /** - * Executes S3 client method, adding retries for specified status codes. - * A practical work-around for the testing workflow, given eventual - * consistency constraints. - * - * @param S3Client $client - * @param string $command - * @param array $args - * @param int $retries - * @param array $statusCodes - * @return mixed - */ - private static function executeWithRetries( - $client, - $command, - $args, - $retries, - $statusCodes - ) { - $attempts = 0; - - while (true) { - try { - return call_user_func([$client, $command], $args); - } catch (S3Exception $e) { - if (!in_array($e->getStatusCode(), $statusCodes) - || $attempts >= $retries - ) { - throw $e; - } - $attempts++; - sleep((int) pow(1.2, $attempts)); - } - } - } -} diff --git a/features/bootstrap/Aws/Test/Integ/S3EncryptionContext.php b/features/bootstrap/Aws/Test/Integ/S3EncryptionContext.php deleted file mode 100644 index 24ee0c5e55..0000000000 --- a/features/bootstrap/Aws/Test/Integ/S3EncryptionContext.php +++ /dev/null @@ -1,230 +0,0 @@ -plaintexts = []; - $this->decrypted = []; - $this->operationParams = []; - $this->region = self::DEFAULT_REGION; - $this->cipher = null; - $this->bucket = self::DEFAULT_BUCKET; - } - - /** - * @When I get all fixtures for :algorithm from :bucket - */ - public function iGetAllFixturesForAnAlgorithmFromABucket($algorithm, $bucket) - { - $this->bucket = $bucket; - $this->cipher = $algorithm; - - $prefix = 'crypto_tests/' . $algorithm . '/plaintext_test_case_'; - $prefixLength = strlen($prefix); - $s3Client = self::getSdk()->createS3([ - 'region' => $this->region, - 'version' => 'latest' - ]); - - $objects = $s3Client->listObjects([ - 'Bucket' => $bucket, - 'Prefix' => $prefix - ]); - - foreach ($objects['Contents'] as $objectListing) { - $object = $s3Client->getObject([ - 'Bucket' => $bucket, - 'Key' => $objectListing['Key'] - ]); - - $this->plaintexts[substr($objectListing['Key'], $prefixLength)] - = $object['Body']; - } - } - - /** - * @Then I encrypt each fixture with :wrapAlgorithm :alias :region and :cipher - */ - public function iEncryptEachFixtureWith($wrapAlgorithm, $alias, $region, $cipher) - { - $this->region = $region; - - $kmsClient = self::getSdk()->createKms([ - 'region' => $region - ]); - $keyArn = $this->getKmsArnFromAlias($kmsClient, $alias); - - $materialsProvider = new KmsMaterialsProvider( - $kmsClient, - $keyArn - ); - - foreach ($this->plaintexts as $fileKeyPart => $plaintext) { - // Skip non-kms wraps that we don't support. - if ($wrapAlgorithm !== 'kms') { - continue; - } - - // Skip ciphers that we don't support. - $shortCipher = null; - switch ($cipher) { - case 'aes_gcm': - case 'aes_cbc': - $shortCipher = substr($cipher, 4); - break; - default: - continue 2; - } - - if (!AbstractCryptoClient::isSupportedCipher($shortCipher)) { - continue; - } - - $this->operationParams[$fileKeyPart] = [ - '@CipherOptions' => [ - 'Cipher' => $shortCipher - ], - '@MaterialsProvider' => $materialsProvider, - 'Bucket' => $this->bucket - ]; - } - } - - /** - * @Then upload :language data with folder :folder - */ - public function iUploadLanguageDataWithFolder($language, $folder) - { - $s3Client = self::getSdk()->createS3([ - 'region' => $this->region, - 'version' => 'latest' - ]); - $s3EncryptionClient = new S3EncryptionClient($s3Client); - - foreach ($this->plaintexts as $fileKeyPart => $plaintext) { - $params = $this->operationParams[$fileKeyPart]; - $params['Key'] = 'crypto_tests/' - . $this->cipher - . '/' . $folder - . '/language_' . $language - . '/ciphertext_test_case_' . $fileKeyPart; - $params['Body'] = $plaintext; - - $s3EncryptionClient->putObject($params); - } - } - - /** - * @Then I decrypt each fixture against :language :folder - */ - public function iDecryptEachFixtureAgainstLanguageEncryptionVersion($language, $folder) - { - $materialsProvider = new KmsMaterialsProvider( - self::getSdk()->createKms([ - 'region' => $this->region - ]) - ); - - $s3Client = self::getSdk()->createS3([ - 'region' => $this->region, - 'version' => 'latest' - ]); - $s3EncryptionClient = new S3EncryptionClient($s3Client); - - $fileKeyParts = array_keys($this->plaintexts); - foreach ($fileKeyParts as $fileKeyPart) { - $params = [ - 'Bucket' => $this->bucket, - 'Key' => 'crypto_tests/' - . $this->cipher - . '/' . $folder - . '/language_' . $language - . '/ciphertext_test_case_' . $fileKeyPart - ]; - try { - $result = $s3Client->headObject($params); - } catch (AwsException $exception) { - if ($exception->getAwsErrorCode() === "NotFound") { - continue; - } - throw $exception; - } - - // Skip non-kms wraps that we don't support. - if (empty($result['Metadata'][MetadataEnvelope::KEY_WRAP_ALGORITHM_HEADER]) - || $result['Metadata'][MetadataEnvelope::KEY_WRAP_ALGORITHM_HEADER] !== 'kms') { - continue; - } - - $params['@MaterialsProvider'] = $materialsProvider; - $result = $s3EncryptionClient->getObject($params); - $this->decrypted[$fileKeyPart] = (string)$result['Body']; - } - } - - /** - * @Then I compare the decrypted ciphertext to the plaintext - */ - public function iCompareTheDecryptedCiphertextToThePlaintext() - { - $keys = array_keys($this->decrypted); - foreach ($keys as $key) { - Assert::assertEquals( - strlen($this->plaintexts[$key]), - strlen($this->decrypted[$key]) - ); - Assert::assertEquals( - $this->plaintexts[$key], - $this->decrypted[$key] - ); - } - } - - private function getKmsArnFromAlias(KmsClient $kmsClient, $alias) - { - $results = $kmsClient->getPaginator('ListAliases', [ - 'Bucket' => 'my-bucket' - ]); - - foreach ($results as $result) { - foreach ($result['Aliases'] as $aliasListing) { - if ($aliasListing['AliasName'] === ('alias/' . $alias)) { - return $aliasListing['AliasArn']; - } - } - } - return ''; - } -} - diff --git a/features/bootstrap/Aws/Test/Integ/SmokeContext.php b/features/bootstrap/Aws/Test/Integ/SmokeContext.php deleted file mode 100644 index 342da27dc3..0000000000 --- a/features/bootstrap/Aws/Test/Integ/SmokeContext.php +++ /dev/null @@ -1,436 +0,0 @@ - [ - 'region' => 'us-west-2', - ], - 'Efs' => [ - 'region' => 'us-west-2', - ], - 'Inspector' => [ - 'region' => 'us-west-2', - ], - ]; - - /** - * @BeforeSuite - */ - public static function prepare() - { - error_reporting(-1); - date_default_timezone_set('UTC'); - - // Clear out any previously compiled JMESPath files. - Env::cleanCompileDir(); - } - - /** - * @BeforeFeature @cloudfront - * - * @param BeforeFeatureScope $scope - */ - public static function setUpCloudFront(BeforeFeatureScope $scope) - { - /** @var \Aws\Result $result */ - $result = self::getSdk(self::$configOverrides) - ->createCloudFront() - ->createCloudFrontOriginAccessIdentity([ - 'CloudFrontOriginAccessIdentityConfig' => [ - 'CallerReference' => rand(0, PHP_INT_MAX), - 'Comment' => 'Foo Bar, Baz!', - ], - ]); - - self::$cloudFrontOriginAccessId = $result - ->search('CloudFrontOriginAccessIdentity.Id'); - self::$cloudFrontETag = $result['ETag']; - } - - /** - * @AfterFeature @cloudfront - * - * @param AfterFeatureScope $scope - */ - public static function tearDownCloudFront(AfterFeatureScope $scope) - { - self::getSdk(self::$configOverrides) - ->createCloudFront() - ->deleteCloudFrontOriginAccessIdentity([ - 'Id' => self::$cloudFrontOriginAccessId, - 'IfMatch' => self::$cloudFrontETag, - ]); - } - - /** - * @BeforeFeature @efs - * - * Ensure that the testing credentials have access to the EFS preview; - * skip entire feature otherwise. - * - * @param BeforeFeatureScope $scope - */ - public static function setUpEfs(BeforeFeatureScope $scope) - { - try { - self::getSdk(self::$configOverrides) - ->createEfs() - ->describeFileSystems(); - } catch (\Exception $e) { - // If the test failed because the account has no access to EFS, - // throw the exception to cause the feature to be skipped. - if ($e instanceof AwsException - && 'AccessDeniedException' === $e->getAwsErrorCode() - ) { - throw $e; - } - } - } - - /** - * @BeforeFeature @inspector - * - * Ensure that the testing credentials have access to the Inspector preview; - * skip entire feature otherwise. - * - * @param BeforeFeatureScope $scope - */ - public static function setUpInspector(BeforeFeatureScope $scope) - { - try { - self::getSdk(self::$configOverrides) - ->createInspector() - ->listApplications(); - } catch (\Exception $e) { - // If the test failed because the account has no access to EFS, - // throw the exception to cause the feature to be skipped. - if ($e instanceof AwsException - && 'AccessDeniedException' === $e->getAwsErrorCode() - ) { - throw $e; - } - } - } - - /** - * @BeforeFeature @marketplacecommerceanalytics - * - * Ensure that the testing credentials have a Marketplace Commerce Analytics - * subscription; skip entire feature otherwise. - * - * @param BeforeFeatureScope $scope - */ - public static function setUpMarketplaceCommerceAnalytics(BeforeFeatureScope $scope) - { - try { - self::getSdk(self::$configOverrides) - ->createMarketplaceCommerceAnalytics() - ->generateDataSet([ - 'dataSetType' => 'fake-type', - 'dataSetPublicationDate' => 'fake-date', - 'roleNameArn' => 'fake-arn', - 'destinationS3BucketName' => 'fake-bucket', - 'snsTopicArn' => 'fake-arn', - ]); - } catch (\Exception $e) { - // If the test failed because the account has no support subscription, - // throw the exception to cause the feature to be skipped. - if ($e instanceof AwsException - && 'SubscriptionRequiredException' === $e->getAwsErrorCode() - ) { - throw $e; - } - } - } - - /** - * @BeforeFeature @sqs - * - * @param BeforeFeatureScope $scope - */ - public static function setUpSqs(BeforeFeatureScope $scope) - { - $sqs = self::getSdk(self::$configOverrides) - ->createSqs(); - $queueName = self::getResourcePrefix() . 'testing-queue'; - - $sqs->createQueue(['QueueName' => $queueName]); - $sqs->waitUntil('QueueExists', ['QueueName' => $queueName]); - } - - /** - * @AfterFeature @sqs - * - * @param AfterFeatureScope $scope - */ - public static function tearDownSqs(AfterFeatureScope $scope) - { - $sqs = self::getSdk(self::$configOverrides) - ->createSqs(); - - $sqs->deleteQueue([ - 'QueueUrl' => $sqs->getQueueUrl([ - 'QueueName' => self::getResourcePrefix() . 'testing-queue', - ])['QueueUrl'] - ]); - } - - /** - * @BeforeFeature @support - * - * Ensure that the testing credentials have a support subscription; - * skip entire feature otherwise. - * - * @param BeforeFeatureScope $scope - */ - public static function setUpSupport(BeforeFeatureScope $scope) - { - try { - self::getSdk(self::$configOverrides) - ->createSupport() - ->describeServices(); - } catch (\Exception $e) { - // If the test failed because the account has no support subscription, - // throw the exception to cause the feature to be skipped. - if ($e instanceof AwsException - && 'SubscriptionRequiredException' === $e->getAwsErrorCode() - ) { - throw $e; - } - } - } - - /** - * @BeforeScenario - * - * @param BeforeScenarioScope $scope - */ - public function setUp(BeforeScenarioScope $scope) - { - foreach ($scope->getFeature()->getTags() as $tag) { - try{ - $this->serviceName = Aws\manifest($tag)['namespace']; - break; - } catch (\Exception $e) { - // just in case an additional tag managed to sneak into the smoke tests - } - } - - if (empty($this->serviceName)) { - throw new PendingException( - 'No service found for smoke test tagged with: ' - . implode(', ', $scope->getFeature()->getTags()) - ); - } - - $this->sdk = self::getSdk(self::$configOverrides); - - $this->client = $this->sdk->createClient($this->serviceName); - } - - /** - * @When I call the :commandName API - * - * @param string $commandName - * @param array $payload - */ - public function iCallTheApi($commandName, array $payload = []) - { - $this->response = $this->client->{$commandName}($payload); - } - - /** - * @When I call the :commandName API with: - * - * @param string $command - * @param TableNode $payload - */ - public function iCallTheApiWith($command, TableNode $payload) - { - $this->iCallTheApi($command, $payload->getRowsHash()); - } - - /** - * @When I call the :command API with JSON: - * - * @param string $command - * @param PyStringNode $payload - */ - public function iCallTheApiWithJson($command, PyStringNode $payload) - { - $this->iCallTheApi($command, json_decode($payload->getRaw(), true)); - } - - /** - * @When I attempt to call the :commandName API with: - * - * @param string $command - * @param TableNode $payload - */ - public function iAttemptToCallTheApiWith($command, TableNode $payload) - { - try { - $this->iCallTheApiWith($command, $payload); - } catch (AwsException $e) { - $this->error= $e; - } - } - - /** - * @When I attempt to call the :command API with JSON: - * - * @param string $command - * @param PyStringNode $payload - */ - public function iAttemptToCallTheApiWithJson($command, PyStringNode $payload) - { - try { - $this->iCallTheApiWithJson($command, $payload); - } catch (AwsException $e) { - $this->error= $e; - } - } - - /** - * @Then the value at :key should be a list - * - * @param string $key - */ - public function theValueAtShouldBeAList($key) - { - Assert::assertInstanceOf(Result::class, $this->response); - Assert::assertIsArray($this->response->search($key)); - } - - /** - * @Then I expect the response error code to be :errorCode - * - * @param string $errorCode - */ - public function iExpectTheResponseErrorCodeToBe($errorCode) - { - Assert::assertSame($errorCode, $this->error->getAwsErrorCode()); - } - - /** - * @Then I expect the response error message to include: - * - * @param PyStringNode $string - */ - public function iExpectTheResponseErrorMessageToInclude(PyStringNode $string) - { - Assert::assertStringContainsString($string->getRaw(), $this->error->getMessage()); - } - - /** - * @Then the response should contain a :key - * - * @param string $key - */ - public function theResponseShouldContainA($key) - { - Assert::assertInstanceOf(Result::class, $this->response); - Assert::assertNotNull($this->response->search($key)); - } - - /** - * @Then the error code should be :errorCode - * - * @param string $errorCode - * @param PyStringNode $string - */ - public function theErrorCodeShouldBe($errorCode, ?PyStringNode $string = null) - { - $this->iExpectTheResponseErrorCodeToBe($errorCode); - - if (null !