AWS CDK L2 Constructs Unsupported Properties @badmintoncryer
Last Updated: 2025/04/17 00:39:37
This page displays a list of unsupported properties in AWS CDK L2 constructs. For more details, visit this materials.
Currently, only support direct inline props properly, and cases using the spread operator are not supported. Even if they are actually supported in L2, they are still counted as unsupported properties.
Direct Inline Props
new CfnConstruct(scope, 'Resource', {
hoge: 'hoge',
fuga: 123,
});Spread operator Props (false positive)
const props = {
hoge: 'hoge',
fuga: 123,
};
new CfnConstruct(scope, 'Resource', {
...props,
});aws-amplify-alpha - CfnApp
- computeRoleArn
aws-amplify-alpha - CfnBranch
- backend
- computeRoleArn
- enableSkewProtection
- framework
aws-apigateway - CfnBasePathMapping
- id
aws-apigateway - CfnDomainName
- ownershipVerificationCertificateArn
aws-apigateway - CfnRestApi
- apiKeySourceType
- binaryMediaTypes
- cloneFrom
- description
- mode
aws-apigateway - CfnStage
- canarySetting
aws-apigatewayv2 - CfnApi
- basePath
- body
- bodyS3Location
- corsConfiguration
- credentialsArn
- disableExecuteApiEndpoint
- disableSchemaValidation
- failOnWarnings
- routeKey
- target
- version
aws-apigatewayv2 - CfnAuthorizer
- authorizerCredentialsArn
- authorizerPayloadFormatVersion
- authorizerResultTtlInSeconds
- enableSimpleResponses
- identityValidationExpression
- jwtConfiguration
aws-apigatewayv2 - CfnIntegration
- connectionId
- connectionType
- description
- integrationSubtype
- payloadFormatVersion
- responseParameters
- tlsConfig
aws-apigatewayv2 - CfnRoute
- authorizationScopes
- modelSelectionExpression
- operationName
- requestModels
- requestParameters
aws-apigatewayv2 - CfnStage
- accessLogSettings
- accessPolicyId
- clientCertificateId
- deploymentId
- routeSettings
- stageVariables
aws-appconfig - CfnConfigurationProfile
- deletionProtectionCheck
- kmsKeyIdentifier
aws-applicationautoscaling - CfnScalableTarget
- suspendedState
aws-applicationautoscaling - CfnScalingPolicy
- predictiveScalingPolicyConfiguration
- resourceId
- scalableDimension
- serviceNamespace
- stepScalingPolicyConfiguration
aws-appsync - CfnDataSource
- dynamoDbConfig
- elasticsearchConfig
- eventBridgeConfig
- httpConfig
- lambdaConfig
- metricsConfig
- openSearchServiceConfig
- relationalDatabaseConfig
- type
aws-appsync - CfnFunctionConfiguration
- requestMappingTemplateS3Location
- responseMappingTemplateS3Location
- syncConfig
aws-appsync - CfnGraphQLApi
- enhancedMetricsConfig
aws-appsync - CfnResolver
- metricsConfig
- requestMappingTemplateS3Location
- responseMappingTemplateS3Location
- syncConfig
aws-autoscaling - CfnScalingPolicy
- adjustmentType
- metricAggregationType
- minAdjustmentMagnitude
- predictiveScalingConfiguration
- scalingAdjustment
- stepAdjustments
aws-batch - CfnComputeEnvironment
- computeResources
- context
- eksConfiguration
- replaceComputeEnvironment
- updatePolicy
aws-batch - CfnJobDefinition
- consumableResourceProperties
- containerProperties
- ecsProperties
- eksProperties
- parameters
- retryStrategy
- schedulingPriority
- timeout
aws-certificatemanager - CfnCertificate
- certificateTransparencyLoggingPreference
- domainValidationOptions
- validationMethod
aws-chatbot - CfnSlackChannelConfiguration
- customizationResourceArns
aws-cloudfront - CfnFunction
- functionMetadata
aws-cloudtrail - CfnTrail
- advancedEventSelectors
aws-cloudwatch - CfnAlarm
- dimensions
- extendedStatistic
- metricName
