chore(deps): bump the aws group across 1 directory with 12 updates

[dependabot]

Bumps the aws group with 12 updates in the / directory:

Package	From	To
@types/aws-lambda	8.10.152	8.10.157
aws-cdk	2.1029.2	2.1031.2
aws-cdk-lib	2.216.0	2.222.0
constructs	10.4.2	10.4.3
@aws-sdk/client-cloudfront	3.895.0	3.927.0
@aws-sdk/client-sns	3.830.0	3.927.0
@aws-sdk/client-dynamodb	3.895.0	3.927.0
@aws-sdk/client-s3	3.895.0	3.927.0
@aws-sdk/client-secrets-manager	3.895.0	3.927.0
@aws-sdk/client-sqs	3.895.0	3.927.0
@aws-sdk/client-ssm	3.895.0	3.927.0
@aws-solutions-constructs/aws-lambda-sqs-lambda	2.92.2	2.94.0

Updates @types/aws-lambda from 8.10.152 to 8.10.157

Commits

• See full diff in compare view

Updates aws-cdk from 2.1029.2 to 2.1031.2

Release notes

Sourced from aws-cdk's releases.

aws-cdk@v2.1031.2

2.1031.2 (2025-11-06)

Bug Fixes

• cli: requests get throttled when there is a large number of stacks (#927) (c79e35e)
• update python init templates dev dep on pytest to latest (#930) (779352d)

aws-cdk@v2.1031.1

2.1031.1 (2025-10-30)

Bug Fixes

• aws-cdk: init template imports not following best practices to use aws-cdk-lib/core (#916) (a560d1e)

aws-cdk@v2.1031.0

2.1031.0 (2025-10-22)

⚠ BREAKING CHANGES

• cli: for existing ci/cd pipeline users. Therefore, this idea was discarded

Features

• cli: display warning when --role-arn is used with gc command (#893) (3d7b09b)

aws-cdk@v2.1030.0

2.1030.0 (2025-10-09)

Features

• cli: allow users to enable all feature flags that do not impact their application (#798) (05954dd)
• cli: auto-detect language for single-language custom templates (#819) (e46adaf)

Bug Fixes

• cli: metadata path in generated templates is invalid for migrate command (#909) (d530564), closes #902

aws-cdk@v2.1029.4

... (truncated)

Commits

• 779352d fix: update python init templates dev dep on pytest to latest (#930)
• c79e35e fix(cli): requests get throttled when there is a large number of stacks (#927)
• d1b4113 chore: update typescript and jsii to 5.9 (#923)
• a560d1e fix(aws-cdk): init template imports not following best practices to use `aws-...
• 3d7b09b feat(cli): display warning when --role-arn is used with gc command (#893)
• e46adaf feat(cli): auto-detect language for single-language custom templates (#819)
• d530564 fix(cli): metadata path in generated templates is invalid for migrate command...
• 3177fd0 chore(cli-lib-alpha): stop releasing deprecated package (#905)
• 9855c8f refactor(toolkit-lib): standardize confirmation requests to use ConfirmationR...
• 05954dd feat(cli): allow users to enable all feature flags that do not impact their a...
• Additional commits viewable in compare view

Updates aws-cdk-lib from 2.216.0 to 2.222.0

Release notes

Sourced from aws-cdk-lib's releases.

v2.222.0

⚠ BREAKING CHANGES

• bedrock-agentcore: The signature of RuntimeAuthorizerConfiguration.usingCognito() has changed to accept IUserPool and IUserPoolClient constructs instead of string parameters, and now supports multiple clients.

Features

• apigateway: add binaryMediaTypes property to SpecRestApi (#35502) (bf10d94), closes #35498
• apigatewayv2: WebSocketStage support accessLogSettings (#34766) (dad112e), closes #21935
• bedrock-agentcore: use IUserPool and IUserPoolClient interfaces instead of string identifiers (#35860) (a38afc9), closes #35854
• core: IEnvironmentAware interface to retrieve a construct's environment (#35817) (8ee5d4b)
• elasticloadbalancingv2: create security group settings for NLB by default (under feature flag) (#34675) (ff83cfd), closes #34606 aws/aws-cdk#34606
• events-targets: support Amazon Data Firehose target using Firehose's IDeliveryStream (#33798) (a374b6b), closes #33757 #33758
• kinesisfirehose: add built-in data processors to decompress CloudWatch logs and extract messages (#33749) (5dec21e), closes #33691 #20242 aws/aws-cdk#33691
• lambda: add Java25 runtime for Lambda (#35867) (db71fac)
• lambda: add Python 3.14 runtime for Lambda (#35869) (ebef303)
• memory: add agentcore memory l2 construct (#35757) (6a2e17e)
• msk: support Express brokers (#34741) (0a69e5f), closes #32923

