Package detail

@aws-cdk/aws-cognito-identitypool-alpha

aws138.6kApache-2.02.182.0-alpha.0

The CDK Construct Library for AWS::Cognito Identity Pools

aws, cdk, constructs, cognito, identitypool

readme

Amazon Cognito Identity Pool Construct Library

The APIs of higher level constructs in this module are in developer preview before they become stable. We will only make breaking changes to address unforeseen API issues. Therefore, these APIs are not subject to Semantic Versioning, and breaking changes will be announced in release notes. This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.

Identity Pools are in a separate module while the API is being stabilized. Once we stabilize the module, they will be included into the stable aws-cognito library. Please provide feedback on this experience by creating an issue here

Amazon Cognito Identity Pools enable you to grant your users access to other AWS services.

Identity Pools are one of the two main components of Amazon Cognito, which provides authentication, authorization, and user management for your web and mobile apps. Your users can sign in through a a trusted identity provider, like a user pool or a SAML 2.0 service, as well as with third party providers such as Facebook, Amazon, Google or Apple.

The other main component in Amazon Cognito is user pools. User Pools are user directories that provide sign-up and sign-in options for your app users.

This module is part of the AWS Cloud Development Kit project.

`ts nofixture import { IdentityPool, UserPoolAuthenticationProvider } from '@aws-cdk/aws-cognito-identitypool-alpha';


## Table of Contents

- [Identity Pools](#identity-pools)
  - [Authenticated and Unauthenticated Identities](#authenticated-and-unauthenticated-identities)
  - [Authentication Providers](#authentication-providers)
    - [User Pool Authentication Provider](#user-pool-authentication-provider)
    - [Server Side Token Check](#server-side-token-check)
    - [Associating an External Provider Directly](#associating-an-external-provider-directly)
    - [OpenIdConnect and Saml](#openid-connect-and-saml)
    - [Custom Providers](#custom-providers)
  - [Role Mapping](#role-mapping)
    - [Provider Urls](#provider-urls)
  - [Authentication Flow](#authentication-flow)
  - [Cognito Sync](#cognito-sync)
  - [Importing Identity Pools](#importing-identity-pools)

## Identity Pools

Identity pools provide temporary AWS credentials for users who are guests (unauthenticated) and for users who have 
authenticated by presenting a token from another identity provider. An identity pool is a store of user identity data 
specific to an account.

Identity pools can be used in conjunction with Cognito User Pools or by accessing external federated identity providers  
directly. Learn more at [Amazon Cognito Identity Pools](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html).

### Authenticated and Unauthenticated Identities

Identity pools define two types of identities: authenticated(`user`) and unauthenticated (`guest`). Every identity in  
an identity pool is either authenticated or unauthenticated. Each identity pool has a default role for authenticated  
identities, and a default role for unauthenticated identities. Absent other overriding rules (see below), these are the  
roles that will be assumed by the corresponding users in the authentication process. 