- metrics
- namespace
- period
- statistic
- thresholdMetricId
- unit
aws-codebuild - CfnFleet
- fleetProxyConfiguration
- fleetServiceRole
- fleetVpcConfig
- imageId
- overflowBehavior
- scalingConfiguration
aws-codebuild - CfnProject
- resourceAccessRole
aws-codebuild - CfnSourceCredential
- username
aws-codedeploy - CfnDeploymentGroup
- blueGreenDeploymentConfiguration
- deployment
- ec2TagFilters
- ecsServices
- onPremisesInstanceTagFilters
- outdatedInstancesStrategy
- triggerConfigurations
aws-codestarnotifications - CfnNotificationRule
- eventTypeId
- targetAddress
aws-cognito - CfnUserPool
- emailAuthenticationMessage
- emailAuthenticationSubject
aws-cognito - CfnUserPoolClient
- accessTokenValidity
- authSessionValidity
- idTokenValidity
- refreshTokenValidity
- tokenValidityUnits
aws-config - CfnConfigRule
- compliance
aws-docdb - CfnDBCluster
- availabilityZones
- manageMasterUserPassword
- masterUserSecretKmsKeyId
- restoreToTime
- restoreType
- rotateMasterUserPassword
- serverlessV2ScalingConfiguration
- snapshotIdentifier
- sourceDbClusterIdentifier
- useLatestRestorableTime
aws-docdb - CfnDBInstance
- certificateRotationRestart
aws-dynamodb - CfnTable
- onDemandThroughput
aws-ec2 - CfnClientVpnEndpoint
- disconnectOnSessionTimeout
- tagSpecifications
aws-ec2 - CfnInstance
- additionalInfo
- affinity
- cpuOptions
- elasticGpuSpecifications
- elasticInferenceAccelerators
- hostId
- hostResourceGroupArn
- ipv6Addresses
- kernelId
- launchTemplate
- licenseSpecifications
- privateDnsNameOptions
- ramdiskId
- securityGroups
- ssmAssociations
- tenancy
- volumes
aws-ec2 - CfnNetworkAclEntry
- cidrBlock
- icmp
- ipv6CidrBlock
- portRange
- protocol
aws-ec2 - CfnVolume
- outpostArn
aws-ec2 - CfnVPCEndpoint
- dnsOptions
- ipAddressType
- privateDnsEnabled
- resourceConfigurationArn
- securityGroupIds
- serviceNetworkArn
- serviceRegion
- subnetIds
aws-ec2 - CfnVPNConnection
- enableAcceleration
- localIpv4NetworkCidr
- localIpv6NetworkCidr
- outsideIpAddressType
- remoteIpv4NetworkCidr
- remoteIpv6NetworkCidr
- transitGatewayId
- transportTransitGatewayAttachmentId
- tunnelInsideIpVersion
aws-ecs - CfnCluster
- capacityProviders
- defaultCapacityProviderStrategy
- serviceConnectDefaults
aws-efs - CfnFileSystem
- bypassPolicyLockoutSafetyCheck
aws-eks - CfnAccessEntry
- kubernetesGroups
- username
aws-eks - CfnAddon
- configurationValues
- podIdentityAssociations
- resolveConflicts
- serviceAccountRoleArn
aws-eks - CfnNodegroup
- version
aws-elasticloadbalancing - CfnLoadBalancer
- accessLoggingPolicy
- appCookieStickinessPolicy
- availabilityZones
- connectionDrainingPolicy
- connectionSettings
- lbCookieStickinessPolicy
- loadBalancerName
- policies
aws-elasticloadbalancingv2 - CfnListener
- alpnPolicy
- certificates
- loadBalancerArn
- mutualAuthentication
- port
- protocol
- sslPolicy
aws-elasticloadbalancingv2 - CfnLoadBalancer
- enablePrefixForIpv6SourceNat
- enforceSecurityGroupInboundRulesOnPrivateLinkTraffic
- ipAddressType
- ipv4IpamPoolId
- securityGroups
- type
aws-elasticloadbalancingv2 - CfnTargetGroup
- port
- protocol
- protocolVersion
aws-elasticsearch - CfnDomain
- accessPolicies
- domainArn
aws-events - CfnEventBus
- policy
aws-events - CfnEventBusPolicy
- action
- condition
- principal
aws-events - CfnRule
- roleArn
aws-fsx - CfnFileSystem
- ontapConfiguration
- openZfsConfiguration
- windowsConfiguration
aws-gamelift-alpha - CfnFleet
- anywhereConfiguration
- applyCapacity
- computeType
- instanceRoleCredentialsProvider