Bug Fixes

• agentcore: addToRolePolicy for runtime with imported role destroys and recreates policies on every deployment (#35842) (92525e4), closes #35844 40aws-cdk/aws-bedrock-agentcore-alpha/agentcore/runtime/runtime-base.ts#L253
• agentcore: custom execution role policy for runtime lacks proper permissions (#35849) (ee94b63), closes #35852 40aws-cdk/aws-bedrock-agentcore-alpha/agentcore/runtime/runtime-artifact.ts#L65 40aws-cdk/aws-bedrock-agentcore-alpha/agentcore/runtime/runtime.ts#L252-L259 /github.com/aws/aws-cdk/blob/v2.221.0/packages/aws-cdk-lib/aws-codepipeline/lib/pipeline.ts#L693 /github.com/aws/aws-cdk/blob/v2.221.0/packages/aws-cdk-lib/aws-lambda/lib/function.ts#L1468 /github.com/aws/aws-cdk/blob/v2.221.0/packages/aws-cdk-lib/aws-ecs/lib/base/base-service.ts#L1161
• dynamodb: addToResourcePolicy has no effect (#35554) (94d7e34), closes #35062
• ecs: remove empty CfnClusterCapacityProviderAssociations resource (#35783) (c8a131b), closes #35699 #35742
• iam: cannot grant lambda:InvokeFunction on ManagedPolicy or Policy via grantInvoke() method (#32984) (a07d75a), closes #32980 aws/aws-cdk#32984
• compilation failure in Go (#35871) (5e4f603), closes aws/aws-cdk#35770 #35862
• ec2: remove PassRole policy emitted by cloudwatch vpc flow destination (#35762) (c4b80df), closes #35729

---

Alpha modules (2.222.0-alpha.0)

Features

• eks-v2-alpha: eks-v2-alpha is now in developer preview (#35801) (32afc0f)

Bug Fixes

• bedrock-alpha: apply permission dependency to existing and non-existing roles (#35123) (b39ccf3), closes #35120
• eks-v2-alpha: remove hyphen from Go package name (#35927) (2cdfc8a)

v2.221.1

Bug Fixes

• compilation failure in Go (#35871) (4379f66), closes aws/aws-cdk#35770 #35862

---

Alpha modules (2.221.1-alpha.0)

v2.221.0

⚠ BREAKING CHANGES

... (truncated)

Changelog

Sourced from aws-cdk-lib's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

2.222.0-alpha.0 (2025-11-04)

Features

• eks-v2-alpha: eks-v2-alpha is now in developer preview (#35801) (32afc0f)

Bug Fixes

• bedrock-alpha: apply permission dependency to existing and non-existing roles (#35123) (b39ccf3), closes #35120
• eks-v2-alpha: remove hyphen from Go package name (#35927) (2cdfc8a)

2.221.1-alpha.0 (2025-10-29)

2.221.0-alpha.0 (2025-10-24)

Features

• msk-alpha: support Kafka 4.1 (#35759) (67539de)

Bug Fixes

• elasticache-alpha: cannot import Redis 7 serverless cache (#35629) (2bde1a0)

2.220.0-alpha.0 (2025-10-14)

Bug Fixes

• amplify-alpha: handle empty customResponseHeaders array (#35700) (57f9068), closes #35693

2.219.0-alpha.0 (2025-10-01)

2.218.0-alpha.0 (2025-09-29)

• elasticache-alpha: implement Serverless ElastiCache L2 Construct (#35424) (0e08c8c)

2.217.0-alpha.0 (2025-09-25)

2.216.0-alpha.0 (2025-09-22)

2.215.0-alpha.0 (2025-09-15)

Bug Fixes

... (truncated)