== $string) { - $this->theErrorMessageShouldContain($string); - } - } - - /** - * @Then the request should be successful - */ - public function theRequestShouldBeSuccessful() - { - Assert::assertEmpty($this->error); - } - - /** - * @Then the request should fail - */ - public function theRequestShouldFail() - { - Assert::assertNotEmpty($this->error); - } - - /** - * @Then the error message should contain: - * - * @param PyStringNode $string - */ - public function theErrorMessageShouldContain(PyStringNode $string) - { - Assert::assertStringContainsString($string->getRaw(), $this->error->getMessage()); - } - - /** - * @Then the status code should be :statusCode - * - * @param string $statusCode - */ - public function theStatusCodeShouldBe($statusCode) - { - Assert::assertEquals($statusCode, $this->error->getStatusCode()); - } -} diff --git a/features/bootstrap/Aws/Test/UsesServiceTrait.php b/features/bootstrap/Aws/Test/UsesServiceTrait.php deleted file mode 100644 index e55837538c..0000000000 --- a/features/bootstrap/Aws/Test/UsesServiceTrait.php +++ /dev/null @@ -1,157 +0,0 @@ - 'us-east-1', - 'version' => 'latest', - 'retries' => 0 - ]); - } - - /** - * Creates an instance of a service client for a test - * - * @param string $service - * @param array $args - * - * @return AwsClientInterface - */ - private function getTestClient($service, array $args = []) - { - // Disable network access. If the INTEGRATION envvar is set, then this - // disabling is not done. - if (!isset($_SERVER['INTEGRATION']) - && !isset($args['handler']) - && !isset($args['http_handler']) - ) { - $this->_mock_handler = $args['handler'] = new MockHandler([]); - } - - return $this->getTestSdk($args)->createClient($service); - } - - /** - * Queues up mock Result objects for a client - * - * @param AwsClientInterface $client - * @param Result[]|array[] $results - * @param callable $onFulfilled Callback to invoke when the return value is fulfilled. - * @param callable $onRejected Callback to invoke when the return value is rejected. - * - * @return AwsClientInterface - */ - private function addMockResults( - AwsClientInterface $client, - array $results, - ?callable $onFulfilled = null, - ?callable $onRejected = null - ) { - foreach ($results as &$res) { - if (is_array($res)) { - $res = new Result($res); - } - } - - $this->_mock_handler = new MockHandler($results, $onFulfilled, $onRejected); - $client->getHandlerList()->setHandler($this->_mock_handler); - - return $client; - } - - private function mockQueueEmpty() - { - return 0 === count($this->_mock_handler); - } - - /** - * Creates a mock CommandException with a given error code - * - * @param string $code - * @param string $type - * @param string|null $message - * - * @return AwsException - */ - private function createMockAwsException( - $code = null, - $type = null, - $message = null - ) { - $code = $code ?: 'ERROR'; - $type = $type ?: AwsException::class; - - $client = $this->getMockBuilder(AwsClientInterface::class) - ->setMethods(['getApi']) - ->getMockForAbstractClass(); - - $client->expects($this->any()) - ->method('getApi') - ->will($this->returnValue( - new Service( - [ - 'metadata' => [ - 'endpointPrefix' => 'foo', - 'apiVersion' => 'version' - ] - ], - function () { return []; } - ))); - - return new $type( - $message ?: 'Test error', - $this->getMockBuilder(CommandInterface::class)->getMock(), - [ - 'message' => $message ?: 'Test error', - 'code' => $code - ] - ); - } - - /** - * Verifies an operation alias returns the expected types - * - * @param AwsClientInterface $client - * @param string $operation - * @param array $params - */ - private function verifyOperationAlias( - $client, - $operation, - $params - ) { - $this->addMockResults($client, [new Result()]); - $output = $client->{$operation}($params); - if (substr($operation, -5) === 'Async') { - $this->assertFalse($this->mockQueueEmpty()); - $this->assertInstanceOf('GuzzleHttp\\Promise\\PromiseInterface', $output); - $output = $output->wait(); - $this->assertTrue($this->mockQueueEmpty()); - } - $this->assertInstanceOf(Result::class, $output); - $this->assertTrue($this->mockQueueEmpty()); - } -} diff --git a/features/multipart/s3.feature b/features/multipart/s3.feature index 5b01089ef5..ca91e1c2ff 100644 --- a/features/multipart/s3.feature +++ b/features/multipart/s3.feature @@ -14,18 +14,23 @@ Feature: S3 Multipart Uploads | non-seekable | 3 | Scenario Outline: Uploading a stream with checksum algorithm + # The result key uses S3's PascalCase form (ChecksumCRC32, ChecksumSHA256, + # ChecksumSHA1). The example column matches that capitalization so the + # interpolated step phrase ("Checksum") matches the + # real response key exactly. The step regex still accepts crc32|sha256|sha1 + # case-insensitively via the regex character class. Given I have a read stream When I upload the stream to S3 with a checksum algorithm of "" Then the result should contain a(n) "Checksum" Examples: | seekable | checksumalgorithm | - | seekable | crc32 | - | non-seekable | crc32 | - | seekable | sha256 | - | non-seekable | sha256 | - | seekable | sha1 | - | non-seekable | sha1 | + | seekable | CRC32 | + | non-seekable | CRC32 | + | seekable | SHA256 | + | non-seekable | SHA256 | + | seekable | SHA1 | + | non-seekable | SHA1 | Scenario Outline: Copying a file Given I have an s3 client and an uploaded file named "" @@ -51,3 +56,60 @@ Feature: S3 Multipart Uploads Given I have an s3 client and an uploaded file named "meta-strip" with metadata When I call multipartCopy on "meta-strip" with metadata_directive "REPLACE" and no metadata Then the copied file "meta-strip-copy" should have no user-defined metadata + + Scenario: Caller-supplied Metadata does not trigger REPLACE + Given I have an s3 client and an uploaded file named "no-auto-replace" with metadata + When I call multipartCopy on "no-auto-replace" with caller-supplied Metadata only + Then the copied file "no-auto-replace-copy" should have the same metadata as "no-auto-replace" + And the copied file "no-auto-replace-copy" should have the source's CacheControl + + Scenario: Caller-supplied Tagging does not trigger REPLACE + Given I have an s3 client and an uploaded file named "tags-no-auto" with tags + When I call multipartCopy on "tags-no-auto" with caller-supplied Tagging "k=v&Project=X" only + Then the copied file "tags-no-auto-copy" should have no tags + + @s3annotations + Scenario: tags_directive=COPY copies tags to the destination + Given I have an s3 client and an uploaded file named "tags-default" with tags + When I call multipartCopy on "tags-default" with tags_directive "COPY" + Then the copied file "tags-default-copy" should have the same tags as "tags-default" + + Scenario: Default directives skip tag copying + Given I have an s3 client and an uploaded file named "tags-skip" with tags + When I call multipartCopy on "tags-skip" to a new key in the same bucket + Then the copied file "tags-skip-copy" should have no tags + + Scenario: REPLACE+UNSPECIFIED+EXCLUDE strips metadata and tags + Given I have an s3 client and an uploaded file named "none-strip" with metadata and tags + When I call multipartCopy on "none-strip" with metadata_directive "REPLACE" and tags_directive "UNSPECIFIED" and annotations_directive "EXCLUDE" + Then the copied file "none-strip-copy" should have no user-defined metadata + And the copied file "none-strip-copy" should have no tags + + Scenario: tags_directive=REPLACE writes caller-supplied tags + Given I have an s3 client and an uploaded file named "tags-replace" with tags + When I call multipartCopy on "tags-replace" with tags_directive "REPLACE" and tagging "Project=Override&Env=prod" + Then the copied file "tags-replace-copy" should have tags "Project=Override&Env=prod" + + + # TODO: re-enable once concurrent PutObjectAnnotation behavior enabled. + # Tracking: . ETA: . + # @s3annotations + # Scenario: annotations_directive=COPY copies annotations to the destination + # Given I have an s3 client and an uploaded file named "annot-default" with annotations + # When I call multipartCopy on "annot-default" with annotations_directive "COPY" + # Then the copied file "annot-default-copy" should have the same annotations as "annot-default" + + + @s3annotations + Scenario: annotations_directive=EXCLUDE skips annotation copying + Given I have an s3 client and an uploaded file named "annot-exclude" with annotations + When I call multipartCopy on "annot-exclude" with annotations_directive "EXCLUDE" + Then the copied file "annot-exclude-copy" should have no annotations + + @versioned + Scenario: Copying a versioned source pins the source version + Given I have a versioning-enabled bucket + And I have an uploaded file named "versioned" in the versioned bucket with body "v1" + And I overwrite "versioned" in the versioned bucket with body "v2" + When I call multipartCopy on the original version of "versioned" in the versioned bucket + Then the copied file "versioned-copy" should contain "v1" diff --git a/src/Multipart/UploadState.php b/src/Multipart/UploadState.php index 83b05650d0..9bada253ed 100644 --- a/src/Multipart/UploadState.php +++ b/src/Multipart/UploadState.php @@ -44,12 +44,23 @@ class UploadState /** @var boolean Determines status for tracking the upload */ private $displayProgress = false; + /** + * @var array Subset of upload-manager config retained for resume flows. + * + * Carries the original caller's directives (`metadata_directive`, + * `tags_directive`, `annotations_directive`) so a later + * `getStateFromService(...) → new MultipartCopy(['state' => $s])` can + * replay Phase 3 correctly without the caller having to re-specify. + */ + private array $config = []; + /** * @param array $id Params used to identity the upload. */ public function __construct(array $id, array $config = []) { $this->id = $id; + $this->config = $config; if (isset($config['display_progress']) && is_bool($config['display_progress']) @@ -58,6 +69,14 @@ public function __construct(array $id, array $config = []) } } + /** + * @return array The config array the state was constructed with. + */ + public function getConfig(): array + { + return $this->config; + } + /** * Get the upload's ID, which is a tuple of parameters that can uniquely * identify the upload. diff --git a/src/S3/Exception/MultipartCopyAnnotationException.php b/src/S3/Exception/MultipartCopyAnnotationException.php new file mode 100644 index 0000000000..c29f4ca820 --- /dev/null +++ b/src/S3/Exception/MultipartCopyAnnotationException.php @@ -0,0 +1,47 @@ + */ + private array $failed; + + /** + * @param UploadState $state + * @param array $failed + * @param string[] $succeeded + */ + public function __construct(UploadState $state, array $failed, array $succeeded = []) + { + parent::__construct($state, $failed); + + $this->failed = $failed; + $this->succeeded = $succeeded; + } + + /** + * @return string[] + */ + public function getSucceededAnnotations(): array + { + return $this->succeeded; + } + + /** + * @return array + */ + public function getFailedAnnotations(): array + { + return $this->failed; + } +} diff --git a/src/S3/MultipartCopy.php b/src/S3/MultipartCopy.php index b77c66ad7b..8e7f1c3055 100644 --- a/src/S3/MultipartCopy.php +++ b/src/S3/MultipartCopy.php @@ -3,8 +3,16 @@ namespace Aws\S3; use Aws\Arn\ArnParser; +use Aws\CommandPool; +use Aws\Exception\AwsException; use Aws\Multipart\AbstractUploadManager; +use Aws\Multipart\UploadState; use Aws\ResultInterface; +use Aws\S3\Exception\MultipartCopyAnnotationException; +use Aws\S3\Exception\S3Exception; +use GuzzleHttp\Promise as P; +use GuzzleHttp\Promise\Coroutine; +use GuzzleHttp\Promise\PromiseInterface; use GuzzleHttp\Psr7; class MultipartCopy extends AbstractUploadManager @@ -18,10 +26,32 @@ class MultipartCopy extends AbstractUploadManager 'REPLACE' => true, ]; - /** - * Metadata fields that can be copied from the source object - * to the destination during a multipart copy. - */ + private const TAGS_DIRECTIVE_UNSPECIFIED = 'UNSPECIFIED'; + private const TAGS_DIRECTIVE_COPY = 'COPY'; + private const TAGS_DIRECTIVE_REPLACE = 'REPLACE'; + + private const VALID_TAGS_DIRECTIVES = [ + self::TAGS_DIRECTIVE_UNSPECIFIED => true, + self::TAGS_DIRECTIVE_COPY => true, + self::TAGS_DIRECTIVE_REPLACE => true, + ]; + + private const ANNOTATIONS_DIRECTIVE_UNSPECIFIED = 'UNSPECIFIED'; + private const ANNOTATIONS_DIRECTIVE_COPY = 'COPY'; + private const ANNOTATIONS_DIRECTIVE_EXCLUDE = 'EXCLUDE'; + + private const VALID_ANNOTATIONS_DIRECTIVES = [ + self::ANNOTATIONS_DIRECTIVE_UNSPECIFIED => true, + self::ANNOTATIONS_DIRECTIVE_COPY => true, + self::ANNOTATIONS_DIRECTIVE_EXCLUDE => true, + ]; + + /** Phase 3 PutObjectAnnotation retry policy (full-jitter exponential, capped). */ + private const ANNOTATION_MAX_ATTEMPTS = 3; + private const ANNOTATION_BASE_DELAY_MS = 100; + private const ANNOTATION_MAX_DELAY_MS = 5000; + + /** Metadata fields forwarded from source to destination on metadata_directive=COPY. */ private static array $copyMetadataFields = [ 'CacheControl', 'ContentDisposition', @@ -34,10 +64,16 @@ class MultipartCopy extends AbstractUploadManager /** @var string|array */ private $source; - /** @var string */ + /** @var string|null */ private $sourceVersionId; - /** @var ResultInterface */ + /** @var ResultInterface|null */ private $sourceMetadata; + /** @var string|null */ + private ?string $sourceETag = null; + /** @var array|null Source TagSet (populated when tags_directive resolves to COPY). */ + private ?array $sourceTags = null; + /** @var array Annotation name => payload, populated in Phase 1. */ + private array $annotationBodies = []; /** * Creates a multipart upload for copying an S3 object. @@ -71,14 +107,24 @@ class MultipartCopy extends AbstractUploadManager * of the multipart upload and that is used to resume a previous upload. * When this option is provided, the `bucket`, `key`, and `part_size` * options are ignored. - * - metadata_directive: (string, default='COPY') Specifies whether to copy - * source object metadata to the destination. Set to 'COPY' to - * automatically forward metadata fields (Metadata, CacheControl, - * ContentDisposition, ContentEncoding, ContentLanguage, ContentType, - * Expires) from the source object. When set to 'COPY', source metadata - * takes precedence and any matching fields provided in 'params' are - * ignored. Set to 'REPLACE' to suppress automatic metadata copying and - * use your own values via the 'params' option. + * - metadata_directive: (string, default='COPY') 'COPY' or 'REPLACE'. + * Caller-supplied `params['Metadata']` does NOT change the directive, + * set this option explicitly to opt into REPLACE. When 'COPY', source + * metadata fields (Metadata, CacheControl, ContentDisposition, + * ContentEncoding, ContentLanguage, ContentType, Expires) are forwarded + * and any matching caller-supplied fields are dropped. When 'REPLACE', + * no source metadata is read and caller-supplied params are used as-is. + * - tags_directive: (string, default='UNSPECIFIED') 'UNSPECIFIED', 'COPY', + * or 'REPLACE'. UNSPECIFIED means no tag work and any caller-supplied + * `params['Tagging']` is dropped. COPY reads source tags via GetObjectTagging + * and writes them to the destination via PutObjectTagging after + * CompleteMultipartUpload. REPLACE skips the read and writes + * caller-supplied `params['Tagging']` to the destination. + * - annotations_directive: (string, default='UNSPECIFIED') 'UNSPECIFIED', + * 'COPY', or 'EXCLUDE'. UNSPECIFIED and EXCLUDE both skip annotation + * work. COPY reads source annotations via ListObjectAnnotations and + * per-name GetObjectAnnotation, then writes them to the destination + * via per-name PutObjectAnnotation. * - source_metadata: (Aws\ResultInterface) The result of a HeadObject call * on the copy source. If not provided, the SDK makes a HeadObject request * to obtain the source object's size and metadata. Providing this avoids @@ -86,12 +132,9 @@ class MultipartCopy extends AbstractUploadManager * - display_progress: (boolean) Set true to track status in 1/8th increments * for upload. * - * @param S3ClientInterface $client Client used for the upload. - * @param string|array $source Location of the data to be copied (in the - * form //). If the key contains a '?' - * character, instead pass an array of source_key, - * source_bucket, and source_version_id. - * @param array $config Configuration used to perform the upload. + * @param S3ClientInterface $client + * @param string|array $source + * @param array $config */ public function __construct( S3ClientInterface $client, @@ -104,9 +147,19 @@ public function __construct( $this->source = $this->getInputSource($source); } + $config = array_change_key_case($config); + + // Resume: replay the original directives unless caller overrides. + if (isset($config['state']) && $config['state'] instanceof UploadState) { + $stateConfig = $config['state']->getConfig(); + if (!empty($stateConfig)) { + $config += array_change_key_case($stateConfig); + } + } + parent::__construct( $client, - array_change_key_case($config) + ['source_metadata' => null] + $config + ['source_metadata' => null] ); if ($this->displayProgress) { @@ -117,15 +170,118 @@ public function __construct( } /** - * An alias of the self::upload method. + * Alias of {@see self::upload()}. * - * @see self::upload + * @return ResultInterface */ public function copy() { return $this->upload(); } + /** + * Drives the multipart copy workflow: + * + * Phase 1: Source reads. + * HeadObject (pins VersionId), then (no-op unless tags/annotations were opted in) + * GetObjectTagging and ListObjectAnnotations + per-name GetObjectAnnotation in parallel. + * + * Phase 2: Multipart upload. CreateMultipartUpload, UploadPartCopy parts + * in parallel, CompleteMultipartUpload. + * + * Phase 3 (optional): Destination writes (skipped unless tags/annotations were + * opted in). PutObjectTagging (atomic, fail-fast), then per-name + * PutObjectAnnotation in parallel with retries (partial failure is + * surfaced via {@see MultipartCopyAnnotationException}). + * + * @return PromiseInterface + */ + public function promise(): PromiseInterface + { + if ($this->promise) { + return $this->promise; + } + + return $this->promise = Coroutine::of(function () { + try { + // Phase 1: HeadObject pins VersionId for the conditional reads below. + yield $this->fetchSourceMetadata(); + + $tagsDir = $this->resolveTagsDirective(); + $annotDir = $this->resolveAnnotationsDirective(); + + // Tags + annotations are independent once VersionId is pinned. + $concurrent = []; + if ($tagsDir === self::TAGS_DIRECTIVE_COPY) { + $concurrent[] = $this->fetchSourceTags(); + } + if ($annotDir === self::ANNOTATIONS_DIRECTIVE_COPY) { + $concurrent[] = $this->fetchSourceAnnotations(); + } + if ($concurrent) { + yield P\Utils::all($concurrent); + } + + if ($this->state->isCompleted()) { + throw new \LogicException( + 'This multipart upload has already been completed or aborted.' + ); + } + + // Phase 2: initiate. + if (!