integ-tests

The APIs of higher level constructs in this module are experimental and under active development. They are subject to non-backward compatible changes or removal in any future version. These are not subject to the Semantic Versioning model and breaking changes will be announced in the release notes. This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.

Overview

This library is meant to be used in combination with the integ-runner CLI to enable users to write and execute integration tests for AWS CDK Constructs.

An integration test should be defined as a CDK application, and there should be a 1:1 relationship between an integration test and a CDK application.

So for example, in order to create an integration test called my-function we would need to create a file to contain our integration test application.

test/integ.my-function.ts

const app = new App();
const stack = new Stack();
new lambda.Function(stack, 'MyFunction', {
  runtime: lambda.Runtime.NODEJS_LATEST,
  handler: 'index.handler',
  code: lambda.Code.fromAsset(path.join(__dirname, 'lambda-handler')),
});

This is a self contained CDK application which we could deploy by running

cdk deploy --app 'node test/integ.my-function.js'

In order to turn this into an integration test, all that is needed is to use the IntegTest construct.

declare const app: App;
declare const stack: Stack;
new IntegTest(app, 'Integ', { testCases: [stack] });

You will notice that the stack is registered to the IntegTest as a test case. Each integration test can contain multiple test cases, which are just instances of a stack. See the Usage section for more details.

Usage

IntegTest

Suppose you have a simple stack, that only encapsulates a Lambda function with a certain handler:

interface StackUnderTestProps extends StackProps {
  architecture?: lambda.Architecture;
}

class StackUnderTest extends Stack {
  constructor(scope: Construct, id: string, props: StackUnderTestProps) {
    super(scope, id, props);

    new lambda.Function(this, 'Handler', {
      runtime: lambda.Runtime.NODEJS_LATEST,
      handler: 'index.handler',
      code: lambda.Code.fromAsset(path.join(__dirname, 'lambda-handler')),
      architecture: props.architecture,
    });
  }
}

You may want to test this stack under different conditions. For example, we want this stack to be deployed correctly, regardless of the architecture we choose for the Lambda function. In particular, it should work for both ARM_64 and X86_64. So you can create an IntegTestCase that exercises both scenarios:

interface StackUnderTestProps extends StackProps {
  architecture?: lambda.Architecture;
}

class StackUnderTest extends Stack {
  constructor(scope: Construct, id: string, props: StackUnderTestProps) {
    super(scope, id, props);

    new lambda.Function(this, 'Handler', {
      runtime: lambda.Runtime.NODEJS_LATEST,
      handler: 'index.handler',
      code: lambda.Code.fromAsset(path.join(__dirname, 'lambda-handler')),
      architecture: props.architecture,
    });
  }
}

// Beginning of the test suite
const app = new App();

new IntegTest(app, 'DifferentArchitectures', {
  testCases: [
    new StackUnderTest(app, 'Stack1', {
      architecture: lambda.Architecture.ARM_64,
    }),
    new StackUnderTest(app, 'Stack2', {
      architecture: lambda.Architecture.X86_64,
    }),
  ],
});

This is all the instruction you need for the integration test runner to know which stacks to synthesize, deploy and destroy. But you may also need to customize the behavior of the runner by changing its parameters. For example:

const app = new App();

const stackUnderTest = new Stack(app, 'StackUnderTest', /* ... */);

const stack = new Stack(app, 'stack');

const testCase = new IntegTest(app, 'CustomizedDeploymentWorkflow', {
  testCases: [stackUnderTest],
  diffAssets: true,
  stackUpdateWorkflow: true,
  cdkCommandOptions: {
    deploy: {
      args: {
        requireApproval: RequireApproval.NEVER,
        json: true,
      },
    },
    destroy: {
      args: {
        force: true,
      },
    },
  },
});

IntegTestCaseStack

In the majority of cases an integration test will contain a single IntegTestCase. By default when you create an IntegTest an IntegTestCase is created for you and all of your test cases are registered to this IntegTestCase. The IntegTestCase and IntegTestCaseStack constructs are only needed when it is necessary to defined different options for individual test cases.

For example, you might want to have one test case where diffAssets is enabled.

declare const app: App;
declare const stackUnderTest: Stack;
const testCaseWithAssets = new IntegTestCaseStack(app, 'TestCaseAssets', {
  diffAssets: true,
});

new IntegTest(app, 'Integ', { testCases: [stackUnderTest, testCaseWithAssets] });

Assertions

This library also provides a utility to make assertions against the infrastructure that the integration test deploys.

There are two main scenarios in which assertions are created.

• Part of an integration test using integ-runner

In this case you would create an integration test using the IntegTest construct and then make assertions using the assert property. You should not utilize the assertion constructs directly, but should instead use the methods on IntegTest.assertions.

declare const app: App;
declare const stack: Stack;

const integ = new IntegTest(app, 'Integ', { testCases: [stack] });
integ.assertions.awsApiCall('S3', 'getObject');

By default an assertions stack is automatically generated for you. You may however provide your own stack to use.

declare const app: App;
declare const stack: Stack;
declare const assertionStack: Stack;

const integ = new IntegTest(app, 'Integ', { testCases: [stack], assertionStack: assertionStack });
integ.assertions.awsApiCall('S3', 'getObject');

• Part of a normal CDK deployment

In this case you may be using assertions as part of a normal CDK deployment in order to make an assertion on the infrastructure before the deployment is considered successful. In this case you can utilize the assertions constructs directly.

declare const myAppStack: Stack;

new AwsApiCall(myAppStack, 'GetObject', {
  service: 'S3',
  api: 'getObject',
});

DeployAssert

Assertions are created by using the DeployAssert construct. This construct creates it's own Stack separate from any stacks that you create as part of your integration tests. This Stack is treated differently from other stacks by the integ-runner tool. For example, this stack will not be diffed by the integ-runner.

DeployAssert also provides utilities to register your own assertions.

declare const myCustomResource: CustomResource;
declare const stack: Stack;
declare const app: App;

const integ = new IntegTest(app, 'Integ', { testCases: [stack] });
integ.assertions.expect(
  'CustomAssertion',
  ExpectedResult.objectLike({ foo: 'bar' }),
  ActualResult.fromCustomResource(myCustomResource, 'data'),
);

In the above example an assertion is created that will trigger a user defined CustomResource and assert that the data attribute is equal to { foo: 'bar' }.

API Calls

A common method to retrieve the "actual" results to compare with what is expected is to make an API call to receive some data. This library does this by utilizing CloudFormation custom resources which means that CloudFormation will call out to a Lambda Function which will make the API call.

HttpApiCall

Using the HttpApiCall will use the node-fetch JavaScript library to make the HTTP call.

This can be done by using the class directory (in the case of a normal deployment):

declare const stack: Stack;

new HttpApiCall(stack, 'MyAsssertion', {
  url: 'https://example-api.com/abc',
});

Or by using the httpApiCall method on DeployAssert (when writing integration tests):

declare const app: App;
declare const stack: Stack;
const integ = new IntegTest(app, 'Integ', {
  testCases: [stack],
});
integ.assertions.httpApiCall('https://example-api.com/abc');

AwsApiCall

Using the AwsApiCall construct will use the AWS JavaScript SDK to make the API call.

