Title -> AWS::ACM::PCA
Scope of request -> Manages an ACM Private CA Resource
Expected behavior -> Create, Update and Delete a Private CA
Test case recommendation (optional) ->
Links to existing API doc (optional) -> https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
Category tag (optional) -> ACM

1. Title -> AWS::KinesisFirehose::DeliveryStream-ExtendedS3DestinationConfiguration & KinesisStreamSourceConfiguration
2. Scope of request -> AWS::KinesisFirehose::DeliveryStream-ExtendedS3DestinationConfiguration & KinesisStreamSourceConfiguration does not support Error Output Prefixes.
3. Expected behavior -> CloudFormation should allow customers to specify Error Output Prefixes on Kinsesis Firehose Delivery Streams
4. Test case recommendation (optional) ->
5. Links to existing API doc (optional) -> https://docs.aws.amazon.com/cli/latest/reference/firehose/create-delivery-stream.html
6. Category tag (optional) -> Analytics
7. Any additional context (optional)

1. Title -> Customers want to set ZoneAwarenessConfig in Elastic Search
2. Scope of request -> Add two configuration options: ZoneAwarenessConfig and ZoneAwarenessEnabled
3. Expected behavior -> See API docs.
4. Test case recommendation (optional) ->
5. Links to existing API doc (optional) ->https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-configuration-api.html#es-configuration-api-datatypes-elasticsearchclusterconfig
6. Category tag (optional) -> Analytics
7. Any additional context (optional)

Title -> AWS::XRay::SamplingRule
Scope of request -> Manages X-Ray sampling rule resources
Expected behavior -> Create, Update and Delete X-Ray sampling rules
Test case recommendation (optional) ->

SamplingRule:
    Type: "AWS::XRay::SamplingRule"
    Properties:
        RuleName: "mySamplingRule"
        ResourceArn: "*"
        Priority: 10
        FixedRate: 0.05
        ReservoirSize: 1
        ServiceName: "*"
        ServiceType: "*"
        Host: "*"
        HttpMethod: "*"
        UrlPath: "*"
        Version: 1
        Attributes:
          - Key: "Origin"
            Value: "example.com"

Links to existing API doc (optional) -> https://docs.aws.amazon.com/xray/latest/api/API_CreateSamplingRule.html
Category tag (optional) -> Developer Tools, X-Ray

Quick Sample Summary:

1. Title -> Add Aurora cloning support within CloudFormation templates.
2. Scope of request -> Be able to set and update cloning properties when creating or updating Aurora databases.
3. Expected behavior -> Follow the options available via the console and CLI.
4. Test case recommendation (optional) ->
5. Links to existing API doc (optional) -> Maybe similar functionality to
   https://docs.aws.amazon.com/cli/latest/reference/rds/restore-db-cluster-to-point-in-time.html
6. Category tag (optional) -> Databases
7. Any additional context (optional)

Title -> AWS::Glue::Job
Scope of request -> AWS::Glue::Job currently does not support setting the MaxCapacity. It only allows setting the AllocatedCapacity, which is officially deprecated in the documentation and does not have the effect to control the number of DPU's for a Glue Job.
Expected behavior -> It should be possible to set the MaxCapacity property for a Glue Job via CFN
Test case recommendation (optional) ->
Links to existing API doc (optional) -> https://docs.aws.amazon.com/glue/latest/dg/aws-glue-api-jobs-job.html
Category tag (optional) -> Glue

1. Title -> AWS::EC2::VPNConnection-TransitGatewayId (new property) to support Transit Gateway
2. Scope of request -> Allow this property to be supported via Cloudformation to support usage of Transit Gateway
3. Expected behavior -> When a user adds a TransitGatewayId, CloudFormation passes that Id to the VPN Connection request.
4. Test case recommendation (optional) ->
5. Links to existing API doc (optional) -> https://docs.aws.amazon.com/cli/latest/reference/ec2/create-vpn-connection.html
6. Category tag (optional) -> Compute
7. Any additional context (optional) -> Usage of Transit Gateway isn't sufficient until this requirement is satisfied.