A basic Identity Pool with minimal configuration has no required props, with default authenticated (user) and  
unauthenticated (guest) roles applied to the identity pool: 

```ts
new IdentityPool(this, 'myIdentityPool');

By default, both the authenticated and unauthenticated roles will have no permissions attached. When granting permissions, you should ensure that you are granting the least privileged permissions required for your use case. Grant permissions to roles using the public authenticatedRole and unauthenticatedRole properties:

import * as dynamodb from 'aws-cdk-lib/aws-dynamodb';

const identityPool = new IdentityPool(this, 'myIdentityPool');
declare const table: dynamodb.Table;

// Grant permissions to authenticated users
table.grantReadWriteData(identityPool.authenticatedRole);
// Grant permissions to unauthenticated guest users
table.grantReadData(identityPool.unauthenticatedRole);

// Or add policy statements straight to the role
identityPool.authenticatedRole.addToPrincipalPolicy(new iam.PolicyStatement({
  effect: iam.Effect.ALLOW,
  actions: ['dynamodb:UpdateItem'],
  resources: [table.tableArn],
}));

The default roles can also be supplied in IdentityPoolProps:

const stack = new Stack();
const authenticatedRole = new iam.Role(this, 'authRole', {
  assumedBy: new iam.ServicePrincipal('service.amazonaws.com'),
});
const unauthenticatedRole = new iam.Role(this, 'unauthRole', {
  assumedBy: new iam.ServicePrincipal('service.amazonaws.com'),
});
const identityPool = new IdentityPool(this, 'TestIdentityPoolActions', {
  authenticatedRole,
  unauthenticatedRole,
});

Authentication Providers

Authenticated identities belong to users who are authenticated by a public login provider (Amazon Cognito user pools,
Login with Amazon, Sign in with Apple, Facebook, Google, SAML, or any OpenID Connect Providers) or a developer provider
(your own backend authentication process).

Authentication providers can be associated with an Identity Pool by first associating them with a Cognito User Pool or by
associating the provider directly with the identity pool.

User Pool Authentication Provider

In order to attach a user pool to an identity pool as an authentication provider, the identity pool needs properties from both the user pool and the user pool client. For this reason identity pools use a UserPoolAuthenticationProvider to gather the necessary properties from the user pool constructs.

const userPool = new cognito.UserPool(this, 'Pool');

new IdentityPool(this, 'myidentitypool', {
  identityPoolName: 'myidentitypool',
  authenticationProviders: {
    userPools: [new UserPoolAuthenticationProvider({ userPool })],
  },
});

User pools can also be associated with an identity pool after instantiation. The Identity Pool's addUserPoolAuthentication method
returns the User Pool Client that has been created:

declare const identityPool: IdentityPool;
const userPool = new cognito.UserPool(this, 'Pool');
const userPoolClient = identityPool.addUserPoolAuthentication(new UserPoolAuthenticationProvider({
  userPool,
}));

Server Side Token Check

With the IdentityPool CDK Construct, by default the pool is configured to check with the integrated user pools to
make sure that the user has not been globally signed out or deleted before the identity pool provides an OIDC token or
AWS credentials for the user.

If the user is signed out or deleted, the identity pool will return a 400 Not Authorized error. This setting can be
disabled, however, in several ways.

Setting disableServerSideTokenCheck to true will change the default behavior to no server side token check. Learn
more here:

declare const identityPool: IdentityPool;
const userPool = new cognito.UserPool(this, 'Pool');
identityPool.addUserPoolAuthentication(new UserPoolAuthenticationProvider({ 
  userPool,
  disableServerSideTokenCheck: true, 
}));

Associating an External Provider Directly

One or more external identity providers can be associated with an identity pool directly using
authenticationProviders:

new IdentityPool(this, 'myidentitypool', {
  identityPoolName: 'myidentitypool',
  authenticationProviders: {
    amazon: {
      appId: 'amzn1.application.12312k3j234j13rjiwuenf',
    },
    facebook: {
      appId: '1234567890123',
    },
    google: {
      clientId: '12345678012.apps.googleusercontent.com',
    },
    apple: {
      servicesId: 'com.myappleapp.auth',
    },
    twitter: {
      consumerKey: 'my-twitter-id',
      consumerSecret: 'my-twitter-secret',
    },
  },
});

To associate more than one provider of the same type with the identity pool, use User
Pools, OpenIdConnect, or SAML. Only one provider per external service can be attached directly to the identity pool.

OpenId Connect and Saml

OpenID Connect is an open standard for
authentication that is supported by a number of login providers. Amazon Cognito supports linking of identities with
OpenID Connect providers that are configured through AWS Identity and Access Management.

An identity provider that supports Security Assertion Markup Language 2.0 (SAML 2.0) can be used to provide a simple
onboarding flow for users. The SAML-supporting identity provider specifies the IAM roles that can be assumed by users
so that different users can be granted different sets of permissions. Associating an OpenId Connect or Saml provider
with an identity pool:

declare const openIdConnectProvider: iam.OpenIdConnectProvider;
declare const samlProvider: iam.SamlProvider;

new IdentityPool(this, 'myidentitypool', {
  identityPoolName: 'myidentitypool',
  authenticationProviders: {
    openIdConnectProviders: [openIdConnectProvider],
    samlProviders: [samlProvider],
  },
});

Custom Providers

The identity pool's behavior can be customized further using custom developer authenticated identities.
With developer authenticated identities, users can be registered and authenticated via an existing authentication
process while still using Amazon Cognito to synchronize user data and access AWS resources.

Like the supported external providers, though, only one custom provider can be directly associated with the identity
pool.

declare const openIdConnectProvider: iam.OpenIdConnectProvider;
new IdentityPool(this, 'myidentitypool', {
  identityPoolName: 'myidentitypool',
  authenticationProviders: {
    google: {
      clientId: '12345678012.apps.googleusercontent.com',
    },
    openIdConnectProviders: [openIdConnectProvider],
    customProvider: 'my-custom-provider.example.com',
  },
});

Role Mapping

In addition to setting default roles for authenticated and unauthenticated users, identity pools can also be used to
define rules to choose the role for each user based on claims in the user's ID token by using Role Mapping. When using
role mapping, it's important to be aware of some of the permissions the role will need, and that the least privileged roles necessary are given for your specific use case. An in depth
review of roles and role mapping can be found here.

Using a token-based approach to role mapping will allow mapped roles to be passed through the cognito:roles or
cognito:preferred_role claims from the identity provider:

import { IdentityPoolProviderUrl } from '@aws-cdk/aws-cognito-identitypool-alpha';

new IdentityPool(this, 'myidentitypool', {
  identityPoolName: 'myidentitypool',
  roleMappings: [{
    providerUrl: IdentityPoolProviderUrl.AMAZON,
    useToken: true,
  }],
});

Using a rule-based approach to role mapping allows roles to be assigned based on custom claims passed from the identity provider:

import { IdentityPoolProviderUrl, RoleMappingMatchType } from '@aws-cdk/aws-cognito-identitypool-alpha';

declare const adminRole: iam.Role;
declare const nonAdminRole: iam.Role;
new IdentityPool(this, 'myidentitypool', {
  identityPoolName: 'myidentitypool',
  // Assign specific roles to users based on whether or not the custom admin claim is passed from the identity provider
  roleMappings: [{
    providerUrl: IdentityPoolProviderUrl.AMAZON,
    rules: [
      {
        claim: 'custom:admin',
        claimValue: 'admin',
        mappedRole: adminRole,
      },
      {
        claim: 'custom:admin',
        claimValue: 'admin',
        matchType: RoleMappingMatchType.NOTEQUAL,
        mappedRole: nonAdminRole,
      }
    ],
  }],
});

Provider Urls

Role mappings must be associated with the url of an Identity Provider which can be supplied IdentityPoolProviderUrl. Supported Providers have static Urls that can be used:

import { IdentityPoolProviderUrl } from '@aws-cdk/aws-cognito-identitypool-alpha';

new IdentityPool(this, 'myidentitypool', {
  identityPoolName: 'myidentitypool',
  roleMappings: [{
    providerUrl: IdentityPoolProviderUrl.FACEBOOK,
    useToken: true,
  }],
});

For identity providers that don't have static Urls, a custom Url can be supplied:

import { IdentityPoolProviderUrl } from '@aws-cdk/aws-cognito-identitypool-alpha';

new IdentityPool(this, 'myidentitypool', {
  identityPoolName: 'myidentitypool',
  roleMappings: [
    {
      providerUrl: IdentityPoolProviderUrl.custom('my-custom-provider.com'),
      useToken: true,
    },
  ],
});

If a provider URL is a CDK Token, as it will be if you are trying to use a previously defined Cognito User Pool, you will need to also provide a mappingKey. This is because by default, the key in the Cloudformation role mapping hash is the providerUrl, and Cloudformation map keys must be concrete strings, they cannot be references. For example:

import { UserPool, UserPoolClient } from 'aws-cdk-lib/aws-cognito';
import { IdentityPoolProviderUrl } from '@aws-cdk/aws-cognito-identitypool-alpha';

declare const userPool: UserPool;
declare const userPoolClient: UserPoolClient;
new IdentityPool(this, 'myidentitypool', {
  identityPoolName: 'myidentitypool',
  roleMappings: [{
    mappingKey: 'cognito',
    providerUrl: IdentityPoolProviderUrl.userPool(userPool, userPoolClient),
    useToken: true,
  }],
});

See here for more information.

Authentication Flow

Identity Pool Authentication Flow defaults to the enhanced, simplified flow. The Classic (basic) Authentication Flow
can also be implemented using allowClassicFlow:

new IdentityPool(this, 'myidentitypool', {
  identityPoolName: 'myidentitypool',
  allowClassicFlow: true,
});

Cognito Sync

It's now recommended to integrate AWS AppSync for synchronizing app data across devices, so
Cognito Sync features like PushSync, CognitoEvents, and CognitoStreams are not a part of IdentityPool. More
information can be found here.

Importing Identity Pools

You can import existing identity pools into your stack using Identity Pool static methods with the Identity Pool Id or
Arn:

IdentityPool.fromIdentityPoolId(this, 'my-imported-identity-pool',
  'us-east-1:dj2823ryiwuhef937');
IdentityPool.fromIdentityPoolArn(this, 'my-imported-identity-pool',
  'arn:aws:cognito-identity:us-east-1:123456789012:identitypool/us-east-1:dj2823ryiwuhef937');

changelog

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

1.204.0 (2023-06-15)

Features

cfnspec: cloudformation spec v124.0.0 (#25752) (9fb7b95)
cfnspec: cloudformation spec v124.0.0 (#25809) (203164b)
cfnspec: cloudformation spec v125.0.0 (#25833) (069d68e)

1.203.0 (2023-05-31)

Features

cfnspec: cloudformation spec v123.0.0 (#25648) (f9f4541)

1.202.0 (2023-05-19)

Features

cfnspec: cloudformation spec v122.0.0 (#25567) (e3ffafd)

Bug Fixes

eks: overly permissive trust policies (#25580) (0251d9a). We would like to thank @twelvemo and @stefreak for reporting this issue.

1.201.0 (2023-05-10)

1.200.0 (2023-04-26)

Bug Fixes

pipelines: CodeBuild Action role can be assumed by too many identities (#25318) (8ceae2e)

1.199.0 (2023-04-19)

Features

cfnspec: cloudformation spec v117.0.0 (#24778) (9e1dc5a)
cfnspec: cloudformation spec v117.0.0 (#24818) (225f8c0)
cfnspec: cloudformation spec v118.1.0 (#24887) (cdd531e)

Bug Fixes

lambda-nodejs: pnpm no longer supports nodejs14.x (backport #24821) (#24829) (e8e4d83)

1.198.1 (2023-03-28)

Bug Fixes

lambda-nodejs: pnpm no longer supports nodejs14.x (backport #24821) (#24829) (7c40f42)

1.198.0 (2023-03-22)

Bug Fixes

WAFv2: add patch to revert struct names (#24703) (e03d8b8), closes /github.com/aws/aws-cdk/commit/affe040c8443be074822254d1e75a28b264cd801#diff-827a2fd012e049c7ccedffa0360c12e7d967a173f36b8150de73ef6adc42ee4cL175-L357

1.197.0 (2023-03-14)

1.196.0 (2023-03-08)

1.195.0 (2023-03-02)

1.194.0 (2023-02-21)

1.193.0 (2023-02-15)

1.192.0 (2023-02-09)

Features

cfnspec: cloudformation spec v109.0.0 (#23967) (151570b)
cfnspec: cloudformation spec v109.0.0 (#23983) (90f4b5d)

1.191.0 (2023-01-31)

Features

cfnspec: cloudformation spec v109.0.0 (#23867) (77c1980)

1.190.0 (2023-01-25)

Features

cfnspec: cloudformation spec v107.0.0 (#23749) (1875220)
cfnspec: cloudformation spec v108.0.0 (#23768) (b39b089)
cfnspec: cloudformation spec v108.0.0 (#23809) (613ec61)

Bug Fixes

cfnspec: incorrectly handling array result from jsondiff (backport #23795) (#23800) (ee911ec)

1.189.0 (2023-01-18)

Features

cfnspec: cloudformation spec v107.0.0 (#23699) (b699490)

1.188.0 (2023-01-11)

Features

cfnspec: cloudformation spec v106.0.0 (#23585) (12eb81a)

1.187.0 (2023-01-03)

Features

cfnspec: cloudformation spec v105.0.0 (#23502) (c0ac7be)

1.186.1 (2022-12-30)

Features

cfnspec: cloudformation spec v105.0.0 (#23502) (e6a8943)

1.186.0 (2022-12-28)

1.185.0 (2022-12-27)

Features

cfnspec: cloudformation spec v103.0.0 (#23451) (865d094)

1.184.1 (2022-12-23)

Bug Fixes

cfnspec: v101.0.0 introduced specific types on several types that previously were typed as json

1.184.0 (2022-12-21)

Features

cfnspec: cloudformation spec v102.0.0 (#23373) (f5bc48f)

1.183.0 (2022-12-14)

Features

cfnspec: cloudformation spec v100.0.0 (#23241) (084b037)
cfnspec: cloudformation spec v101.0.0 (#23295) (7f1e5c4)

1.182.0 (2022-12-07)

Features

cfnspec: cloudformation spec v99.0.0 (#23006) (c510416)
lambda-go: allow configuration of GOPROXY (#23257) (67103d9), closes #23171

Bug Fixes

cli: typescript init templates fail with error in build step (#23130) (b06cd20)

1.181.1 (2022-11-29)

Bug Fixes

cli: typescript init templates fail with error in build step (#23130) (c04f158)

1.181.0 (2022-11-18)

Bug Fixes

iam: oidc provider fetches leaf certificate thumbprint instead of root (#22924) (b01adb5)

1.180.0 (2022-11-01)

1.179.0 (2022-10-27)

Features

cfnspec: cloudformation spec v93.0.0 (#22564) (ba3d91d)
cfnspec: cloudformation spec v94.0.0 (#22600) (f70af26)
cfnspec: cloudformation spec v94.0.0 (#22648) (390ee7c)

1.178.0 (2022-10-20)

1.177.0 (2022-10-13)

Features

cfnspec: cloudformation spec v92.0.0 (#22436) (1264590)

1.176.0 (2022-10-06)

Features

cfnspec: cloudformation spec v91.0.0 (#22303) (c1f9bf4)

Bug Fixes

change Node 10 to 14 everywhere (#22289) (8b0757e)

1.175.0 (2022-09-28)

Features

cfnspec: cloudformation spec v89.0.0 (#22231) (a3cecaf)

1.174.0 (2022-09-21)

Features

cfnspec: cloudformation spec v89.0.0 (#22106) (71cf218)

1.173.0 (2022-09-15)

Features

cfnspec: cloudformation spec v88.0.0 (#22027) (311bb37)

1.172.0 (2022-09-07)

1.171.0 (2022-08-31)

1.170.1 (2022-08-30)

Bug Fixes

python: NameError: name 'SubnetSelection' is not defined (#21790) (eaaba39), closes #21790

1.170.0 (2022-08-25)

Features

cfnspec: cloudformation spec v85.0.0 (#21680) (c6776f2)

Bug Fixes

ecs: firelens configFileValue is unnecessarily required (backport #20636) (#21710) (e2c48da)

1.169.0 (2022-08-17)

Features

cfnspec: cloudformation spec v84.0.0 (#21575) (4ac307e)

1.168.0 (2022-08-09)

Features

cfnspec: cloudformation spec v82.0.0 (#21472) (d97f314)
cfnspec: cloudformation spec v83.0.0 (#21499) (bebc7c5)

1.167.0 (2022-08-02)

1.166.1 (2022-07-29)

Bug Fixes

Revert to `jsii-pacmak@1.62.0` as dynamic runtime type-checking it introduced for Python results in incorrect code being produced.

1.166.0 (2022-07-28)

Features

cfnspec: cloudformation spec v81.1.0 (#21308) (2443310)

Bug Fixes

aws-lambda: FunctionUrl incorrectly uses Alias ARNs (#21351) (9f34d60)

1.165.0 (2022-07-19)

Features

cfnspec: cloudformation spec v81.0.0 (#21195) (63117b4)

Bug Fixes

integration test for appsync apikey auth fails with out of bound API key expiration (backport #21198) (#21204) (0134d87)

1.164.0 (2022-07-15)

Features

cfnspec: cloudformation spec v79.0.0 (#21054) (536f5ee)
cfnspec: cloudformation spec v80.0.0 (#21160) (92ce250)

Bug Fixes

cli: pin geonamescache dependency to 1.3 (#21152) (10f4304)
ec2: deprecated SubnetType enums are treated incorrectly (backport #21140) (#21141) (683298e)

1.163.2 (2022-07-13)

Bug Fixes

custom-resources: Custom resource provider framework not passing ResponseURL to user function (backport #21117) (#21123) (6f81702)

1.163.1 (2022-07-08)

Bug Fixes

custom-resources: Custom resource provider framework not passing ResponseURL to user function (#21065) (fca40af), closes #21058

1.163.0 (2022-07-06)

Features

cfnspec: cloudformation spec v78.1.0 (#20951) (20f5fa4)

Bug Fixes

custom resources log sensitive ResponseURL field (#20976) (8ac9540), closes #20899

1.162.0 (2022-07-01)

1.161.0 (2022-06-22)

Features

cfnspec: cloudformation spec v76.0.0 (#20725) (ae1213f)

1.160.0 (2022-06-14)

⚠ Removal of Node 12

Starting with this release, Node 12 is no longer supported and customers should upgrade to Node 14, 16, or 18.

Features

cfnspec: cloudformation spec v75.0.0 (#20615) (0a13e09)

Bug Fixes

lambda: deprecate Python3.6 (#19988) (9602229), closes #20085

Miscellaneous Chores

deps: npm-check-updates && yarn upgrade (#20684) (e661fe9)

1.159.0 (2022-06-02)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

core: so this PR attempts to smooth a rough edge by "locking" the logicalId when exportValue is called. If the user attempts to override the id after that point, an error message will be thrown

Features

cfnspec: cloudformation spec v73.1.0 (#20587) (419fdae)
cognito: OpenID Connect identity provider (#20241) (33acc7c)
integ-runner: publish integ-runner cli (#20477) (7779531)
lambda: add insights version 1.0.135.0 (#19588) (68761dc), closes /docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Lambda-Insights-extension-versionsx86-64.html#Lambda-Insights-extension-1 /docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Lambda-Insights-extension-versionsARM.html#Lambda-Insights-extension-ARM-1
s3: adds objectSizeLessThan property for s3 lifecycle rule (#20429) (2bf30df), closes #20425 #20372

Bug Fixes

core: logicalId is consumed prior to being overridden (#20560) (e44c2c4), closes #14335
ecr-assets: cannot build ARM images using modern stack synthesis (#20563) (9a23575), closes #20439
ecs: canContainersAccessInstanceRole is ignored when passed in AsgCapacityProvider constructor (#20522) (dacefd6), closes #20293 #20293
ecs: fix typo from fromServiceAtrributes to fromServiceAttributes (#20456) (f4439ce), closes #20458
events-targets: EventBus IAM statements are only added for the first target (#20479) (74318c7), closes #19407
iam: referencing the same immutable role twice makes it mutable (#20497) (264c02e), closes #7255
integ-runner: catch snapshot errors, treat --from-file as command-line (#20523) (cedfde8)
integ-runner: don't throw error if tests pass (#20511) (c274c2f), closes #20384
lambda: function version ignores layer version changes (#20150) (f19ecef), closes #19098
Default username in RoleSessionName (#20188) (b7bc10c), closes #19401 #7937 #19401

1.158.0 (2022-05-27)

Features

apprunner: VpcConnector construct (#20471) (5052191)
aws-ecr-assets: support the --platform option when building docker images (#20439) (adc0368), closes #12472 #16770 #16858
lambda: validate function description length (#20476) (de027e2), closes #20475
s3: adds objectSizeGreaterThan property for s3 lifecycle rule (#20425) (23690e4), closes #20372
servicecatalog: ProductStackHistory can retain old ProductStack iterations (#20244) (1037b8c)

Bug Fixes

core: NestedStack defaultChild is undefined (#20450) (0a49927), closes #11221
iam: Role policies cannot grow beyond 10k (#20400) (75bfce7), closes #19276 #19939 #19835
integ-runner: always resynth on deploy (#20508) (7138057)
integ-tests: DeployAssert should be private (#20466) (0f52813)
lambda: Fix typo in public subnet warning (#20470) (85f4e29)
pipelines: too many CodeBuild steps inflate policy size (#20396) (f334060), closes #20189 #19276 #19939 #19835
s3-deployment: default role does not get PutAcl permissions on… (#20492) (3e6ec5c)

1.157.0 (2022-05-20)

Features

cfnspec: cloudformation spec v69.0.0 (#20240) (e82b63f) and (#20331) (e9de4e9)
cfnspec: cloudformation spec v72.0.0 (#20357) (c8fd84c)
cli: make ecr images immutable when created from cdk bootstrap (#19937) (0ef4bb4), closes #18376
cloud9: configure Connection Type of Ec2Environment (#20250) (01708bc), closes #17027
cloudfront: REST API origin (#20335) (f7693e3)
cognito: grant() for user pool (#20285) (10d13e4)
core: allow disabling of LogicalID Metadata in case of large manifest (#20433) (88ea829), closes #20211
ec2: more router types (#20151) (33b983c), closes #19057 /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-route.html#aws-resource-ec2
iam: validate role path at build time (#16165) (65a5a46), closes #13747
integ-tests: enhancements to integ-tests (#20180) (3ff3fb7)
logs: additional log retention periods (#20347) (734faa5), closes #20346
s3: add noncurrentVersionsToRetain property to lifecycle rule (#20348) (85604d9), closes #19784

Bug Fixes

amplify: custom headers break with tokens (#20395) (765f441)
apigateway: arnForExecuteApi fails on tokenized path (#20323) (f7732a1), closes #20252
assets: parallel docker image publishing fails on macOS (#20117) (a58a803), closes #20116
cfn-include: allow CFN Functions in Tags (#19923) (4df9a4f), closes #16889
cli: allow SSO profiles to be used as source profiles (#20340) (a0b29e9), closes #19897
cloudwatch-actions: stack partition is hardcoded 'aws' in action arn (#20224) (0eb6c3b), closes #19765
eks: Cluster.FromClusterAttributes ignores KubectlLambdaRole (#20373) (7e824ab), closes #20008
iam: AccountPrincipal accepts values which aren't account IDs (#20292) (d0163f8), closes #20288
pipelines: specifying the Action Role for CodeBuild steps (#18293) (719edfc), closes #18291 #18291
rds: tokens should not be lowercased (#20287) (5429e55), closes #18802
secretsmanager: automatic rotation cannot be disabled (#18906) (c50d60c), closes #18749

1.156.1 (2022-05-12)

1.156.0 (2022-05-11)

Features

lambda: nodejs16.x runtime (#20261) (edf7c86)

Bug Fixes

appsync: incorrect region used for imported Cognito user pool (#20193) (3e0393e), closes #20195
cognito: UserPoolDomain.baseUrl() does not return FIPS-compliant url for gov cloud regions (#20200) (dd10df1), closes #20182 #12500
stepfunctions: map property maxConcurrency is not token-aware (#20279) (14be764), closes #20152

1.155.0 (2022-05-04)

Features

cfnspec: cloudformation spec v68.0.0 (#20065) (f199fad)
cloudwatch: Add CustomWidget (#19327) (489340e), closes #17579
ec2: add i4i instance type (#20134) (64c5064)
iam: add convenience method inOrganization to ArnPrincipal (#20109) (c545bfe), closes /github.com/aws/aws-cdk/pull/19975#discussion_r857385168 #19975
lambda: function.addAlias() simplifies Alias creation (#20034) (a79bc47)
rds: add secret rotation to DatabaseClusterFromSnapshot (#20020) (abc3502), closes #12877

Bug Fixes

lambda: grant invoke twice with different principals (#20174) (bb4c950)
ubergen: expose exports in core module for v2 (#20176) (fc2cd48), closes #19773

1.154.0 (2022-04-27)

Features

aws-cognito: send emails with a verified domain (#19790) (1d2b1d3), closes #19762
aws-eks: add annotations and labels to service accounts (#19609) (82aec9d), closes #19607
cloudwatch: expose dashboardArn for CloudWatch dashboard L2 construct (#20059) (df9814f)
cloudwatch: expose dashboardName property on the L2 Dashboard construct (#17721) (8cb5dff), closes #17648
integ-tests: add IntegTest to group test cases (#20015) (b4f8d91)
integ-tests: make assertions on deployed infrastructure (#20071) (8362efe)
rds: allow DatabaseClusterFromSnapshot to set copyTagsToSnapshot property (#19932) (40a6ceb), closes #19884
redshift: expose user.secret as property (#17520) (#20078) (8da006a)
servicecatalog: graduate to stable 🚀 (#19515) (4764591)

Bug Fixes

eks: cluster cannot be created in opt-in regions (#20009) (ec06f48), closes #13748 #15579
eks: remove incomplete support for k8s v1.22 (#20000) (d38a9e4), closes #19756 #19919
integ-runner: disable-update-workflow default is 'false' instead of false (#20073) (9f7aa65)
integ-runner: only diff registered stacks (#20100) (721bd4b)
lambda-python: handler path is incorrectly generated when using PythonFunction (#20083) (6787376)
tooling: container user's uid does not match host's uid (#20082) (e9670c8), closes #19979
deploy monitor count is off if there are > 100 changes (#20067) (fd306ee), closes #11805
imagebuilder: AmiDistributionConfiguration renders empty (#20045) (7bd7139)
lambda-python: Pipenv projects no longer work for Python 3.6 (#20019) (5024021)
region-info: EMR service principal incorrect in China (#20014) (84649b8), closes #19867

1.153.1 (2022-04-22)

Bug Fixes

imagebuilder: revert property field typings (b2e0eb5)

1.153.0 (2022-04-21)

Features

apigatewayv2: set throttling on stages (#19776) (3cabd10), closes #19626
autoscaling: Auto Scaling Group with Launch Template (#19066) (1581af0), closes #6734
aws-ecr: make it easy to reference image tag or digest, use everywhere (#19799) (380774e), closes #13299 #15333
cfnspec: cloudformation spec v66.0.0 (#19812) (43735fd), closes #19798
cfnspec: cloudformation spec v66.1.0 (#19929) (8c8b6b6)
cli: glob-style key matching to context --reset (#19840) (edb4119), closes #19797
codebuild: add ability to customize build status reporting for third-party Git sources (#19408) (423d72f)
codepipeline: allow to disable stage transition (#19911) (ac9901a), closes #1649
integ-runner: add missing features from the integ manifest (#19969) (2ca5050)
integ-runner: integ-runner enhancements (#19865) (697fdbe)
integ-runner: test update path when running tests (#19915) (d0ace8f)
integ-tests: Add IntegTestCase (#19829) (ad249c9)
iotevents: support comparison operators (#19329) (95cb3f3)
lambda: function URLs (#19817) (4fd515a), closes #19798
logs: add QueryDefinition L2 Construct (#18655) (fcf981b)
route53: fromPublicHostedZoneAttributes method with zoneName (#19771) (7867dc4), closes #18700
s3-deployment: ephemeral storage size property for bucket deployment (#19958) (3ce40b4), closes #19947
check for accidental exposure of secrets (#19543) (789e8d2)

Bug Fixes

autoscaling: update validation on maxInstanceLifetime (#19584) (d115b47)
aws-cloudfront: Add sslSupportMethod (#19737) (c5a9679), closes #19476
aws-ecr-assets: correct file existence validation in tests (#19945) (d4c13c0), closes 40aws-cdk/aws-ecr-assets/test/image-asset.test.ts#L387 #19944
cfn-diff: allow resources to change types (#19891) (4f3a340), closes #13921
cfn-include: detect a resource cycle in the included template (#19871) (2c2bc0b), closes #16654
cfnspec: aws-sam deployment preferences hooks (#19732) (a205734)
cfnSpec: wrong type for SAM API properties GatewayResponses and Models (#19885) (b214ede), closes #19870
cli: hangs on retrieving notices (#19967) (daeeafa), closes #19542
cli: stack monitor prints over error messages (#19859) (42e5d08), closes #19742
cloudwatch: MathExpression id contract is not clear (#19825) (5472b11), closes #13942 #17126
core: exportValue does not work on number attributes (#19818) (12459ca), closes #19537
docdb: make most attributes of DatabaseClusterAttributes optional (#19625) (5f6d20c), closes #14492
ecr: scanOnPush not supported in certain regions (#19940) (2ff3143), closes #19918
ecs: get rid of EFS casing warnings (#19681) (eafc11a), closes #15025
eks: malformed command when installing helm chart from OCI artifact (#19778) (f8babb8), closes /github.com/aws/aws-cdk/pull/18547#issuecomment-1088737549
iam: role/group/user's path not included in ARN (#13258) (ef2b480), closes #13156
integ-runner: enable all feature flags by default (#19955) (ca3920d)
lambda-event-sources: unsupported property onFailure for KafkaEventSources (#19995) (383171b), closes #19917
rds: MySQL 8.0 uses wrong Parameter for S3 export (#19775) (5a895a3), closes #19735
stepfunctions: incorrect default documentation for integrationPattern (#19936) (4cb3b2b), closes #19815

Reverts

"feat(cli): glob-style key matching to context --reset (#19840)" (#19888) (89ec597)

1.152.0 (2022-04-06)

Features

cfnspec: cloudformation spec v63.0.0 (#19679) (dba96a9)
cfnspec: cloudformation spec v65.0.0 (#19745) (796fc64)
cli: add --build option (#19663) (eb9b8e2), closes #19667
cli: preview of cdk import (#17666) (4f12209)
core: throw error when stack name exceeds max length (#19725) (1ffd45e)
eks: add k8s v1.22 (#19756) (9a518c5)
opensearch: Add latest Opensearch Version 1.2 (#19749) (a2ac36e)
add new integration test runner (#19754) (1b4d010)
eks: alb-controller v2.4.1 (#19653) (1ec08df)
lambda: add support for ephemeral storage (#19552) (f1d9b6a), closes #19605
s3: EventBridge bucket notifications (#18614) (d8e602b), closes #18076
synthetics: new puppeteer 3.5 runtime (#19673) (ce2b91b), closes #19634

Bug Fixes

aws_applicationautoscaling: Add missing members to PredefinedMetric enum (#18978) (75a6fa7), closes #18969
cli: apps with many resources scroll resource output offscreen (#19742) (053d22c), closes #19160
cli: support attributes of DynamoDB Tables for hotswapping (#19620) (2321ece), closes #19421
cloudwatch: automatic metric math label cannot be suppressed (#17639) (7fa3bf2)
codedeploy: add name validation for Application, Deployment Group and Deployment Configuration (#19473) (9185042)
codedeploy: the Service Principal is wrong in isolated regions (#19729) (7e9a43d), closes #19399
core: Fn.select incorrectly short-circuits complex expressions (#19680) (7f26fad)
core: detect and resolve stringified number tokens (#19578) (7d9ab2a), closes #19546 #19550
core: reduce CFN template indent size to save bytes (#19656) (fd63ca3)
ecs: 'desiredCount' and 'ephemeralStorageGiB' cannot be tokens (#19453) (c852239), closes #16648
ecs: remove unnecessary error when adding volume to external task definition (#19774) (5446ded), closes #19259
iam: policies aren't minimized as far as possible (#19764) (876ed8a), closes #19751
logs: Faulty Resource Policy Generated (#19640) (1fdf122), closes #17544

1.151.0 (2022-03-31)

Features

aws-ec2: Enable/disable EC2 "Detailed Monitoring" (#19437) (94f9d27)
cognito: configure SNS region for UserPool SMS messages (#19519) (6eb775e), closes #19434
core: add size.isUnresolved (#19569) (ed26731)
ecs-patterns: PlacementStrategy and PlacementConstraint for many patterns (#19612) (0096e67)
elbv2: use addAction() on an imported application listener (#19293) (18a6b0c), closes #10902
kinesisanalytics-flink: Add metrics to Flink applications (#19599) (dab6aca)
lambda: warn if you use function.grantInvoke while also using currentVersion (#19464) (fd1fff9), closes #19273 #19318

Bug Fixes

apigateway: allow using GENERATE_IF_NEEDED for the physical name in LambdaRestApi (#19638) (e817381), closes #9374
apigateway: id in schema model maps to $id (#15113) (ac5a345), closes #14585
aws-cognito: Lambda::Permission of lambdaTrigger should have a SourceArn (#19622) (c62eeb7), closes #19604
docdb: DB Instance ARN uses 'docdb' as the service component instead of 'rds' (#19555) (6a63924), closes #19554
eks: incorrect version of aws-node-termination-handler (#19510) (9c712cc)
elbv2: unable to add multiple certificates to NLB (#19289) (e8142e9), closes #13490 #8918 #15328
rds: SnapshotCredentials.fromSecret() takes a Secret, not ISecret (#19639) (a74d82e), closes #19409

1.150.0 (2022-03-26)

Features

cloudformation spec v62.0.0 (#19553) (0352dee)
appsync: support custom domain mappings (#19368) (8c7a4ac), closes #18040
autoscaling: support warm pools (#19214) (737e611)
cfnspec: cloudformation spec v61.0.0 (#19457) (16d7552)
cli: support SSO (#19454) (eba6052)
cloudwatch: Additional Properties for Cloudwatch AlarmStatusWidget (#19387) (3c9ea5f), closes #19386
ec2: add support for x2iezn instances (#19517) (8f6e20e)
synthetics: add support for puppeteer 3.4 runtime (#19429) (024b890), closes #19382

Bug Fixes

apigateway: StepFunctionsIntegration does not create required role and responses (#19486) (d59bee9)
bootstrap: rebootstrap breaks container Functions (#19446) (49ea263), closes #18473
cli: templates don't include .gitignore (#19482) (5ce0983)
core: Aspects from symlinked modules are not applied (#19491) (eaeaed7), closes #18921 #18778 #19390 #18914
ecr: setting imageScanningConfiguration to false does nothing on existing repository (#18078) (78bc870), closes #18077
events: cannot have more than one cross-account Rule (#19441) (a257846), closes #12479 #12538
iam: IAM Policies are too large to deploy (#19114) (3a4fe33), closes #18774 #16350 #18457 #18564 #19276
lambda: support Lambda's new Invoke with Qualifier authorization strategy (#19318) (d06b27f), closes #19273
secretsmanager: secret rotation uses old application versions (#19490) (0c983ad), closes #19487

1.149.0 (2022-03-17)

Features

appsync: add OpenSearch domain data source (#16529) (922a9dc), closes #16528
assertions: Add the hasNoXXX methods. (#19330) (6bdc9eb), closes #18874
aws-lambda-nodejs: support additional esbuild configurations (#17788) (ab313a4)
cfnspec: cloudformation spec v60.0.0 (#19347) (20da648)
cli: parallel asset publishing (#19367) (c8cafef), closes #19193
ec2: add support for x2idn and x2iedn instances (#19334) (9699efc)
elbv2: add name validation for target group and load balancer names (#19385) (97e0973), closes /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-targetgroup.html#cfn-elasticloadbalancingv2 /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-loadbalancer.html#cfn-elasticloadbalancingv2
iotevents: support SetVariable action (#19305) (c222b12)
lambda: dotnet6 runtime (#19144) (bbed27d)
synthetics: add vpc configuration (#18447) (c991e92), closes #11865 #9954

Bug Fixes

cli: failure to load malformed YAML is swallowed (#19338) (1875c28), closes #19335
lambda-event-sources: increase batch size restriction (#19317) (1bc5144), closes #19285
lambda-nodejs: cannot use esbuildArgs with older esbuild versions (#19343) (59a4d81)
stepfunctions-tasks: migrate from deprecated batch properties (#19298) (75f5b3b), closes #18993

1.148.0 (2022-03-09)

Features

aws-apigateway: add ability to include authorizer context in apigw sfn integration (#18892) (e7c0c75), closes #18891
aws-s3objectlambda: add L2 construct for S3 Object Lambda (#15833) (fe9f750), closes #13675
cfnspec: cloudformation spec v59.0.0 (#19236) (f46a14d)
codebuild: improved support for ARM build images (#19052) (4eac4de), closes #18916 #9817
eks: Service Account names validation (#19251) (7c3099e), closes #18189
elasticsearch: Decouple setting access policies from domain constructor (#15876) (cefdfd3)
iotevents: support actions (#18869) (e01654e)
iotevents: support setting Events on input and exit for State (#19249) (ffa9e0d)
lambda-nodejs: support esbuild inject (#19221) (3432c45), closes #19133
s3: add s3:ObjectRestore:Delete to EventType for notification (#19250) (e0f863a), closes #19223
servicecatalog: Service Catalog is now in Developer Preview (#19204) (6dfc254)

Bug Fixes

apigatewayv2-integrations: in case of multiple routes, only one execute permission is created (#18716) (1e352ca)
aws-apigateway: missing comma to make failure response payload valid json (#19253) (b1fce4f), closes #19252
aws-route53-targets: add support for custom cname_prefix urls in elastic beanstalk environment endpoint target (#18804) (289a794)
cli: watch logs always end with the 'truncated' message (#19241) (d3fdfe5), closes #18805
cli: deprecated stack ids printed at the end of synth (#19216) (7d8a479), closes #18599
cli: notices refresh doesn't respect the --no-notices flag (#19226) (b3c5fe8)
efs: fix bug when setting both lifecyclePolicy and outOfInfrequentAccessPolicy (#19082) (d435ab6), closes #19058
lambda-nodejs: local tsc detection with pre compilation (#19266) (5de7b86), closes #19242
lambda-python: asset bundling fails on windows (#19270) (0da57da), closes #18861
lambda-python: docker image gets built even when we don't need to bundle assets (#16192) (5dc61ea), closes #14747
rds: allow cluster from snapshot to enable encrypted storage (#19175) (bd4141d), closes #17241
rds: read replica instance cannot join domain (#19202) (cef8fec), closes #18786
rds: subnet selection not respected for multi user secret rotation (#19237) (dc7a17c), closes #19233

1.147.0 (2022-03-01)

Features

cfnspec: cloudformation spec v58.0.0 (#19153) (a6b0a10)
cli: hotswap support for resources in nested stacks (#18950) (2ea9da1)
ec2: add c6a instances (#19113) (427cdfd)

Bug Fixes

apigateway: fix strange vtl template for cors preflight request (#19104) (59ef06a), closes /datatracker.ietf.org/doc/html/rfc6454#section-7
aws-apigateway: api gateway usage plan (#19023) (5b764cc), closes #18994
aws-lambda-python: skip default docker build when image passed (#19143) (7300f2e), closes #18082
cli: cdk version displays notices (#19181) (fa16f7a)
cli: long connection timeout slows the CLI down (#19187) (6595d04)
custom-resources: physical resource id must be determined before isComplete (#18630) (c190367)
dynamodb: grant*Data() methods are missing the dynamodb:DescribeTable permission (#19129) (4a44a65), closes #18773
dynamodb: Table.grantWriteData() doesn't include enough KMS permissions (#19102) (77f1e0b), closes #10010
ec2: invalid volume type check for iops (#19073) (3f49f02)
eks: Helm charts fail to install when provided as an asset (#19180) (9961257)
lambda-nodejs: logLevel property of BundlingOptions is ignored when nodeModules are defined (#18456) (5c40b90), closes #18383
stepfunctions-tasks: RUN_JOB integration pattern not supported for CallAwsService (#19186) (4b134b7), closes #19174
apply tags to nested stack (#19128) (3af329b), closes #17463
triggers: not published as part of v2 (#19168) (8f727d1), closes #19164
construct paths are not printed for nested stacks in CLI output (#18725) (b0e0155)
rds: MySQL Cluster version 8.0 uses wrong Parameter for S3 import (#19145) (96b2034), closes #19126

1.146.0 (2022-02-24)

Features

apigatewayv2: Import existing WebSocketApi from attributes (#18958) (f203845)
cli: bundle dependencies (#18667) (31d135f)
cli: support for matching notices with arbitrary module names (#19088) (a87dee7)
cli: support for notices (#18936) (d37fbbb)
cloudfront-origins: extend max keepaliveTimeout of HttpOrigin to 180 (#18837) (171fdcd), closes #18697
eks: Allow helm pull from OCI repositories (#18547) (7e624d9)
lambda: add a fromFunctionName() method (#19076) (5b92cc3), closes #18255 #19031
pipelines: ECR source action (#16385) (fc11ae2), closes #16378
pipelines: step outputs (#19024) (0dec2ee), closes #17189 #18893 #15943 #16407
rds: make VPC optional for serverless Clusters (#17413) (4f7818d), closes #17401
triggers (#19011) (11d6c69)

Bug Fixes

cli: hotswapping is slow for many resources deployed at once (#19081) (040238e), closes #19021
s3-notifications: notifications allowed with imported kms keys (#18989) (7441418)
API compatibility check fails in CI pipeline (#19069) (6ec1005), closes #19070
cloudfront: trim autogenerated cache policy name (#18953) (c7394c9), closes #18918
elasticloadbalancingv2: validate port/protocol are not provided for lambda targets (#19043) (64d26cc), closes #12514
route53: fix cross account delegation deployment dependency (#19047) (692a0d0), closes #19041

1.145.0 (2022-02-18)

Features

aws-stepfunctions-tasks: add environment property for SageMakerCreateTrainingJob (#18976) (60d6e66), closes #18919
cfnspec: cloudformation spec v56.0.0 (#18930) (24a52ae)
cfnspec: cloudformation spec v57.0.0 (#19030) (f0acbc4)
cli: hotswap for appsync vtl mapping template changes (#18881) (9858002)
codepipeline: add support for CloudFormation StackSet actions (#14225) (d8bc0d0)
config: S3_BUCKET_LEVEL_PUBLIC_ACCESS_PROHIBITED managed rule (#18890) (1a7e3e2), closes #18888
core: stack synthesizer that uses CLI credentials (#18963) (a36b72b), closes #16888
ec2: allow imdsv2 usage on bastion host (#18955) (8c6777c)
ecs: support version stages and ids for Secrets (#18174) (6d091c2), closes #18123
events: API Destinations (#13729) (2adbc14)
iot-actions: add SNS publish action (#18839) (3a39f6b), closes #17700
iotevents: create new module for IoT Events actions (#18956) (3533ea9), closes /github.com/aws/aws-cdk/pull/18869#discussion_r802719713
lambda: allow Topic to be dlq for Lambda (#18546) (f8d8fe4), closes #16246
logs: custom Role for Kinesis destination (#13553) (bb96621), closes #7661
rds: simpler way to configure parameters for instance and cluster (#18126) (3ba9088), closes #18124
s3-deployment: add deployedBucket attribute for sequencing (#15384) (edac101)

Bug Fixes

assertions: 'pattern.indexOf' is not a function (#19009) (6df26e7)
assertions: incorrect assertions when >1 messages on a resource (#18948) (072e1b9), closes #18840
aws-cdk: include nested stacks when building changesets (#17396) (a7dbeef), closes #5722
cli: handle attributes of AWS::Events::EventBus when hotswapping (#18834) (a30a32a), closes #18831
core: undeployable due to invalid mapping (#18922) (db28485), closes #18789 #18789
lambda: unlock use case for cross-account functions w/ preconfigured permissions (#18979) (023108a), closes #18228 #18781 #18967 #18781
lambda: Validate Lambda "functionName" parameter (#17970) (a416a2d), closes #13264
pipelines: self-mutate always adds analytics (#19010) (bc47b29), closes #18933
stepfunctions: imported State Machine sill has region and account from its Stack, instead of its ARN (#19026) (23329b4), closes #17982
python3 version check with Python 3.10 (#18754) (0ef6527)
stepfunctions-tasks: EMR Create Cluster does not support dynamic allocation of step concurrency level (#18972) (d19e538)
synthetics: generated role has incorrect permissions for cloudwatch logs (#18946) (f8bb85f), closes #18910

1.144.0 (2022-02-08)

Features

assets: support networking mode for DockerImageAsset (#18114) (a7b39f5), closes #15516
cfnspec: cloudformation spec v55.0.0 (#18827) (a1d94b3)
cli: cdk diff works for Nested Stacks (#18207) (1337b24), closes #5722
iotevents: add grant method to Input class (#18617) (e89688e)
iotevents: support transition events (#18768) (ccc1988), closes #17711
s3-deployment: deploy data with deploy-time values (#18659) (d40e332), closes #12903

Bug Fixes

aws-appsync: Strip unsupported characters from Lambda DataSource (#18765) (bb8d6f6)
tooling: update vscode devcontainer image (#18455) (28647f7)

1.143.0 (2022-02-02)

Features

amplify: support performance mode in Branch (#18598) (bdeb8eb), closes #18557
cfnspec: cloudformation spec v54.0.0 (#18764) (71601c1)
cloudwatch-actions: add ssm opsitem action for cloudwatch alarm (#16923) (9380885), closes #16861
dynamodb: allow setting TableClass for a Table (#18719) (73a889e), closes #18718
ec2: support KMS keys for block device mappings for both instances and launch templates (#18326) (17dbe5f), closes #18309
ecr: add server-side encryption configuration (#16966) (c46acd5), closes #15400 #15571
ecs: expose image name in container definition (#17793) (1947d7c)
fsx: add support for FSx Lustre Persistent_2 deployment type (#18626) (6036d99)
iot: add Action to republish MQTT messages to another MQTT topic (#18661) (7ac1215)

Bug Fixes

core: correctly reference versionless secure parameters (#18730) (9f6e10e), closes #18729
ec2: UserData.addSignalOnExitCommand does not work in combination with userDataCausesReplacement (#18726) (afdc550), closes #12749
vpc: Vpc.fromLookup should throw if subnet group name tag is explicitly given and does not exist (#18714) (13e1c7f), closes #13962

Reverts

"chore(cloudfront): encryption and enforceSSL on distribution s3 loggingBucket (#18264)" (#18772) (121e4a1), closes #18271 /docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html#AWS-logs-infrastructure-S3 #18676
"chore(ec2): enforceSSL on flowLog s3 bucket (#18271)" (#18770) (a2eb092), closes /docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html#AWS-logs-infrastructure-S3 #18676

1.142.0 (2022-01-28)

Features

cfnspec: cloudformation spec v53.1.0 (#18680) (f385059)
cloudfront-origins: extend readTimeout maximum value for HttpOriginProps (#18697) (e64de67), closes #18628
eks: cluster logging (#18112) (872277b), closes #4159
iotevents: allow setting description, evaluation method and key of DetectorModel (#18644) (2eeaebc)
lambda-python: support setting environment vars for bundling (#18635) (30e2233)

Bug Fixes

aws-lambda-nodejs: pre compilation with tsc is not being run (#18062) (7ac7221), closes #18002
pipelines: undeployable due to dependency cycle (#18686) (009d689), closes #18492 #18673

1.141.0 (2022-01-27)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

servicecatalog: TagOptions now have scope and props argument in constructor, and data is now passed via a allowedValueForTags field in props

Features

assertions: support assertions on stack messages (#18521) (cb86e30), closes #18347
assertions: support for conditions (#18577) (55ff1b2), closes #18560
aws-ecs-patterns: adding support for custom HealthCheck while creating QueueProcessingFargateService (#18219) (0ca81a1), closes #15636
certificatemanager: DnsValidatedCertificate DNS record cleanup (#18311) (36d356d), closes #3333 #7063
cfnspec: cloudformation spec v53.1.0 (#18588) (a283a48)
cfnspec: cloudformation spec v53.1.0 (#18658) (2eda19e)
ec2: session timeout and login banner for client vpn endpoint (#18590) (7294118)
ecs: add BaseService.fromServiceArnWithCluster() for use in CodePipeline (#18530) (3d192a9)
iotevents: add DetectorModel L2 Construct (#18049) (d0960f1), closes #17711 #17711
lambda-nodejs: Allow setting mainFields for esbuild (#18569) (0e78aeb)
s3: custom role for the bucket notifications handler (#17794) (43f232d), closes #9918 #13241
servicecatalog: Create TagOptions Construct (#18314) (903c4b6), closes #17753

Bug Fixes

apigatewayv2: websocket api: allow all methods in grant manage connections (#18544) (41c8a3f), closes #18410
aws-apigateway: cross region authorizer ref (#18444) (0e0a092)
cli: hotswap should wait for lambda's updateFunctionCode to complete (#18536) (0e08eeb), closes #18386 #18386
ecs: only works in 'aws' partition (#18496) (525ac07), closes #18429
ecs-patterns: Fix Network Load Balancer Port assignments in ECS Patterns (#18157) (1393729), closes #18073
elasticloadbalancingv2: ApplicationLoadBalancer.logAccessLogs does not grant all necessary permissions (#18558) (bde1795), closes #18367
pipelines: CodeBuild projects are hard to tell apart (#18492) (f6dab8d)
region-info: incorrect codedeploy service principals (#18505) (16db963)
route53: add RoutingControlArn to HealthCheck patch (#18645) (c58e8bb), closes #18570
s3: add missing safe actions to grantWrite, grantReadWrite and grantPut methods (#18494) (940d043), closes #13616
secretsmanager: SecretRotation for secret imported by name has incorrect permissions (#18567) (9ed263c), closes #18424
stepfunctions: task token integration cannot be used with API Gateway (#18595) (678eede), closes #14184 #14181
stepfunctions-tasks: cluster creation fails with unresolved release labels (#18288) (9940952)
synthetics: correct getbucketlocation policy (#13573) (e743525), closes #13572

1.140.0 (2022-01-20)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

apigatewayv2: HttpIntegrationType.LAMBDA_PROXY has been renamed to HttpIntegrationType.AWS_PROXY
iot: the class FirehoseStreamAction has been renamed to FirehosePutRecordAction

Features

apigatewayv2: HttpRouteIntegration supports AWS services integrations (#18154) (a8094c7), closes #16287
apigatewayv2: support for mock integration type (#18129) (7779c14), closes #15008
apigatewayv2: websocket api: api keys (#16636) (24f8f74)
assertions: stringLikeRegexp() matcher (#18491) (b49b002)
assertions: support for parameters (#18469) (d0d6fc5), closes #16720
aws-neptune: add autoMinorVersionUpgrade to cluster props (#18394) (8b5320a), closes #17545
aws-s3: support number of newer versions to retain in lifecycle policy (#18225) (e1731b1), closes #17996 #17996
cfnspec: cloudformation spec v53.0.0 (#18468) (50637e0)
cfnspec: cloudformation spec v53.0.0 (#18480) (38e1fe4)
cfnspec: cloudformation spec v53.0.0 (#18524) (517d517)
cfnspec: cloudformation spec v53.0.0 (#18551) (926310b)
cli: support hotswapping Lambda functions that use Docker images (#18319) (6b553b7), closes #18302 #18408
cli: support hotswapping Lambda functions with inline code (#18408) (d0b8512), closes #18319
cli: watch streams resources' CloudWatch logs to the terminal (#18159) (a9038ae), closes #18122
cognito: identity pools (#16190) (59fe395)
ec2: add Hpc6a instances (#18445) (c7f39ca)
ec2: add support for al2022 and amzn2 with kernel 5.x (#18117) (6b73d1d)
ec2: create Peers via security group ids (#18248) (9d1b2c7), closes #7111
ecs-service-extensions: Enable default logging to CloudWatch for extensions (under feature flag) (#17817) (06666f4)
iot: add Action to put record to Kinesis Data stream (#18321) (1480213), closes #17703
lambda-nodejs: ES modules (#18346) (e23b63f), closes #13274
opensearch: added opensearch 1.1 to engineversion (#18432) (e01a57a), closes #18431

Bug Fixes

apigateway: enabled property of ApiKeyProps is ignored (#18407) (c31f9b4)
applicationautoscaling: typo in DYANMODB_WRITE_CAPACITY_UTILIZATION (#18085) (626e6aa), closes #17209
assertions: object partiality is dropped passing through arrays (#18525) (eb29e6f)
cli: cdk watch constantly prints 'messages suppressed' (#18486) (9b266f4), closes #18451
cli: warning to upgrade to bootstrap version >= undefined (#18489) (da5a305)
ec2: interface endpoints do not work with Vpc.fromLookup() (#18554) (f55cd2b), closes #17600
ec2: launch template names in imdsv2 not unique across stacks (under feature flag) (#17766) (2a80e4b)
ecs: respect LogGroup's region for aws-log-driver (#18212) (b6e3e51), closes #17747
elbv2: BaseLoadBalancer.vpc is not optional (#18474) (f511c17), closes aws/jsii#3342
iot: FirehoseStreamAction is now called FirehosePutRecordAction (#18356) (c016a9f), closes /github.com/aws/aws-cdk/pull/18321#discussion_r781620195
pipelines: "Maximum schema version supported" error (#18404) (a684ff4), closes #18370
pipelines: graphnode dependencies can have duplicates (#18450) (2b0b5ea)
secretsmanager: Secret requires KMS key for some same-account access (#17812) (91f3539), closes #15450

Reverts

s3: add EventBridge bucket notifications (#18150) (#18507) (2041278)

1.139.0 (2022-01-11)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

apigatewayv2-authorizers: WebSocketLambdaAuthorizerProps.identitySource default changes from ['$request.header.Authorization'] to ['route.request.header.Authorization'].
cfn2ts: some "complex" property types within the generated CloudFormation interfaces (i.e: properties of Cfn* constructs) with names starting with a capital letter I followed by another capital letter are no longer incorrectly treated as behavioral interfaces, and might hence have different usage patterns in non-TypeScript languages. Such interfaces were previously very difficult to use in non-TypeScript languages, and required convoluted workarounds, which can now be removed.

Features

aws-ecs: support runtime platform property for create fargate windows runtime. (#17622) (fa8f2e2), closes #17242
bootstrap: ECR ScanOnPush is now enabled by default (#17994) (7588b51)
cfnspec: cloudformation spec v51.0.0 (#18274) (c208e60)
cli: diff now uses the lookup Role for new-style synthesis (#18277) (2256680)
eks: cluster tagging (#4995) (#18109) (304f5b6)
iam: generate AccessKeys (#18180) (beb5706), closes #8432
lambda-event-sources: adds AuthenticationMethod.CLIENT_CERTIFICATE_TLS_AUTH to kafka (#17920) (93cd776)
pipelines: step dependencies (#18256) (e3359e0), closes #17945
pipelines: support timeout in CodeBuildStep (#17351) (2aa3b8e)
s3: add EventBridge bucket notifications (#18150) (912aeda), closes #18076
sqs: add DLQ readonly property to Queue (#18232) (caa6788), closes #18083

Bug Fixes

apigatewayv2-authorizers: incorrect identitySource default for WebSocketLambdaAuthorizer (#18315) (74eee1e), closes #18307
appmesh: allow a Virtual Node have as a backend a Virtual Service whose provider is that Node (#18265) (272b6b1), closes #17322
aws-kinesis: remove default shard count when stream mode is on-demand and set default mode to provisioned (#18221) (cac11bb), closes #18139
aws-lambda-event-sources: unsupported properties for SelfManagedKafkaEventSource and ManagedKafkaEventSource (#17965) (5ddaef4), closes #17934
cfn2ts: some property times have behavioral-interface names (#18275) (6359c12)
cli: assets are KMS-encrypted using wrong key (#18340) (64ae9f3), closes #17668 #18262
cli: breaks due to faulty version of colors (#18324) (ddc2bc6)
codebuild: setting Cache.none() renders nothing in the template (#18194) (cd51a5d), closes #18165
lambda: imported Function still has region and account from its Stack, instead of its ARN (#18255) (01bbe4c), closes #18228
lambda-python: asset files are generated inside the 'asset-input' folder (#18306) (aff607a)
lambda-python: bundle asset files correctly (#18335) (3822c85), closes #18301
logs: respect region when importing log group (#18215) (be909bc), closes #18214
pipelines: DockerCredential.dockerHub() silently fails auth (#18313) (c2c87d9), closes #15737
route53: support multiple cross account DNS delegations (#17837) (76b5c0d), closes #17836

1.138.2 (2022-01-09)

Bug Fixes

cli: breaks due to faulty version of colors (#18324) (43bf9ae)

1.138.1 (2022-01-07)

Bug Fixes

lambda-python: asset files are generated inside the 'asset-input' folder (#18306) (b00b44e)

1.138.0 (2022-01-04)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

lambda-python: assetHashType and assetHash properties moved to new bundling property.
lambda-python: Runtime is now required for LambdaPython

Features

apigateway: Add stage ARN attribute (#18170) (be7acfd)
aws-autoscaling: Add support for termination policies (#17936) (9e6f977), closes #15654
aws-ec2: add g4ad instance types (#17927) (8cb6a76), closes #17565
cfnspec: add CloudFormation documentation to L1 classes (#18101) (0ed661d)
cli: hotswap deployments for CodeBuild projects (#18161) (4ae4df8)
cli: show how long cdk deploy steps take (#18230) (82fa742), closes #18213
cli: support for hotswapping Lambda Versions and Aliases (#18145) (13d77b7), closes #18058 #17043
codepipeline: variables for CodeStar Connections source Action (#18086) (c99da16), closes #17807
custom-resources: NoEcho for sensitive data in provider framework (#18097) (621a410)
docdb: allow setting log retention (#18120) (002202f), closes #13191
ec2: add Windows Server 2022 WindowsVersions (#18203) (dee732d), closes #18199
glue: support partition index on tables (#17998) (c071367), closes #17589
iot: Action to send messages to SQS queues (#18087) (37537fe), closes #17699
iot: add Action to set a CloudWatch alarm (#18021) (de2369c), closes #17705
lambda-python: support for providing a custom bundling docker image (#18082) (c3c4a97), closes #10298 #12949 #15391 #16234 #15306
msk: add Kafka versions 2.6.3, 2.7.1 and 2.7.2 (#18191) (8832df1)
secretsmanager: create secrets with specified values (#18098) (dd90b8e), closes #5810
ssm: reference latest version of secure string parameters (#18187) (7d0680a), closes #17091

Bug Fixes

amplify: deploy asset Custom Resource points to TS file (#18166) (a1508af)
cloudfront-origins: policy not added for custom OAI (#18192) (c894ba1), closes #18185
core: Duration.toString() throws an error (#18243) (df03df8), closes #18176
core: overriding of Stack.addFileAsset() no longer has effect (#18116) (2290681), closes #17328
events: event bus name only generated if no props passed (#18153) (9b81662), closes #18070
lambda-python: runtime is now required (#18143) (98f1bb1), closes #10248
region-info: ssm service principal - fix more regions (#18135) (ed30c44), closes #16188

Reverts

cfnspec: add CloudFormation documentation to L1 classes (#18177) (2530016)

1.137.0 (2021-12-21)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

opensearchservice: imported domain property domainEndpoint used to contain https:// prefix, now the prefix is dropped and it returns the same value as a domainEndpoint on a created domain

Features

apigatewayv2: http api - IAM authorizer support (#17519) (fd8e0e3), closes #15123
aws-kinesis: add support for data streams capacity modes (#18074) (b265e46), closes #18050
aws-s3: Adding Intelligent Tiering to Bucket (#18013) (890c4c5), closes #16191
backup: support continuous backup and point-in-time restores (#17602) (24c6ef5), closes #15922
cli: add message when resource is hotswapped (#18058) (e828c22), closes #17778
cli: support hotswapping Lambda function tags (#17818) (e4485f4), closes #17664
cli: watch command now starts with a deployment (#18057) (ace37a2), closes #17776
codedeploy: loadbalancer support for imported Target Groups (#17848) (32f1c80), closes #9677
codepipeline: add ability to not reuse cross-region support Stacks (#18043) (dcc9e59), closes #18018 #18018
efs: add support for transitioning files from infrequent access to primary storage (#16522) (65414c6)
eks: imported kubectl provider for imported clusters (#14689) (19a287f), closes #12107
eks: install helm chart from asset (#17217) (d3fc8c0)
iam: session tagging (#17689) (9f22b2f), closes #15908 #16725 #2041 #1578
rds: Aurora clusters from snapshots (#17759) (e5259ee), closes #10936 #10130

Bug Fixes

acm: DnsValidatedCertificate intermittently fails with "Cannot read property 'Name' of undefined" (#18033) (2b6c2da), closes #8282
apigateway: race condition between Stage and CfnAccount (#18011) (f11766e)
eks: can't deploy with Bottlerocket amiType (#17775) (b7be71c), closes #17641 #17641
eks: cannot customize alb controller repository and version (#18081) (e4256c8), closes #18054
eks: the defaultChild of a KubernetesManifest is not a CfnResource (#18052) (ef8ab72)
opensearchservice: imported domain's domainendpoint is a url not an endpoint (#18027) (fd149b1), closes #18017
core, s3-deployment: ResponseURL is logged by S3Deployment (#18048) (ed19828)
pipelines: can't use exports from very long stack names (#18039) (465dabf), closes #17436
region-info: ssm service principal is wrong in majority of regions (#17984) (77144f5), closes #16188 #17646

1.136.0 (2021-12-15)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

appsync: The CachingConfig#ttl property is now required.

glue: the grantRead API previously included 'glue:BatchDeletePartition', and now it does not.

Features

amplify: Add Amplify asset deployment resource (#16922) (499ba85), closes #16208
apigateway: add option to set the base path when adding a domain name to a Rest API (#17915) (9af5b4d)
apigatewayv2: Lambda authorizer for WebSocket API (#16886) (67cce37), closes #13869
aws-applicationautoscaling: Allow autoscaling with "M out of N" datapoints (#17441) (c21320d), closes #17433
aws-applicationautoscaling: enabling autoscaling for ElastiCache Redis cluster (#17919) (7f54ed6)
aws-ecs: expose environment from containerDefinition (#17889) (4937cd0), closes #17867
aws-s3: add support for BucketOwnerEnforced to S3 ObjectOwnershipType (#17961) (93fafc5), closes #17926
cfnspec: cloudformation spec v51.0.0 (#17955) (c6b7a49), closes #17943
cli: Hotswapping Support for S3 Bucket Deployments (#17638) (1df478b)
codecommit: allow initializing a Repository with contents (#17968) (54b6cc6), closes #17967 #16958
ec2: add d3 and d3en instances (#17782) (8b52196), closes /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html#cfn-ec2
ec2: add high memory instances u-6tb1, u-9tb1, u-12tb1, u-18tb1, and u-24tb1 (#17964) (5497525)
ec2: add im4gn and is4gen instances (#17780) (e057c8f), closes /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html#cfn-ec2
iotevents: add IoT Events input L2 Construct (#17847) (9f03dc4), closes /github.com/aws/aws-cdk/issues/17711#issuecomment-986153267
lambda: add cloudwatch lambda insights arm support (#17665) (02749b4), closes #17133

Bug Fixes

appmesh: adding support with gateway route priority (#17694) (a61576f), closes #16821
appsync: ttl property of CachingConfig is not required (#17981) (73e5fec)
aws-autoscaling: notificationTargetArn should be optional in LifecycleHook (#16187) (4e7a275), closes #14641
aws-lambda-nodejs: use closest lockfile when autodetecting (#16629) (c4ecd96), closes #15847 40aws-cdk/aws-lambda-nodejs/lib/function.ts#L137-L139 /github.com/aws/aws-cdk/issues/15847#issuecomment-903830384
cli: asset publishing broken cross account (#18007) (2fc6895), closes #17668 #17988
cli: hotswapping StateMachines with a name fails (#17892) (de67aae), closes #17716
custom-resources: assumedRole from AwsCustomResource invocation leaked to next execution (#15776) (e138188), closes #15425
glue: remove batchDeletePartition from grantRead() permissions (#17941) (3d64f9b), closes #17935 #15116
logs: log retention fails with OperationAbortedException (#17688) (95b8da9), closes #17546
rds: unable to use tokens as port in DatabaseInstance (#17995) (0745193), closes #17948

1.135.0 (2021-12-10)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

apigatewayv2-authorizers: The default value for the prop authorizerName in HttpJwtAuthorizerProps has changed.
apigatewayv2-authorizers: HttpJwtAuthorizer now takes the construct id and the target jwt issuer as part of its constructor.
apigatewayv2-authorizers: HttpLambdaAuthorizer now takes the construct id and the target lambda function handler as part of its constructor.
apigatewayv2-authorizers: The default value for the prop authorizerName in HttpUserPoolAuthorizerProps has changed.
apigatewayv2: The HttpIntegration and WebSocketIntegration classes require an "id" parameter to be provided during its initialization.
apigatewayv2-integrations: The LambdaWebSocketIntegration is now renamed to WebSocketLambdaIntegration. The new class accepts the handler to the target lambda function directly in its constructor.
apigatewayv2-integrations: HttpProxyIntegration and HttpProxyIntegrationProps are now renamed to HttpUrlIntegration and HttpUrlIntegrationProps respectively. The new class accepts the target url directly in its constructor.
apigatewayv2-integrations: LambdaProxyIntegration and LambdaProxyIntegrationProps are now renamed to HttpLambdaIntegration and HttpLambdaIntegrationProps respectively. The new class accepts the lambda function handler directly in its constructor.
apigatewayv2-integrations: HttpAlbIntegration now accepts the ELB listener directly in its constructor.
apigatewayv2-integrations: HttpNlbIntegration now accepts the ELB listener directly in its constructor.
apigatewayv2-integrations: HttpServiceDiscoveryIntegration now accepts the service discovery Service directly in its constructor.
apigatewayv2-authorizers: UserPoolAuthorizerProps is now renamed to HttpUserPoolAuthorizerProps.
apigatewayv2: The interface IHttpRouteIntegration is replaced by the abstract class HttpRouteIntegration.
apigatewayv2: The interface IWebSocketRouteIntegration is now replaced by the abstract class WebSocketRouteIntegration.
apigatewayv2: Previously, we allowed the usage of integration classes to be used with routes defined in multiple HttpApi instances (or WebSocketApi instances). This is now disallowed, and separate instances must be created for each instance of HttpApi or WebSocketApi.

Features

apigateway: step functions integration (#16827) (cb31547), closes #15081
assertions: major improvements to the capture feature (#17713) (9a67ce7), closes #17009
aws-s3-deployment: log retention option (#17779) (b60dc63)
backup: enable WindowsVss Backup (#15934) (12fcb18), closes #14803 #14891
cfnspec: cloudformation spec v49.0.0 (#17727) (7e0c9a3)
cfnspec: cloudformation spec v50.0.0 (#17844) (cd3f24e), closes #17840 #17858
cloudfront: Add support for response headers policy (#17359) (ea0acff), closes #17290
cognito: user pool: adds custom sender (Email/SMS) lambda triggers (#17740) (7f45de4)
core: add applyRemovalPolicy to IResource (#17746) (d64057f), closes #17728
custom-resources: fixed Lambda function name (#17670) (5710fe5)
docdb: implement audit and profiler logs (#17570) (4982aca), closes #17478
ec2: add g5g instances (#17765) (1799f7e), closes /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html#cfn-ec2
ec2: add m5zn instances (#17757) (845be10), closes /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html#cfn-ec2
ec2: add m6a instances (#17764) (b06f120), closes /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html#cfn-ec2
ec2: add mac1 instance (#17677) (88a5204), closes /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html#cfn-ec2 40aws-cdk/aws-ec2/lib/instance-types.ts#L573
ec2: add r6i instances (#17663) (0138292), closes /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html#cfn-ec2
ec2: add vpcName property to the VPC (#17940) (794e7cd)
ec2: add vt1 instances (#17756) (245c059), closes /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html#cfn-ec2
ec2: explicit mapPublicIpOnLaunch configuration for public subnets (#17346) (a1685c6)
ec2: extend BastionHostLinux to support CloudFormationInit (#17507) (c62377e)
ec2: propagate EC2 tags to volumes (#17840) (42cf186), closes /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html#cfn-ec2 #17844
ecs-service-extensions: Auto scaling for Queue Extension (#17430) (df7b9b4)
iam: support fromGroupName() for IAM groups (#17243) (29b379c)
iot: add Action to capture CloudWatch metrics (#17503) (ec4187c), closes /github.com/aws/aws-cdk/pull/16681#issuecomment-942233029
lambda: function construct exposes configured timeout (#17594) (87fd60f)
lambda-event-sources: sqs: support reportBatchItemFailures (#17733) (3623982), closes #17690
neptune: add engine version 1.1.0.0 and instance types t4g, r6g (#17669) (83e669d)
rds: parameter group for replica instances (#17822) (b606a23), closes #17580
s3: add GLACIER_IR storage class (#17829) (c291c44)
s3: support Transfer Acceleration (#17636) (b432822), closes #12570
secretsmanager: support secrets rotation in GovCloud (#17673) (a01678b), closes #14608
servicecatalog: Add TagOptions to a CloudformationProduct (#17672) (2d19e15)
stepfunctions-tasks: add 'Emr on Eks' tasks (#17103) (f2bf322), closes #15262 #15234

Bug Fixes

apigateway: dataTraceEnabled does not default to false (#17906) (cc3bb1f)
apigatewayv2: integration class does not render an integration resource (#17729) (3b5b97a), closes #13213
apprunner: startCommand and environment are ignored in imageConfiguration (#16939) (d911c58), closes #16812
appsync: add caching config to AppSync resolvers (#17815) (52b535b)
appsync: empty caching config is created when not provided (#17947) (3a9f206)
appsync: remove 'id' suffix to union definition key (#17787) (86e7780), closes #17771
assert: support multiline strings with stringLike() (#17692) (37596e6)
assets: remove the original-path metadata (#17901) (2b759ca), closes #17706
aws-cdk-migration: Construct imports not rewritten (#17931) (f02fcb4), closes #17826
aws-ec2: imported VPC subnets never recognized as PRIVATE_ISOLATED (#17496) (ba6a8ef)
aws-elasticloadbalancingv2: Set stickiness.enabled unless target type is lambda (#17271) (168a98f), closes #17261
cli: S3 asset uploads are rejected by commonly referenced encryption SCP (introduces bootstrap stack v9) (#17668) (8191f1f), closes #11265
codepipeline: cannot trigger on all tags anymore in EcrSourceAction (#17270) (39fe11b), closes aws#13818 aws#13818
codepipeline: cross-env pipeline cannot be created in Stage (#17730) (f17f29e), closes #17643
codepipeline: default cross-region S3 buckets allow public access (#17722) (0b80db5), closes #16411
cognito: remove invalid SES region check (#17868) (450f7ca), closes #17795
core: bundling skipped with --exclusively option and stacks under stage (#17210) (cda6601), closes #12898 #15346
docdb: secret rotation ignores excluded characters in password (#17609) (1fe2215), closes #17347 #17575
dynamodb: add missing DynamoDB operations to enum (#17738) (f38e0ac)
dynamodb: changing waitForReplicationToFinish fails deployment (#17842) (36b8fdb), closes #16983
iam: AWS Managed Policy ARNs are not deduped (#17623) (ed4a4b4), closes #17552
lambda-nodejs: bundling fails with a file dependency in nodeModules (#17851) (5737c33), closes #17830
lambda-nodejs: bundling with nodeModules fails with paths containing spaces (#17632) (986f291), closes #17631
pipelines: stack outputs used in stackSteps not recognized (#17311) (5e4a219), closes #17272
s3-deployment: updating memoryLimit or vpc results in stack update failure (#17530) (2ba40d1), closes #7128
stepfunctions: prefixes not appended to states in parallel branches (#17806) (a1da772), closes #17354

Miscellaneous Chores

apigatewayv2: integration api re-organization (#17752) (29039e8)
apigatewayv2-authorizers: re-organize authorizer api (#17772) (719f33e)

1.134.0 (2021-11-23)

Features

apigatewayv2: domain endpoint type, security policy and endpoint migration (#17518) (261b331)
cfnspec: cloudformation spec v49.0.0 (#17621) (ce638b4)
docdb: add option to set the name of the generated Secret (#17574) (18c9ef7), closes #17572
eks: ALB Controller (#17618) (1faf31d)
msk: add Kafka version 2.6.2 (#17497) (5f1f476)

Bug Fixes

assets: add missing SAM asset metadata information (#17591) (55df760), closes #14593
aws-ecs: check for invalid capacityProviderName (#17291) (6e2fde4), closes #17321
opensearch: correctly validate ebs configuration against instance types (#16911) (34af598), closes #11898

1.133.0 (2021-11-19)

Features

apigatewayv2: websocket api: grant manage connections (#16872) (10dfa60), closes #14828
assertions: support assertions over nested stacks (#16972) (bde44e7)
aws-eks: support bottlerocket managed nodegroup (#17323) (2e6a1a9)
cfnspec: cloudformation spec v48.0.0 (#17484) (6e8de96)
cfnspec: cloudformation spec v49.0.0 (#17585) (d44d0e7)
cognito: user pool: send emails using Amazon SES (#17117) (503720f), closes #6768
