awsdocs
diff --git a/‎.doc_gen/metadata/bedrock-agent-runtime_metadata.yaml‎
Lines changed: 21 additions & 0 deletions b/‎.doc_gen/metadata/bedrock-agent-runtime_metadata.yaml‎
Lines changed: 21 additions & 0 deletions
diff --git a/‎.doc_gen/metadata/s3-control_metadata.yaml‎
Lines changed: 1 addition & 1 deletion b/‎.doc_gen/metadata/s3-control_metadata.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.doc_gen/validation.yaml‎
Lines changed: 1 addition & 0 deletions b/‎.doc_gen/validation.yaml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎.github/workflows/automerge-approved-prs.yml‎
Lines changed: 32 additions & 0 deletions b/‎.github/workflows/automerge-approved-prs.yml‎
Lines changed: 32 additions & 0 deletions
diff --git a/‎.github/workflows/dependabot-autoapprove.yml‎
Lines changed: 37 additions & 0 deletions b/‎.github/workflows/dependabot-autoapprove.yml‎
Lines changed: 37 additions & 0 deletions
diff --git a/‎.github/workflows/validate-doc-metadata.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/validate-doc-metadata.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.tools/test/stacks/nuke/typescript/.prettierignore‎
Lines changed: 1 addition & 0 deletions b/‎.tools/test/stacks/nuke/typescript/.prettierignore‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎.tools/test/stacks/nuke/typescript/Dockerfile‎
Lines changed: 12 additions & 0 deletions b/‎.tools/test/stacks/nuke/typescript/Dockerfile‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎.tools/test/stacks/nuke/typescript/README.md‎
Lines changed: 52 additions & 0 deletions b/‎.tools/test/stacks/nuke/typescript/README.md‎
Lines changed: 52 additions & 0 deletions
diff --git a/‎.tools/test/stacks/nuke/typescript/account_nuker.ts‎
Lines changed: 65 additions & 0 deletions b/‎.tools/test/stacks/nuke/typescript/account_nuker.ts‎
Lines changed: 65 additions & 0 deletions
@@ -32,3 +32,24 @@ bedrock-agent-runtime_InvokeFlow:
                 - javascriptv3/example_code/bedrock-agent-runtime/actions/invoke-flow.js
   services:
     bedrock-agent-runtime: {InvokeFlow}
+
+bedrock-agent-runtime_Scenario_ConverseWithFlow:
+  title: Converse with an &BRlong; flow
+  synopsis: use InvokeFlow to converse with an &BRlong; flow that includes an agent node.
+  category: Basics
+  guide_topic:
+    title: Converse with an &BRlong; flow
+    url: bedrock/latest/userguide/flows-multi-turn-invocation.html
+  languages:
+    Python:
+      versions:
+        - sdk_version: 3
+          github: python/example_code/bedrock-agent-runtime
+          sdkguide:
+          excerpts:
+            - description:
+              snippet_tags:
+                - python.example_code.bedrock-agent-runtime.flow_conversation.complete
+
+  services:
+    bedrock-agent-runtime: {InvokeFlow}
@@ -33,7 +33,7 @@ s3-control_CreateJob:
             - description: Create a legal hold off job.
               snippet_tags:
                 - s3control.java2.create_job.compliance.main  
-            - description: Create a new governance retemtion job.
+            - description: Create a new governance retention job.