This can be done by using the class directory (in the case of a normal deployment):

declare const stack: Stack;

new AwsApiCall(stack, 'MyAssertion', {
  service: 'SQS',
  api: 'receiveMessage',
  parameters: {
    QueueUrl: 'url',
  },
});

Or by using the awsApiCall method on DeployAssert (when writing integration tests):

declare const app: App;
declare const stack: Stack;
const integ = new IntegTest(app, 'Integ', {
  testCases: [stack],
});
integ.assertions.awsApiCall('SQS', 'receiveMessage', {
  QueueUrl: 'url',
});

You must specify the service and the api when using The AwsApiCall construct. The service is the name of an AWS service, in one of the following forms:

• An AWS SDK for JavaScript v3 package name (@aws-sdk/client-api-gateway)
• An AWS SDK for JavaScript v3 client name (api-gateway)
• An AWS SDK for JavaScript v2 constructor name (APIGateway)
• A lowercase AWS SDK for JavaScript v2 constructor name (apigateway)

The api is the name of an AWS API call, in one of the following forms:

• An API call name as found in the API Reference documentation (GetObject)
• The API call name starting with a lowercase letter (getObject)
• The AWS SDK for JavaScript v3 command class name (GetObjectCommand)

By default, the AwsApiCall construct will automatically add the correct IAM policies to allow the Lambda function to make the API call. It does this based on the service and api that is provided. In the above example the service is SQS and the api is receiveMessage so it will create a policy with Action: 'sqs:ReceiveMessage.

There are some cases where the permissions do not exactly match the service/api call, for example the S3 listObjectsV2 api. In these cases it is possible to add the correct policy by accessing the provider object.

declare const app: App;
declare const stack: Stack;
declare const integ: IntegTest;

const apiCall = integ.assertions.awsApiCall('S3', 'listObjectsV2', {
  Bucket: 'mybucket',
});

apiCall.provider.addToRolePolicy({
  Effect: 'Allow',
  Action: ['s3:GetObject', 's3:ListBucket'],
  Resource: ['*'],
});

When executing waitForAssertion(), it is necessary to add an IAM policy using waiterProvider.addToRolePolicy(). Because IApiCall does not have a waiterProvider property, you need to cast it to AwsApiCall.

declare const integ: IntegTest;

const apiCall = integ.assertions.awsApiCall('S3', 'listObjectsV2', {
  Bucket: 'mybucket',
}).waitForAssertions() as AwsApiCall;

apiCall.waiterProvider?.addToRolePolicy({
  Effect: 'Allow',
  Action: ['s3:GetObject', 's3:ListBucket'],
  Resource: ['*'],
});

Note that addToRolePolicy() uses direct IAM JSON policy blobs, not a iam.PolicyStatement object like you will see in the rest of the CDK.

EqualsAssertion

This library currently provides the ability to assert that two values are equal to one another by utilizing the EqualsAssertion class. This utilizes a Lambda backed CustomResource which in tern uses the Match utility from the @aws-cdk/assertions library.

declare const app: App;
declare const stack: Stack;
declare const queue: sqs.Queue;
declare const fn: lambda.IFunction;

const integ = new IntegTest(app, 'Integ', {
  testCases: [stack],
});

integ.assertions.invokeFunction({
  functionName: fn.functionName,
  invocationType: InvocationType.EVENT,
  payload: JSON.stringify({ status: 'OK' }),
});

const message = integ.assertions.awsApiCall('SQS', 'receiveMessage', {
  QueueUrl: queue.queueUrl,
  WaitTimeSeconds: 20,
});

message.assertAtPath('Messages.0.Body', ExpectedResult.objectLike({
  requestContext: {
    condition: 'Success',
  },
  requestPayload: {
    status: 'OK',
  },
  responseContext: {
    statusCode: 200,
  },
  responsePayload: 'success',
}));

Match

integ-tests also provides a Match utility similar to the @aws-cdk/assertions module. Match can be used to construct the ExpectedResult. While the utility is similar, only a subset of methods are currently available on the Match utility of this module: arrayWith, objectLike, stringLikeRegexp and serializedJson.

declare const message: AwsApiCall;

message.expect(ExpectedResult.objectLike({
  Messages: Match.arrayWith([
    {
      Payload: Match.serializedJson({ key: 'value' }),
    },
    {
      Body: {
        Values: Match.arrayWith([{ Asdf: 3 }]),
        Message: Match.stringLikeRegexp('message'),
      },
    },
  ]),
}));

Examples

Invoke a Lambda Function

In this example there is a Lambda Function that is invoked and we assert that the payload that is returned is equal to '200'.

declare const lambdaFunction: lambda.IFunction;
declare const app: App;

const stack = new Stack(app, 'cdk-integ-lambda-bundling');

const integ = new IntegTest(app, 'IntegTest', {
  testCases: [stack],
});

const invoke = integ.assertions.invokeFunction({
  functionName: lambdaFunction.functionName,
});
invoke.expect(ExpectedResult.objectLike({
  Payload: '200',
}));

The above example will by default create a CloudWatch log group that's never expired. If you want to configure it with custom log retention days, you need to specify the logRetention property.

import * as logs from 'aws-cdk-lib/aws-logs';

declare const lambdaFunction: lambda.IFunction;
declare const app: App;

const stack = new Stack(app, 'cdk-integ-lambda-bundling');

const integ = new IntegTest(app, 'IntegTest', {
  testCases: [stack],
});

const invoke = integ.assertions.invokeFunction({
  functionName: lambdaFunction.functionName,
  logRetention: logs.RetentionDays.ONE_WEEK,
});

Make an AWS API Call

In this example there is a StepFunctions state machine that is executed and then we assert that the result of the execution is successful.

declare const app: App;
declare const stack: Stack;
declare const sm: IStateMachine;

const testCase = new IntegTest(app, 'IntegTest', {
  testCases: [stack],
});

// Start an execution
const start = testCase.assertions.awsApiCall('StepFunctions', 'startExecution', {
  stateMachineArn: sm.stateMachineArn,
});

// describe the results of the execution
const describe = testCase.assertions.awsApiCall('StepFunctions', 'describeExecution', {
  executionArn: start.getAttString('executionArn'),
});

// assert the results
describe.expect(ExpectedResult.objectLike({
  status: 'SUCCEEDED',
}));

Chain ApiCalls

Sometimes it may be necessary to chain API Calls. Since each API call is its own resource, all you need to do is add a dependency between the calls. There is an helper method next that can be used.

declare const integ: IntegTest;

integ.assertions.awsApiCall('S3', 'putObject', {
  Bucket: 'amzn-s3-demo-bucket',
  Key: 'my-key',
  Body: 'helloWorld',
}).next(integ.assertions.awsApiCall('S3', 'getObject', {
  Bucket: 'amzn-s3-demo-bucket',
  Key: 'my-key',
}));

Wait for results

A common use case when performing assertions is to wait for a condition to pass. Sometimes the thing that you are asserting against is not done provisioning by the time the assertion runs. In these cases it is possible to run the assertion asynchronously by calling the waitForAssertions() method.