ec2: add G5 instances (#17499) (eed70a0), closes /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html#cfn-ec2
ec2: add m5n and m5dn instance types (#17488) (df30d4f)
ec2: lookup security group by name (#17246) (5bf0d07), closes #4241
ec2: vpc endpoints for codeguru (#17498) (21c2d2b), closes #16788
ecs: Add SystemControls to ContainerDefinition (#16970) (b12a2c6), closes #16025
eks: Allow passing of custom IAM role to Kube Ctl Lambda (#17196) (8fa293a)
iot: add Action to put objects in S3 Buckets (#17307) (49b87db), closes /github.com/aws/aws-cdk/pull/16681#issuecomment-942233029
iot: add Action to put records to a Firehose stream (#17466) (7cb5f2c), closes /github.com/aws/aws-cdk/pull/16681#issuecomment-942233029
lambda: singleton function: access runtime, log group and configure layers and environment (#17372) (ec5b102)
rds: validate backup retention for read replica instances (#17569) (9b2158b), closes #17356
warn users when deprecated elements are used (#17328) (3721358)
redshift: Add support for distStyle, distKey, sortStyle and sortKey to Table (#17135) (a137cd1), closes #17125
servicecatalog: support local launch role name in launch role constraint (#17371) (b307b69)
stepfunctions-tasks: Support DynamoAttributeValue.listFromJsonPath (#17376) (bc10e6f), closes #17375

Bug Fixes

apigateway: SAM CLI asset metadata missing from SpecRestApi (#17293) (841cf99), closes #14593
assets: SAM asset metadata missing from log retention and custom resource provider functions (#17551) (a90e959)
autoscaling: add timezone property to Scheduled Action (#17330) (3154a58)
aws-codebuild: add @aws-cdk/asserts to package deps (#17435) (9c77e94)
aws-lambda-event-sources: Function.addEventSource fails for ManagedKafkaEventSource typed parameters (#17490) (a474ee8)
aws-logs: include new policy.ts exports in index.ts exports (#17403) (a391468)
cli: improve asset publishing times by up to 30% (#17409) (40d6a48), closes #17266
cli: skip bundling for the 'watch' command (#17455) (af61b7f), closes #17391
cloudwatch: render agnostic alarms in legacy style (#17538) (7c50ef8)
ec2: Duplicate EIP when NatGatewayProps.eipAllocationIds is provided (#17235) (050f6fa)
eks: Allow specifying subnets in Pinger (#17429) (6acee52)
iot: unable to add the same lambda function to two TopicRule Actions (#17521) (eda1640), closes #17508
kinesis: add required rights to trigger Lambda from Kinesis. Fixes issue #17312. (#17358) (0bfc15c)
lambda: SAM CLI asset metadata missing from image Functions (#17368) (f52d9bf)
NestedStack: add asset metadata to NestedStack resources for local tooling (#17343) (4ba40dc)
redshift: tableNameSuffix evaluation (#17213) (f7c3217), closes #17064
sns-subscriptions: enable cross region subscriptions to sqs and lambda (#17273) (3cd8d48), closes #7044 #13707
ssm: fix service principals for all regions since ap-east-1 (#17047) (5900548), closes #16188

1.132.0 (2021-11-09)

Features

apigatewayv2: http api - mTLS support (#17284) (54be156), closes #12559
stepfunctions-tasks: add AutoTerminationPolicy to EmrCreateCluster (#16976) (27ad7d8)
the assertions module is now stable! (#17395) (ede5e22)
cfnspec: cloudformation spec v47.0.0 (#17392) (7100d43)
lambda-nodejs: custom asset hash (#16412) (90da730), closes #16157

Bug Fixes

codecommit: notifyOnPullRequestMerged method has a typo in its name (#17348) (cac5726)
opensearch: domain doesn't handle tokens in capacity configuration (#17131) (2627939), closes #15014

1.131.0 (2021-11-07)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

apigatewayv2-authorizers: userPoolClient property in UserPoolAuthorizerProps is now renamed to userPoolClients.

Features

apigatewayv2-authorizers: http api - allow multiple user pool clients per HttpUserPoolAuthorizer (#16903) (747eb7c), closes #15431
certificatemanager: requesting private certificates issued by Private Certificate Authority (#16315) (e26f5be), closes #10076
cfnspec: cloudformation spec v46.0.0 (#17223) (d9f7b58)
cfnspec: cloudformation spec v46.0.0 (#17334) (e0f1180)
cfnspec: cloudformation spec v47.0.0 (#17350) (ea71b4e), closes #17290 #17223
cfnspec: cloudformation spec v47.0.0 (#17353) (7886607)
cli: added build field to cdk.json (#17176) (57ad1e0)
cli: introduce the 'watch' command (#17240) (0adc8b7)
codepipeline: add construct for registering custom Actions (#17041) (c66ac89), closes #17039
docdb: add the ability to exclude characters when generating passwords (#17262) (135f7d3), closes #15732
ec2: add c6i instances (#17237) (25cea18)
ecs-service-extensions: Target tracking policies for Service Extensions (#17101) (6420b18)
eks: expose FargateCluster's defaultProfile (#17130) (e461601), closes #16149
iot: allow setting description and enabled of TopicRule (#17225) (a9aae09)
iot: allow setting errorAction of TopicRule (#17287) (e412308)
iot-actions: Add the action to put CloudWatch Logs (#17228) (a7c869e)
lambda-nodejs: add sourcesContent in BundlingOptions (#17280) (ea56e69), closes #17256
logs: add support for cloudwatch logs resource policy (#17015) (e9a461d), closes #5343
servicecatalog: allow creating a CFN Product Version with CDK code (#17144) (f8d0ef5)
synthetics: add static cron method to schedule class (#17250) (1ab9b26), closes #16402

Bug Fixes

aws-eks: proxy support and allow assigning a security group to all cluster handler functions (#17200) (7bbd10d), closes #12469
cli: wmic not found on modern Windows systems (#17070) (332ce4d), closes #16419
cli: cdk ls --long outputs less-friendly stack IDs for nested assemblies (#17263) (864c50e), closes #14379
cli: no longer disable rollback by default for hotswap deployments (#17317) (e32b616), closes #17267
cognito: ambiguous error message when same trigger is added twice (#16917) (4ae78b0)
ec2: functions addIngressRule and addEgressRule detect unresolved tokens as duplicates (#17221) (d4952c3), closes #17201
lambda-nodejs: yarn berry goes into immutable mode in CI (#17086) (cc8dd69), closes #17082
pipelines: additionalInputs not working (#17279) (9e81dc7), closes #17224
s3: enforce that fromBucketAttributes supplies a valid bucket name (#16915) (30ac0cc)

Reverts

"chore: activate 'rosetta infuse' feature (#17191)" (#17329) (c8cd515)

1.130.0 (2021-10-29)

Features

amplify: Add support for custom headers in the App (#17102) (9f3abd7), closes #17084
aws-route53-targets: Support for Elastic Beanstalk environment URLs (#16305) (bc07cb0)
cli: deployment progress shows stack name (#16604) (322cf10)
cloudfront: add amplify managed cache policy (#16880) (8d0c555)
codebuild: add fromEcrRepository to LinuxGpuBuildImage (#17170) (7585680), closes #16500
core: Docker tags can be prefixed (#17028) (d298696)
core: subtract Durations (#16734) (7a333b0), closes #16535
ec2: add c5ad instances (#16428) (0318253)
ec2: add region parameter for UserData via addS3DownloadCommand (#16667) (691d377), closes #8287
ec2: add vpcArn to IVpc and Vpc (#16666) (7b31376), closes #16493
ec2: add X2g instances (for RDS) (#17081) (443a23e), closes /github.com/aws/aws-cdk/issues/16948#issuecomment-946254267 #16948
ec2: include p4d instance class (#17147) (6e13adc)
ec2: look up VPC from different regions (#16728) (f1e244b), closes #10208
ec2: VPC endpoint for AWS Xray (#16788) (c24af54), closes #16306
events: DLQ support for EventBus target (#16383) (dbb3f25), closes #15954
iot: add the TopicRule L2 construct (#16681) (86f85ce), closes #16602
iot: allow setting Actions of TopicRule (#17110) (0cabb9f), closes #16681 /github.com/aws/aws-cdk/pull/16681#discussion_r733912215
iot: create new aws-iot-actions module (#17112) (06838e6), closes #16681 /github.com/aws/aws-cdk/pull/16681#discussion_r733912215
lambda-nodejs: esbuild charset option (#16726) (56033a2), closes #16668
lambda-nodejs: typescript emitDecoratorMetadata support (#16543) (55d3c50), closes #13767
rds: support backtrackWindow in DatabaseCluster (#17160) (fcd17e9), closes #9369 #9369
route53: Expose VpcEndpointServiceDomainName domain name as a property (#16458) (e063fbd)
sns: addSubscription returns the created Subscription (#16785) (62f389e)
synthetics: add syn-nodejs-puppeteer-3.3 runtime (#17132) (8343bec)

Bug Fixes

cli: downgrade bootstrap stack error message needs a hint for new-style synthesis (#16237) (e55301b)
core: DefaultSynthesizer deployments are never skipped (#17099) (c74b012), closes #16959
core: SecretValue.secretsManager fails for tokenized secret-id (#16230) (5831456), closes #16166
custom-resources: invalid service name leads to unhelpful error message (#16718) (354686b), closes #7312
custom-resources: Role Session Name can exceed maximum size (#16680) (3617b70)
elasticloadbalancingv2: always set stickiness (#17111) (0a23953), closes #16620
lambda-event-sources: dynamo batch size cannot be a CfnParameter (#16540) (56974ac), closes #16221
logs: Apply tags to log retention Lambda (#17029) (a6aaa64), closes #15032
rds: using both Instance imports & exports for Postgres fails deployment (#17060) (ab627c6), closes #16757
redshift: cluster uses key ARN instead of key ID (#17108) (bdf30c6), closes #17032

1.129.0 (2021-10-21)

Features

aws-autoscaling: add flag and aspect to require imdsv2 (#16052) (ef7e20d)
codebuild: add support for small ARM machine type (#16635) (55fbc86), closes #16633
dynamodb: add option to skip waiting for global replication to finish (#16983) (254601f), closes #16611
ec2: add aspect to require imdsv2 (#16051) (0947b21)
eks: configure serviceIpv4Cidr on the cluster (#16957) (72102c7), closes #16541
events: Add DLQ support for SQS target (#16916) (7fda903), closes #16417
msk: add Kafka version 2.8.1 (#16881) (7db5c8c)
stepfunctions-tasks: add enableNetworkIsolation property to SageMakerCreateTrainingJobProps (#16792) (69ac520), closes #16779

Bug Fixes

apigatewayv2: unable to retrieve domain url for default stage (#16854) (c6db91e), closes #16638
cfn-diff: correctly handle Date strings in diff (#16591) (86f2714), closes #16444
ecs: imported services don't have account & region set correctly (#16997) (dc6f743), closes #11199 #11199 #15944
events: PhysicalName.GENERATE_IF_NEEDED does not work for EventBus (#17008) (707fa00), closes #14337
lambda: docker image function fails when insightsVersion is specified (#16781) (d0e15cc), closes #16642
lambda-layer-node-proxy-agent: Replace use of package.json with Dockerfile command npm install [package]@[version] (#17078) (a129046)
opensearch: add validation to domainName property (#17017) (3ec6832), closes #17016
pipelines: additionalInputs fails for deep directory (#17074) (403d3ce), closes #16936

1.128.0 (2021-10-14)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

assertions: Starting this release, the assertions module will be published to Maven with the name 'assertions' instead of 'cdk-assertions'.

Features

apigatewayv2-integrations: http api - support for request parameter mapping (#15630) (0452aed)
cli: hotswap deployments for ECS Services (#16864) (ad7288f)
codepipeline: add support for string user parameters to the Lambda invoke action (#16946) (e19ea31), closes #16776
lambda: docker platform for architecture (#16858) (5c258a3)
lambda-event-sources: self managed kafka: support sasl/plain authentication (#16712) (d4ad93f)
stepfunctions-tasks: AWS SDK service integrations (#16746) (ae840ff), closes #16780

Bug Fixes

ecs: add ASG capacity via Capacity Provider by not specifying machineImageType (#16361) (93b3fdc), closes #16360
servicecatalog: Allow users to create multiple product versions from assets. (#16914) (958d755)
codebuild: add build image AMAZON_LINUX_2_ARM_2 (#16931) (370cb31), closes #16930
core: asset hash is different between linux and windows (#16945) (59950dd), closes #14555 #16928
ecs-patterns: minScalingCapacity cannot be set to 0 (#16961) (589f284), closes #15632 #14336
ssm: StringParameter accepts ParameterType.AWS_EC2_IMAGE_ID as type (#16884) (2b353be), closes #16806
use registry.npmjs.com to fix shinkwrap resolves (#16607) (8f91531)

Miscellaneous Chores

assertions: consistent naming in maven (#16921) (0dcd9ec)

1.127.0 (2021-10-08)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

assertions: Match.absentProperty() becomes Match.absent(), and its type changes from string to Matcher.

Features

appsync: Lambda Authorizer for AppSync GraphqlApi (#16743) (bdbe8b6), closes #16380
chatbot: allow adding a sns topic in existing SlackChannel (#16643) (d29a20b), closes #15588
cfnspec: cloudformation spec v43.0.0 (#16748) (7c473a6)
cli: hotswap deployments for StepFunctions State Machines (#16489) (c3417f6)
ec2: add X2gd instances (#16810) (6d468d2), closes #16794
ecr-assets: control docker image asset hash (#16070) (13f67e7), closes #15936
elbv2: support ALB target for NLB (#16687) (27cc821), closes #16679

Bug Fixes

assertions: hasResourceProperties is incompatible with Match.not and Match.absent (#16678) (6f0a507), closes #16626
cloudfront: EdgeFunctions cannot be created when IDs contain spaces (#16845) (b0752c5), closes #16832
cloudwatch: alarms with accountId fails in regions that don't support cross-account alarms (#16875) (54472a0), closes #16874
iam: not possible to represent Principal: * (#16843) (6829a2a)
lambda: currentVersion fails when architecture specified (#16849) (8a0d369), closes #16814
s3: auto-delete fails when bucket has been deleted manually (#16645) (7b4fa72), closes #16619

Miscellaneous Chores

assertions: replace absentProperty() with absent() and support it as a Matcher type (#16653) (c980185)

1.126.0 (2021-10-05)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

assertions: The templateMatches() API previously performed an exact match. The default behavior has been updated to be "object-like".

Features

assertions: matcher support for templateMatches() API (#16789) (0fb2179)
apprunner: support the Service L2 construct (#15810) (3cea941), closes #14813
aws-ec2: userdata cfn-signal signal resource which is different than the attached resource (#16264) (f24a1ae)
backup: expose method to add statements to the vault policy (#16597) (3ff1537)
cfnspec: cloudformation spec v42.0.0 (#16639) (2157acd)
cloudfront: support Behavior-specific viewer protocol policy for CloudFrontWebDistribution (#16389) (5c028c5), closes #7086
cloudwatch: support cross-environment search expressions (#16539) (c165138), closes #9039
eks: connectAutoScalingGroupCapacity on imported clusters (#14650) (7f7be08)
eks: add warning to fargateProfile (#16631) (41fdebb), closes #16349
stepfunctions-tasks: add step concurrency level to EmrCreateCluster (#15242) (1deea90), closes #15223
allow stale bot trigger manually (#16586) (fc8cfee)

Bug Fixes

eks: Support for http proxy in EKS onEvent lambda (#16609) (cf22280), closes /github.com/aws/aws-cdk/blob/7dae114b7aac46321b8d8572e6837428b4c633b2/tools/pkglint/lib/rules.ts#L1332
eks: support http proxy in EKS onEvent lambda (#16657) (87c9570), closes /github.com/aws/aws-cdk/pull/16657#issuecomment-928260661 /github.com/aws/aws-cdk/pull/16657#issuecomment-928529421 /github.com/aws/aws-cdk/blob/7dae114b7aac46321b8d8572e6837428b4c633b2/tools/pkglint/lib/rules.ts#L1332
cli: progress bar overshoots count by 1 for stack updates (#16168) (0c8ecb8)
config: add SourceAccount condition to Lambda permission (#16617) (cfcaf45)
elasticloadbalancingv2: Incorrect validation on NetworkLoadBalancer.configureHealthCheck() (#16445) (140892a)
iam: User.fromUserArn does not work for ARNs that include a path (#16269) (5c69c94), closes 40aws-cdk/aws-iam/lib/role.ts#L191-L194 #16256
s3: setting autoDeleteObjects to false empties the bucket (#16756) (21836f2), closes #16603
route53-targets: ApiGateway does not accept RestApiBase (#16610) (20071bb), closes #16227
sns: cannot use numeric filter policy with 0 values (#16551) (62b6762), closes #16549

Reverts

aws-eks: "fix(aws-eks): Support for http proxy in EKS onEvent lambda" (#16651) (376c837)

1.125.0 (2021-09-29)

Features

lambda: support for ARM architecture (b3ba35e)

1.124.0 (2021-09-21)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

assertions: the findResources() API previously returned a list of resources, but now returns a map of logical id to resource.
assertions: the findOutputs() API previously returned a list of outputs, but now returns a map of logical id to output.
assertions: the findMappings() API previously returned a list of mappings, but now returns a map of logical id to mapping.

Features

assertions: capture matching value (#16426) (cc74f92)
assertions: findXxx() APIs now includes the logical id as part of its result (#16454) (532a72b)
assertions: match into serialized json (#16456) (fed30fc)
batch: fargate support for jobs (#15848) (066bcb1), closes #13591 #13590 #13591
cfnspec: cloudformation spec v41.1.0 (#16472) (28875f9)
cfnspec: cloudformation spec v41.1.0 (#16524) (124a7a1)
cfnspec: cloudformation spec v41.2.0 (#16550) (e047bd8)
ec2/ecs: cacheInContext properties for machine images (#16021) (430f50a), closes #12484
ecs-service-extensions: Publish Extension (#16326) (c6c5941)
glue: Job construct (#12506) (fc74110), closes #12443
lambda: configure workdir for docker image based functions (#16111) (b3eafc2)
lambda: use bundling docker image from ECR public for dotnet and go runtimes (#16281) (9bbfd18)
neptune: add engine version 1.0.5.0 (#16394) (deaac4a), closes #16388
pipeline: allow enabling KMS key rotation for cross-region Stacks (#16468) (2a629dd), closes #14381
rds: region replication for generated secrets (#16497) (1e9d8be), closes #16480
redshift: manage database users and tables via cdk (#15931) (a9d5118), closes #9815
s3-deployment: enable efs support for handling large files in lambda (#15220) (2737119)
sns: adding support for firehose subscription protocol (#15764) (18aff6b)
stepfunctions-tasks: support Associate Workflow Executions on StepFunctionsStartExecution via associateWithParent property (#16475) (7d3b90b), closes #14778

Bug Fixes

apigatewayv2: ApiMapping does not depend on DomainName (#16201) (1e247d8), closes #15464
cloudformation-diff: cdk diff not picking up differences if old/new value is in format n.n.n (#16050) (38426c9), closes #15935
config: the IGW mapping to correct resource type (#16464) (23d9b6a), closes #16463
core: asset hash of symlinked dir is wrong (#16429) (36ff738)
ec2: set proper role for --role argument of cfn-init (#16503) (cdbd65d), closes #16501
logs: log retention fails with OperationAbortedException (#16083) (3e9f04d), closes aws#15709
route53resolver: FirewallDomainList throws with wildcard domains (#16538) (643e5ee), closes #16527
SSM API docs: Typo SecretString -> SecureString and note how SecureStrings cannot be created via CDK (#16228) (950e875)

1.123.0 (2021-09-16)

Features

opensearch: rebrand Elasticsearch as OpenSearch (e6c4ca5), closes aws/aws-cdk#16467

1.122.0 (2021-09-08)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

assertions: hasOutput(props: any) becomes hasOutput(logicalId: string, props: any)
assertions: findOutputs(props: any = {}) becomes findOutputs(logicalId: string, props: any = {})
assertions: hasMapping(props: any) becomes hasMapping(logicalId: string, props: any)
assertions: findMappings(props: any = {}) becomes findMappings(logicalId: string, props: any = {})

Features

ec2: Allow ApplyCloudformationInitOptions to set additional params (#16121) (1d94646), closes #16004
backup: option to prevent recovery point deletions (#16282) (6e71806)
cli: hotswap deployments (#15748) (6e55c95)
config: EC2_INSTANCE_PROFILE_ATTACHED managed rule (#16011) (816a319)
ec2: rename SubnetTypes to improve clarity with EC2 conventions (#16348) (2023004), closes #15929
ec2: vpc endpoint for aws keyspaces (#16306) (ad425d0)
ecs-service-extensions: Subscribe Extension (#16049) (66baca5)
elasticloadbalancingv2: ALPN policy support for NLB listener (#15956) (5427578)
kms: support fromLookup in KMS key to get key by alias name (#15652) (34a57ed), closes #8822
lambda: python 3.9 runtime (#16366) (a534829)
pipelines: stack-level steps (#16215) (d499c85), closes #16148
stepfunctions-tasks: await the eval so async ops can be passed to tasks.EvaluateExpression (#16290) (174b066)

Bug Fixes

apigatewayv2: some methods of the defaultStage are not available without casting it to IHttpStage (#15607) (27a0113)
assertions: output and mapping assertions do not accept logical id (#16329), closes #16242
assets: run executable command of container assets in cloud assembly root directory (#16094) (c2852c9), closes #15721
autoscaling: EbsDeviceVolumeType.IO2 is not a valid CloudFormation value (#16028) (492d33b), closes #16027
cli: 'deploy' and 'diff' silently does nothing when given unknown stack name (#16150) (74776f3), closes #15866
cloudwatch: cross account alarms does not support math expressions (#16333) (1ffd897), closes #16331
core: allow asset bundling when selinux is enabled (#15742) (dbfebb4)
iam: permissions boundary aspect doesn't always recognize roles (#16154) (c8bfcf6)
stepfunctions-tasks: Athena StartQueryExecution includes QueryExecutionContext even when object is empty (#16141) (6e2a3e0), closes #16133 #16133

1.121.0 (2021-09-01)

Features

assertions: 'not' matcher (#16240) (b838f95), closes #15868
cloudfront-origins: add custom headers to S3Origin (#16161) (f42b233), closes #16160
cfnspec: cloudformation spec v40.1.0 (#16254) (fe81be7)
cli: support --no-rollback flag (#16293) (d763d90), closes #16289
core: normalize line endings in asset hash calculation (#16276) (01bf6e2)
ec2: add m6i instances (#16081) (a42a1ea)
ecs: add support for Fargate PV1.4 ephemeral storage (#15440) (f1bf935), closes #14570
ecs-patterns: add capacity provider strategies to queue processing service pattern (#15684) (f40e8d6), closes #14781
ecs-patterns: Allow configuration of SSL policy for listeners created by ECS patterns (#15210) (2c3d21e), closes #11841 #8816
route53resolver: DNS Firewall (#15031) (ffdcd94)
stepfunctions-tasks: support allocation strategies in EMR CreateCluster (#16296) (5a5da57), closes #16252
synthetics: add Python runtime and latest Nodejs runtime (#16069) (de218ba), closes #15138 #16177

Bug Fixes

apigatewayv2: api mapping key with two hyphens is disallowed (#16204) (0889564), closes #15948
rds: fromDatabaseInstanceAttributes() incorrectly stringifies ports with tokens (#16286) (41b831a), closes #11813
core: inconsistent analytics string across operating systems (#16300) (ff6082c), closes #15322
elasticloadbalancingv2: target group health check does not validate interval versus timeout (#16107) (a85ad39), closes #3703

1.120.0 (2021-08-26)

Features

assertions: queries and assertions against the Outputs and Mappings sections (#15892) (90f95e1)
stepfunctions: add support to heartbeat error inside catch block (#16078) (2372b3c), closes #16084
cfnspec: cloudformation spec v40.0.0 (#16183) (b059124)
cloudwatch: add support for cross-account alarms (#16007) (e547ba0), closes #15959
codecommit: make Repository a source for CodeStar Notifications (#15739) (ae34d4a)
cognito: user pools - device tracking (#16055) (64019bb), closes #15013
docdb: cluster - deletion protection (#15216) (0f7beb2)
ecs: add support for Bottlerocket on ARM64 (#15454) (cd280a8), closes #14466
lambda: nodejs14.x supports inline code (#16131) (305f683)
rds: support 's3export' for Postgres database instances (#16124) (1d54a45), closes #14546 #10370 #14546
s3-deployment: exclude and include filters (#16054) (d42e89e), closes #14362 #14362

Bug Fixes

apigatewayv2: http api - disallow empty string as domain name (#16044) (9c39bcb)
appsync: addSubscription only allows for field type (#16097) (000d151), closes #10078 #16071
cfnspec: changes to resource-level documentation not supported (#16170) (82e4b4f)
cli: Python init template does not work in directory with '-' (#15939) (3b2c790), closes #15938
cli: unknown command pytest in build container fails integration tests (#16134) (0f7c0b4), closes #15939
resourcegroups: ResourceGroup not using TagType.STANDARD, causes deploy failure (#16211) (cdee1af), closes #12986
s3: bucket is not emptied before update when the name changes (#16203) (b1d69d7), closes #14011
ses: drop spam rule appears in the incorrect order (#16146) (677fedc), closes #16091
sqs: unable to import a FIFO queue when the queue ARN is a token (#15976) (a1a65bc), closes #12466
ssm: StringParameter.fromStringParameterAttributes cannot accept version as a numeric Token (#16048) (eb54cd4), closes #11913
ec2: fix vpc endpoint incorrect issue in China region (#16139) (0d0db38), closes #9864
eks: insecure kubeconfig warning (#16063) (82dd282), closes #14560

1.119.0 (2021-08-17)

Features

apigatewayv2: http api - domain url for a stage (#15973) (bb5d587), closes #15801
assets: exclude "cdk.out" from docker assets (#16034) (84a831a), closes #14841 #14842
aws-apigateway: import existing usage plan (#15771) (97fc290), closes #12677
cfnspec: cloudformation spec v39.9.0 (#15987) (e0d6181)

Bug Fixes

core: asset bundling fails for non-existent user (#15313) (bf5882f), closes #15415
ec2: opaque error when insufficient NAT EIPs are configured (#16040) (a308cac), closes #16039
events: cross-account event targets that have a Role are broken (#15717) (f570c94), closes #15639
pipelines: repos with dashes cannot be used as additionalInputs (#16017) (400a59d), closes #15753
s3-deployment: BucketDeployment doesn't validate that distribution paths start with "/" (#15865) (f8d8795), closes #9317

1.118.0 (2021-08-10)

Features

aws-elbv2: ALB target group routing algorithms (#15622) (6b32b2f), closes #15160
cognito: add support for token revocation in UserPoolClient (#15317) (8cb0e97), closes #15126
pipelines: add synthCodeBuildDefaults (#15627) (04b8d40)

Bug Fixes

ec2: "clientVpnEndoint" => "clientVpnEndpoint" (#14902) (c3b872a), closes #13810

1.117.0 (2021-08-05)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

assertions: Template.fromTemplate() is now renamed to Template.fromJSON() to provide clarity.
assertions: TemplateAssertions is now renamed to Template.

Features

aws-cloudfront: add enabled to web distribution (#15433) (7ad9348)
aws-ec2: Add SubnetFilter for Id and CIDR netmask (#15373) (407b02d), closes #15228
aws-kinesisfirehose: support for S3 destination encryption on DeliveryStream (#15558) (3888773), closes #15555
cfnspec: cloudformation spec v39.8.0 (#15885) (60e6b41)
cloudfront: Origin Shield support (#15453) (08ebbae), closes #12872
cloudfront: use TLS_V1_2_2021 SecurityPolicy as default version (under feature flag) (#15477) (7b64abf)
ec2: Add Transcribe interface endpoint (#15465) (929d6ae)
eks: support Kubernetes 1.21 (#15774) (83dd318), closes #15758
kinesisfirehose: add metrics functions to IDeliveryStream (#15618) (33909ed), closes #15543
kinesisfirehose: add support for backing up source records to S3 (#15725) (b86062f), closes #15724
kinesisfirehose: add support for BufferingHints (#15557) (099b584), closes #15554
kinesisfirehose: add support for Lambda data processors (#15704) (6244a81), closes #15703
kinesisfirehose: add support for server-side encryption on DeliveryStream (#15547) (74f3cda), closes #15546
kinesisfirehose: supports Kinesis data stream source for delivery stream (#15836) (afd5bf7), closes #15500 #10783
kinesisfirehose-destinations: add support for compression on S3 delivery stream destinations (#15550) (1eb56a0), closes #15548
kinesisfirehose-destinations: add support for prefixes in the S3 destination (#15552) (d227e48), closes #15551
lambda: cloudwatch lambda insights (#15439) (9efd800)
Route53: add support for RemovalPolicy in CrossAccountZoneDelegationRecord (#15782) (9eea4b8), closes #15211
s3-deployment: control object access (#15730) (f58cf3c)
servicecatalog: add CloudFormation Parameter constraint (#15770) (58fda91)
stepfunctions-tasks: add sns publish with message attributes (#14817) (bc99e82), closes #4702

Bug Fixes

assert: module is incompatible with jest@27 (#15666) (f446566)
appsync: graphqlapi throws incorrect error message for authorizationConfig (#15830) (1f23313), closes #15039
eks: Allow desiredsize minsize and maxsize to accept CfnParameters. (#15487) (fb43769)
chatbot: ARN validation in fromSlackChannelConfigurationArn fails for tokenized values (#15849) (440ca35), closes #15842
cli: move fail option into the diff command (#15829) (473c1d8)
ec2: volumename doesn't set name of volume (#15832) (b842702), closes #15831
elbv2: unresolved listener priority throws error (#15804) (fce9ac7)
pipelines: Prepare stage doesn't have AUTO_EXPAND capability (#15819) (a6fac49), closes #15711
s3: notifications are broken in some regions (#15884) (ee19196)
stepfunctions-tasks: Stage field not included in CallApiGatewayHttpApiEndpoint task definition (#15755) (4f38fe1), closes #14242

Miscellaneous Chores

assertions: migrate more modules to use assertions (#15857) (45b484c)
assertions: rename TemplateAssertions to Template (#15823) (823dfda)

1.116.0 (2021-07-28)

Features

assertions: retrieve matching resources from the template (#15642) (a8b1c47)
aws-kinesisfirehose: DeliveryStream API and basic S3 destination (#15544) (1b5d525), closes #10810 #15499
cfnspec: cloudformation spec v39.7.0 (#15719) (2c4ef01)
cfnspec: cloudformation spec v39.7.0 (#15796) (dbe4641)
codebuild: add support for setting a BuildEnvironment Certificate (#15738) (76fb481), closes #15701
core: lazy mappings will only synthesize if keys are unresolved (#15617) (32ed229)
pipelines: CDK Pipelines is now Generally Available (#15667) (2e4cfae)
servicecatalog: add ability to set launch Role and deploy with StackSets (#15678) (c92548b)
stepfunctions: allow intrinsic functions for json path (#15320) (d9285cb)

Bug Fixes

aws-cloudwatch: unable to use generic extended statistics for cloudwatch alarms (#15720) (f593311)
elasticsearch: advancedOptions in domain has no effect (#15330) (81cbfec), closes #14067
elasticsearch: slow logs incorrectly disabled for Elasticsearch versions lower than 5.1 (#15714) (91cf79b), closes #15532 #15532
pipelines: Secrets Manager permissions not added to asset projects (#15718) (7668400), closes #15628
stepfunctions: non-object arguments to recurseObject are incorrectly treated as objects (#14631) (e133bca), closes #12935 aws-cdk/aws-stepfunctions/lib/input.ts#L65
stepfunctions-tasks: instance type cannot be provided to SageMakerCreateTransformJob as input path (#15726) (6f2384d)

1.115.0 (2021-07-21)

Features

apigatewayv2: websocket - callback url (#15227) (349de7c), closes #14836
apigatewayv2-integrations: http private integrations - tls config (#15469) (6453769), closes #14036
appsync: optional operation parameter for lambdaRequest mapping template (#15283) (efd2e68), closes #15274 #14079
aws-efs: grant support on FileSystem (#14999) (09591c6), closes #14998
cli: add ability to specify an external id for the deploy-role (#15604) (2647cf3)
lambda-nodejs: source map mode (#15621) (b934976), closes #14857
pipelines: confirm IAM changes before starting the deployment (#15441) (ebba618), closes #12748
rds: allow setting copyTagsToSnapshot on Clusters (#15553) (f7c6289), closes #15521
servicecatalog: Add stack event notification constraint (#15610) (4e40db3)
servicecatalog: Add TagOptions for portfolio (#15612) (e7760ee)

Bug Fixes

appsync: update timestamp for apikey test (#15624) (9c4e51c), closes #15623
cfnspec: make EndpointConfiguration of AWS::Serverless::Api a union type (#15526) (dd38eff)
cli: cdk deploy is listing deprecated ids (#15603) (22f2499)
iam: PrincipalWithConditions.addCondition does not work (#15414) (fdce08c)
pipelines: CodeBuildStep.partialBuildSpec not used, buildspec control for legacy API (#15625) (d8dc818), closes #15169
pipelines: new pipeline stages aren't validated (#15665) (309b9b4)
pipelines: permissions check in legacy API does not work (#15660) (5e3cf2b)
pipelines: unresolved source names aren't handled properly (#15600) (4b7116d), closes #15592

1.114.0 (2021-07-15)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

appmesh: prefixPath property in HttpGatewayRouteMatch has been renamed to path, and its type changed from string to HttpGatewayRoutePathMatch
servicecatalog: AcceptLanguage enum has been renamed to MessageLanguage, and fields that accepted this enum have been updated to reflect this change.
servicecatalog: property acceptLanguage in PortfolioShareOptions has been renamed to messageLanguage.
servicecatalog: property acceptLanguage in PortfolioProps has been renamed to messageLanguage.
servicecatalog: property acceptLanguage in CloudFormationProductProps has been renamed messageLanguage.
appmesh: prefixPath property in HttpRouteMatch has been renamed to path, and its type changed from string to HttpRoutePathMatch

Features

appmesh: add Route matching on path, query parameters, metadata, and method name (#15470) (eeeec5d)
appmesh: add support for Gateway Route request matching and path rewriting (#15527) (1589ff8), closes #15305
appmesh: the App Mesh Construct Library is now Generally Available (stable) (#15560) (718d143), closes #9489
aws-ecs: New CDK constructs for ECS Anywhere task and service definitions (#14931) (3592b26)
bootstrap: widen lookup role permissions for future extension (#15423) (cafdd3c)
cfnspec: cloudformation spec v39.5.0 (#15536) (c98e40e)
pipelines: revised version of the API (#12326) (165ee3a), closes #10872
servicecatalog: Add portfolio-product association and tag update constraint (#15452) (b06f7bf)

Bug Fixes

ecr-assets: There is already a Construct with name 'Staging' when using tarball image (#15540) (594d7c6)

1.113.0 (2021-07-12)

Features

assets: docker images from tar file (#15438) (76f06fc), closes #15419
codepipeline-actions: support combining batch build artifacts in CodeBuildAction (#15457) (0952f1f), closes #15455
events: cross-region event rules (#14731) (c62afe9)

Bug Fixes

aws-ecs: token is added to Options instead of SecretOptions in SplunkLogDriver (#15408) (23abe22)

1.112.0 (2021-07-09)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

appmesh: the class HttpHeaderMatch has been renamed to HeaderMatch
appmesh: the class HttpRouteMatchMethod has been renamed to HttpRouteMethod
appmesh: ServiceDiscovery.cloudMap() method has been changed to accept positional arguments

Features

acm: DaysToExpiry metric (#15424) (ff044ed)
appmesh: add support for shared Meshes (#15353) (6a68873)
appmesh: allow setting the DnsResponseType in DNS ServiceDiscovery (#15388) (647acfa)
appmesh: rename the class HttpHeaderMatch to HeaderMatch (#15468) (d88b45e)
appmesh: rename the class HttpRouteMatchMethod to HttpRouteMethod (#15466) (fc01d22)
autoscaling: ScalingEvents.TERMINATION_EVENTS (#15302) (af7ad2c)
aws-elasticloadbalancingv2: Allow listing added listeners on application load balancers (#15259) (a80ad42), closes #11841
cfnspec: cloudformation spec v39.3.0 (#15446) (71c0a4c)
cloudwatch: allow arbitrary statistics in Metric and Alarm (#15387) (86a44f9)
core: add docker security option to asset bundling (#15204) (cbee18a), closes #14681
ec2: add rds-data vpc endpoint (#15240) (e61a5b8)
events: DLQ and retry policy support for BatchJob target (#15308) (5ecf257), closes #15238
pipelines: Docker registry credentials (#15364) (e289822), closes #10999 #11774

Bug Fixes

autoscaling: scaling intervals are incorrect if the bottom one does not start at 0 (#15345) (bf6f7ef), closes #10141
build: explicit non-private package not respected in packaging (#15435) (31e6b1a), closes #15203
cfnspec: .npmignore generated by cfnspec does not pass pkglint (#15409) (c432d48), closes #15064
cli: prevent 'Failed resources:' message when no failures and report all progress steps (#15207) (f3c1b6d)
codebuild: merge spec correctly when using strings (#15429) (3a65b9c)
events: Archive event pattern fields are not translated correctly (#15376) (afa5de1), closes #14905
iam: remove incorrect normalization of principal (#15248) (850cba0), closes #14274 #14274
iam: set principalAccount in AccountPrincipal and PrincipalWithConditions (#15430) (b95ee44)
lambda-nodejs: pnpm exec args separator order (#15410) (1d19b3b), closes #15164
pipelines: singlePublisherPerType overwrites assets buildspec file of other pipelines (#15356) (48dd771)
pipelines: unable to add assets stage to existing VPC pipeline (#15401) (b010239), closes #14343

Reverts

migration: add constructs migration to rewrite script (#15461) (adee46c), reverts #14916

1.111.0 (2021-07-01)

Features

assertions: 'arrayWith' and 'objectLike' matchers (#15195) (20e2b79)
cdk-assets: externally-configured Docker credentials (#15290) (e530195), closes #10999 #11774
cfnspec: cloudformation spec v39.3.0 (#15311) (94eb3a8)
cfnspec: cloudformation spec v39.3.0 (#15362) (5d0954a)
cli: add option --security-only to diff (#15374) (6b639be)
cloudwatch: revert trimmed mean stat in graph widgets (#15368) (d630d7f)
cloudwatch: trimmed mean stat in graph widgets (#15316) (60f6d82)
codebuild: improve merging of BuildSpecs (#15332) (e68087d), closes #15169
ecs: Adding support for secretOptions in Firelens log driver (#15351) (c3096ea), closes #8174
secretsmanager: Allow cross account grant (#14834) (ea40cfe)
servicecatalog: initial implementation of the Product construct (#15185) (fe3e0f2)
servicecatalogappregistry: allow Applications to associate with AttributeGroups and Stacks (#15371) (06619fe)
sns: add sns service trust to keys for encrypted queue subscriptions (#14960) (ccc2e30), closes #2504
sqs: add support for high throughput fifo (#15202) (d0c9602), closes #15063
stepfunctions-tasks: add EventBridgePutEvents task integration (#15165) (1799f4c), closes #15033

Bug Fixes

aws-elasticloadbalancingv2: cannot clear access logging bucket prefix (#15149) (2e93fb9), closes #14044
cloudfront: cannot set header including 'authorization' in OriginRequestPolicy (#15327) (3a2f642), closes #15286
codepipeline-actions: reduce S3SourceAction role permissions to just the key (#15304) (d2c76aa), closes #15112
core: unresolved tokens in generated nested stack outputs (#15380) (62e552c), closes #15155
eks: kubectl version 1.21.0 breaks object pruning (#15314) (74da5c1), closes #15072
pipelines: artifact bucket permissions missing for in-account deployments (#15348) (2a5e288), closes #15307
stepfunctions-tasks: EcsRunTask containerOverrides throws if container name doesn't match construct ID (#15190) (5f59787), closes #15171

1.110.1 (2021-06-28)

Bug Fixes

eks: kubectl version 1.21.0 breaks object pruning (#15314) (623689d), closes #15072

1.110.0 (2021-06-24)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

appmesh: static methods from TlsValidationTrust have been changed to accept positional arguments
appmesh: static methods from TlsCertificate have been changed to accept positional arguments
appmesh: the type TlsListener has been renamed to ListenerTlsOptions

Features

appmesh: allow configuring mutual TLS (#15101) (e47a01f), closes /github.com/aws/aws-cdk/pull/14782#discussion_r636334863 #12733
assertions: an initial version of the CDK 'assert' library, now experimentally available in all supported languages (#15173) (367fe7e)
cli: read outputs-file parameter from cdk.json (#15095) (9e933ca), closes #14307
cloudwatch: use string instead of any for cloudwatch dimension values (#15097) (dc3cf13), closes #14978
codepipeline: allow granting manual approval permissions (#15102) (b2037d3)
dynamodb: allow using Kinesis stream in Table (#15199) (7bc6c6e), closes #14534
eks: taints for managed node groups (#14792) (0556e6b)
events: allows importing event bus from name (#15087) (e39b6c5), closes #14072
msk: IAM access control for clusters (#14647) (1fe680c)
msk: use L2 ACM PCA in cluster authentication props (#15110) (aa86a24)
pipelines: add pre-install commands to asset action (#15067) (f238779)
s3: notifications to existing buckets (#15158) (7d218c2), closes #2004
secretsmanager: automatically grant permissions to rotation Lambda (#14882) (ad283b6)
servicecatalogappregistry: initial L2 construct for Application (#15140) (881737c)
servicecatalogappregistry: Initial L2 construct for Attribute Group (#15282) (4330fe8)
synthetics: support canary environment variables (#15082) (df9f13f), closes #10515 #9300

Bug Fixes

amplify: deployment does not remove basic auth (#15243) (e5c0d59), closes #15028
bootstrap: deploy-role could directly access buckets in target account (#15192) (d04e288), closes #12985 #14082 #13422
cdk-assets: content type not correctly set when publishing files (#15069) (9b1a4f9)
core: 1 hour renders as 60 minutes (#15125) (adcd8c3)
core: parsing an ARN with a slash after a colon in the resource part fails (#15166) (16b8a4e), closes /github.com/aws/aws-cdk/pull/15140/files#r653112073
elasticsearch: Domain.fromDomainAttributes gives "Invalid URL" when endpoint is a token (#15219) (ecb5af8), closes #15188
lambda-nodejs: unstable asset hashes with bundling.nodeModules (#15229) (4b5418c), closes #15023
servicecatalog: Portfolio fails validation when passed Tokens as its properties (#15208) (ce727c1)
stepfunctions-tasks: checking for task token in EcsRunTask containerOverrides causes memory explosion (#15187) (af53798), closes #15124
stepfunctions-tasks: instance type for SageMakerCreateTrainingJob cannot be specified dynamically through JSONPath (#15215) (9280d95), closes #11928

1.109.0 (2021-06-16)

Features

apigateway: disable execute api endpoint (#14526) (b3a7d5b)
aws-backup: Add arn attribute and grant method to backup vault (#14997) (04c0a07), closes #14996
cfnspec: cloudformation spec v38.0.0 (#15044) (632d518)
cfnspec: cloudformation spec v39.1.0 (#15144) (abc457e)
cloudfront: add fromFile for CF functions (#14980) (31c9338), closes #14967
codestarnotifications: new L2 constructs (#10833) (645ebe1), closes #9680
core: allow user to provide docker --security-opt when bundling (#14682) (a418ea6)
core: Support platform flag during asset build (#14908) (0189a9a)
dynamodb: exposes schema method to return partition and sort key of table or secondary indexes (#15111) (1137eb7), closes #7680
ecs-patterns: Add ability to configure VisibilityTimeout on QueueProcessing service pattern (#15052) (350d783)
ecs-patterns: allow specifying security groups on ScheduledTask pattern (#15096) (6bdf1c0), closes #5213 #14220
ecs-patterns: expose task target on ScheduledTask pattern (#15127) (c31c59a), closes #14971 #14953 #12609
lambda-event-sources: streams - report batch item failures (#14458) (3d4a13e), closes #12654
logs: make the addition of permissions to Lambda functions optional (#14222) (0c50ec9), closes #14198
migration: add constructs migration to rewrite script (#14916) (37a4c8d)
pipelines: add test commands to standard synth actions (#14979) (0bc8a8a)
servicecatalog: initial implementation of the Portfolio construct (#15099) (203cc45)

Bug Fixes

aws-iam: prevent adding duplicate resources and actions (#14712) (a8298cb), closes #13611
cfn-include: NestedStack's Parameters are not converted to strings (#15098) (8ad33b8), closes #15092
cli: cdk synth too eager with validation in Pipelines (#15147) (ae98e88), closes #14613 #15130
cli: cdk synth doesn't output yaml for stacks with dependency stacks (#14805) (44feee6), closes #3721
cli: deployment error traceback overwritten by progress bar (#14812) (d4a0af1), closes #14780
cli: HTTP timeout is too low for some asset uploads (#13575) (23c58d6), closes #13183
cli: option --all selects stacks in nested assemblies (#15046) (0d00e50)
cli: partition is not being resolved at missing value lookup (#15146) (cc7191e), closes #15119
cli: stack glob patterns only select one stack (#15071) (fcd2a6e)
codebuild: Project's Role has permissions to the entire Bucket when using S3 as the source (#15112) (9d01b4f)
codebuild: Secret env variable as token from another account fails on Key decryption (#14483) (91e80d7), closes #14477
core: CloudFormation dynamic references can't be assigned to num… (#14913) (39aacc8), closes #14824
ecs: TagParameterContainerImage cannot be used across accounts (#15073) (486f2e5), closes #15070
kinesisanalytics-flink: set applicationName with L2 Application (#15060) (1de85f2), closes #15058
lambda: deployment failure when layers are added to container functions (#15037) (8127cf2), closes #14143
lambda-event-sources: kafka event source expects credentials even when accessed via vpc (#14804) (5eb1e75)
pipelines: assets buildspec can exceed 25k size limit (#14974) (f7f367f)
pipelines: PublishAssetsAction uses hard-coded role names (#15118) (bad9713)
pipelines: self-update role assumes hard-coded role names (#14969) (cbd7552), closes #14877 #9271
secretsmanager: support secrets rotation in partition 'aws-cn' (#14608) (5061a8d), closes #13385

1.108.1 (2021-06-11)

Features

cfnspec: cloudformation spec v39.1.0 (af74354)

1.108.0 (2021-06-09)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

cfnspec: imageScanningConfiguration property of ecr.CfnRepository now accepts scanOnPush instead of ScanOnPush (notice the casing change).
bootstrap: users of the modern bootstrap stack (notably: CDK Pipelines users) will need to re-run cdk bootstrap to update to bootstrap stack version '6'.

Features

cfnspec: cloudformation spec v37.1.0 (#14951) (aee0f58)
Parameterize bootstrap stack version (#14626) (a37108c)
cli: new bootstrap supports cross-account lookups (#14874) (f66f4b8), closes #8905
cognito: user pool - customize mfa message (#14241) (a12db62)
custom-resources: support custom lambda role in provider framework (#12131) (bc01207), closes #12126
ec2: Implement UserData methods in MultipartUserData (#14347) (d1b6ce4)
ecs: Adding support for ECS Exec (#14670) (b35328c)
ecs-patterns: Add Load Balancer name to ApplicationLoadBalancedFargateService props (#14831) (c432fb4)
ecs-patterns: Add support for Docker labels to ECS Patterns (#14783) (00c11b5)
elb: set accessLoggingPolicy property with L2 LoadBalancer (#14983) (252dfa2), closes #14972
events: support embedded string variables (#13487) (a5d27aa), closes #9191 #9191
kms: introduce fromCfnKey() method (#14859) (1ff5b9e), closes #9719 #14795 #14809
route-53: add ability to create DS Records (#14726) (f0c9726)
route53-targets: route53 record target (#14820) (b22da80), closes #14800
s3: support ExpiredObjectDeleteMarker (#14970) (f932e0f), closes #14752

Bug Fixes

apigatewayv2: http api - default route does not use the default authorizer (#14904) (25412a6)
cli: cross account docker image assets upload no longer works (#14816) (14fbb11), closes #14815
cli: image publishing role doesn't have docker pull permissions (#14662) (beaffa9), closes #14656
core: property overrides fail for references (#15018) (ebac8bc)
docs: fixed typos in documentation (#14760) (ced9b38)
ec2: add missing entry for XLARGE3 (#14750) (af6d49f)
ecs: Can't enable both Fargate and ASG capacity providers on ECS Cluster (#15012) (6b2d0e0), closes #14730
events: AwsApi warns if service does not exist (#13352) (3bad98f), closes #13090
lambda-nodejs: pnpm exec command (#14954) (df16d40), closes #14757 #14772
s3: autoDeleteObjects had redundant GetObject* permissions (#14573) (f9be15d), closes #14572
stepfunctions: repeated object references not allowed even if not a circular reference (#14628) (486990f), closes #14596

1.107.0 (2021-06-02)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

appmesh: the creation property clientPolicy in VirtualNode has been renamed to tlsClientPolicy, and its type changed to TlsClientPolicy
appmesh: to create TlsClientPolicy, validation property must be defined.
appmesh: the creation property tlsCertificate in VirtualNode has been renamed to tls, and its type changed to TlsListener
appmesh: the tlsMode property has been removed from the options when creating a TlsCertificate, moved to the new TlsListener interface, and renamed mode

Features

cfnspec: cloudformation spec v37.0.0 (#14873) (8bb4357)
cloudfront: add L2 support for CloudFront functions (#14511) (40d2ff9)
eks: support Kubernetes 1.20 (#14758) (1956ef6), closes #14756
pipelines: allow switching to one CodeBuild action for same-typed assets (#13803) (ed72ad3)

Bug Fixes

appmesh: introduce the TlsClientPolicy and TlsValidation concepts (#14782) (8263c78), closes #12733
appmesh: TLS mode is set on the Certificate class (#14856) (061fd55)
elasticsearch: 'r6gd' not marked as supported type for instance storage (#14894) (d07a49f), closes #14773
lambda-nodejs: cannot bundle locally when consuming a node module with a NodejsFunction (#14914) (52da59c), closes #14739
rds: Add exception throw when az is defined for multi-az db instance (#14837) (fd8445f), closes #10949

1.106.1 (2021-05-26)

Bug Fixes

secretsmanager: revert "Automatically grant permissions to rotation Lambda (#14471)", fixes #14868

1.106.0 (2021-05-25)

Features

ecs-service-extensions: allow taskRole to be passed in on creation of an ECS service (3e257a0)
appmesh: add IAM grants for StreamAggregatedResources (#13596) (f4a2938), closes #11639
cfnspec: cloudformation spec v36.0.0 (#14791) (3a9f56d)
dynamodb: add ability to enable contributor insights on Table (#14742) (3c7a89d)
lambda: support Principal conditions in Permission (#14674) (b78a1bb), closes #8116
lambda-nodejs: pnpm support (#14772) (b02311c), closes #14757

Bug Fixes

cognito: user pool - phoneNumberVerified attribute fails deployment (#14699) (cd2589f), closes #14175
iam: permissions boundaries not added to custom resource roles (#14754) (f36feb5), closes #13310
lambda: changing reserved concurrency fails lambda version deployment (#14586) (f47d5cb), closes #11537
lambda-nodejs: esbuild detection with Yarn 2 in PnP mode (#14739) (5c84696)
pipelines: self-update build fails with named pipeline stack (#14729) (eff9c75), closes #10782

1.105.0 (2021-05-19)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

lambda-nodejs: using banner and footer now requires esbuild >= 0.9.0

Features

apigatewayv2: http api - lambda authorizer (#13181) (4da78f6), closes #10534
custom-resources: restrict output of AwsCustomResource to list of paths (#14041) (773ca8c), closes #2825
stepfunctions: Add support for ResultSelector (#14648) (50d486a), closes #9904

Bug Fixes

cli: Updated typo user to uses (#14357) (7fe329c)
core: cannot determine packaging when bundling that produces an archive is skipped (#14372) (163e812), closes #14369
ecr: add validations for ECR repository names (#12613) (396dca9), closes #9877
lambda: unable to access SingletonFunction vpc connections (#14533) (49d18ab), closes #6261
lambda-nodejs: banner and footer values not escaped (#14743) (81aa612), closes #13576
pipelines: self-mutating builds cannot be run in privileged mode (#14655) (73b9b4a), closes #11425
pipelines: stackOutput generates names too long to be used in useOutputs (#14680) (d81e06d), closes #13552
pipelines: synth fails if 'aws-cdk' is not in package.json (#14745) (0b8ee97), closes #14658

1.104.0 (2021-05-14)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

apigatewayv2: setting the authorizer of an API route to HttpNoneAuthorizer will now remove any existing authorizer on the route

Features

appsync: elasticsearch data source for graphql api (#14651) (2337b5d), closes #6063
cfnspec: cloudformation spec v35.2.0 (#14610) (799ce1a)
cloudwatch: GraphWidget supports period and statistic (#14679) (b240f6e)
cloudwatch: time range support for GraphWidget (#14659) (010a6b1), closes #4649
ecs: add support for EC2 Capacity Providers (#14386) (114f7cc)
secretsmanager: Automatically grant permissions to rotation Lambda (#14471) (85e00fa)

Bug Fixes

apigatewayv2: authorizer is not removed when HttpNoneAuthorizer is used (#14424) (3698a91)
ecs: Classes FargateService and Ec2Service have no defaultChild (#14691) (348e11e), closes #14665
events-targets: circular dependency when adding a KMS-encrypted SQS queue (#14638) (3063818), closes #11158
lambda: custom resource fails to connect to efs filesystem (#14431) (10a633c)
lambda-event-sources: incorrect documented defaults for stream types (#14562) (0ea24e9), closes #13908
lambda-nodejs: handler filename missing from error message (#14564) (256fd4c)

1.103.0 (2021-05-10)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

appmesh: HealthChecks require use of static factory methods
apigatewayv2: The metricXXX methods are no longer available in the IApi interface. The existing ones are moved into IHttpApi and new ones will be added to IWebsocketApi.
apigatewayv2: The metricXXX methods are no longer available in the IStage interface. The existing ones are moved into IHttpStage and new ones will be added to the IWebsocketStage.
lambda-nodejs: the default runtime version for NodejsFunction is now always NODEJS_14_X (previously the version was derived from the local NodeJS runtime and could be either 12.x or 14.x).

Features

appmesh: change HealthChecks to use protocol-specific union-like classes (#14432) (063ddc7)
aws-ecs: Expose logdriver "mode" property (#13965) (28fce22), closes #13845
cloudwatch: validate parameters for a metric dimensions (closes #3116) (#14365) (4a24d61)
docdb: Support multiple security groups to DatabaseCluster (#13290) (1a97b66)
elbv2: preserveClientIp for NetworkTargetGroup (#14589) (d676ffc)
kinesis: Basic stream level metrics (#12556) (5f1b576), closes #12555
kms: allow specifying key spec and key usage (#14478) (10ae1a9), closes #5639
lambda-go: higher level construct for golang lambdas (#11842) (0948cc7)
msk: Cluster L2 Construct (#9908) (ce119ba)

Bug Fixes

apigatewayv2: incorrect metric names for client and server-side errors (#14541) (551182e), closes #14503
assert matches more than the template on multiple CDK copies (#14544) (f8abdbf), closes #14468
apigatewayv2-integrations: fix broken lambda websocket integration uri (#13820) (f0d5c25), closes #13679
cfn-include: correctly parse Fn::Sub expressions containing serialized JSON (#14512) (fd6d6d0), closes #14095
cli: 'cdk deploy *' should not deploy stacks in nested assemblies (#14542) (93a3549)
cli: synth fails if there was an error when synthesizing the stack (#14613) (71c61e8)
lambda-nodejs: non-deterministic runtime version (#14538) (527f662), closes #13893
ssm: dynamic SSM parameter reference breaks with lists (#14527) (3d1baac), closes #14205 #14476

1.102.0 (2021-05-04)

Features

cfnspec: cloudformation spec v35.0.0 (#14411) (49e49e7)
cfnspec: cloudformation spec v35.1.0 (#14518) (bcdff3d)
cli: directly deploy stacks in nested assemblies (#14379) (5a6fa7f)
elasticsearch: Support version 7.10 (#14320) (f3a830c)
rds: allow turning on IAM authentication for Clusters (#13958) (0e59708), closes #13722
synthetics: update CloudWatch Synthetics NodeJS runtime (#14157) (3283225)

Bug Fixes

aws-cloudwatch: fix for space in alarm name in alarms for compos… (#13963) (7cdd541)
cli: 'cdk synth' not able to fail if stacks have errors (#14475) (963d1c7)
CodeBuild: add resource only once per secret (#14510) (affaaad)
neptune: use correct L1 of DBParameterGroup (#14447) (057f61f), closes #14446
rds: instance identifiers and endpoints of a Cluster are blank (#14394) (9597d97), closes #14377
s3: urlForObject does not consider explicit bucket region (#14315) (e11d537)

1.101.0 (2021-04-28)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

neptune: InstanceType changed from enum to enum-like static factory.

Features

autoscaling: add getter/setter for instance termination protection (#14308) (d3bdcfd), closes #14283
aws-autoscaling: add support for NewInstancesProtectedFromScaleIn (#14283) (da9828b)
custom-resources: AwsSdkCall can assume Role for cross-account custom resources (#13916) (a0690b9)
ec2: create NAT Gateways with fixed IPs (#14250) (24c992a), closes #11884 #4067
events: API Gateway target (#13823) (ce789bf), closes #12708
iam: add imported user to a group (#13698) (bf513bc)
neptune: change InstanceType to class that is built from string (#14273) (fc618f9), closes #13923
route53: add support for parentHostedZoneName for CrossAccountZoneDelegationRecord (#14097) (572ee40)

Bug Fixes

aws-ecs-patterns, aws-elasticloadbalancingv2: Pass TargetGroup ProtocolVersion as parameters to higher level constructs (#14092) (a655819), closes #14091
codebuild: Secret env variable from another account fails on Key decryption (#14226) (8214338), closes #14043
codepipeline-actions: CodeCommit source action fails when it's cross-account (#14260) (1508e60), closes #12391 #14156
ec2: r5ad instance-type has incorrect value (#14179) (c80e1cf)
iam: unable to configure name of SAML Provider (#14296) (904202a), closes #14294
pipelines: Use LinuxBuildImage.STANDARD_5_0 for Assets and UpdatePipeline stages (#14338) (f93d940)

1.100.0 (2021-04-20)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

appmesh: HTTP2 VirtualNodeListeners must be now created with Http2VirtualNodeListenerOptions
appmesh: HTTP2 VirtualGatewayListeners must be now created with Http2VirtualGatewayListenerOptions
codepipeline-actions: the Action ServiceCatalogDeployAction has been renamed to ServiceCatalogDeployActionBeta1
codepipeline-actions: the type ServiceCatalogDeployActionProps has been renamed to ServiceCatalogDeployActionBeta1Props
events-targets: The BatchJob integration now requires the arn and the Resource for the jobQueue and the jobDefinition
lambda-event-sources: cluster was removed from ManagedKafkaEventSourceProps and replaced with clusterArn
route53-targets: ApiGatewayv2Domain was replaced with ApiGatewayv2DomainProperties which accepts regionalDomainName and regionalHostedZoneId
stepfunctions-tasks: CallApiGatewayHttpApiEndpoint API now requires the apiId and it's containing Stack
stepfunctions-tasks: BatchSubmitJob now accept jobDefinitionArn, jobQueueArn and their respective Resource
stepfunctions-tasks: RunBatchJob now accept jobDefinitionArn, jobQueueArn and their respective Resource

Features

apigateway: integration timeout (#14154) (d02770e), closes #14123
appmesh: add Connection Pools for VirtualNode and VirtualGateway (#13917) (8a949dc), closes #11647
certificatemanager: allow tagging DnsValidatedCertificate (#13990) (8360feb), closes #12382 #12382
codebuild: allow setting concurrent build limit (#14185) (3107d03)
codepipeline: introduce the Action abstract class (#14009) (4b6a6cc)
ecs: add support for elastic inference accelerators in ECS task defintions (#13950) (23986d7), closes #12460
eks: Pass bootstrap.sh args to avoid DescribeCluster call and make nodes join the cluster faster (#12659) (f5616cc)
secretsmanager: replicate secrets to multiple regions (#14266) (b3c288d), closes #14061

Bug Fixes

codepipeline: incorrect determination of the Action's account when using an imported resource (#14224) (d88e915), closes #14165
core: toJsonString() does not deal correctly with list tokens (#14138) (1a6d39f), closes #14088
pipelines: incorrect BuildSpec in synth step if synthesized with --output (#14211) (0f5c74f), closes #13303
rds: database instances cannot be to be referenced in a different region (#13865) (74c7fff), closes #13832

1.99.0 (2021-04-13)

Features

elasticloadbalancing: rename 'sslCertificateId' property of LB listener to 'sslCertificateArn'; deprecate sslCertificateId property (#13766) (1a30272), closes #9303 #9303

Bug Fixes

aws-cloudfront: distribution comment length not validated (#14020) (#14094) (54fddc6)
aws-ecs-patterns: fixes #11123 allow for https listeners to use non Route 53 DNS if a certificate is provided (#14004) (e6c85e4)
cfn-include: allow deploy-time values in Parameter substitutions in Fn::Sub expressions (#14068) (111d26a), closes #14047
fsx: Weekday.SUNDAY incorrectly evaluates to 0 (should be 7) (#14081) (708f23e), closes #14080

1.98.0 (2021-04-12)

Features

codepipeline-actions: introduce the CodeStarConnectionsSourceAction (#13781) (8782e67), closes #10632
efs: graduate to stable 🚀 (#14033) (3c03d87)
elasticloadbalancingv2: add grpc code matcher for alb (#13948) (a37f178), closes #13570 #13947
region-info: graduate to stable 🚀 (#14013) (0d2755b)
route-53: add ability to create NS Records (#13895) (02c7c1d), closes #13816

Bug Fixes

apigateway: cannot remove first api key from usage plan (#13817) (036d869), closes #11876
cloudfront: cannot use same EdgeFunction in multiple stacks (#13790) (8e2325c)
lambda-nodejs: esbuild define parameters are incorrectly encoded (#14065) (5378a77), closes #13842
rds: deploy fails with "SubnetGroup not found" (#13986) (ad326da), closes #13976
route53: cannot set TTL to 0 (#14060) (ecc9bf3), closes #14039
s3: SSL enforcement doesn't apply on top level bucket requests (#13961) (d0e831a), closes #13760
stepfunctions: state machine name validation fails when tokens are used. (#13970) (58de0de), closes #13946 #13912

1.97.0 (2021-04-06)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

elasticsearch: vpcOptions was removed. Use vpc, vpcSubnets and securityGroups instead.

Features

appmesh: Implement Outlier Detection for Virtual Nodes (#13952) (965f130)
cx-api: graduate to stable 🚀 (#13859) (d99e13d)
eks: Support secretsEncryptionKey in FargateCluster (#13866) (56c6f98)
eks: Support bootstrap.sh --dns-cluster-ip arg (#13890) (56cd863)
elasticsearch: graduate to stable 🚀 (#13900) (767cd31)
s3-deployment: graduate to stable 🚀 (#13906) (567d64d)
ses: graduate to stable 🚀 (#13913) (4f9a715)
ses-actions: graduate to stable 🚀 (#13864) (24f8307)

Bug Fixes

aws-rds: ServerlessCluster.clusterArn is not correct when clusterIdentifier includes upper cases string. (#13710) (a8f5b6c), closes #12795
cli: broken java init template (#13988) (c6ca2ab), closes #13964
cloudfront: Cache Policy headers enforce soft limit of 10 (#13904) (8a66244), closes #13425 #13903
codepipeline-actions: EcrSourceAction triggers on a push to every tag (#13822) (c5a2add), closes #13818

1.96.0 (2021-04-01)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

globalaccelerator: automatic naming algorithm has been changed: if you have existing Accelerators you will need to pass an explicit name to prevent them from being replaced. All endpoints are now added by calling addEndpoint() with a target-specific class that can be found in @aws-cdk/aws-globalaccelerator-endpoints. The generated Security Group is now looked up by calling endpointGroup.connectionsPeer().
docdb: DatabaseClusterProps.instanceProps was hoisted and all its properties are now available one level up directly in DatabaseClusterProps.
docdb: DatabaseInstanceProps.instanceClass renamed to DatabaseInstanceProps.instanceType.
core: The type of the image property in BundlingOptions is changed from BundlingDockerImage to DockerImage.
core: The return type of the DockerImage.fromBuild() API is changed from BundlingDockerImage to DockerImage.

Features

autoscaling-common: graduate to stable 🚀 (#13862) (2d623d0)
chatbot: graduate to stable 🚀 (#13863) (2384cdd)
cli: app init template for golang (#13840) (41fd42b), closes aws/jsii#2678
cloudformation-diff: graduate to stable 🚀 (#13857) (294f546)
docdb: graduate to stable 🚀 (#13875) (169c2fc)
ec2: allow disabling inline security group rules (#13613) (793230c)
elasticloadbalancingv2: graduate to stable 🚀 (#13861) (08fa5ed)
fsx: graduate to stable 🚀 (#13860) (b2322aa)
globalaccelerator: graduate to stable 🚀 (#13843) (8571008)
lambda: switch bundling images from DockerHub to ECR public gallery (#13473) (e2e008b), closes #11296
lambda-event-sources: support for batching window to sqs event source (#13406) (6743e3b), closes #11722 #11724 #13770
lambda-event-sources: tumbling window (#13412) (e9f2773), closes #13411
lambda-nodejs: graduate to stable 🚀 (#13844) (37a5502)

Bug Fixes

aws-ecs: broken splunk-logging tag-option in fargate platform version 1.4 (#13882) (e9d9299), closes #13881
cloudfront: auto-generated cache policy name might conflict cross-region (#13737) (4f067cb), closes #13629
cloudfront: Origin Request Policy headers enforce soft limit of 10 (#13907) (9b0a6cf), closes #13410 #13903
codebuild: allow passing the ARN of the Secret in environment variables (#13706) (6f6e079), closes #12703
codebuild: take the account & region of an imported Project from its ARN (#13708) (fb65123), closes #13694
codedeploy: script installing CodeDeploy agent fails (#13758) (25e8d04), closes #13755
cognito: imported userpool not retaining environment from arn (#13715) (aa9fd9c), closes #13691
core: BundlingDockerImage.fromAsset() does not return a BundlingDockerImage (#13846) (7176a5d)
dynamodb: table with replicas fails to deploy with "Unresolved resource dependencies" error (#13889) (5c99d0d)
iam: Role import doesn't fail when forgetting the region in the ARN (#13821) (560a853), closes #13812
rds: fail with a descriptive error if Cluster's instance count is a deploy-time value (#13765) (dd22e8f), closes #13558
yaml-cfn: do not deserialize year-month-date as strings (#13745) (ffea818), closes #13709

1.95.2 (2021-04-01)

Upgrade a downstream dependency(pac-resolver) of the aws-cdk (the CDK CLI), to mitigate CVE-2021-28918 (13914) (794c951)

1.95.1 (2021-03-25)

Bug Fixes

codebuild: module fails to load with error "Cannot use import statement outside a module" (b1ffd33), closes #13699 #13699

1.95.0 (2021-03-25)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

lambda-nodejs: The type of image property in the Bundling class is changed from BundlingDockerImage to DockerImage.
lambda-nodejs: The type of dockerImage property in BundlingOptions is changed from BundlingDockerImage to DockerImage.
apigatewayv2: The type of allowMethods property under corsPreflight section is changed from HttpMethod to CorsHttpMethod.
lambda-nodejs: the default runtime of a NodejsFunction is now Node.js 14.x if the environment from which it is deployed uses Node.js >= 14 and Node.js 12.x otherwise.

Features

acmpca: make the ACM PCA module Generally Available (stable) (#13778) (7ca79ff)
apigatewayv2: http api - default authorizer options (#13172) (53d9661)
cfnspec: cloudformation spec v31.0.0 (#13633) (9b1c786)
cfnspec: cloudformation spec v31.1.0 (#13763) (41a2b2e)
codepipeline-actions: Add detectChanges option to BitBucketSourceAction (#13656) (f2436bf)
ec2: client vpn endpoint (#12234) (4fde59a), closes #4206
events: retry-policy support (#13660) (7966f8d), closes #13659
init-templates: app template comes with hint comments for 'env' (#13696) (b940710), closes #12321
lambda-event-sources: msk and self-managed kafka event sources (#12507) (73209e1), closes #12099
rds: make rds secret name configurable (#13626) (62a91b7), closes #8984
sns: enable passing PolicyDocument to TopicPolicy (#10559) (0d9c300), closes #7934

Bug Fixes

apigatewayv2: error while configuring ANY as an allowed method in CORS (#13313) (34bb338), closes #13280 #13643
aws-ecs: drain hook lambda allows tasks to stop gracefully (#13559) (3e1148e), closes #13506
codebuild: Fixed build spec file format to return yaml (#13445) (fab93c6)
codedeploy: Use aws-cli instead of awscli for yum (#13655) (449ce12)
codepipeline-actions: BitBucketAction fails with S3 "Access denied" error (#13637) (77ce45d), closes #13557
core: toJsonString() cannot handle list intrinsics (#13544) (a5be042), closes #13465
events,applicationautoscaling: specifying a schedule rate in seconds results in an error (#13689) (5d62331), closes #13566
lambda: incorrect values for prop UntrustedArtifactOnDeployment (#13667) (0757686), closes #13586
neptune: create correct IAM statement in grantConnect() (#13641) (2e7f046), closes #13640
s3: Notifications fail to deploy due to incompatible node runtime (#13624) (aa32cf6)

lambda-nodejs: prepare code to reduce merge conflicts when deprecated APIs are stripped (#13738) (ca391b5)
lambda-nodejs: update default runtime (#13664) (ca42461)

1.94.1 (2021-03-16)

Bug Fixes

s3: Notifications fail to deploy due to incompatible node runtime (#13624) (26bc3d4)

1.94.0 (2021-03-16)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

appmesh: Backend, backend default and Virtual Service client policies structures are being altered
appmesh: you must use the backend default interface to define backend defaults in VirtualGateway. The property name also changed from backendsDefaultClientPolicy to backendDefaults
appmesh: you must use the backend default interface to define backend defaults in VirtualNode, (the property name also changed from backendsDefaultClientPolicy to backendDefaults), and the Backend class to define a backend
appmesh: you can no longer attach a client policy to a VirtualService

Features

appmesh: add missing route match features (#13350) (b71efd9), closes #11645
aws-elasticloadbalancingv2: add protocol version for ALB TargetGroups (#13570) (165a3d8), closes #12869
ecs-patterns: Add ECS deployment circuit breaker support to higher-level constructs (#12719) (e80a98a), closes #12534 #12360

Bug Fixes

appmesh: Move Client Policy from Virtual Service to backend structure (#12943) (d3f4284), closes #11996
autoscaling: AutoScaling on percentile metrics doesn't work (#13366) (46114bb), closes #13144
cloudwatch: cannot create Alarms from labeled metrics that start with a digit (#13560) (278029f), closes #13434
use NodeJS 14 for all packaged custom resources (#13488) (20a2820), closes #13534 #13484
ec2: Security Groups support all protocols (#13593) (8c6b3eb), closes #13403
lambda: fromDockerBuild output is located under /asset (#13539) (77449f6), closes #13439
region-info: ap-northeast-3 data not correctly registered (#13564) (64da84b), closes #13561

1.93.0 (2021-03-11)

Features

amplify-domain: Added config for auto subdomain creation (#13342) (4c63f09)
appmesh: add route retry policies (#13353) (66f7053), closes #11642
cfnspec: cloudformation spec v30.1.0 (#13519) (7711981)
codebuild: allow setting queued timeout (#13467) (e09250b), closes #11364
dynamodb: custom timeout for replication operation (#13354) (6a5a4f2), closes #10249
ec2: ESP and AH IPsec protocols for Security Groups (#13471) (f5a6647), closes #13403
ec2: multipart user data (#11843) (ed94c5e), closes #8315
ecr: add imageTagMutability prop (#10557) (c4dc3bc), closes #4640
ecs: ability to access tag parameter value of TagParameterContainerImage (#13340) (e567a41), closes #13202
ecs: allow users to provide a CloudMap service to associate with an ECS service (#13192) (a7d314c), closes #10057
events: EventBus.grantPutEventsTo method for granular grants (#13429) (122a232), closes #11228
events: dead-letter queue support for CodeBuild (#13448) (abfc0ea), closes #13447
events: dead-letter queue support for StepFunctions (#13450) (0ebcb41), closes #13449
events,applicationautoscaling: schedule can be a token (#13064) (b1449a1)