               snippet_tags:
                 - s3.java2.create_governance_retemtion.main       
   services:
 
@@ -211,6 +211,7 @@ allow_list:
   - "src/main/java/com/example/acm/DeleteCert"
   - "src/main/java/com/example/acm/ImportCert"
   - "EnablePropagateAdditionalUserContextData"
+  - "StopQueryWorkloadInsightsTopContributors"
 sample_files:
   - "README.md"
   - "chat_sfn_state_machine.json"
 
@@ -0,0 +1,32 @@
+on:  # yamllint disable-line rule:truthy
+  pull_request_review:
+    types: submitted
+
+jobs:
+  approved_pr:
+    name: Automerge approved PRs
+    permissions:
+      contents: write
+      pull-requests: write
+      id-token: write
+    if: ${{ github.event.review.state == 'approved' && github.repository == 'awsdocs/aws-doc-sdk-examples' && (github.event.review.author_association == 'OWNER' || github.event.review.author_association == 'MEMBER' || github.event.review.user.login == 'aws-sdk-osds') }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: us-west-2
+          role-to-assume: arn:aws:iam::206735643321:role/ConfigureAwsCredentialsPackageRole
+          role-duration-seconds: 900
+          role-session-name: SecretsManagerFetch
+      - name: Get bot user token
+        uses: aws-actions/aws-secretsmanager-get-secrets@v2
+        with:
+          parse-json-secrets: true
+          secret-ids: |
+            OSDS,arn:aws:secretsmanager:us-west-2:206735643321:secret:github-aws-sdk-osds-automation-gebs9n
+      - name: Enable PR automerge
+        run: gh pr merge --auto --squash "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GITHUB_TOKEN: ${{ env.OSDS_ACCESS_TOKEN }}
@@ -0,0 +1,37 @@
+name: Dependabot auto-approve
+on: pull_request   # yamllint disable-line rule:truthy
+permissions:
+  pull-requests: write
+  id-token: write
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'awsdocs/aws-doc-sdk-examples' }}
+    steps:
+      - name: Get Metadata
+        id: dependabot-metadata
+        uses: dependabot/fetch-metadata@v2
+      - uses: actions/checkout@v4
+        name: Clone repo
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: us-west-2
+          role-to-assume: arn:aws:iam::206735643321:role/ConfigureAwsCredentialsPackageRole
+          role-duration-seconds: 900
+      - name: Get bot user token
+        uses: aws-actions/aws-secretsmanager-get-secrets@v2
+        with:
+          parse-json-secrets: true
+          secret-ids: |
+            OSDS,arn:aws:secretsmanager:us-west-2:206735643321:secret:github-aws-sdk-osds-automation-gebs9n
+      - name: Approve PR if not already approved
+        run: |
+          gh pr checkout "$PR_URL"
+          if [ "$(gh pr status --json reviewDecision - q .currentBranch.reviewDecision)" != "APPROVED" ]; then
+            gh pr review "$PR_URL" --approve
+          else echo "PR already approved"
+          fi
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GITHUB_TOKEN: ${{ env.OSDS_ACCESS_TOKEN }}
@@ -16,7 +16,7 @@ jobs:
       - name: checkout repo content
         uses: actions/checkout@v4
       - name: validate metadata
-        uses: awsdocs/aws-doc-sdk-examples-tools@2025.02.0
+        uses: awsdocs/aws-doc-sdk-examples-tools@2025.05.1
         with:
           doc_gen_only: "False"
           strict_titles: "True"
@@ -0,0 +1 @@
+cdk.out/
@@ -0,0 +1,12 @@
+FROM ghcr.io/ekristen/aws-nuke:v3.42.0
+ENV AWS_SDK_LOAD_CONFIG=1 \
+    AWS_DEBUG=true
+USER root
+RUN apk add --no-cache \
+    python3 \
+    py3-pip \
+    aws-cli
+COPY nuke_generic_config.yaml /nuke_generic_config.yaml
+COPY --chmod=755 run.sh /run.sh
+USER aws-nuke
+ENTRYPOINT ["/run.sh"]
@@ -0,0 +1,52 @@
+# aws-nuke for Weathertop
+
+[aws-nuke](https://github.com/ekristen/aws-nuke) is an open-source tool that deletes non-default resources in a provided AWS account. It's implemented here in this directory using Cloud Development Kit (CDK) code that deploys the [official aws-nuke image](https://github.com/ekristen/aws-nuke/pkgs/container/aws-nuke) to an AWS Lambda function.
+
+## ⚠ Important
+
+This is a very destructive tool! It should not be deployed without fully understanding the impact it will have on your AWS accounts.
+Please use caution and configure this tool to delete unused resources only in your lower test/sandbox environment accounts.