$this->state->isInitiated()) { + if (is_callable($this->config['prepare_data_source'])) { + $this->config['prepare_data_source'](); + } + $init = yield $this->execCommand('initiate', $this->getInitiateParams()); + $this->state->setUploadId( + $this->info['id']['upload_id'], + $init[$this->info['id']['upload_id']] + ); + $this->state->setStatus(UploadState::INITIATED); + } + + // Phase 2: parts. + $resultHandler = $this->getResultHandler($errors); + $pool = new CommandPool( + $this->client, + $this->getUploadCommands($resultHandler), + [ + 'concurrency' => $this->config['concurrency'], + 'before' => $this->config['before_upload'], + ] + ); + + yield $pool->promise(); + + if ($errors) { + throw new $this->config['exception_class']($this->state, $errors); + } + + // Phase 2: complete. + $complete = yield $this->execCommand('complete', $this->getCompleteParams()); + $this->state->setStatus(UploadState::COMPLETED); + + // Phase 3: destination writes (if applicable). + $destETag = $complete['ETag'] ?? null; + $destVersionId = $complete['VersionId'] ?? null; + + yield from $this->writeDestinationTags($tagsDir, $destVersionId); + + if ($annotDir === self::ANNOTATIONS_DIRECTIVE_COPY) { + yield from $this->writeDestinationAnnotations($destETag, $destVersionId); + } + + yield $complete; + } catch (AwsException $e) { + throw new $this->config['exception_class']($this->state, $e); + } + }); + } + + /** + * @return array + */ protected function loadUploadWorkflowInfo() { return [ @@ -143,12 +299,17 @@ protected function loadUploadWorkflowInfo() ]; } + /** + * Yields UploadPartCopy commands for parts not yet uploaded. + * + * @param callable $resultHandler + * @return \Generator + */ protected function getUploadCommands(callable $resultHandler) { $parts = ceil($this->getSourceSize() / $this->determinePartSize()); for ($partNumber = 1; $partNumber <= $parts; $partNumber++) { - // If we haven't already uploaded this part, yield a new part. if (!$this->state->hasPartBeenUploaded($partNumber)) { $command = $this->client->getCommand( $this->info['command']['upload'], @@ -160,23 +321,28 @@ protected function getUploadCommands(callable $resultHandler) } } + /** + * Builds the parameter array for a single UploadPartCopy. + * + * @param int $partNumber + * @param int $partsCount + * @return array + */ private function createPart($partNumber, $partsCount) { $data = []; - // Apply custom params to UploadPartCopy data $config = $this->getConfig(); - $params = isset($config['params']) ? $config['params'] : []; + $params = $config['params'] ?? []; foreach ($params as $k => $v) { $data[$k] = $v; } - // The source parameter here is usually a string, but can be overloaded as an array - // if the key contains a '?' character to specify where the query parameters start + // Source may be a string or, when the key contains '?', an array. if (is_array($this->source)) { $key = str_replace('%2F', '/', rawurlencode($this->source['source_key'])); $bucket = $this->source['source_bucket']; } else { - list($bucket, $key) = explode('/', ltrim($this->source, '/'), 2); + [$bucket, $key] = explode('/', ltrim($this->source, '/'), 2); $key = implode( '/', array_map( @@ -193,6 +359,9 @@ private function createPart($partNumber, $partsCount) if (!empty($this->sourceVersionId)) { $data['CopySource'] .= "?versionId=" . $this->sourceVersionId; } + if ($this->sourceETag !== null) { + $data['CopySourceIfMatch'] = $this->sourceETag; + } $defaultPartSize = $this->determinePartSize(); $startByte = $defaultPartSize * ($partNumber - 1); @@ -205,16 +374,27 @@ private function createPart($partNumber, $partsCount) return $data; } + /** + * @param ResultInterface $result + * @return string + */ protected function extractETag(ResultInterface $result) { return $result->search('CopyPartResult.ETag'); } + /** + * Builds CreateMultipartUpload params: applies metadata_directive, strips + * Tagging when Phase 3 will write tags separately. + * + * @return array + * @throws \InvalidArgumentException + */ protected function getInitiateParams() { $params = $this->traitGetInitiateParams(); - $directive = strtoupper($this->config['metadata_directive'] ?? 'COPY'); + $directive = strtoupper($this->resolveMetadataDirective()); if (!isset(self::VALID_METADATA_DIRECTIVES[$directive])) { throw new \InvalidArgumentException( @@ -223,83 +403,495 @@ protected function getInitiateParams() ); } + // CreateMultipartUpload has no MetadataDirective member. The directive is local-only. + // Under COPY, forwarded fields exactly mirror source. Caller's params for fields + // source is empty on are dropped, matching how tags work. if ($directive === 'COPY') { $sourceMetadata = $this->getSourceMetadata(); foreach (self::$copyMetadataFields as $field) { if (!empty($sourceMetadata[$field])) { $params[$field] = $sourceMetadata[$field]; + } else { + unset($params[$field]); } } } + // When tags_directive is UNSPECIFIED, no tag work + // happens at all and any caller-supplied + // params['Tagging'] is dropped here too — callers who need their + // tags applied must opt in via tags_directive='REPLACE'. + unset($params['Tagging']); + return $params; } + /** + * @return string|null + */ protected function getSourceMimeType() { return $this->getSourceMetadata()['ContentType']; } + /** + * @return int + */ protected function getSourceSize() { return $this->getSourceMetadata()['ContentLength']; } + /** + * Sync wrapper for callers in the constructor / trait that need a value now. + * + * @return ResultInterface + */ private function getSourceMetadata() { - if (empty($this->sourceMetadata)) { - $this->sourceMetadata = $this->fetchSourceMetadata(); + return $this->fetchSourceMetadata()->wait(); + } + + /** + * Resolves the source HeadObject result and caches it. + * + * @return PromiseInterface + */ + private function fetchSourceMetadata(): PromiseInterface + { + if (!$this->sourceMetadata instanceof ResultInterface + && $this->config['source_metadata'] instanceof ResultInterface + ) { + $this->sourceMetadata = $this->config['source_metadata']; + $this->captureSourceIdentifiers($this->sourceMetadata); + } + + if ($this->sourceMetadata instanceof ResultInterface) { + return P\Create::promiseFor($this->sourceMetadata); } - return $this->sourceMetadata; + return $this->client->headObjectAsync($this->buildHeadParams()) + ->then(function (ResultInterface $r): ResultInterface { + $this->sourceMetadata = $r; + $this->captureSourceIdentifiers($r); + return $r; + }); } - private function fetchSourceMetadata() + /** + * Captures VersionId and ETag from a source HeadObject result. + * + * @param ResultInterface $r + * @return void + */ + private function captureSourceIdentifiers(ResultInterface $r): void { - if ($this->config['source_metadata'] instanceof ResultInterface) { - return $this->config['source_metadata']; + if (empty($this->sourceVersionId) && !empty($r['VersionId'])) { + $this->sourceVersionId = $r['VersionId']; } - //if the source variable was overloaded with an array, use the inputs for key and bucket + + if (!empty($r['ETag'])) { + $this->sourceETag = $r['ETag']; + } + } + + /** + * Builds HeadObject params for the source, parsing `?versionId=` if present. + * + * @return array + */ + private function buildHeadParams(): array + { if (is_array($this->source)) { $headParams = [ - 'Key' => $this->source['source_key'], - 'Bucket' => $this->source['source_bucket'] + 'Key' => $this->source['source_key'], + 'Bucket' => $this->source['source_bucket'], ]; if (isset($this->source['source_version_id'])) { $this->sourceVersionId = $this->source['source_version_id']; $headParams['VersionId'] = $this->sourceVersionId; } - //otherwise, use the default source parsing behavior + + return $headParams; + } + + [$bucket, $key] = explode('/', ltrim($this->source, '/'), 2); + $headParams = [ + 'Bucket' => $bucket, + 'Key' => $key, + ]; + if (str_contains($key, '?')) { + [$key, $query] = explode('?', $key, 2); + $headParams['Key'] = $key; + $query = Psr7\Query::parse($query, false); + if (isset($query['versionId'])) { + $this->sourceVersionId = $query['versionId']; + $headParams['VersionId'] = $this->sourceVersionId; + } + } + + return $headParams; + } + + /** + * Builds Bucket/Key (and VersionId if pinned) for source-side reads. + * + * @return array + */ + private function buildSourceObjectParams(): array + { + if (is_array($this->source)) { + $p = [ + 'Bucket' => $this->source['source_bucket'], + 'Key' => $this->source['source_key'], + ]; } else { - list($bucket, $key) = explode('/', ltrim($this->source, '/'), 2); - $headParams = [ + [$bucket, $key] = explode('/', ltrim($this->source, '/'), 2); + if (str_contains($key, '?')) { + [$key] = explode('?', $key, 2); + } + + $p = [ 'Bucket' => $bucket, - 'Key' => $key, + 'Key' => rawurldecode($key), + ]; + } + + if (!empty($this->sourceVersionId)) { + $p['VersionId'] = $this->sourceVersionId; + } + + return $p; + } + + /** + * GetObjectTagging on the source. Caches `TagSet` on the instance. + * Requires fetchSourceMetadata() to have resolved (uses pinned VersionId). + * + * @return PromiseInterface + */ + private function fetchSourceTags(): PromiseInterface + { + return $this->client + ->getObjectTaggingAsync($this->buildSourceObjectParams()) + ->then(function (ResultInterface $r): ResultInterface { + $this->sourceTags = $r['TagSet'] ?? []; + return $r; + }); + } + + /** + * Drains source annotation names, then fans out per-name + * GetObjectAnnotation calls bounded by `concurrency`. Caches payloads + * on the instance. Requires fetchSourceMetadata() to have resolved. + * + * @return PromiseInterface + */ + private function fetchSourceAnnotations(): PromiseInterface + { + return Coroutine::of(function () { + $listParams = $this->buildSourceObjectParams(); + + $names = []; + yield $this->client + ->getPaginator('ListObjectAnnotations', $listParams) + ->each(function (ResultInterface $page) use (&$names) { + foreach ($page['Annotations'] ?? [] as $entry) { + if (!empty($entry['AnnotationName'])) { + $names[] = $entry['AnnotationName']; + } + } + }); + + if (empty($names)) { + return; + } + + $getParams = $this->buildSourceObjectParams(); + $commands = array_map(function ($name) use ($getParams) { + return $this->client->getCommand( + 'GetObjectAnnotation', + $getParams + ['AnnotationName' => $name] + ); + }, $names); + + $pool = new CommandPool($this->client, $commands, [ + 'concurrency' => $this->config['concurrency'], + 'fulfilled' => function ( + ResultInterface $result, + $iterKey + ) use ($names) { + $name = $names[$iterKey]; + $payload = $result['AnnotationPayload'] ?? null; + $body = $payload === null ? '' : (string) $payload; + // PutObjectAnnotation requires a payload >= 1 byte. + if ($body !== '') { + $this->annotationBodies[$name] = $body; + } + }, + 'rejected' => function ( + $reason, + $iterKey, + PromiseInterface $aggregatePromise + ) { + // Abort the pool on mid-loop precondition failures. + $aggregatePromise->reject($reason); + }, + ]); + + yield $pool->promise(); + }); + } + + /** + * Destination [Bucket, Key] for Phase 3 writes. Falls back to UploadState id + * for resumed copies. + * + * @return array{0: string, 1: string} + */ + private function resolveDestinationBucketAndKey(): array + { + $bucket = $this->config['bucket'] ?? null; + $key = $this->config['key'] ?? null; + if ($bucket === null || $bucket === '' || $key === null || $key === '') { + $id = $this->state->getId(); + $bucket = $id['Bucket'] ?? $bucket; + $key = $id['Key'] ?? $key; + } + + return [$bucket, $key]; + } + + /** + * Phase 3 step 1: PutObjectTagging on the destination, when the resolved + * tags_directive is COPY (use $this->sourceTags) or REPLACE (use caller- + * supplied params['Tagging']). + * + * @param string $tagsDirective + * @param string|null $destVersionId + * @return \Generator + */ + private function writeDestinationTags( + string $tagsDirective, + ?string $destVersionId + ): \Generator + { + [$destBucket, $destKey] = $this->resolveDestinationBucketAndKey(); + + if ($tagsDirective === self::TAGS_DIRECTIVE_REPLACE) { + $callerTagging = $this->config['params']['Tagging'] ?? null; + if ($callerTagging === null || $callerTagging === '') { + return; + } + + $tagging = is_array($callerTagging) + ? $callerTagging + : ['TagSet' => $this->parseTaggingQueryString((string) $callerTagging)]; + + $params = [ + 'Bucket' => $destBucket, + 'Key' => $destKey, + 'Tagging' => $tagging, ]; - if (strpos($key, '?')) { - list($key, $query) = explode('?', $key, 2); - $headParams['Key'] = $key; - $query = Psr7\Query::parse($query, false); - if (isset($query['versionId'])) { - $this->sourceVersionId = $query['versionId']; - $headParams['VersionId'] = $this->sourceVersionId; + if ($destVersionId !== null) { + $params['VersionId'] = $destVersionId; + } + + yield $this->client->putObjectTaggingAsync($params); + return; + } + + if ($tagsDirective !== self::TAGS_DIRECTIVE_COPY || empty($this->sourceTags)) { + return; + } + + $params = [ + 'Bucket' => $destBucket, + 'Key' => $destKey, + 'Tagging' => ['TagSet' => $this->sourceTags], + ]; + if ($destVersionId !== null) { + $params['VersionId'] = $destVersionId; + } + + yield $this->client->putObjectTaggingAsync($params); + } + + /** + * Phase 3 step 2: per-name PutObjectAnnotation on the destination. + * Promise\Each::ofLimitAll over a generator: each step is invoked only + * when a concurrency slot opens, bounding in-flight requests. + * + * @param string|null $destETag + * @param string|null $destVersionId + * @return \Generator + * @throws MultipartCopyAnnotationException + */ + private function writeDestinationAnnotations( + ?string $destETag, + ?string $destVersionId + ): \Generator + { + if (empty($this->annotationBodies)) { + return; + } + + $succeeded = []; + /** @var array $failed */ + $failed = []; + + [$destBucket, $destKey] = $this->resolveDestinationBucketAndKey(); + + $putAnnotationsCalls = function () use ( + $destBucket, + $destKey, + $destETag, + $destVersionId, + &$succeeded, + &$failed + ) { + foreach ($this->annotationBodies as $name => $body) { + $params = [ + 'Bucket' => $destBucket, + 'Key' => $destKey, + 'AnnotationName' => $name, + 'AnnotationPayload' => $body, + ]; + if ($destVersionId !== null) { + $params['VersionId'] = $destVersionId; + } + if ($destETag !== null) { + $params['ObjectIfMatch'] = $destETag; } + + yield $this->putAnnotationWithRetries($params)->then( + function () use ($name, &$succeeded) { + $succeeded[] = $name; + }, + function ($reason) use ($name, &$failed) { + $failed[$name] = $reason; + } + ); } + }; + + yield P\Each::ofLimitAll($putAnnotationsCalls(), $this->config['concurrency']); + + if ($failed) { + throw new MultipartCopyAnnotationException( + $this->state, + $failed, + $succeeded + ); + } + } + + /** + * Single-annotation PutObjectAnnotation with exponential + * backoff + jitter. Delay is set on the command via `@http.delay`. + * + * @param array $baseParams + * @return PromiseInterface + */ + private function putAnnotationWithRetries(array $baseParams): PromiseInterface + { + return Coroutine::of(function () use ($baseParams) { + $delayMs = 0; + for ($attempt = 1; $attempt <= self::ANNOTATION_MAX_ATTEMPTS; $attempt++) { + $params = $baseParams; + if ($delayMs > 0) { + $params['@http'] = ['delay' => $delayMs]; + } + + try { + $result = yield $this->client->putObjectAnnotationAsync($params); + + yield P\Create::promiseFor($result); + + return; + } catch (S3Exception $e) { + $code = $e->getStatusCode(); + $retryable = ($code !== null && $code >= 500); + if (!$retryable || $attempt === self::ANNOTATION_MAX_ATTEMPTS) { + throw $e; + } + + // Full-jitter exponential backoff. + $base = self::ANNOTATION_BASE_DELAY_MS << ($attempt - 1); + $delayMs = random_int(0, min(self::ANNOTATION_MAX_DELAY_MS, $base)); + } + } + }); + } + + /** + * @return string + */ + private function resolveMetadataDirective(): string + { + $explicit = $this->config['metadata_directive'] ?? null; + if ($explicit !