iam: SAML identity provider (#13393) (faa0c06), closes #5320
neptune: Support IAM authentication (#13462) (6c5b1f4), closes #13461
region-info: added AppMesh ECR account for af-south-1 region (#12814) (b3fba43)
stepfunctions-tasks: Support calling ApiGateway REST and HTTP APIs (#13033) (cc608d0), closes #11565 #11566 #11565

Bug Fixes

cfn-include: allow boolean values for string-typed properties (#13508) (e5dab7c)
ec2: fix typo's in WindowsImage constants (#13446) (781aa97)
elasticloadbalancingv2: upgrade to v1.92.0 drops certificates on ALB if more than 2 certificates exist (#13490) (01b94f8), closes #13332 #13437
events: imported EventBus does not correctly register source account (#13481) (57e5404), closes #13469
iam: oidc-provider can't pull from hosts requiring SNI (#13397) (90dbfb5)
iam: policy statement tries to validate tokens (#13493) (8d592ea), closes #13479
init: Python init template's stack ID doesn't match other languages (#13480) (3f1c02d)
stepfunctions: no validation on state machine name (#13387) (6c3d407), closes #13289

1.92.0 (2021-03-06)

ecs-patterns: the desiredCount property stored on the above constructs will be optional, allowing them to be undefined. This is enabled through the @aws-cdk/aws-ecs-patterns:removeDefaultDesiredCount feature flag. We would recommend all CDK users to set the @aws-cdk/aws-ecs-patterns:removeDefaultDesiredCount flag to true for all of their existing applications.

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

apigatewayv2: HttpApiMapping (and related interfaces for Attributed and Props) has been renamed to ApiMapping
apigatewayv2: CommonStageOptions has been renamed to StageOptions
apigatewayv2: HttpStage.fromStageName has been removed in favour of HttpStage.fromHttpStageAttributes
apigatewayv2: DefaultDomainMappingOptions has been removed in favour of DomainMappingOptions
apigatewayv2: HttpApiProps.defaultDomainMapping has been changed from DefaultDomainMappingOptions to DomainMappingOptions
apigatewayv2: HttpApi.defaultStage has been changed from HttpStage to IStage
apigatewayv2: IHttpApi.defaultStage has been removed
aws-appsync: RdsDataSource now takes a ServerlessCluster instead of a DatabaseCluster
aws-appsync: graphqlapi.addRdsDataSource now takes databaseName as its fourth argument

Features

apigateway: integrate with aws services in a different region (#13251) (d942699), closes #7009
apigatewayv2: websocket api (#13031) (fe1c839), closes #2872
aws-appsync: add databaseName to rdsDataSource (#12575) (f92b65e), closes #12572
aws-events: Event Bus target (#12926) (ea91aa3), closes #9473
aws-route53-targets: add global accelerator target to route53 alias targets (#13407) (2672a55), closes #12839
aws-s3: adds s3 bucket AWS FSBP option (#12804) (b9cdd52), closes #10969
cfnspec: cloudformation spec v28.0.0 (#13101) (13c9859)
cfnspec: cloudformation spec v29.0.0 (#13249) (6318e26)
cfnspec: cloudformation spec v30.0.0 (#13365) (ae0185d)
cli: Configurable --change-set-name CLI flag (#13024) (18184df), closes #11075 #12683
cloudwatch: EC2 actions (#13281) (319cfcd), closes #13228
cognito: user pools - sign in with apple (#13160) (b965589)
core: description parameter in the CustomResourceProvider (#13275) (78831cf), closes #13277 #13276
core: customize bundling output packaging (#13152) (6eca979)
ec2: Add VPC endpoint for RDS (#12497) (fc87574), closes #12402
ecs: add port mappings to containers with props (#13262) (f511639), closes #13261
ecs: allow selection of container and port for SRV service discovery records (#12798) (a452bc3), closes #12796
ecs-patterns: Add support for assignPublicIp for QueueProcessingFargateService (#13122) (3fb4600), closes #12815
ecs-patterns: remove default desiredCount to align with cfn behaviour (under feature flag) (#13130) (a9caa45)
elasticloadbalancingv2: Add support for application cookies (#13142) (23385dd)
elbv2: allow control of ingress rules on redirect listener (#12768) (b7b441f), closes #12766
events: archive events (#12060) (465cd9c), closes #11531
events: dead letter queue for Lambda Targets (#11617) (1bb3650), closes #11612
lambda: code signing config (#12656) (778ea27), closes #12216
lambda: Code.fromDockerBuild (#13318) (ad01099), closes #13273
lambda: Code.fromDockerBuildAsset (#12258) (09afed5), closes #11914
neptune: high level constructs for db clusters and instances (#12763) (c366837), closes aws#12762
stepfunctions-tasks: add EKS call to SFN-tasks (#12779) (296a10d)
synthetics: Update CloudWatch Synthetics NodeJS runtimes (#12907) (6aac3b6), closes #12906

Bug Fixes

appsync: revert to allow resolver creation from data source (#12973) (d35f032), closes #12635 #11522
aws-appsync: use serverlessCluster on rdsDataSource (#13206) (45cf387), closes #12567
cfn-diff: handle Fn::If inside policies and statements (#12975) (daf4e47), closes #12887
cfn-include: allow dynamic mappings to be used in Fn::FindInMap (#13428) (623675d)
cloudfront: cannot add two EdgeFunctions with same aliases (#13324) (1f35351), closes #13237
cloudwatch: MathExpression period of <5 minutes is not respected (#13078) (d9ee914), closes #9156
cloudwatch: metric label not rendered into Alarms (#13070) (cbcc712)
codebuild: allow FILE_PATH webhook filter for BitBucket (#13186) (cbed348), closes #13175
core: custom resource provider NODEJS_12 now looks like Lambda's NODEJS_12_X, add Node 14 (#13301) (3413b2f)
core: ENOTDIR invalid cwd on "cdk deploy" (#13145) (cd7a3ed), closes #12258 #13076 #13131
custom-resources: unable to use a resource attributes as dictionary keys in AwsCustomResource (#13074) (3cb3104), closes #13063
dynamodb: replicas not created on table replacement (#13300) (c7c424f), closes #12332
ec2: NAT provider's default outbound rules cannot be disabled (#12674) (664133a), closes #12673
ec2: readme grammar (#13180) (fe4f056)
ec2: Throw error on empty InitFile content (#13009) (#13119) (81a78a3)
ecr: Allow referencing an EcrImage by digest instead of tag (#13299) (266a621), closes #5082
ecr: Generate valid CloudFormation for imageScanOnPush (#13420) (278fba5), closes #13418
ecs: services essential container exceptions thrown too soon (#13240) (c174f6c), closes #13239
eks: KubectlProvider creates un-necessary security group (#13178) (c5e8b6d)
UserPool, Volume, ElasticSearch, FSx are now RETAIN by default (#12920) (5a54741), closes #12563
eks: Deployment fails for the first deployment in an account (#13103) (e042879), closes #9027
incorrect peerDependency on "constructs" (#13255) (17244af)
elasticloadbalancingv2: should allow more than 2 certificates (#13332) (d3155e9), closes #13150
events: cannot trigger multiple Lambdas from the same Rule (#13260) (c8c1762), closes #13231
events: imported ECS Task Definition cannot be used as target (#13293) (6f7cebd), closes #12811
lambda-nodejs: 'must use "outdir"' error with spaces in paths (#13268) (09723f5), closes #13210
lambda-nodejs: invalid sample in documentation (#12404) (520c263)
lambda-nodejs: paths with spaces break esbuild (#13312) (f983fbb), closes #13311
lambda-python: asset hash is non-deterministic (#12984) (37debc0), closes #12770 #12684
stepfunctions: SageMakeUpdateEndpoint adds insufficient permissions (#13170) (6126e49), closes #11594

1.91.0 (2021-02-23)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

aws-appsync: RdsDataSource now takes a ServerlessCluster instead of a DatabaseCluster
aws-appsync: graphqlapi.addRdsDataSource now takes databaseName as its fourth argument

Features

aws-appsync: add databaseName to rdsDataSource (#12575) (f92b65e), closes #12572
cfnspec: cloudformation spec v28.0.0 (#13101) (13c9859)
ecs-patterns: Add support for assignPublicIp for QueueProcessingFargateService (#13122) (3fb4600), closes #12815
stepfunctions-tasks: add EKS call to SFN-tasks (#12779) (296a10d)
synthetics: Update CloudWatch Synthetics NodeJS runtimes (#12907) (6aac3b6), closes #12906

Bug Fixes

UserPool, Volume, ElasticSearch, FSx are now RETAIN by default (#12920) (5a54741), closes #12563
appsync: revert to allow resolver creation from data source (#12973) (d35f032), closes #12635 #11522
aws-appsync: use serverlessCluster on rdsDataSource (#13206) (45cf387), closes #12567
cfn-diff: handle Fn::If inside policies and statements (#12975) (daf4e47), closes #12887
core: ENOTDIR invalid cwd on "cdk deploy" (#13145) (cd7a3ed), closes #12258 #13076 #13131
eks: KubectlProvider creates un-necessary security group (#13178) (c5e8b6d)
eks: Deployment fails for the first deployment in an account (#13103) (e042879), closes /github.com/aws/aws-cdk/issues/9027#issuecomment-780482124
lambda-nodejs: invalid sample in documentation (#12404) (520c263)

1.90.1 (2021-02-19)

Bug Fixes

core: ENOTDIR invalid cwd on "cdk deploy" (#13145) (a735b52), closes #12258 #13076 #13131

1.90.0 (2021-02-17)

Features

apigatewayv2: http api - jwt and cognito user pool authorizers (#10972) (dd90e54), closes #10534
aws-ecs-patterns: allow ScheduledTaskBase be created in a DISABLED state (#12837) (c625699), closes #12836
aws-kinesisanalyticsv2: L2 construct for Flink applications (#12464) (94279f3), closes #12407
cfnspec: cloudformation spec v27.0.0 (#12960) (7730ac8)
cli: change set name is now a constant, and --no-execute will always produce one (even if empty) (#12683) (00cdd2a), closes #11075
core: customize bundling output packaging (#13076) (367a055), closes #10776
ecs: support Fargate and Fargate spot capacity providers (#12893) (843b480), closes #5850
ecs-patterns: Add support for taskSubnets and securityGroups on QueueProcessingFagateService (#12604) (996e69d), closes #12603
eks: support Kubernetes 1.19 (#13094) (72c22dc), closes #13093
elasticsearch: add custom endpoint options (#12904) (f67ab86), closes #12261
glue: Connection construct (#12444) (c64ec6b), closes #12442
glue: SecurityConfiguration construct (#12450) (0a8e681), closes #12449
redshift: add missing current generation RA3 NodeTypes (#12784) (f91a3f1), closes #12783
stepfunctions: Implement IGrantable (#12830) (3b5ff05), closes #12829

Bug Fixes

apigatewayv2: HttpApi and Route in different stacks creates cycles (#13010) (b5efb88), closes #13021
aws-rds: correct Policy resource for Proxy::grantConnect() (#12416) (b3197db), closes #12415
cfn-diff: correctly handle version strings like '0.0.0' (#13022) (34a921b), closes #13016
cfn2ts: correctly choose between string and object without required properties in a union (#12954) (b7137c5), closes #12854
cloudfront: bucket policy for Origin Access Identities is overly permissive (#13087) (cc28312), closes #3486 #13086
cloudfront: EdgeFunction us-east-1 stack created in different account (#13055) (2f1fc95), closes #12789
codecommit: take the region and account of an imported Repository from its ARN (#13066) (5f0ee88), closes #13025
codedeploy: allow the install agent script's commands to exit with errors (#12782) (23d52a5), closes #12764
codepipeline-actions: use BatchGetBuildBatches permission for batch builds (#13018) (09ba573)
core: exportValue() does not work with resource names (#13052) (46043e0), closes #13002 #12918
ec2: volume props validations are incorrect (#12821) (12cddff), closes #12816 #12816 #12074
rds: proxy cannot connect to cluster/instance (#12953) (4b0abbc)
tools: doc block links not clickable in VS Code (#12336) (4f17f92)

1.89.0 (2021-02-09)

Features

cfnspec: cloudformation spec v26.0.0 (#12841) (f959b3a)
cloudfront: add support for TrustedKeyGroups in Distribution and CloudFrontWebDistribution (#12847) (349a6e2), closes #11791
core: configure bundling docker entrypoint (#12660) (6597a09), closes #11984
ec2: can define Launch Templates (not use them yet) (#12385) (32c0de7)
lambda: layer version removal policy (#12792) (5664480), closes #12718
lambda: nodejs14.x runtime (#12861) (12c224a)

Bug Fixes

core: append file extension to s3 asset key in new style synthesizer (#12765) (77b9d39), closes #12740
core: incorrect GetParameter permissions in nonstandard partitions (#12813) (be7202f)
ec2: MachineImage.genericLinux/Windows don't work in environment-agnostic stacks (#12546) (fbe7e89), closes #8759
ec2: Subnet cidr missing for Vpc.from_lookup() (#12878) (9028269), closes #11821
ec2: VpnConnection fails if ip is a Token (#12923) (953957a), closes #11633
kms: cross-environment usage fails when trustAccountIdentities is set (#12925) (2b917ec), closes #12921 #12741
lambda-python: cryptography >= 3.4 is not supported by older pip version (#12934) (b68acf8), closes /cryptography.io/en/3.4/changelog.html#v3-4

1.88.0 (2021-02-03)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

appmesh: the properties virtualRouter and virtualNode of VirtualServiceProps have been replaced with the union-like class VirtualServiceProvider
appmesh: the method addVirtualService has been removed from IMesh
cloudfront: experimental EdgeFunction stack names have changed from 'edge-lambda-stack-${region}' to 'edge-lambda-stack-${stackid}' to support multiple independent CloudFront distributions with EdgeFunctions.

Features

apigateway: cognito user pool authorizer (#12786) (ff1e5b3), closes #5618
apigateway: import an existing Resource (#12785) (8a1a9b8), closes #4432
appmesh: change VirtualService provider to a union-like class (#11978) (dfc765a), closes #9490
aws-route53: cross account DNS delegations (#12680) (126a693), closes #8776
cloudfront: add PublicKey and KeyGroup L2 constructs (#12743) (59cb6d0)
core: stack.exportValue() can be used to solve "deadly embrace" (#12778) (3b66088), closes #7602 #2036
ecr: Public Gallery authorization token (#12775) (8434294)
ecs-patterns: Add PlatformVersion option to ScheduledFargateTask props (#12676) (3cbf38b), closes #12623
elbv2: support for 2020 SSL policy (#12710) (1dd3d05), closes #12595
iam: Permissions Boundaries (#12777) (415eb86), closes aws/aws-cdk-rfcs#5 #3242
lambda: inline code for Python 3.8 (#12788) (8d3aaba), closes #6503

Bug Fixes

apigateway: stack update fails to replace api key (#12745) (ffe7e42), closes #12698
cfn-include: AWS::CloudFormation resources fail in monocdk (#12758) (5060782), closes #11595
cli, codepipeline: renamed bootstrap stack still not supported (#12771) (40b32bb), closes #12594 #12732
cloudfront: use node addr for edgeStackId name (#12702) (c429bb7), closes #12323
codedeploy: wrong syntax on Windows 'installAgent' flag (#12736) (238742e), closes #12734
codepipeline: permission denied for Action-level environment variables (#12761) (99fd074), closes #12742
ec2: ARM-backed bastion hosts try to run x86-based Amazon Linux AMI (#12280) (1a73d76), closes #12279
efs: EFS fails to create when using a VPC with multiple subnets per availability zone (#12097) (889d673), closes #10170
iam: cannot use the same Role for multiple Config Rules (#12724) (2f6521a), closes #12714
lambda: codeguru profiler not set up for Node runtime (#12712) (59db763), closes #12624

1.87.1 (2021-01-28)

Bug Fixes

apigateway: stack update fails to replace api key (38cbe62), closes #12698

1.87.0 (2021-01-27)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

s3-deployment: User metadata keys of bucket objects will change from x-amz-meta-x-amz-meta-x-amzn-meta-mykey to x-amz-meta-mykey.
core: users of modern synthesis (DefaultSynthesizer, used by CDK Pipelines) must upgrade their bootstrap stacks. Run cdk bootstrap.

Features

aws-codebuild: add enableBatchBuilds() to Project (#12531) (0568390)
aws-codepipeline-actions: Add Full Clone support for CodeCommit (#12558) (d169688), closes #12236
batch: Compute Resources placement group (#12203) (fe37174)
eks: Graduate to stable (#12640) (b5ba7cd)
stepfunctions-tasks: EcsRunTask now uses taskDefinition family instead of ARN (#12436) (abde96b), closes #12080
stepfunctions-tasks: support databrew startJobRun task (#12532) (eacd2f7)

Bug Fixes

apigatewayv2: multiple http integrations are created for each route (#12528) (855ce59), closes 40aws-cdk/aws-apigatewayv2/lib/http/route.ts#L128
core: modern deployments fail if bootstrap stack is renamed (#12594) (e5c616f), closes #11952 #11420 #9053
pipelines: assets broken in Pipelines synthesized from Windows (#12573) (5c3dce5), closes #12540
pipelines: can't use CodePipeline variables in Synth environment variables (#12602) (736b260), closes #12061 #11178
pipelines: unable to publish assets inside VPC (#12331) (a16f09c), closes #11815
s3-deployment: User metadata keys have redundant triple x-amz prefix (#12414) (6716181), closes #8459
secretsmanager: fromSecretPartialArn() has incorrect grant policies (#12665) (560915e), closes #12411

1.86.0 (2021-01-21)

Features

cfnspec: cloudformation spec v24.0.0 (#12615) (98ebe96), closes #12474
cognito: allow to set read and write attributes in Cognito UserPoolClient (#7607) (552e1e9), closes #7407
ec2: Support for new EBS types (#12074) (6a2ce55), closes #12071
elasticsearch: UltraWarm nodes (#12265) (3a9056d), closes #6462
s3: Bucket keys (#12376) (d126fcc), closes #11828

Bug Fixes

apigateway: cannot remove first api key from usage plan (#12505) (96cbe32), closes #11876
aws-ecs: Invalid user data defined for windows autoscaling groups (#12585) (638b995), closes #12583
ec2: Vpc.fromVpcAttributes cannot be used with EKS (#12569) (1cdc244), closes #12040 #12160
iam: Groups are erroneously accepted as the Principal of a policy (#11479) (#12549) (c9b0859)
synthetics: default execution role breaks in non aws partitions (#12096) (c01272c), closes #12094

1.85.0 (2021-01-14)

s3-deployment: This version includes an important update, please upgrade to prevent deployment failure. This is in prepartion of Lambda deprecation of the request module in boto, more details are available in AWS blog. Note, users of versions < 1.81.0 will not be impacted by this deprecation, but are still encouraged to upgrade to the latest version.
s3: The grantWrite() and grantReadWrite() methods no longer add the s3:PutObject* permissions that included s3:PutObjectAcl, which could be used to grant read/write object access to IAM principals in other accounts. This change is gated behind the @aws-cdk/aws-s3:grantWriteWithoutAcl feature flag, so make sure to set it to true in the context key of your cdk.json file when upgrading. If you still need the principal to have s3:PutObjectAcl permissions after upgrading, use the new grantPutAcl() method.

Features

apigatewayv2: http api - disable execute api endpoint (#12426) (1724da7), closes #12241
appmesh: add listener TLS certificates for VirtualNodes and VirtualGateways (#11863) (175a257), closes #10051
cfnspec: CloudFormation resource specification update to v23.0.0 (#12490) (a7a2236)

Bug Fixes

appsync: rds data source configured with cluster arn (#12255) (d0305f3), closes #11536
aws-ecs: Support configuring Windows capacity for cluster ASGs (#12365) (6d9a0f1)
eks: aws-node-termination-handler incorrectly deployed to on-demand instances as well (#12369) (05c0b5f), closes #12368
s3: Bucket.grantWrite() no longer adds s3:PutObject* permission (#12391) (cd437cf)
s3-deployment: stop using deprecated API's that will cause breakage post 01/31/21 (#12491) (f50f928)
sns: require topic name for fifo topic #12386 (#12437) (37d8ccc)

1.84.0 (2021-01-12)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

apigatewayv2: subnets prop in VpcLink resource now takes SubnetSelection instead of ISubnet[]

Features

aws-lambda-nodejs: add esbuild define bundling option (#12424) (581f6af), closes #12423
cdk-assets: add external asset support (#12259) (05a9980)
cli: --quiet does not print template in cdk synth (#12178) (74458a0), closes #11970
codebuild: support Standard 5.0 (#12434) (422dc8e), closes #12433
core: validate maximum amount of resources in a stack (#12193) (26121c8), closes #276
eks: spot interruption handler can be disabled for self managed nodes (#12453) (6ac1f4f), closes #12451
synthetics: Update Cloudwatch Synthetics canaries NodeJS runtimes (#11866) (4f6e377), closes #11870

Bug Fixes

apigatewayv2: vpclink - explicit subnet specification still causes private subnets to be included (#12401) (336a58f), closes #12083
cli: CLI doesn't read context from ~/.cdk.json (#12394) (2389a9b), closes #10823 #4802
core: DefaultStackSynthesizer bucket prefix missing for template assets (#11855) (50a3d3a), closes #10710 #11327
dynamodb: missing grantRead for ConditionCheckItem (#12313) (e157007)
ec2: interface endpoint AZ lookup does not guard against broken situations (#12033) (80f0bfd)
eks: nodegroup synthesis fails when configured with an AMI type that is not compatible to the default instance type (#12441) (5f6f0f9), closes #12389
elasticsearch: domain fails due to log publishing keys on unsupported cluster versions (#11622) (e6bb96f)
elbv2: can't import two application listeners into the same scope (#12373) (6534dcf), closes #12132
logs: custom resource Lambda uses old NodeJS version (#12228) (29c4943)
stepfunctions-tasks: EvaluateExpression does not support JSON paths with dash (#12248) (da1ed08), closes #12221

1.83.0 (2021-01-06)

Features

aws-cloudfront: support minimum security protocol (#12231) (40976d9), closes #12199
aws-kms: support waiting period (#12224) (9f451bd), closes #12218
cfnspec: cloudformation spec v22.0.0 (#12204) (a5be2e9), closes #12170 #11974 #12114 #12028
cloudfront: allow to specify stack ID for Lambda@Edge (#12163) (049e70c), closes #12136
cloudwatch: full precision for SingleValueWidgets (#12274) (45d78f0), closes #8940 #12066
codecommit: HTTPS GRC clone URL (#12312) (36b081e)
ec2: add m6gd and r6gd metadata (#12302) (ce4eb20), closes #12301
sns: fifo topic with content-based deduplication support #11127 (#11588) (7e60d8e)

Bug Fixes

aws-ecs: update desired count to be optional (#12223) (455540b)
cli: cross account asset upload no longer works (#12155) (1c8cb11)
cloudfront: cross-region EdgeFunction does not work within a Stage (#12103) (98d781c), closes #12092
cloudfront: EdgeFunction fails with newStyleStackSynthesis (#12356) (fb02736), closes #12172
lambda: make the Version hash calculation stable (#12364) (4da50e5)
rds: add the dependency on proxy targets to ensure dbInstance (#12237) (8f74169), closes #11311
cli: IAM differences table printing is broken (#12330) (062bf5f)

1.82.0 (2021-01-03)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

eks: Existing self managed nodes may loose the ability to host additional services of type LoadBalancer . See https://github.com/aws/aws-cdk/pull/12269#issuecomment-752161190 for possible mitigations.

Bug Fixes

eks: Self managed nodes cannot be added to LoadBalancers created via the LoadBalancer service type (#12269) (470a881)
lambda-layer-*: unable to calculate layer asset hash due to missing file (#12293) (646f098), closes #12291

1.81.0 (2020-12-30)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

eks: the @aws-cdk/eks.KubectlLayer layer class has been moved to @aws-cdk/lambda-layer-kubectl.KubectlLayer.

Features

codebuild: add webhookTriggersBatchBuild option to third-party Git sources (#11743) (d9353b7), closes #11663
codebuild: prevent using Secrets in plain-text environment variables (#12150) (998af8f)
ecs: deployment circuit breaker support (#12168) (e8801a0)
ecs-patterns: containerName for QueueProcessingEc2Service (88d4149), closes #10517
Configre containerName for QueueProcessingFargateService (fad27f6)
eks: aws-node-termination-handler for spot instances now pulls the image from public ECR (#12141) (c752fab), closes #12134
eks: bundle kubectl, helm and awscli instead of SAR app (#12129) (63bc98f), closes #11874
eks: option to disable manifest validation (#12012) (579b923), closes #11763
eks: spot support for managed nodegroups (#11962) (6ccd00f), closes #11827
elasticsearch: add support for version 7_8 and 7_9 (#12222) (09d1f6c), closes #12202
elasticsearch: Support EnableVersionUpgrade update policy (#12239) (14f8b06), closes #12210
rds: add grantConnect for RDS Proxy (#12243) (eb45ca8), closes #10133
rds: add support for setting public accessibility (#12164) (b8f48e5), closes #12093
s3: option to auto delete objects upon bucket removal (#12090) (32e9c23), closes #3297 #9751

Bug Fixes

codebuild: missing permissions for SecretsManager environment variables (#12121) (1a13d8f)
codebuild: Project lacks permissions to its log destinations (#12213) (b92ed51), closes #11444 #12179
codepipeline-actions: use codebuild batch iam permissions when executeBatchBuild: true (#12181) (5279f37)
elasticsearch: domain configured with access policies and a custom kms key fails to deploy (#11699) (245ee6a)

1.80.0 (2020-12-22)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

eks: LegacyCluster was removed since it existed only for a transition period to allow gradual migration to the current cluster class.
eks: kubectlEnabled property was removed, all clusters now support kubectl.
core: Creation stack traces for Lazy values are no longer captured by default in order to speed up tests. Run with CDK_DEBUG=true (or cdk --debug) to capture stack traces.

Features

ec2: Add VPC endpoints for Athena and Glue (#12073) (73ef6b1), closes #12072
ecs-patterns: add ruleName optional parameter for ScheduledTask constructs (#12190) (b1318bd)
eks: connect all custom resources to the cluster VPC (#10200) (eaa8222)
lambda-nodejs: Expose optional props for advanced usage of esbuild (#12123) (ecc98ac)

Bug Fixes

core: capturing stack traces still takes a long time (#12180) (71cd38c), closes #11170
dynamodb: allow global replicas with Provisioned billing mode (#12159) (ab5a383), closes #11346
lambda-nodejs: local bundling fails with relative depsLockFilePath (#12125) (d5afb55), closes #12115
eks: Remove legacy and deprecated code (#12189) (6a20e61)

1.79.0 (2020-12-17)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

apigatewayv2: HttpApi.fromApiId() has been replaced with HttpApi.fromHttpApiAttributes().
elasticsearch: ES Domain LogGroup LogicalId will change, which will trigger new log group resources to be created

Features

appmesh: add timeout support to Routes (#11973) (78c185d)
core: expose custom resource provider's role (#11923) (06f26d3), closes /github.com/aws/aws-cdk/pull/9751#issuecomment-723554595
ec2: add r5b instance type to instance class (#12027) (d276b02), closes #12025
ecs-patterns: Add DeploymentController option to Fargate services (#10452) (2cd233a), closes aws/containers-roadmap#130 #10971
eks: attach cluster security group to self-managed nodes (#12042) (1078bea)
elasticsearch: support audit logs (#12106) (d10ea63), closes #12105
ivs: add IVS L2 Constructs (#11454) (f813bff)
lambda: encryption key for environment variables (#11893) (ccbaf83), closes #10837
lambda-nodejs: expose more esbuild options (#12063) (bab21b3), closes #12046
route53: Vpc endpoint service private dns (#10780) (8f6f9a8)
s3-deployment: support vpc in BucketDeploymentProps (#12035) (6caf72f), closes #11734
stepfunctions-tasks: add support for ModelClientConfig to SageMakerCreateTransformJob (#11892) (bf05092)

Bug Fixes

ec2: 'encoded list token' error using Vpc imported from deploy-time lists (#12040) (0690da9)
ec2: fromInterfaceVpcEndpointAttributes: Security Groups should not be required (#11857) (86ae5d6), closes #11050
eks: failure to deploy cluster since aws-auth configmap exists (#12068) (dc8a98a), closes #12053
eks: k8s resources accidentally deleted due to logical ID change (#12053) (019852e), closes #10397 #10397
elasticsearch: Defining 2 domains with logging enabled in the same stack fails on construct id conflict (#12055) (ec3ce19), closes #12017
elasticsearch: log policies are overwritten when creating 2 domains which also results in a failure while destroying the stack (#12056) (889d089), closes #12016
stepfunctions-tasks: policies created for EMR tasks have ARNs that are not partition-aware (#11553) (1cf6713), closes #11503

apigatewayv2: apiEndpoint is elevated to the IHttpApi interface (#11988) (bc5b9b6)

1.78.0 (2020-12-11)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

cloudfront-origins: Default minimum origin SSL protocol for HttpOrigin and LoadBalancerOrigin changed from SSLv3 to TLSv1.2.
apigatewayv2: domainName property under DomainName has been renamed to name.
appmesh: the properties dnsHostName and awsCloudMap of VirtualNodeProps have been replaced with the property serviceDiscovery
kms: change the default value of trustAccountIdentities to true, which will result in the key getting the KMS-recommended default key policy. This is enabled through the '@aws-cdk/aws-kms:defaultKeyPolicies' feature flag.

Features

appmesh: add ClientPolicy to VirtualNode, VirtualGateway and VirtualService (#11563) (bfee58c)
appmesh: change Virtual Node service discovery to a union-like class (#11926) (f75c264)
appsync: support appsync functions for pipelineConfig (#10111) (cb703c7), closes #9092
batch: Log configuration for job definitions (#11771) (84c959c), closes #11218
cloudfront: responseHttpStatus defaults to httpStatus in errorResponses (#11879) (c6052ae)
cloudfront: the Distribution construct is now Generally Available (stable) (#11919) (442bf7e)
cloudfront-origins: ability to specify minimum origin SSL protocol (#11997) (a0aa61d), closes #11994
cloudfront-origins: CloudFront Origins is now Generally Available (#12011) (daace16), closes #11919
codeguruprofiler: the CodeGuru Profiler Construct Library is now Generally Available (stable) (#11924) (cbe7a10)
ecs: introduce a new Image type, TagParameterContainerImage, to be used in CodePipeline (#11795) (4182c40), closes #1237 #7746
eks: kubernetes resource pruning (#11932) (1fdd549), closes #10495
kms: change default key policy to align with KMS best practices (under feature flag) (#11918) (ff695da), closes #5575 #8977 #10575 #11309
s3: add support to set bucket OwnershipControls (#11834) (0d289cc), closes #11591

Bug Fixes

apigateway: base path url cannot contain upper case characters (#11799) (8069a7e)
cfn-include: cfn-include fails in monocdk (#11595) (45e43f2), closes #11342
cli: cross-account deployment no longer works (#11966) (6fb3448), closes #11350 #11792 #11792
codebuild: incorrect SSM Parameter ARN in Project's IAM permissions (#11917) (7a09c18), closes #9980
core: autogenerated exports do not account for stack name length (#11909) (0df79a2), closes #9733
ecs: cannot disable container insights of an ECS cluster (#9151) (e328f22), closes #9149
eks: kubectl provider out-of-memory for large manifests/charts (now 1GiB) (#11957) (2ec2948), closes #11787
synthetics: metricFailed uses Average instead of Sum by default (#11941) (3530e8c)
apigatewayv2: rename 'domainName' to 'name' in the DomainName construct (#11989) (1be831a)

1.77.0 (2020-12-07)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

apigatewayv2: The VpcLink.fromVpcLinkId() API has been replaced with VpcLink.fromVpcLinkAttributes().
secretsmanager: (feature flag) Secret.secretName for owned secrets will now return only the secret name (without suffix) and not the full resource name. This is enabled through the @aws-cdk/secretsmanager:parseOwnedSecretName flag.
lambda-nodejs: bundling customization options like minify or sourceMap are now gathered under a new bundling prop.
lambda-nodejs: bundlingEnvironment is now bundling.environment
lambda-nodejs: bundlingDockerImage is now bundling.dockerImage

Features

apigatewayv2: private integration with imported services (#11661) (6bf0da0), closes #11603
cfn-include: preserve properties of resources that are not in the current CFN schema (#11822) (45677ca), closes #9717
cfn-include: the cloudformation-include module is now Generally Available (stable) (#11882) (11df56b)
cfnspec: cloudformation spec v21.0.0 (#11694) (d1d9fc4)
cli: support WebIdentityCredentials (as used by EKS) (#11559) (5cfbe6c), closes #11543
cloudfront: Lambda@Edge construct (#10500) (3b30123), closes #9833 #1575 #9862
codepipeline-actions: support executeBatchBuild on CodeBuildAction (#11741) (3dcd1a8), closes #11662
cognito: user pool client - token validity (#11752) (78b3c39), closes #11689
ecr: authorization token retrieval grants (#11783) (c072981)
ecs-patterns: allow to select vpc subnets for LB fargate service (#11823) (869c884), closes #8621
lambda-nodejs: command hooks (#11583) (0608670), closes #11468
lambda-python: support poetry packaging for PythonFunction (#11850) (c5c258a), closes #11753

Bug Fixes

codebuild: Project lacks permissions for SSM ParameterStore environment variables (#11770) (3c5c2f4), closes #11769
codepipeline-actions: incorrect IAM statement in StepFunctionInvokeAction (#11728) (ece9b23), closes #11397 #11688
core: custom resource providers cannot be used in CDK Pipelines (#11807) (48b3fa9), closes #11760
core: floating list tokens synthesize to template (#11899) (60875a5), closes #11750
core: init templates not initialized when running the CLI from source (#11731) (2e067d7), closes #11665
core: regression: source directory is fingerprinted even if bundling is skipped (#11440) (3cbc7fa), closes #11008 /github.com/aws/aws-cdk/pull/11008/files#diff-62eef996be8abeb157518522c3cbf84a33dd4751c103304df87b04eb6d7bbab6L160 #11008 40aws-cdk/core/lib/asset-staging.ts#L159-L160 #11459 #11460
ec2: instance not replaced when changing asset in UserData (#11780) (17bde5a), closes #11704
eks: addManifest can accept any but only works if a map is passed (#11768) (f85c08c), closes #11483
events: match values in event pattern array are not deduplicated (#11744) (a07b987)
iam: OIDC provider cannot be imported from parameter (#11789) (cacb1d7), closes #11705
kinesis: Unable to use retention periods longer than 7 days (#11798) (80e5d90)
lambda-nodejs: automatic entry finding with compilerOptions.outDir (#11729) (1000cf9)
lambda-nodejs: maximum call stack size exceeded or converting circular structure to JSON (#11698) (4401725), closes #11693 #11726 #11762
lambda-nodejs: yarn cannot find a writable cache (#11656) (b16a8d3)
redshift: multi-node redshift cluster not allowing parameter (#11677) (13c05be), closes #11610
secretsmanager: secretName for owned secrets includes suffix (under feature flag) (#11736) (f6b4334), closes #11202 #11727
sqs: queueUrl property has incorrect region and account for imported queue (#11651) (7b8b665)
stepfunctions-tasks: instance type cannot be provided to SageMakerCreateEndpointConfig as input path (#11749) (5fb0ea6), closes #11605

1.76.0 (2020-12-01)

Features

lambda: container images (#11809) (02ced10)

1.75.0 (2020-11-24)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

appmesh: renames gateway listener static methods to use shorter names
appmesh: renames gateway route static methods to use shorter names
appmesh: changes Route's spec to a union-like class. RouteSpec is now defined using protocol variant static methods
efs: keyId property uses the ARN instead of the keyId to support cross-account encryption key usage. The filesystem will be replaced.
lambda-nodejs: local bundling now requires esbuild to be installed.
lambda-nodejs: projectRoot has been replaced by depsLockFilePath. It should point to your dependency lock file (package-lock.json or yarn.lock)
lambda-nodejs: parcelEnvironment has been renamed to bundlingEnvironment
lambda-nodejs: sourceMaps has been renamed to sourceMap
appmesh: IVirtualNode no longer has the addBackends() method. A backend can be added to VirtualNode using the addBackend() method which accepts a single IVirtualService
appmesh: IVirtualNode no longer has the addListeners() method. A listener can be added to VirtualNode using the addListener() method which accepts a single VirtualNodeListener
appmesh: VirtualNode no longer has a default listener. It is valid to have a VirtualNode without any listeners
appmesh: the construction property listener of VirtualNode has been renamed to listeners, and its type changed to an array of listeners
appmesh: the struct VirtualNodeListener has been removed. To create Virtual Node listeners, use the static factory methods of the VirtualNodeListener class

Features

applicationautoscaling: Add KAFKA to ServiceNamespace (#11394) (b5c3f84)
appmesh: add listener timeout to Virtual Nodes (#10793) (62baa7b)
appmesh: change Route's spec to a union-like class (#11343) (f0de91f)
appmesh: updates gateway resources to use shorter static method names (#11560) (df4d1d3)
cfnspec: cloudformation spec v20.0.0 (#11319) (8c17a35)
cfnspec: cloudformation spec v20.2.0 (#11429) (025992b)
cfnspec: cloudformation spec v20.3.0 (#11539) (3246b67)
cli: add --no-lookups flag to disable context lookups (#11489) (0445a6e), closes #11461
codebuild: allow setting the Project's logging configuration (#11444) (6a4b22d), closes #3856
codeguruprofiler: CodeGuruProfiler Construct Library is now in Developer Preview (#11558) (1da6715)
codepipeline-actions: Add deployment timeout to EcsDeployAction (#11407) (7d9d575)
core: add easy importValue to CfnOutput (#11368) (c71a4e9), closes #11360
ecs: allow HTTPS connections from LB to task (#11381) (0f6e2da)
ecs: environment files for containers in EC2 task definitions (8cb74ea)
ecs: secret JSON field for Fargate tasks (#11348) (03e7cd5), closes /github.com/aws/containers-roadmap/issues/385#issuecomment-722696672 #11341
efs: import access point - fromAccessPointAttributes() (#10712) (ec72c85)
events-targets: add CloudWatch LogGroup Target (#10598) (98e9b59), closes #9953
iam: specify initial PolicyDocument for inline Policy (#11430) (a8c4f17), closes #11236
lambda-nodejs: esbuild bundling (#11289) (7a82850), closes #10286 #9130 #9312 #11222
logs: Add KMS key support to LogGroup (#11363) (21ccfce), closes #11211
stepfunctions-tasks: support overriding all properties of CodeBuild StartBuild integration (#10356) (58efbad), closes #10302

Bug Fixes

autoscaling: targetRequestsPerSecond is actually requests per minute (#11457) (39e277f), closes #11446
aws-custom-resource: module fails loading when bundled with parcel (#11487) (421d4e4)
cli: credential provider plugins cannot be used with modern synthesis (#11350) (9e91306)
cloudfront: origin ID exceeds undocumented 128 character limit (#11523) (90f0b9d), closes #11504
core: DefaultStackSynthesizer supports object prefix for s3 assets (#11327) (1b5f218)
core: missing context in Stages is not filled by CLI (#11461) (a4a555a), closes #9226
core: reusing StackSynthesizer leads to unsynthesized Stacks (#11635) (f03c889), closes #11528
efs: cannot use encryption key imported from another account (#11524) (3578d84), closes #7641
eks: cluster creation fails when configured with an imported public subnet and private endpoint (#11620) (2c045ce)
iam: attach policy to imported User (#11493) (0a8971c), closes #10913 #11046 #10527
init: TypeScript code is not being recompiled automatically (#11470) (9843e71)
lambda: failed to add permission to an imported lambda from another account (#11369) (715a030), closes #11278 #11141 #11141
pipelines: synthesizes incorrect paths on Windows (#11464) (2ca31a8), closes #11359 #11405 #11424
pipelines: wrong runOrder for manual approval when using extraRunOrderSpace (#11511) (9b72fc8)
stepfunctions: metric* helpers not available on imported state machines (#11509) (83c0543)
stepfunctions-tasks: encryption is required for AthenaStartQueryExecution (#11355) (f26a592)
stepfunctions-tasks: incorrect policy for Athena prevents database deletions (#11427) (58e6576), closes #11357

1.74.0 (2020-11-17)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

appmesh: IVirtualNode no longer has the addBackends() method. A backend can be added to VirtualNode using the addBackend() method which accepts a single IVirtualService
appmesh: IVirtualNode no longer has the addListeners() method. A listener can be added to VirtualNode using the addListener() method which accepts a single VirtualNodeListener
appmesh: VirtualNode no longer has a default listener. It is valid to have a VirtualNode without any listeners
appmesh: the construction property listener of VirtualNode has been renamed to listeners, and its type changed to an array of listeners
appmesh: the struct VirtualNodeListener has been removed. To create Virtual Node listeners, use the static factory methods of the VirtualNodeListener class

Features

applicationautoscaling: Add KAFKA to ServiceNamespace (#11394) (b5c3f84)
appmesh: add listener timeout to Virtual Nodes (#10793) (62baa7b)
cfnspec: cloudformation spec v20.0.0 (#11319) (8c17a35)
cfnspec: cloudformation spec v20.2.0 (#11429) (025992b)
codepipeline-actions: Add deployment timeout to EcsDeployAction (#11407) (7d9d575)
core: add easy importValue to CfnOutput (#11368) (c71a4e9), closes #11360
ecs: secret JSON field for Fargate tasks (#11348) (03e7cd5), closes /github.com/aws/containers-roadmap/issues/385#issuecomment-722696672 #11341
efs: import access point - fromAccessPointAttributes() (#10712) (ec72c85)
iam: specify initial PolicyDocument for inline Policy (#11430) (a8c4f17), closes #11236
logs: Add KMS key support to LogGroup (#11363) (21ccfce), closes #11211
stepfunctions-tasks: support overriding all properties of CodeBuild StartBuild integration (#10356) (58efbad), closes #10302

Bug Fixes

autoscaling: targetRequestsPerSecond is actually requests per minute (#11457) (39e277f), closes #11446
core: missing context in Stages is not filled by CLI (#11461) (a4a555a), closes #9226
lambda: failed to add permission to an imported lambda from another account (#11369) (715a030), closes #11278 #11141 #11141
pipelines: synthesizes incorrect paths on Windows (#11464) (2ca31a8), closes #11359 #11405 #11424
stepfunctions-tasks: encryption is required for AthenaStartQueryExecution (#11355) (f26a592)
stepfunctions-tasks: incorrect policy for Athena prevents database deletions (#11427) (58e6576), closes #11357

1.73.0 (2020-11-11)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

apigatewayv2: LambdaProxyIntegration and HttpProxyIntegration classes have moved to the @aws-cdk/aws-apigatewayv2-integrations module.
appmesh: VirtualRouter's Listeners are no longer a struct; use the static factory methods of the VirtualNodeListener class to obtain instances of them
appmesh: VirtualRouter accepts a list of listeners instead of a single listener
appmesh: all fromResourceName() methods in the AppMesh module have been replaced with fromResourceAttributes()

Features

apigateway: default value for enum type in schema models (#11064) (9eff751), closes #11065
appmesh: change VirtualRouter's Listener to a union-like class (#11277) (0a3e980)
appmesh: remove fromName() methods and replace with fromAttributes() (#11266) (13d713e)
cli: process credentials (#11114) (6efa5e1), closes #3008
cloudwatch: add methods for lazy addition of graph metrics (#11380) (55e9576), closes #11305
cloudwatch: different view types in GraphWidget (#11160) (24de577), closes #11063
cognito: user pool resource server (#11118) (474f6c6)
cognito: user pools - non-ascii email domains (#11099) (5d907b6), closes #8473 #8473
core: natively support .dockerignore (#10922) (cdb9942)
eks: IAM Roles for service accounts in imported clusters (#10774) (76c795a), closes #10601
elasticloadbalancingv2: add load balancer lookups (#11089) (0153028), closes #11088
pipelines: room for extra sequential intermediary actions in CdkStage addApplication() (#11376) (32c164c)
pipelines: ShellScriptAction can configure environment (#11229) (ab9bcf2), closes #10919
region-info: added AppMesh ECR account for eu-south-1 region (#11207) (54c276d)
route53-targets: aws-apigatewayv2 target (#10191) (030c5c5)

Bug Fixes

apigateway: api key not supported for SpecRestApi (#11235) (52da8cb), closes #11079
appsync: HttpDataSource extends BackedDataSource instead of BaseDataSource (#11185) (4b4d011), closes #11183
cfn-include: Fn::FindInMap cannot be used for boolean properties (#11323) (47b698e), closes #11300
cli: deployments are skipped if stack is in a _failed state (#10847) (4887ba6), closes #10784
cli: Python id parameter in init template conflicts with built-in (#10874) (37a149b)
cloudwatch: composite alarm ARN uses wrong separator (#11186) (3009490)
elasticsearch: use correct latency metric names (#11175) (7ab5ab8), closes #11174
rds: customizing secret results in unusable password and lost attachment (#11237) (a4567f5), closes #11040

apigatewayv2: move lambda and http proxy integrations to the 'integrations' module (#11339) (17611d6)

1.72.0 (2020-11-06)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

rds: Serverless cluster enableHttpEndpoint renamed to enableDataApi
stepfunctions-tasks: type of outputLocation in the experimental Athena StartQueryExecution has been changed to s3.Location from string

Features

apigatewayv2: http api - endpoint url (#11092) (c200413), closes #10651
apigatewayv2: vpc link and private integrations (#11198) (e87a6a3), closes #10531 #10119 aws/jsii#1947
appmesh: add Virtual Gateways and Gateway Routes (#10879) (79200e7)
appsync: add RDS datasource (#9258) (23d0943), closes #9152
appsync: support custom cloudWatchLogsRoleArn for GraphqlApi (#10357) (bed89a5), closes #9441
ec2: Add Lambda interface endpoint (#11260) (9d0c935), closes #11259
intro "Names.uniqueId()" instead of the deprecated "node.uniqueId" (#11166) (5e433b1), closes aws/constructs#314
ecs-patterns: add option to create cname instead of alias record (#10812) (89a5055)
ecs-service-extensions: create an Environment from attributes (#10932) (d395b5e), closes #10931
rds: add grant method for Data API (#10748) (884539b), closes #10744

Bug Fixes

apigateway: changes to gateway response does not trigger auto deployment (#11068) (0c8264a), closes #10963
cfnspec: incorrect Route 53 health check configuration properties in CloudFormation specification (#11280) (f3c8b50), closes #issuecomment-717435271 #11096
cli: --no-previous-parameters incorrectly skips updates (#11288) (1bfc649)
core: many nested stacks make NodeJS run out of memory (#11250) (c124886)
core: multiple library copies lead to 'Assets must be defined within Stage or App' error (#11113) (fcfed39), closes #10314
core: support docker engine v20.10.0-beta1 (#11124) (87887a3)
dynamodb: Misconfigured metrics causing empty graphs (#11283) (9968669)
ecs: redirect config should honor openListener flag (#11115) (ed6e7ed)
event-targets: circular dependency when the lambda target is in a different stack (#11217) (e21f249), closes #10942
pipelines: asset stage can't support more than 50 assets (#11284) (5db8e80), closes #9353
secretsmanager: can't export secret name from Secret (#11202) (5dcdecb), closes #10914
secretsmanager: Secret.fromSecretName doesn't work with ECS (#11042) (fe1ce73), closes #10309 #10519
stepfunctions: stack overflow when referenced json path finding encounters a circular object graph (#11225) (f14d823), closes #9319
stepfunctions-tasks: Athena* APIs have incorrect supported integration patterns (#11188) (0f66833), closes #11045 #11246
stepfunctions-tasks: incorrect S3 permissions for AthenaStartQueryExecution (#11203) (b35c423)
explicitly set the 'ImagePullPrincipalType' of image (#11264) (29aa223), closes #10569

1.71.0 (2020-10-29)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

synthetics: runtime is now a required property.

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

core: Creation stack traces for Lazy values are no longer captured by default. The CDK_DEBUG=true environment variable must be set in order to capture stack traces (this is also achieved by using the --debug option of the cdk CLI). Users should not need those stack traces most of the time, and should only enable creation stack trace captures when tyring to troubleshoot a resolution error that they are otherwise unable to trace back.

Features

autoscaling: CloudFormation init for ASGs (#9674) (bdf1d30), closes #9065 #9664
cli: --all flag to select all stacks (#10745) (bcd9d0a), closes #3222
cli: change virtualenv directory to .venv to comply with python recommendation (#10995) (a4a41b5), closes #9134
cli: disable version check (#10975) (575e47e), closes #10974
core: make creationStack collection for Lazy opt-in (#11170) (a3fae02)
init-templates: Java init template tests updated to JUnit 5 (#11101) (e0c00a1), closes #10694
upgrade "constructs" to 3.2.0 (#11145) (d85e3ed)
redshift: add publiclyAccessible prop (#11162) (9f8a6de), closes #11161
stepfunctions-tasks: Support for Athena APIs: StartQueryExecution, StopQueryExeuction, GetQueryResults and GetQueryExecution (#11045) (19180cc)
synthetics: The CloudWatch Synthetics Construct Library is now in Developer Preview (#11180) (b3b5f48)

Bug Fixes

aws-rds/aws-secretmanager: credentials.fromSecret does not access secretsmanager.ISecret (#11033) (35ad608), closes #11015
bootstrap: same-account modern bootstrapping still requires policy ARNs (#9867) (f5ab374), closes #8571
codebuild: ReportGroup name is ignored (#11080) (1e2250a), closes #11052
core: assets are duplicated between nested Cloud Assemblies (#11008) (c84217f), closes #10877 #9627 #9917
ec2: CfnInit cannot be used with custom constructs (#11167) (01c52c8)
region-info: incorrect S3 static website endpoint for us-gov-west-1 (#10920) (dde9c55), closes 40aws-cdk/region-info/build-tools/generate-static-data.ts#L47-L49

1.70.0 (2020-10-23)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

cognito: the UserPoolIdentityProviderBase abstract class has been removed. Use the UserPoolIdentityProvider* classes directly.

Features

cloudfront: brotli compression support (#10950) (dd81e77), closes #10947
cloudfront-origins: move cloudfront-origins to Developer Preview (#11005) (6956aad), closes #10831
codebuild: add COMMIT_MESSAGE support for webhook FilterGroup (#11011) (fd8bce3), closes #9033
cognito: Cognito User Pools is now in Generally Available (stable) (#11003) (7435db8)
events-targets: add support for Kinesis Firehose as a target (#10400) (b93cda6), closes #10349
lambda-event-sources: disable source mapping (#10927) (f4f53a6), closes #5750

Bug Fixes

cloudfront: logging bucket uses global domain name (#10945) (aa3f3fd), closes #10923
lambda-nodejs: docker build is not working (#10885) (191d7b7), closes #10881
ses-actions: invalid action in policy statement created when using SES S3 action (#11061) (5dc1d96)
cognito: reorganize identity providers structure so that UserPoolIdentityProviderBase is not exported (#10925) (60f493c)

1.69.0 (2020-10-19)

Features

apigatewayv2: configure description for HttpApi (#10863) (895372f)
pipelines: temporarily disable self-mutation (#10466) (8ffabb4)

Bug Fixes

apigateway: cannot configure stage for SpecRestApi (#10749) (62a2286), closes #10300
apigateway: lambda integration does not recognize allowTestInvoke (#10828) (650c23f), closes #7605 #7604
cli: cdk context --reset <number> does not work (#10753) (2f3a167), closes #3033 #10619
cli: failure if account cache is malformed (#10887) (9b2438a)
lambda-python: asset hashes changed (#10959) (b8de264), closes #10958 #10957

1.68.0 (2020-10-15)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

config: scopeToResource(), scopeToResources() and scopeToTag() APIs have been removed. Use the ruleScope property to restrict the scope of a Config rule. fromResource(), fromResources() and fromTag() can be used from the RuleScope class.
cloudfront: Distribution behaviors now enable compression by default
cloudfront: Distribution forwardQueryString and forwardQueryStringCacheKeys have been removed in favor of cachePolicy and the new CachePolicy construct.
cloudfront: Distributions now default to the "CachingOptimized" managed cache policy

Features

apigateway: autodetermine the private integration uri (#10730) (46df4a7), closes #10435
apigateway: grant methods to ApiKey (#10633) (23f77fd), closes #8060
apigateway: metric methods for RestApi (#10667) (45b1e36), closes #8321
apigateway: mTLS support (#10521) (eb2c568), closes #10487
apigatewayv2: http api - metric methods for api and stage (#10686) (aae5d1d), closes #10325 #10726
appsync: MappingTemplate.dynamoDbQuery - add ability to specify secondary index (#10647) (346dbf4)
aws-ec2: vpc flow log s3 bucket prefix support (#10779) (11ce726), closes #10778
aws-ecs-builder: add public ip support (#10646) (cf26821), closes #10644
cfnspec: cloudformation spec v18.7.0 (#10864) (0bb133e)
cloudfront: Distribution is now in Developer Preview (#10831) (fe8d5e6)
cloudfront: support for cache policies (#10656) (5a97d27), closes #9644
cloudfront: support for origin request policies (#10765) (08efc96), closes #10656 #10656 #9647
codedeploy: Custom lambda deployment config (#10462) (60ab50f)
cognito: user pool identity support for Google (#10649) (49ede22)
config: convenience class with static constants for referencing AWS managed rules (#10834) (85738de)
config: Scope class for scoping config rules to a specific resource, resource types, tags (#10821) (25eb1c2)
config: the AWS Config Construct Library is now Generally Available (stable) (#10875) (88e1cd9)
core: BundlingDockerImage now supports run() and cp() utilities (#9728) (37fdc94), closes #9329
ec2: add c5a instance class (240d4b5)
ec2: t4g instances (#10817) (5e0cd2b), closes #10816
eks: Auto select AMI type for T4g instance type (#10360) (a4bac34), closes #10361
eks: Support KubernetesVersion 1.18 (#10854) (25897d6), closes #10853
events-targets: allow passing a role to the CodeBuild target (#10865) (f085a09)
lambda-python: bundle dependencies in a lambda layer (#9582) (aebac92), closes #9406 #9944
pipelines: support SecurityGroups for ShellScriptAction (#10770) (f9afbc5), closes #10621
s3: Support virtual-hosted style bucket URLs (#10326) (227fb81), closes #10319
secretsmanager: hosted rotation (#10790) (2cb8e22)

Bug Fixes

cloudfront: compression disabled by default for Distribution (#10794) (3327b7f)
codebuild: add BatchPutCodeCoverages permission to Project by default (#10835) (dec8e07)
core: CfnCodeDeployBlueGreenHook outputs empty optional objects to the template (#10809) (d88f034), closes #10803
core: partial wildcards don't work with selective bundling (#10767) (f7ce079), closes #10732
dynamodb: grantTableListStreams() permissions have incorrect Resource (#10631) (b2f16b3), closes #9511
ec2: VPN preSharedKey cannot be a Token (#10725) (55fa055), closes #10723
events: cannot use tokens as event bus name (#10772) (8bee193), closes #10467
lambda: grantInvoke on imported function fails (#10622) (99111f7), closes #8828 #10607
lambda-nodejs: cache performance (#10763) (d34773f)
s3: correct write permission with key decrypt (#10679) (c39cf95), closes #8947
s3-deployment: User metadata was added with wrong prefix (x-amzn-meta-) (#10678) (6b3687c), closes #8459

1.67.0 (2020-10-07)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

monodk-experiment: This package is now deprected in favor of monocdk. Note that monocdk is still experimental.

Features

aws-ec2: KINESIS_FIREHOSE vpc endpoint (#10682) (08ae745), closes #10611
cfnspec: cloudformation spec v18.6.0 (#10762) (6078cab)
cloudfront-origins: customize origin access identity in s3origin (#10491) (dbb7e34), closes #9859
core: pass environment variables to CustomResourceProvider (#10560) (320ec72), closes #9668
efs: add support for backup policy (#10524) (41f6de2), closes #10414
eks: Support cdk8s charts (#10562) (e51921d)
rds: add clusterArn property to IServerlessCluster (#10741) (1559fe9), closes #10736
readme: deprecate Gitter in favor of cdk.dev Slack (#10700) (c60764e)

Bug Fixes

cli: 'stack already contains Metadata resource' warning (#10695) (e0b5508), closes #10625
cli: deploying a transformed template without changes fails (#10689) (d345919), closes #10650
cloudfront-origins: S3Origins with cross-stack buckets cause cyclic references (#10696) (0ec4588), closes #10399
codepipeline-actions: correctly name the triggering Event in CodeCommitSourceAction (#10706) (ff3a692), closes #10665
core: cannot override properties with . in the name (#10441) (063798b), closes #10109
core: Stacks from 3rd-party libraries do not synthesize correctly (#10690) (7bb5cf4), closes #10671
ec2: addExecuteFileCommand arguments cannot be omitted (#10692) (7178374), closes #10687
ec2: InitCommand.shellCommand() renders an argv command instead (#10691) (de9d2f7), closes #10684
ec2: memory optimised graviton2 instance type (#10615) (a72cfbd)
elbv2: metric(Un)HealthyHostCount don't use TargetGroup dimension (#10697) (9444399), closes #5046
glue: GetTableVersion permission not available for read (#10628) (b0c5699), closes #10577
glue: incorrect s3 prefix used for grant* in Table (#10627) (4d20079), closes #10582
pipelines: cannot use constructs in build environment (#10654) (bf2c629), closes #10535
pipelines: pipeline doesn't restart if CLI version changes (#10727) (0297f31), closes #10659
rds: secret for ServerlessCluster is not accessible programmatically (#10657) (028495e)
redshift: Allow redshift cluster securityGroupName to be generated (#10742) (effed09), closes #10740
stepfunctions: X-Ray policy does not match documentation (#10721) (8006459)

1.66.0 (2020-10-02)

Features

cfnspec: cloudformation spec v18.4.0 (#10493) (fa50369)
cfnspec: cloudformation spec v18.5.0 (#10636) (e99cf63)
events-targets: option to provide an existing role to use with the StepFunctions State Machine target (#10551) (b96efd8), closes #8255

Bug Fixes

codebuild: permissions for Project in VPC used incorrect AWS partition (#10637) (b207888), closes #10634
codecommit: use region given in fromRepositoryArn when creating clone urls (#10639) (934553c), closes #10630
core,cx-api: docker bundling fails during tests on macOS (#10620) (0331508), closes #10262

1.65.0 (2020-09-30)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

aws-appmesh: VirtualNode no longer has accessLog set to "/dev/stdout" by default
cognito: refreshToken property is now removed from UserPoolClient. It will be included if any other authFlow is enabled.
synthetics: the default runtime is now syn-nodejs-2.0
eks: cluster.addChart renamed to cluster.addHelmChart
eks: NodegroupOptions.launchTemplate renamed to NodegroupOptions.launchTemplateSpec
eks: cluster.addAutoScalingGroup renamed to cluster.connectAutoScalingGroupCapacity
eks: cluster.addNodegroup renamed to cluster.addNoedgroupCapacity
eks: cluster.addCapacity renamed to cluster.addAutoScalingGroupCapacity
eks: CapacityOptions renamed to AutoScalingGroupCapacityOptions. Resolves #10364
rds: the default generated password exclude characters set for Instance, Cluster and DatabaseSecret is now " %+~`#$&*()|[]{}:;<>?!'/@\"\\"
rds: the default generated password exclude characters for addSingleUserRotation() and addMultiUserRotation() in Cluster and Instance is now " %+~`#$&*()|[]{}:;<>?!'/@\"\\"
rds: Instance.addSingleUserRotation() now takes options object as the first argument, instead of just Duration
rds: Cluster.addSingleUserRotation() now takes options object as the first argument, instead of just Duration
rds: SnapshotCredentials.fromGeneratedPassword() now takes an option object as the second argument, instead of just IKey
rds: DatabaseInstanceProps and DatabaseInstanceFromSnapshotProps - masterUsername, masterUserPassword and masterUserPasswordEncryptionKey moved to credentials as a new Credentials class.
rds: Login renamed to Credentials. Use Credentials.fromUsername to replace existing usage.
rds: DatabaseClusterProps masterUser renamed to credentials.

Features

aws-appmesh: adds access logging configuration to Virtual Nodes (#10490) (e96b5aa)
aws-ecs-builder: RFC 219 - An extendable service class for AWS ECS (#10129) (d95af00)
batch: Importing a JobDefinition from name using fromJobDefinitionName (#10448) (7ce91e8), closes #7172
cognito: import existing user pool domain (#10550) (37e2c35), closes #9988
core: add parseDomainName to Fn class (#10465) (799da48), closes #5433
ec2: c6 graviton2 instance classes (#10558) (0d4d44f), closes #10372
ecs-patterns: allow passthrough of security groups to service (#10501) (e349004), closes #8953
eks: EKS is now in Developer Preview (#10518) (b2ce3aa)
elasticsearch: L2 for ElasticsearchDomain (#8369) (33ce50f)
lambda: kafka topic as an event source (#10445) (dac1e12)
lambda-event-sources: dead letter queue and filter policy for sns event source (#10567) (d70808b)
pipelines: allow disabling of KMS keys (#10396) (1f7311f), closes #10115 #10474
pipelines: Allow specifying a VPC for pipelines.CdkPipeline, standardNpmSynth, and standardYarnSynth (#10453) (2e0824b), closes #9982
rds: add support for update and backup properties to Cluster instances (#10324) (4a4c154), closes #9926 #10092
rds: add the ability to exclude characters when generating passwords for Cluster, Instance, DatabaseSecret (3b88256), closes #4144
rds: construct for Aurora Serverless Clusters (#10516) (0d7d07e), closes #929
add configuration for GitHub CodeSpaces (#10470) (bf3cc21), closes #10447
rds: support setting database master users from existing secrets (#10458) (c7c7851), closes #7927
rds: the RDS Construct Library is now Generally Available (#10610) (ccfa73f)
rds: the unversioned Cluster engine constants are no longer deprecated (#10605) (86e6455)
s3: support replication and restore s3 notification event types (#10552) (ee0db39), closes #10498
support the 'Description' resource attribute (#10522) (d68ce2f)
stepfunctions-tasks: support for SageMaker APIs: CreateEndpoint, CreateEndpointConfig, CreateModel, and UpdateEndpoint (#10187) (84738ee)
synthetics: syn-nodejs-2.0 runtime (#10574) (a3c41ae)

Bug Fixes

appsync: multiple interface types generates invalid schema (#10481) (6f2d393), closes #10479
cfn-include: Fn::GetAtt with a string argument fails to include (#10546) (6a24026)
cli: listing same stack multiple times fails (#10554) (44c1f20), closes #9667
cli: OS usernames cannot have Unicode characters (#10451) (635f0ed), closes #10401
cloudfront: logging bucket uses regional domain name (#10570) (19dd454), closes #2554 #10512
codebuild: encryptionKey cannot be disabled (#10474) (4aadaa7)
codepipeline-actions: use token as CodeCommitSourceAction branch (#10463) (94bbabf), closes #10263
cognito: authFlows require refreshToken in all scenarios (#10561) (c0a3cb4), closes #7625
cognito: callback URLs are specified when OAuth is disabled for user pool clients (#10588) (fbd48b2), closes #10311
core: bundling with staging disabled returns a relative path (#10507) (e9b5b8c), closes #9576 #10367
core: properties set to false are not rendered in the template (#10539) (b42d4e9), closes #10455
core: write Metadata resource in core framework (#10306) (fb39803)
pipelines: stack tags (#10533) (97bfd10), closes #9260
rds: allow creating Proxies for imported resources (#10488) (c502114), closes #9195
rds: default username 'admin' doesn't work for PostgreSQL (#10597) (8a04014), closes #10458 #10579
secretsmanager: cannot import secrets by ARN without suffix (#10609) (3a1d38e), closes #10604
secretsmanager: cannot import secrets if ARN is a token (#10568) (350105a), closes #10309 #10520
stepfunctions: JsonPath does not support path with array (#10553) (07d14ae), closes #9403
stepfunctions: States.ALL doesn't appear last in Retry and Catch arrays (#10538) (a8d7282), closes #10530

1.64.1 (2020-09-25)

Bug Fixes

eks: KubernetesPatch and FargateCluster creates a circular dependency and breaks deployment (#10536) (f0f8a63), closes #10528

1.64.0 (2020-09-22)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

codedeploy: the default policy for LambdaDeploymentGroup no longer contains sns:Publish on * permissions
cfn-include: the construction property 'nestedStacks' of class 'CfnInclude' has been renamed to 'loadNestedStacks'
rds: removed protected member subnetGroup from DatabaseCluster classes
rds: Cluster now has deletionProtection enabled if its removal policy is RETAIN
rds: Instance now has deletionProtection enabled by default only if its removal policy is RETAIN
eks: Clusters previously running k8s version other than 1.15 and bottlerocket AMI(aws-k8s-1.15 variant) will trigger AMI and node replacement.

Features

cfn-include: add 'loadNestedStack()' method (#10292) (9d6817f)
cfn-include: the package cloudformation-include is now 'Developer Preview' (#10436) (d45a57c)
cfnspec: cloudformation spec v18.3.0 (#10385) (dbdc7ff)
cli: skip bundling for operations where stack is not needed (#9889) (28cee39), closes #9540
codedeploy: change LambdaDeploymentGroup default managed policy to AWSCodeDeployRoleForLambdaLimited (#10276) (13e7bde)
cognito: user pool client logout urls (#10301) (5111837)
custom-resource: allow referencing resource id in updates/deletes (#10327) (a726dad), closes #10305
ec2: generic ssm backed machine image (#10369) (1dbad6e)
ec2: user-defined subnet selectors (#10112) (491113d)
eks: bottlerocket versoin follows the cluster k8s versoin (#10189) (19638a6), closes #10188
events-targets: supports to specify fargate platform version (#10223) (3dcd01e), closes #10186
lambda-nodejs: custom bundling image (#10270) (a2174a4), closes #10194
pipelines: support VPC property in ShellScriptAction (#10240) (08a3c55), closes #9982
rds: add SQL Server version 15.00.4043.16.v1 (#10289) (a578ef8), closes #10273
rds: S3 import and export for DatabaseInstances (#10370) (80a2ac9), closes #4419
rds: support existing cluster subnet groups (#10391) (a1df511), closes #9991
redshift: support existing cluster subnet groups (#10340) (5ad8cdb), closes #9241
secretsmanager: import secrets by name (#10309) (a8e8ed3), closes #7444 #7949 #7994
add support for the 'Version' resource attribute (#10376) (aac235a)
stepfunctions: added new condition operators (#9920) (b8490f2)
stepfunctions: support X-Ray tracing (#10371) (#10374) (ad011c0)
stepfunctions-tasks: handle Lambda service exceptions (#10386) (edf75b6)

Bug Fixes

bootstrap: no longer creates KMS master key by default (#10365) (bedd4c0), closes #10115
bootstrapping: --cloudformation-execution-policies not checked (#10337) (ad9a705)
cfn-include: allow referring to Conditions in Outputs and Rules (#10373) (4751f42)
cfn-include: correctly handle the 'AWS::CloudFormation::CustomResource' resource type (#10415) (1a5a024)
cli: --profile is ignored if AWS_ variables are set (#10362) (957a12e)
cli: cdk synth fails if AWS_ credentials have expired (#10343) (406f665), closes #7849
cli: stack outputs aren't sorted (#10328) (9f430fc)
cloudwatch: LTE operator renders wrong symbol (#10418) (2543584), closes #8913
codebuild: Project.addFileSystemLocation does not work without providing locations at construction (#10460) (994d3c3), closes #10442
core: CfnParameter of Number type cannot be used as a string (#10422) (28adc88), closes #10228
diff: deepEqual may miss difference other than DependsOn (#10394) (9bcaf75), closes #10322
diff: allow strings to be passed for boolean properties (#10378) (673dd82)
diff: handle YAML short-forms like '!GetAtt' in diff (#10381) (457e109), closes #6537
dynamodb: cannot change serverSideEncryption from true to false (#8450) (7a266b5), closes #8286
ec2: InitFile does not work on Windows (#10450) (84b9d5e), closes #10390
eks: cannot import a cluster with cdk managed kubectlPrivateSubnets (#10459) (10d0a36)
eks: circular dependencies when security groups from other stacks are used (#10339) (857acbb)
lambda: unable to add permissions to imported lambda functions (#8828) (9bf8e13), closes #7588
lambda-nodejs: local parcel not detected (#10268) (457fab8)
pipelines: make CdkPipeline build stage optional (#10345) (e9ffa67), closes #10148
rds: cannot use s3ImportBuckets or s3ExportBuckets with aurora postgres (#10132) (cb6fef8), closes #4419 #8201
SSM Association 'parameters' property has incorrect type (#10316) (7b5c9d2), closes #3092
rds: standardize removal policies and deletion protection (#10412) (75811c1)
redshift: cluster defaultChild broken after adding subnet group (#10389) (746dfe2), closes #10340
s3-notifications: lambda destination creates a circular dependency when bucket and lambda are in different stacks (#10426) (7222b5d)
ecs: DockerVolumeConfiguration.labels changed from an array to a map. This was a long standing latent bug and in fact configuring labels in the old format would have resulted in the wrong behavior. (#10385)

1.63.0 (2020-09-12)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

appsync: force apiKeyConfig require a Expiration class instead of string
appsync: Parameter apiKeyConfig takes Expiration class instead of string
core: custom implementations of IStackSynthesizer must now implement synthesize() instead of synthesizeStackArtifacts().
aws-batch: Changed type of ComputeResources.computeResourcesTags from Tag to map

Features

appsync: add authorization config to the HttpDataSource (#10171) (b2cc277), closes #9971 #9934
appsync: add support for subscriptions for code-first schema generation (#10078) (65db131), closes #9345
appsync: implement directives for code-first approach (#9973) (088cd48), closes #9879
appsync: support enumeration types for code-first approach (#10023) (30a5b80), closes #10023
appsync: support union types for code-first approach (#10025) (28a9834)
cfn-include: add support for Hooks (#10143) (4de68c0), closes #9713
cfn-include: allow renaming the template elements logical IDs (#10169) (cf746a0), closes #9714
chatbot: log retention support and metrics utility methods (#10137) (0f0d1e7), closes #10135
cli: support credential_source in aws shared config file (#10272) (940a443)
codebuild: add git submodule options of codebuild (#10283) (698e5ef), closes #10271
eks: arm64 support (#9875) (ffb84c6), closes #9915
eks: bump aws-node-termination-handler to 0.9.5 (#10278) (8cfc190), closes aws/aws-cdk#10277
eks: managed nodegroup with custom AMI and launch template support (#9881) (5c294fb), closes #9873
elasticloadbalancingv2: more health check validations to NLB target group (#3703) (#10205) (e3f3332)
elasticloadbalancingv2: multiple security groups for ALBs (#10244) (1ebf362), closes #5138
lambda-nodejs: improved project root detection (#10182) (cce83dc), closes #10174
pipelines: adding IAM permissions to ShellScriptAction (#10149) (ec15485), closes #9600
rds: database clusters from snapshots (#10130) (915eb4b), closes #4379
rds: deprecate OracleSE and OracleSE1 engine versions (#10241) (562f891), closes #9249
rds: metrics for clusters (#10162) (49f6034), closes #5212
route53-patterns: support IPv6 in HttpsRedirect (#10203) (a1f6e1b)
secrets-manager: exclude characters for password rotation applications (#10110) (1260d52), closes #4144

Bug Fixes

appsync: strongly type expires prop in apiKeyConfig (#9122) (287f808), closes #8698
aws-batch: computeResources tags are not configured properly (#10209) (40222ef), closes #7350