1. Title -> AWS::S3::Bucket-Transition-StorageClass OneZoneIA & Intelligent Tiering
2. Scope of request -> AWS::S3::Bucket-Transition-StorageClass support to be added for "OneZoneIA and Intelligent Tiering"
3. Expected behavior -> When creating an S3 Bucket Transition Policy, it should be possible to add OneZoneIA and Intelligent Tiering as an option for the Storage Class property
4. Test case recommendation (optional) ->
5. Links to existing API doc (optional) -> https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-lifecycleconfig-rule-transition.html#aws-properties-s3-bucket-lifecycleconfig-rule-transition-properties
6. Category tag (optional) -> Storage
7. Any additional context (optional)

1. Objective -> DynamoDB Encryption@Rest will now allow customers to update the SSESpecification of an existing tables with no interruption via the UpdateTable API and a SSESpecification.

2. Scope of request -> It's in public SDK now: https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_UpdateTable.html#DDB-UpdateTable-request-SSESpecification

3. Expected behavior -> Match the public APIs.

4. Test case recommendation (optional) -> Match the public APIs.

5. Links to existing API doc (optional) -> See 2 above.

6. Category tag (optional) -> Database

7. Any additional context (optional) -> Existing customers leverage CloudFormation templates for creating/updating DynamoDB tables. Given we are allowing them to change their tables without delete, any existing customers that want to leverage the new feature using their CloudFormation templates, would need CloudFormation support for the same. It will enable easy adoption for the feature for our existing and new customers. Future and existing customers who wishes to specify KMSMasterKeyId will be able to specify and update KMSMasterKeyId without deleting their table.

1. Title -> AWS::KinesisFirehose::DeliveryStream-DataFormatConversion
2. Scope of request -> Support new Data Formation Conversation (convert from JSON to parquet/ORC before writing to s3) in Kinesis Firehose
3. Expected behavior -> When creating a Kinesis Firehose, a customer should be able to specify the data conversion format
4. Test case recommendation (optional) -> when the stream dumps to an s3 bucket, the data should be in the parquet/orc format
5. Links to existing API doc (optional) -> https://docs.aws.amazon.com/firehose/latest/APIReference/API_CreateDeliveryStream.html
6. Category tag (optional) -> Analytics
7. Any additional context (optional)

1. Title -> RDS now supports the association of an AWS Identity and Access Management (IAM) role with a DB instance. It will be useful for our customers to have support for this feature within CloudFormation.
2. Scope of request -> Add roles when creating, and when updating existing resources.
3. Expected behavior -> See relevant documentation:

• AddRoleToDBInstance: https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_AddRoleToDBInstance.html
• RemoveRoleFromDBInstance: https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_RemoveRoleFromDBInstance.html
• AddRoleToDBCluster: https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_AddRoleToDBCluster.html
• RemoveRoleFromDBCluster: https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_RemoveRoleFromDBCluster.html

4. Test case recommendation (optional) ->
5. Links to existing API doc (optional) ->
6. Category tag (optional) -> Databases
7. Any additional context (optional)

1. Title -> AWS::Organizations::OU
2. Scope of request -> Create and manage a new OU inside an AWS Organization
3. Expected behavior -> A new OU is created and has the root parent OU or root
4. Test case recommendation (optional) ->
5. Links to existing API doc (optional) -> https://docs.aws.amazon.com/organizations/latest/APIReference/API_CreateOrganizationalUnit.html
6. Category tag (optional) -> Organizations

1. Adding tag support for the following:

AWS::ApiGateway::RestApi
AWS::ApiGateway::VpcLink
AWS::ApiGateway::UsagePlan
AWS::ApiGateway::ApiKey
AWS::ApiGateway::ClientCertificate
AWS::ApiGateway::DomainName

2. Scope of request -> The resources above will support tags from CloudFormation.
3. Expected behavior -> In Create or Update, it should allow the creation of tags.
4. Test case recommendation (optional) -> Test for updating existing CloudFormation resources.
5. Links to existing API doc (optional) -> https://docs.aws.amazon.com/apigateway/api-reference/resource/api-key and others
6. Category tag (optional) -> Networking & Content Delivery
7. Any additional context (optional)

1. Title -> Specifying KMSKeyID for additional EBS data volumes through BlockDeviceMapping is already available via API.
2. Scope of request -> Allow specifying this in CloudFormation for EC2 instances.
3. Expected behavior -> see API.
4. Test case recommendation (optional) ->
5. Links to existing API doc (optional) -> https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_EbsBlockDevice.html
6. Category tag (optional) -> Compute
7. Any additional context (optional)