Taking the example above of executing a StepFunctions state machine, depending on the complexity of the state machine, it might take a while for it to complete.

declare const app: App;
declare const stack: Stack;
declare const sm: IStateMachine;

const testCase = new IntegTest(app, 'IntegTest', {
  testCases: [stack],
});

// Start an execution
const start = testCase.assertions.awsApiCall('StepFunctions', 'startExecution', {
  stateMachineArn: sm.stateMachineArn,
});

// describe the results of the execution
const describe = testCase.assertions.awsApiCall('StepFunctions', 'describeExecution', {
  executionArn: start.getAttString('executionArn'),
}).expect(ExpectedResult.objectLike({
  status: 'SUCCEEDED',
})).waitForAssertions();

When you call waitForAssertions() the assertion provider will continuously make the awsApiCall until the ExpectedResult is met. You can also control the parameters for waiting, for example:

declare const testCase: IntegTest;
declare const start: IApiCall;

const describe = testCase.assertions.awsApiCall('StepFunctions', 'describeExecution', {
  executionArn: start.getAttString('executionArn'),
}).expect(ExpectedResult.objectLike({
  status: 'SUCCEEDED',
})).waitForAssertions({
  totalTimeout: Duration.minutes(5),
  interval: Duration.seconds(15),
  backoffRate: 3,
});

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

1.204.0 (2023-06-15)

Features

• cfnspec: cloudformation spec v124.0.0 (#25752) (9fb7b95)
• cfnspec: cloudformation spec v124.0.0 (#25809) (203164b)
• cfnspec: cloudformation spec v125.0.0 (#25833) (069d68e)

1.203.0 (2023-05-31)

Features

• cfnspec: cloudformation spec v123.0.0 (#25648) (f9f4541)

1.202.0 (2023-05-19)

Features

• cfnspec: cloudformation spec v122.0.0 (#25567) (e3ffafd)

Bug Fixes

• eks: overly permissive trust policies (#25580) (0251d9a). We would like to thank @twelvemo and @stefreak for reporting this issue.

1.201.0 (2023-05-10)

1.200.0 (2023-04-26)

Bug Fixes

• pipelines: CodeBuild Action role can be assumed by too many identities (#25318) (8ceae2e)

1.199.0 (2023-04-19)

Features

• cfnspec: cloudformation spec v117.0.0 (#24778) (9e1dc5a)
• cfnspec: cloudformation spec v117.0.0 (#24818) (225f8c0)
• cfnspec: cloudformation spec v118.1.0 (#24887) (cdd531e)

Bug Fixes

• lambda-nodejs: pnpm no longer supports nodejs14.x (backport #24821) (#24829) (e8e4d83)

1.198.1 (2023-03-28)

Bug Fixes

• lambda-nodejs: pnpm no longer supports nodejs14.x (backport #24821) (#24829) (7c40f42)

1.198.0 (2023-03-22)

Bug Fixes

• WAFv2: add patch to revert struct names (#24703) (e03d8b8), closes /github.com/aws/aws-cdk/commit/affe040c8443be074822254d1e75a28b264cd801#diff-827a2fd012e049c7ccedffa0360c12e7d967a173f36b8150de73ef6adc42ee4cL175-L357

1.197.0 (2023-03-14)

1.196.0 (2023-03-08)

1.195.0 (2023-03-02)

1.194.0 (2023-02-21)

1.193.0 (2023-02-15)

1.192.0 (2023-02-09)

Features

• cfnspec: cloudformation spec v109.0.0 (#23967) (151570b)
• cfnspec: cloudformation spec v109.0.0 (#23983) (90f4b5d)

1.191.0 (2023-01-31)

Features

• cfnspec: cloudformation spec v109.0.0 (#23867) (77c1980)

1.190.0 (2023-01-25)

Features

• cfnspec: cloudformation spec v107.0.0 (#23749) (1875220)
• cfnspec: cloudformation spec v108.0.0 (#23768) (b39b089)
• cfnspec: cloudformation spec v108.0.0 (#23809) (613ec61)

Bug Fixes

• cfnspec: incorrectly handling array result from jsondiff (backport #23795) (#23800) (ee911ec)

1.189.0 (2023-01-18)

Features

• cfnspec: cloudformation spec v107.0.0 (#23699) (b699490)

1.188.0 (2023-01-11)

Features

• cfnspec: cloudformation spec v106.0.0 (#23585) (12eb81a)

1.187.0 (2023-01-03)

Features

• cfnspec: cloudformation spec v105.0.0 (#23502) (c0ac7be)

1.186.1 (2022-12-30)

Features

• cfnspec: cloudformation spec v105.0.0 (#23502) (e6a8943)

1.186.0 (2022-12-28)

1.185.0 (2022-12-27)

Features

• cfnspec: cloudformation spec v103.0.0 (#23451) (865d094)

1.184.1 (2022-12-23)

Bug Fixes

• cfnspec: v101.0.0 introduced specific types on several types that previously were typed as json

1.184.0 (2022-12-21)

Features

• cfnspec: cloudformation spec v102.0.0 (#23373) (f5bc48f)

1.183.0 (2022-12-14)

Features

• cfnspec: cloudformation spec v100.0.0 (#23241) (084b037)
• cfnspec: cloudformation spec v101.0.0 (#23295) (7f1e5c4)

1.182.0 (2022-12-07)

Features

• cfnspec: cloudformation spec v99.0.0 (#23006) (c510416)
• lambda-go: allow configuration of GOPROXY (#23257) (67103d9), closes #23171

Bug Fixes

• cli: typescript init templates fail with error in build step (#23130) (b06cd20)

1.181.1 (2022-11-29)

Bug Fixes

• cli: typescript init templates fail with error in build step (#23130) (c04f158)

1.181.0 (2022-11-18)

Bug Fixes

• iam: oidc provider fetches leaf certificate thumbprint instead of root (#22924) (b01adb5)

1.180.0 (2022-11-01)

1.179.0 (2022-10-27)

Features

• cfnspec: cloudformation spec v93.0.0 (#22564) (ba3d91d)
• cfnspec: cloudformation spec v94.0.0 (#22600) (f70af26)
• cfnspec: cloudformation spec v94.0.0 (#22648) (390ee7c)

1.178.0 (2022-10-20)

1.177.0 (2022-10-13)

Features

• cfnspec: cloudformation spec v92.0.0 (#22436) (1264590)

1.176.0 (2022-10-06)

Features

• cfnspec: cloudformation spec v91.0.0 (#22303) (c1f9bf4)

Bug Fixes

• change Node 10 to 14 everywhere (#22289) (8b0757e)

1.175.0 (2022-09-28)

Features

• cfnspec: cloudformation spec v89.0.0 (#22231) (a3cecaf)

1.174.0 (2022-09-21)

Features

• cfnspec: cloudformation spec v89.0.0 (#22106) (71cf218)

1.173.0 (2022-09-15)

Features

• cfnspec: cloudformation spec v88.0.0 (#22027) (311bb37)

1.172.0 (2022-09-07)

1.171.0 (2022-08-31)

1.170.1 (2022-08-30)

Bug Fixes

• python: NameError: name 'SubnetSelection' is not defined (#21790) (eaaba39), closes #21790

1.170.0 (2022-08-25)

Features

• cfnspec: cloudformation spec v85.0.0 (#21680) (c6776f2)

Bug Fixes

• ecs: firelens configFileValue is unnecessarily required (backport #20636) (#21710) (e2c48da)

1.169.0 (2022-08-17)

Features

• cfnspec: cloudformation spec v84.0.0 (#21575) (4ac307e)

1.168.0 (2022-08-09)

Features

• cfnspec: cloudformation spec v82.0.0 (#21472) (d97f314)
• cfnspec: cloudformation spec v83.0.0 (#21499) (bebc7c5)

1.167.0 (2022-08-02)

1.166.1 (2022-07-29)

Bug Fixes

• Revert to `jsii-pacmak@1.62.0` as dynamic runtime type-checking it introduced for Python results in incorrect code being produced.