- logPaths
- metricGroups
- scalingPolicies
- scriptId
- serverLaunchParameters
- serverLaunchPath
aws-glue-alpha - CfnDatabase
- databaseName
aws-glue-alpha - CfnJob
- allocatedCapacity
- executionClass
- jobMode
- logUri
- maintenanceWindow
- maxCapacity
- nonOverridableArguments
- notificationProperty
aws-iam - CfnGroup
- policies
aws-iam - CfnSAMLProvider
- addPrivateKey
- assertionEncryptionMode
- privateKeyList
- removePrivateKey
aws-iam - CfnUser
- policies
aws-iotevents-alpha - CfnInput
- inputDescription
aws-kinesis - CfnStream
- desiredShardLevelMetrics
- streamModeDetails
aws-kinesisfirehose - CfnDeliveryStream
- amazonOpenSearchServerlessDestinationConfiguration
- amazonopensearchserviceDestinationConfiguration
- databaseSourceConfiguration
- directPutSourceConfiguration
- elasticsearchDestinationConfiguration
- extendedS3DestinationConfiguration
- httpEndpointDestinationConfiguration
- icebergDestinationConfiguration
- kinesisStreamSourceConfiguration
- mskSourceConfiguration
- redshiftDestinationConfiguration
- s3DestinationConfiguration
- snowflakeDestinationConfiguration
- splunkDestinationConfiguration
aws-kms - CfnKey
- bypassPolicyLockoutSafetyCheck
- origin
aws-lambda - CfnEventSourceMapping
- documentDbEventSourceConfig
- queues
aws-lambda - CfnFunction
- tracingConfig
aws-lambda - CfnVersion
- policy
- runtimePolicy
aws-location-alpha - CfnGeofenceCollection
- pricingPlan
- pricingPlanDataSource
aws-location-alpha - CfnMap
- pricingPlan
aws-location-alpha - CfnPlaceIndex
- pricingPlan
aws-location-alpha - CfnRouteCalculator
- pricingPlan
aws-location-alpha - CfnTracker
- pricingPlan
- pricingPlanDataSource
aws-logs - CfnLogGroup
- fieldIndexPolicies
aws-logs - CfnMetricFilter
- applyOnTransformedLogs
aws-logs - CfnQueryDefinition
- queryLanguage
aws-logs - CfnSubscriptionFilter
- applyOnTransformedLogs
aws-msk-alpha - CfnCluster
- currentVersion
aws-neptune-alpha - CfnDBCluster
- availabilityZones
- dbInstanceParameterGroupName
- restoreToTime
- restoreType
- snapshotIdentifier
- sourceDbClusterIdentifier
- useLatestRestorableTime
aws-neptune-alpha - CfnDBInstance
- allowMajorVersionUpgrade
- dbSnapshotIdentifier
- dbSubnetGroupName
- preferredMaintenanceWindow
aws-opensearchservice - CfnDomain
- accessPolicies
- domainArn
- identityCenterOptions
- skipShardMigrationWait
aws-rds - CfnDBCluster
- allocatedStorage
- associatedRoles
- autoMinorVersionUpgrade
- availabilityZones
- backtrackWindow
- backupRetentionPeriod
- clusterScalabilityType
- copyTagsToSnapshot
- databaseInsightsMode
- databaseName
- dbClusterIdentifier
- dbClusterInstanceClass
- dbClusterParameterGroupName
- dbInstanceParameterGroupName
- dbSubnetGroupName
- dbSystemId
- deletionProtection
- domain
- domainIamRoleName
- enableCloudwatchLogsExports
- enableGlobalWriteForwarding
- enableHttpEndpoint
- enableIamDatabaseAuthentication
- enableLocalWriteForwarding
- engine
- engineLifecycleSupport
- engineMode
- engineVersion
- globalClusterIdentifier
- iops
- manageMasterUserPassword
- masterUserSecret
- monitoringInterval
- monitoringRoleArn
- networkType
- performanceInsightsEnabled
- performanceInsightsKmsKeyId
- performanceInsightsRetentionPeriod
- port
- preferredBackupWindow
- preferredMaintenanceWindow
- publiclyAccessible
- replicationSourceIdentifier
- restoreToTime
- restoreType
- scalingConfiguration
- serverlessV2ScalingConfiguration
- snapshotIdentifier
- sourceDbClusterIdentifier
- sourceRegion
- storageEncrypted