1. Title -> AWS::ECS::Cluster & AWS::ECS::Service & AWS::ECS::TaskDefinition - support tagging
2. Scope of request -> For all features of ECS, support tagging
3. Expected behavior -> when a tag gets added to any ECS resource, add that tag to the provisioned resource as well
4. Test case recommendation (optional) ->
5. Links to existing API doc (optional) ->
6. Category tag (optional) -> Compute
7. Any additional context (optional)

1. Title -> Allow CPU options to be specified during instance launch.
2. Scope of request -> As the API, allow for CoreCount and ThreadsPerCore
3. Expected behavior -> See 2.
4. Test case recommendation (optional) ->
5. Links to existing API doc (optional) -> https://docs.aws.amazon.com/cli/latest/reference/ec2/run-instances.html
6. Category tag (optional) -> Compute
7. Any additional context (optional)

Title -> AWS::Glue::Workflow
Scope of request -> Manages Glue Workflow Resources
Expected behavior -> Create, Update and Delete Glue Workflows
Test case recommendation (optional) ->
Links to existing API doc (optional) -> https://docs.aws.amazon.com/glue/latest/dg/aws-glue-api-workflow.html
Category tag (optional) -> Glue

1. Title

AWS::SES::ConfigurationSetEventDestination-EventDestination-SNS

2. Scope of request

You can't set up a SNS Topic as a SES Configuration Set Event Destination via CloudFormation. At the moment you can only specify CloudWatch or Kinesis Firehose.

3. Expected behavior

Specify an SNS Topic ARN to set that as an Event Destination.
Ensure that you can only specify ONE event destination (CloudWatch OR Kinesis Firehose OR SNS Topic).

4. Test case recommendation (optional)

5. Links to existing API doc (optional)

https://docs.aws.amazon.com/ses/latest/APIReference/API_DescribeConfigurationSet.html
Can use that to check what event destination if any is set up
https://docs.aws.amazon.com/ses/latest/APIReference/API_CreateConfigurationSetEventDestination.html
Create event destination association
https://docs.aws.amazon.com/ses/latest/APIReference/API_UpdateConfigurationSetEventDestination.html
Update
https://docs.aws.amazon.com/ses/latest/APIReference/API_DeleteConfigurationSetEventDestination.html
Delete

6. Category tag (optional)

Integration

7. Any additional context (optional)

None.

Quick Sample Summary:

1. Title -> AWS::S3::Bucket - (new property) Object Lock
2. Scope of request -> AWS::S3::Bucket - buckets should support object lock configurations, to allow a Write Once Read Many (WORM) model.
3. Expected behavior -> When a user creates a bucket with an Object Lock Policy, it should no longer be writable but still continue to be readable
4. Test case recommendation (optional) -> once a bucket is created and locked, it should no longer be writable
5. Links to existing API doc (optional) -> https://docs.aws.amazon.com/cli/latest/reference/s3api/put-object-lock-configuration.html
6. Category tag (optional) -> Storage
7. Any additional context (optional)

AllowedOAuthFlowsUserPoolClient can be set by the API, but not with CloudFormation. It must be set to enable the OAuth flows and is needed for #47

Create and Update are both supported without replacement.

https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPoolClient.html#CognitoUserPools-CreateUserPoolClient-request-AllowedOAuthFlowsUserPoolClient

Category: Security, Identity, & Compliance

1. Title -> AWS::Config::OrganizationConfigRule
2. Scope of request -> Can create resource via API, but not via CloudFormation.
3. Expected behavior -> Should be possible to create, update and delete organization config rules as API supports.
4. Test case recommendation (optional)
5. Links to existing API doc (optional) -> https://docs.aws.amazon.com/config/latest/APIReference/API_PutOrganizationConfigRule.html & https://docs.aws.amazon.com/config/latest/APIReference/API_DeleteOrganizationConfigRule.html
6. Category tag (optional) -> Management

Scope of request

AWS::ElasticSearch:Domain-LogPublishingOptions to turn on logging for AES. It should support all existing (3 as of this writing) log types and ideally future log types.

Expected behavior

See API docs.