== null) { + return strtoupper((string) $explicit); } - return $this->client->headObject($headParams); + + return 'COPY'; } /** - * Get the url decoded input source, starting with a slash if it is not an - * ARN to standardize the source location syntax. + * @return string + * @throws \InvalidArgumentException + */ + private function resolveTagsDirective(): string + { + $explicit = $this->config['tags_directive'] ?? null; + if ($explicit === null) { + return self::TAGS_DIRECTIVE_UNSPECIFIED; + } + + $value = strtoupper((string) $explicit); + if (!isset(self::VALID_TAGS_DIRECTIVES[$value])) { + throw new \InvalidArgumentException( + "Invalid tags_directive value '$value'. Must be one of: " + . implode(', ', array_keys(self::VALID_TAGS_DIRECTIVES)) . '.' + ); + } + + return $value; + } + + /** + * @return string + * @throws \InvalidArgumentException + */ + private function resolveAnnotationsDirective(): string + { + $explicit = $this->config['annotations_directive'] ?? null; + if ($explicit === null) { + return self::ANNOTATIONS_DIRECTIVE_UNSPECIFIED; + } + + $value = strtoupper((string) $explicit); + if (!isset(self::VALID_ANNOTATIONS_DIRECTIVES[$value])) { + throw new \InvalidArgumentException( + "Invalid annotations_directive value '$value'. Must be one of: " + . implode(', ', array_keys(self::VALID_ANNOTATIONS_DIRECTIVES)) . '.' + ); + } + + return $value; + } + + /** + * URL-decoded source location, prefixed with '/' when not an ARN. * - * @param string $inputSource The source that was passed to the constructor - * @return string The source, starting with a slash if it's not an arn + * @param string $inputSource + * @return string */ private function getInputSource($inputSource) { $sourceBuilder = ArnParser::isArn($inputSource) ? '' : '/'; $sourceBuilder .= ltrim(rawurldecode($inputSource), '/'); + return $sourceBuilder; } } diff --git a/src/S3/MultipartUploadingTrait.php b/src/S3/MultipartUploadingTrait.php index b98a2d795d..f76c2e7ecc 100644 --- a/src/S3/MultipartUploadingTrait.php +++ b/src/S3/MultipartUploadingTrait.php @@ -17,6 +17,17 @@ trait MultipartUploadingTrait * @param string $bucket Bucket for the multipart upload. * @param string $key Object key for the multipart upload. * @param string $uploadId Upload ID for the multipart upload. + * @param array $config Optional config to retain on the + * state. Pass the directive keys + * (`metadata_directive`, + * `tags_directive`, + * `annotations_directive`) the + * original copy was launched with so + * a resumed `MultipartCopy` replays + * Phase 3 with the same behavior. The + * caller can also override directives + * on the resume by passing them again + * to the `MultipartCopy` constructor. * * @return UploadState */ @@ -24,13 +35,14 @@ public static function getStateFromService( S3ClientInterface $client, $bucket, $key, - $uploadId + $uploadId, + array $config = [] ) { $state = new UploadState([ 'Bucket' => $bucket, 'Key' => $key, 'UploadId' => $uploadId, - ]); + ], $config); foreach ($client->getPaginator('ListParts', $state->getId()) as $result) { // Get the part size from the first part in the first result. @@ -148,4 +160,30 @@ abstract protected function getSourceSize(); * @return string|null */ abstract protected function getSourceMimeType(); + + /** + * Parses an S3 Tagging query-string (`k=v&k2=v2`) into a TagSet array + * (`[['Key' => k, 'Value' => v], ...]`). + * + * Shared between MultipartUpload (where callers may pass a Tagging string + * via params) and MultipartCopy's tags_directive=REPLACE path. + * + * @param string $tagging + * @return array + */ + protected static function parseTaggingQueryString(string $tagging): array + { + $tagSet = []; + foreach (explode('&', $tagging) as $pair) { + if ($pair === '') { + continue; + } + $parts = explode('=', $pair, 2); + $tagSet[] = [ + 'Key' => urldecode($parts[0]), + 'Value' => urldecode($parts[1] ?? ''), + ]; + } + return $tagSet; + } } diff --git a/src/Sdk.php b/src/Sdk.php index edf13f0ba5..69d6719d3e 100644 --- a/src/Sdk.php +++ b/src/Sdk.php @@ -857,7 +857,7 @@ */ class Sdk { - const VERSION = '3.384.11'; + const VERSION = '3.385.0'; /** @var array Arguments for creating clients */ private $args; diff --git a/tests/Integ/MultipartContext.php b/tests/Integ/MultipartContext.php index b8af409575..1ff71eb6e2 100644 --- a/tests/Integ/MultipartContext.php +++ b/tests/Integ/MultipartContext.php @@ -26,6 +26,7 @@ class MultipartContext implements Context, SnippetAcceptingContext const MB = 1048576; const RESOURCE_POSTFIX = 'php-integration-multipart-test'; + const VERSIONED_RESOURCE_POSTFIX = 'php-integration-multipart-versioned'; private static $tempFile; /** @var StreamInterface */ @@ -36,6 +37,8 @@ class MultipartContext implements Context, SnippetAcceptingContext private $s3Client; /** @var string */ private $filename; + /** @var string|null Captured VersionId for the @versioned scenarios. */ + private $originalVersionId; /** * @Given I have a seekable read stream @@ -89,7 +92,7 @@ public function iUploadTheStreamToS3WithAConcurrencyFactorOf($concurrency) } /** - * @When /^I upload the stream to S3 with a checksum algorithm of "(crc32|sha256|sha1)"$/ + * @When /^I upload the stream to S3 with a checksum algorithm of "(CRC32|SHA256|SHA1|crc32|sha256|sha1)"$/ */ public function iUploadTheStreamToS3WithAChecksumAlgorithmOf($checksumAlgorithm) { @@ -98,15 +101,12 @@ public function iUploadTheStreamToS3WithAChecksumAlgorithmOf($checksumAlgorithm) 'bucket' => self::getResourceName(), 'key' => get_class($this->stream) . $checksumAlgorithm, 'before_initiate' => function (CommandInterface $command) use ($checksumAlgorithm) { - // $command is a CreateMultipartUpload operation $command['ChecksumAlgorithm'] = $checksumAlgorithm; }, 'before_upload' => function (CommandInterface $command) use ($checksumAlgorithm) { - // $command is an UploadPart operation $command['ChecksumAlgorithm'] = $checksumAlgorithm; }, 'before_complete' => function (CommandInterface $command) use ($checksumAlgorithm) { - // $command is a CompleteMultipartUpload operation $command['ChecksumAlgorithm'] = $checksumAlgorithm; }, ]); @@ -187,12 +187,6 @@ public function iCallMultipartCopyOnToANewKeyInTheSameBucket($filename) */ public function theResultShouldContainA($key) { - if (strpos($key, "Checksum") === 0) { - $algorithm = substr($key, strlen("Checksum")); - $formattedAlgorithm = strtoupper($algorithm); - $key = "Checksum" . $formattedAlgorithm; - } - Assert::assertArrayHasKey($key, $this->result); } @@ -430,4 +424,640 @@ private static function getResourceName() return $bucketName; } + + private static function getVersionedResourceName() + { + static $bucketName; + + if (empty($bucketName)) { + $bucketName = self::getResourcePrefix() . self::VERSIONED_RESOURCE_POSTFIX; + } + + return $bucketName; + } + + // ---------- Caller-supplied Metadata does not trigger REPLACE ---------- + + /** + * @When I call multipartCopy on :filename with caller-supplied Metadata only + */ + public function iCallMultipartCopyWithCallerSuppliedMetadataOnly($filename) + { + $bucketName = self::getResourceName(); + $copier = new MultipartCopy( + $this->s3Client, + '/' . $bucketName . '/' . $filename, + [ + 'bucket' => $bucketName, + 'key' => $filename . '-copy', + 'params' => [ + 'Metadata' => ['caller-key' => 'caller-value'], + ], + ] + ); + $this->runCopy($copier); + } + + /** + * @Then the copied file :destKey should have the source's CacheControl + */ + public function theCopiedFileShouldHaveSourceCacheControl($destKey) + { + $head = $this->headObject(self::getResourceName(), $destKey); + Assert::assertSame( + 'max-age=3600', + $head['CacheControl'] ?? '', + "Destination must inherit source's CacheControl when no explicit " + . "metadata_directive is set." + ); + } + + /** + * @When I call multipartCopy on :filename with caller-supplied Tagging :tagging only + */ + public function iCallMultipartCopyOnWithCallerSuppliedTaggingOnly($filename, $tagging) + { + $bucketName = self::getResourceName(); + $copier = new MultipartCopy( + $this->s3Client, + '/' . $bucketName . '/' . $filename, + [ + 'bucket' => $bucketName, + 'key' => $filename . '-copy', + 'params' => ['Tagging' => $tagging], + ] + ); + $this->runCopy($copier); + } + + // ---------- Tags fixtures and assertions ---------- + + /** + * @Given I have an s3 client and an uploaded file named :filename with tags + */ + public function iHaveAnS3ClientAndAnUploadedFileNamedWithTags($filename) + { + $this->s3Client = self::getSdk()->createS3(); + $this->filename = $filename; + $bucket = self::getResourceName(); + $this->s3Client->putObject([ + 'Bucket' => $bucket, + 'Key' => $filename, + 'Body' => 'foo', + ]); + $this->s3Client->waitUntil('ObjectExists', [ + 'Bucket' => $bucket, + 'Key' => $filename, + ]); + $this->s3Client->putObjectTagging([ + 'Bucket' => $bucket, + 'Key' => $filename, + 'Tagging' => ['TagSet' => $this->fixtureTagSet()], + ]); + } + + /** + * @Given I have an s3 client and an uploaded file named :filename with metadata and tags + */ + public function iHaveAnS3ClientAndAnUploadedFileNamedWithMetadataAndTags($filename) + { + $this->iHaveAnS3ClientAndAnUploadedFileNamedWithMetadata($filename); + $this->s3Client->waitUntil('ObjectExists', [ + 'Bucket' => self::getResourceName(), + 'Key' => $filename, + ]); + $this->s3Client->putObjectTagging([ + 'Bucket' => self::getResourceName(), + 'Key' => $filename, + 'Tagging' => ['TagSet' => $this->fixtureTagSet()], + ]); + } + + /** + * @When I call multipartCopy on :filename with tags_directive :tagsDir + */ + public function iCallMultipartCopyOnWithTagsDirective($filename, $tagsDir) + { + $bucket = self::getResourceName(); + $copier = new MultipartCopy( + $this->s3Client, + '/' . $bucket . '/' . $filename, + [ + 'bucket' => $bucket, + 'key' => $filename . '-copy', + 'tags_directive' => $tagsDir, + ] + ); + $this->runCopy($copier); + } + + /** + * @When I call multipartCopy on :filename with metadata_directive :metaDir and tags_directive :tagsDir and annotations_directive :annotDir + */ + public function iCallMultipartCopyOnWithAllThreeDirectives( + $filename, + $metaDir, + $tagsDir, + $annotDir + ) { + $bucket = self::getResourceName(); + $copier = new MultipartCopy( + $this->s3Client, + '/' . $bucket . '/' . $filename, + [ + 'bucket' => $bucket, + 'key' => $filename . '-copy', + 'metadata_directive' => $metaDir, + 'tags_directive' => $tagsDir, + 'annotations_directive' => $annotDir, + ] + ); + $this->runCopy($copier); + } + + /** + * @When I call multipartCopy on :filename with tags_directive :tagsDir and tagging :tagging + */ + public function iCallMultipartCopyOnWithTagsDirectiveAndTagging($filename, $tagsDir, $tagging) + { + $bucket = self::getResourceName(); + $copier = new MultipartCopy( + $this->s3Client, + '/' . $bucket . '/' . $filename, + [ + 'bucket' => $bucket, + 'key' => $filename . '-copy', + 'tags_directive' => $tagsDir, + 'params' => ['Tagging' => $tagging], + ] + ); + $this->runCopy($copier); + } + + /** + * @Then the copied file :destKey should have the same tags as :sourceKey + */ + public function theCopiedFileShouldHaveTheSameTagsAs($destKey, $sourceKey) + { + $bucket = self::getResourceName(); + $this->s3Client->waitUntil('ObjectExists', ['Bucket' => $bucket, 'Key' => $destKey]); + + $sourceTags = $this->normalizeTagSet( + $this->s3Client->getObjectTagging(['Bucket' => $bucket, 'Key' => $sourceKey])['TagSet'] ?? [] + ); + $destTags = $this->normalizeTagSet( + $this->s3Client->getObjectTagging(['Bucket' => $bucket, 'Key' => $destKey])['TagSet'] ?? [] + ); + Assert::assertEquals( + $sourceTags, + $destTags, + 'Destination tags should match source tags' + ); + } + + /** + * @Then the copied file :destKey should have tags :tagging + */ + public function theCopiedFileShouldHaveTags($destKey, $tagging) + { + $bucket = self::getResourceName(); + $this->s3Client->waitUntil('ObjectExists', ['Bucket' => $bucket, 'Key' => $destKey]); + + $expected = $this->normalizeTagSet($this->parseTaggingQueryString($tagging)); + $actual = $this->normalizeTagSet( + $this->s3Client->getObjectTagging(['Bucket' => $bucket, 'Key' => $destKey])['TagSet'] ?? [] + ); + Assert::assertEquals($expected, $actual, 'Destination tags should match expected'); + } + + /** + * @Then the copied file :destKey should have no tags + */ + public function theCopiedFileShouldHaveNoTags($destKey) + { + $bucket = self::getResourceName(); + $this->s3Client->waitUntil('ObjectExists', ['Bucket' => $bucket, 'Key' => $destKey]); + $tagSet = $this->s3Client->getObjectTagging(['Bucket' => $bucket, 'Key' => $destKey])['TagSet'] ?? []; + Assert::assertSame([], $tagSet, 'Destination should have no tags'); + } + + // ---------- Annotations fixtures and assertions ---------- + + /** + * @Given I have an s3 client and an uploaded file named :filename with annotations + */ + public function iHaveAnS3ClientAndAnUploadedFileNamedWithAnnotations($filename) + { + $this->s3Client = self::getSdk()->createS3(); + $this->filename = $filename; + $bucket = self::getResourceName(); + $this->s3Client->putObject([ + 'Bucket' => $bucket, + 'Key' => $filename, + 'Body' => 'foo', + ]); + $this->s3Client->waitUntil('ObjectExists', ['Bucket' => $bucket, 'Key' => $filename]); + + foreach ($this->fixtureAnnotations() as $name => $payload) { + $this->s3Client->putObjectAnnotation([ + 'Bucket' => $bucket, + 'Key' => $filename, + 'AnnotationName' => $name, + 'AnnotationPayload' => $payload, + ]); + } + } + + /** + * @When I call multipartCopy on :filename with annotations_directive :annotDir + */ + public function iCallMultipartCopyOnWithAnnotationsDirective($filename, $annotDir) + { + $bucket = self::getResourceName(); + $copier = new MultipartCopy( + $this->s3Client, + '/' . $bucket . '/' . $filename, + [ + 'bucket' => $bucket, + 'key' => $filename . '-copy', + 'annotations_directive' => $annotDir, + ] + ); + $this->runCopy($copier); + } + + /** + * @Then the copied file :destKey should have the same annotations as :sourceKey + */ + public function theCopiedFileShouldHaveTheSameAnnotationsAs($destKey, $sourceKey) + { + $bucket = self::getResourceName(); + $this->s3Client->waitUntil('ObjectExists', ['Bucket' => $bucket, 'Key' => $destKey]); + + $sourceNames = $this->listAllAnnotationNames($bucket, $sourceKey); + $destNames = $this->listAllAnnotationNames($bucket, $destKey); + sort($sourceNames); + sort($destNames); + Assert::assertEquals($sourceNames, $destNames, 'Annotation names should match'); + + foreach ($sourceNames as $name) { + $sourceBody = (string) $this->s3Client->getObjectAnnotation([ + 'Bucket' => $bucket, + 'Key' => $sourceKey, + 'AnnotationName' => $name, + ])['AnnotationPayload']; + $destBody = (string) $this->s3Client->getObjectAnnotation([ + 'Bucket' => $bucket, + 'Key' => $destKey, + 'AnnotationName' => $name, + ])['AnnotationPayload']; + Assert::assertSame( + $sourceBody, + $destBody, + "Annotation '$name' body should match" + ); + } + } + + /** + * @Then the copied file :destKey should have no annotations + */ + public function theCopiedFileShouldHaveNoAnnotations($destKey) + { + $bucket = self::getResourceName(); + $this->s3Client->waitUntil('ObjectExists', ['Bucket' => $bucket, 'Key' => $destKey]); + $names = $this->listAllAnnotationNames($bucket, $destKey); + Assert::assertSame([], $names, 'Destination should have no annotations'); + } + + // ---------- Versioning scenarios ---------- + + /** + * @Given I have a versioning-enabled bucket + */ + public function iHaveAVersioningEnabledBucket() + { + // The bucket itself is created by the @BeforeFeature @versioned hook. + // This step just binds the client and ensures versioning is on. + $this->s3Client = self::getSdk()->createS3(); + $this->s3Client->putBucketVersioning([ + 'Bucket' => self::getVersionedResourceName(), + 'VersioningConfiguration' => ['Status' => 'Enabled'], + ]); + } + + /** + * @Given I have an uploaded file named :filename in the versioned bucket with body :body + */ + public function iHaveAnUploadedFileInTheVersionedBucketWithBody($filename, $body) + { + $bucket = self::getVersionedResourceName(); + $put = $this->s3Client->putObject([ + 'Bucket' => $bucket, + 'Key' => $filename, + 'Body' => $body, + ]); + $this->originalVersionId = $put['VersionId'] ?? null; + Assert::assertNotEmpty( + $this->originalVersionId, + 'Versioning-enabled bucket must return a VersionId on putObject' + ); + $this->filename = $filename; + $this->s3Client->waitUntil('ObjectExists', ['Bucket' => $bucket, 'Key' => $filename]); + } + + /** + * @Given I overwrite :filename in the versioned bucket with body :body + */ + public function iOverwriteInTheVersionedBucketWithBody($filename, $body) + { + $this->s3Client->putObject([ + 'Bucket' => self::getVersionedResourceName(), + 'Key' => $filename, + 'Body' => $body, + ]); + } + + /** + * @When I call multipartCopy on the original version of :filename in the versioned bucket + */ + public function iCallMultipartCopyOnTheOriginalVersionInTheVersionedBucket($filename) + { + $bucket = self::getVersionedResourceName(); + $copier = new MultipartCopy( + $this->s3Client, + [ + 'source_bucket' => $bucket, + 'source_key' => $filename, + 'source_version_id' => $this->originalVersionId, + ], + [ + 'bucket' => $bucket, + 'key' => $filename . '-copy', + ] + ); + $this->runCopy($copier); + } + + /** + * @Then the copied file :destKey should contain :body + */ + public function theCopiedFileShouldContain($destKey, $body) + { + $bucket = self::getVersionedResourceName(); + $this->s3Client->waitUntil('ObjectExists', ['Bucket' => $bucket, 'Key' => $destKey]); + $contents = $this->s3Client->getObject([ + 'Bucket' => $bucket, + 'Key' => $destKey, + ])['Body']->getContents(); + Assert::assertSame($body, $contents); + } + + // ---------- Lifecycle for the versioned bucket ---------- + + /** + * @BeforeScenario @versioned + * + * Scoped to scenarios rather than the feature because the @versioned tag + * lives on individual scenarios, not the feature header. + */ + public static function createVersionedTestBucket() + { + $client = self::getSdk()->createS3(); + $bucket = self::getResourcePrefix() . self::VERSIONED_RESOURCE_POSTFIX; + + // Probe with HeadBucket; create on 404. Avoids the deprecated + // doesBucketExist helper. + try { + $client->headBucket(['Bucket' => $bucket]); + } catch (\Aws\S3\Exception\S3Exception $e) { + if ($e->getStatusCode() === 404) { + $client->createBucket(['Bucket' => $bucket]); + $client->waitUntil('BucketExists', ['Bucket' => $bucket]); + } else { + throw $e; + } + } + $client->putBucketVersioning([ + 'Bucket' => $bucket, + 'VersioningConfiguration' => ['Status' => 'Enabled'], + ]); + } + + /** + * @AfterScenario @versioned + * + * Best-effort cleanup of a versioning-enabled bucket. S3 won't allow + * deleteBucket while there are object versions, delete markers, or + * in-progress multipart uploads, so we drain each in turn and tolerate + * per-page failures rather than aborting on the first transient error. + */ + public static function deleteVersionedTestBucket() + { + $client = self::getSdk()->createS3(); + $bucket = self::getResourcePrefix() . self::VERSIONED_RESOURCE_POSTFIX; + + // 1) Abort any in-progress multipart uploads left behind by failed scenarios. + try { + $token = null; + $idToken = null; + do { + $params = ['Bucket' => $bucket]; + if ($token !