Commits

• cfc74ed chore: update analytics metadata blueprints
• 1ee40ad chore(release): 2.222.0
• dad112e feat(apigatewayv2): WebSocketStage support accessLogSettings (#34766)
• f618638 chore: fix Python TypeError: Cannot create a consistent method resolution ord...
• ebef303 feat(lambda): add Python 3.14 runtime for Lambda (#35869)
• db71fac feat(lambda): add Java25 runtime for Lambda (#35867)
• db057e1 docs: fix typos and wording in feature flags description (#35789)
• 75139b2 chore(bedrock): support Amazon Nova Multimodal Embeddings (#35904)
• bf10d94 feat(apigateway): add binaryMediaTypes property to SpecRestApi (#35502)
• 5dec21e feat(kinesisfirehose): add built-in data processors to decompress CloudWatch ...
• Additional commits viewable in compare view

Updates constructs from 10.4.2 to 10.4.3

Release notes

Sourced from constructs's releases.

v10.4.3

10.4.3 (2025-11-06)

Bug Fixes

• deps: upgrade to jsii & typescript 5.9 (#2823) (02796b2)

Commits

• 02796b2 fix(deps): upgrade to jsii & typescript 5.9 (#2823)
• f62df72 chore(deps): upgrade dev dependencies (#2822)
• 56d6cbf chore(deps): upgrade dev dependencies (#2821)
• a37b483 chore(deps): upgrade cdklabs-projen-project-types (#2819)
• 7826d73 chore(deps): upgrade dev dependencies (#2820)
• bbbf608 chore(deps): upgrade dev dependencies (#2818)
• 7c1b1ad chore(deps): upgrade dev dependencies (#2817)
• 27ec512 chore(deps): upgrade dev dependencies (#2816)
• 6e7e0a2 chore(deps): upgrade dev dependencies (#2815)
• e71d235 chore(deps): upgrade dev dependencies (#2814)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for constructs since your current version.

Updates @aws-sdk/client-cloudfront from 3.895.0 to 3.927.0

Release notes

Sourced from @​aws-sdk/client-cloudfront's releases.

v3.927.0

3.927.0(2025-11-07)

New Features

• client-ec2: Adds PrivateDnsPreference and PrivateDnsSpecifiedDomains to control private DNS resolution for resource and service network VPC endpoints and IpamScopeExternalAuthorityConfiguration to integrate Amazon VPC IPAM with a third-party IPAM service (650aa6de)
• client-opensearch: This release introduces the Default Application feature, allowing users to set, change, or unset a preferred OpenSearch UI application on a per-region basis for a streamlined and consistent user experience. (ea5f4e47)
• client-vpc-lattice: Amazon VPC Lattice now supports custom domain name for resource configurations (f46fcf1f)
• client-controltower: Added Parent Identifier support to ListEnabledControls and GetEnabledControl API. Implemented RemediationType support for Landing Zone operations: CreateLandingZone, UpdateLandingZone and GetLandingZone APIs (89c1f79d)
• client-kms: Added support for new ECC_NIST_EDWARDS25519 AWS KMS key spec (1d8341db)

Bug Fixes

• client-elastic-beanstalk: differentiate modeled and synthesized service base exception name (5e1e54b4)

Tests

• core/protocols: add shape serde perf baselines (#7479) (40bc6005)

---

For list of updated packages, view updated-packages.md in assets-3.927.0.zip

v3.926.0

3.926.0(2025-11-06)

Chores

• core/protocols: make error lookup in runtime protocol consistent with existing codegen (#7478) (64e9c616)

New Features

• clients: update client endpoints as of 2025-11-06 (4d3f1528)
• client-connect: Added support for Conditional Questions in Evaluation Forms. Introduced Auto Evaluation capability for Evaluation Forms and Contact Evaluations. Added new API operations: SearchEvaluationForms and SearchContactEvaluations. (45c43b47)
• client-gamelift: Amazon GameLift Servers now supports game builds that use the Windows 2022 operating system. (e38ba819)
• client-sagemaker: Added NodeProvisioningMode parameter to UpdateCluster API to determine how instance provisioning is handled during cluster operations; in Continuous mode. Added VpcId field in UpdateDomain request for SageMaker Unified Studio domains with no VPC to add a customer VPC. (382a2ff3)
• client-s3vectors: Amazon S3 Vectors provides cost-effective, elastic, and durable vector storage for queries based on semantic meaning and similarity. (cb2626e6)
• client-accessanalyzer: New field totalActiveErrors added to getFindingsStatistics response. (595167c7)
• client-s3tables: Adds support for tagging APIs for S3 Tables (4c268176)
• client-ec2: Add Amazon EC2 R8a instance types (7cb13679)
• client-identitystore: IdentityStore API: added new KMSExceptionReason fields to the Exception object; added multiple new fields to the User APIs - UserStatus, Birthdate, Website and Photos; added multiple new metadata fields for User, Groups and Membership APIs - CreatedAt, CreatedBy, UpdatedAt and UpdatedBy. (28d85047)
• client-quicksight: Support for New Data Prep Experience (02e87fe9)
• client-ssm: Provides NoLongerSupportedException error message (70be2a35)
• client-backup: AWS Backup now supports customer-managed keys (CMK) for logically air-gapped vaults, enabling customers to maintain full control over their encryption key lifecycle. This feature helps organizations meet specific internal governance requirements or external regulatory compliance standards. (b83f5f99)