Links to existing API doc

https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-configuration-api.html#es-configuration-api-datatypes-logpublishingoptions

Category tag

Analytics

1. Title -> AWS::Events::Rule -> Target -> BatchParameters (new properties), should work for Batch - it should support scheduling of tasks.
2. Scope of request -> Add ArrayProperties, JobDefinition, JobName, RetryStrategy as valid properties in AWS::Events::Rule --> Target --> BatchParameters
3. Expected behavior ->
4. Test case recommendation (optional) ->
5. Links to existing API doc (optional) ->
6. Category tag (optional) -> Compute
7. Any additional context (optional)
   CWE BatchParameters: https://docs.aws.amazon.com/eventbridge/latest/APIReference/API_BatchParameters.html

1. Title -> AWS::EC2::Host - (new property) Host Recovery
2. Scope of request -> AWS::EC2::Host - allow customers to specify whether or not to disable host recovery for the dedicated host
3. Expected behavior -> When a user supplies this property, CloudFormation should pass it via the api
4. Test case recommendation (optional) ->
5. Links to existing API doc (optional) -> https://docs.aws.amazon.com/cli/latest/reference/ec2/allocate-hosts.html
6. Category tag (optional) -> Compute
7. Any additional context (optional)

1. Title -> ECS splunk logging driver with secrets in AWS::ECS::TaskDefinition
2. Scope of request -> Add secret support for splunk logging driver in ECS task definition
3. Expected behavior ->
4. Test case recommendation (optional) ->
5. Links to existing API doc (optional) ->
6. Category tag (optional) -> Compute
7. Any additional context (optional)

1. Title

AWS::ACM::Certificate-ExistingAttribute-BetterDX

2. Scope of request

other coverage-related issue with the resource/attribute/option

AWS::ACM::Certificate is basically the canonical example of why Custom Resources are needed. It would be great if I could create an ACM cert in CloudFormation and cfn will handle the adding the DNS records.

3. Expected behavior

Samples:

In Create, it should create the cert request, add the records to the DNS hosted Zone (maybe accept a Hosted Zone as a parameter?).

in Update, (Can ACM Certs be updated?)

4. Suggest specific test cases

it should help me create an ACM Certificate given that the same account is the authority for the domain name used in the certificate.

5. Helpful Links to speed up research and evaluation.

The Stack should not stay in "Pending" until I do some manual step, it should do it for me.

Updated API docs at https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-certificatemanager-certificate.html

6. Category (required) - Networking & Content

7. Any additional context (optional)

If you add this, you'll replace DynamoDB as my second favorite service team ;)

1. Title -> AWS::CloudTrail::Trail-IsOrganizationTrail
2. Scope of request -> AWS::CloudTrail::Trail does not support IsOrganizationTrail attribute.
3. Expected behavior -> It should pass parameter to API.
4. Test case recommendation (optional)
5. Links to existing API doc (optional) -> https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_CreateTrail.html#awscloudtrail-CreateTrail-request-IsOrganizationTrail
6. Category tag (optional) -> Management

AllowedOAuthFlows can be set by the API, but not with CloudFormation

Create and Update are both supported without replacement.

https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPoolClient.htm
https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPoolClient.html

Category: Security, Identity, & Compliance

1. Title -> AWS::Organizations::AttachPolicy
2. Scope of request -> Attaches an existing SCP Policy to an existing OU
3. Expected behavior -> An existing policy is attached to an OU.
4. Test case recommendation (optional) ->
5. Links to existing API doc (optional) -> https://docs.aws.amazon.com/organizations/latest/APIReference/API_AttachPolicy.html
6. Category tag (optional) -> Organizations

Uses the outputs of #33 and #34 to attach a policy to an OU.

Title -> AWS::IAM::SAMLProvider

Scope of request -> Ability to natively create a SAML provider in CloudFormation, currently a custom resource is required.

Expected behavior -> A SAML provider is created, updated or removed. Metadata file could potentially be referenced as an s3 URI similar to a custom resource with CloudFormation package support to upload a local metadata file.
An Update should update the metadata file.

Category (required) -> Security / IAM

Quick Sample Summary:

1. Title -> AWS::AWS::IAM::Role does not expose the ability to add a Description to the role, which is supported in the CreateRole API.
2. Scope of request -> Allow the ability to add a description to a role when creating it. Also need to add descriptions to previously related roles.
3. Expected behavior -> Match the CreateRole API as it relates to descriptions. Also, changing descriptions to existing roles is available via the console.
4. Test case recommendation (optional) -> Cover the 2 cases above (see 3).
5. Links to existing API doc (optional) -> https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html
6. Category tag (optional) -> Security
7. Any additional context (optional)

1. Title

AWS::Redshift::Cluster-EnhancedVpcRouting

2. Scope of request

new attribute for an existing resource is desired

3. Expected behavior

4. Suggest specific test cases

5. Helpful Links to speed up research and evaluation

https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateCluster.html

https://aws.amazon.com/about-aws/whats-new/2016/09/amazon-redshift-now-supports-enhanced-vpc-routing/