== null) $params['KeyMarker'] = $token; + if ($idToken !== null) $params['UploadIdMarker'] = $idToken; + $uploads = $client->listMultipartUploads($params); + + foreach ($uploads['Uploads'] ?? [] as $u) { + try { + $client->abortMultipartUpload([ + 'Bucket' => $bucket, + 'Key' => $u['Key'], + 'UploadId' => $u['UploadId'], + ]); + } catch (\Throwable $ignored) { + // continue draining + } + } + $token = $uploads['NextKeyMarker'] ?? null; + $idToken = $uploads['NextUploadIdMarker'] ?? null; + } while (!empty($token) || !empty($idToken)); + } catch (\Throwable $ignored) { + // listing MPUs failed; proceed to version cleanup anyway + } + + // 2) Delete all object versions and delete markers, page by page. + $token = null; + $idToken = null; + do { + try { + $params = ['Bucket' => $bucket]; + if ($token !== null) $params['KeyMarker'] = $token; + if ($idToken !== null) $params['VersionIdMarker'] = $idToken; + $page = $client->listObjectVersions($params); + + $toDelete = []; + foreach ($page['Versions'] ?? [] as $v) { + $toDelete[] = ['Key' => $v['Key'], 'VersionId' => $v['VersionId']]; + } + foreach ($page['DeleteMarkers'] ?? [] as $m) { + $toDelete[] = ['Key' => $m['Key'], 'VersionId' => $m['VersionId']]; + } + if (!empty($toDelete)) { + try { + $client->deleteObjects([ + 'Bucket' => $bucket, + 'Delete' => ['Objects' => $toDelete], + ]); + } catch (\Throwable $ignored) { + // continue with the next page + } + } + $token = $page['NextKeyMarker'] ?? null; + $idToken = $page['NextVersionIdMarker'] ?? null; + } catch (\Throwable $listErr) { + // can't list further; bail to deleteBucket attempt + $token = null; + $idToken = null; + } + } while (!empty($token) || !empty($idToken)); + + // 3) Delete the bucket. Retry once after a short pause for eventual + // consistency on the version cleanup. + try { + $client->deleteBucket(['Bucket' => $bucket]); + $client->waitUntil('BucketNotExists', ['Bucket' => $bucket]); + } catch (\Throwable $first) { + usleep(500_000); + try { + $client->deleteBucket(['Bucket' => $bucket]); + $client->waitUntil('BucketNotExists', ['Bucket' => $bucket]); + } catch (\Throwable $second) { + // Surface the failure so CI flags the leak but don't abort + // suite teardown. + fwrite( + STDERR, + "WARNING: failed to delete versioned test bucket {$bucket}: " + . $second->getMessage() . "\n" + ); + } + } + } + + // ---------- Internal helpers ---------- + + /** + * Runs a configured MultipartCopy and stores the result. On failure, + * makes a best-effort attempt to abort any in-flight upload, then surfaces + * the full exception chain as an Assert::fail message. + * + * Catches \Throwable rather than only MultipartUploadException so that + * Phase-1/Phase-3 failures (S3Exception from constructor, RuntimeException + * from annotation partial-failure) get the same framed message treatment. + */ + private function runCopy(MultipartCopy $copier): void + { + try { + $this->result = $copier->copy(); + } catch (\Throwable $e) { + $this->bestEffortAbortUpload($e); + + $message = "=====\n"; + $cur = $e; + while ($cur) { + $message .= get_class($cur) . ': ' . $cur->getMessage() . "\n"; + $cur = $cur->getPrevious(); + } + $message .= "=====\n"; + Assert::fail($message); + } + } + + /** + * If the failure carries an MPU state with a real UploadId, attempt to + * abort it. Swallows any secondary failure from the abort itself so the + * original error is what gets reported. + */ + private function bestEffortAbortUpload(\Throwable $e): void + { + if (!$e instanceof MultipartUploadException) { + return; + } + $id = $e->getState()->getId(); + if (empty($id['UploadId'])) { + return; // failed before initiate; nothing to abort + } + try { + $this->s3Client->abortMultipartUpload($id); + } catch (\Throwable $ignored) { + // best-effort + } + } + + private function headObject(string $bucket, string $key): array + { + $this->s3Client->waitUntil('ObjectExists', ['Bucket' => $bucket, 'Key' => $key]); + return $this->s3Client->headObject(['Bucket' => $bucket, 'Key' => $key])->toArray(); + } + + /** + * Sorts a TagSet by Key for stable comparisons. + * + * @param array $tagSet List of ['Key' => ..., 'Value' => ...] pairs. + * @return array + */ + private function normalizeTagSet(array $tagSet): array + { + usort($tagSet, fn ($a, $b) => strcmp($a['Key'], $b['Key'])); + return $tagSet; + } + + private function parseTaggingQueryString(string $tagging): array + { + $tagSet = []; + foreach (explode('&', $tagging) as $pair) { + if ($pair === '') continue; + $parts = explode('=', $pair, 2); + $tagSet[] = [ + 'Key' => urldecode($parts[0]), + 'Value' => urldecode($parts[1] ?? ''), + ]; + } + return $tagSet; + } + + /** + * Pages through ListObjectAnnotations on the source/dest object and returns + * the flat list of annotation names. + */ + private function listAllAnnotationNames(string $bucket, string $key): array + { + $names = []; + foreach ($this->s3Client->getPaginator( + 'ListObjectAnnotations', + ['Bucket' => $bucket, 'Key' => $key] + ) as $page) { + foreach ($page['Annotations'] ?? [] as $entry) { + if (!empty($entry['AnnotationName'])) { + $names[] = $entry['AnnotationName']; + } + } + } + return $names; + } + + private function fixtureTagSet(): array + { + return [ + ['Key' => 'Project', 'Value' => 'X'], + ['Key' => 'Env', 'Value' => 'test'], + ]; + } + + private function fixtureAnnotations(): array + { + return [ + 'note-1' => 'BODY-A', + 'note-2' => 'BODY-B', + ]; + } } diff --git a/tests/S3/MultipartCopyTest.php b/tests/S3/MultipartCopyTest.php index e3758be809..d889ec6cd2 100644 --- a/tests/S3/MultipartCopyTest.php +++ b/tests/S3/MultipartCopyTest.php @@ -1,13 +1,20 @@ 11 * self::MB, + 'ContentType' => 'application/pdf', + 'ETag' => '"src-etag"', + 'VersionId' => 'src-version', + ]); + } + #[DataProvider('getTestCases')] public function testS3MultipartCopyWorkflow( array $uploadOptions = [], @@ -93,21 +116,43 @@ public function testCanLoadStateFromService() public function testCanUseCaseInsensitiveConfigKeys() { - $client = $this->getTestClient('s3'); - $sourceMetadata = $this->getMockBuilder(ResultInterface::class)->getMock(); - $putObjectMup = new MultipartCopy($client, '/bucket/key', [ - 'Bucket' => 'newBucket', - 'Key' => 'newKey', - 'source_metadata' => $sourceMetadata, - ]); - $classicMup = new MultipartCopy($client, '/bucket/key', [ - 'bucket' => 'newBucket', - 'key' => 'newKey', - 'source_metadata' => $sourceMetadata, - ]); - $configProp = (new \ReflectionClass(MultipartCopy::class)) - ->getProperty('config'); - $this->assertSame($configProp->getValue($classicMup), $configProp->getValue($putObjectMup)); + $clientUpper = $this->getTestClient('s3'); + $clientLower = $this->getTestClient('s3'); + $mpuResults = [ + new Result(['UploadId' => 'baz']), + new Result(['CopyPartResult' => ['ETag' => 'A']]), + new Result(['CopyPartResult' => ['ETag' => 'B']]), + new Result(['CopyPartResult' => ['ETag' => 'C']]), + new Result(['Location' => 'http://newBucket.s3.amazonaws.com/newKey']), + ]; + $this->addMockResults($clientUpper, $mpuResults); + $this->addMockResults($clientLower, $mpuResults); + + $captured = []; + $capture = function ($command) use (&$captured) { + $captured[] = $command->toArray(); + }; + + (new MultipartCopy($clientUpper, '/bucket/key', [ + 'Bucket' => 'newBucket', + 'Key' => 'newKey', + 'source_metadata' => $this->srcMeta(), + 'before_initiate' => $capture, + ]))->upload(); + + (new MultipartCopy($clientLower, '/bucket/key', [ + 'bucket' => 'newBucket', + 'key' => 'newKey', + 'source_metadata' => $this->srcMeta(), + 'before_initiate' => $capture, + ]))->upload(); + + // Both produced the same CreateMultipartUpload params. + $this->assertCount(2, $captured); + $this->assertSame($captured[0], $captured[1]); + // And both resolved to the destination Bucket/Key consistently. + $this->assertSame('newBucket', $captured[0]['Bucket']); + $this->assertSame('newKey', $captured[0]['Key']); } public function testS3MultipartCopyParams() @@ -267,7 +312,7 @@ public function testDefaultMetadataDirectiveCopiesSourceMetadata() $this->assertSame('en-US', $initiateParams['ContentLanguage']); $this->assertSame('Thu, 01 Dec 2025 16:00:00 GMT', $initiateParams['Expires']); $this->assertSame(['custom-key' => 'custom-value', 'another' => 'meta'], $initiateParams['Metadata']); - // WebsiteRedirectLocation is NOT copied — matches CopyObject behavior + // WebsiteRedirectLocation is NOT copied. Matches CopyObject behavior. $this->assertArrayNotHasKey('WebsiteRedirectLocation', $initiateParams); } @@ -310,8 +355,12 @@ public function testMetadataDirectiveReplaceSuppressesSourceMetadata() $this->assertArrayNotHasKey('ContentDisposition', $initiateParams); } - public function testSourceMetadataOverridesUserParamsWhenCopy() + public function testCallerSuppliedMetadataDoesNotTriggerReplace() { + // Caller-supplied params['Metadata'] does NOT auto-flip the directive. + // Without an explicit metadata_directive, the resolver stays at COPY, + // and source-metadata wins for every forwarded field including Metadata. + // Caller must set metadata_directive='REPLACE' explicitly to opt in. $client = $this->getTestClient('s3'); $url = 'http://foo.s3.amazonaws.com/bar'; $this->addMockResults($client, [ @@ -344,10 +393,13 @@ public function testSourceMetadataOverridesUserParamsWhenCopy() ]); $uploader->upload(); - // Source metadata takes precedence over user-provided params when directive is COPY + // Source wins. Caller's Metadata and ContentType are clobbered. $this->assertSame('application/pdf', $initiateParams['ContentType']); $this->assertSame(['source-key' => 'source-value'], $initiateParams['Metadata']); $this->assertSame('max-age=3600', $initiateParams['CacheControl']); + // MetadataDirective must NOT be stamped onto CreateMultipartUpload. + // The field doesn't exist on that operation's request shape. + $this->assertArrayNotHasKey('MetadataDirective', $initiateParams); } public function testNonCopyableFieldsAreNotForwarded() @@ -468,6 +520,60 @@ public function testEmptyMetadataFieldsAreNotCopied() $this->assertSame('text/plain', $initiateParams['ContentType']); } + public function testCopyDirectiveDropsCallerParamsWhenSourceFieldIsEmpty() + { + // Under metadata_directive=COPY, caller params for fields source is + // empty on must not leak through. + $client = $this->getTestClient('s3'); + $url = 'http://foo.s3.amazonaws.com/bar'; + $this->addMockResults($client, [ + new Result(['UploadId' => 'baz']), + new Result(['ETag' => 'A']), + new Result(['ETag' => 'B']), + new Result(['ETag' => 'C']), + new Result(['Location' => $url]), + ]); + + $initiateParams = null; + // Source has ContentType only. Every other forwarded field is empty. + $sourceMetadata = new Result([ + 'ContentLength' => 11 * self::MB, + 'ContentType' => 'text/plain', + 'CacheControl' => '', + 'ContentDisposition' => null, + 'ContentEncoding' => null, + 'ContentLanguage' => null, + 'Expires' => null, + 'Metadata' => [], + ]); + + // Caller does not supply 'Metadata' (would auto-trigger REPLACE). + $uploader = new MultipartCopy($client, '/bucket/key', [ + 'bucket' => 'foo', + 'key' => 'bar', + 'source_metadata' => $sourceMetadata, + 'metadata_directive' => 'COPY', + 'params' => [ + 'CacheControl' => 'caller-cc', + 'ContentDisposition' => 'caller-cd', + 'ContentEncoding' => 'caller-ce', + 'ContentLanguage' => 'caller-cl', + 'Expires' => 'caller-exp', + ], + 'before_initiate' => function ($command) use (&$initiateParams) { + $initiateParams = $command->toArray(); + }, + ]); + $uploader->upload(); + + $this->assertArrayNotHasKey('CacheControl', $initiateParams); + $this->assertArrayNotHasKey('ContentDisposition', $initiateParams); + $this->assertArrayNotHasKey('ContentEncoding', $initiateParams); + $this->assertArrayNotHasKey('ContentLanguage', $initiateParams); + $this->assertArrayNotHasKey('Expires', $initiateParams); + $this->assertSame('text/plain', $initiateParams['ContentType']); + } + public function testInvalidMetadataDirectiveThrowsException() { $client = $this->getTestClient('s3'); @@ -523,4 +629,1551 @@ public function testMetadataDirectiveReplaceLowercaseWorks() $this->assertArrayNotHasKey('CacheControl', $initiateParams); $this->assertArrayNotHasKey('Metadata', $initiateParams); } + + public function testCopyDirectivesIssueTagAndAnnotationCalls() + { + $client = $this->getTestClient('s3'); + $this->addMockResults($client, [ + // Phase 1: source reads + new Result(['TagSet' => [['Key' => 'Project', 'Value' => 'X']]]), // GetObjectTagging + new Result(['Annotations' => [ // ListObjectAnnotations + ['AnnotationName' => 'note-1'], + ['AnnotationName' => 'note-2'], + ]]), + new Result(['AnnotationPayload' => 'payload']), // GetObjectAnnotation #1 + new Result(['AnnotationPayload' => 'payload']), // GetObjectAnnotation #2 + // Phase 2: MPU + new Result(['UploadId' => 'baz']), // CreateMultipartUpload + new Result(['CopyPartResult' => ['ETag' => 'A']]), // UploadPartCopy #1 + new Result(['CopyPartResult' => ['ETag' => 'B']]), // UploadPartCopy #2 + new Result(['CopyPartResult' => ['ETag' => 'C']]), // UploadPartCopy #3 + new Result(['Location' => 'http://foo.s3.amazonaws.com/bar', + 'ETag' => 'dst-etag', 'VersionId' => 'dst-version']), // CompleteMultipartUpload + // Phase 3: destination writes + new Result(['VersionId' => 'dst-version']), // PutObjectTagging + new Result([]), // PutObjectAnnotation #1 + new Result([]), // PutObjectAnnotation #2 + ]); + + $observed = []; + $client->getHandlerList()->appendSign(Middleware::tap( + function (CommandInterface $cmd) use (&$observed) { + $observed[] = $cmd->getName(); + } + )); + + $uploader = new MultipartCopy($client, '/srcbucket/srckey', [ + 'bucket' => 'foo', + 'key' => 'bar', + 'source_metadata' => $this->srcMeta(), + 'tags_directive' => 'COPY', + 'annotations_directive' => 'COPY', + ]); + $uploader->upload(); + + $counts = array_count_values($observed); + $this->assertSame(1, $counts['GetObjectTagging']); + $this->assertSame(1, $counts['ListObjectAnnotations']); + $this->assertSame(2, $counts['GetObjectAnnotation']); + $this->assertSame(1, $counts['PutObjectTagging']); + $this->assertSame(2, $counts['PutObjectAnnotation']); + } + + public function testTagsDirectiveCopyPropagatesSourceTagsToDestination() + { + $client = $this->getTestClient('s3'); + $tagSet = [['Key' => 'Project', 'Value' => 'X'], ['Key' => 'Env', 'Value' => 'prod']]; + $this->addMockResults($client, [ + new Result(['TagSet' => $tagSet]), // GetObjectTagging + new Result(['Annotations' => []]), // ListObjectAnnotations + new Result(['UploadId' => 'baz']), // CreateMultipartUpload + new Result(['CopyPartResult' => ['ETag' => 'A']]), // UploadPartCopy x3 + new Result(['CopyPartResult' => ['ETag' => 'B']]), + new Result(['CopyPartResult' => ['ETag' => 