---

For list of updated packages, view updated-packages.md in assets-3.926.0.zip

... (truncated)

Changelog

Sourced from @​aws-sdk/client-cloudfront's changelog.

3.927.0 (2025-11-07)

Note: Version bump only for package @​aws-sdk/client-cloudfront

3.926.0 (2025-11-06)

Note: Version bump only for package @​aws-sdk/client-cloudfront

3.925.0 (2025-11-05)

Features

• client-cloudfront: This release adds new and updated API operations. You can now use the IpAddressType field to specify either ipv4 or dualstack for your Anycast static IP list. You can also enable cross-account resource sharing to share your VPC origins with other AWS accounts (75c3cef)

3.922.0 (2025-10-31)

Note: Version bump only for package @​aws-sdk/client-cloudfront

3.921.0 (2025-10-30)

Note: Version bump only for package @​aws-sdk/client-cloudfront

3.920.0 (2025-10-29)

Note: Version bump only for package @​aws-sdk/client-cloudfront

... (truncated)

Commits

• 73e7281 Publish v3.927.0
• 065860a Publish v3.926.0
• b554e95 Publish v3.925.0
• 75c3cef feat(client-cloudfront): This release adds new and updated API operations. Yo...
• 4a796b6 chore(deps): bump smithy package versions (#7475)
• ed7ac2a Publish v3.922.0
• e8b9fd8 Publish v3.921.0
• da06f0e chore(codegen): sync for waiter and proxy fixes (#7467)
• 1d4bdbf Publish v3.920.0
• 6865eb6 Publish v3.919.0
• Additional commits viewable in compare view

Updates @aws-sdk/client-sns from 3.830.0 to 3.927.0

Release notes

Sourced from @​aws-sdk/client-sns's releases.

v3.927.0

3.927.0(2025-11-07)

New Features

• client-ec2: Adds PrivateDnsPreference and PrivateDnsSpecifiedDomains to control private DNS resolution for resource and service network VPC endpoints and IpamScopeExternalAuthorityConfiguration to integrate Amazon VPC IPAM with a third-party IPAM service (650aa6de)
• client-opensearch: This release introduces the Default Application feature, allowing users to set, change, or unset a preferred OpenSearch UI application on a per-region basis for a streamlined and consistent user experience. (ea5f4e47)
• client-vpc-lattice: Amazon VPC Lattice now supports custom domain name for resource configurations (f46fcf1f)
• client-controltower: Added Parent Identifier support to ListEnabledControls and GetEnabledControl API. Implemented RemediationType support for Landing Zone operations: CreateLandingZone, UpdateLandingZone and GetLandingZone APIs (89c1f79d)
• client-kms: Added support for new ECC_NIST_EDWARDS25519 AWS KMS key spec (1d8341db)

Bug Fixes

• client-elastic-beanstalk: differentiate modeled and synthesized service base exception name (5e1e54b4)

Tests

• core/protocols: add shape serde perf baselines (#7479) (40bc6005)

---

For list of updated packages, view updated-packages.md in assets-3.927.0.zip

v3.926.0

3.926.0(2025-11-06)

Chores

• core/protocols: make error lookup in runtime protocol consistent with existing codegen (#7478) (64e9c616)