cfn-include: correctly parse YAML strings in short-form GetAtt (#10197) (a388d70), closes #10177
cfn-include: correctly substitute falsy parameter values (#10195) (8791f88), closes #10107
cli: metadata not recorded for templates >50k (#10184) (dfd2baf)
cli: simplify lib template (#10175) (fc3ec9b)
cli: unable to set termination protection for pipeline stacks (#9938) (a00a4ee)
cloudfront: comment for origin access identity is too long (#10266) (495aeb9), closes #10211
codepipeline: cross-region support stack requires bootstrapping (#10217) (b5ff4d6), closes #10215
core: DefaultSynthesizer breaks this.node.setContext() on Stack (#10246) (61865aa)
core: Stacks render CloudFormation elements in nested Stages (#10156) (5f36f6b), closes #9792 #9669
custom-resources: deleting custom resource fails when using two or more (#10012) (8d23f24)
ec2: cfn-init user data hash not updated if file asset changes (#10216) (0d7ca63), closes #10206
eks: restricted public access breaks cluster functionality (#10103) (a1b5bf6)
kms: do not change the principal to root for imported resources in dependent Stacks (#10299) (54dfe83), closes #10166
lambda-nodejs: permission denied, mkdir '/.parcel-cache' (#10181) (20f5535)
pipelines: changing synth action doesn't restart pipeline (#10176) (14c8a98), closes #9458
pipelines: check for an empty Stage object (#10153) (cec20c8), closes #9559
rds: Make most DatabaseClusterAttributes properties optional (#10291) (0653e6b), closes #3587

1.62.0 (2020-09-03)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

eks: when importing EKS clusters using eks.Cluster.fromClusterAttributes, the clusterArn attribute is not supported anymore, and will always be derived from clusterName.
eks: Only a single eks.Cluster is allowed per CloudFormation stack.
eks: The securityGroups attribute of ClusterAttributes is now securityGroupIds.
cli: --qualifier must be alphanumeric and not longer than 10 characters when bootstrapping using newStyleStackSynthesis.

Features

appsync: support Input Types for code-first approach (#10024) (3f80ae6)
appsync: support query & mutation generation for code-first approach (#9992) (1ed119e), closes #9308 #9310
aws-chatbot: Support L2 construct for SlackChannelConfiguration of chatbot. (#9702) (05f5e62), closes #9679
bootstrap: customizable bootstrap template (#9886) (2596ef7), closes #9256 #8724 #3684 #1528 #9681
cli: control progress output style with --progress=bar|events (#9623) (56de5e1), closes #8696
cloudfront: import existing CloudFrontWebDistributions (#10007) (ff33b54), closes #5607
cloudfront: support includeBody for Lambda@Edge (#10008) (9ffb268), closes #7085
ecs: bottlerocket support (#10097) (088abec), closes #10085
eks: kubectl layer customization (#10090) (0aa7ada), closes #7992
eks: support adding k8s resources to imported clusters (#9802) (4439481), closes #5383
logs: specify log group's region for LogRetention (#9804) (0ccbc5d)
pipelines: SimpleSynthAction takes array of build commands (#10152) (44fcb4e), closes #9357
pipelines: add control over underlying CodePipeline (#10148) (41531b5), closes #9021
rds: add support for joining instance to domain (#9943) (f2d77d1), closes #9869
rds: custom security groups for OptionGroups (ea1072d), closes #9240
rds: custom security groups for OptionGroups (#10011) (5738dc1), closes #9240
rds: performance insights for DatabaseCluster instances (#10092) (9c1b0c1), closes #7957
rds: rename DatabaseInstanceNewProps.vpcPlacement to vpcSubnets (#10093) (ec423ef), closes #9776
elasticloadbalancingv2: convenience method for ALB redirects (#9913) (5bed08a)

Bug Fixes

apigateway: burst and rate limits are set to unlimited when configured to 0 (#10088) (96f1772), closes #10071
appsync: GraphQLApi.UserPoolConfig requires DefaultAction (#10031) (6114045), closes #10028
aws-elasticloadbalancingv2: fix load balancer deletion protection to properly update when set to false (#9986) (a65dd19)
aws-sns: enable topic encryption with cross account keys (#10056) (327b72a), closes #10055
aws-stepfunctions-tasks: missing permission to get build status (#10081) (cbdd084), closes #8043
aws-stepfunctions-tasks: SageMaker create training job has incorrect property name for AttributeNames (#10026) (ba51ea3), closes #10014
cfn-include: allow Conditions to reference Mappings in their definitions (#10105) (aa2068f), closes #10099
cfn-include: allow parameters to be replaced across nested stacks (#9842) (9ea8d5c), closes #9838
cli: AssumeRole profiles require a [default] profile (#10032) (95c0332), closes #9937
cli: bootstrapping qualifier length not validated (#10121) (e069263), closes #9255
cli: Linux browser not supported for cdk docs (#9549) (663913f), closes #2847
cli: re-bootstrapping loses previous configuration (#10120) (4e5829a), closes #10091
cli: unable to upgrade new style bootstrap to version (#10030) (c5bb55c), closes #10016
cloudfront: Distribution does not add edgelambda trust policy (#10006) (9098e29), closes #9998
custom-resources: buffers returned by AwsCustomResource are unusable (#9977) (7f351ff), closes #9969 #10017
eks: creating a ServiceAccount in a different stack than the Cluster creates circular dependency between the two stacks (#9701) (1e96ebc), closes 40aws-cdk/aws-eks/lib/service-account.ts#L81-L95 40aws-cdk/aws-eks/lib/cluster.ts#L914-L923 40aws-cdk/aws-eks/lib/cluster.ts#L907-L909
eks: README.md grammar (#10072) (454cdc6)
elbv2: add protocol to AddNetworkTargetsProps (#10054) (c7c00e7), closes aws/aws-cdk#10044
elbv2: consider default protocol when validating redirectHTTP (#10100) (9e4c6d2)
glue: tables not including classification (#9923) (61b45f3), closes #9902
lamba: Add Java 8 Corretto Runtime support (77f9703)
lambda: grantInvoke fails for imported IAM identities (#9957) (d748f44), closes #9883
lambda-nodejs: cannot stat error with jsx/tsx handler (#9958) (25cfc18)
lambda-python: allowPublicSubnet and filesystem not supported (#10022) (745922a), closes #10018 #10027
redshift: single-node clusters fail with node count error (#9961) (2cd3ea2), closes #9856
route53: value is too long error for TXT records (#9984) (fd4be21), closes #8244

1.61.1 (2020-08-28)

Bug Fixes

cli: unable to upgrade new style bootstrap to version (#10030) (8d3e422), closes #10016

1.61.0 (2020-08-27)

Features

appsync: implement resolvable fields for code-first schema (#9660) (9e3b798)
appsync: separating schema from graphql api (#9903) (8d71fa1)
cli: automatically determine region on EC2 instances (#9313) (1cf986d)
core: facility to warn when deprecated APIs are used (#9585) (b1d0ac0)
custom-resources: function name for AwsCustomResource (#9774) (6da6581), closes #9771
eks: envelope encryption for secrets (#9438) (65fd3e6), closes #9140
rds: deletion protection for RDS cluster (#9871) (ef98b9f), closes #6944
rds: grantConnect for database instances (#9887) (e893828), closes #1558
region-info: add information for af-south-1 and eu-south-1 regions (#9569) (9d76c26)
s3: imported buckets can have an explicit region (#9936) (f0c76ac), closes #8280 #9556
stepfunctions-tasks: add support for CodeBuild StartBuild API (#9757) (dae54ec), closes #8043

Bug Fixes

appsync: add dependency between apikey and schema (#9737) (4448794), closes #8168 #9736 #8168
bootstrap: add alias for the asset key (#9872) (952e686), closes #6719
cfn-include: allow numbers to be passed to string properties (#9849) (4c8c6f1), closes #9784
cfn-include: short form for Condition (#9865) (371e8da), closes #9785
core: Access Denied using legacy synthesizer with new bootstrap (#9831) (960ef12)
core: Duration incorrectly renders Days (#9935) (0ca09a7), closes #9906
elasticloadbalancingv2: imported listener ignores conditions attribute (#9939) (1c9b733), closes #8385 #9262 #9320 #9643
lambda: cannot use latest version in multiple cloudfront distributions (#9966) (71c60f2), closes #4459
lambda: grantInvoke fails on second invocation (#9960) (0fc5899), closes #8553
lambda-nodejs: incorrect working directory for local bundling (#9870) (a4185a0), closes #9632

1.60.0 (2020-08-19)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

cloudfront: Distribution: .domains must be specified if certificate is provided.
appsync: appsync.addXxxDataSource name and description props are now optional and in an DataSourceOptions interface.
appsync: the props name and description in addXxxDataSource have been moved into new props options of type DataSourceOptions
appsync: DataSourceOptions.name defaults to id
appsync: DataSourceOptions.description defaults to undefined

Features

amplify: automatic branch deletion (#9663) (4ee37a4), closes #9650
appsync: code-first schema allows for object type definition (#9417) (6f1782f), closes #9307
appsync: import existing graphql api (#9254) (5732b8e), closes #6959
aws-cloudwatch: log query widget visualisation types (#9694) (8debcf8), closes #9675
cli: MFA support (#6510) (611c48d), closes #1248
make imported resources account/region-aware (#8280) (d6278b3), closes #2807 #5740 #7012
cfn-include: add support for retrieving Mapping objects from the template (#9777) (a038304), closes #9711
cfn-include: add support for retrieving Rule objects from the template (#9783) (e4720bf), closes #9712
cloudfront: Distribution - alternate domains (#9699) (97e44a7)
codebuild: support images with WINDOWS_SERVER_2019_CONTAINER environment type (#9526) (d3813e7), closes #9484
custom-resources: optional latest SDK installation for AwsCustomResource (#9515) (effdd3c), closes #9289 #9322
ec2: CloudFormation init for files, packages, sources, users, & groups (#9664) (d6c44e8), closes #9065 #8788 #8788
ecs: add EfsVolumeConfiguration to Volume (#8467) (85ff9fd)
ecs: add support for automatic HTTPS redirect (#9341) (84a3ef6), closes #8488
lambda-nodejs: local bundling (#9632) (276c322)
pipelines: add PolicyStatements to CodeBuild project role (#9527) (c570d9c), closes aws/aws-cdk#9163
rds: CloudWatch logs exports for DB clusters (#9772) (118e5c6), closes #7810
rds: Validate log types for clusters (#9797) (85fdeb5), closes #9772 #9772 #9772

Bug Fixes

apigateway: access log format does not allow tokens (#9769) (a7c5c75), closes #9687
build: Prereq check - support paths with spaces. (9ca1d02), closes #9749
cfn-include: handle numbers expressed as strings in templates (#9525) (e9a4102), closes #9524
cli: "fancy" progress reporting not disabled on all CI systems (#9516) (97ef371), closes #8696 #8893
cli: CLI does not use regional endpoints (#9835) (34450b0), closes #9223
cli: stack monitor reads complete stack history every 5 seconds (#9795) (cace51a), closes #9470
cli: SynthUtils is not used (#9836) (9f1007e)
cloudformation-diff: DependsOn singleton arrays aren't equal to string values (#9814) (49cdb47)
cloudfront: all origin access identities have identical names (#9829) (ca79188), closes #9580
cloudfront: Distribution ignores webAclId (#9828) (366c781), closes #9635 #9824
cloudfront: Update Suported Security Protocol enum and set TLS_V1_2_2019 as a default version (#9738) (f6c25ad), closes #9212
codebuild: fails on using PR Events together with FILE_PATH filters in a FilterGroup (#9725) (fdaf6bc), closes #8867
codepipeline: Service Catalog action generated incorrect file path (#9773) (286ff50), closes #9767
eks: AMI changes in managed SSM store param causes rolling update of ASG (#9746) (44f7753), closes #7273
elbv2: NLB Target Group does not inherit protocol (#9331) (#9651) (171ab59)
lambda: compute platform missing for autocreated profiling group (#9716) (a8f4c9f)
lambda-nodejs: cannot bundle when entry file is named index.ts (#9724) (bb90fbe), closes #9709
lambda-nodejs: NodejsFunction construct incompatible with lambda@edge (#9562) (dfe2c5c), closes #9328 #9453
lambda-python: install rsync if necessary (#9763) (6edb6e6), closes #9704 #9349 #9582

1.59.0 (2020-08-14)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

eks: cluster.addResource was renamed to cluster.addManifest and KubernetesResource was renamed to KubernetesManifest
cloudfront: (cloudfront) Changed IDs for Distributions (will cause resource replacement).

Features

cfn-include: allow passing Parameters to the included template (#9543) (cb6de0a)
cfnspec: cloudformation spec v16.3.0 (#9452) (fb5068d)
cloudfront: Distribution support for logging, geo restrictions, http version and IPv6 (#9635) (4c62702)
codebuild: add support for GPU build images (#8879) (b1b4cee), closes #8408
codeguruprofiler: add support for ComputePlatform in ProfilingGroup (#9391) (5a64bc5)
ec2: CloudFormation-init support (#9065) (014c13a), closes #8788 #9063 #9063
eks: ability to query runtime information from the cluster (#9535) (4bc8188), closes #8394
synthetics: Synthetics L2 Support (#8824) (691b349), closes #7687

Bug Fixes

cloudfront: ensures origin groups are added with their own ID as a target (#9593) (246842f), closes #9561 #9561
cloudfront: Escape hatch support for Distribution (#9648) (cc229c2), closes #9620
codepipeline: S3 source Action with trigger=Events fails for bucketKey a Token (#9575) (43214b4), closes #9554
ec2: can't use imported Subnets in a SubnetSelection (#9579) (1c4eae8)

1.58.0 (2020-08-12)

Features

cloudwatch: alarm status widget (#9456) (41940d3)
cognito: better control sms role creation (#9513) (a772fe8), closes #6943
core: local bundling provider (#9564) (3da0aa9)
core: new annotations api (#9563) (ae9ed62), closes /github.com/aws/aws-cdk-rfcs/blob/master/text/0192-remove-constructs-compat.md#09
core: new APIs for Aspects and Tags (#9558) (a311428), closes /github.com/aws/aws-cdk-rfcs/blob/master/text/0192-remove-constructs-compat.md#02
ecs: Option to encrypt lifecycle hook SNS Topic (#9343) (38aad67)
events: use existing Role when running ECS Task (#8145) (aad951a), closes #7859
global-accelerator: referencing Global Accelerator security group (#9358) (1fe9684)
iam: validate policies for missing resources/principals (#9269) (60d01b1), closes #7615
lambda: autoscaling for lambda aliases (#8883) (d9d9b90)
readme: include partitions.io cdk board in "getting help" (#9541) (f098014)
"stack relative exports" flag (#9604) (398f872)
secretsmanager: Specify secret value at creation (#9594) (07fedff), closes #5810

Bug Fixes

cfn-include: allowedValues aren't included when specified by a parameter (#9532) (e7dc82f)
codedeploy: ServerDeploymentGroup takes AutoScalingGroup instead of IAutoScalingGroup (#9252) (9ff55ae), closes #9175
docdb: autoMinorVersionUpgrade property was not set to true by default as stated in the docstring (#9505) (e878f9c)
ec2: Volume grants have an overly complicated API (#9115) (74e8391), closes #9114
efs: LifecyclePolicy of AFTER_7_DAYS is not applied (#9475) (f78c346), closes #9474
eks: clusters in a FAILED state are not detected (#9553) (d651948)
eks: private endpoint access doesn't work with Vpc.fromLookup (#9544) (dd0f4cb), closes #9542 #5383
lambda: cannot create lambda in public subnets (#9468) (b46fdc9)
pipelines: CodeBuild images have (too) old Node version (#9446) (bd45f34), closes #9070
pipelines: manual approval of changeset uses wrong ordering (#9508) (5c01da8), closes #9101 #9101

1.57.0 (2020-08-07)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

apigatewayv2: The parameter for the method bind() on IHttpRouteIntegration has changed to accept one of type HttpRouteIntegrationBindOptions. The previous parameter IHttpRoute is now a property inside the new parameter under the key route.
eks: The experimental eks.Cluster construct no longer supports setting kubectlEnabled: false. A temporary drop-in alternative is eks.LegacyCluster, but we have plans to completely remove support for it in an upcoming release since eks.Cluster has matured and should provide all the needed capabilities. Please comment on https://github.com/aws/aws-cdk/issues/9332 if there are use cases that are not supported by eks.Cluster.
eks: endpoint access is configured to private and public by default instead of just public
lambda.Version and apigateway.Deployment resources with auto-generated IDs will be replaced as we fixed a bug which ignored resource dependencies when generating these logical IDs.
core: in unit tests, the node.path of constructs within stacks created the root of the tree via new Stack() will now have a prefix Default/ which represents an implicit App root.

cloudfront: the property OriginBase.originId has been removed

Features

apigateway: additionalProperties in RestApi Model supports JsonSchema type (#8848) (5e087e5), closes #8069
apigateway: configure endpoint types on SpecRestApi (#9068) (7673e48), closes #9060
apigateway: import API keys (#9155) (e3f6ae3), closes #8367
appsync: add x-ray parameter to AppSync (#9389) (51921ad)
cloudfront: add support for Origin Groups (#9360) (11e146c), closes #9109
cloudfront: Behaviors support cached methods, compression, viewer protocol, and smooth streaming (#9411) (2451fa9), closes #7086 #9107
core: implicit app for root stacks (#9342) (1d85a9f)
core: warn if an aspect was added via another aspect (#8639) (9d7bef7)
eks: default masters role (#9464) (b80c271), closes #9463
eks: deprecate "kubectlEnabled: false" (#9454) (2791017), closes #9332
eks: endpoint access customization (#9095) (692864c), closes #5220 /github.com/aws/aws-cdk/pull/9095#issuecomment-665621701
s3: Introduce S3 Inventory (#9102) (b0f359e)

Bug Fixes

apigatewayv2: cyclic dependency between HttpApi and the lambda function (#9100) (7b29774), closes #9075
athena: WorkGroup tags corruption (#9085) (b688913), closes #6936
aws-lambda-python: use cp instead of rsync (#9355) (056bcaf), closes #9349
cfn-include: fails to load SAM resources (#9442) (1de9dc8)
cfn-include: no longer concatenate elements of Fn::Join without tokens (#9476) (d038b61)
core: can't have multiple CfnRules in a Stack (#9500) (76a7bfd), closes #8251 #9485
core: docs for CfnMapping are not clear (#9451) (c1e3c57), closes #9432
dynamodb: allow using PhysicalName.GENERATE_IF_NEEDED as the Table name (#9377) (8ab7b10), closes #9374
ecs: Scope-down IAM permissions for ECS drain (#9502) (9fbeec3)
ecs: Scope-down IAM permissions on Cluster ASG (#9493) (1670289)
ecs-patterns: Adds missing option to secure ingress of ALB in Ap… (#9434) (ba1427f)
lambda: bundling docker image does not exist for Go runtime (#9465) (7666d9b), closes #9435

cloudfront: remove the originId property from OriginBase (#9380) (70b9f63)
do not use "synthesize" and "prepare" in the cdk (#9410) (e3ae645), closes /github.com/aws/aws-cdk/pull/9410#issuecomment-668552361

1.56.0 (2020-07-31)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

appsync: appsync prop schemaDefinition no longer takes string, instead it is required to configure schema definition mode.
appsync: schemaDefinition takes param SchemaDefinition.XXX to declare how schema will be configured
- SchemaDefinition.CODE allows schema definition through CDK
- SchemaDefinition.FILE allows schema definition through schema.graphql file
cloudfront: Removed origin classes from the aws-cloudfront module.
aws-cloudfront: Removed S3Origin and HttpOrigin from the aws-cloudfront module. Use the S3Origin and HttpOrigin classes in the aws-cloudfront-origins module instead.
aws-cloudfront: Renamed Origin to OriginBase.
cloudfront: the property Origin.domainName has been removed

Features

cfn-include: add support for the Fn::Sub function (#9275) (2a48495)
core: make the CfnParameter class mutable (#9365) (860966a), closes #9364

Bug Fixes

certificatemanager: DNS validation for wildcard certificates (#9291) (419278b), closes #9248
pipelines: reduce assets IAM policy size (#9333) (88d563f), closes #9316

appsync: strongly type schema definition mode (#9283) (b46aa99), closes #9301
cloudfront: README updates and notes of breaking changes (#9356) (fbb0418), closes #9326
cloudfront: small refactoring of the Origin API (#9281) (cbfdc15), closes #9109

1.55.0 (2020-07-28)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

lambda: the bundlingDockerImage prop of a Runtime now points to the AWS SAM build image (amazon/aws-sam-cli-build-image-<runtime>) instead of the LambCI build image (lambci/lambda:build-<runtime>)
appsync: pipelineConfig is now an array of string instead of CfnResolver.PipelineConfigProperty for usability.
appsync: pipelineConfig parameter takes in string []

Features

appsync: grant APIs for managing permissions (#8993) (e6dca52), closes #6772 #7871 #7313
aws-codepipeline: experimental support for ServiceCatalog deploy action (#9214) (950e51f)
cfn-include: handle resources not in the CloudFormation schema (#9199) (d287525), closes #9197
cfnspec: cloudformation spec v16.1.0 (#9074) (d1ca04f)
cfnspec: cloudformation spec v16.1.0 (#9216) (d4b68d3)
cloudfront: new aws-cloudfront-origins module, support for ALB/NLB origins (#9209) (27ee332), closes #9207
cloudfront: support Lambda@Edge for behaviors (#9220) (d3e5533), closes #9108
lambda: official lambda build docker images (#9211) (ae0cf2a), closes #9205
lambda-python: introducing LambdaPython (#9182) (4cc2834)
route53-patterns: the route53-patterns module is now stable (#9232) (add23bf)

Bug Fixes

appsync: resolver unable to set pipelineConfig (#9093) (dac9bb3), closes #6923
cloudfront: Set MinimumProtocolVersion and SslSupportMethod when specifying distribution certificate (#9200) (f99c327)
cloudtrail: missing sns publish permissions (#9239) (b4339a1)
codepipeline-actions: CodeDeployEcsDeployAction does not properly handle unnamed Artifacts (#9147) (ac612c6), closes #8971
pipelines: Reduce template size by combining IAM roles and policies (#9243) (1ac6863), closes #9066 #9225 #9237
rds: SQL Server instance engine uses incorrect major version (#9215) (eee8689), closes #9171
route53-targets: Add China Partition Support for CloudFrontTarget (#9174) (52a966a)
stepfunctions-tasks: EvaluateExpression error when key specified multiple times (#8858) (6506327), closes #8856

1.54.0 (2020-07-22)

Features

autoscaling: enable group metrics collections (#7432) (9867555)
cloudfront: Custom origins and more origin properties (#9137) (c807ff2), closes #9106
cloudfront: support origin groups for failover (#8740) (345389f)

Bug Fixes

apigatewayv2: Invalid mapping key value (#9141) (c88ad5f)
core: bundling corrupts stdout (#9202) (fadad22), closes #9186
kinesis: unable to use CfnParameter valueAsNumber to specify retentionPeriod (#9176) (3749c2a), closes #9038
lambda-nodejs: permission denied on npm cache (#9167) (4327843)
pipelines: prevent self-mutation on asset updates (#9183) (05fc934), closes #9080
pipelines: standardYarnSynth cannot have custom install command (#9180) (fdfed40), closes #9162

1.53.0 (2020-07-20)

Features

ec2: access a vpc's internet gateway (#7939) (cb5dad8), closes #5327
lambda-nodejs: connection reuse with aws-sdk (#9083) (44c0400)

Bug Fixes

cli: cli integ tests do not have a unique stack prefix (#9165) (968c460)

1.52.0 (2020-07-18)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

rds: the property 'version' has been changed from string to an engine-specific version class; use VersionClass.of() if you need to create a specific version of an engine from a string
rds: the property ParameterGroupProps.family has been renamed to engine, and its type changed from string to IEngine
rds: the property engineVersion in IClusterEngine changed from a string to EngineVersion
rds: the property engineVersion in IInstanceEngine changed from a string to EngineVersion
rds: the property parameterGroupFamily in IClusterEngine changed from required to optional
rds: the property parameterGroupFamily in IInstanceEngine changed from required to optional
rds: the class ClusterParameterGroup has been removed - use ParameterGroup instead
rds: DatabaseProxyProps.secret => DatabaseProxyProps.secrets[]
apigateway: defaultMethodOptions, defaultCorsPreflightOptions and defaultIntegration have been removed from SpecRestApiProps. These can be specifed directly in the OpenAPI spec or via addMethod() and addResource() APIs.
glue: The default location of glue data will be the root of an s3 bucket, instead of /data
rds: the class DatabaseClusterEngine has been replaced with the interface IClusterEngine in the type of DatabaseClusterProps.engine
rds: the class DatabaseInstanceEngine has been replaced with the interface IInstanceEngine in the type of DatabaseInstanceSourceProps.engine
rds: DatabaseClusterProps.engineVersion has been removed; instead, create an IClusterEngine with a specific version using the static factory methods in DatabaseClusterEngine
rds: DatabaseInstanceSourceProps.engineVersion has been removed; instead, create an IInstanceEngine with a specific version using the static factory methods in DatabaseInstanceEngine
rds: the property majorEngineVersion can no longer be passed when creating an OptionGroup; instead, create an IInstanceEngine with a specific version using the static factory methods in DatabaseInstanceEngine

Features

aws-stepfunctions-tasks: allow lambda invocations to combine input and function results (#9022) (846a222), closes #8943
certificatemanager: native CloudFormation DNS validated certificate (#8552) (337279f), closes #5831 #5835 #6081 #6516 #7150 #7941 #7995 #7996 #8282 #8659 #8783
cfn-include: add support for nested stacks (#8980) (bf12456), closes #8978
cloudfront: Initial CloudFront redesign (#8982) (d30fa9d)
codepipeline: add support for a StepFunctions invoke action (#8931) (499776d)
core: cloudformation resource metadata (#9063) (b0f8729), closes #8788
core: Duration.plus for adding durations (a127048)
custom-resources: custom resource provider log retention (#9024) (18c024c)
glue: default data location for tables is the root of the bucket (#8999) (28949bd), closes #8472
lambda: codeguru profiling groups (#8852) (8c01420)
lambda-nodejs: support build args (#9035) (e27658e), closes #8117
rds: Allow multiple secrets to be passed to an RDS Proxy (#9103) (2ab329f), closes #9098
rds: introduce type-safe engine versions (#9016) (fab7e28), closes #6532
rds: the RDS Construct Library is now in Developer Preview (#9119) (92e620c)
rds: unify ParameterGroup and ClusterParameterGroup (#8959) (17b690b), closes #8932
stepfunctions-tasks: assign boolean value in DynamoDB from state input (Json path) (#9088) (7b8ef5b), closes #9007

Bug Fixes

appsync: erroneous api key created when additional authorization is not configured (#9057) (6f934e9), closes #9054
cfn-include: fix issues in Conditions handling (#9142) (e8d0776)
cli: diff against multiple stacks do not always fail if any have a diff (#7690) (85f4a83), closes #7492
cli: unable to update stacks in UPDATE_ROLLBACK_COMPLETE (#8948) (72ec59b), closes #8779 /github.com/aws/aws-cdk/pull/8779#issuecomment-655258569 #8126 #5151
core: fix Duration.toIsoString() for millseconds (#9042) (8559117)
core: use any type for context (#9014) (375335e), closes #8865
custom-resources: Fix typo in README (#9126) (1e16a7f), closes #9024
ec2: Remove validation of availabilityZone from Volume (#9082) (8d470b2)
eks: cluster creation fails due to missing ec2:DescribeVpcs permission (#9029) (4a714ee)
lambda-event-sources: use of CfnParameter for maxBatchSize, retryAttempts & parallelizationFactor fails (#9064) (4470e89), closes #9044
lambda-nodejs: parcel tries to install @babel/core (#9067) (8d4c635), closes #9032
stepfunctions: Choice state does not allow state input as a condition (#8991) (db9d29b), closes #8990
stepfunctions: Map state does not render JSON paths from state input (#9008) (767da12), closes #8992
apigateway: remove default properties from SpecRestApi (#9099) (06842d6), closes #8347 /github.com/aws/aws-cdk/issues/8347#issuecomment-651900511 /github.com/aws/aws-cdk/issues/8347#issuecomment-652779763
rds: change the way Engines are modeled (#8686) (63cc1b4), closes #2213 #2512 #4150 #5126 #7072

1.51.0 (2020-07-09)

Features

cloudfront: Add connectionAttempts, connectionTimeout in origin configuration (#8573) (84b923f), closes #8572
Developer Preview of CDK Pipelines (#8868) (d2609bd), closes aws/aws-cdk-rfcs#49

Bug Fixes

appmesh: Update enums for appmesh (#8716) (64e3d88)
cli: Python sample app template does not follow PEP8 (#8936) (0717919)
codepipeline: set correct header assignment in S3 deployment cache control (#8864) (be1094b), closes #8774
ec2: VpcEndpoint AZ lookup fails for AWS services (#8386) (54e5c36)
iam: cannot import service role with a principal in its path (#8692) (55eb7d7), closes #8691

1.50.0 (2020-07-07)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

eks: version is now a mandatory property

Features

apigatewayv2: http api - custom domain & stage mapping (#8027) (5e43348), closes #7847
autoscaling: allow setting autoscaling group name (#8853) (38d8414)
cfn-include: add support for retrieving Output objects from the template (#8821) (0b09bbb), closes #8820
custom-resources: include handler log group in error messages (#8839) (8e055d4)
eks: document how to add a manifest from url (#8802) (b5acfaa), closes #8340
eks: support cluster version pinning (#8889) (a732d14), closes #7762
lambda: efs filesystems (#8602) (8529387), closes #8595
lambda-nodejs: allow jsx and tsx entry files (#8892) (4ba20fd)
s3-deployment: prune - keep missing files on destination bucket (#8263) (57914c7), closes #953
stepfunctions: stepfunctions and stepfunctions-tasks modules are now stable! (#8912) (ae2378c), closes #6489
stepfunctions-tasks: task for invoking a Step Functions activity worker (#8840) (021533c)

Bug Fixes

apigateway: Lambda integration for imported functions (#8870) (8420f96), closes #8869
config: cannot scope a custom rule without configurationChanges on (#8738) (841060d)
core: asset bundling fails with BuildKit (#8911) (c1d4e0f)
eks: incorrect enableDockerBridge value when enabled (#8895) (ea0552a), closes #5786
eks: kubectl resources fail before fargate profiles are created (#8859) (4fad9bc), closes #8854 #8574
eks: missing nodegroup identity in aws-auth after awsAuth.addMasterRole (#8901) (a9c66f7), closes #7595
lambda-nodejs: maximum call stack size exceeded with relative entry file path (#8907) (c585e18), closes #8902
rds: proxy for db cluster fails with model validation error (#8896) (7d47cfb), closes #8885 #8476

1.49.1 (2020-07-02)

Bug Fixes

apigateway: Lambda integration for imported functions (#8870) (c017f88), closes #8869

1.49.0 (2020-07-02)

Features

core: improved docker bundling performance on mac os (#8766) (99c12f5), closes #8544
eks: document how to define dependencies for resources and charts (#8780) (e38b692), closes #7592 #6806
rds: database proxy (#8476) (e0e5e03), closes #8475

Bug Fixes

apigateway: permission error in lambda integration when function name is modified (#8813) (f1b37ef), closes #5306
codebuild: project didn't have permissions to retrieve secret of image with credentials (#8845) (4326f24)
elasticloadbalancingv2: dualstack ALB missing default IPv6 ingress rule (#8798) (66f9634), closes #7043
lambda-nodejs: parcel build cannot find target (#8838) (ce7a015), closes #8837

1.48.0 (2020-07-01)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

stepfunctions-tasks: containerName is not supported as an override anymore and has been replaced by containerDefinition
stepfunctions-tasks: EvaluateExpression is now a construct representing a task state rather than an embedded property called task
backup: existing vaults that use a generated name will be replaced but existing recovery points won't be lost. The default vault removal policy is RETAIN and if it was set to DESTROY the deployment will fail because vault with recovery points cannot be deleted.

Features

autoscaling: bring your own security group (3698f47)
aws-cloudwatch: add comparison operators (#8812) (7003a09), closes #8808
cfn-include: add support for YAML templates (#8746) (293a937), closes #8745
cfnspec: cloudformation spec v16.0.0 (#8807) (4ce27f4)
cli: support multiple verbosity levels (#8749) (fa4196b)
ec2: Volume construct (#8219) (7490dee)
ec2: add 6xlarge InstanceSize (#8701) (4917c04)
ec2: natGateways=0 disables private subnets (#8817) (7f432ff), closes #4814
efs: Filesystem.addAccessPoint() (#8737) (127547a)
lambda-nodejs: external and install modules (#8681) (401594e), closes #6323 #7912
secretsmanager: add grantUpdate method (#8600) (4e72d1e), closes #8491
stepfunctions: class for working with Json paths to retrieve state machine data and context (#8647) (67978a1)
stepfunctions-tasks: evaluate expression as a task construct (#8555) (83fd2ae)
stepfunctions-tasks: task construct to call RunJob on ECS (#8451) (13deb26), closes #8610

Bug Fixes

apigateway: error defining lambda integration on imported RestApi (#8785) (05aaf42), closes #8679
backup: correctly validate Vault name (#8689) (07b330c)
backup: vault name may exceed 50 characters (#8653) (d09c121), closes #8627
batch: Invalid spot fleet service role (#8325) (034bc35), closes #6706
cli: post install warnings are not clearly visible when running cdk init (#8723) (2662db3), closes #8720
cli: unable to use "legacy" bootstrap with --public-access-block-configuration=false (#8755) (88f8e1e), closes #8728
cognito: cannot add multiple route53 targets to the same user pool domain (#8622) (32b54a5), closes #8603
core: bundling directory access permission is too restrictive (#8767) (1842168), closes #8757
eks: Helm chart timeout expects duration (#8773) (d1c2ef2), closes #8718
elbv2: Add missing accounts to ELBv2 Log Delivery. (#8715) (8914899)
rewrite: script ignores list of files (#8777) (bb514c1)
route53-targets: A/AAAA Alias Record to ELB cannot resolve IPv6 addresses (#8747) (87e2651), closes #6271
s3-notifications: broken permissions query in LambdaDestination (#8741) (10bd8e4), closes #8538

1.47.1 (2020-06-30)

Bug Fixes

Don't publish cdk.out directories (#8803) (aa21858)

1.47.0 (2020-06-24)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

stepfunctions-tasks: Dynamo* tasks no longer implementIStepFunctionsTask and have been replaced by constructs that can be instantiated directly. See README for examples

Features

cfn-include: add support for retrieving parameter objects (#8658) (52dc123), closes #8657
cfn-include: support logical id overrides (#8529) (d9c4f5e), closes #7375
cloudwatch: CompositeAlarm (#8498) (1e6d293)
efs: access point (#8631) (dde0ef5)
stepfunctions: grant APIs for state machine construct (#8486) (fe71364), closes #5933
stepfunctions-tasks: task constructs to call DynamoDB APIs (#8466) (a7cb3b7), closes #8108

Bug Fixes

appsync: Not to throw an Error even if 'additionalAuthorizationModes' is undefined (#8673) (6b5d77b), closes #8666 #8668
cli: cannot change policies or trust after initial bootstrap (#8677) (6e6b23e), closes #6581
cli: crash on tiny reported terminal width (#8675) (a186c24), closes #8667
toolkit: CLI tool fails on CloudFormation Throttling (#8711) (e512a40), closes #5637

1.46.0 (2020-06-19)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

stepfunctions-tasks: constructs for EMR* have been introduced to replace previous implementation which implemented IStepFUnctionsTask.
stepfunctions-tasks: sizeInGB property in VolumeSpecification has been renamed to volumeSize and is of type cdk.Size as we want to enable specifying any unit
stepfunctions-tasks: ebsRootVolumeSize property in EmrCreateCluster is now of type cdk.Size as we want to enable specifying any unit
stepfunctions-tasks: Tags in EmrCreateCluster type has changed from cdk.CfnTag[] to a map of string to string as we do not want to leak Cfn types
rds: the attribute securityGroupId has been removed from IDatabaseCluster, use cluster.connections.securityGroups instead
rds: DatabaseClusterAttributes.securityGroup has been changed to securityGroups, and its type to an array
rds: InstanceProps.securityGroup has been changed to securityGroups, and its type to an array
rds: the property engine can no longer be passed when creating a DatabaseInstanceReadReplica
rds: the property 'instanceClass' in DatabaseInstanceNewProps has been renamed to 'instanceType'
appsync: Changes way of auth config even for existing supported methods viz., User Pools and API Key.

Features

amplify: add "404 (Rewrite)" RedirectStatus (#7944) (21dda30)
amplify: support for GitLab source code provider (#8353) (f10da03)
apigateway: define Resources on imported RestApi (#8270) (21a1de3), closes #7391 #1477 #7391 #8347
appsync: add Construct for AppSync HTTP DataSource (#8009) (0592b36), closes #8007
appsync: enhances and completes auth config (#7878) (6d7ce65)
autoscaling: add instanceMonitoring option (#8213) (6e23ae7), closes #8212
awslint: publish as an external module (#8558) (378939c)
cfn-include: add support for all remaining CloudFormation functions except Fn::Sub (#8591) (8d699c5), closes #8590
cfn-include: add support for CreationPolicy and UpdatePolicy resource attributes (#8457) (2fc5372)
cfnspec: cloudformation spec v15.1.0 (#8547) (50f4a21)
cli: allow disabling of Public Access Block Configuration on bootstrap Bucket (#8171) (33f4746)
cli: new deployment monitoring (#8165) (f066c52)
cloudtrail: cloudtrail module is now stable! (#8651) (835f375)
cloudwatch: liveData in GraphWidget (#8579) (831092e), closes #8376
cognito: user pool - account recovery (#8531) (1112abb), closes #8502
cognito: user pool - identity provider attribute mapping (#8445) (1bd513b)
cognito: user pool client - disable OAuth easily (#8496) (f69cdfd), closes #8429
logs: MetricFilter exposes extracted Metric object (#8556) (a35a53b), closes #1353
upgrade JSII to version 1.7.0 (#8632) (1d26dbd)
cognito: user pools are now in developer preview (#8522) (4fcad9a)
core,s3-assets: custom bundling docker command (#8481) (2a6d90c), closes #8460
ec2: Add Step Functions interface endpoint (#8512) (d21231f)
efs: removal policy on FileSystem (#8593) (b17863b)
eks: expose cluster security group and encryption configuration (#8317) (03e85eb), closes #8276 #8276 #8236
eks: timeout option helm charts (#8338) (d1403cc), closes #8215
globalaccelerator: support Accelerator, Listener and EndpointGroup (#8221) (e4e8270), closes #5527
kms: import an Alias by name (#8299) (4611e69), closes #5953
lambda: configurable retries for log retention custom resource (#8258) (e17a49a), closes #8257
rds: multiple security groups in Cluster and Instance (#8510) (31925c1)
sns-subscriptions: Add support for SMS subscriptions (#8582) (82d8f11), closes #7882

Bug Fixes

apigateway: deployment fails when domain name has uppercase letters (#8456) (1e6a8e9), closes #8428
appsync: don't mix the json result with setting variables (#8290) (7ca74e0), closes #7026
autoscaling: can't configure notificationTypes (#8294) (01ef1ca)
cli: bootstrapping cannot be retried (#8577) (cad6649)
cloudtrail: Invalid arn partition for GovCloud (#8248) (5189170), closes #8247
core: asset bundling runs as root (#8492) (6df546f), closes #8489
core: asset staging custom hash generates invalid file names (#8521) (4521ae3), closes #8513
core: cannot use container assets with new-style synthesis (#8575) (357d5f7), closes #8540
core: incorrect temp directory when bundling assets (#8469) (9dc2e04), closes #8465
core: s3-deployments don't work with new bootstrap stack (#8578) (b2006c3), closes #8541
ec2: can't set natGateways=0 using reserved private subnets (#8407) (d7bf724), closes #8203
eks: can't define a cluster with multiple Fargate profiles (#8374) (1e78a68), closes #6084
eks: fargate profile deployment fails with missing iam:PassRole (#8548) (d6190f2), closes #8546
eks: fargate profile role not added to aws-auth by the cdk (#8447) (f656ea7), closes #7981
elbv2: allow non-TCP protocols in NLB TargetGroup (#8525) (387c1a8)
rds: 'engine' is no longer required in DatabaseInstanceReadReplica (#8509) (86d84e6)
rds: rename 'instanceClass' in DatabaseInstance to 'instanceType' (#8507) (e35cb1a)
secretsmanager: rotation function name can exceed 64 chars (#7896) (24e474b), closes #7885, #8442

1.45.0 (2020-06-09)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

stepfunctions-tasks: constructs for SageMakerCreateTrainingJob and SageMakerCreateTransformJob replace previous implementation that implemented IStepFunctionsTask.
stepfunctions-tasks: volumeSizeInGB property in ResourceConfig for SageMaker tasks are now type core.Size
stepfunctions-tasks: maxPayload property in SagemakerTransformProps is now type core.Size
stepfunctions-tasks: volumeKmsKeyId property in SageMakerCreateTrainingJob is now volumeEncryptionKey
cognito: requiredAttributes on UserPool construct is now replaced with standardAttributes with a slightly modified signature.
rds: DatabaseClusterProps.kmsKey has been renamed to storageEncryptionKey
rds: DatabaseInstanceNewProps.performanceInsightKmsKey has been renamed to performanceInsightEncryptionKey
rds: DatabaseInstanceSourceProps.secretKmsKey has been renamed to masterUserPasswordEncryptionKey
rds: DatabaseInstanceProps.kmsKey has been renamed to storageEncryptionKey
rds: DatabaseInstanceReadReplicaProps.kmsKey has been renamed to storageEncryptionKey
rds: Login.kmsKey has been renamed to encryptionKey

Features

assert: more powerful matchers (#8444) (ed6f763)
cloud9: support AWS CodeCommit repository clone on launch (#8205) (4781f94), closes #8204
codestar: support the GitHubRepository resource (#8209) (02ddab8), closes #8210
cognito: allow mutable attributes for requiredAttributes (#7754) (1fabd98)
core,s3-assets,lambda: custom asset bundling (#7898) (888b412)
rds: rename 'kmsKey' properties to 'encryptionKey' (#8324) (4eefbbe)
secretsmanager: deletionPolicy for secretsmanager (#8188) (f6fe36a), closes #6527
secretsmanager: Secret.grantRead() also gives DescribeSecret permissions (#8409) (f44ae60), closes #6444 #7953
stepfunctions-tasks: task constructs for creating and transforming SageMaker jobs (#8391) (480d4c0)

Bug Fixes

apigateway: authorizerUri does not resolve to the correct partition (#8152) (f455273), closes #8098
apigateway: methodArn not replacing path parameters with asterisks (#8206) (8fc3751), closes #8036
aws-s3-deployment: Set proper s-maxage Cache Control header (#8434) (8d5b801), closes #6292
cognito: error when using parameter for domainPrefix (#8399) (681b3bb), closes #8314
dynamodb: old global table replicas cannot be deleted (#8224) (00884c7), closes #7189
elbv2: addAction ignores conditions (#8385) (729cc0b), closes #8328
elbv2: missing permission to write NLB access logs to S3 bucket (#8114) (d6a1265), closes #8113

1.44.0 (2020-06-04)

Features

ecs-patterns: support min and max health percentage in queueprocessingservice (#8312) (6da564d)

1.43.0 (2020-06-03)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

rds: the default retention policy for RDS Cluster and DbInstance is now 'Snapshot'
cognito: OAuth flows authorizationCodeGrant and implicitCodeGrant in UserPoolClient are enabled by default.
cognito: callbackUrl property in UserPoolClient is now optional and has a default.
cognito: All OAuth scopes in a UserPoolClient are now enabled by default.

Features

cfn-include: add support for Conditions (#8144) (33212d2)
cognito: addDomain() on an imported user pool (#8123) (49c9f99)
cognito: sign in url for a UserPoolDomain (#8155) (e942936)
cognito: user pool identity provider with support for Facebook & Amazon (#8134) (1ad919f)
dynamodb: allow providing indexes when importing a Table (#8245) (9ee61eb), closes #6392
events-targets: kinesis stream as event rule target (#8176) (21ebc2d), closes #2997
lambda-nodejs: allow passing env vars to container (#8169) (1755cf2), closes #8031
rds: change the default retention policy of Cluster and DB Instance to Snapshot (#8023) (2d83328), closes #3298
redshift: add initial L2 Redshift construct (#5730) (703f0fa), closes #5711
s3: supports RemovalPolicy for BucketPolicy (#8158) (cb71f34), closes #7415
stepfunctions-tasks: start a nested state machine execution as a construct (#8178) (3000dd5)
stepfunctions-tasks: task state construct to submit a job to AWS Batch (#8115) (bc41cd5)

Bug Fixes

apigateway: deployment is not updated when OpenAPI definition is updated (#8207) (d28c947), closes #8159
app-delivery: could not use PipelineDeployStackAction more than once in a Stage (#8217) (9a54447), closes #3984 #8183
cli: termination protection not updated when change set has no changes (#8275) (29d3145)
codepipeline: allow multiple CodeCommit source actions using events (#8018) (103c144), closes #7802
codepipeline: correctly handle CODEBUILD_CLONE_REF in BitBucket source (#7107) (ac001b8)
codepipeline: unhelpful artifact validation messages (#8256) (2a2406e)
core: CFN version and description template sections were merged incorrectly (#8251) (b7e328d), closes #8151
lambda: SingletonFunction.grantInvoke() API fails with error 'No child with id' (#8296) (a8b1815), closes #8240
rds: cannot delete a stack with DbCluster set to 'Retain' (#8110) (c2e534e), closes #5282
sqs: unable to use CfnParameter 'valueAsNumber' to specify queue properties (#8252) (8ec405f), closes #7126

1.42.1 (2020-06-01)

Bug Fixes

lambda: SingletonFunction.grantInvoke() API fails with error 'No child with id' (#8296) (b4e264c), closes #8240

1.42.0 (2020-05-27)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

cloudtrail: API signatures of addS3EventSelectors and addLambdaEventSelectors have changed. Their parameters are now strongly typed to accept IBucket and IFunction respectively.
cloudtrail: addS3EventSelectors and addLambdaEventSelectors can no longer be used to configure all S3 data events or all Lambda data events. Two new APIs logAllS3DataEvents() and logAllLambdaDataEvents() have been introduced to achieve this.
cloudtrail: The property snsTopic is now of the type ITopic.

Features

cfnspec: cloudformation spec v14.4.0 (#8195) (99e7330)
cloudtrail: create cloudwatch event without needing to create a Trail (#8076) (0567a23), closes #6716
cloudtrail: user specified log group (#8079) (0a3785b), closes #6162
codeguruprofiler: ProfilingGroup (#7895) (995088a)
codepipeline: use a special bootstrapless synthesizer for cross-region support Stacks (#8091) (575f1db), closes #8082
cognito: user pool - case sensitivity for sign in (460394f), closes #7988 #7235
core: CfnJson enables intrinsics in hash keys (#8099) (195cd40), closes #8084
eks: improve security using IRSA conditions (#8084) (35a01a0)
elbv2: Supports new types of listener rule conditions (#7848) (3d30ffa), closes #3888
secretsmanager: adds grantWrite to Secret (#7858) (3fed84b)
sns: add support for subscription DLQ in SNS (383cdb8)
stepfunctions: new service integration classes for Lambda, SNS, and SQS (#7946) (c038848), closes #6715 #6489
stepfunctions: support paths in Pass state (#8070) (86eac6a), closes #7181
stepfunctions-tasks: task for starting a job run in AWS Glue (#8143) (a721e67)

Bug Fixes

apigateway: contextAccountId in AccessLogField incorrectly resolves to requestId (7b89e80), closes #7952 #7951
autoscaling: add noDevice as a volume type (#7253) (751958b), closes #7242
aws-eks: kubectlEnabled: false conflicts with addNodegroup (#8119) (8610889), closes #7993
cli: paper cuts (#8164) (af2ea60)
dynamodb: the maximum number of nonKeyAttributes is 100, not 20 (#8186) (0393528), closes #8095
eks: unable to add multiple service accounts (#8122) (524440c)
events: cannot use the same target account for 2 cross-account event sources (#8068) (395c07c), closes #8010
lambda-nodejs: build fails on Windows (#8140) (04490b1), closes #8107
cloudtrail: better typed event selector apis (#8097) (0028778)

1.41.0 (2020-05-21)

Features

cloudtrail: create cloudwatch event without needing to create a Trail (#8076) (0567a23), closes #6716
cognito: user pool - case sensitivity for sign in (460394f), closes #7988 #7235
core: CfnJson enables intrinsics in hash keys (#8099) (195cd40), closes #8084
secretsmanager: adds grantWrite to Secret (#7858) (3fed84b)
sns: add support for subscription DLQ in SNS (383cdb8)
stepfunctions: new service integration classes for Lambda, SNS, and SQS (#7946) (c038848), closes #6715 #6489

Bug Fixes

apigateway: contextAccountId in AccessLogField incorrectly resolves to requestId (7b89e80), closes #7952 #7951
autoscaling: add noDevice as a volume type (#7253) (751958b), closes #7242

1.40.0 (2020-05-20)

Features

add support for Gitpod workspaces (20d5511)
autoscaling: support max instance lifetime (d126c46), closes #7758
cfn-include: add support for the DependsOn attribute (613df1b)
docdb: high level constrcuts for db clusters and instances (#6511) (a376dd3)
eks: IAM roles for service accounts (3f0d2c8), closes #6062 #5388 #3949
elbv2: full Action support (2939105), closes #2563 #6310 #6308
region-info: add information for us-gov, us-iso, and us-isob regions (afe0b00), closes #7876 #4669
s3-asset: add httpUrl and s3ObjectUrl (eeff393), closes #7509 #7221

1.39.0 (2020-05-15)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

cognito: An invalid template placeholder has been removed from the default verification email body in a user pool.

Features

apigateway: create RestApi from an OpenAPI spec (31014ca), closes #4421
apigateway: import existing VpcLink (#7811) (7b42f7f), closes #4178
initial version of an improved CloudFormation template include experience (0132251), closes #3537
apigateway: specify API key name and value in addApiKey() (#7714) (e93da2c), closes #3233 #7767
apigatewayv2: HTTP API - configure CORS preflight (#7923) (9f35104), closes #7922
cognito: user pool client - prevent user existence errors (c7f15f2), closes #7406
dynamodb: support for Customer-managed CMK (#7425) (ff8219b), closes #7142
ec2: lookup available AZs for Interface Endpoints (9fa3221)
events-targets: support multiple security groups for an ECS task (#7857) (c6504e6), closes #3312
init/java: model CDK version in property in Maven POMs (#7931) (ce5b8fb), closes #7862

Bug Fixes

cli: cdk bootstrap cannot be used without supplying the --app argument (#7970) (540a7e6), closes #7510 #7906
cognito: invalid default for verification email (#7790) (cb3c184), closes #7597
core: consistent sorting of resource tags (0105efd), closes #7707
core: hangs when used with yarn PnP (8579100), closes yarnpkg/berry#1298
elbv2: race condition for Lambda backends (1819a6b), closes #4663 #7236
iot1click: incorrect type for Project.deviceTemplates (#8000) (338ef92), closes #8001
lambda: SingletonFunction ignores explicit declared dependencies (#7997) (91f913f), closes #7568
stepfunctions-tasks: EvaluateExpression is limited to expressions that contain state paths (#7774) (97f4f01), closes #7655

1.38.0 (2020-05-08)

Features

cloudfront: support geo restrictions for cloudfront distribution (#7345) (cf25ba0), closes #3456
cloudwatch: legend positions in GraphWidgets (ada0de1), closes #3625
codebuild: add support for test reports (4befefc), closes #7367
core: custom resource provider helper (4a76973)
ec2: EBS volume configuration for BastionHostLinux (207a8ec), closes #6945
ecs: support multiple security groups when creating an ecs service (#7850) (456c469)
iam: openid connect providers (20621ac), closes #5388 #3949 #6308
add an example construct package (#7748) (2223584)
lambda-nodejs: run parcel in a docker container (d86e500), closes #7169
cloudformation spec v14.1.0 (#7822) (e133027)
s3: new s3UrlForObject method on IBucket (#7508) (8fe4015), closes #7507
stepfunctions: custom state as an escape hatch (c498f60)

Bug Fixes

assets: invalid fingerprint when 'exclude' captures root directory name (#7719) (a5c06a3), closes #7718
aws-batch: gpuCount was ignored in JobDefinition creation (#7587) (0f1bf23)
cli: parameter value reuse is not configurable (44310c9), closes #7041
core: docs refer to "createNamingScheme" which was renamed to "allocateLogicalId" (#7840) (d79595d), closes #7527
ecs: update minHealthyPercent constrain for ec2service using daemon strategy (#7814) (19e3fd8)
ecs: using secret JSON field with fargate task does not fail (#7317) (cb03a60), closes #7272
eks: "vendor response doesn't contain attribute" when updating version (#7830) (8cabae0), closes #7526 #7794
s3: grantDelete with KMS SSE (#7528) (c6d1a21), closes #4380
secretsmanager: add kms policy to allow secret to use kms key (5460717)

1.37.0 (2020-05-05)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

amplify: mapSubDomain() called with an empty string for prefix now maps to the domain root.

Features

amplify: add SPA redirect custom rule (#7320) (0ef9883)
apigatewayv2: http api (#6432) (f3219c3), closes #5301
appsync: export configured API key (#7380) (fa8c13c)
aws-fsx: L2 construct for FSx for Lustre (#6653) (7363912)
cfnspec: cloudformation spec v14.0.0 (#7664) (fa21274)
cloudwatch: LogGroup Query Widget (1275952), closes #3681
codebuild: allow taking the artifact name from the buildspec (f7d3cd6), closes #5955
core: move all types from "assets" to "core" (#7708) (4a84c96)
core: move all types from "aws-cloudformation" to "core" (#7736) (40fa93a), closes #4896 #7035 #7034
core: stack termination protection (#7610) (7ed60b8), closes #1682
ecr: support imageScanOnPush when creating the repository (9df5486), closes #7471

Bug Fixes

amplify: cannot map branch to domain root (#7621) (da7c508), closes #7590
cdk-assets: assets archiving corruption (#7653) (f8eddb8), closes #6925
cli: cdk deploy cannot update stacks in REVIEW_IN_PROGRESS status (#7731) (a52b3e3), closes #6674
cli: CLI can't be used in Lambda Function (0e96415), closes #7530
cli: CLI ignores profile in cdk.json (#7398) (6784dc3), closes #3007
cloudwatch: Alarm can't use MathExpression without submetrics (b59aed0), closes #7155
ec2: new Instance fails in lookup Vpc (3161de8), closes #7580
ec2: Vpc.fromLookup() does not work in unit tests (e869a0d), closes #6045
ec2: can't add VPN connections to a VPC progressively (9498e05)
ec2: default gateway endpoint fails without private subnets (c475783), closes #7619
ec2: NAT instances don't route ICMP or UDP (a93534f), closes #7459
eks: impossible to define multiple spot capacities (be6666b), closes #7136 #7524
eks: missing required permission for fargate profile (723813f), closes #7614
eks: ssm path for amazon linux 2 gpu ami is invalid (#7672) (5861d18), closes #6891
iam: principal with implicit conditions overwrite each other (e72c353), closes #3227
logs: grants don't work on imported LogGroups (5a1a929), closes #7096
rds: Cluster does not work with imported VPC (#7666) (95c66a7), closes #6115

1.36.1 (2020-04-29)

Bug Fixes

multiple breakages due to jest version upgrade (#7667) (e18312), closes #7657

1.36.0 (2020-04-28)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

stepfunctions-tasks: payload in RunLambdaTask is now of type TaskInput and has a default of the state input instead of the empty object. You can migrate your current assignment to payload by supplying it to the TaskInput.fromObject() API

Features

apigateway: gateway responses (#7441) (b0a65c1), closes #7071
aws-ecs: add support for IPC and PID Mode for EC2 Task Definitions (1ee629e), closes #7186

Bug Fixes

apigateway: authorizer is not attached to RestApi across projects (#7596) (1423c53), closes #7377
cli: can't bootstrap environment not in app (9566cca)
cli: context keys specified in cdk.json get moved to cdk.context.json (022eb66), closes #7399
dynamodb: grant() is not available on ITable (#7618) (3b0a397), closes #7473
dynamodb: grantXxx() does not grant in replication regions (98429e0), closes #7362
eks: version update completes prematurely (#7526) (307c8b0), closes #7457
stepfunctions-tasks: cannot specify part of execution data or task context as input to the RunLambda service integration (#7428) (a1d9884), closes #7371

1.35.0 (2020-04-23)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

assets: cdk deploy now needs s3:ListBucket instead of s3:HeadObject.
efs: Exported types no longer have the Efs prefix.
efs: provisionedThroughputInMibps property is renamed to provisionedThroughputPerSecond and has the type Size.
efs: The property fileSystemID is now renamed to fileSystemId in the now named FileSystemAttributes (previously, EfsFileSystemAttributes).
efs: LifecyclePolicyProperty is now renamed to LifecyclePolicy.

Features

backup: Vault, Plan and Selection (#7074) (c8aa92d)
cfnspec: cloudformation spec v13.0.0 (#7504) (6903869)
cloudtrail: Lambda Function data events (4a70138)
cognito: user pool domain (#7224) (feadd6c), closes #6787
stepfunctions: retrieve all reachable states from a given state in a state machine definition (#7324) (ac3b330), closes #7256

Bug Fixes

assets: infrequent "ValidationError: S3 error: Access Denied" (#7556) (00c9deb), closes #6430 #7553
route53: cannot add tags to HostedZone (#7531) (2729804), closes #7445
efs: drop Efs prefix from all exported types (#7481) (ddd47cd)

1.34.1 (2020-04-22)

Bug Fixes

cli: Javascript init-templates cannot be synthesized (ce4b8dd), closes #7356

1.34.0 (2020-04-21)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

glue: DateFormat constant names are now UPPERCASE (JSON, AVRO, LOGSTASH, ...)

Features

cognito: add mutable property in cognito user pool custom attribute (#7190) (16e85df), closes #7011 #7011 #7011 #7011
ecs: add Fargate 1.4.0 support (#7267) (5c83a46)

Bug Fixes

cloudwatch: can't override Alarm statistic with percentile (d5918c3), closes #7341
glue: DataFormat constants are not visible in non-JS languages (#7458) (e5d4c31)
monocdk: assert package has incorrect imports (#7404) (825c9e1)
stepfunctions-tasks: encryptionKey is Key instead of IKey (#7429) (f1e2c67)

1.33.1 (2020-04-19)

Bug Fixes

jsii version conflict due to upgrade from v1.1.0 to v1.3.0 (f2fdfe5), closes #7426

1.33.0 (2020-04-17)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

kinesis: grantRead() API no longer provides permissions to kinesis:DescribeStream as it provides permissions to kinesis:DescribeStreamSummary and kinesis:SubscribeToShard in it's place. If it's still desired, it can be added through the grant() API on the stream.
kinesis: grantWrite() API no longer has DescribeStream permissions as it has been replaced by ListShards for shard discovery

Features

cfnspec: cloudformation spec v12.2.0 (#7248) (1475d5a)
Support AppSync DataSource type: NONE (f35a4db)
cfnspec: cloudformation spec v12.3.0 (#7359) (a80918f)
ec2: expose blockDevices in CommonAutoScalingGroupProps (#7291) (5fe4480)
ec2: filtering selected subnets by availability zone (2d3e612)
eks: support a new option to create bottlerocket capacity. (e9f691f), closes #7268
kinesis: grantRead now allows the ListShards action and grant is now public (#6141) (563fba4), closes #3357
kinesis: add grant API to IStream to add permissions to a Stream (#7354) (c223406)
kinesis: the aws-kinesis module is now stable (#7349) (4ab3ffa), closes #5874
update "constructs" to 3.x (#7408) (8f8d20f), closes #6978

Bug Fixes

appsync: Don't create serviceRole for datasource type NONE (6d1cb11), closes #7360
cli: --app command does not work when executing a command without arguments (#7249) (994414c), closes #6930
cli: parameter values with multiple = symbols get truncated (#7226) (b7ddf5b), closes #7246
cloudwatch: Alarm annotation ignores datapointsToAlarm (#7202) (92fb853), closes #7152
cloudwatch: Dashboard Spacer doesn't require empty props object (ca2f923)
new IAM Condition type is unusable in Java (#7270) (ffb2e1e)
core: unable to reference resources across multiple nested stacks (#7187) (000f0c2), closes #6473 #7059 #7059 #5888
ec2: can reference VpcEndpointService id and service name (1007a22)
efs: support tagging + filesystem naming (3dd8058)
eks: missing permissions to add and remove tags when creating EKS cluster resource (#7302) (b14172d), closes #7163
eks: unable to create KubernetesResources in another stack (#7322) (54129c8), closes #7231
elbv2: imported LoadBalancer ignores pathPatterns prop (8ed2e0c), closes #7303
route53-patterns: HttpsRedirect redirects to index.html (278fe29), closes /github.com/aws/aws-cdk/issues/5700#issuecomment-614112813 /github.com/aws/aws-cdk/issues/5700#issuecomment-614816819
s3: allow accessLogsPrefix without accessLogsBucket (#6709) (4c199f6), closes #6599

1.32.2 (2020-04-10)

Bug Fixes

cli: profile AssumeRole credentials don't work via proxy (#7292)

1.32.1 (2020-04-09)

Bug Fixes

iam: new IAM Condition type is unusable in Java (#7270) (85f606a)

1.32.0 (2020-04-07)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

cognito: UserPoolClient construct no longer has the property userPoolClientClientSecret. The functionality to retrieve the client secret never existed in CloudFormation, so this property was not working in the first place.
cognito: The userPoolClientName property on the UserPoolClient construct will throw an error if client name was not configured on the UserPoolClient during initialization. This property was previously incorrectly configured and was returning a not-implemented message from CloudFormation every time.
amplify: use the sourceCodeProvider prop to connect your app to a source code provider. The props repository, accessToken and oauthToken do not exist anymore in AppProps.
kinesis: retentionPeriodHours is now retentionPeriod and of type Duration
eks: Cluster now creates a default managed nodegroup as its default capacity. Set the new cluster property defaultCapacityType to DefaultCapacityType.EC2 to preserve EC2 as its default capacity.
cognito: add*Trigger() methods to configure lambda triggers has now been replaced by a single addTrigger() method.
cognito: addTrigger() method will fail if a trigger was already configured for that user pool operation.
iam: methods accepting iam conditions now requires passing {[key: string]: any} instead of plain any. You were always supposed to pass a map/dictionary in these locations, but the type system didn't enforce it. It now does.

Features

amplify: source code providers (#6921) (3dc3d75), closes #6818
apigateway: access logging (#6559) (7484935), closes #6501
apigateway: auto-create RequestValidator from options to addMethod() (#6780) (573464d), closes #6193
applicationautoscaling: add PredefinedMetric for Lambda provisioned concurrency autoscaling (#6394) (45b68d5), closes #6369
aws-codebuild: add from codebuild image option (#7117) (de8e670), closes #2606
aws-codebuild: add ProjectFileSystemLocation property to codebuild (#6539) (2195cc2), closes #6533
bootstrap: require aws:SecureTransport for staging bucket (#7192) (ed106ea)
cfnspec: cloudformation spec v11.6.0 (#6995) (9a552c2)
cli: write stack outputs to a file (#7020) (75d5ee9), closes #1773
codebuild: expose aws/windows/base:2.0 image (#7004) (9374642)
codebuild: support AL2 3.0 & Standard 4.0 (#6968) (3254c5d)
cognito: import an existing user pool client (#7091) (abc2144)
cognito: user pool - OAuth2.0 authentication (#7141) (09852d0)
core: Size unit representing digital information quantity (#6940) (22a560d)
ec2: EFS interface VPC endpoint (#6961) (6e61889), closes #6960
ecs: secret JSON key for environment variables (#6435) (97959f6), closes #5665
eks: managed nodegroup support (#6759) (74169bf), closes #5086
elbv2: health checks for Lambda targets (#7023) (cf8c831)
iam: add arbitrary conditions to existing principals (#7015) (64bad91), closes #5855
kinesis: stream encryption with the Kinesis master key (#7057) (bded683), closes #751
kinesis: streams are encrypted by default (#7102) (d6ecf44)
lambda: .net core 3.1 runtime (#7105) (ca2585c)
lambda: currentVersion, version.addAlias() (#6771) (c94ce62), closes #6750 #5334
lambda: ruby 2.7 runtime (#7024) (4994e0d), closes #6979
cloudformation spec v12.0.0 (#7113) (1956ded)
Support passing AssetOptions (#7099) (3925d9a)
rds: aurora - iam role to import and export data from s3 (#6611) (aa60f89), closes #6610
rds: database instance - auto scale allocated storage (#6788) (22ffae3), closes #6666
stepfunctions: execution history logging options (#6933) (adb6954), closes #5754
stepfunctions-tasks: dynamodb tasks (#6654) (435b66f), closes #6468

Bug Fixes

acm-certificatemanager: DnsValidatedCertificateHandler support for SubjectAlternativeNames (#7050) (a711c01), closes #4659
aws-ecs-patterns: revert commit f31f4e1 (#6987) (0af2d2e)
aws-kinesis: test assume order between stacks (#7065) (17aab37)
cli: can't use credential providers for stacks with assets (#7022) (afd7045), closes #7005
cloudtrail: include s3KeyPrefix in bucket policy resource (#7053) (b49881f), closes #6741
cognito: user pool - passwordPolicy.minLength is not optional in all cases (#6971) (49cdd8f)
dynamodb: cannot use attribute as key in a GSI, non-key in another (#7075) (a6bd34f), closes #4398
ecs: default Service throws in a VPC without private subnets (#7188) (0ef6a95), closes #7062
events: Batch target does not work (#7191) (6f00783), closes #7137
kinesis: retention period does not use Duration type (#7037) (1186227), closes #7036
rewrite-imports: incorrect main in package.json (#7021) (2bf85b3)
stepfunctions-tasks: batch job - can not use task input as array size (#7008) (923d2a1), closes #6922
stepfunctions-tasks: confusion between multiple ways to run a Lambda (#6796) (7485448), closes #4801

cognito: clean up and document triggers (#6816) (32834cb)

1.31.0 (2020-03-24)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

.NET Core v3.1 is required with JSII v1.1

Features

cloud9: Support Cloud9 EC2 Environment (#6298) (f50b876)
codepipeline: add experimental support for the BitBucket source action (#6756) (95bb1ad), closes #6710
eks: KubernetesPatch (#6753) (c7fab5b), closes #6723
events: AWS Batch event target (#6570) (73899a9)

Bug Fixes

acm: Allow tokens as a part of the hosted zone name (#6685) (acfb6ef), closes #6133
aws-ecs-patterns: only create an A record if LB is public (#6895) (f31f4e1), closes #6702
cdk-assets: context path not honored by Docker asset build (#6957) (1edd507), closes #6954 #6814
cloudwatch: unhelpful error when reusing metric IDs (#6892) (60253a3)
cognito: user pool - link style email verification fails to deploy (#6938) (b5c60d5), closes #6811
ec2: spelling error in Instance's subnet selection logic. (#6752) (564561a)
iam: immutable role cannot be used as a construct (#6920) (56be032), closes #6885

.NET Core 3.1 is required with JSII v1.1 (#6951) (24f12d6)

1.30.0 (2020-03-18)

Features

cloudwatch: standard set of graph colors (#6747) (97ae931)

Bug Fixes

core: IConstruct no longer extends IDependable (#6794) (19bb16a), closes #6792

1.29.0 (2020-03-18)

:rocket: To enable new CDK projects such as CDK for Kubernetes, we have released the constructs programming model as an independent library called constructs. The @aws-cdk/core.Construct class is now a subclass of the base constructs.Construct.

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

cognito: UserPoolAttribute has been removed. It is no longer required to defined a UserPool.
ec2: if you implemented a custom subclass of IMachineImage it must now always return a userData object.

Features

cli: add permissions to the bootstrap action role for cdk deploy (#6684) (52fd078)
codebuild: add support for Source Credentials (#6722) (a6e2d28)
cognito: user pool - custom & mandatory standard attributes (#6487) (6dfb677), closes #1747
cognito: user pool - MFA, password policy and email settings (#6717) (cc35dad)
core: the "constructs" module (#6623) (eded95b)
ec2: availabilityZone is optional when importing subnet (d10fe67), closes #6607
lambda-event-sources: failure handling for stream event sources (#5929) (5028009), closes #5236

Bug Fixes

aws-ecs-pattern: allow ScheduledTaskBase to run on a public subnet (#6624) (b9a1408), closes #6312
SecretValue.secretManager validates non-ARN ids do not contain : (#6371) (7cb8c3f)
aws-logs: remove validation of retentionInDays for unresolved tokens (#6727) (43a3420), closes #6690
ec2: MachineImages create appropriate UserData (7a10f0f)

1.28.0 (2020-03-16)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

batch: computeEnvironments is now required
batch: the allocationStrategy property was moved from ComputeEnvironmentProps to the ComputeResources interface, which is where it semantically belongs.
custom-resources: getDataString was renamed to getResponseField.
custom-resources: getData was renamed to getResponseFieldReference.
custom-resources: catchErrorPattern was renamed to ignoreErrorCodesMatching. In addition, a few synth time validations were added when using this property. See Error Handling for details.
custom-resources: policyStatements property was removed in favor of a required policy property. Refer to Execution Policy for more details.

Features

amplify: App, Branch and Domain (#5177) (e126048)
apigateway: authorizationScopes for a Method (#6502) (3887cd2)
apigateway: DomainName supports SecurityPolicy (#6374) (e8c2e0c)
apigateway: rate limited API key (#6509) (040906f), closes #6405
batch: ec2 launch template support (#6602) (2b02693)
cfnspec: cloudformation spec v11.3.0 (#6598) (ee3a530)
cli: pass CloudFormation parameters to "cdk deploy" (#6385) (6551124), closes #1237
core: duration.toHumanString() (#6691) (d833bea)
custom-resources: enforce user opt-in when auto-generating SDK call policies (0f5c24e), closes #5873
custom-resources: log retention for AwsCustomResource (#6698) (bf5ab69)
custom-resources: module is now stable :) (#6584) (a2a738c)
custom-resources: rename catchErrorPattern to ignoreErrorCodesMatching (#6553) (94599f8), closes #5873
custom-resources: rename getData* to getResponseField* (#6556) (d5867b4), closes #5873
dynamodb: expose stream features on ITable (#6635) (52e8b95), closes #6344
efs: create EFS file systems (#6373) (a0fb518), closes #6286 #6286
elbv2: support pathpattern array (#6558) (c3ee413), closes #6497
iam: policy document from json (#6486) (bf08988)
prlinter: support exempting checks from pr based on a label (#6693) (77cbe80)
stepfunctions-tasks: run batch job (#6396) (de1a36b), closes #6467
cloudformation spec v11.4.0 (#6700) (b28b427)

Bug Fixes

apigateway: type mismatch in C# when setting identitySources (#6649) (2d3e7b1), closes #6538 40aws-cdk/aws-apigateway/test/authorizers/integ.request-authorizer.ts#L26
batch: computeEnvironments is now required for JobQueue (#6616) (0b6c865), closes #6615
batch: managed compute environment now properly works with compute resources and instanceRole has correct docstring and type definition (#6549) (4e81334)
certificatemanager: Route53 endpoint cannot be set and does not work for aws-cn (#6480) (9858cdb)
cli: codepipeline cloudformation action in cross account fail writing outputArtifacts (#6594) (05cf78b)