'C']]), + new Result(['Location' => 'http://foo/bar', + 'ETag' => 'dst-etag', 'VersionId' => 'dst-version']), // CompleteMultipartUpload + new Result([]), // PutObjectTagging + ]); + + $putTaggingParams = null; + $client->getHandlerList()->appendSign(Middleware::tap( + function (CommandInterface $cmd) use (&$putTaggingParams) { + if ($cmd->getName() === 'PutObjectTagging') { + $putTaggingParams = $cmd->toArray(); + } + } + )); + + $uploader = new MultipartCopy($client, '/srcbucket/srckey', [ + 'bucket' => 'foo', + 'key' => 'bar', + 'source_metadata' => $this->srcMeta(), + 'tags_directive' => 'COPY', + 'annotations_directive' => 'COPY', + ]); + $uploader->upload(); + + $this->assertNotNull($putTaggingParams); + $this->assertSame('foo', $putTaggingParams['Bucket']); + $this->assertSame('bar', $putTaggingParams['Key']); + $this->assertSame($tagSet, $putTaggingParams['Tagging']['TagSet']); + $this->assertSame('dst-version', $putTaggingParams['VersionId']); + } + + public function testTagsDirectiveCopySkipsPutTaggingWhenSourceHasNoTags() + { + $client = $this->getTestClient('s3'); + $this->addMockResults($client, [ + new Result(['TagSet' => []]), // GetObjectTagging + new Result(['Annotations' => []]), // ListObjectAnnotations + new Result(['UploadId' => 'baz']), + new Result(['CopyPartResult' => ['ETag' => 'A']]), + new Result(['CopyPartResult' => ['ETag' => 'B']]), + new Result(['CopyPartResult' => ['ETag' => 'C']]), + new Result(['Location' => 'http://foo/bar']), + ]); + + $putTaggingCount = 0; + $client->getHandlerList()->appendSign(Middleware::tap( + function (CommandInterface $cmd) use (&$putTaggingCount) { + if ($cmd->getName() === 'PutObjectTagging') { + $putTaggingCount++; + } + } + )); + + $uploader = new MultipartCopy($client, '/srcbucket/srckey', [ + 'bucket' => 'foo', + 'key' => 'bar', + 'source_metadata' => $this->srcMeta(), + 'tags_directive' => 'COPY', + 'annotations_directive' => 'COPY', + ]); + $uploader->upload(); + + // Empty source TagSet → no Phase-3 PutObjectTagging. + $this->assertSame(0, $putTaggingCount); + } + + public function testAnnotationsDirectiveCopyPropagatesAnnotationsToDestination() + { + $client = $this->getTestClient('s3'); + $this->addMockResults($client, [ + new Result(['TagSet' => []]), + new Result(['Annotations' => [['AnnotationName' => 'note-a']]]), + new Result(['AnnotationPayload' => 'BODY-A']), + new Result(['UploadId' => 'baz']), + new Result(['CopyPartResult' => ['ETag' => 'A']]), + new Result(['CopyPartResult' => ['ETag' => 'B']]), + new Result(['CopyPartResult' => ['ETag' => 'C']]), + new Result(['Location' => 'http://foo/bar', + 'ETag' => 'dst-etag', 'VersionId' => 'dst-version']), + new Result([]), // PutObjectAnnotation + ]); + + $putAnnot = null; + $client->getHandlerList()->appendSign(Middleware::tap( + function (CommandInterface $cmd) use (&$putAnnot) { + if ($cmd->getName() === 'PutObjectAnnotation') { + $putAnnot = $cmd->toArray(); + } + } + )); + + $uploader = new MultipartCopy($client, '/srcbucket/srckey', [ + 'bucket' => 'foo', + 'key' => 'bar', + 'source_metadata' => $this->srcMeta(), + 'tags_directive' => 'COPY', + 'annotations_directive' => 'COPY', + ]); + $uploader->upload(); + + $this->assertNotNull($putAnnot); + $this->assertSame('foo', $putAnnot['Bucket']); + $this->assertSame('bar', $putAnnot['Key']); + $this->assertSame('note-a', $putAnnot['AnnotationName']); + $this->assertSame('BODY-A', $putAnnot['AnnotationPayload']); + $this->assertSame('dst-version', $putAnnot['VersionId']); + $this->assertSame('dst-etag', $putAnnot['ObjectIfMatch']); + } + + public function testDefaultDirectivesSkipTagsAndAnnotations() + { + $client = $this->getTestClient('s3'); + $this->addMockResults($client, [ + new Result(['UploadId' => 'baz']), + new Result(['CopyPartResult' => ['ETag' => 'A']]), + new Result(['CopyPartResult' => ['ETag' => 'B']]), + new Result(['CopyPartResult' => ['ETag' => 'C']]), + new Result(['Location' => 'http://foo/bar']), + ]); + + $observed = []; + $client->getHandlerList()->appendSign(Middleware::tap( + function (CommandInterface $cmd) use (&$observed) { + $observed[] = $cmd->getName(); + } + )); + + $uploader = new MultipartCopy($client, '/srcbucket/srckey', [ + 'bucket' => 'foo', + 'key' => 'bar', + 'source_metadata' => $this->srcMeta(), + ]); + $uploader->upload(); + + $counts = array_count_values($observed); + $this->assertArrayNotHasKey('GetObjectTagging', $counts); + $this->assertArrayNotHasKey('ListObjectAnnotations', $counts); + $this->assertArrayNotHasKey('PutObjectTagging', $counts); + $this->assertArrayNotHasKey('PutObjectAnnotation', $counts); + } + + public function testOmittingDirectivesPreservesLegacyDefault() + { + // No directives supplied. Must behave like the legacy default + // (no Phase 1 tag/annotation reads, no Phase 3 writes). + $client = $this->getTestClient('s3'); + $this->addMockResults($client, [ + new Result(['UploadId' => 'baz']), + new Result(['CopyPartResult' => ['ETag' => 'A']]), + new Result(['CopyPartResult' => ['ETag' => 'B']]), + new Result(['CopyPartResult' => ['ETag' => 'C']]), + new Result(['Location' => 'http://foo/bar']), + ]); + + $observed = []; + $client->getHandlerList()->appendSign(Middleware::tap( + function (CommandInterface $cmd) use (&$observed) { + $observed[] = $cmd->getName(); + } + )); + + $uploader = new MultipartCopy($client, '/srcbucket/srckey', [ + 'bucket' => 'foo', + 'key' => 'bar', + 'source_metadata' => $this->srcMeta(), + ]); + $uploader->upload(); + + $counts = array_count_values($observed); + $this->assertArrayNotHasKey('GetObjectTagging', $counts); + $this->assertArrayNotHasKey('ListObjectAnnotations', $counts); + } + + public function testReplaceUnspecifiedExcludeSkipsAuxReadsAndForcesReplace() + { + $client = $this->getTestClient('s3'); + $this->addMockResults($client, [ + new Result(['UploadId' => 'baz']), + new Result(['CopyPartResult' => ['ETag' => 'A']]), + new Result(['CopyPartResult' => ['ETag' => 'B']]), + new Result(['CopyPartResult' => ['ETag' => 'C']]), + new Result(['Location' => 'http://foo/bar']), + ]); + + $initiateParams = null; + $observed = []; + $client->getHandlerList()->appendSign(Middleware::tap( + function (CommandInterface $cmd) use (&$observed) { + $observed[] = $cmd->getName(); + } + )); + + // Use a richer source-metadata fixture so the "REPLACE means we don't + // fold in source-side fields" check is meaningful. + $uploader = new MultipartCopy($client, '/srcbucket/srckey', [ + 'bucket' => 'foo', + 'key' => 'bar', + 'source_metadata' => $this->srcMeta([ + 'CacheControl' => 'max-age=3600', + 'ContentDisposition' => 'attachment; filename="src.pdf"', + 'ContentEncoding' => 'gzip', + 'ContentLanguage' => 'en-US', + 'Expires' => 'Thu, 01 Dec 2025 16:00:00 GMT', + 'Metadata' => ['source-key' => 'source-value'], + ]), + 'metadata_directive' => 'REPLACE', + 'tags_directive' => 'UNSPECIFIED', + 'annotations_directive' => 'EXCLUDE', + 'before_initiate' => function ($cmd) use (&$initiateParams) { + $initiateParams = $cmd->toArray(); + }, + ]); + $uploader->upload(); + + // metadata_directive=REPLACE means none of the + // source-side fields get folded into the initiate. + $this->assertArrayNotHasKey('MetadataDirective', $initiateParams); + $this->assertArrayNotHasKey('CacheControl', $initiateParams); + $this->assertArrayNotHasKey('ContentDisposition', $initiateParams); + $this->assertArrayNotHasKey('ContentEncoding', $initiateParams); + $this->assertArrayNotHasKey('ContentLanguage', $initiateParams); + $this->assertArrayNotHasKey('Expires', $initiateParams); + $this->assertArrayNotHasKey('Metadata', $initiateParams); + // ContentType is still set by the trait via getSourceMimeType. + $this->assertSame('application/pdf', $initiateParams['ContentType']); + + // Phase 1 aux reads are skipped when both directives opt out. + $counts = array_count_values($observed); + $this->assertArrayNotHasKey('GetObjectTagging', $counts); + $this->assertArrayNotHasKey('ListObjectAnnotations', $counts); + } + + public function testVersionIdAndETagFromHeadObjectArePinnedOnUploadPartCopy() + { + // Trigger a real HeadObject by NOT pre-supplying source_metadata. + $client = $this->getTestClient('s3'); + $this->addMockResults($client, [ + new Result([ + 'ContentLength' => 11 * self::MB, + 'ContentType' => 'text/plain', + 'ETag' => '"src-etag"', + 'VersionId' => 'src-version', + ]), // HeadObject + new Result(['UploadId' => 'baz']), + new Result(['CopyPartResult' => ['ETag' => 'A']]), + new Result(['CopyPartResult' => ['ETag' => 'B']]), + new Result(['CopyPartResult' => ['ETag' => 'C']]), + new Result(['Location' => 'http://foo/bar']), + ]); + + $uploadPartCopyCmds = []; + $client->getHandlerList()->appendSign(Middleware::tap( + function (CommandInterface $cmd) use (&$uploadPartCopyCmds) { + if ($cmd->getName() === 'UploadPartCopy') { + $uploadPartCopyCmds[] = $cmd->toArray(); + } + } + )); + + $uploader = new MultipartCopy($client, '/srcbucket/srckey', [ + 'bucket' => 'foo', + 'key' => 'bar', + ]); + $uploader->upload(); + + $this->assertNotEmpty($uploadPartCopyCmds); + foreach ($uploadPartCopyCmds as $cmd) { + $this->assertStringContainsString('?versionId=src-version', $cmd['CopySource']); + $this->assertSame('"src-etag"', $cmd['CopySourceIfMatch']); + } + } + + public function testCopySourceIfMatchUsesPreSuppliedSourceMetadataETag() + { + $client = $this->getTestClient('s3'); + $this->addMockResults($client, [ + new Result(['UploadId' => 'baz']), + new Result(['CopyPartResult' => ['ETag' => 'A']]), + new Result(['CopyPartResult' => ['ETag' => 'B']]), + new Result(['CopyPartResult' => ['ETag' => 'C']]), + new Result(['Location' => 'http://foo/bar']), + ]); + + $uploadPartCopyCmds = []; + $client->getHandlerList()->appendSign(Middleware::tap( + function (CommandInterface $cmd) use (&$uploadPartCopyCmds) { + if ($cmd->getName() === 'UploadPartCopy') { + $uploadPartCopyCmds[] = $cmd->toArray(); + } + } + )); + + $uploader = new MultipartCopy($client, '/srcbucket/srckey', [ + 'bucket' => 'foo', + 'key' => 'bar', + 'source_metadata' => $this->srcMeta(), + ]); + $uploader->upload(); + + $this->assertNotEmpty($uploadPartCopyCmds); + foreach ($uploadPartCopyCmds as $cmd) { + $this->assertSame('"src-etag"', $cmd['CopySourceIfMatch']); + } + } + + public function testSourceTagAndAnnotationReadsUsePinnedVersionId() + { + $client = $this->getTestClient('s3'); + $this->addMockResults($client, [ + new Result(['TagSet' => []]), // GetObjectTagging + new Result(['Annotations' => [['AnnotationName' => 'a']]]), // ListObjectAnnotations + new Result(['AnnotationPayload' => 'p']), // GetObjectAnnotation + new Result(['UploadId' => 'baz']), + new Result(['CopyPartResult' => ['ETag' => 'A']]), + new Result(['CopyPartResult' => ['ETag' => 'B']]), + new Result(['CopyPartResult' => ['ETag' => 'C']]), + new Result(['Location' => 'http://foo/bar', + 'ETag' => 'dst-etag', 'VersionId' => 'dst-version']), + new Result([]), // PutObjectAnnotation + ]); + + $captured = []; + $client->getHandlerList()->appendSign(Middleware::tap( + function (CommandInterface $cmd) use (&$captured) { + $captured[$cmd->getName()] = $cmd->toArray(); + } + )); + + $uploader = new MultipartCopy($client, '/srcbucket/srckey', [ + 'bucket' => 'foo', + 'key' => 'bar', + 'source_metadata' => $this->srcMeta(), + 'tags_directive' => 'COPY', + 'annotations_directive' => 'COPY', + ]); + $uploader->upload(); + + $this->assertSame('src-version', $captured['GetObjectTagging']['VersionId']); + + // ListObjectAnnotations and GetObjectAnnotation use VersionId only, + // not ObjectIfMatch. + $this->assertSame('src-version', $captured['ListObjectAnnotations']['VersionId']); + $this->assertNull($captured['ListObjectAnnotations']['ObjectIfMatch'] ?? null); + + $this->assertSame('src-version', $captured['GetObjectAnnotation']['VersionId']); + $this->assertNull($captured['GetObjectAnnotation']['ObjectIfMatch'] ?? null); + } + + public function testCallerSuppliedTaggingDoesNotTriggerReplace() + { + // Caller-supplied params['Tagging'] does NOT auto-flip tags_directive. + // Callers who need their Tagging applied must opt in via + // tags_directive='REPLACE'. + $client = $this->getTestClient('s3'); + $this->addMockResults($client, [ + new Result(['UploadId' => 'baz']), + new Result(['CopyPartResult' => ['ETag' => 'A']]), + new Result(['CopyPartResult' => ['ETag' => 'B']]), + new Result(['CopyPartResult' => ['ETag' => 'C']]), + new Result(['Location' => 'http://foo/bar']), + ]); + + $observed = []; + $initiate = null; + $client->getHandlerList()->appendSign(Middleware::tap( + function (CommandInterface $cmd) use (&$observed, &$initiate) { + $observed[] = $cmd->getName(); + if ($cmd->getName() === 'CreateMultipartUpload') { + $initiate = $cmd->toArray(); + } + } + )); + + $uploader = new MultipartCopy($client, '/srcbucket/srckey', [ + 'bucket' => 'foo', + 'key' => 'bar', + 'source_metadata' => $this->srcMeta(), + 'params' => ['Tagging' => 'Project=Override&Env=prod'], + ]); + $uploader->upload(); + + $this->assertNotContains('GetObjectTagging', $observed); + $this->assertNotContains('PutObjectTagging', $observed); + $this->assertNotNull($initiate); + $this->assertNull( + $initiate['Tagging'] ?? null, + 'UNSPECIFIED must drop caller-supplied Tagging from ' + . 'CreateMultipartUpload — MPU never carries Tagging on initiate.' + ); + } + + public function testAnnotationPutTransientFailureIsRetried() + { + $client = $this->getTestClient('s3'); + $putAttempts = 0; + $this->addMockResults($client, [ + new Result(['TagSet' => []]), // GetObjectTagging + new Result(['Annotations' => [['AnnotationName' => 'note-1']]]), // ListObjectAnnotations + new Result(['AnnotationPayload' => 'P']), // GetObjectAnnotation + new Result(['UploadId' => 'baz']), + new Result(['CopyPartResult' => ['ETag' => 'A']]), + new Result(['CopyPartResult' => ['ETag' => 'B']]), + new Result(['CopyPartResult' => ['ETag' => 'C']]), + new Result(['Location' => 'http://foo/bar', + 'ETag' => 'dst-etag', 'VersionId' => 'dst-version']), + // 1st PutObjectAnnotation: transient 500 (callable to fabricate + // an exception with the right Command bound) + function (CommandInterface $cmd, $req) use (&$putAttempts) { + $putAttempts++; + return new S3Exception('500 boom', $cmd, [ + 'code' => 'InternalError', + 'response' => new Psr7\Response(500), + ]); + }, + // 2nd PutObjectAnnotation: success + function (CommandInterface $cmd) use (&$putAttempts) { + $putAttempts++; + return new Result([]); + }, + ]); + + $uploader = new MultipartCopy($client, '/srcbucket/srckey', [ + 'bucket' => 'foo', + 'key' => 'bar', + 'source_metadata' => $this->srcMeta(), + 'tags_directive' => 'COPY', + 'annotations_directive' => 'COPY', + ]); + $uploader->upload(); + + $this->assertSame(2, $putAttempts); + } + + public function testAnnotationPutPartialFailureSurfacesPerKeyError() + { + $client = $this->getTestClient('s3'); + $this->addMockResults($client, [ + new Result(['TagSet' => []]), + new Result(['Annotations' => [ + ['AnnotationName' => 'good'], + ['AnnotationName' => 'bad'], + ]]), + new Result(['AnnotationPayload' => 'P']), // GetObjectAnnotation #1 + new Result(['AnnotationPayload' => 'P']), // GetObjectAnnotation #2 + new Result(['UploadId' => 'baz']), + new Result(['CopyPartResult' => ['ETag' => 'A']]), + new Result(['CopyPartResult' => ['ETag' => 'B']]), + new Result(['CopyPartResult' => ['ETag' => 'C']]), + new Result(['Location' => 'http://foo/bar', + 'ETag' => 'dst-etag', 'VersionId' => 'dst-version']), + // PutObjectAnnotation 'good' succeeds + new Result([]), + // PutObjectAnnotation 'bad' fails with 403 (non-retryable) + function (CommandInterface $cmd) { + return new S3Exception('forbidden', $cmd, [ + 'code' => 'AccessDenied', + 'response' => new Psr7\Response(403), + ]); + }, + ]); + + // Phase-3 partial failure surfaces as MultipartCopyAnnotationException + // (a MultipartUploadException subclass), with both the failed and + // succeeded annotation names exposed for programmatic introspection. + try { + $uploader = new MultipartCopy($client, '/srcbucket/srckey', [ + 'bucket' => 'foo', + 'key' => 'bar', + 'source_metadata' => $this->srcMeta(), + 'tags_directive' => 'COPY', + 'annotations_directive' => 'COPY', + ]); + $uploader->upload(); + $this->fail('Expected MultipartCopyAnnotationException'); + } catch (MultipartCopyAnnotationException $e) { + $this->assertSame(['bad'], array_keys($e->getFailedAnnotations())); + $this->assertSame(['good'], $e->getSucceededAnnotations()); + $this->assertInstanceOf( + S3Exception::class, + $e->getFailedAnnotations()['bad'] + ); + $this->assertStringContainsString('bad', $e->getMessage()); + // Backwards-compat: callers catching