New Features

• clients: update client endpoints as of 2025-11-06 (4d3f1528)
• client-connect: Added support for Conditional Questions in Evaluation Forms. Introduced Auto Evaluation capability for Evaluation Forms and Contact Evaluations. Added new API operations: SearchEvaluationForms and SearchContactEvaluations. (45c43b47)
• client-gamelift: Amazon GameLift Servers now supports game builds that use the Windows 2022 operating system. (e38ba819)
• client-sagemaker: Added NodeProvisioningMode parameter to UpdateCluster API to determine how instance provisioning is handled during cluster operations; in Continuous mode. Added VpcId field in UpdateDomain request for SageMaker Unified Studio domains with no VPC to add a customer VPC. (382a2ff3)
• client-s3vectors: Amazon S3 Vectors provides cost-effective, elastic, and durable vector storage for queries based on semantic meaning and similarity. (cb2626e6)
• client-accessanalyzer: New field totalActiveErrors added to getFindingsStatistics response. (595167c7)
• client-s3tables: Adds support for tagging APIs for S3 Tables (4c268176)
• client-ec2: Add Amazon EC2 R8a instance types (7cb13679)
• client-identitystore: IdentityStore API: added new KMSExceptionReason fields to the Exception object; added multiple new fields to the User APIs - UserStatus, Birthdate, Website and Photos; added multiple new metadata fields for User, Groups and Membership APIs - CreatedAt, CreatedBy, UpdatedAt and UpdatedBy. (28d85047)
• client-quicksight: Support for New Data Prep Experience (02e87fe9)
• client-ssm: Provides NoLongerSupportedException error message (70be2a35)
• client-backup: AWS Backup now supports customer-managed keys (CMK) for logically air-gapped vaults, enabling customers to maintain full control over their encryption key lifecycle. This feature helps organizations meet specific internal governance requirements or external regulatory compliance standards. (b83f5f99)

---

For list of updated packages, view updated-packages.md in assets-3.926.0.zip

... (truncated)

Changelog

Sourced from @​aws-sdk/client-sns's changelog.

3.927.0 (2025-11-07)

Note: Version bump only for package @​aws-sdk/client-sns

3.926.0 (2025-11-06)

Note: Version bump only for package @​aws-sdk/client-sns

3.925.0 (2025-11-05)

Note: Version bump only for package @​aws-sdk/client-sns

3.922.0 (2025-10-31)

Note: Version bump only for package @​aws-sdk/client-sns

3.921.0 (2025-10-30)

Note: Version bump only for package @​aws-sdk/client-sns

3.920.0 (2025-10-29)

Note: Version bump only for package @​aws-sdk/client-sns

3.919.0 (2025-10-28)

... (truncated)

Commits

• 73e7281 Publish v3.927.0
• 065860a Publish v3.926.0
• b554e95 Publish v3.925.0
• 4a796b6 chore(deps): bump smithy package versions (#7475)
• ed7ac2a Publish v3.922.0
• e8b9fd8 Publish v3.921.0
• da06f0e chore(codegen): sync for waiter and proxy fixes (#7467)
• 1d4bdbf Publish v3.920.0
• 6865eb6 Publish v3.919.0
• 58bb924 Publish v3.918.0
• Additional commits viewable in compare view

Updates @aws-sdk/client-dynamodb from 3.895.0 to 3.927.0

Release notes

Sourced from @​aws-sdk/client-dynamodb's releases.

v3.927.0

3.927.0(2025-11-07)

New Features

• client-ec2: Adds PrivateDnsPreference and PrivateDnsSpecifiedDomains to control private DNS resolution for resource and service network VPC endpoints and IpamScopeExternalAuthorityConfiguration to integrate Amazon VPC IPAM with a third-party IPAM service (650aa6de)
• client-opensearch: This release introduces the Default Application feature, allowing users to set, change, or unset a preferred OpenSearch UI application on a per-region basis for a streamlined and consistent user experience. (ea5f4e47)
• client-vpc-lattice: Amazon VPC Lattice now supports custom domain name for resource configurations (f46fcf1f)
• client-controltower: Added Parent Identifier support to ListEnabledControls and GetEnabledControl API. Implemented RemediationType support for Landing Zone operations: CreateLandingZone, UpdateLandingZone and GetLandingZone APIs (89c1f79d)
• client-kms: Added support for new ECC_NIST_EDWARDS25519 AWS KMS key spec (1d8341db)

Bug Fixes

• client-elastic-beanstalk: differentiate modeled and synthesized service base exception name (5e1e54b4)

Tests

• core/protocols: add shape serde perf baselines (#7479) (40bc6005)

---

For list of updated packages, view updated-packages.md in assets-3.927.0.zip

v3.926.0

3.926.0(2025-11-06)