cloudwatch: missing LessThanLowerOrGreaterThanUpperThreshold (#6597) (9731555)
codepipeline-actions: use IBaseService instead of BaseService in EcsDeployActionProps (#6412) (bed5357)
eks: cannot upgrade version of clusters with an explicit name (#6064) (1dd7104)
eks: sporadic broken pipe when deploying helm charts (#6522) (03df1f1), closes #6381
iam: cannot add multiple conditions using same operator (348a952)

1.27.0 (2020-03-03)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

cognito: UserPool.fromUserPoolAttributes() has been replaced by fromUserPoolId() and fromUserPoolArn().
cognito: IUserPool no longer contains userPoolProviderName and userPoolProviderUrl.
cognito: The property signInType of UserPool has been renamed to signInAliases and given a new type SignInAliases. The list of sign in types are now specified via boolean properties.
cognito: The property usernameAliasAttributes of UserPool has been dropped and its functionality merged with the signInAliases property.
cognito: The property autoVerifiedAttributes for UserPool is now renamed to autoVerify and its default has now changed. The new default is now determined by the value of signInAliases.
appsync: Configuration the user pool authorization is now done through the authorizationConfig property. This allows us to specify a default authorization mode out of the supported ones, currently limited to Cognito user pools and API keys.
custom-resources: physicalResourceId and physicalResourceIdPath were unified to a concrete type under the physicalResourceId property. Use PhysicalResourceId.fromResponse and PhysicalResourceId.of factory functions to specify it.

Features

appsync: extend authorization configuration (#6260) (948881a), closes #6246 #6247
aws-ec2: signal, download and execute helpers for UserData (#6029) (ee8f169), closes #623
cognito: refresh modeling of import APIs, sign in & autoverified attrs (#6422) (c02e852)
contributors: use 0.0.0 as a version marker (#6463) (d5f88c7), closes /github.com/aws/aws-cdk/pull/6463/files#diff-6a3371457528722a734f3c51d9238c13
custom-resources: physical resource id union type (#6518) (d5000bc)
lambda-event-sources: expose eventSourceMappingId (#5689) (5ea2679), closes #5430
rds: master secret in DatabaseSecret (#6415) (a9e5b60), closes #6358
stepfunctions-tasks: add step functions task to run glue job (#6258) (15d9bd7), closes #5266

Bug Fixes

assert: haveResourceLike and countResourcesLike compatibility (#6202) (86c04f3)
cli: fast "no-op" deploys do not consider tags (#6472) (5de87c1), closes #6463
codepipeline: an action's role imported in a different stack adds a dependency to the CodePipeline stack (#6458) (86ea564)
codepipeline: automatically named artifacts could contain illegal characters from stage/action names (#6460) (34aaca4)
core: adds enableVersionUpgrade property to CfnUpdatePolicy (#6434) (f8cacb9), closes #6158
custom-resources: AwsCustomResource with delete only action fails (#6363) (61a99e7), closes #6061
docker: cannot use cdk docker assets as base image (#6471) (983dd40), closes #6466
rds: setting timezone on DatabaseInstance causes internal failure (#6534) (9e2ac91), closes #6439
stepfunctions: valid reference path '$' fails with an error (#6483) (221c83b), closes #6388

1.26.0 (2020-02-25)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

apigateway: the interface now accepts endpointconfiguration property instead of endpoint type as defined by cfn
lambda-nodejs: parcel-bundler v1.x is now a peer dependency of @aws-cdk/aws-lambda-nodejs. Please add it to your package.json.

Features

apigateway: expose endpointconfiguration to include vpcEndpointIds (#6078) (99de6ca), closes #6038
apigateway: lambda request authorizer (#5642) (031932d)
appsync: mapping template for lambda proxy (#6288) (f865d5e)
batch: add JobQueue, ComputeEnvironment and JobDefinition constructs (c8a22b1)
cdk-assets: asset uploading tool (c505348)
cli: faster "no-op" deployments (#6346) (d4a132b), closes #6046 #2553 #6216
cfn: CloudFormation Resource Specification 11.1.0 (#6424) (ab9b77c)
cognito: user pool verification and invitation messages (#6282) (faf6693)
ecs-patterns: create dlq when queue is not provided for QueueProcessingService (#6356) (e307d7f)
kms: trustAccountIdentities avoids cyclic stack dependencies (03f4ef2)
rds: attach description to database secret (d5a4854)
sns: support multiple tokens as url and email subscriptions (#6357) (e5493bd), closes #3996
ssm: add ability to specify SSM Parameter tier (#6326) (9209ef6)

Bug Fixes

aws-ecs: propagate dnsTtl property part of cloudMapOptions (#6370) (747bdb2), closes #6223
cli: cdk deploy hangs when stack deployment fails (#6433) (4b11d99)
cli: Python init templates are missing .gitignore file (#6350) (cd6cd42), closes #5566
core: top-level resources cannot use long logical ids (#6419) (2a418b9), closes #6190 #6190
ecs: support file as firelens config type (#6322) (f9996f3)
lambda: erroneous inline code support for ruby (#6365) (8e21e78), closes #6302
lambda-nodejs: parcel is too big to bundle (a93e4d5), closes #6340

1.25.0 (2020-02-18)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

appsync: Changes MappingTemplate.dynamoDbPutItem() to accept PrimaryKey and AttributeValues, which allow configuring the primary key and to project an object to a set of attribute values.

Features

appsync: more general mapping template for DynamoDB PutItem (#6236) (e9937d3), closes #6225
aws-applicationautoscaling: support Lambda and Comprehend (#6191) (bdab747)
cfn: update CloudFormation spec to v11.0.0 (#6311) (ea272fa)

Bug Fixes

aws-lambda-nodejs: Fix parcel invocation when invoked from globally installed cdk cli (#6206) (ce96e08), closes #6204
codepipeline: fixed typo in method docs within action.ts (78a39b7)
eks: Helm release name length & --wait option. (#6276) (1811e00), closes /github.com/helm/helm/blob/b63822ed12de1badbb61736d2f7ea4e756ef757d/pkg/action/install.go#L52-L55
lambda-nodejs: not meaningful parcel error message when build fails (#6277) (a97b48a), closes #6274

1.24.0 (2020-02-13)

Features

assert: add countResourcesLike method (#6168) (491e2d9)
cx-api: clean up features.ts (#6181) (efd6f3d), closes #6098
dynamodb: add metrics for dynamodb table (#6149) (295391e)
dynamodb: global tables version 2019.11.21 (#5821) (8c0c2b1), closes #5752
ec2: smarter default for VPN route propagation (#6071) (5dd8aca), closes #6008
ec2: VPC flow logs (a2fddec), closes #3493
iam: add ability to create IAM role descriptions (cee8825)
iam: descriptions for IAM Roles (a1294d3)
cfnspec: update CloudFormation spec to 10.5.0 (#6195) (47a9949)
iam: lookup ManagedPolicy via ARN (2df2023), closes #6186
lambda: expose function.deadLetterQueue (6656047), closes #6170
step-functions: grantStartExecution available on imported StateMachine (5ae81cd), closes #6173
stepfunctions: EMR service integrations (c69b6d2), closes #5224

Bug Fixes

cli: truncated 'cdk diff' output in pipes (aba1485)
apigateway: deployment fails when Model's contentType is not specified (#6199) (0bf1403), closes #6161
apigateway: stack deployment fails when a Stage is explicitly specified (#6165) (879601e), closes #6068
cli: wrongly assume aws config file always exists (#6196) (23f8b9f)
codebuild: badge is not allowed for CodeCommit sources (#6211) (433d957), closes #6205
ec2: onePerAz does not work for looked-up VPCs (3332d06), closes #3126
ecs-patterns: allow imported load balancers as inputs (7f8c90d)
elasticloadbalancingv2: logAccessLogs in Base Load Balancer (#6197) (adbc3b9), closes #3794
elbv2: validate rule priority is a positive number (#6222) (1fbaafe), closes #3794
kms: add TagResource & UntagResource IAM permissions to default key policy (#6125) (e65a326), closes #6102

1.23.0 (2020-02-07)

Features

appsync: add support for mapping DynamoDB queries (#5940) (2240e97), closes #5861
aws-codebuild: allow github sourceversion branch (#5890) (155b80e), closes #5777
cloudformation: update Resource Specification to v10.4.0 (#5982) (178ca5e)
ecs: add support for enabling container insights (#5601) (6236634)
ecs: ContainerImage.fromDockerImageAsset (b94577a), closes #5791 #5983
ecs: ContainerImage.fromDockerImageAsset (#6093) (38e9865), closes #5791 #5983
ecs: Firelens log driver support (#5457) (4acf0f7)
lambda: avail function log group in the CDK (#5878) (fd54a17), closes #3838
lambda: higher level construct for Node.js (#5532) (02d0e2a)

Bug Fixes

assets: add exclude glob patterns to calculating fingerprint for staging (#6085) (d9a043b), closes #5238
aws-s3-deployment: fix server side encryption parameters (#6006) (c7197c0), closes #6002
cli: colored text is unreadable when using light themes (#5250) (b4573ef)
cli: parse equals sign in context values (#5773) (667443c), closes #5738
codepipeline: manual approval action doesn't have configuration without a topic (#6106) (a63cbf8), closes #6100
cognito: standard attr timezone unexpectedly creates custom attr (#5973) (acf3ffc)
ec2: add MachineImage factory, document instance replacement (#6065) (435d810), closes #5675 #6025
ec2: private DNS for custom endpoints has incorrect default (d681d96)
ecr-assets: docker images are not built if .dockerignore includes an entry that ignores the dockerfile. (#6007) (e7ef5e5)
ecs: fix splunk-sourcetype (#6128) (6456a7c)
ecs-patterns: queue service grant permission automatically (#6110) (0d0794e)
ecs-patterns: remove duplicated schedule property for scheduled task pattern (#6101) (15b6aa7)
eks: missing VPC permissions for fargate profiles (#6074) (0a586fc)
glue: Make Glue Database locationUri optional. (#5784) (a065169), closes #5268 #5268 #5268 #5268
iam: policies added to immutably imported role (#6090) (f1f5319), closes #5569 #5943
init-templates: JavaScript, TypeScript, and Python init templates are broken in 1.21.0 (#5989) (505c91e), closes #5986
route53: CaaAmazonRecord ignores recordName (#6027) (16f9721), closes #5764
route53: correct import example in README.md (#5946) (ed71931)
s3-deployment: passing any system metadata causes lambda to fail on "Unknown options:" when invoking aws cli. (#6086) (b30add8)

1.22.0 (2020-01-23)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

eks: (experimental module) the Mapping struct was renamed to AwsAuthMapping.
core: Arn.parseArn now returns empty string for nullable Arn components. Users who were depending on an undefined value will now receive the falsy empty string.
ecr-assets: all docker image assets are now pushed to a single ECR repository named aws-cdk/assets with an image tag based on the hash of the docker build source directory (the directory where your Dockerfile resides). See PR #5733 for details and discussion.
autoscaling: AutoScaling by using scaleOnMetric will no longer force the alarm period to 1 minute, but use the period from the Metric object instead (5 minutes by default). Use metric.with({ period: Duration.minute(1) }) to create a high-frequency scaling policy.

Features

apigatewayv2: fork APIGatewayV2 into its own package (#5816) (d58667e)
cloudformation: upgrade the CloudFormation resource specification to v10.3.0 (#5882) (e5e4725)
ecr-assets: simplify docker asset publishing (#5733) (b52b43d), closes #3463 #5807
eks: fargate profiles (#5589) (450a127), closes #5303
lambda: allow inline code for nodejs12.x runtime (#5710) (a1cd743)
lambda-destinations: option to auto-extract the payload when using LambdaDestination (#5503) (321372f)
route53-targets: Add aws-route53-targets/InterfaceVpcEndpointTarget (#4868) (6969562)
bump JSII to version 0.21.2 (#5919) (dd18456)

Bug Fixes

apigateway: LambdaRestApi fails when a user defined Stage is attached (#5838) (05719d7), closes #5744
autoscaling: can't use MathExpression in scaleOnMetric (d4c1b0e), closes #5776
SecretsManagerRDSPostgreSQLRotationMultiUser not working (49032ee)
autoscaling: can't use block devices (fee1324), closes #5868
core: allow empty string components in parseArn (#5875) (5ed5eb4), closes #5808
lambda: setting log retention to INFINITE causes failure (#5876) (19ed739)
route53: incorrect domain name produced when using HTTPS in ApplicationLoadBalancedFargateService (#5802) (5ba5a5e)

1.21.1 (2020-01-16)

Bug Fixes

ecr-assets: cannot build docker images outside the source tree (i.e. against a cdk.out directory) (#5836) (6bc8ecc), fixes (#5807)
cli: cdk init fails if run under a directory where cdk.json exists, reverts (#5772) due to an issue which will be fixed in a subsequent version (#5836) (da9c626) , fixes (#5826)
1.21.0 (2020-01-15)

Features

assert: cdk assert: implement 'haveOutput' assertion (#5366) (ee6decb), closes #1906
cli: run cdk from inner directories (#5772) (a54630d)
codepipeline: add CannedACL and CacheControl to S3 deploy action (#5698) (b3e7978)
codepipeline: add support for externalEntityLink in the manual approval action (#5558) (be2e3e3)
codepipeline: Pipeline Variables (#5604) (34d3e7d), closes #5219
ec2: VpcEndpointService construct (#5498) (a2713f3)
recommend matching commands (#5668) (6108b91)
elbv2: default config for internal load balancer will fall back to Isolated subnets (#5696) (8b9c1fc)
iam: Role.withoutPolicyUpdates() (#5569) (ea4ca3e), closes #2985 #4465 #4501
iam: support importing service roles (#5701) (0f02dad), closes #2651
s3: server access logs (#5072) (c9b074b)

Bug Fixes

acm: DnsValidatedCertificate in non-aws partitions (#5771) (e3305d8)
apigateway: authorizer name is not optional (#5731) (21c425e), closes #5678
apigateway: unable to associate RestApi as a route53 target for late bound domains (#5555) (c02741e)
cli: Fix various init templates & their tests (#5693) (a85da79)
cli: proxy support is broken (#5803) (3a63f57), closes #5743 #5791
cloudformation: nested stack example in readme is broken (#5729) (c53356a), closes #5686
cloudwatch: cross-account metrics in env-agnostic stack (#5775) (5292bd5), closes aws/aws-cdk#5628
codepipeline: Action.onStateChange() has wrong detail type (#5721) (8686dd5), closes #3614
custom-resources: missing physical resource id for delete calls (#5805) (9b7236a), closes #5796
ecr-assets: unable to use one Dockerfile to build multiple images (#5705) (ff3f27f), closes #5683
ecs: cannot separate Cluster and Ec2Service behind ALB (#5813) (eb3c517)
glue: empty string in Table.s3prefix is not undefined (#5783) (18e15de), closes #5763
iam: can't use OrganizationPrincipal for assuming Role (#5746) (6c3d4c4), closes #5732
rds: pass the ARN of master instead of its ID in DatabaseInstanceReadReplica (#5702) (d323c0c), closes #5530

1.20.0 (2020-01-07)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

autoscaling: AutoScalingGroups without desiredCapacity are now initially scaled to their minimum capacity (instead of their maximum capaciety).
rds: addRotationSingleUser(id: string, options: SecretRotationOptions) is now addRotationSingleUser(automaticallyAfter?: Duration)
glue: InputFormat. TEXT_INPUT_FORMAT has been renamed to TEXT. OutputFormat. HIVE_IGNORE_KEY_TEXT_OUTPUT_FORMAT has been renamed to HIVE_IGNORE_KEY_TEXT

Features

apigateway: lambda token authorizer (#5197) (5c16744), closes #5584
aws-stepfunctions: support StateMachineType (#5398) (ea095f0), closes #5397
cli: support custom CA certificate bundles (ac748c1), closes #5294
cloudformation: update cloudformation spec to v10.2.0 (#5542) (cb65da3)
cloudwatch: make Metric objects region-aware (212687c)
cloudwatch: support for metric math (#5582) (a7f189e), closes #1077 #5449 #5261 #4716
codebuild: add 2X_Large compute type option (#5429) (1291ef6), closes #5401
core: add support for the ref intrinsic function (#5468) (#5470) (cad5bc1)
custom-resource: Allow custom ResourceTypes on CustomResources (#5248) (c605ceb)
custom-resources: getDataString for AwsCustomResource (#5578) (faa368d), closes #5570
custom-resources: ignore DELETE after failed CREATE (#5525) (9ab989e), closes #5524
custom-resources: use latest SDK in AwsCustomResource (#5442) (a111cdd), closes #2689 #5063
dynamodb: Implement importing existing dynamodb table. (#5280) (8d9b58b), closes #3895
ec2: add privateIpAddress to Instance (a00906d), closes #4004
ec2: support block devices for Instance (#5567) (1085a27), closes #4773 #4781
ecr-assets: custom docker files (#5652) (1b25a4b)
ecs-patterns: higher-level constructs for ECS service with multiple target groups (#5083) (c0a7192)
eks: EKS-Optimized AMI with GPU support for G4 instance (#5479) (7b34d56)
eks: helm chart support (#5390) (394313e)
glue: add support for more DataFormats (#5246) (ca535d0)
lambda: configuration for async invocations (#5299) (746ba32)
logs: import a LogGroup from its name (#5580) (9cbbaea)
rds: more extensive secret rotation support (#5281) (b700b77), closes #5194
codebuild: add Secrets Manager to CodeBuild environment variable types (#5464) (ff1fa68)

Bug Fixes

autoscaling: every deployment resets capacity (#5507) (0adf6c7), closes #5215 #5208
aws-cdk: upgrade canaries lambda node version (#5674) (96b802b)
codebuild: ARM images have the wrong type and compute kind (#5541) (6999baf), closes #5517
codebuild: cannot use immutable roles for Project (6103180), closes #1408
codebuild: rename CodeBuild VPC policy to be unique (#5385) (16a1200)
core: nested Fn.join with token fails (#5679) (24ded60), closes #5655
cli: java sample-app init template does not have a src/ directory (#5546) (71947b5)
core: nested stacks does not report missing context #5594 (#5638) (9472e09)
core: tags not working for cognito user pools (#4225) (a67f0ef), closes #3882
custom-resources: default timeout of 2 minutes for AwsCustomResource (#5658) (e0c41d4)
ec2: allow ingress to VPC interface endpoints (#4938) (d5ed97a), closes #4937
eks: aws-auth username not set by default (#5649) (87befa6), closes #5263
eks: default capacity uses desiredCapacity which is an anti-pattern (#5651) (a883fed), closes #5215 #5507 #5650
eks: failures when creating or updating clusters (#5540) (a13cfe6), closes #5544 #4087 #4695 #5259 #5501
eks: generated cluster name can exceed 100 characters (#5597) (3256a41), closes #5596
eks: kubernetes cannot create external load balancers (#5448) (384d22d), closes #5443
iam: policy added to resource for immutable Role (#5568) (950a5f7)
java: resolve Java class naming error (#5602) (e9ede13)
rds: do not allow aurora engines when using DatabaseInstance (#5367) (03b3b7a), closes #5345
s3n: s3n lambda destination works with function by arn (#5599) (7ceee6d), closes #5592
stepfunctions: permission race condition on state machine deletion (#5466) (c3ac965), closes #5336
tests: flaky integration tests in release pipeline (#5485) (01800cf)
increase IAM wait timeout in integ test (#5504) (f10b3e6)

1.19.0 (2019-12-17)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

route53: the value of hostedZoneId will no longer include /hostedzone/ prefix and only includes the hostedZoneId when using HostedZone.fromLookup or fromHostedZoneAttributes
cloudfront: (experimental module) S3OriginConfig.originAccessIdentityId or type string has been removed in favor of S3OriginConfig.originAccessIdentity of type IOriginAccessIdentity.
cli: cdk diff now exits with 0 even when there's a diff, use --fail to exit with 1. To enable this feature for old projects, add the context key "aws-cdk:diffNoFail": "true" in your cdk.json file.

Features

appsync: add L2 constuct for AppSync (#4438) (226b27a)
cfnspec: Update CloudFormation spec to v10.1.0 (#5431) (ac905ac)
cli: always exit with 0 on cdk diff (under feature flag) (#4721) (3ffd810), closes #4650 #4708
cloudformation: import CloudFormation resource specification v9.1.1 (#5297) (7f33541)
cloudformation: update Resource Specification to v10.0.0 (#5339) (3db8565), closes #5302
cloudfront: CloudFrontOriginAccessIdentity (#4491) (8623fe5)
codebuild: support AL2 2.0 & Standard 3.0 (#5226) (e6ef981)
codebuild: Support ARM-based AL2 image (#5233) (8fc5622)
codepipeline: allow retrieving created stages and actions (#5206) (a5b056b), closes #4878
ec2: access gateways created by NatProvider (#4948) (5907055), closes #4858
ec2: Add missing EC2 instance types (#5349) (#5350) (bc161d6)
ec2: Add REKOGNITION_FIPS interface endpoint (#5316) (b291280), closes #5314
ecs: Add support for ECS DeploymentController (#5402) (58e67e6)
ecs-patterns: healthyPercent on ALB, NLB, Fargate (#4820) (150e65c)
events: add static grantPutEvents() to EventBus (#5133) (0823396)
lambda: function can be attached to a list of security groups in the vpc (#5049) (4c1a9ec)
lambda: provisioned concurrency (#5308) (d50344a), closes #5298
region-info: throw exception when no fact found (#5166) (88df1eb), closes #3194
sns: support KMS masterKey on SNS (#5052) (edd5395), closes #1729
Make activating Python virtualenv easier on Windows (#5014) (fc73747)

Bug Fixes

apigateway: unable to enable cors with a root proxy and LambdaRestApi (#5249) (f3d5fc9), closes #5232
cdk-dasm: prevent duplicate imports (#5293) (d4562b7)
cli: fix the behaviour for the --generate-only flag (#5253) (ecbe0b6)
cli: this.node.addError does not cause cdk diff to fail #4700 (#5284) (1b12dba)
cloudfront: associated lambda role requires edgelambda.amazonaws.com (#5191) (173d886), closes #5180
codebuild: add deprecation warning for UBUNTU_14_04 (#5234) (c1b575f)
codepipeline: CloudFormation deployment role always gets pipeline bucket and key permissions (#5190) (d5c0f3e), closes #5183
core: dependencies across stack boundaries of all kinds (#5211) (d1f0dd5), closes #4460 #4474
dockerfile: docker build is missing dotnet (#5091) (18fa3aa)
docs: update removed subscribeLambda method example (#5060) (d2a86a5)
dynamodb: add missing permission for read stream data (#5074) (22688ce)
dynamodb: stacks created by GlobalTable correctly inherit their account. (#5202) (5ad5407), closes #4882
ec2: can't add non-default routes to subnets (#5332) (e4309ab)
ec2: CIDR for "any" IPv6 too long (#5179) (3695d8c)
ec2: Fix CODEBUILD_FIPS interface endpoint (#5315) (465c848)
ecr: remove deprecated requirement on docs and comments (#5428) (40ec78e), closes #2857 #2857 #3273
init-templates: use pytest for Python sample-app init template (#5325) (6c25da7), closes #5313
route53: return plain hosted zone id without /hostedzone/ prefix (#5230) (5e08753)
sfn: Task parameters property does nothing (#5408) (01df7c6), closes #5267
test: fix .nycrc symlinking (#5245) (d2496e0)

1.18.0 (2019-11-25)

General Availability of AWS CDK for .NET and Java!! 🎉🎉🥂🥂🍾🍾

We are excited to announce the general availability of support for the .NET family of languages (C#, F#, ...) as well as Java!

We want to express our gratitude to all of our early customers as well as the amazing contributors for all the help and support in making this release possible. Thank you for all the feedback provided during the Developer Preview of .NET and Java support, without which the product would not be what it is today.

Special thanks go out to a handful of amazing people who have provided instrumental support in bringing .NET and Java support to this point:

Of course, we continue to be amazed and thrilled by the community contributions we received besides language support. The passion demonstrated by the CDK community is heartwarming and largely contributes to making maintaining the CDK an enjoyable, enriching experience!

Features

lambda: node12.x, python3.8 and java11 runtimes (#5107) (e62f9fb)
lambda: unlock the lambda environment variables restriction in China regions (#5122) (cc13009)

Bug Fixes

init/chsarp: correct README for sample-app C# template (#5144) (b2031f6)
init/sample-app: numerous fixes and additions to the sample-app init templates (#5119) (02c3b05), closes #5130 #5130
init/java: add -e to mvn command so errors aren't hidden (#5129) (5427106), closes #5128
init/csharp: .NET semantic fixes for init templates (#5154) (04a1b32)

Known Issues

The following known issues were identified that specifically affect .NET and Java support in the CDK, and which will be promptly addressed in upcoming CDK releases (in no particular order). See the GitHub issues for more information and workarounds where applicable.

.NET and Java: aws/jsii#1011 - abstract members are not marked as such on their .NET and Java representations
.NET: aws/jsii#1029 - user-defined classes implementing CDK interfaces must extend Amazon.Jsii.Runtime.Deputy.DeputyBase
.NET: aws/jsii#1042 - Parameters typed object accept only primitive types, instances of CDK types, Dictionary<string,?>
.NET: aws/jsii#1044 - Unable to pass interface instance through in a Dictionary<string,object>
Java: aws/jsii#1034 - Implementing or overriding overloaded methods in Java does not work consistently
Java: aws/jsii#1035 - Returning Lazy.anyValue from an method whose return type is java.lang.Object may result in Resolution Errors
Java: aws/jsii#1005 - property getter implementations (e.g: from an interface) may be ignored

1.17.1 (2019-11-19)

Bug Fixes

align all jsii deps to 0.20.7 (15770f4)

1.17.0 (2019-11-19)

Features

cfnspec: update CloudFormation Resource Specification to v8.0.0 (#5031) (1896de2)
cli: adding new option to cdk deploy to indicate whether ChangeSet should be executed (#4852) (c02c9e5), closes #4739
custom-resources: python handler skeleton in readme (#4977) (f0a62fd
upgrade all uses of node8.10 lambda runtime to node10.x (#5075) (7a3a3b1), #4655 #4653 #4642
upgrade to jsii 0.20.7 (#5103) (5ebc633), closes aws/aws-cdk#4316 #994 aws/aws-cdk#5066 #904 #925

Bug Fixes

cli: cdk bootstrap is broken due to --no-execute (#5092) (7acc588)
cli: cdk version prints to STDERR instead of STDOUT like --version (#5095) (ae5170c), closes #4720
core: unable to find stack by name using the cli in legacy mode (#4998) (26bba19), closes #4895 #4997
custom-resources: flatten objects with null values in AwsCustomResource (#5073) (f4ea264), closes #5061
ecs-patterns: Fix issue related to protocol being passed to target group (#4988) (a257d4d)
init-templates: update init templates for csharp and java (#5059) (2d92ab3)
logs: cannot use same Lambda for multiple SubscriptionFilters (#4975) (94f5017), closes #4951

1.16.3 (2019-11-13)

Bug Fixes

ecs-patterns: Fix issue related to protocol being passed to target group (#4988) (6bb29b5)
core: unable to find stack by name using the cli in legacy mode (#4998) (26bba19)

1.16.2 (2019-11-12)

Bug Fixes

python: correct handling of inline-dict for nested props (7666264)

1.16.1 (2019-11-11)

Bug Fixes

jsii: correct handling of mappings into object parameters (0d23eb3)

1.16.0 (2019-11-11)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

core: template file names in cdk.out for new projects created by cdk init will use stack.artifactId instead of the physical stack name to enable multiple stacks to use the same name. In most cases the artifact ID is the same as the stack name. To enable this fix for old projects, add the context key @aws-cdk/core:enableStackNameDuplicates: true in your cdk.json file.

Features

apigateway: publish api endpoint through an export name #3662 (#4849) (652a8f5)
aws-ecr: add onImageScanCompleted() support (#4819) (5bdd9bb), closes #4818
aws-eks: support aws/aws-node-termination-handler as the default spot draining handler (#4931) (f4a41d1)
aws-events: Adds EventBus resources (#4609) (bbec8c5)
cfnspec: update CloudFormation spec to 7.3.0 (#4838) (ed904cb)
cli: add @types/node to typescript init templates (#4947) (efde8e9), closes #3839 #4462 #3840
cli: cdk version command (#4720) (3459982)
cli: docker image asset scanning by default (#4874) (87421c9)
cli: dotnet init templates come with Roslyn Analyzers (#4765) (fbd007e)
cloudwatch: allow overriding of metric graph rendering (#4571) (3643130)
core: add resource type and properties for all CfnResource constructs to tree.json (#4894) (4037155), closes #4562
core: cdk init --generate-only (#4826) (9cc1e52)
custom-resources: allow specifying role for AwsCustomResource (#4909) (98fb888), closes #4906
custom-resources: implement IGrantable for AwsCustomResource (#4790) (b840784), closes #4710
ec2: allow using existing security groups with interface VPC endpoints (#4908) (bda28e8), closes #4589 #2699 #3446
ec2: support NAT instances, AMI lookups (#4898) (dca9a24), closes #4876
ecs: add cloudMapNamespace as a property of cloudMapOptions (#4890) (06caf4f)
feature flags rfc (#4925) (db50ab0)
custom-resources: provider framework (#4572) (f9eec04)
ecs-patterns: add listener port as a property for network/application load balanced services (#4825) (20b8e5d), closes #4793
elbv2: add redirect action of ALB's listener (#4606) (c770d3c), closes #4546
events: support event bus for rule (#4839) (f5858ba)
s3: onCloudTrailWriteObject matches all update events (#4723) (46d9885), closes #4634
sns: support cross-region subscription on imported topics (#4917) (3dd194d), closes #3842
stepfunctions: add EvaluateExpression task (#4602) (6dba637)
vpc: allow Vpc.fromLookup() to discover asymmetric subnets (#4544) (2ccb745), closes #3407

Bug Fixes

apigateway: allow multiple api keys to the same usage plan (#4903) (142bd0e), closes #4860
assets: support exceptions to exclude patterns (#4473) (b7b4336)
cloudfront: aliasConfiguration fallback identifier conflict (#4760) (4d16f79)
cloudfront: revert certificate region verification (#4734) (de0eb47)
core: cannot use the same stack name for multiple stacks (under feature flag) (#4895) (658f100), closes #4412
dockerfile: add yarn (#4844) (2f8d06a)
dynamodb: Fix AutoScaling role ARN (#4854) (fc054e9)
dynamodb-global: cannot deploy global tables due to unresolved resource dependencies (45f0e02), closes #4676
ecs-patterns: handle desired task count being set to 0 (#4722) (c31ca27)
eks: pass --use-max-pods to bootstrap options when false (#4753) (22fe0ce)
elbv2: update region/account map of elbv2 (#4738) (5d98e7f)
init: 'cdk init' doesn't leave .d.ts files (#4841) (10b5b3c)
init: remove automatic JSII Roslyn analyzer dependency (#4835) (5029f0e)
init/csharp: correct cdk.json 'app' command (#4778) (d89504f)
ssm: malformed ARNs for parameters with physical names that use path notation (#4842) (43f276a)

In addition to the above, several bugs in the Python, .NET and Java release of the CDK have been addressed.

1.15.0 (2019-10-28)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

rds: securityGroup: ec2.ISecurityGroup is now securityGroups: ec2.ISecurityGroup[] in DatabaseInstanceAttributes
rds: removed securityGroupId from IDatabaseInstance

Bug Fixes

acm: update CertificateRequestorFunction runtime (#4612) (a711425), closes #4610
assets: docker asset versions are pushed to separate repositories (#4537) (8484114), closes #4535
aws-lambda: update deprecation warning for node.js 8.10 (#4624) (ace8041)
cli: add Cloud Assembly backwards compat tests (#4625) (5d2e5e3), closes #4475 #4544
cloudformation: cannot reference resource attributes with "." in nested stacks (#4684) (561bb73)
codebuild: revert validation that only a project with source CODEPIPELINE can be added to a pipeline (#4689) (8e72720), closes #4646
codepipeline: the CodeBuild action now works with imported projects (#4637) (6c4085e), closes #4613
core: fix docs for CfnInclude (#4703) (ba38b76), closes #3424
core: removalpolicy correct default (#4499) (09d89c3), closes #4416
custom-resources: increase and expose timeout for AwsCustomResource (#4623) (f17f809), closes #3272
eks: cannot update cluster configuration (#4696) (e17ba55), closes #4311 #4310
elbv2: fix disabling proxy protocol v2 attribute for NetworkTargetGroup (#4596) (8b598c4), closes #4574
iam: fix managedPolicyName, cross-account references (#4630) (9b7d2d0), closes #4581 #4567
ssm: invalid parameter arn (#4685) (e26a36c), closes #4672

Features

apigateway: add convenience url property at resource level (#4686) (012eeed)
autoscaling: let AutoScalingGroup be IGrantable (#4654) (406dc8e)
cloudfront: complete viewerCertificate support (#4579) (80b4ac9)
codedeploy: Model ECS deployment resources and pipeline action (#4600) (ed639ca)
codepipeline: add ability to override env variables in CodeBuild actions (#4502) (c0c0513), closes #4531
ec2: Support explicit Subnet selection (#4622) (203a605)
ecs: add support for start and stop timeout in ContainerDefinition (#4638) (b00c0af)
ecs-patterns: add family name to load balanced service properties (#4688) (d7654e7)
ecs-patterns: add service name to queue processing service properties (#4505) (3202720), closes #4504 #4504
rds: allow using existing security groups for new instance (#4495) (ef1ce5e), closes #2949
vpc: additional validation around Subnet Types (#4668) (9a96c37), closes #3704

1.14.0 (2019-10-22)

NOTICE: since Node.js 8.x is going out of maintenance early next year, starting in the next release, we will only test the AWS CDK against Node.js 10.x. If you are using an older version of Node.js, we recommend to upgrade.

Bug Fixes

apigateway: deployment not invalidated when integration is changed (#4552) (eac7695), closes #4551 aws-samples/aws-cdk-intro-workshop#83
cli: patch security vulnerability in https-proxy-agent (npm advisory 1184) (#4603) (ddb05f9)
cli: upgrade proxy-agent to address security volnarability (#4618) (5a941a2)
cloudfront: expose CfnDistribution as defaultChild (#4556) (8a79cad)
codepipeline: work around CodeBuild's pipeline key bug (#4183) (b149b02), closes #4033
core: child stack assembly metadata is duplidated on parent (#4540) (eeb5ae9), closes #2900
eks: invalid arn when mapping users to rbac (#4549) (8f4a38d), closes #4545
elbv2: correct wrong invalidation rules (#4583) (5f50e5f)
region-info: add eu-west-1 to AWS_OLDER_REGIONS (#4584) (7055ee3)
s3: access denied when adding an event notification to a s3 bucket (#4219) (6f22446), closes #3318
s3: bucket notifications deleted during stack update (#4458) (f5daa6e), closes #1566
ssm: allow specifying encryption key (#4511) (02a447f), closes #4498
stepfunctions: map state validation fix (#4382) (bbe0380)
stepfunctions-tasks: update resourceArn in service integrations (#4598) (b0f8a74), closes #4597

Features

apigateway: cors preflight support (#4211) (0f06223)
ec2: mutable? param for imported SecurityGroups (#4493) (9764996)
ecs-patterns: add family name to queue processing service properties (#4508) (b0874bb), closes #4507

1.13.1 (2019-10-15)

Bug Fixes

cli: fix bootstrap so that it has a default for tags on the stack. (#4519) (f4a20a6), closes #4320 #4518

1.13.0 (2019-10-15)

Bug Fixes

codepipeline: allow adding an S3 source action with the same bucket multiple times (#4481) (87458c1), closes #4237
use fixed dependency versions between CDK packages (#4470) (1d1b8bc)
cli: remove warning about assets not included in diff (#4454) (123c594), closes #395
cli: Use RegionalDomainName attribute in output of Toolkit stack for GovCloud and CN compatibility (#4427) (adbc2e3), closes #1469
codepipeline: do not retain the default bucket key and alias (#4400) (9740ed3), closes #4336
elbv2: add new FS security policies (#4425) (a4e63bd)
elbv2: validate healthcheck intervals (#4280) (3627e23), closes #4279
s3-deployment: lambda "src" not included in published module (#4430) (d16080a), closes #4404

Features

aws-s3-deployment: support specifying objects metadata (#4288) (63cb2da)
cli: add tags to CDKToolkit stack through bootstrap cli command (#4320) (4284aa2), closes #4227
cli: notify option in deploy command to specify SNS Notification ARNs (#4420) (7d6b474), closes #2528
codepipeline: support cross-environment deployments for all actions (#4276) (1eebf92), closes #3389
core: Add ability to set stack description (#4457) (#4477) (443394c)
ecs: add automated spot instance draining support (#4360) (9c208d0)
elbv2: support UDP and TCP_UDP protocols (#4390) (1958f26)
s3-deployment: optional role override for bucket-deployment (#4284) (e1b48bc)

1.12.0 (2019-10-07)

Bug Fixes

apigateway: defaultChild on RestApi returns the underlying L1 (#4318) (53db8bc), closes #3234
cloudmap: fix CloudMap Service import, expose ECS CloudMap Service (#4313) (c968c96), closes #4286
codebuild: validate if a CodePipeline action that is cross-account does not have outputs (#4171) (1744f8a), closes #4032
custom-resources: support region for AwsCustomResource (#4298) (934d36f), closes #4292
ecr-assets: exclude option (#4354) (f96b2fb), closes #4353 #4353
ecs: nat network mode for windows tasks (#4317) (9ceb995), closes #4272
lambda-event-sources: add missing export of streams.ts (#4362) (032b70c), closes #4352

Features

cloudformation: nested stacks (#2821) (5225306), closes #239 #395 #3437 #1439 #3463
ecs: add a new API for registering ECS targets (#4212) (de84c4a)
ecs: add support for ProxyConfiguration in ECS TaskDefinition (#4007) (68e1e85)
ecs: Add warning message when pulling ECR image (#4334) (bd36c6c)
ecs-patterns: add CloudMapOptions to load balanced services (#4369) (de0a028)
rds: add support for monitoring to database cluster (#2828) (910c8bf), closes #2826
stepfunctions: add support for Map state (#4145) (c8f0bcf)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

cloudmap: cloudmap.Service.fromServiceAttributes takes a newly required argument namespace.

1.11.0 (2019-10-02)

Bug Fixes

cli: make new CLI work with old assembly versions (#4307) (2f979b7), closes #4294
iam: validate actions (#4278) (3917c4b)
stepfunctions: allow condition on array (#4340) (47203f4)

Features

codepipeline: validate that source actions are in the same region as the pipeline (#4303) (c35091f)
update CloudFormation resource specification to v6.2.0 (#4309) (92b05a6)
cli: Add Jest tests to JavaScript init templates (#4282) (22a5ada), closes #4027
ecs-patterns: Allow overriding loadBalancer and taskDefinition (#4213) (f2a6d46)
lambda: event-source maxBatchingWindow property (#4260) (4040032)

1.10.1 (2019-10-01)

Bug Fixes

cli: make new CLI work with old assembly versions (#4307) (9222447), closes #4294

1.10.0 (2019-09-27)

Bug Fixes

acm: on delete, wait for certificate to become unused (#4191) (db77bfe), closes #4179
acm: support Tokens for domainName in Certificate (#4251) (ee1283d), closes #4232
apigateway: honour requestParameters passed via defaultMethodOptions (#4249) (b347c35)
apigateway: proxy method options are not duplicated to root (#4192) (0d235fe)
appmesh: actually set listener healthCheck.path (#4218) (602bac2)
cloudtrail: fix use of imported bucket with CloudTrail (#4270) (7adb5ea), closes #4256
cloudwatch: can use percentile override in Alarm (#4253) (859e4d1), closes #3845
ecr-assets: docker build targets (#4185) (91cda9d), closes #4184
ecr-assets: give accurate error when Tokens are being used (#4255) (1381b2d), closes #3795
ecs: FargateTaskDefinition supports Tokens for cpu and memory (#4224) (c9529f9)
glue: expose CfnTable as defaultChild (#4197) (467d855)
lambda: asset metadata invalid for layers (#4205) (d998e46), closes #4076 awslabs/aws-sam-cli#1411
route53: use static s3 website endpoint (#4250) (3c252c4)
rule: make ruleName accessible on Rule object (#4252) (be06fd5), closes #3809
s3: missing http on website url (#4189) (960d71f)
ssm: AWS::EC2::Image::Id parameter type (#4161) (48c26c2)

Features

appmesh: eagerly validate healthCheck settings (#4221) (84a1b45)
core: context lookup errors are reported to CX app (#3772) (b0267e4), closes #3654
ec2: add custom userdata factory (#4193) (3a9f4c8)
ec2: add sourceDestCheck to instance (#4186) (6e75168)
ec2: let Instance be IGrantable (#4190) (87f096e)
ecr-assets: Support .dockerignore (faster Docker builds) (#4104) (8389eeb)
ecs: add protocol option and default certificate for HTTPS services (#4120) (e02c6cc)
ecs: add URL output for LB services (#4238) (38d78ed)
ecs-patterns: support propagateTags and ecsManagedTags (#4100) (caa0077), closes #3979
eks: retrieve ami with ssm (#4156) (622a4e1)
eks: upgrade latest kubertenes version to 1.14 (#4157) (c7def91)
elasticloadbalancingv2: add Instance target (#4187) (f11bece)
s3-deployment: allow specifying memory limit (#4204) (84e1d4b), closes #4058
ses-actions: move SES rule actions to separate package (#4163) (a9fef66), closes #3726
publish construct tree into the cloud assembly (#4194) (3cca03d)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

ses-actions: adding an action to a receipt rule now requires an integration object from the @aws-cdk/aws-ses-actions package.

1.9.0 (2019-09-19)

Bug Fixes

apigateway: cross-stack lambda integration causes a cyclic reference (#4010) (17fc967), closes #3705 #3000
apigateway: json schema additionalProperties should be boolean (#3997) (73a1de1)
cloudfront: actually default 'compress' to true (#3359) (364fd56)
core: stack.urlSuffix is no longer scoped (#4011) (82e08bc), closes #3970
ec2: fix subnet selection on looked-up VPCs (#4090) (4a113e6), closes #3650
ec2: improve errors around subnet selection (#4089) (2392108), closes #3859
elbv2: allow multiple certificates on ALB listener (#4116) (d1f8e5c), closes #3757
elbv2: fix cross-stack use of ALB (#4111) (7dfd6be)
elbv2: unhealthyHostCount metric case fix (#4133) (899656c)
events: remove custom resource for fargate event target (#3952) (920f12f), closes #3930
events: remove policy statement from CF template when using AwsApi (#4037) (2e67c2d)
route53: remove http:// from bucket target (#4070) (621441d)

Features

codebuild: add support of Amazon Linux 2 image (#4052) (#4055) (f63bf6f)
codepipeline: cross-environment (account+region) actions (#3694) (69bff3d), closes #52 #1584 #2517 #2569 #3275 #3138 #3388
codepipeline: handle non-CFN cross-region actions (#3777) (b8b4c4d), closes #3387
cognito: add PreTokenGeneration lambda trigger support (#3910) (e9f46da), closes #2497
ecs: add additional log drivers (#3762) (f308f1d), closes #3761
ecs: allow load balancing to any container and port of service (#4107) (c3b3c93)
iam: support NotPrincipal in policy statements (#4077) (9945d9e)
route53: Domain redirect pattern (#3946) (3ac4671), closes #3893
s3-deployment: allow multiple Sources for single Deployment (#4105) (2ce4a87)
update baseline requirement for node engine to 10.3.0 (#4135) (d5ab865)
sns: add support for attribute key matching in message filtering (#3709) (dbf0134)
upgrade CloudFormation resource specification to v6.1.0 (#4112) (3d693e6)
toolkit: conditionally emit AWS::CDK::Metadata resource (#3692) (5901d6e), closes #3648

BREAKING CHANGES TO EXPERIMENTAL FEATURES

s3-deployment: Property source is now sources and is a Source array

1.8.0 (2019-09-10)

Bug Fixes

app-delivery: action template filename incorrect (#3986) (f6ef79d), closes #3595
certificatemanager: increase minimum validation total timeout (#3914) (4973a8c)
custom-resources: correctly handle booleans conversion (#4000) (77105ab), closes #3933
dynamodb: prevent "StreamARN not found for resource" errors (#3935) (617ef82)
ecs: separate application and network load balanced services (#3719) (21eb835)
events: fromObject handles regular and field tokens together (#3916) (b01f62d), closes #3915
iam: only attach policies to imported roles if the accounts match (#3716) (87db7aa), closes #2985 #3025

Code Refactoring

assets: remove content hash attribute (#4003) (181b58b)

Features

cli: #3971 changed cdk synth to rebuild app (#3972) (198f45f)
ec2: support configuring network ACLs (#3699) (3f10543), closes #3621
ecr-assets: fail if tokens are used in buildArgs (#3989) (56ce9ff), closes #3981
eks: add EKS AMis for 1.14 (#3950) (741ef43)
eks: spot capacity and bootstrap options (#3937) (5da6b36), closes #3523 #3857 #3929 #3938 #3939
events: allow passing a role to the CodePipeline target (#4006) (c4054ce), closes #3999

BREAKING CHANGES TO EXPERIMENTAL FEATURES

assets: assets no longer expose a property contentHash. Use sourceHash as a good approximation. if you have a strong use case for content hashes, please raise a github issue and we will figure out a solution.
dynamodb: fix
ecs: The LoadBalancedServiceBase, LoadBalancedEc2Service and LoadBalancedFargateService constructs have been separated out into Application and Network LoadBalancedService constructs for both Ec2 and Fargate Services.

1.7.0 (2019-09-05)

Bug Fixes

codepipeline: insufficient deploy cross-account CFN role S3 permissions (#3855) (09304f7), closes #3765
ecs: default ecsmanagedtags and propagatetags to be undefined (#3887) (1f589a3)
init-templates: add typesRoot compiler option for TypeScript templates (#3865) (2c9bafa), closes #3830
init-templates: fix to include environments and CDK files to .gitignore for Python templates (#3863) (e4f9677), closes #2842
lambda: environment var values are strings (#3858) (f892312), closes #3337
s3-deployment: CallerReference has to be unique (#3880) (16eb658)

Features

ecs,lambda,rds: specify allowAllOutbound when importing security groups (#3833) (5ef34a1)
events: validate MessageGroupId is specified only for FIFO queues (#3811) (cc88f1a)
upgrade to CloudFormation specification 6.0.0 (#3942) (27de0a0)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

ecs,lambda,rds: securityGroupId: string replaced by securityGroup: ISecurityGroup when importing a cluster/instance in @aws-cdk/aws-rds

1.6.1 (2019-08-29)

Bug Fixes

cloudwatch: don't ignore 'stacked' property in GraphWidget class (#2103) (#3796) (527b362)
init-templates: remove dependency on @types/node (#3840) (f46ce18), closes #3839
toolkit: do not deploy empty stacks (#3144) (64ace90)
vpc: recognize Public subnets by Internet Gateway (#3784) (54599e5), closes #3706

1.6.0 (2019-08-27)

Bug Fixes

aws-stepfunctions: refactor sagemaker tasks and fix default role issue (#3014) (d8fcb50)
cli: update bit.ly link to use GitHub link directly (#3782) (042fb53)
ec2: also add egress rules for allowInternally() (#3741) (051aacb), closes #3254
ec2: fix error when using Tokens in Vpc.fromLookup() (#3740) (004077f), closes #3600
ec2: throw useful error when using lazy CIDR in VPC (#3739) (c92e9a9), closes #3617
ecs: IAM role ARN must not specific region. (#3755) (210ed8f), closes #3733
events: fix ECS target in Isolated subnet (#3786) (8bbc7e6)
iam: make User implement IUser (#3738) (05e13f3), closes #3490
lambda: generate correct metrics for aliases (#3728) (ce08853), closes #3724
lambda/rds: allow to specify a role for log retention lambda (#3730) (013cab6), closes #3685
scaling: don't fail when using Tokens (#3758) (0a2ed3d)

Features

acm: validated certificate can use existing Role (#3785) (b51723c), closes #3519 #3753
appmesh: add support for AWS AppMesh (#2299) (98863f9), closes #2297
cloudfront: define lambda@edge as resolvable resource (#2861) (c39d659), closes #1575
cloudtrail: accept existing S3 bucket (#3680) (c2d6847), closes #3651
core: stack.templateFile (#3808) (ac54e14), closes #3807
ec2: add Instance and Bastion Host (#3697) (ef09aba), closes #3174 #1713
ec2: imported SecurityGroups don't create egress rules (#3386) (04710d0), closes #3355
ec2: Validate IP addresses passed to CidrIPvX (#3642) (b67b0f3), closes #3639
ecs: add GPU support in container definition (#3044) (2590327)
ecs: support ecs tag propagation and ecs managed tags (#3420) (1e81053)
eks: updated AMI and EC2 instance sizes (#3805) (2d165ad), closes #3751
elbv2: add support for Lambda targets (#3348) (f003dcc), closes #1921
events: add target to make AWS API calls (#3720) (b6f055a), closes #2538
region-info: report availability of metadata service in Bahrein & Hong-Kong (#3799) (95d8ac3)
updated CloudFormation Resource specification 5.3.0 (#3789) (39ee810)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

ec2: By default, egress rules are not created anymore on imported security groups. This can be configured by setting allowAllOutbound: false upon importing.

1.5.0 (2019-08-20)

Bug Fixes

aws-cdk: update Java template to new builder style (#3723) (ab07af1)
ecr: set correct resource policy for ecr repository (#3590) (30f3968)
events-targets: allow adding same fargate task to multiple rules (#3576) (5b109f9), closes #3574
iam: support NotActions/NotResources (#964) (#3677) (a8ee987)
kms: append aliasName only after first (#3659) (77671ad)
region-info: IAM service principal for China regions (#3491) (013c181)
s3-deployment: custom resource fails to run aws-cli (#3668) (6eabe6d), closes #3656

Features

bootstrap: force toolkit bucket private (#3695) (d1ee4ba)
cloudformation: Update CloudFormation spec to 5.2.0 (#3710) (ab86df7)
cloudformation: update cloudformation spec to v5.1.0 (#3670) (15f01d0)
eks: output update-kubeconfig command (04d88fb), closes #3664
eks: output update-kubeconfig command (#3669) (9e46532), closes #3664
events-targets: allow specifying event for codebuild project target (#3637) (c240e1e)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

aws-cdk: Java builders no longer use the "with" prefix.
eks: cluster name output will not be synthesized by default. instead we synthesize an output that includes the full aws eks update-kubeconfig command. You can enable synthesis of the cluster name output using the outputClusterName: true options.

1.4.0 (2019-08-14)

Bug Fixes

acm: validated certificate survives eventual consistency in service (#3528) (e7eabca), closes #3527
ec2: allow adding gateway endpoints to imported VPC (#3509) (b5db88d), closes #3171 #3472
typo in restapi.ts (#3530) (8381683)
apigateway: allow reusing lambda integration for multiple apis (#3532) (6e6440a)
apigateway: invalid schema generated due to un-mapped ref (#3258) (254f62c)
asg/ec2: fix value of defaultChild (#3572) (c95eab6), closes #3478
aws-ecs: ensure cluster attributes are accessible from constructor’s props (#3020) (24ebec8)
cdk-dasm: update README and fix small typo (#3565) (92b5c2d)
ci: add "do-not-merge" label auto-merge block (#3553) (0c806a6)
cli: support aws:// prefix for bootstrap command (#3599) (8ac7389)
core: correct return type of Fn.getAtt (#3559) (02ef2dc)
core: fix detection of references in Fn.join (#3569) (0a2540b), closes #3554
core: fix use of references in toJsonString() (#3568) (0fc2c3b)
ecs: update driverOpts type definition from array to map (#3358) (65e4a5d)
events: simplify the cache key for cross-account targets (#3526) (db7dc2e)
java: surpress maven output in cdk.json (#3624) (02e097b), closes #3571
kms: allow multiple addAlias calls on single key (#3596) (54f8ea9)
lambda: allow ArnPrincipal in grantInvoke (#3501) (e222e87), closes #3264
sqs: do not emit grants to the AWS-managed encryption key (#3169) (07f017b), closes #2794
ssm: add GetParameters action to grantRead() (#3546) (ebaa1b5)

Code Refactoring

stepfunctions-tasks: make integrationPattern an enum (#3115) (fa48e89), closes #3114

Features

apigateway: support imported roles for integrations (#3369) (15df3c7), closes #2860
autoscaling: blockDevices property (#3622) (6953e03)
autoscaling: health check configuration (#3390) (#3436) (76e5173), closes #3381
aws-codebuild: support pull_request_merged eventaction type (#3575) (5d4a275), closes #3557
aws-stepfunctions-tasks: support step functions state machine execution from a task state (#3522) (ac77990), closes #3521
bootstrap: add kms option to cdk bootstrap (#3634) (d915aac)
cloudformation: update Resource Specification to v5.0.0 (#3605) (1509399)
codepipeline: allow cross-account CloudFormation actions (#3208) (8df4b7e)
ec2: add GenericWindowsImage (#3454) (f4ca41c), closes #3400
ecs: container dependencies (#3032) (56656e0), closes #2490
ecs-patterns: allow customizing logdriver (#3550) (8ffba4b)
eks: add HKG (ap-east-1) EKS AMIs (#3533) (e9f9907)
eks: default capacity (#3633) (91af473), closes #3541
eks: default vpc (#3632) (3a96c27), closes #3541
eks: programmatic definition of kubernetes resources (#3510) (4e11d86)
elasticloadbalancing: add subnet selection (#2833) (#3415) (14e4bc9)
iam: add Role.externalIds property (#3598) (ba2a4df)
iam: customer managed policies (#3578) (4681d01)
png and svg of official aws-cdk logo (#3567) (7158e45), closes #3561
iam: support permissions boundary policy for User and Role (#3584) (661a95e)
.net: templatized csharp sample app and moved from init to sample-app. Changed hook code to allow templating. (#3525) (dd52cec)
route53: add classic elb target support (#3380) (b0720dd)
route53-targets: s3 bucket website target support (#3618) (bccc11f)
s3: website routing rules (#3411) (33f3554)
s3-deployment: CloudFront invalidation (#3213) (e84bdd6), closes #3106

BREAKING CHANGES TO EXPERIMENTAL FEATURES

eks: clusters will be created with a default capacity of x2 m5.large instances. You can specify defaultCapacity: 0 if you wish to disable.
stepfunctions-tasks: To define a callback task, users should specify "serviceIntegrationPattern: sfn.ServiceIntegrationPattern.WAIT_FOR_TASK_TOKEN" instead of "waitForTaskToken: true". For a sync task, users should use "serviceIntegrationPattern: sfn.ServiceIntegrationPattern.SYNC" in the place of "synchronous: true".

1.3.0 (2019-08-02)

Bug Fixes

aws-ecs-patterns: update ecs-patterns to be consistent across constructs (#3404) (f7fbbe0)
aws-kms: Incomplete KMS Resource Policy Permissions (#3459) (1280071), closes #3458 #3458
cli: conversion of "tags" filter for EC2 DescribeVpcs call (#3393) (cf2e3f6), closes #3372
cli: correctly handle tags when deploying multiple stacks (#3455) (4cb9755), closes #3471
core: stop relying on === to find PhysicalName.GENERATE_IF_NEEDED (#3506) (c7e9dfb)
iam: correctly limit the default PolicyName to 128 characters (#3487) (8259756), closes #3402
toolkit: avoid EMFILE and preserve mode when zipping (#3428) (750708b), closes #3145 #3344 #3413

Features

codepipeline: make Pipeline importable by ARN (#3469) (8a100e5), closes #3467
core: improved API for tags (#3465) (e15d391)
ecs: ECS optimized Windows images (#3376) (6c0bf4a), closes #3398 #2574
ecs: make cluster and vpc optional for higher level constructs (#2773) (979f6fd)
ecs: support secret environment variables (#2994) (bc233fa), closes #1478
events: ability to add cross-account targets (#3323) (3b794ea)

1.2.0 (2019-07-25)

Bug Fixes

assert: CfnParameter MatchStyle diff support (#3408) (2747a76), closes #3399
ecs: make registry URL domain-suffix dependent (#3394) (c989fa4), closes #3377
events: allow adding the same target to rule multiple times (#3353) (5879178), closes #3173
s3: fail early with bad notification filters (#3397) (cd0e9bd), closes #3347 #3398

Features

cli: VPC context provider looks up RouteTable IDs (#3171) (6d762f9)
cloudformation: update to Resource Specification v4.2.0 (#3351) (9ec57af)
cloudwatch: dashboardName validation (#3382) (f53f845), closes #2976
core: allow multiple transforms on ITemplateOptions (#3395) (9565b9b), closes #3366
s3: bucket access control (#3391) (820575b), closes /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3 #3383
s3: bucket websiteRedirect (#3392) (dd574cc), closes /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-websiteconfiguration.html#cfn-s3 #1083

1.1.0 (2019-07-18)

Bug Fixes

codepipeline: invoked Lambda doesn't have permissions to the pipeline bucket (#3303) (50c7319), closes #3274
logs: fix infinite retention for jsii users (#3250) (0b1ea76)

Features

acm: add support for validationMethod (#3252) (ceb857d)
codebuild: make artifact encryption configurable (#3230) (792a260)
ec2: add new EC2 instance types #3308 (#3309) (184b93f)
eks: update Kubernetes AMIs and latest version (#3331) (3fcdb45)

1.0.0 (2019-07-09)

General Availability of the AWS Cloud Development Kit!! 🎉🎉🥂🥂🍾🍾

We are excited to announce the 1.0.0 release of the AWS CDK – including GA support for TypeScript, JavaScript, and Python!

We want to thank all of our early customers, and the hundreds of contributors, for all the help and support in making this release a reality. Thank you for the patience to deal with the many, many breaking changes that happened along the way. This product would not be what it is today if it weren't for all the feedback, diligent issue reporting (bugs, missing features, unclear documentation, etc.), and code contributions from the community.

Special thanks go out to a few of our most prolific contributors who went above and beyond to help improve the CDK:

1.0.0 is a huge milestone for us, but it's still only the beginning! We are excited to continue evolving the CDK, to introduce support for new languages and capabilities, and to continue working closely with the open-source community.

Bug Fixes

cli: output message when successfully synthesizing multiple stacks (#3259) (0c30f12)
python: Make sure stack name in the init template does not contain illegal characters (#3261) (7d22b2c)

0.39.0 (2019-07-08)

Bug Fixes

codepipeline: mark crossRegionReplicationBuckets and crossRegionSupport as experimental. (#3226) (f8256e7)
assets: packages assets, aws-ecr-assets and aws-s3-assets are now experimental instead of stable

BREAKING CHANGES TO EXPERIMENTAL FEATURES

codepipeline: Pipeline.crossRegionReplicationBuckets is now experimental
codepipeline: Pipeline.crossRegionSupport is now experimental
codepipeline: CrossRegionSupport is now experimental
assets: package assetsis now experimental instead of stable
aws-ecr-assets: package aws-ecr-assetsis now experimental instead of stable
aws-s3-assets: package aws-s3-assetsis now experimental instead of stable

0.38.0 (2019-07-08)

Bug Fixes

cli: exclusively is also '-e' for destroy (#3216) (d6f5207), closes #2367
cloudwatch: AlarmWidget takes IAlarm (#3219) (9948bfd), closes #3068
core: fix build errors in fsharp init-template (#3229) (7d020f1)
core: UpdateReplacePolicy mirrors DeletionPolicy (#3217) (d61bd2c), closes #2901
ecr: repository grant uses correct resource ARN (#3220) (cc2275c), closes #2473
iam: fix managed policies for User (#3221) (ec1c5b7), closes #2557
make capitalization of Ip/Az consistent (#3202) (d60d673)

Features

use classes for structs in Python (#3232) (161a459)
codebuild: allow specifying principals and credentials for pulling build images. (#3049) (3319fe5), closes #2175

BREAKING CHANGES TO EXPERIMENTAL FEATURES

codebuild: LinuxBuildImage.fromDockerHub() has been renamed to fromDockerRegistry() and WindowsBuildImage.fromDockerHub() has been renamed to fromDockerRegistry()
iam: aws-iam.User and Group: managedPolicyArns => managedPolicies.
in all identifiers, renamed IPv4 => Ipv4, IPv6 => Ipv6, AZs => Azs.

0.37.0 (2019-07-04)

Bug Fixes

core: fix some return types (#3192) (b5997c3)
ecs: grant drain-hook policy container-instance permissions (#3199) (7796cd7), closes #3190
sns: allow tokens to be used in UrlSubscription (#2938) (5ce4141)
ssm: correctly deduplicate parameter names (#3183) (47bf435), closes #3076
stepfunctions: Downscope SageMaker permissions (#2991) (69c82c8)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

core: construct.findChild() now only looks up direct children
ec2: Port.toRuleJSON was renamed to toRuleJson
codebuild: PipelineProject.addSecondaryArtifact now returns void (formerly any)
codebuild: Project.addSecondaryArtifact now returns void (formerly any)

0.36.2 (2019-07-03)

Bug Fixes

cli: generate metadata resource for region-independent stacks (#3149) (0fb7ea3), closes #3142
cli: stop processing on metadata errors (#3168) (0936bde)
codepipeline: correctly pass the replication buckets to Action.bind() (#3131) (99ae5e7)
codepipeline: grant missing permisisons to the CloudFormationExecuteChangeSetAction. (#3178) (958acc2), closes #3160
codepipeline: grant the CodeCommit source Action read-write permissions to the Pipeline's Bucket. (#3175) (bd46e49), closes #3170
core: prevent volatile physical name generation (#2984) (af2680c)
ecs: remove temporary workaround for long arn support (#3072) (9fdb63f), closes #2176

Features

codedeploy: allow setting a Deployment Configuration for an imported Lambda Deployment Group. (#3158) (05a49f0)
iam: can configure 'deny' for policy statements (#3165) (6679e86)

0.36.1 (2019-07-01)

Bug Fixes

aws-codepipeline-actions: use SecretValue (#3097) (b84caab)
cli: fix broken sample-app templates for TypeScript and JavaScript (#3101) (800ecf2)
cli: fix broken test in Java init template (#3108) (f696efc), closes #3065
cli: fix Python sample-app template (#3071) (796d6bb), closes #3058 #3069
cli: improve description of --json to reflect behavior (#3086) (68cfa54), closes #2965
cli: Python blank app should call app.synth(), not app.run() (16345dc), closes #3123
cli: update TypeScript lib init template (#3134) (629e963)
code: make CfnResource#_toCloudFormation null-safe (#3121) (71cb421), closes #3093
codepipeline-actions: set service as backing resource for EcsDeployAction (#3085) (f2293e0)
core: improve context providers error message for env-agnostic stacks (#3137) (5b80146), closes #2922 #3078 #3120 #3130
documentation: auto-labeling fixed (#3089) (7fb82ad)
documentation: removed duplicate generated template (#3090) (590b05c)
elasticloadbalancingv2: fix to be able to set deregistrationDelay (#3075) (22ab4b4)
events: correct token resolution in RuleTargetInput (#3127) (a20c841), closes #3119
sns: create subscriptions in consumer scope (#3065) (64a203f), closes #3064

Features

apigateway: support custom domain names (#3135) (52b136b), closes #3103
aws-apigateway: expand RestApi support to models, parameters and validators (#2960) (12e6380), closes #905 #1695 #727 #723 #2957
codepipeline: generate a Role for every AWS-owned Action used in a Pipeline. (#3105) (921dcc9)
core: add Tokenization.isResolvable for aspects (#3122) (d3a417e), closes #3026
dynamodb: support RemovalPolicy (#3028) (a6175be), closes #2710

0.36.0 (2019-06-24)

Bug Fixes

certificatemanager: increase wait time for DNS validation (#2961) (5b5ca48), closes #2914
cli: disable line folding in YAML (#2964) (0dabb02), closes #2703
cloudfront: fixes typos in cloudfront docs (#3021) (46b3292), closes #3019
core: incorrect arg type on Fn.eachMemberIn (#2958) (5baa31f), closes #2950
core: record DependableTrait directly on instance (#2962) (e535929), closes #2713
elbv2: restrict ALB access logs bucket permissions to minimum (#2929) (370b905)
rds: correctly expose DatabaseCluster's read endpoint (#2970) (2d50c18), closes #2969
ecr: align IRepository events to RepositoryBase (#3036) (f51760f), closes #2921
route53: dummy hosted zone has right name (#2995) (76b5309), closes #2076
sfn: pass support non-object Result types (#2811) (5282a08)
stepfunctions: fix passing of Token in RunLambdaTask (#2939) (58a80ab), closes #2937
cli: ensure asset zips are consistently produced (#2931) (9101161), closes #1997 #2759

Code Refactoring

rename all L1 enum-like members to ALL_CAPS #3024 #3023, #3018 #980 #2989 #2918 #2287
cx-api: bump cli <=> cdk protocol version (#2956) (8ab84ec), closes #2922
cloudformation: extract "custom-resources" module (#3027) (767687d), closes #2951
codepipeline: API cleanup. (#2982) (13025c4)
codepipeline: change the API of cross-region replication Buckets. (#2977) (98afdeb)
codepipeline: introduce IAction and unify the Action.bind() signature (#3012) (089fc93)
core: additional api cleanups (#2972) (7fb6fd6), closes #2971
core: CfnResource.options => cfnOptions (#3030) (e537e4c)
core: rename "Stack.autoRun" to "autoSynth" (#3016) (3b44791)
core: rename @aws-cdk/cdk to @aws-cdk/core (#2932) (4a0272d), closes #2733
ecs: hide clusterName from Services (#2980) (a6e4f6a)

Features

Support physical names in the entire Construct Library (#2894) (d9d3a99)
codepipeline-actions: Add CAPABILITY_AUTO_EXPAND (#2851) (#2852) (c9340a6)
core: environment-agnostic cloud assemblies (#2922) (c75d245), closes #2866
core: Introduced Duration class (#2857) (2ceec6c)
ecs: change the default Amazon Linux generation to v2 (#3009) (32e3421), closes #3005
ecs: set default health check grace period to 60s (#2942) (0535d36), closes #2936
events: make target optional in onXxx() methods (#2921) (ea10f0d), closes #2913
issues: new format for issue templates (#2917) (67f6de0)
sns: add support for subscription filter policy (#2778) (ae789ed)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

IMPORTANT: previous versions of the CDK CLI will not be fully compatible with this version of the framework and vice versa.
core: the @aws-cdk/cdk module was renamed to @aws-cdk/core, python: aws_cdk.core, java: the artifact cdk in groupId software.amazon.awscdk was renamed to core
all enum and public static readonly members have been renamed to use "ALL_CAPS" capitalization
properties throughout the AWS Construct Libraries that represent lengths of time have been re-typed to be @aws-cdk/cdk.Duration instead of number, and were renamed to exclude any unit indication.
core: The deprecated app.run() has been removed (use app.synth()).
core: The CfnResource.options property was renamed to CfnResource.cfnOptions to avoid conflicts with properties introduced by derived classes.
core CfnXxx.cfnResourceTypeName is now CFN_RESOURCE_TYPE_NAME in generated CFN resources.
core: ContextProvider is no longer designed to be extended. Use ContextProvider.getValue and ContextProvider.getKey as utilities.
core: Context.getSsmParameter has been removed. Use ssm.StringParameter.valueFromLookup
core: Context.getAvailabilityZones has been removed. Use stack.availabilityZones
core: Context.getDefaultAccount and getDefaultRegion have been removed an no longer available. Use the environment variables CDK_DEFAULT_ACCOUNT and CDK_DEFAULT_REGION instead.
core: StackProps.autoRun was renamed to StackProps.autoSynth.
core: CfnElement.refAsString renamed to ref of string type. The IResolvable version have been removed.
core: IStringValue renamed to IStringProducer
core: Include renamed to CfnInclude
core: Cfn prefix was added to the following types: CfnCreationPolicy, CfnResourceAutoScalingCreationPolicy, CfnResourceAutoScalingCreationPolicy, CfnDeletionPolicy, CfnUpdatePolicy, CfnAutoScalingRollingUpdate, CfnAutoScalingReplacingUpdate, CfnAutoScalingScheduledAction, CfnCodeDeployLambdaAliasUpdate, CfnTag CfnRuleAssertion, CfnDynamicReferenceProps
core: deepMerge is no longer exported.
core: CfnOutputProps.export was renamed to exportName.
core: CfnOutput all properties are now private
core: StringListCfnOutput has been removed
core: all instance methods of Fn were made static, and the Fn constructor was made private.
ec2: VpcNetworkProvider has been removed. Use Vpc.fromLookup.
ec2: ec2.MachineImage will now resolve AMIs from SSM during deployment.
ecs: ecs.EcsOptimizedAmi will now resolve AMis from SSM during deployment.
ecs: previously, the default generation is conditionally set to Amazon Linux v1 if hardwareType was STANDARD. Now it always defaults to Amazon Linux v2.
ecs: service.clusterName has been replaced with .cluster.
sam requiredTransform is now REQUIRED_TRANSFORM in generated code.
cloudformation: the AwsCustomResource class was moved to a new module called @aws-cdk/custom-resource
codepipeline: the capabilities property is now an array to support multiple capabilities.
codepipeline: the Pipeline construction property crossRegionReplicationBuckets now takes values of type IBucket instead of string.
corepipeline: the property Pipeline.crossRegionScaffoldStacks has been renamed to crossRegionSupport, and its type changed from CrossRegionScaffoldStack to CrossRegionSupport.
codepipeline-actions: rename CodeCommitAction.pollForSourceChanges to trigger and make it an enum.
codepipeline-actions: rename S3SourceAction.pollForSourceChanges to trigger, and make it an enum.
codepipeline-actions: rename StageAddToPipelineProps interface to StageOptions.
codepipeline-actions: remove the classes CloudFormationAction and CloudFormationDeployAction.
route52: HostedZoneProvider has been removed. Use HostedZone.fromLookup.

0.35.0 (2019-06-19)

Bug Fixes

cli: Move version check TTL file to home directory (#2774) (1ae11c0)
cli: correctly pass Stack-level Tags (#2829) (e0718ef), closes #2822
cli: Hide @types/yargs types from types (#2907) (095d8e2), closes #2895
cloudformation-diff: string.replace error on cdk context (#2870) (b8a1c8e), closes #2854
codebuild: API cleanup. (#2745) (c3667d7)
codebuild: correctly handle permissions for Projects inside VPC. (#2662) (390baf1), closes #2651 #2652
core: make IResolvable.creationStack required (#2912) (7c6ebb6)
core: use default account/region when environment is not specified (#2867) (e9a4a79), closes #2728 #2853 #2866
ecs: downscope permissions required by instance draining hook (#2761) (9ea6148)
ecs-patterns: update constructs for ECS/Fargate consistency (#2795) (1378e2d)
events-targets: event targets can have the same construct id (#2744) (210dd0f), closes #2377
iam: support adding permissions to imported roles (#2805) (936464f), closes #2381 #2651 #2652 #2662
cli: Correct java init template (#2889) (b3b3ba9)
rds: allow setting backupRetentionPeriod=0 (#2875) (b0730dd)
rds: fix unresolved endpoint socket address (#2846) (902636a), closes #2711
sqs: remove 'Batch' permissions (#2806) (654cb37), closes #2381

Code Refactoring

apigateway: API cleanups (#2903) (53e1191)
assets: API cleanups (#2910) (83eee09)
codebuild: introduce BuildSpec object (#2820) (86a2192)
codepipeline: rename name in StageProps to stageName. (#2882) (be574a1)
core: revisit the Stack API (#2818) (47afdc2), closes #2728
dynamodb: API cleanups (#2905) (d229836)
ecs: Asset ContainerImage no longer takes Construct arguments (#2906) (8f400e7)
ecs: rename hwType to hardwareType (#2916) (1aa0589), closes #2896
lambda: renamed the lambda.Runtime enum values from NodeJS to Nodejs (#2815) (10c37dd), closes #980
lambda: Standardize Lambda API (#2876) (6446b78)
logs: API cleanups (#2909) (06221ac)
secretsmanager: API cleanups (#2908) (60f46c8)
ssm: API cleanups (#2904) (bd1bcf5)
clean up API for removal policy across the library (#2893) (65014ab)
sns: move subscribers to aws-sns-subscribers (#2804) (9ef899c)
events: clean up Events APIs (#2840) (1e23921), closes #2840
iam: cleanup of IAM library (#2823) (b735d1c), closes #2823

Features

cli: Expose props in CFN resources and remove propertyOverrides (#2372) (#2372) (aa61dfb), closes #2100
cli: deploy/destory require explicit stack selection if app contains more than a single stack (#2772) (118a716), closes #2731
cli: Remove stack rename support (#2819) (0f30e39), closes #2670
cloudformation: add option to restrict data returned AwsCustomResource (#2859) (a691900), closes #2825
cloudformation: Add removalPolicy on CustomResource (#2770) (859248a)
cloudfront: add Lambda associations (#2760) (b088c8c)
codepipeline: final form of the CodeBuild Pipeline action. (#2716) (c10fc9a)
core: show token creation stack trace upon resolve error (#2886) (f4c8dcd)
ecs: add metrics for Fargate services (#2798) (acf015d)