6. Category (required) - Will help with tagging and be easier to find by other users to +1

3. DB (RDS, DynamoDB...)

7. Any additional context (optional)

Available since September 2016 (https://aws.amazon.com/about-aws/whats-new/2016/09/amazon-redshift-now-supports-enhanced-vpc-routing/)

1. Title -> SNS supports tagging and untagging topics, and it should be supported in CloudFormation.
2. Scope of request -> Allow for tags on create, updating tags, etc.
3. Expected behavior -> See 2 above.
4. Test case recommendation (optional) ->
5. Links to existing API doc (optional) ->
6. Category tag (optional) -> App Integration
7. Any additional context (optional)

This was announced: https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-sns-adds-support-for-cost-allocation-tags/

1. Title -> Customers would like to be able to tag IAM Roles from a CloudFormation template, after the recent introduction of the feature. Support for tags in IAM principals has been added to Boto 3 as well.
2. Scope of request -> Add at creation, and to update existing roles.
3. Expected behavior -> See 2.
4. Test case recommendation (optional) ->
5. Links to existing API doc (optional) ->
6. Category tag (optional) -> Compute
7. Any additional context (optional)

1. Title -> AWS::CodeDeploy::DeploymentGroup-DeploymentType
2. Scope of request -> AWS::CodeDeploy::DeploymentGroup-DeploymentType supports BLUE_GREEN for Lambda but not for ECS/Fargate.
3. Expected behavior -> BlueGreen deployments for ECS/Fargate services.
4. Links to existing API doc (optional) -> Announcement: https://aws.amazon.com/blogs/devops/use-aws-codedeploy-to-implement-blue-green-deployments-for-aws-fargate-and-amazon-ecs/
5. Category tag (optional) -> Compute
6. Any additional context (optional) -> Same request as in Containers Roadmap: aws/containers-roadmap#130

1. Title -> AWS::ECS::TaskDefinition
2. Scope of request -> AWS::ECS::TaskDefinition should support the use of GPU resources as resource requirements
3. Expected behavior -> Pass through resource requirements in api call
4. Test case recommendation (optional) ->
5. Links to existing API doc (optional) -> https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-gpu.html
6. Category tag (optional) -> Compute
7. Any additional context (optional)

1. Title -> AWS::ECR::Repository - support tagging
2. Scope of request -> Support tagging for an ECR Repository
3. Expected behavior -> when a tag gets added to any ECR Repository, add that tag to the provisioned resource as well
4. Test case recommendation (optional) ->
5. Links to existing API doc (optional) ->
6. Category tag (optional) -> Compute
7. Any additional context (optional) ->

This new attribute introduced with AWS EventBridge. You can now create a new dedicated Event Bus for handling event and you can also attach Rule to it. By default if event-bus-name is missing from parameter. It will be attach to CloudWatch default Bus.

On create/update with the event-bus-name it should attach to the Event Bus specified
On create/update without event-bus-name it should attach to the default Bus

https://docs.aws.amazon.com/cli/latest/reference/events/put-rule.html

Category: Integration (AWS EventBus)

1. Title -> AWS::ElasticLoadBalancingV2::ListenerRule - Arbitrary header based routing
2. Scope of request -> ELB recently announced support for arbitrary header based routing and CloudFormation support should follow
3. Expected behavior -> When creating a Listener Rule in CloudFormation, we should be able to specify arbitrary header based routing conditions
4. Test case recommendation (optional) ->
5. Links to existing API doc (optional) -> https://docs.aws.amazon.com/cli/latest/reference/elb/create-load-balancer-listeners.html
6. Category tag (optional) -> Networking
7. Any additional context (optional)

1. Title -> AWS::EFS::MountTarget
2. Scope of request -> AWS::EFS::MountTarget should support a !GetAtt of an IP Address
3. Expected behavior -> When using a !GetAtt on an AWS::EFS::MountTarget, an IP Address should be a valid property
4. Test case recommendation (optional) ->
5. Links to existing API doc (optional) -> https://docs.aws.amazon.com/cli/latest/reference/efs/create-mount-target.html
6. Category tag (optional) -> Storage
7. Any additional context (optional) -> This is adding a GetAtt to an existing resource

1. Title -> AWS::DirectoryService::ADConnector

2. Scope of request -> Currently AWS::DirectoryService supports SimpleAD and MicrosoftAD. Support for ADConnector should be added. This is currently supported by the API

3. Expected behavior -> Create should create a new AD Connector, Delete should delete the AD Connector. There is currently no API to Update the AD Connector.