Chores

• core/protocols: make error lookup in runtime protocol consistent with existing codegen (#7478) (64e9c616)

New Features

• clients: update client endpoints as of 2025-11-06 (4d3f1528)
• client-connect: Added support for Conditional Questions in Evaluation Forms. Introduced Auto Evaluation capability for Evaluation Forms and Contact Evaluations. Added new API operations: SearchEvaluationForms and SearchContactEvaluations. (45c43b47)
• client-gamelift: Amazon GameLift Servers now supports game builds that use the Windows 2022 operating system. (e38ba819)
• client-sagemaker: Added NodeProvisioningMode parameter to UpdateCluster API to determine how instance provisioning is handled during cluster operations; in Continuous mode. Added VpcId field in UpdateDomain request for SageMaker Unified Studio domains with no VPC to add a customer VPC. (382a2ff3)
• client-s3vectors: Amazon S3 Vectors provides cost-effective, elastic, and durable vector storage for queries based on semantic meaning and similarity. (cb2626e6)
• client-accessanalyzer: New field totalActiveErrors added to getFindingsStatistics response. (595167c7)
• client-s3tables: Adds support for tagging APIs for S3 Tables (4c268176)
• client-ec2: Add Amazon EC2 R8a instance types (7cb13679)
• client-identitystore: IdentityStore API: added new KMSExceptionReason fields to the Exception object; added multiple new fields to the User APIs - UserStatus, Birthdate, Website and Photos; added multiple new metadata fields for User, Groups and Membership APIs - CreatedAt, CreatedBy, UpdatedAt and UpdatedBy. (28d85047)
• client-quicksight: Support for New Data Prep Experience (02e87fe9)
• client-ssm: Provides NoLongerSupportedException error message (70be2a35)
• client-backup: AWS Backup now supports customer-managed keys (CMK) for logically air-gapped vaults, enabling customers to maintain full control over their encryption key lifecycle. This feature helps organizations meet specific internal governance requirements or external regulatory compliance standards. (b83f5f99)

---

For list of updated packages, view updated-packages.md in assets-3.926.0.zip

... (truncated)

Changelog

Sourced from @​aws-sdk/client-dynamodb's changelog.

3.927.0 (2025-11-07)

Note: Version bump only for package @​aws-sdk/client-dynamodb

3.926.0 (2025-11-06)

Note: Version bump only for package @​aws-sdk/client-dynamodb

3.925.0 (2025-11-05)

Note: Version bump only for package @​aws-sdk/client-dynamodb

3.922.0 (2025-10-31)

Note: Version bump only for package @​aws-sdk/client-dynamodb

3.921.0 (2025-10-30)

Note: Version bump only for package @​aws-sdk/client-dynamodb

3.920.0 (2025-10-29)

Note: Version bump only for package @​aws-sdk/client-dynamodb

3.919.0 (2025-10-28)

... (truncated)

Commits

• 73e7281 Publish v3.927.0
• 065860a Publish v3.926.0
• b554e95 Publish v3.925.0
• 4a796b6 chore(deps): bump smithy package versions (#7475)
• ed7ac2a Publish v3.922.0
• e8b9fd8 Publish v3.921.0
• da06f0e chore(codegen): sync for waiter and proxy fixes (#7467)
• 1d4bdbf Publish v3.920.0
• 6865eb6 Publish v3.919.0
• 58bb924 Publish v3.918.0
• Additional commits viewable in compare view

Updates @aws-sdk/client-s3 from 3.895.0 to 3.927.0

Release notes

Sourced from @​aws-sdk/client-s3's releases.

v3.927.0

3.927.0(2025-11-07)

New Features

• client-ec2: Adds PrivateDnsPreference and PrivateDnsSpecifiedDomains to control private DNS resolution for resource and service network VPC endpoints and IpamScopeExternalAuthorityConfiguration to integrate Amazon VPC IPAM with a third-party IPAM service (650aa6de)
• client-opensearch: This release introduces the Default Application feature, allowing users to set, change, or unset a preferred OpenSearch UI application on a per-region basis for a streamlined and consistent user experience. (ea5f4e47)
• client-vpc-lattice: Amazon VPC Lattice now supports custom domain name for resource configurations (f46fcf1f)
• client-controltower: Added Parent Identifier support to ListEnabledControls and GetEnabledControl API. Implemented RemediationType support for Landing Zone operations: CreateLandingZone, UpdateLandingZone and GetLandingZone APIs (89c1f79d)
• client-kms: Added support for new ECC_NIST_EDWARDS25519 AWS KMS key spec (1d8341db)