1.166.0 (2022-07-28)

Features

• cfnspec: cloudformation spec v81.1.0 (#21308) (2443310)

Bug Fixes

• aws-lambda: FunctionUrl incorrectly uses Alias ARNs (#21351) (9f34d60)

1.165.0 (2022-07-19)

Features

• cfnspec: cloudformation spec v81.0.0 (#21195) (63117b4)

Bug Fixes

• integration test for appsync apikey auth fails with out of bound API key expiration (backport #21198) (#21204) (0134d87)

1.164.0 (2022-07-15)

Features

• cfnspec: cloudformation spec v79.0.0 (#21054) (536f5ee)
• cfnspec: cloudformation spec v80.0.0 (#21160) (92ce250)

Bug Fixes

• cli: pin geonamescache dependency to 1.3 (#21152) (10f4304)
• ec2: deprecated SubnetType enums are treated incorrectly (backport #21140) (#21141) (683298e)

1.163.2 (2022-07-13)

Bug Fixes

• custom-resources: Custom resource provider framework not passing ResponseURL to user function (backport #21117) (#21123) (6f81702)

1.163.1 (2022-07-08)

Bug Fixes

• custom-resources: Custom resource provider framework not passing ResponseURL to user function (#21065) (fca40af), closes #21058

1.163.0 (2022-07-06)

Features

• cfnspec: cloudformation spec v78.1.0 (#20951) (20f5fa4)

Bug Fixes

• custom resources log sensitive ResponseURL field (#20976) (8ac9540), closes #20899

1.162.0 (2022-07-01)

1.161.0 (2022-06-22)

Features

• cfnspec: cloudformation spec v76.0.0 (#20725) (ae1213f)

1.160.0 (2022-06-14)

⚠ Removal of Node 12

• Starting with this release, Node 12 is no longer supported and customers should upgrade to Node 14, 16, or 18.

Features

• cfnspec: cloudformation spec v75.0.0 (#20615) (0a13e09)

Bug Fixes

• lambda: deprecate Python3.6 (#19988) (9602229), closes #20085

Miscellaneous Chores

• deps: npm-check-updates && yarn upgrade (#20684) (e661fe9)

1.159.0 (2022-06-02)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• core: so this PR attempts to smooth a rough edge by "locking" the logicalId when exportValue is called. If the user attempts to override the id after that point, an error message will be thrown

Features

• cfnspec: cloudformation spec v73.1.0 (#20587) (419fdae)
• cognito: OpenID Connect identity provider (#20241) (33acc7c)
• integ-runner: publish integ-runner cli (#20477) (7779531)
• lambda: add insights version 1.0.135.0 (#19588) (68761dc), closes /docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Lambda-Insights-extension-versionsx86-64.html#Lambda-Insights-extension-1 /docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Lambda-Insights-extension-versionsARM.html#Lambda-Insights-extension-ARM-1
• s3: adds objectSizeLessThan property for s3 lifecycle rule (#20429) (2bf30df), closes #20425 #20372

Bug Fixes

• core: logicalId is consumed prior to being overridden (#20560) (e44c2c4), closes #14335
• ecr-assets: cannot build ARM images using modern stack synthesis (#20563) (9a23575), closes #20439
• ecs: canContainersAccessInstanceRole is ignored when passed in AsgCapacityProvider constructor (#20522) (dacefd6), closes #20293 #20293
• ecs: fix typo from fromServiceAtrributes to fromServiceAttributes (#20456) (f4439ce), closes #20458
• events-targets: EventBus IAM statements are only added for the first target (#20479) (74318c7), closes #19407
• iam: referencing the same immutable role twice makes it mutable (#20497) (264c02e), closes #7255
• integ-runner: catch snapshot errors, treat --from-file as command-line (#20523) (cedfde8)
• integ-runner: don't throw error if tests pass (#20511) (c274c2f), closes #20384
• lambda: function version ignores layer version changes (#20150) (f19ecef), closes #19098
• Default username in RoleSessionName (#20188) (b7bc10c), closes #19401 #7937 #19401

1.158.0 (2022-05-27)

Features

• apprunner: VpcConnector construct (#20471) (5052191)
• aws-ecr-assets: support the --platform option when building docker images (#20439) (adc0368), closes #12472 #16770 #16858
• lambda: validate function description length (#20476) (de027e2), closes #20475
• s3: adds objectSizeGreaterThan property for s3 lifecycle rule (#20425) (23690e4), closes #20372
• servicecatalog: ProductStackHistory can retain old ProductStack iterations (#20244) (1037b8c)

Bug Fixes

• core: NestedStack defaultChild is undefined (#20450) (0a49927), closes #11221
• iam: Role policies cannot grow beyond 10k (#20400) (75bfce7), closes #19276 #19939 #19835
• integ-runner: always resynth on deploy (#20508) (7138057)
• integ-tests: DeployAssert should be private (#20466) (0f52813)
• lambda: Fix typo in public subnet warning (#20470) (85f4e29)
• pipelines: too many CodeBuild steps inflate policy size (#20396) (f334060), closes #20189 #19276 #19939 #19835
• s3-deployment: default role does not get PutAcl permissions on… (#20492) (3e6ec5c)

1.157.0 (2022-05-20)

Features

• cfnspec: cloudformation spec v69.0.0 (#20240) (e82b63f) and (#20331) (e9de4e9)
• cfnspec: cloudformation spec v72.0.0 (#20357) (c8fd84c)
• cli: make ecr images immutable when created from cdk bootstrap (#19937) (0ef4bb4), closes #18376
• cloud9: configure Connection Type of Ec2Environment (#20250) (01708bc), closes #17027
• cloudfront: REST API origin (#20335) (f7693e3)
• cognito: grant() for user pool (#20285) (10d13e4)
• core: allow disabling of LogicalID Metadata in case of large manifest (#20433) (88ea829), closes #20211
• ec2: more router types (#20151) (33b983c), closes #19057 /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-route.html#aws-resource-ec2
• iam: validate role path at build time (#16165) (65a5a46), closes #13747
• integ-tests: enhancements to integ-tests (#20180) (3ff3fb7)
• logs: additional log retention periods (#20347) (734faa5), closes #20346
• s3: add noncurrentVersionsToRetain property to lifecycle rule (#20348) (85604d9), closes #19784

Bug Fixes

• amplify: custom headers break with tokens (#20395) (765f441)
• apigateway: arnForExecuteApi fails on tokenized path (#20323) (f7732a1), closes #20252
• assets: parallel docker image publishing fails on macOS (#20117) (a58a803), closes #20116
• cfn-include: allow CFN Functions in Tags (#19923) (4df9a4f), closes #16889
• cli: allow SSO profiles to be used as source profiles (#20340) (a0b29e9), closes #19897
• cloudwatch-actions: stack partition is hardcoded 'aws' in action arn (#20224) (0eb6c3b), closes #19765
• eks: Cluster.FromClusterAttributes ignores KubectlLambdaRole (#20373) (7e824ab), closes #20008
• iam: AccountPrincipal accepts values which aren't account IDs (#20292) (d0163f8), closes #20288
• pipelines: specifying the Action Role for CodeBuild steps (#18293) (719edfc), closes #18291 #18291
• rds: tokens should not be lowercased (#20287) (5429e55), closes #18802
• secretsmanager: automatic rotation cannot be disabled (#18906) (c50d60c), closes #18749

1.156.1 (2022-05-12)

1.156.0 (2022-05-11)

Features

• lambda: nodejs16.x runtime (#20261) (edf7c86)

Bug Fixes

• appsync: incorrect region used for imported Cognito user pool (#20193) (3e0393e), closes #20195
• cognito: UserPoolDomain.baseUrl() does not return FIPS-compliant url for gov cloud regions (#20200) (dd10df1), closes #20182 #12500
• stepfunctions: map property maxConcurrency is not token-aware (#20279) (14be764), closes #20152

1.155.0 (2022-05-04)