ecs-patterns: LoadBalancedFargateService - allow specifying containerName and role (#2764) (df12197)
elasticloadbalancing: add crossZone load balancing (#2787) (192bab7), closes #2786
lambda: Expose $LATEST function version (#2792) (55d1bc8), closes #2776
s3: add CORS Property to S3 Bucket (#2101) (#2843) (1a386d8)
s3: add missing storage classes and API cleanups (#2834) (5cd9609), closes #2708
stepfunctions: add grantStartExecution() (#2793) (da32176)
stepfunctions: add support for AmazonSageMaker APIs (#2808) (8b1f3ed), closes #1314
stepfunctions: waitForTaskToken for Lambda, SQS, SNS (#2686) (d017a14), closes #2658 #2735
formalize the concept of physical names, and use them for cross-environment CodePipelines. (#1924) (6daaca8)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

assets: AssetProps.packaging has been removed and is now automatically discovered based on the file type.
assets: ZipDirectoryAsset has been removed, use aws-s3-assets.Asset.
assets: FileAsset has been removed, use aws-s3-assets.Asset.
lambda: Code.directory and Code.file have been removed. Use Code.asset.
assets-docker: The module has been renamed to aws-ecr-assets
ecs: the property that specifies the type of EC2 AMI optimized for ECS was renamed to hardwareType from hwType.
codebuild: the method addToRoleInlinePolicy in CodeBuild's Project class has been removed.
dynamodb: TableOptions.pitrEnabled renamed to pointInTimeRecovery.
dynamodb: TableOptions.sseEnabled renamed to serverSideEncryption.
dynamodb: TableOptions.ttlAttributeName renamed to timeToLiveAttribute.
dynamodb: TableOptions.streamSpecification renamed stream.
ecs: ContainerImage.fromAsset() now takes only build directory directly (no need to pass scope or id anymore).
secretsmanager: ISecret.secretJsonValue renamed to secretValueFromJson.
ssm: ParameterStoreString has been removed. Use StringParameter.fromStringParameterAttributes.
ssm: ParameterStoreSecureString has been removed. Use StringParameter.fromSecureStringParameterAttributes.
ssm: ParameterOptions.name was renamed to parameterName.
logs: newStream renamed to addStream and doesn't need a scope
logs: newSubscriptionFilter renamed to addSubscriptionFilter and doesn't need a scope
logs: newMetricFilter renamed to addMetricFilter and doesn't need a scope
logs: NewSubscriptionFilterProps renamed to SubscriptionProps
logs: NewLogStreamProps renamed to LogStreamOptions
logs: NewMetricFilterProps renamed to MetricFilterOptions
logs: JSONPattern renamed to JsonPattern
apigateway: MethodOptions.authorizerId is now called authorizer and accepts an IAuthorizer which is a placeholder interface for the authorizer resource.
apigateway: restapi.executeApiArn renamed to arnForExecuteApi.
apigateway: restapi.latestDeployment and deploymentStage are now read-only.
events: EventPattern.detail is now a map.
events: scheduleExpression: string is now schedule: Schedule.
multiple modules have been changed to use cdk.RemovalPolicy to configure the resource's removal policy.
core: applyRemovalPolicy is now CfnResource.applyRemovalPolicy.
core: RemovalPolicy.Orphan has been renamed to Retain.
core: RemovalPolicy.Forbid has been removed, use Retain.
ecr: RepositoryProps.retain is now removalPolicy, and defaults to Retain instead of remove since ECR is a stateful resource
kms: KeyProps.retain is now removalPolicy
logs: LogGroupProps.retainLogGroup is now removalPolicy
logs: LogStreamProps.retainLogStream is now removalPolicy
rds: DatabaseClusterProps.deleteReplacePolicy is now removalPolicy
rds: DatabaseInstanceNewProps.deleteReplacePolicy is now removalPolicy
codebuild: rename BuildSource to Source, S3BucketSource to S3Source, BuildArtifacts to Artifacts, S3BucketBuildArtifacts to S3Artifacts
codebuild: the classes CodePipelineBuildSource, CodePipelineBuildArtifacts, NoBuildSource, and NoBuildArtifacts have been removed
codebuild: rename buildScriptAsset and buildScriptAssetEntrypoint to buildScript and buildScriptEntrypoint, respectively
cli: All L1 ("Cfn") Resources attributes are now prefixed with attr instead of the resource type. For example, in S3 bucket.bucketArn is now bucket.attrArn.
propertyOverrides has been removed from all "Cfn" resources, instead users can now read/write resource properties directly on the resource class. For example, instead of lambda.propertyOverrides.runtime just use lambda.runtime.
codepipeline: the property designating the name of the stage when creating a CodePipeline is now called stageName instead of name
codepipeline: the output and extraOutputs properties of the CodeBuildAction were merged into one property, outputs.
lambda:
- Renamed Function.addLayer to addLayers and made it variadic
- Removed IFunction.handler property
- Removed IVersion.versionArn property (the value is at functionArn)
- Removed SingletonLayerVersion
- Stopped exporting LogRetention
cli: if an app includes more than one stack "cdk deploy" and "cdk destroy" now require that an explicit selector will be passed. Use "cdk deploy '*'" if you want to select all stacks.
iam: PolicyStatement no longer has a fluid API, and accepts a props object to be able to set the important fields.
iam: rename ImportedResourcePrincipal to UnknownPrincipal.
iam: managedPolicyArns renamed to managedPolicies, takes return value from ManagedPolicy.fromAwsManagedPolicyName().
iam: PolicyDocument.postProcess() is now removed.
iam: PolicyDocument.addStatement() renamed to addStatements.
iam: PolicyStatement is no longer IResolvable, call .toStatementJson() to retrieve the IAM policy statement JSON.
iam: AwsPrincipal has been removed, use ArnPrincipal instead.
s3: s3.StorageClass is now an enum-like class instead of a regular enum. This means that you need to call .value in order to obtain it's value.
s3: s3.Coordinates renamed to s3.Location
codepipeline: Artifact.s3Coordinates renamed to Artifact.s3Location.
codebuild: buildSpec argument is now a BuildSpec object.
lambda: lambda.Runtime.NodeJS* are now lambda.Runtime.Nodejs*
core: multiple changes to the Stack API
core: stack.name renamed to stack.stackName
core: stack.stackName will return the concrete stack name. Use Aws.stackName to indicate { Ref: "AWS::StackName" }.
core: stack.account and stack.region will return the concrete account/region only if they are explicitly specified when the stack is defined (under the env prop). Otherwise, they will return a token that resolves to the AWS::AccountId and AWS::Region intrinsic references. Use Context.getDefaultAccount() and Context.getDefaultRegion() to obtain the defaults passed through the toolkit in case those are needed. Use Token.isUnresolved(v) to check if you have a concrete or intrinsic.
core: stack.logicalId has been removed. Use stack.getLogicalId()
core: stack.env has been removed, use stack.account, stack.region and stack.environment instead
core: stack.accountId renamed to stack.account (to allow treating account more abstractly)
core: AvailabilityZoneProvider can now be accessed through Context.getAvailabilityZones()
core: SSMParameterProvider can now be accessed through Context.getSsmParameter()
core: parseArn is now Arn.parse
core: arnFromComponents is now arn.format
core: node.lock and node.unlock are now private
core: stack.requireRegion and requireAccountId have been removed. Use Token.unresolved(stack.region) instead
core: stack.parentApp have been removed. Use App.isApp(stack.node.root) instead.
core: stack.missingContext is now private
core: stack.renameLogical have been renamed to stack.renameLogicalId
core: IAddressingScheme, HashedAddressingScheme and LogicalIDs are now internal. Override Stack.allocateLogicalId to customize how logical IDs are allocated to resources.

cli: The CLI no longer accepts --rename, and the stack

           names are now immutable on the stack artifact.

sns: using a queue, lambda, email, URL as SNS Subscriber now requires an integration object from the @aws-cdk/aws-sns-subscribers package.
ecs-patterns: Renamed QueueWorkerService for base, ec2 and fargate to QueueProcessingService, QueueProcessingEc2Service, and QueueProcessingFargateService.
iam: roleName in RoleProps is now of type PhysicalName
s3: bucketName in BucketProps is now of type PhysicalName
codebuild: roleName in RoleProps is now of type PhysicalName

0.34.0 (2019-06-07)

Bug Fixes

build: Correct buildspec so it does not fail (#2737) (e362ac8)
certificatemanager: correct certificateArn typo in the README (#2712) (2bfc1c2)
cli: don't fail if region cannot be determined (#2721) (0c72ef3), closes #2697
cli: remove support for applets (#2691) (0997ee2)
cloudwatch: move SNS Alarm Action to aws-cloudwatch-actions (#2688) (e3df21a)
codebuild: grant the Project's Role permissions to the KMS Key if it was passed. (#2715) (4e12fe6)
core: apply overrides after rendering properties (#2685) (f2636e5), closes #2677
core: Make filterUndefined null-safe (#2789) (e4fb811), closes awslabs/jsii#523
ecs: remove LoadBalancedFargateServiceApplet, no longer supported (#2779) (a610017)
ecs-patterns: expose service on queue worker services (#2780) (6d83cb9)
pkglint: Adjust stability banner style (#2768) (da94d8b)
route53: support zone roots as record names (#2705) (08a2852)
stepfunctions: improve Task payload encoding (#2706) (1c13faa)

Code Refactoring

Construct props must not use the 'any' type (awslint:props-no-any) (#2701) (cb2b334), closes #2673
remove deprecated modules (#2693) (421bf6d)
core: improvements to Construct API (#2767) (3f7a0ad), closes #1934 #2766
core: misc cleanups to App-related APIs (#2731) (b2e1964), closes #1891 #2750
kms: Rename EncryptionKeyAlias to Alias (#2769) (da8e1d5)

Features

core: node.defaultChild as a shortcut to escape hatch (#2684) (8cd3c23), closes #2290
core+cli: support tagging of stacks (#2185) (d0e19d5), closes #932
event-targets: add support for fargate/awsvpc tasks (#2707) (2754dde)
events: support SQS queues as rule targets (#2683) (078e34a), closes #1786
rds: add engineVersion to DatabaseCluster (#2698) (0593d51), closes #2212
rds: add support for database instances (#2187) (b864041), closes #2075 #1693
route53: improve constructs for basic records (#2741) (696f53f)
s3: default to KMS if encryptionKey is specified (#2719) (ae4a04f), closes #2714
tokens: enable type coercion (#2680) (0f54698), closes #2679

BREAKING CHANGES TO EXPERIMENTAL FEATURES

route53: recordValue: string prop in route53.TxtRecord changed to values: string[]
recordValue prop in route53.CnameRecord renamed to domainName
route53.AliasRecord has been removed, use route53.ARecord or route53.AaaaRecord with the target prop.
kms: The EncryptionKeyAlias class was renamed to Alias. Associated types (such as EncryptionKeyAliasProps) were renamed in the same way.
cli: This release requires CDK CLI >= 0.34.0
core: App.run() was renamed to App.synth() (soft deprecation, it will be removed in the next release).
core: node.stack is now Stack.of(construct) (fixes #2766)
core: node.resolve has been moved to stack.resolve.
core: node.stringifyJson has been moved to stack.stringifyJson.
core: node.validateTree is now ConstructNode.validate(node)
core: node.prepareTree is now ConstructNode.prepare(node)
core: node.getContext is now node.tryGetContext
core: node.recordReference is now node.addReference
core: node.apply is now node.applyAspect
core: node.ancestors() is now node.scopes
core: node.required has been removed.
core: node.typename has been removed.
core: node.addChild is now private
core: node.findReferences() is now node.references
core: node.findDependencies() is now node.dependencies
core: stack.dependencies() is now stack.dependencies
core: CfnElement.stackPath has been removed.
core: CloudFormationLang is now internal (use stack.toJsonString())
cloudwatch: using an SNS topic as CloudWatch Alarm Actxion now requires an integration object from the @aws-cdk/aws-cloudwatch-actions package.
event-targets: targets.EcsEc2Task renamed to targets.EcsTask
SNS - Subscription endpoint is now type string (previously any)
Step Functions - result in the Pass state is now type map (previously any)
the following modules are no longer released: @aws-cdk/applet-js, @aws-cdk/aws-autoscaling-api, @aws-cdk/aws-codedeploy-api
cli: applets are no longer supported as an app type, use "decdk" instead.
core: Properties passed to addPropertyOverride should match in capitalization to the CloudFormation schema (normally pascal case). For example, addPropertyOverride('accessControl', 'xxx') should now be addPropertyOverride('AccessControl', 'xxx').
rds: rds.RotationSingleUser renamed to rds.SecretRotation
rds: rds.ClusterParameterGroup no longer has setParameter() and removeParameter() methods, use the parameters prop directly in the constructor instead.

0.33.0 (2019-05-30)

IMPORTANT: apps created with the CDK version 0.33.0 and above cannot be used with an older CLI version.

Bug Fixes

core: Fn.cidr should return a list and not a string (#2678) (9d2ea2a), closes #2671
cli: fix ts-node usage on Windows (#2660) (5fe0af5)
cli: make cdk docs open the new API reference (#2633) (6450758)
cli: correctly pass build args to docker build (#2634) (9c58d6f)
core: hide dependencyRoots from public API (#2668) (2ba5ad2), closes #2348
autoscaling: move lifecycle hook targets to their own module (#2628) (b282132), closes #2447
codepipeline: no longer allow providing an index when adding a Stage to a Pipeline. (#2624) (ce39b12)
codepipeline-actions: correctly serialize the userParameters passed to the Lambda invoke Action. (#2537) (ceaf54a)
cx-api: improve compatibility messages for cli <=> app (#2676) (38a9894)
ecs: move high level ECS constructs into aws-ecs-patterns (#2623) (f901313)
logs: move log destinations into 'aws-logs-destinations' (#2655) (01601c2), closes #2444
s3: move notification destinations into their own module (#2659) (185951c), closes #2445

Features

cli: decouple "synth" and "deploy" through cloud assemblies (#2636) (c52bcfc), closes #1893 #2093 #1954 #2310 #2073 #1245 #341 #956 #233 #2016
acm: allow specifying region for validated certificates (#2626) (1a7d4db)
apigateway: support for UsagePlan, ApiKey, UsagePlanKey (#2564) (203f114), closes #723
autoscaling: allow setting spotPrice (#2571) (d640055), closes #2208
cfn: update CloudFormation spec to v3.3.0 (#2669) (0f553ee)
cli: disable noUnusedLocals and noUnusedParameters from typescript templates (#2654) (b061826)
cloudformation: aws-api custom resource (#1850) (9a48b66)
cloudwatch: support all Y-Axis properties (#2406) (8904c3e), closes #2385

BREAKING CHANGES TO EXPERIMENTAL FEATURES

logs: using a Lambda or Kinesis Stream as CloudWatch log subscription destination now requires an integration object from the @aws-cdk/aws-logs-destinations package.
codepipeline-actions: removed the addPutJobResultPolicy property when creating LambdaInvokeAction.
cli: --interactive has been removed
cli: --numbered has been removed
cli: --staging is now a boolean flag that indicates whether assets should be copied to the --output directory or directly referenced (--no-staging is useful for e.g. local debugging with SAM CLI)
assets: Assets (e.g. Lambda code assets) are now referenced relative to the output directory.
assert: SynthUtils.templateForStackName has been removed (use SynthUtils.synthesize(stack).template).
cx-api: cxapi.SynthesizedStack renamed to cxapi.CloudFormationStackArtifact with multiple API changes.
core: cdk.App.run() now returns a cxapi.CloudAssembly instead of cdk.ISynthesisSession.
s3: using a Topic, Queue or Lambda as bucket notification destination now requires an integration object from the @aws-cdk/aws-s3-notifications package.
autoscaling: using a Topic, Queue or Lambda as Lifecycle Hook Target now requires an integration object from the @aws-cdk/aws-autoscaling-hooktargets package.
codepipeline: the property atIndex has been removed from the StagePlacement interface.
aws-ecs: These changes move all L3 and higher constructs out of the aws-ecs module into the aws-ecs-patterns module. The following constructs have been moved into the aws-ecs-patterns module: EcsQueueWorkerService, FargateQueueWorkerService, LoadBalancedEcsService, LoadBalancedFargateService and LoadBalancedFargateServiceApplets.
cloudwatch: rename leftAxisRange => leftYAxis, rightAxisRange => rightYAxis, rename YAxisRange => YAxisProps.

0.32.0 (2019-05-24)

Bug Fixes

update all 'onXxx' methods to be CloudWatch Events (#2609) (28942d2), closes #2278
appscaling: fix StepScaling (#2522) (1f004f6)
aws-ecs: allow linux parameters to be settable (#2397) (417e5e8), closes #2380
aws-glue: fix glue tableArn and integer schema name (#2585) (99e173e)
cdk: CfnMapping.findInMap with tokens (#2531) (756e2b6), closes #1363
cloudfront: Use regional endpoint for S3 bucket origins (64c3c6b)
codebuild: correctly pass the VPC subnet IDs to the Policy Statement's condition when using a VPC. (#2506) (145da28), closes #2335
codecommit: add a Repository.fromRepositoryName() method. (#2515) (6fc3718), closes #2514
codedeploy: change the load balancer API in server Deployment Group. (#2548) (8e05d49), closes #2449
codepipeline: correctly validate Artifacts used by Actions in the same Stage. (#2558) (cfe46f6), closes #2549
core: Correctly search for loaded modules in node 12 (#2612) (286866a), closes nodejs/node#27583
ec2: allow disabling privateDnsEnabled on VPCs (#2596) (4d2fbe9), closes #2556
ec2: fix VPC endpoint name for SageMaker Notebooks (#2598) (aec8ec2)
iam: allow CompositePrincipal construction with spread (#2507) (eb13741)
lambda: compare Runtimes by value instead of identity (#2543) (584579e)
lambda: deprecate old Lambda runtimes (#2594) (20f4ec1)
route53-targets: move Alias Targets into their own package (#2617) (f40fe98), closes #2448
s3: Make IBucket.arnForObject accept only (exactly) one key pattern (5ac6e77)

Code Refactoring

remove "export"s and normalize resource names (#2580) (68efa04), closes #2577 #2578 #2458 #2419 #2579 #2313 #2551
use construct interfaces in public api (awslint:ref-via-interface) (#2499) (f9c6ad6), closes #2412

Features

assets: Add deploy-time content hash (#2334) (9b4db42), closes #1400
aws-cdk: use ts-node for TypeScript templates (#2527) (4f7b48d), closes #1532
aws-codepipeline: Pipeline now accepts existing IAM role (#2587) (eb35807), closes #2572
aws-ecs: add ECS/Fargate QueueWorkerService constructs (#2568) (7dd0e1a)
aws-ecs: include GPU & ARM based ECS optimized AMI options (#2453) (45abfcd)
aws-ecs-patterns: add ScheduledEc2Task L3 construct (#2336) (b9cbb6a)
cdk: support encoding Tokens as numbers (#2534) (b9eeaa0), closes #1455
cli: Add javascript for init-templates/app (#2525) (2c5676a), closes #398
cli: add javascript init-templates 'sample-app' (#2535) (67960f8)
codebuild: add support for local cache modes (#2529) (e7ad990), closes #1956
codebuild: rename standard 1.0 image and add standard 2.0 image (#2541) (e4e24ab), closes #2306
config: AWS Config, Managed and Custom rules (#2326) (deed353)
ecs: allow to specify log retention for aws log driver (#2511) (1feda0c)
events: group CW Event Targets in module (#2576) (7cb8e5e), closes #2403 #2404 #2581
lambda: add NodeJS10x runtime (#2544) (553577a)
s3: add MetricsConfiguration Property to S3 Bucket (#2163) (1cc43b3)
stepfunctions: add service integrations (#1646) (e4ac767)
stepfunctions: ExecutionTime metric (#2498) (84fda45)
toolkit: allow to pass build args to docker build (#2604) (c51596e)
toolkit: show when new version is available (#2484) (6cf4bd3), closes #297

BREAKING CHANGES TO EXPERIMENTAL FEATURES

route53-targets: using a CloudFront Distribution or an ELBv2 Load Balancer as an Alias Record Target now requires an integration object from the @aws-cdk/aws-route53-targets package.
s3: The IBucket.arnForObject method no longer concatenates path fragments on your behalf. Pass the /-concatenated key pattern instead.
All export methods from all AWS resources have been removed. CloudFormation Exports are now automatically created when attributes are referenced across stacks within the same app. To export resources manually, you can explicitly define a CfnOutput.
kms: kms.EncryptionKey renamed to kms.Key
ec2: ec2.VpcNetwork renamed to ec2.Vpc
ec2: ec2.VpcSubnet renamed to ec2.Subnet
cloudtrail: cloudtrail.CloudTrail renamed tocloudtrail.Trail`
Deleted a few XxxAttribute and XxxImportProps interfaces which were no longer in used after their corresponding export method was deleted and there was no use for them in imports.
ecs: ecs.ClusterAttributes now accepts IVpc and ISecurityGroup instead of attributes. You can use their corresponding fromXxx methods to import them as needed.
servicediscovery: servicediscovery.CnameInstance.instanceCname renamed to cname.
glue: glue.IDatabase.locationUrl is now only in glue.Database (not on the interface)
ec2: ec2.TcpPortFromAttribute and UdpPortFromAttribute removed. Use TcpPort and UdpPort with new Token(x).toNumber instead.
ec2: ec2.VpcNetwork.importFromContext renamed to ec2.Vpc.fromLookup
iam: iam.IRole.roleId has been removed from the interface, but Role.roleId is still available for owned resources.
codedeploy: the type of the loadBalancer property in ServerDeploymentGroupProps has been changed.
apigateway: apigateway.ResourceBase.trackChild is now internal.
cloudfront: cloudfront.S3OriginConfig.originAccessIdentity is now originAccessIdentityId
codedeploy: codedeploy.LambdaDeploymentGroup.alarms is now cloudwatch.IAlarm[] (previously cloudwatch.Alarm[])
codepipeline: codepipeline.crossRegionScaffoldingStacks renamed to crossRegionScaffolding
codepipeline: codepipeline.CrossRegionScaffoldingStack renamed to codepipeline.CrossRegionScaffolding and cannot be instantiated (abstract)
ec2: ec2.VpcSubnet.addDefaultRouteToNAT renamed to addDefaultNatRoute and made public
ec2: ec2.VpcSubnet.addDefaultRouteToIGW renamed to addDefaultInternetRoute, made public and first argument is the gateway ID (string) and not the CFN L1 class
ecs: ecs.Ec2EventRuleTarget.taskDefinition is now ITaskDefinition (previously TaskDefinition)
lambda: lambda.IEventSource.bind now accepts IFunction instead of FunctionBase. Use IFunction.addEventSourceMapping to add an event source mapping under the function.
lambda: lambda.Layer.grantUsage renamed to lambda.layer.addPermission and returns void
stepfunctions: stepfunctions.StateMachine.role is now iam.IRole (previously iam.Role)
cloudwatch-events: the events API has been significantly re-worked
- ⚠️ This new API is still being discussed (see #2609) and might change again in the next release!
- All onXxx() CloudWatch Event methods now have the signature:
```
resource.onEvent('SomeId', {
    target: new SomeTarget(...),
    // options
});
```
- CloudWatch:
  - onAlarm was renamed to addAlarmAction
  - onOk was renamed to addOkAction
  - onInsufficientData was renamed to addInsufficientDataAction
- AutoScaling:
  - onLifecycleTransition was renamed to addLifecycleHook
- LambdaDeploymentGroup
  - onPreHook was renamed to addPreHook
  - onPostHook was renamed to addPostHook
- UserPool:
  - all onXxx were renamed to addXxxTrigger
- Repository:
  - onImagePushed was renamed to onCloudTrailImagePushed
- Bucket:
  - onEvent was renamed to addEventNotification
  - onObjectCreated was renamed to addObjectCreatedNotification
  - onObjectRemoved was renamed to addObjectRemovedNotification
  - onPutObject was renamed to onCloudTrailPutObject

0.31.0 (2019-05-06)

Bug Fixes

aws-ecs: expose readonly service on LoadBalancedEc2Service (#2395) (52af870), closes #2378
ecs: correct logic of healthcheck command (#2462) (fa29d3b), closes #2461
ecs: fix memoryReservationLimit in LoadBalancedEcsService (#2463) (6b50927), closes #2263
lambda: allow grantInvoke with principals (#2391) (b3792aa)
update jsii to 0.10.5 (#2482) (e4ec30a)
update jsii to v10.0.4 (#2479) (1df4e2d), closes #2478

Code Refactoring

convert "import" to "from" methods (#2456) (862ed7b), closes #2450 #2428 #2424 #2429 #2425 #2422 #2423 #89

Features

bootstrap: allow specifying the toolkit staging bucket name (#2407) (3bfc641), closes #2390
codebuild: add webhook Filter Groups. (#2319) (fd74d07), closes #1842
elbv2: add fixed response support for application load balancers (#2328) (750bc8b)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

all Foo.import static methods are now Foo.fromFooAttributes
all FooImportProps structs are now called FooAttributes
stepfunctions.StateMachine.export has been removed.
ses.ReceiptRule.name is now ses.ReceiptRule.receiptRuleName
ses.ReceiptRuleSet.name is now ses.ReceiptRuleSet.receiptRuleSetName
secretsmanager.AttachedSecret is now called secretsmanager.SecretTargetAttachment to match service semantics
ecr.Repository.export has been removed
s3.Bucket.bucketUrl is now called s3.Bucket.bucketWebsiteUrl
lambda.Version.functionVersion is now called lambda.Version.version
ec2.SecurityGroup.groupName is now ec2.SecurityGroup.securityGroupName
cognito.UserPoolClient.clientId is now cognito.UserPoolClient.userPoolClientId
apigateway.IRestApiResource is now apigateway.IResource
apigateway.IResource.resourcePath is now apigateway.IResource.path
apigateway.IResource.resourceApi is now apigateway.IResource.restApi

0.30.0 (2019-05-02)

Bug Fixes

cdk-dasm: fix bin for cdk-dasm (#2383) (760f518)

Code Refactoring

awslint: construct-base-is-private, resource-attribute (#2349) (973b506), closes #2426 #2409

Features

cdk-test: check API compatibility (#2356) (1642925), closes #145
codepipeline: allow creation of GitHub Pipelines without source trigger (#2332) (ed39a8c)
elbv2: add TLS listener for NLB (#2122) (71d694f)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

s3.Bucket.domainName renamed to s3.Bucket.bucketDomainName.
codedeploy.IXxxDeploymentConfig.deploymentConfigArn is now a property and not a method.
ec2.SecurityGroupBase is now private
ec2.VpcNetworkBase is now private
kinesis.StreamBase is now private
kms.EncryptionKeyBase is now private
logs.LogGroupBase is now private
ssm.ParameterBase is now private
eks.ClusterBase is now private
codebuild.ProjectBase is now private
codecommit.RepositoryBase is now private
codedeploy.ServerDeploymentGroupBase is now private
eks.ClusterBase is now private
lambda.LayerVersionBase is now private
rds.DatabaseClusterBase is now private
secretsmanager.SecretBase is now private
ses.ReceiptRuleSetBase is now private
codepipeline: the pollForSourceChanges property in GitHubSourceAction has been renamed to trigger, and its type changed from a boolean to an enum.

0.29.0 (2019-04-24)

Bug Fixes

acm: enabled validation of certificates on the zone name (#2133) (f216f96)
aws-apigateway: add integrationHttpMethod prop to AwsIntegration (#2160) (dfc6665), closes #2105
aws-cloudwatch: remove workaround on optional DashboardName (6c73d8a), closes #213
aws-ecs: fix default daemon deploymentConfig values (#2210) (c2e806b), closes #2209
aws-ecs: handle long ARN formats for services (#2176) (66df1c8), closes #1849
aws-lambda: fix circular dependency with lambda and codedeploy (#2236) (382da6a)
certificatemanager: remove bundled lambda devdependencies (#2186) (6728b41)
codebuild: add validation for Source when the badge property is true (#2242) (07812b2), closes #1749
core: allow CfnMapping.findInMap to use pseudo functions/params (#2220) (464cb6f), closes #1363
core: Use different symbol for Stack.isStack versus CfnReference.isCfnReference (#2305) (c1e41ed)
decdk: set the timeout in the schema tests to 10 seconds. (#2250) (8521b6f)
dynamodb: remove global secondary index limit (#2301) (43afa3a), closes #2262
ecr: Fix typo in ImportRepository error message (#2217) (b7c9b21)
elasticloadbalancingv2: dependency between ALB and logging bucket (#2221) (99e085d), closes #1633
java-app-template: invoke app.run() (#2300) (47ff448), closes #2289 awslabs/jsii#456
lambda: avoid OperationAbortedException when using log retention (#2237) (12a118c)
s3: Add validations for S3 bucket names (#2256) (f810265), closes #1308
servicediscovery: allow to register multiple instances on a service (#2207) (9f88696)
toolkit: don't fail when terminal width is 0 (#2355) (9c2220c), closes #2253
toolkit: fix broken confirmation prompt (#2333) (4112c84)
toolkit: options requiring arguments fail if not supplied (#2197) (0f6ce56), closes #2192
toolkit: remove metadata warning if region does not have resource (#2216) (22ed67c)
toolkit: stop 'cdk doctor' from printing AWS_ variables (#2357) (6209c6b), closes #1931
codebuild: remove oauthToken property from source (#2252) (8705af3), closes #2252 #2199
aws-ec2: correct InstanceSize.Nano spelling (#2215) (d22a154), closes #2215 #2214

Features

aws-dynamodb-global: global dynamodb tables (experimental) (#2251) (ec367c8)
aws-events-targets: centralized module for cloudwatch event targets (#2343) (1069938)
cdk-dasm: generate cdk code from cloudformation (#2244) (b707782)
cloudwatch: add support for time ranges in dashboards (#2248) (18c1723)
codebuild: add support for more images (#2233) (87b1ea0), closes #2079
codepipeline: add ECS deploy Action. (#2050) (d46b814), closes #1386
codepipeline: change to stand-alone Artifacts. (#2338) (b778e10)
codepipeline: make the default CodePipeline Bucket have an encryption key (#2241) (ef9bba5), closes #1924
core: verify CfnOutput has a value and fix VPC export (#2219) (9e87661), closes #2012
events-targets: LambdaFunction (#2350) (48d536b), closes #1663
ec2: add support for vpc endpoints (#2104) (bbb3f34)
lambda: introduce a new kind of Code, CfnParametersCode. (#2027) (4247966)
cfnspec: update CloudFormation resources to v2.30.0 (#2239) (aebcde5)
toolkit: stage assets under .cdk.assets (#2182) (2f74eb4), closes #1716 #2096

BREAKING CHANGES TO EXPERIMENTAL FEATURES

cloudwatch: Renamed MetricCustomization to MetricOptions.
codepipeline: CodePipeline Actions no longer have the outputArtifact and outputArtifacts properties.
codepipeline: inputArtifact(s) and additionalInputArtifacts properties were renamed to input(s) and extraInputs.
codepipeline: outputArtifactName(s) and additionalOutputArtifactNames properties were renamed to output(s) and extraOutputs.
codepipeline: The classes CodeBuildBuildAction and CodeBuildTestAction were merged into one class CodeBuildAction.
codepipeline: The classes JenkinsBuildAction and JenkinsTestAction were merged into one class JenkinsAction.
events-targets: lambda.Function no longer implements IEventRuleTarget. Instead, use @aws-cdk/aws-events-targets.LambdaFunction.
aws-events-targets: sns.Topic no longer implements IEventRuleTarget. Use @aws-cdk/aws-events-targets.SnsTopic instead.
codebuild: codebuild.Project no longer implements IEventRuleTarget. Use @aws-cdk/aws-events-targets.CodeBuildProject.
core: the cdk.Root construct has been removed. Use cdk.App instead.
stepfunctions: In stepfunctions.WaitProps: the props seconds, timestamp, secondsPath and timestampPath are now duration of a union-like class WaitDuration (e.g. duration: WaitDuration.seconds(n))
codedeploy: In codedeploy.ServerDeploymentConfigProps: the props minHealthyHostCount and minHealthyHostPercentage are now minimumHealthyHosts of union-like class MinimumHealthyHosts (e.g. minimumHealthyHosts: MinimumHealthyHosts.percentage(50))
cloudformation: In cloudformation.CustomResourceProps: the props topicProvider and lambdaProvider are now provider of union-like class CustomResourceProvider (e.g. CustomResourceProvider.lambda(fn)
cloudformation: cloudformation.CustomResource no longer extends CfnCustomResource.
ssm: ssm.ParameterProps renamed to ssm.ParameterOptions.
codepipeline: customers who use GitHub, GitHubEnterprise or Bitbucket as source will need to remove the oauthToken field as it's no longer available.
codebuild: change the default image from UBUNTU_14_04_BASE to UBUNTU_18_04_STANDARD.
ec2: aws-ec2.InstanceSize.None was renamed to InstanceSize.Nano
ec2: * vpc.selectSubnetIds(...) has been replaced with vpc.selectSubnets(...).subnetIds.
You will not be able to combine jsii libraries written against previous versions of jsii with this version of the CDK.

0.28.0 (2019-04-04)

Bug Fixes

aws-ecs: use executionRole for event rule target (#2165) (aa6f7bc), closes #2015
core: remove cdk.Secret (#2068) (b53d04d), closes #2064

feat(aws-iam): refactor grants, add OrganizationPrincipal (#1623) (1bb8ca9), closes #1623 #236

Code Refactoring

cdk: introduce SecretValue to represent secrets (#2161) (a3d9f2e)

Features

codepipeline: move all of the Pipeline Actions to their dedicated package. (#2098) (b314ecf)
codepipeline: re-factor the CodePipeline Action bind method to take a Role separately from the Pipeline. (#2085) (ffe0046)
ec2: support reserving IP space in VPCs (#2090) (4819ff4)
Add python support to cdk init (#2130) (997dbcc)
ecs: support AWS Cloud Map (service discovery) (#2065) (4864cc8), closes #1554
lambda: add a newVersion method. (#2099) (6fc179a)
update CloudFormation resource spec to v2.29.0 (#2170) (ebc490d)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

The secretsmanager.SecretString class has been removed in favor of cdk.SecretValue.secretsManager(id[, options])
The following prop types have been changed from string to cdk.SecretValue: codepipeline-actions.AlexaSkillDeployAction.clientSecret, codepipeline-actions.AlexaSkillDeployAction.refreshToken, codepipeline-actions.GitHubSourceAction.oauthToken, iam.User.password
secretsmanager.Secret.stringValue and jsonFieldValue have been removed. Use secretsmanage.Secret.secretValue and secretJsonValue instead.
secretsmanager.Secret.secretString have been removed. Use cdk.SecretValue.secretsManager() or secretsmanager.Secret.import(..).secretValue.
The class cdk.Secret has been removed. Use cdk.SecretValue instead.
The class cdk.DynamicReference is no longer a construct, and it's constructor signature was changed and was renamed cdk.CfnDynamicReference.
grant(function.role) and grant(project.role) are now grant(function) and grant(role).
core: Replace use of cdk.Secret with secretsmanager.SecretString (preferred) or ssm.ParameterStoreSecureString.
codepipeline: this changes the package of all CodePipeline Actions to be aws-codepipeline-actions.
codepipeline: this moves all classes from the aws-codepipeline-api package to the aws-codepipeline package.
codepipeline: this changes the CodePipeline Action naming scheme from <service>.Pipeline<Category>Action (s3.PipelineSourceAction) to codepipeline_actions.<Service><Category>Action (codepipeline_actions.S3SourceAction).

0.27.0 (2019-03-28)

Highlights

Python support (experimental)
You can now run the CLI through npx cdk
Make sure to go through the BREAKING CHANGES section below

Bug Fixes

autoscaling: verify public subnets for associatePublicIpAddress (#2077) (1e3d41e)
ec2: descriptive error message when selecting 0 subnets (#2025) (0de2206), closes #2011
lambda: use Alias ARN directly (#2091) (bc40494)
rds: remove Instance class (#2081) (6699fed)
secretsmanager: allow templated string creation (#2010) (4e105a3)
secretsmanager/ssm: verify presence of parameter name (#2066) (b93350f)
serverless: rename aws-serverless to aws-sam (#2074) (4a82f13)
stepfunctions: make Fail.error optional (#2042) (86e9d03)

Code Refactoring

readonly struct properties and hide internals (#2106) (66dd228), closes awslabs/cdk-ops#321

Features

toolkit:: new 'cdk' package to allow executing the cli through npx cdk (#2113) (32bca05)
Python Support (#2009) (e6083fa)
core: present reason for cyclic references (#2061) (e82e208)
lambda: add support for log retention (#2067) (63132ec), closes #667 #667
rds: cluster retention, reference KMS key by object (#2063) (99ab46d)
secretsmanager/rds: support credential rotation (#2052) (bf79c82)
toolkit: introduce the concept of auto-deployed Stacks. (#2046) (abacc66)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

lambda: cloudWatchLogsRetentionTimeDays in @aws-cdk/aws-cloudtrail now uses a logs.RetentionDays instead of a LogRetention.
core: stack._toCloudFormation method is now unavailable and is replaced by @aws-cdk/assert.SynthUtils.toCloudFormation(stack).
rds: replaced kmsKeyArn: string by kmsKey: kms.IEncryptionKey in DatabaseClusterProps
autoscaling: VpcNetwork.isPublicSubnet() has been renamed to VpcNetwork.isPublicSubnetIds().
serverless: renamed aws-serverless to aws-sam
ec2: vpcPlacement has been renamed to vpcSubnets on all objects, subnetsToUse has been renamed to subnetType. natGatewayPlacement has been renamed to natGatewaySubnets.
All properties of all structs (interfaces that do not begin with an "I") are now readonly since it is passed by-value and not by-ref (Python is the first language to require that). This may impact code in all languages that assumed it is possible to mutate these structs. Let us know if this blocks you in any way.

0.26.0 (2019-03-20)

Bug Fixes

aws-cdk: fix VpcNetwork.importFromContext() (#2008) (e1a1a7b), closes #1998
aws-cdk: update F# template to latest CDK version (#2006) (bda12f2)
cdk: merge cloudFormation tags with aspect tags (#1762) (bfb14b6), closes #1725
cfn2ts: properly de-Tokenize L1 string-arrays (#2033) (1e50383), closes #2030
core: allow embedding condition expression as strings (#2007) (6afa87f), closes #1984
ecs: make TaskDefinition accept IRoles (#2034) (f32431a), closes #1925
lambda: expose underlying function's role on the alias (#2024) (de296de)
stepfunctions: Actually perform rendering of NotCondition (06b59d9)
toolkit: 'cdk deploy' support updates to Outputs (#2029) (23509ae), closes #778
toolkit: increase number of retries (#2053) (133dc98), closes #1647
rename core classes adding a Cfn prefix (#1960) (5886bf6), closes #1462 #288

Code Refactoring

name "toCloudFormation" internal (renamed to _toCloudFormation) (#2047) (515868b), closes #2044 #2016

Features

aws-cdk: support fixed repository name for DockerImageAsset (#2032) (942f938)
aws-rds: ability to add an existing security group to RDS cluster (#2021) (1f24336)
cfn2ts: make cfn2ts output TSDoc-compatible docblocks (#2000) (c6c66e9)
cfnspec: update to version 2.28.0 (#2035) (6a671f2)
cloudformation: allow specifying additional inputs for deploy Actions (#2020) (2d463be), closes #1247
core: can use Constructs to model applications (#1940) (32c2377), closes #1479
ecs: support private registry authentication (#1737) (11ed691), closes #1698
glue: add L2 resources for Database and Table (#1988) (3117cd3)
region-info: Model region-specific information (#1839) (946b444), closes #1282
servicediscovery: AWS Cloud Map construct library (#1804) (1187366)
ses: add constructs for email receiving (#1971) (3790858)
add more directories excluded and treated as source in the JetBrains script. (#1961) (a1df717)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

“toCloudFormation” is now internal and should not be called directly. Instead use “app.synthesizeStack”
ecs: ContainerImage.fromDockerHub has been renamed to ContainerImage.fromRegistry.
rename Condition to CfnCondition.
rename StackElement to CfnElement.
rename Parameter to CfnParameter.
rename Resource to CfnResource.
rename Output to CfnOutput.
rename Mapping to CfnMapping.
rename Referenceable to CfnRefElement.
rename IConditionExpression to ICfnConditionExpression.
rename CfnReference to Reference.
rename Rule to CfnRule.

0.25.3 (2019-03-12)

Bug Fixes

aws-cloudtrail: correct created log policy when sendToCloudWatchLogs is true (#1966) (f06ff8e)
aws-ec2: All SSM WindowsVersion entries (#1977) (85a1840)
decdk: relax validation when not using constructs (#1999) (afbd591)

Features

core: add fsharp init-template (#1912) (dfefb58)
ec2: vpn metrics (#1979) (9319e13)

0.25.2 (2019-03-07)

Bug Fixes

awslint: Don't fail if the @aws-cdk/cdk module is not present (#1953) (929e854)
cdk-integ: Update cdk-integ to use new context file (#1962) (dbd2401)
cloudfront: allow IBucket as CloudFront source (855f1f5), closes #1946
cloudfront: pass viewerProtocolPolicy to the distribution's behaviors (#1932) (615ecd4)
eks: remove 'const' from NodeType enum (#1970) (ac52989), closes #1969
init: update the C# init sample with the new App API (#1919) (02f991d)

Features

aws-certificatemanager: add DNSValidatedCertificate (#1797) (ae8870d), closes #605
aws-ecs: add Fargate version 1.3.0 (#1968) (b529ad7)
core: democratize synthesis and introduce artifacts (#1889) (4ab1cd3), closes #1716 #1893
ec2: add support for vpn connections (#1899) (e150648), closes awslabs/jsii#231
toolkit: add '--reuse-asset' option (#1918) (1767b61), closes #1916

0.25.1 (2019-03-04)

Bug Fixes

toolkit: fix context passed in from command-line (#1939) (bec4a02), closes #1911

0.25.0 (2019-02-28)

Bug Fixes

toolkit: Don't collect runtime information when versionReporting is disabled (#1890) (f827a88)
aws-codepipeline: update CFN example. (#1653) (5dec01a)
aws-s3-deployment: add setup.cfg to fix pip install bug on mac (#1826) (759c708)
cdk: move apply() from Construct to ConstructNode (#1738) (642c8a6), closes #1732
cloudtrail: addS3EventSelector does not expose all options (#1854) (5c3431b), closes #1841
cloudtrail: Invalid resource for policy when using sendToCloudWatchLogs (#1851) (816cfc0), closes #1848
cloudwatch: fix name of 'MetricAlarmProps' (#1765) (c87f09a), closes #1760
codebuild: accept IRole instead of Role (#1781) (f08ca15), closes #1778
codedeploy: LambdaDeploymentGroup now takes IRole (#1840) (f6adb7c), closes #1833
codepipeline: allow providing Tokens as the physical name of the Pipeline. (#1800) (f6aea1b), closes #1788
core: improve error message if construct names conflict (#1706) (0ea4a78)
core: performance improvements (#1750) (77b516f)
ecs: rename capacity adding methods (#1715) (e3738ac)
elbv2: explicitly implement IApplicationTargetGroup (#1806) (828a2d7), closes #1799
init: add new parameter to C# example (#1831) (c7b99d8)
kms: have EncryptionKeyBase implement IEncryptionKey (#1728) (49080c6)
lambda: Add 'provided' runtime (#1764) (73d5bef), closes #1761
lambda: add region check for environment variables (#1690) (846ed9f)
ssm: Generate correct SSM Parameter ARN (#1726) (39df456)
toolkit: correctly reset context from the shell command (#1903) (58025c0)
toolkit: correcty load cdk.json file without context (#1900) (7731565)
toolkit: ignore hidden files for 'cdk init' (#1766) (afdd173), closes #1758
toolkit: only fail if errors are on selected stacks (#1807) (9c0cf8d), closes #1784 #1783
toolkit: support diff on multiple stacks (#1855) (72d2535)
build: Npm ignores files and folders named "core" by default (#1767) (42876e7), closes npm/npm-packlist#24
core: stack.partition is never scoped (#1763) (c968588)

Features

apigateway: add support for MethodResponse to aws-apigateway. (#1572) (46236d9)
autoscaling: bring your own IAM role (#1727) (2016b8d), closes #1701
aws-eks: add construct library for EKS (#1655) (22fc8b9), closes #991
cfnspec: manually add VPCEndpointService (#1734) (f782958), closes #1659
codebuild: add support for setting the gitCloneDepth property on Project sources. (#1798) (5408a53), closes #1789
core: Add construct.node.stack attribute (#1753) (a46cfd8), closes #798
dynamodb: partitionKey and sortKey are now immutable (#1744) (63ae0b4)
ecs: allow ECS to be used declaratively (#1745) (2480f0f), closes #1618
kms: Allow opting out of "Retain" deletion policy (#1685) (7706302)
lambda: allow specify event sources in props (#1746) (a84157d)
lambda-event-sources: "api" event source (#1742) (5c11680)
route53: Convenience API for creating zone delegations (#1853) (f974531), closes #1847
sns: Support raw message delivery (#1827) (cc0a28c)
ssm: allow referencing "latest" version of SSM parameter (#1768) (9af36af), closes #1587
toolkit: improve docker build time in CI (#1776) (1060b95), closes #1748
codepipelines: re-structure the CodePipeline Construct library API. (#1590) (3c3db07)
decdk: Prototype for declarative CDK (decdk) (#1618) (8713ac6)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

cloudtrail: The CloudTrail.addS3EventSelector accepts an options object instead of only a ReadWriteType value.
codedeploy: If an existing role is provided to a LambdaDeploymentGroup, you will need to provide the assuming service principal (codedeploy.amazonaws.com) yourself.
core:$$** 'Aws' class returns unscoped Tokens, introduce a new class 'ScopedAws' which returns scoped Tokens.
ssm: Rename parameter.valueAsString => parameter.stringValue, rename parameter.valueAsList => parameter.stringListValue, rename ssmParameter.parameterValue => ssmParameter.stringValue or ssmParameter.stringListValue depending on type, rename secretString.value => secretString.stringValue, rename secret.toSecretString() =>secret.secretString
cloudwatch: Rename 'MetricAarmProps' => 'MetricAlarmProps'.
core: Stack.find(c) and Stack.tryFind(c) were replaced by c.node.stack.
dynamodb: partitionKey is now a required property when defining a dynamodb.Table. The addPartitionKey and addSortKey methods have been removed.
cdk: Tag aspects use this feature and any consumers of this implementation must change from myConstruct.apply( ... ) to myConstruct.node.apply( ... ).
ecs: Rename 'addDefaultAutoScalingGroupCapacity' => 'addCapacity', 'addAutoScalingGroupCapacity' => 'addAutoScalingGroup'.
codepipelines: the CodePipeline Stage class is no longer a Construct, and cannot be instantiated directly, only through calling Pipeline#addStage; which now takes an Object argument instead of a String.
codepipelines: the CodePipeline Actions are no longer Constructs.
codepipelines: the CodePipeline Action name is now part of the Action props, instead of being a separate parameter.
codepipelines: the Pipeline#addToPipeline methods in Resources like S3, CodeBuild, CodeCommit etc. have been renamed to toCodePipelineAction.
aws-eks: For AutoScalingGroup, renamed minSize => minCapacity, maxSize => maxCapacity, for consistency with desiredCapacity and also Application AutoScaling. For ECS's addDefaultAutoScalingGroupCapacity(), instanceCount => desiredCapacity and the function now takes an ID (pass "DefaultAutoScalingGroup" to avoid interruption to your deployments).

0.24.1 (2019-02-07)

Bug Fixes

reference documentation is missing (8fba8bc)

0.24.0 (2019-02-06)

Bug Fixes

aws-ecs: correctly sets MinimumHealthyPercentage to 0 (#1661) (ce5966f), closes #1660
cdk: only make Outputs Exports when necessary (#1624) (ebb8aa1), closes #903 #1611
elbv2: fix specifying TargetGroup name (#1684) (1d7198a), closes #1674
sns: create subscription object under subscriber (#1645) (0cc11ca), closes #1643 #1534

Features

aws-s3: add option to specify block public access settings (#1664) (299fb6a)
cdk: aspect framework and tag implementation (#1451) (f7c8531), closes #1136 #1497 #360
cdk: metric functions now automatically generated (#1617) (36cfca8)
cognito: Implement user pool and user pool client constructs (#1615) (8e03ed6)
core: overrideLogicalId: override IDs of CFN elements (#1670) (823a1e8), closes #1594
secretsmanager: L2 construct for Secret (#1686) (8da9115)
serverless: add AWS::Serverless::Application to CFN spec (#1634) (bfa40b1)
ssm: Add L2 resource for SSM Parameters (#1515) (9858a64)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

cdk: if you are using TagManager the API for this object has completely changed. You should no longer use TagManager directly, but instead replace this with Tag Aspects. cdk.Tag has been renamed to cdk.CfnTag to enable cdk.Tag to be the Tag Aspect.

0.23.0 (2019-02-04)

Bug Fixes

apig: Move selectionPattern to integrationResponses (#1636) (7cdbcec), closes #1608
aws-cdk: Improvements to IAM diff rendering (#1542) (3270b47), closes #1458 #1495 #1549
aws-cdk: Java init template works on Windows (#1503) (24f521a)
sns: create subscription object under subscriber (5c4a9e5), closes #1643 #1534
Improve error message in SSMParameterProvider (#1630) (6a8e010), closes #1621
aws-ec2: CfnNetworkAclEntry.CidrBlock should be optional (#1565) (4af7c0d), closes #1517
aws-ec2: change maxAZs default for VPCs to 3 (#1543) (32a4b29), closes #996
aws-events: ergonomics improvements to CloudWatch Events (#1570) (5e91a0a), closes #1514 #1198 #1275
aws-s3-deployment: clean up tempfiles after deployment (#1367) (e291d37)
dynamodb: grant also gives access to indexes (#1564) (33c2a6d), closes #1540
Report stack metadata in assertions (#1547) (c2d17f5)

Features

alexa-ask: Add deploy action for Alexa (#1613) (0deea61)
apigateway: support function alias in LambdaIntegration (9f8bfa5)
app: add source map support to TS app template (#1581) (5df22d9), closes #1579
autoscaling: Support AssociatePublicIpAddress (#1604) (23c9afc), closes #1603
aws-codepipeline: support setting a Role for a CFN Action (#1449) (77fe077)
aws-ecs: add additional configuration to Volume (#1357) (ff96f3f)
aws-ecs: add support for Event Targets (#1571) (aa68db5), closes #1370
aws-ecs: ECS service scaling on ALB RequestCount (#1574) (2b491d4)
aws-s3: add the option to not poll to the CodePipeline Action. (#1260) (876b26d)
cdk: Support UpdateReplacePolicy on Resources (#1610) (f49c33b)
cdk: treat the "fake" CFN intrinsics (Fn::GetArtifactAtt, Fn::GetParam) specially when stringifying JSON. (#1605) (2af2426), closes #1588
cfnspec: Upgrade to CFN Resource Specification v2.21.0 (#1622) (21a5529)
cloudwatch: Support 'datapointsToAlarm' on Alarms (#1631) (828ac20), closes #1626
core: Generalization of dependencies (#1583) (53e68257)
ecs: environment variables for LoadBalancedXxxService (#1537) (b633505)
ecs: VPC link for API Gatweay and ECS services (#1541) (6642ca2)
iam: Make roleName available on IRole (#1589) (9128390)
lambda: reserved concurrent executions (#1560) (f7469c1)
lambda: Support AWS Lambda Layers (#1411) (036cfdf)
s3: Add DeployAction for codepipeline (#1596) (8f1a5e8)
s3: export bucket websiteURL (#1521) (#1544) (4e46d3c)
s3: imported bucket format option for website URL format (#1550) (28a423d)
toolkit: disable colors if a terminal is not attached to stdout (#1641) (58b4685)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

aws-codepipeline: the role property in the CloudFormation Actions has been renamed to deploymentRole.
aws-codepipeline: the role property in the app-delivery package has been renamed to deploymentRole.

0.22.0 (2019-01-10)

This is a major release with multiple breaking changes in the core layers. Please consult the breaking changes section below for details.

We are focusing these days on finalizing the common patterns and APIs of the CDK framework and the AWS Construct Library, which is why you are seeing all these breaking changes. Expect a few more releases with changes of that nature as we stabilize these APIs, so you might want to hold off with upgrading. We will communicate when this foundational work is complete.

Bug Fixes

core: automatic cross-stack refs for CFN resources (#1510) (ca5ee35)
ecs: correct typo and other minor mistakes in ecs readme (#1448) (9c91b20)
elbv2: unable to specify load balancer name (#1486) (5b24583), closes #973 #1481
lambda: use IRole instead of Role to allow imports (#1509) (b909dcd)
toolkit: fix typo in --rename option description (#1438) (1dd56d4)
toolkit: support multiple toolkit stacks in the same environment (#1427) (095da14), closes #1416

Features

apigateway: add tracingEnabled property to APIGW Stage (#1482) (fefa764)
assets: enable local tooling scenarios such as lambda debugging (#1433) (0d2b633), closes #1432
aws-cdk: better stack dependency handling (#1511) (b4bbaf0), closes #1508 #1505
aws-codepipeline: jenkins build and test actions (#1216) (471e8eb)
aws-codepipeline: support notifications on the ManualApprovalAction (#1368) (068fa46), closes #1222
aws-ecs: add support Amazon Linux 2 (#1484) (82ec0ff), closes #1483
aws-kms: allow tagging kms keys (#1485) (f43b4d4)
aws-lambda: add input and output artifacts to the CodePipeline action (#1390) (fbd7728), closes #1384
cdk: transparently use constructs from another stack (d7371f0), closes #1324
cli: allow specifying options using env vars (#1447) (7cd84a0)
aws resource api linting (breaking changes) (#1434) (8c17ca7), closes #742 #1428
core: cloudformation condition chaining (#1494) (2169015), closes #1457
diff: better diff of arbitrary json objects (#1488) (607f997)
route53: support cname records (#1487) (17eddd1), closes #1420
step-functions: support parameters option (#1492) (935054a), closes #1480
core: construct base class changes (breaking) (#1444) (fb22a32), closes #1431 #1441 #189 #1441 #1431
core: idiomize cloudformation intrinsics functions (#1428) (04217a5), closes #202
cloudformation: no more generated attribute types in CFN layer (L1) (#1489) (4d6d5ca), closes #1455 #1406
cloudformation: stop generating legacy cloudformation resources (#1493) (81b4174)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

Cross-stack references: if you are using export() and import() to share constructs between stacks, you can stop doing that, instead of FooImportProps accept an IFoo directly on the consuming stack, and use that object as usual.
ArnUtils.fromComponents() and ArnUtils.parse() have been moved onto Stack.
All CloudFormation pseudo-parameter (such as AWS::AccountId etc) are now also accessible via Stack, as stack.accountId etc.
All CloudFormation intrinsic functions are now represented as static methods under the Fn class (e.g. Fn.join(...) instead of new FnJoin(...).toString())
resolve() has been moved to this.node.resolve().
CloudFormationJSON.stringify() has been moved to this.node.stringifyJson(). validate() now should be protected.
The deprecated cloudformation.XxxResource classes have been removed. Use the CfnXxx classes instead.
Any CfnXxx resource attributes that represented a list of strings are now typed as string[]s (via #1144). Attributes that represent strings, are still typed as string (#712) and all other attribute types are represented as cdk.Token.
route53: The route53.TXTRecord class was renamed to route53.TxtRecord.
route53: record classes now require a zone when created (not assuming zone is the parent construct).
lambda: the static "metric" methods moved from lambda.FunctionRef to lambda.Function.
Many AWS resource classes have been changed to conform to API guidelines:
- XxxRef abstract classes are now IXxx interfaces
- XxxRefProps are now XxxImportProps
- XxxRef.import(...) are now Xxx.import(...) accept XxxImportProps and return IXxx
- export(): XxxImportProps is now defined in IXxx and implemented by imported resources

0.21.0 (2018-12-20)

Bug Fixes

aws-cloudformation: change the type of Role in CodePipeline Actions to IRole. (#1364) (3d07e48), closes #1361
codebuild: Rename includeBuildID property of S3BucketBuildArtifacts (#1354) (84eb7ad), closes #1347
toolkit: scrutiny dialog should fail with no tty (#1382) (478a714), closes #1380

Features

aws-codebuild: change the API of GitHub and BitBucket Sources. (#1345) (9cebf0d)
add "engines.node" key to all packages (#1358) (b595cf0), closes #1337
deprecate "cloudformation" namespace in favor of "CfnXxx" (#1311) (d20938c), closes #878 awslabs/jsii#283 awslabs/jsii#270
update CloudFormation resources v2.18.0 (#1407) (0f80b56), closes #1409
aws-codebuild: allow setting Webhook for GitHub Sources. (#1387) (d5cae61)
aws-ec2: can now use PrefixList in ingress rules (#1360) (c3cfcd5)
aws-iam: configure ExternalId for Role (#1359) (3d200c9), closes #235
aws-lambda: Add python 3.7 runtime (#1379) (8c733ef)
cdk: add the CodeDeployLambdaAlias Update Policy. (#1346) (d648b58), closes #1177
core: convert "/" in construct id to "--" and disallow tokens (#1375) (011aac0), closes #1351 #1374
iam: CompositePrincipal and allow multiple principal types (#1377) (b942ae5), closes #1201

BREAKING CHANGES TO EXPERIMENTAL FEATURES

aws-cloudformation: this changes the type of the role property in CFN CodePipeline Actions from Role to IRole. This is needed to use imported Roles when creating Actions.
aws-codebuild: this changes the API of CodeBuild's GitHub and BitBucket Sources to take an owner/repo pair instead of an entire cloneUrl, to make it consistent with the GitHubSourceAction in the CodePipeline package. Also adds handling the reportBuildStatus and insecureSsl Source properties.
codebuild: the includeBuildID property of S3BucketBuildArtifacts was renamed to includeBuildId (note the lower-case trailing d).

0.20.0 (2018-12-13)

Bug Fixes

assert: Adjust assertion behavior to be stricter (#1289) (0919bf4), closes awslabs/cdk-ops#186
aws-cdk: fix profile use in non-'aws' partitions (#1283) (5478913), closes #1262 #1109
upgrade jsii to v0.7.12 (#1328) (62b7941)
aws-cdk: fix YAML line wrapping issue (#1334) (48b9bdd), closes #1309
aws-codecommit: make the onCommit CloudWatch Event respect creating the branch as well. (#1320) (cb1aed9)
aws-ecr: add the addToPipeline method to IRepository. (#1329) (c4a9b74)
aws-ecs: fix healthCheckGracePeriodSeconds (#1266) (3a89e21), closes #1265
aws-ecs: set permissions for 'awslogs' log driver (#1291) (f5bc59b), closes #1279
aws-lambda: code.asset now supports jar files, fixes #1294 (#1330) (3076070)
aws-logs: set default log retention of LogGroup to 731 instead of 730 (#1344) (71dc09f), closes #1343

Features

aws-cdk: directory assets follow symlinks (#1318) (2dfd593), closes #731
aws-s3: orphan buckets by default (#1273) (2eb47ad), closes #1269
core: include jsii runtime version in analytics (#1288) (f06de18), closes awslabs/jsii#325 #1258 awslabs/cdk-ops#127
core: only include cdk libs in version reporting (#1290) (6184423), closes awslabs/cdk-ops#172
docs: add design process description & basic style guide (#1229) (5ffa7e2), closes awslabs/cdk-ops#177
toolkit: include toolkit version in AWS::CDK::Metadata (#1287) (5004f50), closes #1286

BREAKING CHANGES TO EXPERIMENTAL FEATURES

assert: the behavior change of haveResource can cause tests to fail. If allowing extension of the expected values is the intended behavior, you can switch to the haveResourceLike matcher instead, which exposes the previous behavior.

0.19.0 (2018-12-04)

Bug Fixes

aws-cdk: add '-h' flag to bring up help (#1274) (47dafb0), closes #1259
aws-cloudfront: Allow to disable IPv6 on cloudfront distribution (#1244) (10b7092), closes #1243
aws-cloudtrail: correct S3 bucket policy and dependency chain (#1268) (0de2da8), closes #1172
aws-ec2: fix code generation of IcmpPing (#1235) (6a13a18), closes #1231
cdk: don't use instanceof in App (#1249) (a45c3bd), closes #1245
cdk init: rename 'dotnet' to 'csharp' (#1210) (da6a799), closes #1123
cdk init: update 'app' init template (#1209) (0287109), closes #1124 #1128 #1214

Features

aws-codebuild: allow using docker image assets as build images (#1233) (72413c1), closes #1232 #1219
aws-codebuild: rename the Project methods for adding Actions to CodePipeline. (#1254) (825e448), closes #1211
aws-ecr: add an ECR Repository source CodePipeline Action. (#1255) (01cc8a2)
app-delivery: IAM policy for deploy stack (#1165) (edc9a21), closes #1165 #1151
Update to CloudFormation spec v2.16.0 (#1280) (9df5c54)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

aws-codebuild: ecr.RepositoryRef has been replaced by ecr.IRepository, which means that RepositoryRef.import is now Repository.import. Futhermore, the CDK Toolkit must also be upgraded since the docker asset protocol was modified. IRepository.grantUseImage was renamed to IRepository.grantPull.
aws-codebuild: addBuildToPipeline was renamed to addToPipeline and addTestToPipeline was renamed to addPipelineToTest in order to align with naming conventions.
CloudFormationCapabilities.IAM renamed to CloudFormation.AnonymousIAM and PipelineCloudFormationDeployActionProps.capabilities?: CloudFormationCapabilities[] has been changed to PipelineCloudFormationDeployActionProps.capabilities?: CloudFormationCapabilities no longer an array. PipelineCloudFormationDeployActionProps.fullPermissions?: has been renamed to PipelineCloudFormationDeployActionProps.adminPermissions: and is required instead of optional.

0.18.1 (2018-11-21)

Bug Fixes

aws-autoscaling: Add hook ordering dependency (#1218) (7e6ad84), closes #1212
aws-elasticloadbalancingv2: target group metrics (#1226) (de488df), closes #1213

0.18.0 (2018-11-19)

Bug Fixes

aws-cdk: make bootstrapping not require --app (#1191) (c7b1004), closes #1188
aws-ecs: don't emit DesiredCount in daemon mode (#1199) (7908de4), closes #1197
aws-elasticloadbalancingv2: 'targetType' on groups (#1174) (b4293f2)
aws-elasticloadbalancingv2: fix rule dependency (#1170) (aeb0f4f), closes #1160
deps: upgrade jsii to 0.7.11 (#1202) (f3a5f12)
docs: fix "getting started" documentation (#1045) (29b611f)
toolkit: typo in cdk bootstrap output (#1176) (b83fe85)

Features

aws-autoscaling: add instance AutoScaling (#1134) (d397dd7), closes #1042 #1113
aws-codebuild: add support for additional sources and artifact in Projects. (#1110) (d911b08)
aws-ec2: add VPC context provider (#1168) (e8380fa), closes #1095
aws-ecs: expose service and target group on the LoadBalancedFargateService (#1175) (e799699)
aws-ecs: instance autoscaling and drain hook (#1192) (811462e), closes #1162
aws-ecs: Support HTTPS in load balanced Fargate service (#1115) (76a5cc7)
aws-ecs: TLS support for Fargate service applet (#1184) (18166ce)
update to CloudFormation spec v2.13.0 (#1203) (c531c84)
aws-elasticloadbalancingv2: add metrics (#1173) (68d481d), closes #853
docs: getting started instructions for csharp (#1185) (2915ac1), closes #696
toolkit: add 'cdk context' command (#1169) (2db536e), closes #311
toolkit: by default hide AWS::CDK::Metadata from "cdk diff" (#1186) (ef0017a), closes #465
toolkit: improve diff user interface (#1187) (9c3c5c7), closes #1121 #1120
aws-codepipeline: switch to webhooks instead of polling by default for the GitHub (#1074)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

aws-codebuild: this changes the way CodeBuild Sources are constructed (we moved away from multiple parameters in the constructor, in favor of the more idiomatic property interface).
aws-elasticloadbalancingv2: targetGroup.listenerDependency() has been renamed to targetGroup.loadBalancerDependency().

0.17.0 (2018-11-14)

Bug Fixes

aws-ecs: remove DockerHub constructor class (#1153) (ed14638)
aws-ec2: add dependency on gateway attachment for public routes (#1142) (15b255c), closes #1140
s3-deployment: bundle modules correctly (#1154) (0cb1adf)

Features

aws-codedeploy: add an addToPipeline method to Deployment Group. (#1166) (bdbeb7c)
aws-codepipeline, aws-cloudformation: support cross-region CloudFormation pipeline action (#1152) (8e701ad)
toolkit: print available templates when --language is omitted (#1159) (5726c45)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

aws-ec2: Method signature of VpcPublicSubnet.addDefaultIGWRouteEntry changed in order to add a dependency on gateway attachment completing before creating the public route to the gateway. Instead of passing a gateway ID string, pass in a cloudformation.InternetGatewayResource object and a cloudformation.VPCGatewayAttachmentResource object.
If you were using DockerHub.image() to reference docker hub images, use ContainerImage.fromDockerHub() instead.

0.16.0 (2018-11-12)

Bug Fixes

aws-elasticloadbalancingv2: listener dependency (#1146) (e9d3d93), closes #1139
aws-elasticloadbalancingv2: unhealthy threshold (#1145) (a70a50d)

Features

aws-codedeploy: CodeDeploy Pipeline Action using the L2 DeploymentGroup Construct. (#1085) (ce999b6)
aws-route53: route53 Alias record support (#1131) (72f0124)
cdk: allow Tokens to be encoded as lists (#1144) (cd7947c), closes #744

BREAKING CHANGES TO EXPERIMENTAL FEATURES

aws-codedeploy: this changes the API of the CodeDeploy Pipeline Action to take the DeploymentGroup AWS Construct as an argument instead of the names of the Application and Deployment Group.

0.15.2 (2018-11-08)

Bug Fixes

correctly emit quoted YAML for account numbers (#1105) (b4d9155), closes #1100 #1098
aws-ecs: fix use of published NPM package with TypeScript (#1117) (ebfb522)

Features

aws-ecs: Add desired count to LoadBalanced[Fargate|EC2]Service (#1111) (cafcc11)

0.15.1 (2018-11-06)

Bug Fixes

Update peer dependencies to refer to correct version so NPM installs don't fail.
Switch back to js-yaml as yaml was emitting unquoted single colons as list elements.

0.15.0 (2018-11-06)

Bug Fixes

aws-autoscaling: allow minSize to be set to 0 (#1015) (67f7fa1)
aws-codebuild: correctly pass the timeout property to CFN when creating a Project. (#1071) (b1322bb)
aws-codebuild: correctly set S3 path when using it as artifact. (#1072) (f32cba9)
aws-kms: add output value when exporting an encryption key (#1036) (cb490be)
Switch from js-yaml to yaml (#1092) (0b132b5)

Features

don't upload the same asset multiple times (#1011) (35937b6), closes #989
app-delivery: CI/CD for CDK Stacks (#1022) (f2fe4e9)
add a new construct library for ECS (#1058) (ae03ddb)
applets: integrate into toolkit (#1039) (fdabe95), closes #849 #342 #291
aws-codecommit: use CloudWatch Events instead of polling by default in the CodePipeline Action. (#1026) (d09d30c)
aws-dynamodb: allow specifying partition/sort keys in props (#1054) (ec87331), closes #1051
aws-ec2: AmazonLinuxImage supports AL2 (#1081) (97b57a5), closes #1062
aws-lambda: high level API for event sources (#1063) (1be3442)
aws-sqs: improvements to IAM grants API (#1052) (6f2475e)
codepipeline/cfn: Use fewer statements for pipeline permissions (#1009) (8f4c2ab)
pkglint: Make sure .snk files are ignored (#1049) (53c8d76), closes #643
toolkit: deployment ui improvements (#1067) (c832eaf)
Update to CloudFormation resource specification v2.11.0

BREAKING CHANGES TO EXPERIMENTAL FEATURES

The ec2.Connections object has been changed to be able to manage multiple security groups. The relevant property has been changed from securityGroup to securityGroups (an array of security group objects).
aws-codecommit: this modifies the default behavior of the CodeCommit Action. It also changes the internal API contract between the aws-codepipeline-api module and the CodePipeline Actions in the service packages.
applets: The applet schema has changed to allow Multiple applets can be define in one file by structuring the files like this:
applets: The applet schema has changed to allow definition of multiple applets in the same file.

The schema now looks like this:

applets:
  MyApplet:
    type: ./my-applet-file
    properties:
      property1: value
      ...

By starting an applet specifier with npm://, applet modules can directly be referenced in NPM. You can include a version specifier (@1.2.3) to reference specific versions.

aws-sqs: queue.grantReceiveMessages has been removed. It is unlikely that this would be sufficient to interact with a queue. Alternatively you can use queue.grantConsumeMessages or queue.grant('sqs:ReceiveMessage') if there's a need to only grant this action.

0.14.1 (2018-10-26)

Bug Fixes

aws-cdk: fix bug in SSM Parameter Provider (#1023) (6e6aa1d)

0.14.0 (2018-10-26)

IMPORTANT NOTE: when upgrading to this version of the CDK framework, you must also upgrade your installation the CDK Toolkit to the matching version:

$ npm i -g aws-cdk
$ cdk --version
0.14.0 (build ...)

Bug Fixes

remove CloudFormation property renames (#973) (3f86603), closes #852
aws-ec2: fix retention of all egress traffic rule (#998) (b9d5b43), closes #987
aws-s3-deployment: avoid deletion during update using physical ids (#1006) (bca99c6), closes #981 #981
cloudformation-diff: ignore changes to DependsOn (#1005) (3605f9c), closes #274
cloudformation-diff: track replacements (#1003) (a83ac5f), closes #1001
docs: fix EC2 readme for "natgatway" configuration (#994) (0b1e7cc)
docs: updates to contribution guide (#997) (b42e742)
iam: Merge multiple principals correctly (#983) (3fc5c8c), closes #924 #916 #958

Features

add construct library for Application AutoScaling (#933) (7861c6f), closes #856 #861 #640 #644
add HostedZone context provider (#823) (1626c37)
assert: haveResource lists failing properties (#1016) (7f6f3fd)
aws-cdk: add CDK app version negotiation (#988) (db4e718), closes #891
aws-codebuild: Introduce a CodePipeline test Action. (#873) (770f9aa)
aws-sqs: Add grantXxx() methods (#1004) (8c90350)
core: Pre-concatenate Fn::Join (#967) (33c32a8), closes #916 #958

BREAKING CHANGES TO EXPERIMENTAL FEATURES

DynamoDB AutoScaling: Instead of addReadAutoScaling(), call autoScaleReadCapacity(), and similar for write scaling.
CloudFormation resource usage: If you use L1s, you may need to change some XxxName properties back into Name. These will match the CloudFormation property names.
You must use the matching aws-cdk toolkit when upgrading to this version, or context providers will cease to work. All existing cached context values in cdk.json will be invalidated and refreshed.

0.13.0 (2018-10-19)

Highlights

A new construct library for AWS Step Functions (docs). The library provides rich APIs for modeling state machines by exposing a programmatic interface for Amazon State Language.
A new construct library for Amazon S3 bucket deployments (docs). You can use now automatically populate an S3 Bucket from a .zip file or a local directory. This is a building block for end-to-end support for static websites in the AWS CDK.

Bug Fixes

aws-apigateway: make LambdaRestApi proxy by default (#963) (a5f5e2c), closes #959
aws-cdk: Allow use of assumed roles behind a proxy (#898) (f2b1048)
aws-cdk: Auto-delete stacks that failed creating before new attempt (#917) (2af8309)
aws-cloudfront: expose distributionId (#938) (f58d98c)
aws-dynamodb: don't emit empty array properties (#909) (841975a)
docs: use ..code to display file structure in "writing constructs" (#935) (b743362)

Features

assets: isZipArchive indicates if this is a zip asset (#944) (65190f9)
aws-cdk: deploy supports CloudFormation Role (#940) (393be6f), closes #735
aws-cloudformation: allow specifying custom resource type (#943) (9de3a84)
aws-cloudformation: correctly handle the templateConfiguration property in the CreateUpdateStack Pipeline Action. (#923) (d251a46)
aws-cloudfront: add support for "webAclId" (#969) (3ec9d76)
aws-codedeploy: add auto rollback configuration to server Deployment Group. (#925) (7ee91cf)
aws-codedeploy: add instance tag filter support for server Deployment Groups. (#824) (e6e8c51)
aws-codedeploy: add support for setting CloudWatch alarms on a server Deployment Group. (#926) (27b26b1)
add support for Step Functions (#827) (81b533c)