Bug Fixes

• client-elastic-beanstalk: differentiate modeled and synthesized service base exception name (5e1e54b4)

Tests

• core/protocols: add shape serde perf baselines (#7479) (40bc6005)

---

For list of updated packages, view updated-packages.md in assets-3.927.0.zip

v3.926.0

3.926.0(2025-11-06)

Chores

• core/protocols: make error lookup in runtime protocol consistent with existing codegen (#7478) (64e9c616)

New Features

• clients: update client endpoints as of 2025-11-06 (4d3f1528)
• client-connect: Added support for Conditional Questions in Evaluation Forms. Introduced Auto Evaluation capability for Evaluation Forms and Contact Evaluations. Added new API operations: SearchEvaluationForms and SearchContactEvaluations. (45c43b47)
• client-gamelift: Amazon GameLift Servers now supports game builds that use the Windows 2022 operating system. (e38ba819)
• client-sagemaker: Added NodeProvisioningMode parameter to UpdateCluster API to determine how instance provisioning is handled during cluster operations; in Continuous mode. Added VpcId field in UpdateDomain request for SageMaker Unified Studio domains with no VPC to add a customer VPC. (382a2ff3)
• client-s3vectors: Amazon S3 Vectors provides cost-effective, elastic, and durable vector storage for queries based on semantic meaning and similarity. (cb2626e6)
• client-accessanalyzer: New field totalActiveErrors added to getFindingsStatistics response. (595167c7)
• client-s3tables: Adds support for tagging APIs for S3 Tables (4c268176)
• client-ec2: Add Amazon EC2 R8a instance types (7cb13679)
• client-identitystore: IdentityStore API: added new KMSExceptionReason fields to the Exception object; added multiple new fields to the User APIs - UserStatus, Birthdate, Website and Photos; added multiple new metadata fields for User, Groups and Membership APIs - CreatedAt, CreatedBy, UpdatedAt and UpdatedBy. (28d85047)
• client-quicksight: Support for New Data Prep Experience (02e87fe9)
• client-ssm: Provides NoLongerSupportedException error message (70be2a35)
• client-backup: AWS Backup now supports customer-managed keys (CMK) for logically air-gapped vaults, enabling customers to maintain full control over their encryption key lifecycle. This feature helps organizations meet specific internal governance requirements or external regulatory compliance standards. (b83f5f99)

---

For list of updated packages, view updated-packages.md in assets-3.926.0.zip

... (truncated)

Changelog

Sourced from

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

[github-actions]

✅ Changeset detected - Thanks for adding release notes!

[github-actions]

⚠️ No Changeset Detected

This pull request modifies code that affects the following packages (detected by Nx):

Affected Packages:

• @aligent/cdk-basic-auth
• @aligent/cdk-cloudfront-security-headers
• @aligent/cdk-esbuild
• @aligent/cdk-feature-env-handlers
• @aligent/cdk-geoip-redirect
• @aligent/cdk-graphql-mesh-server
• @aligent/cdk-header-change-detection
• @aligent/cdk-prerender-fargate
• @aligent/cdk-prerender-proxy
• @aligent/cdk-rabbitmq
• @aligent/cdk-shared-vpc
• @aligent/cdk-static-hosting
• @aligent/cdk-step-function-from-file
• @aligent/cdk-waf

If this PR should trigger a release:

yarn changeset

Follow the prompts to select the affected packages and describe your changes.

If this PR should NOT trigger a release:

• Documentation-only changes
• Internal refactoring with no API changes
• Test updates
• Build/CI configuration changes
• Changes only to root files (package.json, workflows, etc.)

In this case, no action is needed - this comment is just a reminder for reviewers.

This check uses Nx to accurately detect which packages are affected by your changes. If you're unsure whether a changeset is needed, please ask a maintainer!

🔧 Commands & Tips

# Add a changeset for your changes
yarn changeset

# Check which packages Nx thinks are affected
npx nx show projects --affected

# Check current changeset status
yarn changeset:status

# Add an empty changeset if no release needed
yarn changeset --empty

Pro tip: When running yarn changeset, select only the packages listed above that you actually changed the public API of.