Features

• cfnspec: cloudformation spec v68.0.0 (#20065) (f199fad)
• cloudwatch: Add CustomWidget (#19327) (489340e), closes #17579
• ec2: add i4i instance type (#20134) (64c5064)
• iam: add convenience method inOrganization to ArnPrincipal (#20109) (c545bfe), closes /github.com/aws/aws-cdk/pull/19975#discussion_r857385168 #19975
• lambda: function.addAlias() simplifies Alias creation (#20034) (a79bc47)
• rds: add secret rotation to DatabaseClusterFromSnapshot (#20020) (abc3502), closes #12877

Bug Fixes

• lambda: grant invoke twice with different principals (#20174) (bb4c950)
• ubergen: expose exports in core module for v2 (#20176) (fc2cd48), closes #19773

1.154.0 (2022-04-27)

Features

• aws-cognito: send emails with a verified domain (#19790) (1d2b1d3), closes #19762
• aws-eks: add annotations and labels to service accounts (#19609) (82aec9d), closes #19607
• cloudwatch: expose dashboardArn for CloudWatch dashboard L2 construct (#20059) (df9814f)
• cloudwatch: expose dashboardName property on the L2 Dashboard construct (#17721) (8cb5dff), closes #17648
• integ-tests: add IntegTest to group test cases (#20015) (b4f8d91)
• integ-tests: make assertions on deployed infrastructure (#20071) (8362efe)
• rds: allow DatabaseClusterFromSnapshot to set copyTagsToSnapshot property (#19932) (40a6ceb), closes #19884
• redshift: expose user.secret as property (#17520) (#20078) (8da006a)
• servicecatalog: graduate to stable 🚀 (#19515) (4764591)

Bug Fixes

• eks: cluster cannot be created in opt-in regions (#20009) (ec06f48), closes #13748 #15579
• eks: remove incomplete support for k8s v1.22 (#20000) (d38a9e4), closes #19756 #19919
• integ-runner: disable-update-workflow default is 'false' instead of false (#20073) (9f7aa65)
• integ-runner: only diff registered stacks (#20100) (721bd4b)
• lambda-python: handler path is incorrectly generated when using PythonFunction (#20083) (6787376)
• tooling: container user's uid does not match host's uid (#20082) (e9670c8), closes #19979
• deploy monitor count is off if there are > 100 changes (#20067) (fd306ee), closes #11805
• imagebuilder: AmiDistributionConfiguration renders empty (#20045) (7bd7139)
• lambda-python: Pipenv projects no longer work for Python 3.6 (#20019) (5024021)
• region-info: EMR service principal incorrect in China (#20014) (84649b8), closes #19867

1.153.1 (2022-04-22)

Bug Fixes

• imagebuilder: revert property field typings (b2e0eb5)

1.153.0 (2022-04-21)

Features

• apigatewayv2: set throttling on stages (#19776) (3cabd10), closes #19626
• autoscaling: Auto Scaling Group with Launch Template (#19066) (1581af0), closes #6734
• aws-ecr: make it easy to reference image tag or digest, use everywhere (#19799) (380774e), closes #13299 #15333
• cfnspec: cloudformation spec v66.0.0 (#19812) (43735fd), closes #19798
• cfnspec: cloudformation spec v66.1.0 (#19929) (8c8b6b6)
• cli: glob-style key matching to context --reset (#19840) (edb4119), closes #19797
• codebuild: add ability to customize build status reporting for third-party Git sources (#19408) (423d72f)
• codepipeline: allow to disable stage transition (#19911) (ac9901a), closes #1649
• integ-runner: add missing features from the integ manifest (#19969) (2ca5050)
• integ-runner: integ-runner enhancements (#19865) (697fdbe)
• integ-runner: test update path when running tests (#19915) (d0ace8f)
• integ-tests: Add IntegTestCase (#19829) (ad249c9)
• iotevents: support comparison operators (#19329) (95cb3f3)
• lambda: function URLs (#19817) (4fd515a), closes #19798
• logs: add QueryDefinition L2 Construct (#18655) (fcf981b)
• route53: fromPublicHostedZoneAttributes method with zoneName (#19771) (7867dc4), closes #18700
• s3-deployment: ephemeral storage size property for bucket deployment (#19958) (3ce40b4), closes #19947
• check for accidental exposure of secrets (#19543) (789e8d2)

Bug Fixes

• autoscaling: update validation on maxInstanceLifetime (#19584) (d115b47)
• aws-cloudfront: Add sslSupportMethod (#19737) (c5a9679), closes #19476
• aws-ecr-assets: correct file existence validation in tests (#19945) (d4c13c0), closes 40aws-cdk/aws-ecr-assets/test/image-asset.test.ts#L387 #19944
• cfn-diff: allow resources to change types (#19891) (4f3a340), closes #13921
• cfn-include: detect a resource cycle in the included template (#19871) (2c2bc0b), closes #16654
• cfnspec: aws-sam deployment preferences hooks (#19732) (a205734)
• cfnSpec: wrong type for SAM API properties GatewayResponses and Models (#19885) (b214ede), closes #19870
• cli: hangs on retrieving notices (#19967) (daeeafa), closes #19542
• cli: stack monitor prints over error messages (#19859) (42e5d08), closes #19742
• cloudwatch: MathExpression id contract is not clear (#19825) (5472b11), closes #13942 #17126
• core: exportValue does not work on number attributes (#19818) (12459ca), closes #19537
• docdb: make most attributes of DatabaseClusterAttributes optional (#19625) (5f6d20c), closes #14492
• ecr: scanOnPush not supported in certain regions (#19940) (2ff3143), closes #19918
• ecs: get rid of EFS casing warnings (#19681) (eafc11a), closes #15025
• eks: malformed command when installing helm chart from OCI artifact (#19778) (f8babb8), closes /github.com/aws/aws-cdk/pull/18547#issuecomment-1088737549
• iam: role/group/user's path not included in ARN (#13258) (ef2b480), closes #13156
• integ-runner: enable all feature flags by default (#19955) (ca3920d)
• lambda-event-sources: unsupported property onFailure for KafkaEventSources (#19995) (383171b), closes #19917
• rds: MySQL 8.0 uses wrong Parameter for S3 export (#19775) (5a895a3), closes #19735
• stepfunctions: incorrect default documentation for integrationPattern (#19936) (4cb3b2b), closes #19815

Reverts

• "feat(cli): glob-style key matching to context --reset (#19840)" (#19888) (89ec597)

1.152.0 (2022-04-06)

Features

• cfnspec: cloudformation spec v63.0.0 (#19679) (dba96a9)
• cfnspec: cloudformation spec v65.0.0 (#19745) (796fc64)
• cli: add --build option (#19663) (eb9b8e2), closes #19667
• cli: preview of cdk import (#17666) (4f12209)
• core: throw error when stack name exceeds max length (#19725) (1ffd45e)
• eks: add k8s v1.22 (#19756) (9a518c5)
• opensearch: Add latest Opensearch Version 1.2 (#19749) (a2ac36e)
• add new integration test runner (#19754) (1b4d010)
• eks: alb-controller v2.4.1 (#19653) (1ec08df)
• lambda: add support for ephemeral storage (#19552) (f1d9b6a), closes #19605
• s3: EventBridge bucket notifications (#18614) (d8e602b), closes #18076
• synthetics: new puppeteer 3.5 runtime (#19673) (ce2b91b), closes #19634