- storageType
- useLatestRestorableTime
- vpcSecurityGroupIds
aws-rds - CfnDBInstance
- allocatedStorage
- allowMajorVersionUpgrade
- applyImmediately
- associatedRoles
- automaticBackupReplicationKmsKeyId
- automaticBackupReplicationRegion
- automaticBackupReplicationRetentionPeriod
- autoMinorVersionUpgrade
- availabilityZone
- backupRetentionPeriod
- caCertificateIdentifier
- certificateRotationRestart
- copyTagsToSnapshot
- customIamInstanceProfile
- dbClusterIdentifier
- dbClusterSnapshotIdentifier
- dbInstanceClass
- dbInstanceIdentifier
- dbName
- dbParameterGroupName
- dbSecurityGroups
- dbSnapshotIdentifier
- dbSubnetGroupName
- dbSystemId
- dedicatedLogVolume
- deleteAutomatedBackups
- deletionProtection
- domain
- domainAuthSecretArn
- domainDnsIps
- domainFqdn
- domainIamRoleName
- domainOu
- enableCloudwatchLogsExports
- enableIamDatabaseAuthentication
- enablePerformanceInsights
- engine
- engineLifecycleSupport
- engineVersion
- iops
- licenseModel
- manageMasterUserPassword
- masterUserSecret
- maxAllocatedStorage
- monitoringInterval
- monitoringRoleArn
- multiAz
- ncharCharacterSetName
- networkType
- optionGroupName
- performanceInsightsKmsKeyId
- performanceInsightsRetentionPeriod
- port
- preferredBackupWindow
- preferredMaintenanceWindow
- processorFeatures
- promotionTier
- publiclyAccessible
- replicaMode
- restoreTime
- sourceDbClusterIdentifier
- sourceDbInstanceAutomatedBackupsArn
- sourceDbInstanceIdentifier
- sourceDbiResourceId
- sourceRegion
- storageThroughput
- storageType
- tdeCredentialArn
- tdeCredentialPassword
- timezone
- useDefaultProcessorFeatures
- useLatestRestorableTime
- vpcSecurityGroups
aws-rds - CfnOptionGroup
- optionGroupName
aws-redshift-alpha - CfnCluster
- aquaConfigurationStatus
- availabilityZone
- availabilityZoneRelocationStatus
- clusterSecurityGroups
- clusterVersion
- deferMaintenance
- deferMaintenanceDuration
- deferMaintenanceEndTime
- deferMaintenanceStartTime
- destinationRegion
- endpoint
- hsmClientCertificateIdentifier
- hsmConfigurationIdentifier
- manageMasterPassword
- manualSnapshotRetentionPeriod
- masterPasswordSecretKmsKeyId
- namespaceResourcePolicy
- ownerAccount
- revisionTarget
- rotateEncryptionKey
- snapshotClusterIdentifier
- snapshotCopyGrantName
- snapshotCopyManual
- snapshotCopyRetentionPeriod
- snapshotIdentifier
aws-redshift-alpha - CfnClusterParameterGroup
- parameterGroupName
aws-route53 - CfnRecordSet
- cidrRoutingConfig
- failover
- geoProximityLocation
- hostedZoneName
aws-route53resolver-alpha - CfnFirewallRuleGroupAssociation
- mutationProtection
- name
aws-s3 - CfnBucket
- analyticsConfigurations
- metadataTableConfiguration
- notificationConfiguration
aws-secretsmanager - CfnResourcePolicy
- blockPublicPolicy
aws-servicecatalog - CfnCloudFormationProduct
- productType
- sourceConnection
aws-servicediscovery - CfnPrivateDnsNamespace
- properties
aws-servicediscovery - CfnPublicDnsNamespace
- properties
aws-servicediscovery - CfnService
- serviceAttributes
aws-signer - CfnSigningProfile
- profileName
aws-sns - CfnSubscription
- replayPolicy
aws-sns - CfnTopic
- dataProtectionPolicy
- subscription
aws-sqs - CfnQueue
- contentBasedDeduplication
- deduplicationScope
- fifoQueue
- fifoThroughputLimit
- kmsDataKeyReusePeriodSeconds
- kmsMasterKeyId
- sqsManagedSseEnabled
aws-stepfunctions - CfnStateMachine
- definition
- definitionS3Location
- definitionString
aws-synthetics - CfnCanary
- deleteLambdaResourcesOnCanaryDeletion
- visualReference