the parent type also catch this. + $this->assertInstanceOf(MultipartUploadException::class, $e); + } + } + + // ----- Error-table edge cases ----- + + public function testHeadObject403AbortsBeforeMultipartUploadInitiates() + { + // The constructor eagerly resolves source size via HeadObject. A 403 + // here surfaces as an S3Exception out of the constructor. The MPU + // never initiates. + $client = $this->getTestClient('s3'); + $this->addMockResults($client, [ + function (CommandInterface $cmd) { + return new S3Exception('forbidden', $cmd, [ + 'code' => 'AccessDenied', + 'response' => new Psr7\Response(403), + ]); + }, + ]); + + $observed = []; + $client->getHandlerList()->appendSign(Middleware::tap( + function (CommandInterface $cmd) use (&$observed) { + $observed[] = $cmd->getName(); + } + )); + + $this->expectException(S3Exception::class); + + try { + new MultipartCopy($client, '/srcbucket/srckey', [ + 'bucket' => 'foo', + 'key' => 'bar', + ]); + } finally { + $this->assertSame(['HeadObject'], $observed); + } + } + + public function testListObjectAnnotations412AbortsBeforeMultipartUploadInitiates() + { + $client = $this->getTestClient('s3'); + $this->addMockResults($client, [ + new Result(['TagSet' => []]), // GetObjectTagging + // ListObjectAnnotations: 412 + function (CommandInterface $cmd) { + return new S3Exception('source mutated', $cmd, [ + 'code' => 'PreconditionFailed', + 'response' => new Psr7\Response(412), + ]); + }, + ]); + + $observed = []; + $client->getHandlerList()->appendSign(Middleware::tap( + function (CommandInterface $cmd) use (&$observed) { + $observed[] = $cmd->getName(); + } + )); + + $this->expectException(MultipartUploadException::class); + + try { + $uploader = new MultipartCopy($client, '/srcbucket/srckey', [ + 'bucket' => 'foo', + 'key' => 'bar', + 'source_metadata' => $this->srcMeta(), + 'tags_directive' => 'COPY', + 'annotations_directive' => 'COPY', + ]); + $uploader->upload(); + } finally { + $this->assertSame( + ['GetObjectTagging', 'ListObjectAnnotations'], + $observed + ); + } + } + + public function testUploadPartCopy412AbortsTheMultipartUpload() + { + $client = $this->getTestClient('s3'); + $this->addMockResults($client, [ + new Result(['UploadId' => 'baz']), // CreateMultipartUpload + // 1st UploadPartCopy: 412 + function (CommandInterface $cmd) { + return new S3Exception('source ETag mismatch', $cmd, [ + 'code' => 'PreconditionFailed', + 'response' => new Psr7\Response(412), + ]); + }, + // Subsequent attempted parts also fail with 412 before the pool + // gives up. Reuse the same factory. + function (CommandInterface $cmd) { + return new S3Exception('source ETag mismatch', $cmd, [ + 'code' => 'PreconditionFailed', + 'response' => new Psr7\Response(412), + ]); + }, + function (CommandInterface $cmd) { + return new S3Exception('source ETag mismatch', $cmd, [ + 'code' => 'PreconditionFailed', + 'response' => new Psr7\Response(412), + ]); + }, + ]); + + $observed = []; + $client->getHandlerList()->appendSign(Middleware::tap( + function (CommandInterface $cmd) use (&$observed) { + $observed[] = $cmd->getName(); + } + )); + + $this->expectException(MultipartUploadException::class); + + try { + $uploader = new MultipartCopy($client, '/srcbucket/srckey', [ + 'bucket' => 'foo', + 'key' => 'bar', + 'source_metadata' => $this->srcMeta(), + ]); + $uploader->upload(); + } finally { + // Initiate ran, parts attempted, but no Complete. + $counts = array_count_values($observed); + $this->assertSame(1, $counts['CreateMultipartUpload']); + $this->assertGreaterThan(0, $counts['UploadPartCopy']); + $this->assertArrayNotHasKey('CompleteMultipartUpload', $counts); + } + } + + public function testGetObjectTagging403AbortsBeforeMultipartUploadInitiates() + { + // Under tags_directive=COPY + annotations_directive=COPY, GetObjectTagging and ListObjectAnnotations + // run concurrently in Phase 1 (Promise\Utils::all). The 403 on + // GetObjectTagging fails the whole Phase-1 stage, surfacing as + // MultipartUploadException, but ListObjectAnnotations is dispatched + // alongside it (the failure is observed when Utils::all resolves, + // not before its peers leave the wire). + $client = $this->getTestClient('s3'); + $this->addMockResults($client, [ + // GetObjectTagging: 403 + function (CommandInterface $cmd) { + return new S3Exception('no s3:GetObjectTagging', $cmd, [ + 'code' => 'AccessDenied', + 'response' => new Psr7\Response(403), + ]); + }, + // ListObjectAnnotations: empty list. Order in the queue follows + // the order PHP iterates the `$concurrent` array in promise(). + new Result(['Annotations' => []]), + ]); + + $observed = []; + $client->getHandlerList()->appendSign(Middleware::tap( + function (CommandInterface $cmd) use (&$observed) { + $observed[] = $cmd->getName(); + } + )); + + $this->expectException(MultipartUploadException::class); + + try { + $uploader = new MultipartCopy($client, '/srcbucket/srckey', [ + 'bucket' => 'foo', + 'key' => 'bar', + 'source_metadata' => $this->srcMeta(), + 'tags_directive' => 'COPY', + 'annotations_directive' => 'COPY', + ]); + $uploader->upload(); + } finally { + // GetObjectTagging fired and failed. ListObjectAnnotations also + // fired (concurrent) but its result is discarded. Phase 2/3 never + // ran. + $counts = array_count_values($observed); + $this->assertSame(1, $counts['GetObjectTagging']); + $this->assertSame(1, $counts['ListObjectAnnotations']); + $this->assertArrayNotHasKey('CreateMultipartUpload', $counts); + } + } + + public function testPutObjectAnnotation412IsNotRetried() + { + $client = $this->getTestClient('s3'); + $putAttempts = 0; + $this->addMockResults($client, [ + new Result(['TagSet' => []]), + new Result(['Annotations' => [['AnnotationName' => 'note-1']]]), + new Result(['AnnotationPayload' => 'P']), + new Result(['UploadId' => 'baz']), + new Result(['CopyPartResult' => ['ETag' => 'A']]), + new Result(['CopyPartResult' => ['ETag' => 'B']]), + new Result(['CopyPartResult' => ['ETag' => 'C']]), + new Result(['Location' => 'http://foo/bar', + 'ETag' => 'dst-etag', 'VersionId' => 'dst-version']), + // PutObjectAnnotation: 412 (non-retryable) + function (CommandInterface $cmd) use (&$putAttempts) { + $putAttempts++; + return new S3Exception('dest ETag mismatch', $cmd, [ + 'code' => 'PreconditionFailed', + 'response' => new Psr7\Response(412), + ]); + }, + ]); + + try { + $uploader = new MultipartCopy($client, '/srcbucket/srckey', [ + 'bucket' => 'foo', + 'key' => 'bar', + 'source_metadata' => $this->srcMeta(), + 'tags_directive' => 'COPY', + 'annotations_directive' => 'COPY', + ]); + $uploader->upload(); + $this->fail('Expected MultipartCopyAnnotationException for 412'); + } catch (MultipartCopyAnnotationException $e) { + $this->assertSame(1, $putAttempts); + $this->assertSame(['note-1'], array_keys($e->getFailedAnnotations())); + $this->assertSame([], $e->getSucceededAnnotations()); + $this->assertSame(412, $e->getFailedAnnotations()['note-1']->getStatusCode()); + } + } + + // ----- Directive permutations (tags_directive / annotations_directive) ----- + + public function testTagsDirectiveCopyExplicitlyEnablesTagPhases() + { + // With no tags_directive, tags are skipped. Explicit + // tags_directive=COPY enables the tag phases. + $client = $this->getTestClient('s3'); + $this->addMockResults($client, [ + new Result(['TagSet' => [['Key' => 'A', 'Value' => '1']]]), // GetObjectTagging + new Result(['UploadId' => 'baz']), + new Result(['CopyPartResult' => ['ETag' => 'A']]), + new Result(['CopyPartResult' => ['ETag' => 'B']]), + new Result(['CopyPartResult' => ['ETag' => 'C']]), + new Result(['Location' => 'http://foo/bar', + 'ETag' => 'dst-etag', 'VersionId' => 'dst-version']), + new Result([]), // PutObjectTagging + ]); + + $observed = []; + $client->getHandlerList()->appendSign(Middleware::tap( + function (CommandInterface $cmd) use (&$observed) { + $observed[] = $cmd->getName(); + } + )); + + $uploader = new MultipartCopy($client, '/srcbucket/srckey', [ + 'bucket' => 'foo', + 'key' => 'bar', + 'source_metadata' => $this->srcMeta(), + 'tags_directive' => 'COPY', + ]); + $uploader->upload(); + + $counts = array_count_values($observed); + $this->assertSame(1, $counts['GetObjectTagging']); + $this->assertSame(1, $counts['PutObjectTagging']); + // Annotations stay off since annotations_directive defaults to UNSPECIFIED. + $this->assertArrayNotHasKey('ListObjectAnnotations', $counts); + } + + public function testTagsDirectiveReplaceWritesCallerTagsToDestination() + { + $client = $this->getTestClient('s3'); + $this->addMockResults($client, [ + new Result(['UploadId' => 'baz']), + new Result(['CopyPartResult' => ['ETag' => 'A']]), + new Result(['CopyPartResult' => ['ETag' => 'B']]), + new Result(['CopyPartResult' => ['ETag' => 'C']]), + new Result(['Location' => 'http://foo/bar', + 'ETag' => 'dst-etag', 'VersionId' => 'dst-version']), + new Result([]), // PutObjectTagging + ]); + + $observed = []; + $putTagging = null; + $client->getHandlerList()->appendSign(Middleware::tap( + function (CommandInterface $cmd) use (&$observed, &$putTagging) { + $observed[] = $cmd->getName(); + if ($cmd->getName() === 'PutObjectTagging') { + $putTagging = $cmd->toArray(); + } + } + )); + + $uploader = new MultipartCopy($client, '/srcbucket/srckey', [ + 'bucket' => 'foo', + 'key' => 'bar', + 'source_metadata' => $this->srcMeta(), + 'tags_directive' => 'REPLACE', + 'params' => ['Tagging' => 'k=v'], + ]); + $uploader->upload(); + + $this->assertNotContains('GetObjectTagging', $observed); + $this->assertNotNull($putTagging); + $this->assertSame( + [['Key' => 'k', 'Value' => 'v']], + $putTagging['Tagging']['TagSet'] + ); + } + + public function testAnnotationsDirectiveExcludeOverridesCopy() + { + // annotations_directive=COPY would enable annotations. + // Explicit annotations_directive=EXCLUDE turns them off. + $client = $this->getTestClient('s3'); + $this->addMockResults($client, [ + new Result(['TagSet' => []]), // GetObjectTagging + new Result(['UploadId' => 'baz']), + new Result(['CopyPartResult' => ['ETag' => 'A']]), + new Result(['CopyPartResult' => ['ETag' => 'B']]), + new Result(['CopyPartResult' => ['ETag' => 'C']]), + new Result(['Location' => 'http://foo/bar', + 'ETag' => 'dst-etag', 'VersionId' => 'dst-version']), + ]); + + $observed = []; + $client->getHandlerList()->appendSign(Middleware::tap( + function (CommandInterface $cmd) use (&$observed) { + $observed[] = $cmd->getName(); + } + )); + + $uploader = new MultipartCopy($client, '/srcbucket/srckey', [ + 'bucket' => 'foo', + 'key' => 'bar', + 'source_metadata' => $this->srcMeta(), + 'tags_directive' => 'COPY', + 'annotations_directive' => 'EXCLUDE', + ]); + $uploader->upload(); + + $counts = array_count_values($observed); + // Tags still run (tags_directive=COPY). + $this->assertSame(1, $counts['GetObjectTagging']); + // Annotations are excluded. + $this->assertArrayNotHasKey('ListObjectAnnotations', $counts); + $this->assertArrayNotHasKey('GetObjectAnnotation', $counts); + $this->assertArrayNotHasKey('PutObjectAnnotation', $counts); + } + + public function testAnnotationsDirectiveExcludeSkipsAnnotationCalls() + { + $client = $this->getTestClient('s3'); + $this->addMockResults($client, [ + new Result(['UploadId' => 'baz']), + new Result(['CopyPartResult' => ['ETag' => 'A']]), + new Result(['CopyPartResult' => ['ETag' => 'B']]), + new Result(['CopyPartResult' => ['ETag' => 'C']]), + new Result(['Location' => 'http://foo/bar']), + ]); + + $observed = []; + $client->getHandlerList()->appendSign(Middleware::tap( + function (CommandInterface $cmd) use (&$observed) { + $observed[] = $cmd->getName(); + } + )); + + $uploader = new MultipartCopy($client, '/srcbucket/srckey', [ + 'bucket' => 'foo', + 'key' => 'bar', + 'source_metadata' => $this->srcMeta(), + 'metadata_directive' => 'REPLACE', + 'tags_directive' => 'UNSPECIFIED', + 'annotations_directive' => 'EXCLUDE', + ]); + $uploader->upload(); + + $counts = array_count_values($observed); + $this->assertArrayNotHasKey('GetObjectTagging', $counts); + $this->assertArrayNotHasKey('ListObjectAnnotations', $counts); + $this->assertArrayNotHasKey('PutObjectTagging', $counts); + $this->assertArrayNotHasKey('PutObjectAnnotation', $counts); + } + + public function testInvalidTagsDirectiveThrows() + { + $client = $this->getTestClient('s3'); + $this->addMockResults($client, [new Result(['UploadId' => 'baz'])]); + + $this->expectException(\InvalidArgumentException::class); + $this->expectExceptionMessage("Invalid tags_directive value 'BOGUS'"); + + $uploader = new MultipartCopy($client, '/bucket/key', [ + 'bucket' => 'foo', + 'key' => 'bar', + 'source_metadata' => $this->srcMeta(), + 'tags_directive' => 'bogus', + ]); + $uploader->upload(); + } + + public function testInvalidAnnotationsDirectiveThrows() + { + $client = $this->getTestClient('s3'); + $this->addMockResults($client, [new Result(['UploadId' => 'baz'])]); + + $this->expectException(\InvalidArgumentException::class); + $this->expectExceptionMessage("Invalid annotations_directive value 'BOGUS'"); + + $uploader = new MultipartCopy($client, '/bucket/key', [ + 'bucket' => 'foo', + 'key' => 'bar', + 'source_metadata' => $this->srcMeta(), + 'annotations_directive' => 'bogus', + ]); + $uploader->upload(); + } + + public function testCallerSuppliedTaggingIsStrippedFromCreateMultipartUpload() + { + // Phase 2 strips Tagging from CreateMultipartUpload because tags are + // written separately in Phase 3 to keep the initiate request headers + // small. When tags_directive resolves to REPLACE (caller-supplied + // params['Tagging']), the Tagging value MUST NOT appear on + // CreateMultipartUpload. It is written only in Phase 3 via + // PutObjectTagging. + $client = $this->getTestClient('s3'); + $this->addMockResults($client, [ + new Result(['UploadId' => 'baz']), + new Result(['CopyPartResult' => ['ETag' => 'A']]), + new Result(['CopyPartResult' => ['ETag' => 'B']]), + new Result(['CopyPartResult' => ['ETag' => 'C']]), + new Result(['Location' => 'http://foo/bar', + 'ETag' => 'dst-etag', 'VersionId' => 'dst-version']), + new Result([]), // PutObjectTagging + ]); + + $initiate = null; + $putTagging = null; + $client->getHandlerList()->appendSign(Middleware::tap( + function (CommandInterface $cmd) use (&$initiate, &$putTagging) { + if ($cmd->getName() === 'CreateMultipartUpload') { + $initiate = $cmd->toArray(); + } + if ($cmd->getName() === 'PutObjectTagging') { + $putTagging = $cmd->toArray(); + } + } + )); + + $uploader = new MultipartCopy($client, '/srcbucket/srckey', [ + 'bucket' => 'foo', + 'key' => 'bar', + 'source_metadata' => $this->srcMeta(), + 'tags_directive' => 'REPLACE', + 'params' => ['Tagging' => 'k=v&Project=X'], + ]); + $uploader->upload(); + + $this->assertNotNull($initiate); + $this->assertNull( + $initiate['Tagging'] ?? null, + 'Tagging must not be forwarded to CreateMultipartUpload when ' + . 'Phase 3 will PUT it (REPLACE).' + ); + + // And it MUST still land on PutObjectTagging. + $this->assertNotNull($putTagging); + $this->assertSame( + [ + ['Key' => 'k', 'Value' => 'v'], + ['Key' => 'Project', 'Value' => 'X'], + ], + $putTagging['Tagging']['TagSet'] + ); + } + + public function testTagsDirectiveCopyDoesNotForwardTaggingToCreateMultipartUpload() + { + // Under tags_directive=COPY, even + // though the source-tag set is fetched and PUT in Phase 3, no Tagging + // value should ever ride along on CreateMultipartUpload. + $client = $this->getTestClient('s3'); + $this->addMockResults($client, [ + new Result(['TagSet' => [['Key' => 'Project', 'Value' => 'X']]]), + new Result(['Annotations' => []]), + new Result(['UploadId' => 'baz']), + new Result(['CopyPartResult' => ['ETag' => 'A']]), + new Result(['CopyPartResult' => ['ETag' => 'B']]), + new Result(['CopyPartResult' => ['ETag' => 'C']]), + new Result(['Location' => 'http://foo/bar', + 'ETag' => 'dst-etag', 'VersionId' => 'dst-version']), + new Result([]), // PutObjectTagging + ]); + + $initiate = null; + $client->getHandlerList()->appendSign(Middleware::tap( + function (CommandInterface $cmd) use (&$initiate) { + if ($cmd->getName() === 'CreateMultipartUpload') { + $initiate = $cmd->toArray(); + } + } + )); + + $uploader = new MultipartCopy($client, '/srcbucket/srckey', [ + 'bucket' => 'foo', + 'key' => 'bar', + 'source_metadata' => $this->srcMeta(), + 'tags_directive' => 'COPY', + 'annotations_directive' => 'COPY', + ]); + $uploader->upload(); + + $this->assertNotNull($initiate); + $this->assertNull( + $initiate['Tagging'] ?? null, + 'Tagging must not be forwarded to CreateMultipartUpload when ' + . 