Bug Fixes

• aws_applicationautoscaling: Add missing members to PredefinedMetric enum (#18978) (75a6fa7), closes #18969
• cli: apps with many resources scroll resource output offscreen (#19742) (053d22c), closes #19160
• cli: support attributes of DynamoDB Tables for hotswapping (#19620) (2321ece), closes #19421
• cloudwatch: automatic metric math label cannot be suppressed (#17639) (7fa3bf2)
• codedeploy: add name validation for Application, Deployment Group and Deployment Configuration (#19473) (9185042)
• codedeploy: the Service Principal is wrong in isolated regions (#19729) (7e9a43d), closes #19399
• core: Fn.select incorrectly short-circuits complex expressions (#19680) (7f26fad)
• core: detect and resolve stringified number tokens (#19578) (7d9ab2a), closes #19546 #19550
• core: reduce CFN template indent size to save bytes (#19656) (fd63ca3)
• ecs: 'desiredCount' and 'ephemeralStorageGiB' cannot be tokens (#19453) (c852239), closes #16648
• ecs: remove unnecessary error when adding volume to external task definition (#19774) (5446ded), closes #19259
• iam: policies aren't minimized as far as possible (#19764) (876ed8a), closes #19751
• logs: Faulty Resource Policy Generated (#19640) (1fdf122), closes #17544

1.151.0 (2022-03-31)

Features

• aws-ec2: Enable/disable EC2 "Detailed Monitoring" (#19437) (94f9d27)
• cognito: configure SNS region for UserPool SMS messages (#19519) (6eb775e), closes #19434
• core: add size.isUnresolved (#19569) (ed26731)
• ecs-patterns: PlacementStrategy and PlacementConstraint for many patterns (#19612) (0096e67)
• elbv2: use addAction() on an imported application listener (#19293) (18a6b0c), closes #10902
• kinesisanalytics-flink: Add metrics to Flink applications (#19599) (dab6aca)
• lambda: warn if you use function.grantInvoke while also using currentVersion (#19464) (fd1fff9), closes #19273 #19318

Bug Fixes

• apigateway: allow using GENERATE_IF_NEEDED for the physical name in LambdaRestApi (#19638) (e817381), closes #9374
• apigateway: id in schema model maps to $id (#15113) (ac5a345), closes #14585
• aws-cognito: Lambda::Permission of lambdaTrigger should have a SourceArn (#19622) (c62eeb7), closes #19604
• docdb: DB Instance ARN uses 'docdb' as the service component instead of 'rds' (#19555) (6a63924), closes #19554
• eks: incorrect version of aws-node-termination-handler (#19510) (9c712cc)
• elbv2: unable to add multiple certificates to NLB (#19289) (e8142e9), closes #13490 #8918 #15328
• rds: SnapshotCredentials.fromSecret() takes a Secret, not ISecret (#19639) (a74d82e), closes #19409

1.150.0 (2022-03-26)

Features

• cloudformation spec v62.0.0 (#19553) (0352dee)
• appsync: support custom domain mappings (#19368) (8c7a4ac), closes #18040
• autoscaling: support warm pools (#19214) (737e611)
• cfnspec: cloudformation spec v61.0.0 (#19457) (16d7552)
• cli: support SSO (#19454) (eba6052)
• cloudwatch: Additional Properties for Cloudwatch AlarmStatusWidget (#19387) (3c9ea5f), closes #19386
• ec2: add support for x2iezn instances (#19517) (8f6e20e)
• synthetics: add support for puppeteer 3.4 runtime (#19429) (024b890), closes #19382

Bug Fixes

• apigateway: StepFunctionsIntegration does not create required role and responses (#19486) (d59bee9)
• bootstrap: rebootstrap breaks container Functions (#19446) (49ea263), closes #18473
• cli: templates don't include .gitignore (#19482) (5ce0983)
• core: Aspects from symlinked modules are not applied (#19491) (eaeaed7), closes #18921 #18778 #19390 #18914
• ecr: setting imageScanningConfiguration to false does nothing on existing repository (#18078) (78bc870), closes #18077
• events: cannot have more than one cross-account Rule (#19441) (a257846), closes #12479 #12538
• iam: IAM Policies are too large to deploy (#19114) (3a4fe33), closes #18774 #16350 #18457 #18564 #19276
• lambda: support Lambda's new Invoke with Qualifier authorization strategy (#19318) (d06b27f), closes #19273
• secretsmanager: secret rotation uses old application versions (#19490) (0c983ad), closes #19487

1.149.0 (2022-03-17)

Features

• appsync: add OpenSearch domain data source (#16529) (922a9dc), closes #16528
• assertions: Add the hasNoXXX methods. (#19330) (6bdc9eb), closes #18874
• aws-lambda-nodejs: support additional esbuild configurations (#17788) (ab313a4)
• cfnspec: cloudformation spec v60.0.0 (#19347) (20da648)
• cli: parallel asset publishing (#19367) (c8cafef), closes #19193
• ec2: add support for x2idn and x2iedn instances (#19334) (9699efc)
• elbv2: add name validation for target group and load balancer names (#19385) (97e0973), closes /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-targetgroup.html#cfn-elasticloadbalancingv2 /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-loadbalancer.html#cfn-elasticloadbalancingv2
• iotevents: support SetVariable action (#19305) (c222b12)
• lambda: dotnet6 runtime (#19144) (bbed27d)
• synthetics: add vpc configuration (#18447) (c991e92), closes #11865 #9954

Bug Fixes

• cli: failure to load malformed YAML is swallowed (#19338) (1875c28), closes #19335
• lambda-event-sources: increase batch size restriction (#19317) (1bc5144), closes #19285
• lambda-nodejs: cannot use esbuildArgs with older esbuild versions (#19343) (59a4d81)
• stepfunctions-tasks: migrate from deprecated batch properties (#19298) (75f5b3b), closes #18993

1.148.0 (2022-03-09)

Features

• aws-apigateway: add ability to include authorizer context in apigw sfn integration (#18892) (e7c0c75), closes #18891
• aws-s3objectlambda: add L2 construct for S3 Object Lambda (#15833) (fe9f750), closes #13675
• cfnspec: cloudformation spec v59.0.0 (#19236) (f46a14d)
• codebuild: improved support for ARM build images (#19052) (4eac4de), closes #18916 #9817
• eks: Service Account names validation (#19251) (7c3099e), closes #18189
• elasticsearch: Decouple setting access policies from domain constructor (#15876) (cefdfd3)
• iotevents: support actions (#18869) (e01654e)
• iotevents: support setting Events on input and exit for State (#19249) (ffa9e0d)
• lambda-nodejs: support esbuild inject (#19221) (3432c45), closes #19133
• s3: add s3:ObjectRestore:Delete to EventType for notification (#19250) (e0f863a), closes #19223
• servicecatalog: Service Catalog is now in Developer Preview (#19204) (6dfc254)

Bug Fixes

• apigatewayv2-integrations: in case of multiple routes, only one execute permission is created (#18716) (1e352ca)
• aws-apigateway: missing comma to make failure response payload valid json (#19253) (b1fce4f), closes #19252
• aws-route53-targets: add support for custom cname_prefix urls in elastic beanstalk environment endpoint target (#18804) (289a794)
• cli: watch logs always end with the 'truncated' message (#19241) (d3fdfe5), closes #18805
• cli: deprecated stack ids printed at the end of synth (#19216) (7d8a479), closes #18599
• cli: notices refresh doesn't respect the --no-notices flag (#19226) (b3c5fe8)
• efs: fix bug when setting both lifecyclePolicy and outOfInfrequentAccessPolicy (#19082) (d435ab6), closes #19058
• lambda-nodejs: local tsc detection with pre compilation (#19266) (5de7b86), closes #19242
• lambda-python: asset bundling fails on windows (#19270) (0da57da), closes #18861
• lambda-python: docker image gets built even when we don't need to bundle assets (#16192) (5dc61ea), closes #14747
• rds: allow cluster from snapshot to enable encrypted storage (#19175) (bd4141d), closes #17241
• rds: read replica instance cannot join domain (#19202) (cef8fec), closes #18786
• rds: subnet selection not respected for multi user secret rotation (#19237) (dc7a17c), closes #19233