4. Test case recommendation (optional) -> N/A

5. Links to existing API doc (optional) -> https://docs.aws.amazon.com/directoryservice/latest/devguide/API_ConnectDirectory.html

6. Category tag (optional) -> Security / DirectoryService

Add new parameters to AWS::ApiGateway::DomainName -> Security Policy, DomainNameStatus

Scope of request -> Create Domain Name API takes additional input: security policy
3. Expected behavior -> in Create, allow setting security policy. In Update, allow changing to a different security policy.
4. Test case recommendation (optional) -> Once done, get domain name should return domain name with new attributes security policy and status
5. Links to existing API doc (optional) -> API docs at https://docs.aws.amazon.com/apigateway/api-reference/resource/domain-name/
6. Category tag (optional) -> Networking/Content Delivery
7. Any additional context (optional)

1. Title -> Add support for additional Docker Run options: ipc and pid
2. Scope of request -> Allow configuration for ipc and pid in task definition
3. Expected behavior -> Should work for creates and updates
4. Test case recommendation (optional) ->
5. Links to existing API doc (optional) ->
6. Category tag (optional) -> Compute
7. Any additional context (optional)

1. Title -> Add support for additional Docker Run options: interactive, pseudoTerminal, systemControls
2. Scope of request -> Allow configuration for ipc and pid in task definition
3. Expected behavior -> Should work for creates and updates
4. Test case recommendation (optional) ->
5. Links to existing API doc (optional) ->
6. Category tag (optional) -> Compute
7. Any additional context (optional)

CloudWatch Event recently got rebranded as EventBridge and introduced new dedicated EventBus.

When create a new Event Bus should be created.
When update existing Bus should raise Error
When delete the Bus should be deleted unless there is event rule attached to it

https://docs.aws.amazon.com/cli/latest/reference/events/index.html#cli-aws-events

Category: Integration (AWS EventBus)

1. Title -> AWS::Events::Rule -> Target -> EcsParameters (new properties), should work for ECS and Fargate - it should support scheduling of tasks.
2. Scope of request -> Add Group, LaunchType, NetworkConfiguration and PlatformVersion as valid properties in AWS::Events::Rule --> Target --> EcsParameters
3. Expected behavior ->
4. Test case recommendation (optional) ->
5. Links to existing API doc (optional) ->
6. Category tag (optional) -> Compute
7. Any additional context (optional)

See
CFN ECSParameters: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-ecsparameters.html
CWE ECSParameters: https://docs.aws.amazon.com/AmazonCloudWatchEvents/latest/APIReference/API_EcsParameters.html

1. Title -> AWS::EC2::TaskDefinition
2. Scope of request -> AWS::EC2::TaskDefinition currently does not support secrets, but the ECS task definition api call does.
3. Expected behavior -> Secrets should be consumed by TaskDefinition but not leaked.
4. Test case recommendation (optional) ->
5. Links to existing API doc (optional) -> https://docs.aws.amazon.com/cli/latest/reference/ecs/register-task-definition.html
6. Category tag (optional) -> Compute
7. Any additional context (optional) - > ecs containers roadmap issue: aws/containers-roadmap#97

1. Title -> AWS::EC2::Route-TransitGatewayId (new property) to support Transit Gateway
2. Scope of request -> Allow this property to be supported via Cloudformation to support usage of Transit Gateway
3. Expected behavior -> When a user adds a TransitGatewayId, CloudFormation passes that Id to the Route request.
4. Test case recommendation (optional) ->
5. Links to existing API doc (optional) -> https://docs.aws.amazon.com/cli/latest/reference/ec2/create-route.html
6. Category tag (optional) -> Compute
7. Any additional context (optional) -> Usage of Transit Gateway isn't sufficient until this requirement is satisfied.

1. Title -> AWS::Organizations::Policy
2. Scope of request -> Create and manage a SCP inside an AWS Organization
3. Expected behavior -> A new policy is created and available to be attached to an OU
4. Test case recommendation (optional) ->
5. Links to existing API doc (optional) -> https://docs.aws.amazon.com/organizations/latest/APIReference/API_CreatePolicy.html
6. Category tag (optional) -> Organizations