'tags_directive resolves to COPY.' + ); + } + + public function testTagsDirectiveCopyWithCallerTaggingStillStripsItFromInitiate() + { + // Belt-and-suspenders: an explicit tags_directive=COPY combined with + // a caller-supplied params.Tagging (an unusual combination) must + // still strip Tagging from CreateMultipartUpload. + $client = $this->getTestClient('s3'); + $this->addMockResults($client, [ + new Result(['TagSet' => [['Key' => 'Source', 'Value' => 'Yes']]]), + new Result(['UploadId' => 'baz']), + new Result(['CopyPartResult' => ['ETag' => 'A']]), + new Result(['CopyPartResult' => ['ETag' => 'B']]), + new Result(['CopyPartResult' => ['ETag' => 'C']]), + new Result(['Location' => 'http://foo/bar', + 'ETag' => 'dst-etag', 'VersionId' => 'dst-version']), + new Result([]), + ]); + + $initiate = null; + $putTagging = null; + $client->getHandlerList()->appendSign(Middleware::tap( + function (CommandInterface $cmd) use (&$initiate, &$putTagging) { + if ($cmd->getName() === 'CreateMultipartUpload') { + $initiate = $cmd->toArray(); + } + if ($cmd->getName() === 'PutObjectTagging') { + $putTagging = $cmd->toArray(); + } + } + )); + + $uploader = new MultipartCopy($client, '/srcbucket/srckey', [ + 'bucket' => 'foo', + 'key' => 'bar', + 'source_metadata' => $this->srcMeta(), + 'tags_directive' => 'COPY', + 'params' => ['Tagging' => 'leak=please'], + ]); + $uploader->upload(); + + $this->assertNotNull($initiate); + $this->assertNull($initiate['Tagging'] ?? null); + + // Phase 3 still PUTs the source tags, not the caller's Tagging. + $this->assertNotNull($putTagging); + $this->assertSame( + [['Key' => 'Source', 'Value' => 'Yes']], + $putTagging['Tagging']['TagSet'] + ); + } + + public function testTagsDirectiveUnspecifiedDropsCallerTaggingFromInitiate() + { + // When tags_directive resolves to UNSPECIFIED + // (the default), there is no Phase 3 tag write AND any caller-supplied + // params['Tagging'] is dropped from the initiate. Callers who need + // their Tagging applied to the destination must opt in via + // tags_directive='REPLACE'. + $client = $this->getTestClient('s3'); + $this->addMockResults($client, [ + new Result(['UploadId' => 'baz']), + new Result(['CopyPartResult' => ['ETag' => 'A']]), + new Result(['CopyPartResult' => ['ETag' => 'B']]), + new Result(['CopyPartResult' => ['ETag' => 'C']]), + new Result(['Location' => 'http://foo/bar']), + ]); + + $initiate = null; + $observed = []; + $client->getHandlerList()->appendSign(Middleware::tap( + function (CommandInterface $cmd) use (&$initiate, &$observed) { + $observed[] = $cmd->getName(); + if ($cmd->getName() === 'CreateMultipartUpload') { + $initiate = $cmd->toArray(); + } + } + )); + + $uploader = new MultipartCopy($client, '/srcbucket/srckey', [ + 'bucket' => 'foo', + 'key' => 'bar', + 'source_metadata' => $this->srcMeta(), + 'tags_directive' => 'UNSPECIFIED', + 'params' => ['Tagging' => 'dropped=yes'], + ]); + $uploader->upload(); + + $this->assertNotNull($initiate); + $this->assertNull( + $initiate['Tagging'] ?? null, + 'UNSPECIFIED must drop caller-supplied Tagging from ' + . 'CreateMultipartUpload — MPU never carries Tagging on initiate.' + ); + // No Phase 1 read, no Phase 3 write. + $this->assertNotContains('GetObjectTagging', $observed); + $this->assertNotContains('PutObjectTagging', $observed); + } + + public function testResumePathReplaysPhase3WhenStateRetainsDirectives() + { + // A resumed MultipartCopy honors the original + // launch's directives without the caller having to re-specify them + // on the resume call. The directives are stored on UploadState at + // launch time and merged back into config on resume. + $client = $this->getTestClient('s3'); + $this->addMockResults($client, [ + // getStateFromService → ListParts + new Result(['Parts' => [ + ['PartNumber' => 1, 'ETag' => 'A', 'Size' => 5 * self::MB], + ['PartNumber' => 2, 'ETag' => 'B', 'Size' => 5 * self::MB], + ]]), + // Resume's coroutine: HeadObject, then Phase 1 reads + new Result([ + 'ContentLength' => 11 * self::MB, + 'ContentType' => 'text/plain', + 'ETag' => '"src-etag"', + 'VersionId' => 'src-version', + ]), + new Result(['TagSet' => [['Key' => 'K', 'Value' => 'V']]]), + new Result(['Annotations' => [['AnnotationName' => 'note-1']]]), + new Result(['AnnotationPayload' => 'BODY']), + // Phase 2: state holds parts 1+2 (5 MB each). Source is 11 MB + // ⇒ 3 parts ⇒ part 3 still needs uploading on resume. + new Result(['CopyPartResult' => ['ETag' => 'C']]), // UploadPartCopy #3 + new Result(['Location' => 'http://foo/bar', + 'ETag' => 'dst-etag', 'VersionId' => 'dst-version']), // CompleteMultipartUpload + // Phase 3 + new Result([]), // PutObjectTagging + new Result([]), // PutObjectAnnotation + ]); + + $observed = []; + $client->getHandlerList()->appendSign(Middleware::tap( + function (CommandInterface $cmd) use (&$observed) { + $observed[] = $cmd->getName(); + } + )); + + // Caller resumes from a state launched with COPY directives. + // The resume call passes ONLY 'state'. + $state = MultipartCopy::getStateFromService( + $client, + 'foo', + 'bar', + 'baz', + ['tags_directive' => 'COPY', 'annotations_directive' => 'COPY'] + ); + $uploader = new MultipartCopy($client, '/srcbucket/srckey', [ + 'state' => $state, + ]); + $uploader->upload(); + + // Phase 3 ran end-to-end as if the COPY directives were re-supplied. + $counts = array_count_values($observed); + $this->assertSame(1, $counts['GetObjectTagging']); + $this->assertSame(1, $counts['PutObjectTagging']); + $this->assertSame(1, $counts['ListObjectAnnotations']); + $this->assertSame(1, $counts['GetObjectAnnotation']); + $this->assertSame(1, $counts['PutObjectAnnotation']); + } + + public function testResumeCallerCanOverrideStoredDirectives() + { + // The caller's resume-time directives win over what the state + // remembers, so a resumed copy can opt out of Phase 3 even if the + // original launch had COPY directives. + $client = $this->getTestClient('s3'); + $this->addMockResults($client, [ + // getStateFromService → ListParts + new Result(['Parts' => [ + ['PartNumber' => 1, 'ETag' => 'A', 'Size' => 5 * self::MB], + ['PartNumber' => 2, 'ETag' => 'B', 'Size' => 5 * self::MB], + ]]), + // Resume coroutine: HeadObject (no Phase 1 reads under metadata-directive) + new Result([ + 'ContentLength' => 11 * self::MB, + 'ContentType' => 'text/plain', + ]), + // Part 3 still needs uploading (state holds 1+2 at 5 MB each). + new Result(['CopyPartResult' => ['ETag' => 'C']]), + // CompleteMultipartUpload (no Phase 3 under metadata-directive) + new Result(['Location' => 'http://foo/bar']), + ]); + + $observed = []; + $client->getHandlerList()->appendSign(Middleware::tap( + function (CommandInterface $cmd) use (&$observed) { + $observed[] = $cmd->getName(); + } + )); + + $state = MultipartCopy::getStateFromService( + $client, + 'foo', + 'bar', + 'baz', + ['tags_directive' => 'COPY', 'annotations_directive' => 'COPY'] + ); + // Override on resume: switch to legacy default with no Phase 3 work. + $uploader = new MultipartCopy($client, '/srcbucket/srckey', [ + 'state' => $state, + 'tags_directive' => 'UNSPECIFIED', + 'annotations_directive' => 'UNSPECIFIED', + ]); + $uploader->upload(); + + $this->assertNotContains('GetObjectTagging', $observed); + $this->assertNotContains('ListObjectAnnotations', $observed); + } + + public function testNullAnnotationPayloadIsSkippedAndDoesNotFail() + { + // PutObjectAnnotation requires a payload between 1 + // byte and 1 MiB. A null/empty source body has nothing meaningful + // to copy, so skip cleanly so it doesn't appear in the per-key + // failure list. + $client = $this->getTestClient('s3'); + $this->addMockResults($client, [ + new Result(['TagSet' => []]), + new Result(['Annotations' => [ + ['AnnotationName' => 'good'], + ['AnnotationName' => 'empty'], + ]]), + new Result(['AnnotationPayload' => 'BODY']), // good + new Result([]), // empty (no AnnotationPayload key) + new Result(['UploadId' => 'baz']), + new Result(['CopyPartResult' => ['ETag' => 'A']]), + new Result(['CopyPartResult' => ['ETag' => 'B']]), + new Result(['CopyPartResult' => ['ETag' => 'C']]), + new Result(['Location' => 'http://foo/bar', + 'ETag' => 'dst-etag', 'VersionId' => 'dst-version']), + new Result([]), // PutObjectAnnotation 'good' + ]); + + $observed = []; + $putAnnotNames = []; + $client->getHandlerList()->appendSign(Middleware::tap( + function (CommandInterface $cmd) use (&$observed, &$putAnnotNames) { + $observed[] = $cmd->getName(); + if ($cmd->getName() === 'PutObjectAnnotation') { + $putAnnotNames[] = $cmd['AnnotationName']; + } + } + )); + + $uploader = new MultipartCopy($client, '/srcbucket/srckey', [ + 'bucket' => 'foo', + 'key' => 'bar', + 'source_metadata' => $this->srcMeta(), + 'tags_directive' => 'COPY', + 'annotations_directive' => 'COPY', + ]); + $uploader->upload(); + + // Both GETs ran, but only the 'good' one became a PUT. + $this->assertSame(2, array_count_values($observed)['GetObjectAnnotation']); + $this->assertSame(['good'], $putAnnotNames); + } + + public function testUnversionedSourceOmitsVersionIdEverywhere() + { + // HeadObject on an unversioned bucket returns no VersionId. None of + // the downstream commands should carry a VersionId or a + // ?versionId= query string. + $client = $this->getTestClient('s3'); + $this->addMockResults($client, [ + new Result([ // HeadObject + 'ContentLength' => 11 * self::MB, + 'ContentType' => 'text/plain', + 'ETag' => '"src-etag"', + // no VersionId + ]), + new Result(['TagSet' => []]), + new Result(['Annotations' => [['AnnotationName' => 'a']]]), + new Result(['AnnotationPayload' => 'p']), + new Result(['UploadId' => 'baz']), + new Result(['CopyPartResult' => ['ETag' => 'A']]), + new Result(['CopyPartResult' => ['ETag' => 'B']]), + new Result(['CopyPartResult' => ['ETag' => 'C']]), + new Result(['Location' => 'http://foo/bar', 'ETag' => 'dst-etag']), + new Result([]), // PutObjectAnnotation + ]); + + $captured = []; + $client->getHandlerList()->appendSign(Middleware::tap( + function (CommandInterface $cmd) use (&$captured) { + $captured[$cmd->getName()][] = $cmd->toArray(); + } + )); + + $uploader = new MultipartCopy($client, '/srcbucket/srckey', [ + 'bucket' => 'foo', + 'key' => 'bar', + 'tags_directive' => 'COPY', + 'annotations_directive' => 'COPY', + ]); + $uploader->upload(); + + foreach ($captured['UploadPartCopy'] ?? [] as $cmd) { + $this->assertStringNotContainsString('?versionId=', $cmd['CopySource']); + } + $this->assertNull($captured['GetObjectTagging'][0]['VersionId'] ?? null); + $this->assertNull($captured['ListObjectAnnotations'][0]['VersionId'] ?? null); + $this->assertNull($captured['GetObjectAnnotation'][0]['VersionId'] ?? null); + } + + public function testGetObjectAnnotation412MidLoopAbortsBeforeMpuInitiates() + { + // First GetObjectAnnotation succeeds. Second returns 412 + // (precondition failed: source mutated mid-loop). + // This aborts immediately. No CreateMultipartUpload, no UploadPartCopy. + $client = $this->getTestClient('s3'); + $getCount = 0; + $this->addMockResults($client, [ + new Result(['TagSet' => []]), + new Result(['Annotations' => [ + ['AnnotationName' => 'first'], + ['AnnotationName' => 'second'], + ]]), + // GetObjectAnnotation #1: succeed + function (CommandInterface $cmd) use (&$getCount) { + $getCount++; + return new Result(['AnnotationPayload' => 'BODY-1']); + }, + // GetObjectAnnotation #2: 412 + function (CommandInterface $cmd) use (&$getCount) { + $getCount++; + return new S3Exception('source mutated', $cmd, [ + 'code' => 'PreconditionFailed', + 'response' => new Psr7\Response(412), + ]); + }, + ]); + + $observed = []; + $client->getHandlerList()->appendSign(Middleware::tap( + function (CommandInterface $cmd) use (&$observed) { + $observed[] = $cmd->getName(); + } + )); + + $this->expectException(MultipartUploadException::class); + + try { + $uploader = new MultipartCopy($client, '/srcbucket/srckey', [ + 'bucket' => 'foo', + 'key' => 'bar', + 'source_metadata' => $this->srcMeta(), + 'tags_directive' => 'COPY', + 'annotations_directive' => 'COPY', + ]); + $uploader->upload(); + } finally { + $this->assertSame(2, $getCount); + $counts = array_count_values($observed); + $this->assertArrayNotHasKey('CreateMultipartUpload', $counts); + $this->assertArrayNotHasKey('UploadPartCopy', $counts); + $this->assertArrayNotHasKey('PutObjectAnnotation', $counts); + } + } + + public function testAnnotationPutRetriesSetHttpDelayOnTheCommand() + { + // The retry between attempts should drive the wait through the SDK's + // @http.delay mechanism (matches RetryMiddleware et al.) rather than + // blocking the PHP process with usleep. Full-jittered, so the exact + // value is non-deterministic, but the key MUST be present and within + // the configured ceiling on retries. + $client = $this->getTestClient('s3'); + $putAttempts = 0; + $this->addMockResults($client, [ + new Result(['TagSet' => []]), + new Result(['Annotations' => [['AnnotationName' => 'note-1']]]), + new Result(['AnnotationPayload' => 'P']), + new Result(['UploadId' => 'baz']), + new Result(['CopyPartResult' => ['ETag' => 'A']]), + new Result(['CopyPartResult' => ['ETag' => 'B']]), + new Result(['CopyPartResult' => ['ETag' => 'C']]), + new Result(['Location' => 'http://foo/bar', + 'ETag' => 'dst-etag', 'VersionId' => 'dst-version']), + // PutObjectAnnotation #1: 500 + function (CommandInterface $cmd) use (&$putAttempts) { + $putAttempts++; + return new S3Exception('500 boom', $cmd, [ + 'code' => 'InternalError', + 'response' => new Psr7\Response(500), + ]); + }, + // PutObjectAnnotation #2: 500 + function (CommandInterface $cmd) use (&$putAttempts) { + $putAttempts++; + return new S3Exception('500 boom', $cmd, [ + 'code' => 'InternalError', + 'response' => new Psr7\Response(500), + ]); + }, + // PutObjectAnnotation #3: success + function (CommandInterface $cmd) use (&$putAttempts) { + $putAttempts++; + return new Result([]); + }, + ]); + + $putAnnotCmds = []; + $client->getHandlerList()->appendSign(Middleware::tap( + function (CommandInterface $cmd) use (&$putAnnotCmds) { + if ($cmd->getName() === 'PutObjectAnnotation') { + $putAnnotCmds[] = $cmd->toArray(); + } + } + )); + + $uploader = new MultipartCopy($client, '/srcbucket/srckey', [ + 'bucket' => 'foo', + 'key' => 'bar', + 'source_metadata' => $this->srcMeta(), + 'tags_directive' => 'COPY', + 'annotations_directive' => 'COPY', + ]); + $uploader->upload(); + + $this->assertCount(3, $putAnnotCmds); + + // Subsequent retries: @http.delay set to a non-negative integer + // within the 5000ms ceiling. (Full-jitter formula allows 0 as a + // valid draw.) + foreach ([1, 2] as $i) { + $this->assertIsInt($putAnnotCmds[$i]['@http']['delay']); + $this->assertGreaterThanOrEqual(0, $putAnnotCmds[$i]['@http']['delay']); + $this->assertLessThanOrEqual(5000, $putAnnotCmds[$i]['@http']['delay']); + } + } + + public function testListObjectAnnotationsPaginatesViaContinuationToken() + { + $client = $this->getTestClient('s3'); + $this->addMockResults($client, [ + new Result(['TagSet' => []]), + // ListObjectAnnotations page 1: one annotation + a continuation token + new Result([ + 'Annotations' => [['AnnotationName' => 'page-1']], + 'NextContinuationToken' => 'TOKEN-1', + ]), + // ListObjectAnnotations page 2: one annotation, no token + new Result(['Annotations' => [['AnnotationName' => 'page-2']]]), + new Result(['AnnotationPayload' => 'BODY-page-1']), + new Result(['AnnotationPayload' => 'BODY-page-2']), + new Result(['UploadId' => 'baz']), + new Result(['CopyPartResult' => ['ETag' => 'A']]), + new Result(['CopyPartResult' => ['ETag' => 'B']]), + new Result(['CopyPartResult' => ['ETag' => 'C']]), + new Result(['Location' => 'http://foo/bar', + 'ETag' => 'dst-etag', 'VersionId' => 'dst-version']), + new Result([]), // PutObjectAnnotation page-1 + new Result([]), // PutObjectAnnotation page-2 + ]); + + $listCalls = []; + $putAnnotNames = []; + $client->getHandlerList()->appendSign(Middleware::tap( + function (CommandInterface $cmd) use (&$listCalls, &$putAnnotNames) { + if ($cmd->getName() === 'ListObjectAnnotations') { + $listCalls[] = $cmd->toArray(); + } + if ($cmd->getName() === 'PutObjectAnnotation') { + $putAnnotNames[] = $cmd['AnnotationName']; + } + } + )); + + $uploader = new MultipartCopy($client, '/srcbucket/srckey', [ + 'bucket' => 'foo', + 'key' => 'bar', + 'source_metadata' => $this->srcMeta(), + 'tags_directive' => 'COPY', + 'annotations_directive' => 'COPY', + ]); + $uploader->upload(); + + $this->assertCount(2, $listCalls); + $this->assertNull($listCalls[0]['ContinuationToken'] ?? null); + $this->assertSame('TOKEN-1', $listCalls[1]['ContinuationToken']); + + // Both annotations were fetched and written. + $this->assertSame(['page-1', 'page-2'], $putAnnotNames); + } }