1.147.0 (2022-03-01)

Features

• cfnspec: cloudformation spec v58.0.0 (#19153) (a6b0a10)
• cli: hotswap support for resources in nested stacks (#18950) (2ea9da1)
• ec2: add c6a instances (#19113) (427cdfd)

Bug Fixes

• apigateway: fix strange vtl template for cors preflight request (#19104) (59ef06a), closes /datatracker.ietf.org/doc/html/rfc6454#section-7
• aws-apigateway: api gateway usage plan (#19023) (5b764cc), closes #18994
• aws-lambda-python: skip default docker build when image passed (#19143) (7300f2e), closes #18082
• cli: cdk version displays notices (#19181) (fa16f7a)
• cli: long connection timeout slows the CLI down (#19187) (6595d04)
• custom-resources: physical resource id must be determined before isComplete (#18630) (c190367)
• dynamodb: grant*Data() methods are missing the dynamodb:DescribeTable permission (#19129) (4a44a65), closes #18773
• dynamodb: Table.grantWriteData() doesn't include enough KMS permissions (#19102) (77f1e0b), closes #10010
• ec2: invalid volume type check for iops (#19073) (3f49f02)
• eks: Helm charts fail to install when provided as an asset (#19180) (9961257)
• lambda-nodejs: logLevel property of BundlingOptions is ignored when nodeModules are defined (#18456) (5c40b90), closes #18383
• stepfunctions-tasks: RUN_JOB integration pattern not supported for CallAwsService (#19186) (4b134b7), closes #19174
• apply tags to nested stack (#19128) (3af329b), closes #17463
• triggers: not published as part of v2 (#19168) (8f727d1), closes #19164
• construct paths are not printed for nested stacks in CLI output (#18725) (b0e0155)
• rds: MySQL Cluster version 8.0 uses wrong Parameter for S3 import (#19145) (96b2034), closes #19126

1.146.0 (2022-02-24)

Features

• apigatewayv2: Import existing WebSocketApi from attributes (#18958) (f203845)
• cli: bundle dependencies (#18667) (31d135f)
• cli: support for matching notices with arbitrary module names (#19088) (a87dee7)
• cli: support for notices (#18936) (d37fbbb)
• cloudfront-origins: extend max keepaliveTimeout of HttpOrigin to 180 (#18837) (171fdcd), closes #18697
• eks: Allow helm pull from OCI repositories (#18547) (7e624d9)
• lambda: add a fromFunctionName() method (#19076) (5b92cc3), closes #18255 #19031
• pipelines: ECR source action (#16385) (fc11ae2), closes #16378
• pipelines: step outputs (#19024) (0dec2ee), closes #17189 #18893 #15943 #16407
• rds: make VPC optional for serverless Clusters (#17413) (4f7818d), closes #17401
• triggers (#19011) (11d6c69)

Bug Fixes

• cli: hotswapping is slow for many resources deployed at once (#19081) (040238e), closes #19021
• s3-notifications: notifications allowed with imported kms keys (#18989) (7441418)
• API compatibility check fails in CI pipeline (#19069) (6ec1005), closes #19070
• cloudfront: trim autogenerated cache policy name (#18953) (c7394c9), closes #18918
• elasticloadbalancingv2: validate port/protocol are not provided for lambda targets (#19043) (64d26cc), closes #12514
• route53: fix cross account delegation deployment dependency (#19047) (692a0d0), closes #19041

1.145.0 (2022-02-18)

Features

• aws-stepfunctions-tasks: add environment property for SageMakerCreateTrainingJob (#18976) (60d6e66), closes #18919
• cfnspec: cloudformation spec v56.0.0 (#18930) (24a52ae)
• cfnspec: cloudformation spec v57.0.0 (#19030) (f0acbc4)
• cli: hotswap for appsync vtl mapping template changes (#18881) (9858002)
• codepipeline: add support for CloudFormation StackSet actions (#14225) (d8bc0d0)
• config: S3_BUCKET_LEVEL_PUBLIC_ACCESS_PROHIBITED managed rule (#18890) (1a7e3e2), closes #18888
• core: stack synthesizer that uses CLI credentials (#18963) (a36b72b), closes #16888
• ec2: allow imdsv2 usage on bastion host (#18955) (8c6777c)
• ecs: support version stages and ids for Secrets (#18174) (6d091c2), closes #18123
• events: API Destinations (#13729) (2adbc14)
• iot-actions: add SNS publish action (#18839) (3a39f6b), closes #17700
• iotevents: create new module for IoT Events actions (#18956) (3533ea9), closes /github.com/aws/aws-cdk/pull/18869#discussion_r802719713
• lambda: allow Topic to be dlq for Lambda (#18546) (f8d8fe4), closes #16246
• logs: custom Role for Kinesis destination (#13553) (bb96621), closes #7661
• rds: simpler way to configure parameters for instance and cluster (#18126) (3ba9088), closes #18124
• s3-deployment: add deployedBucket attribute for sequencing (#15384) (edac101)

Bug Fixes

• assertions: 'pattern.indexOf' is not a function (#19009) (6df26e7)
• assertions: incorrect assertions when >1 messages on a resource (#18948) (072e1b9), closes #18840
• aws-cdk: include nested stacks when building changesets (#17396) (a7dbeef), closes #5722
• cli: handle attributes of AWS::Events::EventBus when hotswapping (#18834) (a30a32a), closes #18831
• core: undeployable due to invalid mapping (#18922) (db28485), closes #18789 #18789
• lambda: unlock use case for cross-account functions w/ preconfigured permissions (#18979) (023108a), closes #18228 #18781 #18967 #18781
• lambda: Validate Lambda "functionName" parameter (#17970) (a416a2d), closes #13264
• pipelines: self-mutate always adds analytics (#19010) (bc47b29), closes #18933
• stepfunctions: imported State Machine sill has region and account from its Stack, instead of its ARN (#19026) (23329b4), closes #17982
• python3 version check with Python 3.10 (#18754) (0ef6527)
• stepfunctions-tasks: EMR Create Cluster does not support dynamic allocation of step concurrency level (#18972) (d19e538)
• synthetics: generated role has incorrect permissions for cloudwatch logs (#18946) (f8bb85f), closes #18910

1.144.0 (2022-02-08)

Features

• assets: support networking mode for DockerImageAsset (#18114) (a7b39f5), closes #15516
• cfnspec: cloudformation spec v55.0.0 (#18827) (a1d94b3)
• cli: cdk diff works for Nested Stacks (#18207) (1337b24), closes #5722
• iotevents: add grant method to Input class (#18617) (e89688e)
• iotevents: support transition events (#18768) (ccc1988), closes #17711
• s3-deployment: deploy data with deploy-time values (#18659) (d40e332), closes #12903

Bug Fixes

• aws-appsync: Strip unsupported characters from Lambda DataSource (#18765) (bb8d6f6)
• tooling: update vscode devcontainer image (#18455) (28647f7)

1.143.0 (2022-02-02)

Features

• amplify: support performance mode in Branch (#18598) (bdeb8eb), closes #18557
• cfnspec: cloudformation spec v54.0.0 (#18764) (71601c1)
• cloudwatch-actions: add ssm opsitem action for cloudwatch alarm (#16923) (9380885), closes #16861
• dynamodb: allow setting TableClass for a Table (#18719) (73a889e), closes #18718
• ec2: support KMS keys for block device mappings for both instances and launch templates (#18326) (17dbe5f), closes #18309
• ecr: add server-side encryption configuration (#16966) (c46acd5), closes #15400 #15571
• ecs: expose image name in container definition (#17793) (1947d7c)
• fsx: add support for FSx Lustre Persistent_2 deployment type (#18626) (6036d99)
• iot: add Action to republish MQTT messages to another MQTT topic (#18661) (7ac1215)