aws-lambda: add grantInvoke() method (#962) (1ee8135), closes #961
aws-lambda: improvements to the code and runtime APIs (#945) (36f29b6), closes #902 #188 #947 #947 #664
aws-logs: extractMetric() returns Metric object (#939) (5558fff), closes #850
aws-s3: initial support for website hosting (#946) (2d3661c)
aws-s3-deployment: bucket deployments (#971) (84d6876), closes #952 #953 #954
docs: added link to CloudFormation concepts (#934) (666bbba)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

aws-apigateway: specifying a path no longer works. If you used to provide a '/', remove it. Otherwise, you will have to supply proxy: false and construct more complex resource paths yourself.
aws-lambda: The construct lambda.InlineJavaScriptLambda is no longer supported. Use lambda.Code.inline instead; lambda.Runtime.NodeJS43Edge runtime is removed. CloudFront docs stipulate that you should use node6.10 or node8.10. It is always possible to use any value by instantiating a lambda.Runtime object.

0.12.0 (2018-10-12)

IMPORTANT NOTE: This release includes a fix for a bug that would make the toolkit unusable for multi-stack applications. In order to benefit from this fix, a globally installed CDK toolkit must also be updated:

$ npm i -g aws-cdk
$ cdk --version
0.12.0 (build ...)

Like always, you will also need to update your project's library versions:

Language	Update?
JavaScript/TypeScript (npm)	`npx npm-check-updates -u`
Java (maven)	`mvn versions:use-latest-versions`
.NET (NuGet)	`nuget update`

Bug Fixes

aws-codebuild: allow passing oauth token to GitHubEnterpriseSource (#908) (c23da91)
toolkit: multi-stack apps cannot be synthesized or deployed (#911) (5511076), closes #868 #294 #910

Features

aws-cloudformation: add permission management to CreateUpdate and Delete Stack CodePipeline Actions. (#880) (8b3ae43)
aws-codepipeline: make input and output artifact names optional when creating Actions. (#845) (3d91c93)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

aws-codepipeline: this commit contains the following breaking changes:
- Rename 'artifactName' in Action construction properties to 'outputArtifactName'
- Rename the 'artifact' property of Actions to 'outputArtifact'
- No longer allow adding output artifacts to Actions by instantiating the Artifact class
- Rename Action#input/outputArtifacts properties to input/outputArtifacts

Previously, we always required customers to explicitly name the output artifacts the Actions used in the Pipeline, and to explicitly "wire together" the outputs of one Action as inputs to another. With this change, the CodePipeline Construct generates artifact names, if the customer didn't provide one explicitly, and tries to find the first available output artifact to use as input to a newly created Action that needs it, thus turning both the input and output artifacts from required to optional properties.

0.11.0 (2018-10-11)

IMPORTANT NOTE: This release includes a breaking change in the toolkit <=> app protocol. This means that in order to synthesize CDK apps that use this version, the globally installed CDK toolkit must also be updated:

$ npm i -g aws-cdk
$ cdk --version
0.11.0 (build ...)

Like always, you will also need to update your project's library versions:

Language	Update?
JavaScript/TypeScript (npm)	`npx npm-check-updates -u`
Java (maven)	`mvn versions:use-latest-versions`
.NET (NuGet)	`nuget update`

Bug Fixes

aws-apigateway: allow + in path parts (#769) (0c50d27), closes #768
aws-cdk: continue after exceptions in stack monitor (#791) (b0f3298), closes #787
aws-cloudfront: check for undefined and determining of the defaultRootObject prop is set or not (#801) (32a74c6)
aws-cloudfront: properly support loggingConfig (#809) (5512f70), closes #721
aws-codecommit: typo in README (#780) (0e79c2d)
aws-ec2: Add Burstable Generation 3 Instances (#812) (d36ee6d)
aws-ec2: fix capitalization of "VPCEndpointType" to "VpcEndpointType" (#789) (7a8ee2c), closes #765
aws-ec2: fix typo in resource identifier (#818) (f529c80)
aws-elbv2: fix load balancer registration (#890) (8cc9abe)
aws-s3: properly export bucketDomainName (#844) (a65060d)
aws-sqs: Queue.import() doesn't return a value (#885) (c592b7f), closes #879
cdk: fix TagManager to evaluate to undefined if no tags are included (#882) (477c827)
cdk: init templates were not upgraded to typescript ^3.0.0 (#904) (2cc7475)
cdk: jsx support conflicts with React usage (#884) (76d8031), closes #830
cfn2ts: expect Token instead of CloudFormationToken (#896) (6eee1d2)
docs: fix issue #718 (Aurora DB example) (#783) (016f3a8)
docs: update supported languages in README (#819, #450) (#820) (ffac98c)
Correct heading level of CHANGELOG.md 0.10.0 (40d9ef0)
Emit valid YAML-1.1 (#876) (ff857ea), closes #875
toolkit: improve error message for large templates (#900) (a41f48f), closes #34

Code Refactoring

aws-iam: move IAM classes cdk to aws-iam (#866) (d46a95b), closes #196
util: remove @aws-cdk/util (#745) (10015cb), closes #709
framework: remove app boilerplate and improvements to cx protocol (#868) (005beec), closes #216

Features

aws-apigateway: "LambdaRestApi" and "addProxy" routes (#867) (905a95d)
aws-cdk: add maven wrapper to java template (#811) (72aa872)
aws-cloudformation: rename the CFN CodePipeline Actions. (#771) (007e7b4)
aws-cloudformation: update the ReadMe of the module to reflect the new Action names. (#775) (6c0e75b), closes #771
aws-cloudfront: Support Security Policy (#804) (b39bf11), closes #795
aws-codedeploy: Add the auto-scaling groups property to ServerDeploymentGroup. (#739) (0b28886)
aws-codedeploy: Deployment Configuration Construct. (#653) (e6b67ad)
aws-codedeploy: support setting a load balancer on a Deployment Group. (#786) (e7af9f5)
aws-codepipeline: allow specifying the runOrder property when creating Actions. (#776) (d146c8d)
aws-codepipeline, aws-codecommit, aws-s3: change the convention for naming the source Actions to XxxSourceAction. (#753) (9c3ce7f)
aws-dynamodb: IAM grants support (#870) (c5a4200)
aws-dynamodb: support Global Secondary Indexes (#760) (3601440)
aws-dynamodb: tags support (#814) (924c84e)
aws-dynamodB: support Local Secondary Indexes (#825) (3175af3)
aws-ec2: add support for ICMP protocol's classification Types & Codes to SecurityGroupRule (#893) (85bd3c0)
aws-ec2: allow configuring subnets for NAT gateway (#874) (8ec761c)
aws-ec2: support UDP port ranges in SecurityGroups (#835) (b42ef90)
aws-elasticloadbalancingv2: support for ALB/NLB (#750) (bd9ee01)
aws-s3: support granting public access to objects (#886) (bdee191), closes #877
cdk: Add support for UseOnlineResharding with UpdatePolicies (#881) (1f717e1)
cdk: configurable default SSM context provider (#889) (353412b)
core: resource overrides (escape hatch) (#784) (5054eef), closes #606
aws-codepipeline: Manage IAM permissions for (some) CFN CodePipeline actions (#843) (4c69118)
toolkit: Stop creating 'empty' stacks (#779) (1dddd8a)
aws-autoscaling, aws-ec2: Tagging support for AutoScaling/SecurityGroup (#766) (3d48eb2)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

framework: The cdk.App constructor doesn't accept any arguments, and app.run() does not return a string anymore. All AWS CDK apps in all languages would need to be modified to adhere to the new API of the cdk.App construct.

Instead of:
```
const app = new App(process.argv); // ERROR
// add stacks
process.stdout.write(app.run());   // ERROR
```
The new usage is:
```
const app = new App();
// add stacks
app.run();
```
framework: The CDK is no longer shipped with built-in support for JSX. You can still use JSX but you will have to manually configure it.
aws-iam: PolicyDocument, PolicyStatement and all PolicyPrincipal classes moved from the @aws-cdk/cdk module and into the @aws-cdk/aws-iam module.
aws-codepipeline-api: Artifact.subartifact method of the CodePipeline API was renamed to Artifact.atPath.
constructor signature of TagManager has changed. initialTags is now passed inside a props object.
util: @aws-cdk/util is no longer available
aws-elasticloadbalancingv2: Adds classes for modeling Application and Network Load Balancers. AutoScalingGroups now implement the interface that makes constructs a load balancing target. The breaking change is that Security Group rule identifiers have been changed in order to make adding rules more reliable. No code changes are necessary but existing deployments may experience unexpected changes.
aws-cloudformation: this renames all CloudFormation Actions for CodePipeline to bring them in line with Actions defined in other service packages.
aws-codepipeline, aws-codecommit, aws-s3: change the names of the source Actions from XxxSource to XxxSourceAction. This is to align them with the other Actions, like Build. Also, CodeBuild has the concept of Sources, so it makes sense to strongly differentiate between the two.

0.10.0 (2018-09-27)

This release introduces a better way to "escape" L2 constructs in case of missing features by adding the ability to add arbitrary overrides for resource properties:

const bucket = new s3.Bucket(this, 'L2Bucket');

// access L1
const bucketResource = bucket.findChild('Resource') as s3.cloudformation.BucketResource;

// strongly-typed overrides
bucketResource.propertyOverrides.bucketName = 'NewBucketName';

// weakly-typed overrides
bucketResource.addPropertyOverride('BucketName', 'NewerBucketName');

Bug Fixes

aws-codecommit: typo in README (#780) (0e79c2d)
aws-ec2: fix capitalization of "VPCEndpointType" to "VpcEndpointType" (#789) (7a8ee2c), closes #765
docs: fix issue #718 (Aurora DB example) (#783) (016f3a8)

Code Refactoring

util: remove @aws-cdk/util (#745) (10015cb), closes #709

Features

aws-cloudformation: rename the CodePipeline actions (#771) (007e7b4)
aws-cloudformation: update the README of the module to reflect the new action names (#775) (6c0e75b), closes #771
aws-codedeploy: add auto-scaling groups property to ServerDeploymentGroup (#739) (0b28886)
aws-codedeploy: add deployment configuration construct (#653) (e6b67ad)
aws-codepipeline, aws-codecommit, aws-s3: change the convention for naming the source Actions to XxxSourceAction (#753) (9c3ce7f)
aws-elasticloadbalancingv2: support for ALB/NLB (#750) (bd9ee01)
tagging support for AutoScaling/SecurityGroup (#766) (3d48eb2)
core: resource overrides (escape hatch) (#784) (5054eef), closes #606
toolkit: stop creating 'empty' stacks (#779) (1dddd8a)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

cdk: the constructor signature of TagManager has changed. initialTags is now passed inside a props object.
util: @aws-cdk/util is no longer available
aws-elasticloadbalancingv2: adds classes for modeling Application and Network Load Balancers. AutoScalingGroups now implement the interface that makes constructs a load balancing target. The breaking change is that Security Group rule identifiers have been changed in order to make adding rules more reliable. No code changes are necessary but existing deployments may experience unexpected changes.
aws-cloudformation: this renames all CloudFormation Actions for CodePipeline to bring them in line with Actions defined in other service packages.
aws-codepipeline, aws-codecommit, aws-s3: change the names of the source Actions from XxxSource to XxxSourceAction. This is to align them with the other Actions, like Build. Also, CodeBuild has the concept of Sources, so it makes sense to strongly differentiate between the two.

CloudFormation Changes

@aws-cdk/cfnspec: Updated CloudFormation resource specification to v2.8.0 (@RomainMuller in #767)
- New Construct Libraries
  - @aws-cdk/aws-amazonmq
  - @aws-cdk/aws-iot1click
- New Resource Types
  - AWS::IoT1Click::Device
  - AWS::IoT1Click::Placement
  - AWS::IoT1Click::Project
- Attribute Changes
  - AWS::EC2::VPCEndpoint CreationTimestamp (added)
  - AWS::EC2::VPCEndpoint DnsEntries (added)
  - AWS::EC2::VPCEndpoint NetworkInterfaceIds (added)
- Property Changes
  - AWS::ApiGateway::Deployment DeploymentCanarySettings (added)
  - AWS::ApiGateway::Method AuthorizationScopes (added)
  - AWS::ApiGateway::Stage AccessLogSetting (added)
  - AWS::ApiGateway::Stage CanarySetting (added)
  - AWS::AutoScaling::AutoScalingGroup LaunchTemplate (added)
  - AWS::CodeBuild::Project LogsConfig (added)
  - AWS::CodeBuild::Project SecondaryArtifacts (added)
  - AWS::CodeBuild::Project SecondarySources (added)
  - AWS::CodeDeploy::DeploymentGroup Ec2TagSet (added)
  - AWS::CodeDeploy::DeploymentGroup OnPremisesTagSet (added)
  - AWS::EC2::FlowLog LogDestination (added)
  - AWS::EC2::FlowLog LogDestinationType (added)
  - AWS::EC2::FlowLog DeliverLogsPermissionArn.Required (changed)
    - Old: true
    - New: false
  - AWS::EC2::FlowLog LogGroupName.Required (changed)
    - Old: true
    - New: false
  - AWS::EC2::VPCEndpoint IsPrivateDnsEnabled (deleted)
  - AWS::EC2::VPCEndpoint PrivateDnsEnabled (added)
  - AWS::EC2::VPCEndpoint RouteTableIds.DuplicatesAllowed (added)
  - AWS::EC2::VPCEndpoint SecurityGroupIds.DuplicatesAllowed (added)
  - AWS::EC2::VPCEndpoint SubnetIds.DuplicatesAllowed (added)
  - AWS::EC2::VPCEndpoint VPCEndpointType.UpdateType (changed)
    - Old: Mutable
    - New: Immutable
  - AWS::ECS::Service SchedulingStrategy (added)
  - AWS::ECS::Service ServiceRegistries.UpdateType (changed)
    - Old: Mutable
    - New: Immutable
  - AWS::ElastiCache::ReplicationGroup NodeGroupConfiguration.UpdateType (changed)
    - Old: Immutable
    - New: Conditional
  - AWS::ElastiCache::ReplicationGroup NumNodeGroups.UpdateType (changed)
    - Old: Immutable
    - New: Conditional
  - AWS::RDS::DBCluster EngineMode (added)
  - AWS::RDS::DBCluster ScalingConfiguration (added)
  - AWS::SageMaker::NotebookInstance LifecycleConfigName.UpdateType (changed)
    - Old: Immutable
    - New: Mutable
- Property Type Changes
  - AWS::ApiGateway::Deployment.AccessLogSetting (added)
  - AWS::ApiGateway::Deployment.CanarySetting (added)
  - AWS::ApiGateway::Deployment.DeploymentCanarySettings (added)
  - AWS::ApiGateway::Stage.AccessLogSetting (added)
  - AWS::ApiGateway::Stage.CanarySetting (added)
  - AWS::AutoScaling::AutoScalingGroup.LaunchTemplateSpecification (added)
  - AWS::CodeBuild::Project.CloudWatchLogsConfig (added)
  - AWS::CodeBuild::Project.LogsConfig (added)
  - AWS::CodeBuild::Project.S3LogsConfig (added)
  - AWS::CodeDeploy::DeploymentGroup.EC2TagSet (added)
  - AWS::CodeDeploy::DeploymentGroup.EC2TagSetListObject (added)
  - AWS::CodeDeploy::DeploymentGroup.OnPremisesTagSet (added)
  - AWS::CodeDeploy::DeploymentGroup.OnPremisesTagSetListObject (added)
  - AWS::EC2::SpotFleet.ClassicLoadBalancer (added)
  - AWS::EC2::SpotFleet.ClassicLoadBalancersConfig (added)
  - AWS::EC2::SpotFleet.FleetLaunchTemplateSpecification (added)
  - AWS::EC2::SpotFleet.LaunchTemplateConfig (added)
  - AWS::EC2::SpotFleet.LaunchTemplateOverrides (added)
  - AWS::EC2::SpotFleet.LoadBalancersConfig (added)
  - AWS::EC2::SpotFleet.TargetGroup (added)
  - AWS::EC2::SpotFleet.TargetGroupsConfig (added)
  - AWS::ECS::TaskDefinition.DockerVolumeConfiguration (added)
  - AWS::ECS::TaskDefinition.RepositoryCredentials (added)
  - AWS::ECS::TaskDefinition.Tmpfs (added)
  - AWS::Events::Rule.SqsParameters (added)
  - AWS::RDS::DBCluster.ScalingConfiguration (added)
  - AWS::ApiGateway::Deployment.StageDescription AccessLogSetting (added)
  - AWS::ApiGateway::Deployment.StageDescription CanarySetting (added)
  - AWS::ApiGateway::Method.Integration ConnectionId (added)
  - AWS::ApiGateway::Method.Integration ConnectionType (added)
  - AWS::ApiGateway::Method.Integration TimeoutInMillis (added)
  - AWS::ApiGateway::UsagePlan.ApiStage Throttle (added)
  - AWS::CodeBuild::Project.Artifacts ArtifactIdentifier (added)
  - AWS::CodeBuild::Project.Source SourceIdentifier (added)
  - AWS::CodeBuild::Project.VpcConfig SecurityGroupIds.Required (changed)
    - Old: true
    - New: false
  - AWS::CodeBuild::Project.VpcConfig Subnets.Required (changed)
    - Old: true
    - New: false
  - AWS::CodeBuild::Project.VpcConfig VpcId.Required (changed)
    - Old: true
    - New: false
  - AWS::CodeDeploy::DeploymentGroup.EC2TagFilter Key.Documentation (changed)
    - Old: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codedeploy-deploymentgroup-ec2tagfilters.html#cfn-properties-codedeploy-deploymentgroup-ec2tagfilters-key
    - New: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codedeploy-deploymentgroup-ec2tagfilter.html#cfn-codedeploy-deploymentgroup-ec2tagfilter-key
  - AWS::CodeDeploy::DeploymentGroup.EC2TagFilter Type.Documentation (changed)
    - Old: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codedeploy-deploymentgroup-ec2tagfilters.html#cfn-properties-codedeploy-deploymentgroup-ec2tagfilters-type
    - New: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codedeploy-deploymentgroup-ec2tagfilter.html#cfn-codedeploy-deploymentgroup-ec2tagfilter-type
  - AWS::CodeDeploy::DeploymentGroup.EC2TagFilter Value.Documentation (changed)
    - Old: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codedeploy-deploymentgroup-ec2tagfilters.html#cfn-properties-codedeploy-deploymentgroup-ec2tagfilters-value
    - New: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codedeploy-deploymentgroup-ec2tagfilter.html#cfn-codedeploy-deploymentgroup-ec2tagfilter-value
  - AWS::CodeDeploy::DeploymentGroup.TagFilter Key.Documentation (changed)
    - Old: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codedeploy-deploymentgroup-onpremisesinstancetagfilters.html#cfn-properties-codedeploy-deploymentgroup-onpremisesinstancetagfilters-key
    - New: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codedeploy-deploymentgroup-tagfilter.html#cfn-codedeploy-deploymentgroup-tagfilter-key
  - AWS::CodeDeploy::DeploymentGroup.TagFilter Type.Documentation (changed)
    - Old: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codedeploy-deploymentgroup-onpremisesinstancetagfilters.html#cfn-properties-codedeploy-deploymentgroup-onpremisesinstancetagfilters-type
    - New: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codedeploy-deploymentgroup-tagfilter.html#cfn-codedeploy-deploymentgroup-tagfilter-type
  - AWS::CodeDeploy::DeploymentGroup.TagFilter Value.Documentation (changed)
    - Old: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codedeploy-deploymentgroup-onpremisesinstancetagfilters.html#cfn-properties-codedeploy-deploymentgroup-onpremisesinstancetagfilters-value
    - New: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codedeploy-deploymentgroup-tagfilter.html#cfn-codedeploy-deploymentgroup-tagfilter-value
  - AWS::EC2::SpotFleet.SpotFleetRequestConfigData InstanceInterruptionBehavior (added)
  - AWS::EC2::SpotFleet.SpotFleetRequestConfigData LaunchTemplateConfigs (added)
  - AWS::EC2::SpotFleet.SpotFleetRequestConfigData LoadBalancersConfig (added)
  - AWS::EC2::SpotFleet.SpotPlacement Tenancy (added)
  - AWS::ECS::Service.ServiceRegistry ContainerName (added)
  - AWS::ECS::Service.ServiceRegistry ContainerPort (added)
  - AWS::ECS::Service.ServiceRegistry Port.UpdateType (changed)
    - Old: Mutable
    - New: Immutable
  - AWS::ECS::Service.ServiceRegistry RegistryArn.UpdateType (changed)
    - Old: Mutable
    - New: Immutable
  - AWS::ECS::TaskDefinition.ContainerDefinition RepositoryCredentials (added)
  - AWS::ECS::TaskDefinition.LinuxParameters SharedMemorySize (added)
  - AWS::ECS::TaskDefinition.LinuxParameters Tmpfs (added)
  - AWS::ECS::TaskDefinition.Volume DockerVolumeConfiguration (added)
  - AWS::ElastiCache::ReplicationGroup.NodeGroupConfiguration NodeGroupId (added)
  - AWS::Events::Rule.Target SqsParameters (added)
  - AWS::RDS::OptionGroup.OptionConfiguration OptionSettings.DuplicatesAllowed (added)
  - AWS::RDS::OptionGroup.OptionConfiguration OptionSettings.ItemType (added)
  - AWS::RDS::OptionGroup.OptionConfiguration OptionSettings.Type (changed)
    - Old: OptionSetting
    - New: List

0.9.2 (2018-09-20)

NOTICE: This release includes a framework-wide breaking change which changes the type of all the string resource attributes across the framework. Instead of using strong-types that extend cdk.Token (such as QueueArn, TopicName, etc), we now represent all these attributes as normal strings, and codify the tokens into the string (using the feature introduced in #168).

Furthermore, the cdk.Arn type has been removed. In order to format/parse ARNs, use the static methods on cdk.ArnUtils.

See motivation and discussion in #695.

Breaking Changes

cfn2ts: use stringified tokens for resource attributes instead of strong types (#712) (6508f78), closes #518 #695 #744
aws-dynamodb: Attribute type for keys, changes the signature of the addPartitionKey and addSortKey methods to be consistent across the board. (#720) (e6cc189)
aws-codebuild: fix typo "priviledged" -> "privileged

Bug Fixes

assets: can't use multiple assets in the same stack (#725) (bba2e5b), closes #706
aws-codebuild: typo in BuildEnvironment "priviledged" -> "privileged (#734) (72fec36)
aws-ecr: fix addToResourcePolicy (#737) (eadbda5)
aws-events: ruleName can now be specified (#726) (a7bc5ee), closes #708
aws-lambda: jsii use no long requires 'sourceAccount' (#728) (9e7d311), closes #714
aws-s3: remove policy argument (#730) (a79190c), closes #672
cdk: "cdk init" java template is broken (#732) (281c083), closes #711 awslabs/jsii#233

Features

aws-apigateway: new API Gateway Construct Library (#665) (b0f3857)
aws-cdk: detect presence of EC2 credentials (#724) (8e8c295), closes #702 #130
aws-codepipeline: make the Stage insertion API in CodePipeline more flexible (#460) (d182818)
aws-codepipeline: new "Pipeline#addStage" convenience method (#647) (25c9fa0)
aws-rds: add support for parameter groups (#729) (2541508), closes #719
docs: add documentation for CDK toolkit plugings (#733) (965b918)
dependencies: upgrade to jsii 0.7.6

0.9.1 (2018-09-13)

Bug Fixes

aws-cdk: Fix proxy support for account lookup (#693) (5468225), closes #645

Features

aws-ec2 BREAKING: Move LoadBalancer to aws-elasticloadbalancing package (#705) (4bd1cf2)
aws-serverless BREAKING: Rename @aws-cdk/aws-serverless to @aws-cdk/aws-sam (#704) (3a67d5d)
aws-dynamodb: Support DynamoDB TTL (#691) (35b6206)
aws-dynamodb: Support DynamoDB PITR (#701) (7a4d7b7)
aws-ecr: Add support for ECR repositories (#697) (c6c09bf)
aws-lambda: Add support for XRay Tracing (#675) (b4435cc)
cfnspec: Add DeploymentPreference Patch for SAM Spec (#681) (#681) (f96c487)

0.9.0 -- 2018-09-10

The headliners of this release are .NET support, and a wealth of commits by external contributors who are stepping up to fix the CDK for their use cases! Thanks all for the effort put into this release!

Features

Add strongly-named .NET targets, and a cdk init template for C# projects (@mpiroc in #617, #643).
@aws-cdk/aws-autoscaling: Allow attaching additional security groups to Launch Configuration (@moofish32 in #636).
@aws-cdk/aws-autoscaling: Support update and creation policies on AutoScalingGroups (@rix0rrr in #595).
@aws-cdk/aws-codebuild: Add support for running script from an asset (@rix0rrr in #677).
@aws-cdk/aws-codebuild: New method addBuildToPipeline on Project (@skinny85 in 783dcb3).
@aws-cdk/aws-codecommit: New method addToPipeline on Repository (@skinny85 in #616).
@aws-cdk/aws-codedeploy: Add initial support for CodeDeploy (@skinny85 in #593, #641).
@aws-cdk/aws-dynamodb: Add support for DynamoDB autoscaling (@SeekerWing in #637).
@aws-cdk/aws-dynamodb: Add support for DynamoDB streams (@rhboyd in #633).
@aws-cdk/aws-dynamodb: Add support for server-side encryption (@jungseoklee in #684).
@aws-cdk/aws-ec2 (BREAKING): SecurityGroup can now be used as a Connectable #582).
@aws-cdk/aws-ec2: Add VPC tagging ([@moofish] in #538).
@aws-cdk/aws-ec2: Add support for InstanceSize.Nano (@rix0rrr in #581)
@aws-cdk/aws-lambda: Add support for dead letter queues (@SeekerWing in #663).
@aws-cdk/aws-lambda: Add support for placing a Lambda in a VPC (@rix0rrr in #598).
@aws-cdk/aws-logs: Add extractMetric() helper function (@rix0rrr in #676).
@aws-cdk/aws-rds: Add support for Aurora PostreSQL/MySQL engines (@cookejames in #586)
@aws-cdk/aws-s3: Additional grant methods for Buckets (@eladb in #591)
@aws-cdk/aws-s3: New method addToPipeline on Bucket (@skinny85 in c8b7a49).
aws-cdk: Add support for HTTP proxies (@rix0rrr in #666).
aws-cdk: Toolkit now shows failure reason if stack update fails (@rix0rrr in #609).
cdk-build-tools: Add support for running experiment JSII versions (@RomainMuller in #649).

Changes

BREAKING: Generate classes and types for the CloudFormation resource .ref attributes (@rix0rrr in #627).
BREAKING: Make types accepted in Policy-related classes narrower (from any to Arn, for example) to reduce typing mistakes (@rix0rrr in #629).
@aws-cdk/aws-codepipeline (BREAKING): Align the CodePipeline APIs (@skinny85 in #492, #568)
@aws-cdk/aws-ec2 (BREAKING): Move Fleet/AutoScalingGroup to its own package (@rix0rrr in #608).
aws-cdk: Simplify plugin protocol (@RomainMuller in #646).

Bug Fixes

@aws-cdk/aws-cloudfront: Fix CloudFront behavior for ViewerProtocolPolicy (@mindstorms6 in #615).
@aws-cdk/aws-ec2: VPC Placement now supports picking Isolated subnets (@rix0rrr in #610).
@aws-cdk/aws-logs: Add export()/import() capabilities (@rix0rrr in #630).
@aws-cdk/aws-rds: Fix a bug where a cluster with 1 instance could not be created (@cookejames in #578)
@aws-cdk/aws-s3: Bucket notifications can now add dependencies, fixing creation order (@eladb in #584).
@aws-cdk/aws-s3: Remove useless bucket name validation (@rix0rrr in #628).
@aws-cdk/aws-sqs: Make QueueRef.encryptionMasterKey readonly (@RomainMuller in #650).
assets: S3 read permissions are granted on a prefix to fix lost permissions during asset update (@rix0rrr in #510).
aws-cdk: Remove bootstrapping error if multiple stacks are in the same environment (@RomainMuller in #625).
aws-cdk: Report and continue if git throws errors during cdk init (@rix0rrr in #587).

CloudFormation Changes

@aws-cdk/cfnspec: Updated CloudFormation resource specification to v2.6.0 (@RomainMuller in #594)
- New AWS Construct Library
  - @aws-cdk/aws-sagemaker supports AWS::SageMaker resources
- New Resource Types
  - AWS::AmazonMQ::Broker
  - AWS::AmazonMQ::Configuration
  - AWS::CodePipeline::Webhook
  - AWS::Config::AggregationAuthorization
  - AWS::Config::ConfigurationAggregator
  - AWS::EC2::VPCEndpointConnectionNotification
  - AWS::EC2::VPCEndpointServicePermissions
  - AWS::IAM::ServiceLinkedRole
  - AWS::SSM::ResourceDataSync
  - AWS::SageMaker::Endpoint
  - AWS::SageMaker::EndpointConfig
  - AWS::SageMaker::Model
  - AWS::SageMaker::NotebookInstance
  - AWS::SageMaker::NotebookInstanceLifecycleConfig
- Attribute Changes
  - AWS::CodePipeline::Pipeline Version (added)
- Property Changes
  - AWS::AppSync::DataSource HttpConfig (added)
  - AWS::DAX::Cluster SSESpecification (added)
  - AWS::DynamoDB::Table Stream (added)
  - AWS::DynamoDB::Table AutoScalingSupport (added)
  - AWS::EC2::VPCEndpoint IsPrivateDnsEnabled (added)
  - AWS::EC2::VPCEndpoint SecurityGroupIds (added)
  - AWS::EC2::VPCEndpoint SubnetIds (added)
  - AWS::EC2::VPCEndpoint VPCEndpointType (added)
  - AWS::EC2::VPCEndpoint RouteTableIds.DuplicatesAllowed (deleted)
  - AWS::EC2::VPCPeeringConnection PeerRegion (added)
  - AWS::EFS::FileSystem ProvisionedThroughputInMibps (added)
  - AWS::EFS::FileSystem ThroughputMode (added)
  - AWS::EMR::Cluster KerberosAttributes (added)
  - AWS::Glue::Classifier JsonClassifier (added)
  - AWS::Glue::Classifier XMLClassifier (added)
  - AWS::Glue::Crawler Configuration (added)
  - AWS::Lambda::Lambda DLQConfigurationSupport (added)
  - AWS::Neptune::DBInstance DBSubnetGroupName.UpdateType (changed)
    - Old: Mutable
    - New: Immutable
  - AWS::SNS::Subscription DeliveryPolicy (added)
  - AWS::SNS::Subscription FilterPolicy (added)
  - AWS::SNS::Subscription RawMessageDelivery (added)
  - AWS::SNS::Subscription Region (added)
  - AWS::SQS::Queue Tags (added)
  - AWS::ServiceDiscovery::Service HealthCheckCustomConfig (added)
- Property Type Changes
  - AWS::AppSync::DataSource.HttpConfig (added)
  - AWS::DAX::Cluster.SSESpecification (added)
  - AWS::EMR::Cluster.KerberosAttributes (added)
  - AWS::Glue::Classifier.JsonClassifier (added)
  - AWS::Glue::Classifier.XMLClassifier (added)
  - AWS::ServiceDiscovery::Service.HealthCheckCustomConfig (added)
  - AWS::CloudFront::Distribution.CacheBehavior FieldLevelEncryptionId (added)
  - AWS::CloudFront::Distribution.DefaultCacheBehavior FieldLevelEncryptionId (added)
  - AWS::CodeBuild::Project.Artifacts EncryptionDisabled (added)
  - AWS::CodeBuild::Project.Artifacts OverrideArtifactName (added)
  - AWS::CodeBuild::Project.Environment Certificate (added)
  - AWS::CodeBuild::Project.Source ReportBuildStatus (added)
  - AWS::ServiceDiscovery::Service.DnsConfig RoutingPolicy (added)
  - AWS::WAF::WebACL.ActivatedRule Action.Required (changed)
    - Old: true
    - New: false
@aws-cdk/cfnspec: Updated Serverless Application Model (SAM) Resource Specification (@RomainMuller in #594)
- Property Changes
  - AWS::Serverless::Api MethodSettings (added)
- Property Type Changes
  - AWS::Serverless::Function.SQSEvent (added)
  - AWS::Serverless::Function.EventSource Properties.Types (changed)
    - Added SQSEvent

0.8.2 - 2018-08-15

Features

@aws-cdk/cdk: Tokens can now be transparently embedded into strings and encoded into JSON without losing their semantics. This makes it possible to treat late-bound (deploy-time) values as if they were regular strings (@rix0rrr in #518).
@aws-cdk/aws-s3: add support for bucket notifications to Lambda, SNS, and SQS targets (@eladb in #201, #560, #561, #564)
@aws-cdk/cdk: non-alphanumeric characters can now be used as construct identifiers (@eladb in #556)
@aws-cdk/aws-iam: add support for maxSessionDuration for Roles (@eladb in #545).

Changes

@aws-cdk/aws-lambda (BREAKING): most classes renamed to be shorter and more in line with official service naming (Lambda renamed to Function or ommitted) (@eladb in #550)
@aws-cdk/aws-codepipeline (BREAKING): move all CodePipeline actions from @aws-cdk/aws-xxx-codepipeline packages into the regular @aws-cdk/aws-xxx service packages (@skinny85 in #459).
@aws-cdk/aws-custom-resources (BREAKING): package was removed, and the Custom Resource construct added to the @aws-cdk/aws-cloudformation package (@rix0rrr in #513)

Fixes

@aws-cdk/aws-lambda: Lambdas that are triggered by CloudWatch Events now show up in the console, and can only be triggered the indicated Event Rule. BREAKING for middleware writers (as this introduces an API change), but transparent to regular consumers (@eladb in #558)
@aws-cdk/aws-codecommit: fix a bug where pollForSourceChanges could not be set to false (@maciejwalkowiak in #534)
aws-cdk: don't fail if the ~/.aws/credentials file is missing (@RomainMuller in #541)
@aws-cdk/aws-cloudformation: fix a bug in the CodePipeline actions to correctly support TemplateConfiguration (@mindstorms6 in #571).
@aws-cdk/aws-cloudformation: fix a bug in the CodePipeline actions to correctly support ParameterOverrides (@mindstorms6 in #574).

Known Issues

cdk init will try to init a git repository and fail if no global user.name and user.email have been configured.

0.8.1 - 2018-08-08

Features

aws-cdk: Support --profile in command-line toolkit (@rix0rrr in #517)
@aws-cdk/cdk: Introduce Default construct id (@rix0rrr in #496)
@aws-cdk/aws-lambda: Add LambdaRuntime.DotNetCore21 (@Mortifera in #507)
@aws-cdk/runtime-values (BREAKING): rename 'rtv' to 'runtime-values' (@rix0rrr in #494)
@aws-cdk/aws-ec2: Combine Connections and DefaultConnections classes (@rix0rrr in #453)
@aws-cdk/aws-codebuild: allow buildSpec parameter to take a filename (@rix0rrr in #470)
@aws-cdk/aws-cloudformation-codepipeline: add support for CloudFormation CodePipeline actions (@mindstorms6 and @rix0rrr in #525).
docs: Improvements to Getting Started (@eladb in #462)
docs: Updates to README (@Doug-AWS in #456)
docs: Upgraded jsii-pacmak to 0.6.4, which includes "language-native" type names and package coordinates (@RomainMuller in awslabs/jsii#130)

Bug fixes

aws-cdk (toolkit): Fix java cdk init template (@RomainMuller in #490)
@aws-cdk/cdk (BREAKING): Align FnJoin signature to CloudFormation (@RomainMuller in #516)
@aws-cdk/aws-cloudfront: Fix origin error (@mindstorms6 in #514)
@aws-cdk/aws-lambda: Invalid cast for inline LambdaRuntime members in Java (@eladb in #505)
examples: Fixed java examples (@RomainMuller in #498)

0.8.0 - 2018-07-31

This is the first public release of the AWS CDK!

Change license to Apache-2.0 (@RomainMuller in #428)
Multiple README updates, including animated gif screencast, as preparation for public release (@rix0rrr in #433, @eladb in #439)
Multiple documentation updates for public release (@Doug-AWS in #420, @eladb in #436)
Toolkit (bug fix): Correctly account for CDK::Metadata in cdk diff (@RomainMuller in #435)
AWS CodeBuild (BREAKING): Usability improvements for the CodeBuild library (@skinny85 in #412)

0.7.4 - 2018-07-26

Highlights

A huge shout-out to our first external contributor, @moofish32, for many valuable improvements to the EC2 VPC construct (@moofish32 in #250).
The AWS::CDK::Metadata resource is injected to templates to analyze usage and notify about deprecated modules to improve security. To opt-out, use the switch --no-version-reporting or set version-reporting to false in your cdk.json (@RomainMuller in [#221]).
Added capability for bundling local assets (files/directories) and referencing them in CDK constructs. This allows, for example, to define Lambda functions with runtime code in the same project and deploy them using the toolkit (@eladb in #371).
Reorganization of CodePipeline actions into separate libraries (@skinny85 in #401 and #402).
A new library for CloudWatch Logs (@rix0rrr in #307).

AWS Construct Library

BREAKING: All AWS libraries renamed from @aws-cdk/xxx to @aws-cdk/aws-xxx in order to avoid conflicts with framework modules (@RomainMuller in #384).
BREAKING: The @aws-cdk/resources module has been removed. Low-level CloudFormation resources (e.g. BucketResource) are now integrated into their respective library under the cloudformation namespace to improves discoverability and organization of the layers (@RomainMuller in #264).

Framework

Introducing CDK Assets which are local files or directories that can be "bundled" into CDK constructs and apps. During deployment assets are packaged (i.e. zipped), uploaded to S3 and their deployed location can be referenced in CDK apps via the s3BucketName and s3ObjectKey and s3Url and read permissions can be granted via asset.grantRead(principal) (@eladb in #371)
Return dummy values instead of fail synthesis if environmental context (AZs, SSM parameters) doesn't exist in order to support unit tests. When synthesizing through the toolkit, an error will be displayed if the context cannot be found (@eladb in #227)
Added construct.addError(msg), addWarning(msg) and addInfo(msg) which will emit messages during synthesis via the toolkit. Errors will fail synthesis (unless --ignore-errors is used), warnings will be displayed and will fail synthesis if --strict is used (@eladb in #227)

Command Line Toolkit

The toolkit now injects a special CloudFormation resource AWS::CDK::Metadata to all synthesized templates which includes library versions used in the app. This allows the CDK team to analyze usage and notify users if they use deprecated versions (@RomainMuller in [#221]).
Bug fix: Fixed "unknown command: docs" (@RomainMuller in #256)
Changed output of cdk list to just print stack names (scripting-compatible). Use cdk ls -l to print full info (@eladb in #380)

AWS EC2

BREAKING: Add the ability customize subnet configurations. Subnet allocation was changed to improve IP space efficiency. VpcNetwork instances will need to be replaced (@moofish32 in #250)
BREAKING: Renamed Fleet to AutoScalingGroup to align with service terminology (@RomainMuller in #318)

AWS Lambda

Supports runtime code via local files or directories through assets (@eladb in #405)
Support custom execution role in props (@rix0rrr in #205)
Add static metricAllConcurrentExecutions and metricAllUnreservedConcurrentExecutions which returns account/region-level metrics for all functions (@rix0rrr in #379)

AWS CloudWatch

Added Metric.grantMetricPutData which grants cloudwatch:PutData to IAM principals (@rix0rrr in #214)
Bug fix: Allow text included in dashboard widgets to include characters that require JSON-escaping (@eladb in #406).

AWS CloudWatch Logs (new)

A new construct library for AWS CloudWatch Logs with support for log groups, metric filters, and subscription filters (@rix0rrr in #307).

AWS S3

Added bucketUrl and urlForObject(key) to BucketRef (@eladb in #370)

AWS CodeBuild

Add CloudWatch metrics to BuildProject (@eladb in [#407])

AWS CodePipeline

BREAKING: Moved CodeCommit and CodeBuild and LambdaInvoke actions from the CodePipeline library to @aws-cdk/aws-xxx-codepipline modules (@skinny85 in #401 and #402).
Added attributes pipelineName and pipelineVersion (@eladb in #408)

Docs

fix: add instructions and fix Windows setup (@mpiroc in #320)
fix: show emphasis of modified code in code snippets (@eladb in #396)

0.7.3 - 2018-07-09

Highlights

Introducing Java support (see the Getting Started documentation topic for instructions on how to set up a Java project).
Introduce a new programming model for CloudWatch metrics, alarms and dashboards (see the @aws-cdk/cloudwatch documentation).
Multiple documentation improvements (open with cdk docs).

Known Issues

Missing instructions for Windows Setup (#138)
cdk docs works but a message Unknown command: docs is printed (#256)
Java: passing null behaves differently than no arguments. Workaround is to build an empty object (#157)

Changes

Introduce Java support (@eladb in #229, #245, #148, #149)
Changed the way the beta archive is structured to no longer bundle a pre-installed node_modules directory but rather only a local npm repository. This changes the setup instructions to require y-npm i -g aws-cdk to install the toolkit on the system, which is more inline with the setup experience post-beta (@RomainMuller in #161, #162 and awslabs/jsii#43).
CloudWatch (new): introduce a rich programming model for metrics, alarms and dashboards (@rix0rrr in #180, #194)
S3 (feature): add support for SSE-S3 encryption (@rix0rrr in #257)
Lambda (feature): add support for node.js 8.10 runtime (@RomainMuller in #187)
Runtime Values (fix): use allowed characters in SSM parameter name when advertising a runtime value (@eladb in #208)
SNS (docs): convert examples in README into compiled code (@rix0rrr in #107)
Toolkit (feature): introduce cdk doctor to collect information for diagnostics (@RomainMuller in #177)
Toolkit (feature): align AWS credentials behavior to AWS CLI (@RomainMuller in #175)
Toolkit (performance): cache default AWS account ID on disk (@eladb in #220)
Docs: multiple updates (@Doug-AWS in #142)
Docs: improve topic on logical IDs (@eladb in #209)
Docs: add support for code snippets in multiple tabs (@eladb in #231)
Docs: rewrote the "Getting Started" documentation topic to include step-by-step project setup details instead of using cdk-init. This is in order to improve understanding of how the CDK works when users get started (@eladb in #245)
Resource bundler: generate .d.ts (@rix0rrr in #172)

0.7.2 - 2018-06-19

Add: initial construct library for AWS Kinesis Data Streams (@sam-goodwin in #86)
Update low-level resources from CloudFormation resource specification
Update dependencies (@eladb in #119)
Fix: Adopt SDK-standard behavior when no environment is specified (@RomainMuller in #128)
Fix: Have cdk diff output render 'number' value changes (@RomainMuller in #136)

Known issues

Windows setup has not been vetted and might be broken - no workaround (#138)
If region is not defined, error message is unclear - workaround: make sure to define region when running aws configure (#131)
cdk docs opens the index instead of the welcome page - workaround: click on "Welcome" in the sidebar (#129)
The runtime values library (@aws-cdk/rtv) is broken (#151)

0.7.1 - 2018-06-15

Framework

Two-way IAM policy statement additions have been removed for S3 and SNS, because those services treat resource and identity policies as additive. KMS grants are still added on both resource and identity because KMS requires permissions set from both sides.

Toolkit

cdk init interface changed to accept the template name as a positional argument, and the language as an option. A --list option was added to allow listing available templates.
cdk-beta-npm is a wrapper to npm that executes commands with a local registry that has the CDK packages available. It should be used instead of npm for subcommands such as npm install.
CDK now respects AWS_DEFAULT_REGION environment variable if set.

0.7.0 - 2018-06-13

Framework

BREAKING: All CDK packages are non under the scope @aws-cdk (e.g. @aws-cdk/s3).
BREAKING: The jsii compiler now configures tsconfig.json to produce definition files (files with a .d.ts extension). This requires updating your existing package.json files types key to replace the .ts extension with a .d.ts extension.
Java bindings now include static methods and constants.
SecretParameter can be used to load values from the SSM parameter store during deployment and use them as Secrets.
Stack is locked for mutations during synthesis to protect against accidental changes in lazy values.
An overhaul of documentation updates, edits and improvements.

ACM

Fix: cloudFrontDefaultCertificate is mutually exclusive with acmCertificateArn.

CloudFront (new)

Added a new construct library for AWS CloudFront.

CodeBuild

Added support for specifying environment variables at the container and project levels.

CodePipeline

Fix: GitHub action "owner" changed to ThirdParty.
Removed all fluent APIs
Use "master" as the default branch for Source actions
BREAKING: AmazonS3SourceProps - renamed key to bucketKey

Custom Resources

BREAKING: Require that Lambda is referenced explicitly when defining a custom resource. SingletonLambda can be used to encapsulate the custom resource's lambda function but only have a single instance of it in the stack.

Events (new)

A new cross-stack programming model is introduced to support CloudWatch Events. Event sources implement onXxx methods for various events that can emitted by that source and event targets implement IEventRuleTarget, so they can be polymorphically added to rules.

const repo = new Repository(stack, 'MyRepo', { repositoryName: 'my-repo' });
const project = new BuildProject(stack, 'MyProject', { source: new CodeCommitSource(repo) });

const topic = new Topic(stack, 'MyTopic');
topic.subscribeEmail('Personal', 'myteam@mycompany.com');

project.onStateChange(topic);

Coverage to all event sources and target will be added in subsequent releases.

Supported targets:

codebuild.BuildProject
codepipline.Pipeline
sns.Topic

Supported sources:

CodeBuild: onStateChange, onPhaseChange, onBuildStarted, onBuildFailed, onBuildSucceeded.
CodeCommit: onEvent, onStateChange, onReferenceCreated, onReferenceUpdated, onReferenceDeleted, onPullRequestStateChange, onCommentOnPullRequest, onCommentOnCommit, onCommit.
CodePipeline: pipeline.onStateChange, stage.onStateChange, action.onStateChange.

IAM

Add CanonicalUserPrincipal
Add statementCount to PolicyDocumennt.
Extended support for FederatedPrincipal.

Lambda

Add initialPolicy prop which allows specifying a set of PolicyStatements upon definition.

S3

Added support for lifecycle rules
Add domainName and dualstackDomainName attributes

Serverless

version field of FunctionResource is now optional.

SNS

BREAKING: subscribeXxx APIs now do not require a name when possible (for queue, Lambda).
Unique SID assigned to resource policy statements.

Toolkit

cdk docs opens your browser with the bundled documentation content.
cdk init interface changed to specify --lang and --type separately.
Plug-in architecture improved.

0.6.0 - 2018-05-16

AWS Construct Libraries

The main theme for this release is the stabilization of our framework APIs and an initial set of AWS Construct Libraries.

Previously, CDK users would normally to program against the @aws-cdk/resources library which included generated classes for all CloudFormation resources. For example, the sqs.QueueResource defined the AWS::SQS::Queue CloudFormation resource.

Starting in 0.6, we recommend that users define their infrastructure using a new set of hand-crafted libraries we refer to as AWS Construct Libraries (we used to call these "Layer 2" or "L2"). These libraries include CDK constructs with rich and powerful object-oriented APIs for defining infrastructure.

For example:

const vpc = new VpcNetwork(this, 'MyVpc');

const fleet = new Fleet(this, 'MyFleet', {
    vpc, instanceType: new InstanceTypePair(InstanceClass.M4, InstanceSize.XLarge),
    machineImage: new AmazonLinuxImage()
});

const clb = new ClassicLoadBalancer(this, 'LB', {
    vpc, internetFacing: true
});

clb.addListener({ externalPort: 80 });
clb.addTarget(fleet);

Synthesizing this stack to the us-east-1 region (which has 6 availability zones) will result in a CloudFormation template that contains 72 resources of 17 different resource types.

Construct initializers now include a name

All constructs in a CDK stack must have a name unique amongst its siblings. Names are used to allocate stack-wide logical IDs for each CloudFormation resource. Prior to this release, the name of the class was implicitly used as a default name for the construct. As much as this was convenient, we realized it was misleading and potentially unsafe, since a change in a class name will result in changes to all logical IDs for all resources created within that tree, and changes to logical IDs result in resource replacement since CloudFormation cannot associate the existing resource with the new resource (this is the purpose of logical IDs in CloudFormation).

Therefore, we decided construct names deserve an explicit and prominent place in our programming model and starting from this release, they have been promoted to the 2nd argument of all initializers.

new MyConstruct(parent, name, props);

New scheme for allocating CloudFormation logical IDs

In order to ensure uniqueness of logical IDs within a stack, we need to reflect the resource's full CDK path within it's logical ID. Prior to this release, logical IDs were a simple concatenation of the path components leading up to the resource. However, this could potentially create unresolvable conflicts ("a/b/c" == "ab/c").

Since logical IDs may only use alphanumeric characters and also restricted in length, we are unable to simply use a delimited path as the logical ID. Instead IDs are allocated by concatenating a human-friendly rendition from the path (components, de-duplicate, trim) with a short MD5 hash of the delimited path:

VPCPrivateSubnet2RouteTable0A19E10E
<-----------human---------><-hash->

One exception to this scheme is resources which are direct children of the Stack. Such resources will use their name as a logical ID (without the hash). This is done to support easier migration from existing CloudFormation templates.

Renaming logical IDs to avoid destruction of resources

If you have CDK stacks deployed with persistent resources such as S3 buckets or DynamoDB tables, you may want to explicitly "rename" the new logical IDs to match your existing resources.

First, make sure you compare the newly synthesized template with any deployed stacks. cdk diff will tell you which resources will be destroyed if you deploy this update:

[-] Destroying MyTable (type: AWS::DynamoDB::Table)
[+] Creating MyTableCD117FA1 (type: AWS::DynamoDB::Table)

In order to avoid this, you can use stack.renameLogical(from, to) as follows. Note that renameLogical must be called before the resource is defined as logical IDs are allocated during initialization:

// must be before defining the table (this instanceof Stack)
this.renameLogical('MyTableCD117FA1', 'MyTable');
new dynamodb.Table(this, 'MyTable', { /* .. */ });

Now, cdk diff should indicate no differences.

All "props" types are now interfaces instead of classes

In order to improve the developer experience, we have changed the way we model construct "Props" and now they are defined as TypeScript interfaces. This has a few implications on how to use them:

In TypeScript, new XxxProps() won't work, you will have to simply assign an object literal:

new Queue(this, 'MyQueue', { visibilityTimeoutSec: 300 });

In Java, you can create a concrete object using a builder:

new Queue(this, "MyQueue", QueueProps.builder()
    .withVisibilityTimeout(300)
    .build());

A design pattern for exporting/importing resources

All AWS constructs implement a common pattern which allows treating resources defined within the current stack and existing resources to be treated via a common interface:

For example, when defining a Pipeline, you can supply an artifacts bucket.

The bucket is defined within the same stack:

const bucket = new Bucket(this, 'MyArtifactsBucket');
new Pipeline(this, 'MyCoolPipeline', { artifactsBucket: bucket });

You can also import a bucket by just specifying its name:

const bucket = Bucket.import({ bucketName: new BucketName('my-bucket') });
new Pipeline(this, 'MyCoolPipeline', { artifactsBucket: bucket });

Or you can export the bucket from another stack and import it:

// some other stack:
const bucket = new Bucket(otherStack, 'MyBucket');
const externalBucket = bucket.export();
// bucketRef contains tokens that allow you to pass it into `import`.

// my stack:
const importedBucket = Bucket.import(this, 'OtherArtifactsBucket', externalBucket);
new Pipeline(this, 'MyCoolPipeline', { artifactsBucket: importedBucket });

Region-aware APIs for working with machine images (AMIs)

The @aws-cdk/ec2 library exposes a new API for region-aware AMI discovery:

const ami = new AmazonLinuxImage({
    edition: AmazonLinuxEdition.Standard, // default
    virtualization: AmazonLinuxVirt.HVM,  // default
    storage: AmazonLinuxStorage.EBS       // default is GeneralPurpose
});

new Fleet(this, 'MyAmazonLinuxFleet', { machineImage: ami, ... });

For Windows:

const ami = new WindowsImage(WindowsVersion.WindowsServer2016EnglishNanoBase);
new Fleet(this, 'MyWindowsFleet', { machineImage: ami, ... });

Or, a mapping utility:

const ami = new GenericLinuxImage({
    'us-east-1': 'ami-62bda218',
    'eu-west-1': 'ami-773acbcc'
});

new Fleet(this, 'MySuseFleet', { machineImage: ami, ... });

A rich programming model for Code Suite services

The @aws-cdk/codebuild, @aws-cdk/codecommit and @aws-cdk/codepipeline construct libraries include rich APIs for defining continuous integration pipelines and builds.

The following code defines a pipeline with a CodeCommit source and CodeBuild build step. The pipeline is created with an artifacts bucket and a role, and least-privilege policy documents are automatically generated.

// define a CodeCommit repository
const repo = new Repository(stack, 'MyRepo', { repositoryName: 'my-repo' });

// define a pipeline with two stages ("source" and "build")
const pipeline  = new Pipeline(stack, 'Pipeline');
const sourceStage = new Stage(pipeline, 'source');
const buildStage  = new Stage(pipeline, 'build');

// associate the source stage with the code commit repository
const source = new codecommit.PipelineSource(sourceStage, 'source', {
    artifactName: 'SourceArtifact',
    repository: repo,
});

// associate the build stage with code build project
new codebuild.PipelineBuildAction(buildStage, 'build', {
    project: new BuildProject(stack, 'MyBuildProject', { source: new CodePipelineSource() },
    source
});

Inline JavaScript Lambda Functions

The @aws-cdk/lambda library includes an InlineJavaScriptLambda construct which makes it very easy to implement simple node.js Lambda functions with code inline in the CDK.

This CDK program defines an S3 Bucket and a Lambda function, and sets all the needed permissions. When the function is invoked, a file named 'myfile.txt' will be uploaded to the bucket with the text "Hello, world". The physical bucket name is passed through via the BUCKET_NAME environment variable.

const bucket = new Bucket(this, 'MyBucket');

const lambda = new InlineJavaScriptLambda(this, 'MyLambda', {
    environment: {
        BUCKET_NAME: bucket.bucketName
    },
    handler: {
        fn: (event: any, context: any, callback: any) => {
            const s3 = new require('aws-sdk').S3();

            const req = {
                Bucket: process.env.BUCKET_NAME,
                Key: 'myfile.txt',
                Body: 'Hello, world'
            };

            return s3.upload(req, (err, data) => {
                if (err) return callback(err);
                console.log(data);
                return callback();
            });
        }
    }
});

// grant the Lambda execution role read/write permissions for the bucket
// this also adds a corresponding bucket resource policy
bucket.grantReadWrite(lambda.role);

Resource and role IAM policies and grants

All AWS constructs now expose APIs for naturally adding statements to their resource or role policies. Constructs may have addToRolePolicy(statement) or addToResourcePolicy(statement) methods, which can be used to mutate the policies associated with a resource.

The statement is a PolicyStatement object with a rich API for producing IAM statements. This is an excerpt from the implementation of topic.subscribeQueue:

queue.addToResourcePolicy(new PolicyStatement()
    .addResource(queue.queueArn)
    .addAction('sqs:SendMessage')
    .addServicePrincipal('sns.amazonaws.com')
    .setCondition('ArnEquals', { 'aws:SourceArn': this.topicArn }));

The S3 bucket construct has a set of "grant" methods (grantRead, grantReadWrite) which accept a principal resource (user, role or group) and an optional key prefix pattern and will render reciprocal IAM permissions, both in the principal's policy and the bucket policy:

const reader = new User(this, 'Reader');
const bucket = new Bucket(this, 'MyBucket');
bucket.grantRead(reader);

Synthesizes to:

Resources:
  ReaderF7BF189D:
    Type: AWS::IAM::User
  ReaderDefaultPolicy151F3818:
    Type: AWS::IAM::Policy
    Properties:
      PolicyDocument:
        Statement:
        - Action: [ "s3:GetObject*", "s3:GetBucket*", "s3:List*" ]
          Effect: Allow
          Resource:
          - { "Fn::GetAtt": [ "MyBucketF68F3FF0", "Arn" ] }
          - { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "MyBucketF68F3FF0", "Arn" ] }, "/", "*" ] ] }
        Version: '2012-10-17'
      PolicyName: ReaderDefaultPolicy151F3818
      Users: [ { "Ref": "ReaderF7BF189D" } ]
  MyBucketF68F3FF0:
    Type: AWS::S3::Bucket
  MyBucketPolicyE7FBAC7B:
    Type: AWS::S3::BucketPolicy
    Properties:
      Bucket: { "Ref": "MyBucketF68F3FF0" }
      PolicyDocument:
        Statement:
        - Action: [ "s3:GetObject*", "s3:GetBucket*", "s3:List*" ]
          Effect: Allow
          Principal:
            AWS: { "Fn::GetAtt": [ "ReaderF7BF189D", "Arn" ] }
          Resource:
          - { "Fn::GetAtt": [ "MyBucketF68F3FF0", "Arn" ] }]
          - { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "MyBucketF68F3FF0", "Arn" ] }, "/", "*" ] ] }
        Version: '2012-10-17'

Security group connections framework

The @aws-cdk/ec2 library includes a rich framework for modeling security group connections between resources such as a fleet, load balancers and databases.

For example, these automatically create appropriate ingress and egress rules in both security groups:

// allow fleet1 top connect to fleet2 on port 80
fleet1.connections.allowTo(fleet2, new TcpPort(80), 'Allow between fleets');

// allow fleet3 to accept connections from a load balancer on ports 60000-65535
fleet3.connections.allowFrom(loadBalancer, new TcpPortRange(60000, 65535), 'Allow from load balancer');

Improvements to attribute classes and tokens

Remove the "Attribute" postfix from all generated attribute types. So now, it is QueueArn instead of QueueArnAttribute. "Attribute" postfix from attribute types
Simplify the initialization of Token objects (all attribute types are Tokens). They can now be either initialized with a simple value or a lazy function. This means, that now you can write new QueueArn('foo'). This is useful when importing external resources into the stack.

Improvements to the CDK Toolkit

The toolkit now outputs YAML instead of JSON by default.

Added active progress reporting for stack updates.

The diff output has been dramatically improved and provides a structure-aware diff. For example:

[~] Updating TableCD117FA1 (type: AWS::DynamoDB::Table)
        .ProvisionedThroughput:
            .WriteCapacityUnits: 10
    Creating MyQueueE6CA6235 (type: AWS::SQS::Queue)

Library for unit and integration testing

The CDK is now shipped with a library called @aws-cdk/assert which aims to make it easy to write unit and integration tests for CDK libraries and apps. The library leverages the same powerful template diff mechanism used in the toolkit to print rich descriptions.

import { expect } from '@aws-cdk/assert';

const stack = new Stack();
new Queue(stack, 'MyQueue', { visibilityTimeout: 300 });

expect(stack).to(haveResource('AWS::SQS::Queue', { VisibilityTimeout: 300 }));
expect(stack).to(countResources('AWS::SQS::Queue', 1));
expect(stack).toMatch({
    Resources: {
        MyQueue: {
            Type: 'AWS::SQS::Queue',
            Properties: {
                VisibilityTimeout: 300
            }
        }
    }
});

An initial integration testing utility is now available to allow users to implement manually executed CDK integration tests and ensure they are kept up-to-date if the code changes. This is an initial approach until we have a great way to automatically execute them during CI/CD.

Updates to the IAM policy library

The APIs in the IAM policy library have been improved and now provide a richer and more strongly-typed experience.

A class hierarchy around PolicyPrincipal was created to reflect the various principals available: AccountPrincipal, ServicePrincipal, ArnPrincipal, AccountRootPrincipal.

The Arn type now has the ability to format and parse to/from its components:

Arn.fromComponents({
    service: 'dynamodb',
    resource: 'table',
    account: '123456789012',
    region: 'us-east-1',
    partition: 'aws-cn',
    resourceName: 'mytable/stream/label'
});

// and
const bucketArn = Arn.parse('arn:aws:s3:::my_corporate_bucket')
// bucketArn === { partition: 'aws', service: 's3', resource: 'my_corporate_bucket' }

The Permission class was renamed to PolicyStatement and enriched with more strongly typed APIs.

A new library for defining custom CloudFormation resources

A library to facilitate the definition of custom CloudFormation resources and exposing them as regular CDK constructs is now shipped with the CDK.

0.5.0 - 2018-03-29

AWS Resource Constructs (L1)

All CloudFormation resource constructs are now available from the @aws-cdk/resources package under their dedicated AWS service's namespace. we have been calling these resource constructs Layer 1 (or "L1 constructs").
All resource constructs now have the Resource suffix (TableResource instead of Table). This helps differentiate them from the rich AWS constructs we are also introducing in this release.
The CloudFormation resource property "Name" is now called "xxxName" (where "xxx" is the name of the resource, like "queue") instead of "resourceName".
Updated resources based on the latest CloudFormation resource specification.

Before:

import { Pipeline } from '@aws-cdk/codepipeline';

new Pipeline(this, {
    resourceName: 'MyPipelineName'
});

After:

import { codepipeline } from '@aws-cdk/resources';

new codepipeline.PipelineResource(this, {
    pipelineName: 'MyPipelineName'
});

Framework

Introducing CDK Applets which allow instantiating specific CDK stacks using a declarative YAML syntax.
As a first step to enable diagnostics features in the toolkit, record logical ID (and stack trace) in metadata for stack elements.
Introduce a new scheme for generating CloudFormation logical IDs which adds a hash of the construct path to the generated ID to avoid ID collisions. To opt-in for the new scheme, set hashedLogicalIDs to true when creating a Stack.
Allow specifying explicit logicalID for stack elements like Resource Parameter and Output.
async exec() changed to run() and validate was changed to be a synchronous method instead of async.
Merged @aws-cdk/core into aws-cdk, which now where the core classes of the CDK framework live.
The Runtime Values library, which was under @aws-cdk/rtv is now @aws-cdk/rtv.
Bugfix: Tags could not be used because they failed validation.
Bugfix: Allow "-" in stack names.

Toolkit

The toolkit is now called CDK Toolkit instead of "cx Toolkit". This means that the cx command-command line program is now called cdk.
Added support large CloudFormation templates using a "toolkit stack" which contains an S3 bucket. This approach may be extended to provide other environment-related facilities in the future and requires that users "bootstrap" the toolkit stack into their environments. The current behavior will not require this stack unless you are trying to deploy a large template.
It is now possible to synthesize all stacks into a directory.
Allow using globs in cdk deploy to select multiple stacks.
Default account ID lookup result is now cached.
Better error messages.
Improve deploy output.
Bugfix: Better error message when the app has no stacks.
Bugfix: Distinguish actual "stack missing" from "no credentials".
Bugfix: Delete stack in unrecoverable state.
Bugfix: Fix an issue where 'deploy' fails because subsequent invocations use the same argument array.
Bugfix: prevent crash if ~/.aws/config doesn't exist.

Documentation and Examples

Implemented a few advanced examples These examples show how to use IAM policies, environmental context, template inclusion, nested stacks, resource references and using various CloudFormation semantics in the CDK

0.4.0 - 2018-03-05

New Features

Environments - this version extends the fidelity of a CDK deployment target from only region to region + account, also referred to as an environment. This allows modeling complete apps that span multiple accounts/regions. To preserve the current behavior, if region/account is not specified, the CDK will default to the AWS SDK region/credential provider chain (~/.aws/config). We will add support for AWS SDK Profiles in a future release. See the Environments section of the CDK README for details).
Environmental Context (such as availability zones and SSM parameters) - there are use-cases where CDK stacks need to consult with account and region-specific information when they are synthesized (we call this information "environmental context"). For example, the set of supported availability zones is specific to account and region; the specific ID of certain public AMIs (Amazon Machine Image IDs) as published to the SSM parameter store is specific to each region. See the Environmental Context section in the CDK README for details .
Runtime Values - a new mechanism for advertising values such as resource attributes and constants from construction-time to runtime code via the SSM parameter store. See the Runtime Values section in the CDK README for details.
Construct Validation - it is now possible to implement a method validate(): string[] for any construct at any layer. Validation methods are all executed before a stack is synthesized and provide an opportunity for constructs to implement validation logic. See the Construct Validation section in the CDK README for details.
User-specific cx.json - the toolkit will now incorporate settings from ~/.cx.json. This allows users to supply user-specific settings. Note this file is applied before the project-specific cx.json file is applied.
IAM Library Improvements - allow creating IAM documents with a base document, a new class AssumeRolePolicyDocument, allow specifying multiple actions when creating a Permission ob object.
stack.findResource(logicalId) - allows retriving a resource object from a stack based on it's calculated logical ID.
Windows AMIs are read from SSM parameter store.

Bug Fixes

cx Toolkit returns a non-zero exit code when an error occurs.
Retain original names of CloudFormation properties instead of auto-capitalizing based on heuristics, which caused some unexpected behavior in certain scenarios.
CAPABILITY_NAMED_IAM was added to "cx deploy" by default.

0.3.0 - 2018-01-30

Highlights

Java support:

class HelloJavaStack extends Stack {
    public HelloJavaStack(final Construct parent, final StackProps props) {
        super(parent, props);

        VpcNetwork vpc = new VpcNetwork(this);

        new Fleet(this, new FleetProps()
                .withVpcSubnetwork(vpc.getPrivateSubnetwork())
                .withInstanceType(new InstanceType("t2.micro"))
                .withMachineImage(new WindowsMachineImage(0)));
    }
}

cx Toolkit now supports standard AWS credentials.
CloudFormation pseudo parameters and intrinsic functions are now implemented as normal classes (AwsRegion, AwsStackId, FnConcat) instead of static methods. We might introduce functional sugar at a later stage, but at the lower-level, we want to represent both intrinsic functions and pseudo parameters as classes so we can model their relationship more accurately. For example, all pseudo parameters extend PseudoParameter, all functions extends the Fn, all condition functions extend FnCondition, etc.

Before:

Fn.if_(Fn.equals(param.ref, 'True'), 'Encrypted', Pseudo.NO_VALUE)

After:

new FnIf(Fn.equals(param.ref, 'True'), 'Encrypted', new AwsNoValue())

CloudFormation template options (templateFormatVersion, description and transform) are now grouped under Stack.templateOptions instead of directly under Stack.

Before:

stack.description = 'This is my awesome template'

After:

stack.templateOptions.description = 'This is my awesome template'

Known Issues

Stack names are limited to alphanumeric characters, so it won't be possible to set stack names to match existing deployed stacks. As a workaround you can use cx --rename to specify the actual stack name to use for diff or deploy. Thanks rmuller@ for reporting.
When synthesizing templates, we transform all JSON keys to pascal case to conform with CloudFormation standards, but this also affects JSON blobs that are not CloudFormation such as IAM documents or environment variables.

Non-breaking Changes

Added support for CloudFormation Rules.
Cloud Executable Interface (CXI): changed semantics from "construct" to "synthesize" (backwards compatible).
Tokens: improve error reporting when unable to resolve tokens.

0.2.0 - 2017-12-07

Highlights

Construct Names

The initializer signature for constructs has changed and is now: new Construct(parent[, props]), where props is may include an optional name property ("id" is now called "name").
If name is not specified, the type name is used as the name. This will only be allowed when there is a single construct of a certain type under a parent.
If a parent has more than a single child of the same type, all children must have an explicit names to avoid ambiguity when generating CloudFormation logical IDs.
JSX support updated to use name instead of id when producing construct trees.

Before:

new BeautifulConstruct(this, 'MyBeautifulConstruct', { ...props })

After:

new BeautifulConstruct(this) // use defaults
new BeautifulConstruct(this, { ...props })
// or
new BeautifulConstruct(this, { name: 'MyBeautifulConstruct', ...props })

Resource Attribute Types

CloudFormation resource attribute properties now return a specialized type per attribute. For example, the sqs.queueArn property returns a QueueArnAttribute object instead of a Token.
The Attribute and ArnAttribute classes extend Token and used as base classes for attribute types.
Resource names are now added as a prefix to attribute properties (queueArn instead of arn). This is required for future support for duck-typing and polymorphic use of resources of multiple types via a single container.

Before:

const t = new aws.dynamodb.Table(this);
assert(t.arn instanceof Token);

After:

const t = new aws.dynamodb.Table(this);
assert(t.tableArn instanceOf TableArnAttribute);
assert(t.tableArn instanceOf ArnAttribute);
assert(t.tableArn instanceOf Token);

Construct Metadata

Constructs can now have metadata entries attached to them via addMetadata(type,data).
Each entry will also include the stack trace from which the entry was added, which will later be used to improve the diagnosability of deployment errors.
Stack metadata can be obtained using cx-Toolkit via cx metadata.
construct.addWarning(msg) attaches a "warning" metadata entry to a construct, which is displayed as a warning when synthesizing or deploying the stack.
cx-Toolkit will show warnings upon synthesis also supports --strict mode which will refuse to deploy stacks with warnings.

Example:

const c = new Construct(this);
c.addWarning('this is a warning');
c.addMetadata('type', 'data');

$ cx metadata
{
  "/Stack/Construct": [
    {
      "type": "type",
      "data": "data",
      "trace": [ ... ]
    },
    {
      "type": "warning",
      "data": "this is a warning",
      "trace": [ ... ]
    }
  ]
}

$ cx synth
Warning: this is a warning (at /Stack/Construct)
...

Resource Enrichments

Replaced topic.subscribeToXxx with topic.subscribe(target) where target is anything that adheres to the SubscriptionTarget interface (technically it's an abstract class because jsii doesn't support interfaces yet).
Removed function.addExecutionRole() - an execution role is automatically created when invoking function.addPermission(p).

Tokens

The evaluate method is now called resolve.

CX Toolkit Usability Improvements

If an app contains a single stack, no need to specify the stack name.
synth --interactive (or synth --interactive --verbose) now displays real-time updates of a template's contents. Really nice for fast iteration;
The toolkit now reads cx.json for default arguments. Very useful, for example, to remove the need to specify --app in every invocation.