+
+## Overview
+
+This CDK stack is defined in [account_nuker.ts](account_nuker.ts). It includes:
+
+- A Docker-based Lambda function with ARM64 architecture and 1GB memory
+- An IAM role with administrative permissions for the Lambda's nuking function
+- An EventBridge rule that triggers the function every Sunday at midnight
+
+More specifically, this Lambda function is built from a [Dockerfile](Dockerfile) and runs with a 15-minute timeout. It contains a [nuke_generic_config.yml](nuke_generic_config.yaml) config and executes a [run.sh](run.sh) when invoked every Sunday at midnight UTC.
+
+![infrastructure-overview](nuke-overview.png)
+
+## Prerequisites
+
+1. **Non-Prod AWS Account Alias**: A non-prod account alias must exist in target account. Set the alias by running `python create_account_alias.py weathertop-test` or following [these instructions](https://docs.aws.amazon.com/IAM/latest/UserGuide/account-alias-create.html).
+
+## Setup and Installation
+
+For multi-account deployments, please use the [deploy.py](../../../DEPLOYMENT.md#option-1-using-deploypy) script.
+
+For single-account deployment, you can just run:
+
+```sh
+cdk bootstrap && cdk deploy
+```
+
+Note a successful stack creation, e.g.:
+
+```bash
+NukeStack: success: Published 956fbd116734e79edb987e767fe7f45d0b97e2123456789109103f80ba4c1:123456789101-us-east-1
+Stack undefined
+NukeStack: deploying... [1/1]
+NukeStack: creating CloudFormation changeset...
+
+ ✅  NukeStack
+
+✨  Deployment time: 27.93s
+
+Stack ARN:
+arn:aws:cloudformation:us-east-1:123456789101:stack/NukeStack/9835cc20-d358-11ef-bccf-123407dc82dd
+
+✨  Total time: 33.24s
+```
@@ -0,0 +1,65 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+import * as cdk from "aws-cdk-lib";
+import * as events from "aws-cdk-lib/aws-events";
+import * as targets from "aws-cdk-lib/aws-events-targets";
+import * as iam from "aws-cdk-lib/aws-iam";
+import * as path from "path";
+import * as lambda from "aws-cdk-lib/aws-lambda";
+import { Duration, Stack, StackProps } from "aws-cdk-lib";
+import { Construct } from "constructs";
+import { DockerImageCode, DockerImageFunction } from "aws-cdk-lib/aws-lambda";
+
+export interface NukeStackProps extends cdk.StackProps {
+  awsNukeDryRunFlag?: string;
+  awsNukeVersion?: string;
+  owner?: string;
+}
+
+class NukeStack extends cdk.Stack {
+  private readonly nukeLambdaRole: iam.Role;
+
+  constructor(scope: Construct, id: string, props?: StackProps) {
+    super(scope, id, props);
+
+    // Lambda Function role
+    this.nukeLambdaRole = new iam.Role(this, "NukeLambdaRole", {
+      assumedBy: new iam.ServicePrincipal("lambda.amazonaws.com"),
+      managedPolicies: [
+        iam.ManagedPolicy.fromAwsManagedPolicyName("AdministratorAccess"),
+      ],
+    });
+
+    // Create the Lambda function
+    const lambdaFunction = new DockerImageFunction(
+      this,
+      "docker-lambda-function",
+      {
+        functionName: "docker-lambda-fn",
+        code: DockerImageCode.fromImageAsset(path.join(__dirname)),
+        memorySize: 1024,
+        timeout: Duration.minutes(15),
+        architecture: lambda.Architecture.ARM_64,
+        description: "This is dockerized AWS Lambda function",
+        role: this.nukeLambdaRole,
+      },
+    );
+
+    // Create EventBridge rule to trigger the Lambda function weekly
+    const rule = new events.Rule(this, "WeeklyTriggerRule", {
+      schedule: events.Schedule.expression("cron(0 0 ? * SUN *)"), // Runs at 00:00 every Sunday
+    });
+
+    // Add the Lambda function as a target for the EventBridge rule
+    rule.addTarget(new targets.LambdaFunction(lambdaFunction));
+  }
+}
+
+const app = new cdk.App();
+new NukeStack(app, "NukeStack", {
+  env: {
+    account: process.env.CDK_DEFAULT_ACCOUNT,
+    region: process.env.CDK_DEFAULT_REGION,
+  },
+  terminationProtection: true,
+});