Bug Fixes

• core: correctly reference versionless secure parameters (#18730) (9f6e10e), closes #18729
• ec2: UserData.addSignalOnExitCommand does not work in combination with userDataCausesReplacement (#18726) (afdc550), closes #12749
• vpc: Vpc.fromLookup should throw if subnet group name tag is explicitly given and does not exist (#18714) (13e1c7f), closes #13962

Reverts

• "chore(cloudfront): encryption and enforceSSL on distribution s3 loggingBucket (#18264)" (#18772) (121e4a1), closes #18271 /docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html#AWS-logs-infrastructure-S3 #18676
• "chore(ec2): enforceSSL on flowLog s3 bucket (#18271)" (#18770) (a2eb092), closes /docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html#AWS-logs-infrastructure-S3 #18676

1.142.0 (2022-01-28)

Features

• cfnspec: cloudformation spec v53.1.0 (#18680) (f385059)
• cloudfront-origins: extend readTimeout maximum value for HttpOriginProps (#18697) (e64de67), closes #18628
• eks: cluster logging (#18112) (872277b), closes #4159
• iotevents: allow setting description, evaluation method and key of DetectorModel (#18644) (2eeaebc)
• lambda-python: support setting environment vars for bundling (#18635) (30e2233)

Bug Fixes

• aws-lambda-nodejs: pre compilation with tsc is not being run (#18062) (7ac7221), closes #18002
• pipelines: undeployable due to dependency cycle (#18686) (009d689), closes #18492 #18673

1.141.0 (2022-01-27)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• servicecatalog: TagOptions now have scope and props argument in constructor, and data is now passed via a allowedValueForTags field in props

Features

• assertions: support assertions on stack messages (#18521) (cb86e30), closes #18347
• assertions: support for conditions (#18577) (55ff1b2), closes #18560
• aws-ecs-patterns: adding support for custom HealthCheck while creating QueueProcessingFargateService (#18219) (0ca81a1), closes #15636
• certificatemanager: DnsValidatedCertificate DNS record cleanup (#18311) (36d356d), closes #3333 #7063
• cfnspec: cloudformation spec v53.1.0 (#18588) (a283a48)
• cfnspec: cloudformation spec v53.1.0 (#18658) (2eda19e)
• ec2: session timeout and login banner for client vpn endpoint (#18590) (7294118)
• ecs: add BaseService.fromServiceArnWithCluster() for use in CodePipeline (#18530) (3d192a9)
• iotevents: add DetectorModel L2 Construct (#18049) (d0960f1), closes #17711 #17711
• lambda-nodejs: Allow setting mainFields for esbuild (#18569) (0e78aeb)
• s3: custom role for the bucket notifications handler (#17794) (43f232d), closes #9918 #13241
• servicecatalog: Create TagOptions Construct (#18314) (903c4b6), closes #17753

Bug Fixes

• apigatewayv2: websocket api: allow all methods in grant manage connections (#18544) (41c8a3f), closes #18410
• aws-apigateway: cross region authorizer ref (#18444) (0e0a092)
• cli: hotswap should wait for lambda's updateFunctionCode to complete (#18536) (0e08eeb), closes #18386 #18386
• ecs: only works in 'aws' partition (#18496) (525ac07), closes #18429
• ecs-patterns: Fix Network Load Balancer Port assignments in ECS Patterns (#18157) (1393729), closes #18073
• elasticloadbalancingv2: ApplicationLoadBalancer.logAccessLogs does not grant all necessary permissions (#18558) (bde1795), closes #18367
• pipelines: CodeBuild projects are hard to tell apart (#18492) (f6dab8d)
• region-info: incorrect codedeploy service principals (#18505) (16db963)
• route53: add RoutingControlArn to HealthCheck patch (#18645) (c58e8bb), closes #18570
• s3: add missing safe actions to grantWrite, grantReadWrite and grantPut methods (#18494) (940d043), closes #13616
• secretsmanager: SecretRotation for secret imported by name has incorrect permissions (#18567) (9ed263c), closes #18424
• stepfunctions: task token integration cannot be used with API Gateway (#18595) (678eede), closes #14184 #14181
• stepfunctions-tasks: cluster creation fails with unresolved release labels (#18288) (9940952)
• synthetics: correct getbucketlocation policy (#13573) (e743525), closes #13572

1.140.0 (2022-01-20)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• apigatewayv2: HttpIntegrationType.LAMBDA_PROXY has been renamed to HttpIntegrationType.AWS_PROXY
• iot: the class FirehoseStreamAction has been renamed to FirehosePutRecordAction

Features

• apigatewayv2: HttpRouteIntegration supports AWS services integrations (#18154) (a8094c7), closes #16287
• apigatewayv2: support for mock integration type (#18129) (7779c14), closes #15008
• apigatewayv2: websocket api: api keys (#16636) (24f8f74)
• assertions: stringLikeRegexp() matcher (#18491) (b49b002)
• assertions: support for parameters (#18469) (d0d6fc5), closes #16720
• aws-neptune: add autoMinorVersionUpgrade to cluster props (#18394) (8b5320a), closes #17545
• aws-s3: support number of newer versions to retain in lifecycle policy (#18225) (e1731b1), closes #17996 #17996
• cfnspec: cloudformation spec v53.0.0 (#18468) (50637e0)
• cfnspec: cloudformation spec v53.0.0 (#18480) (38e1fe4)
• cfnspec: cloudformation spec v53.0.0 (#18524) (517d517)
• cfnspec: cloudformation spec v53.0.0 (#18551) (926310b)
• cli: support hotswapping Lambda functions that use Docker images (#18319) (6b553b7), closes #18302 #18408
• cli: support hotswapping Lambda functions with inline code (#18408) (d0b8512), closes #18319
• cli: watch streams resources' CloudWatch logs to the terminal (#18159) (a9038ae), closes #18122
• cognito: identity pools (#16190) (59fe395)
• ec2: add Hpc6a instances (#18445) (c7f39ca)
• ec2: add support for al2022 and amzn2 with kernel 5.x (#18117) (6b73d1d)
• ec2: create Peers via security group ids (#18248) (9d1b2c7), closes #7111
• ecs-service-extensions: Enable default logging to CloudWatch for extensions (under feature flag) (#17817) (06666f4)
• iot: add Action to put record to Kinesis Data stream (#18321) (1480213), closes #17703
• lambda-nodejs: ES modules (#18346) (e23b63f), closes #13274
• opensearch: added opensearch 1.1 to engineversion (#18432) (e01a57a), closes #18431

Bug Fixes

• apigateway: enabled property of ApiKeyProps is ignored (#18407) (c31f9b4)
• applicationautoscaling: typo in DYANMODB_WRITE_CAPACITY_UTILIZATION (#18085) (626e6aa), closes #17209
• assertions: object partiality is dropped passing through arrays (#18525) (eb29e6f)
• cli: cdk watch constantly prints 'messages suppressed' (#18486) (9b266f4), closes #18451
• cli: warning to upgrade to bootstrap version >= undefined (#18489) (da5a305)
• ec2: interface endpoints do not work with Vpc.fromLookup() (#18554) (f55cd2b), closes #17600
• ec2: launch template names in imdsv2 not unique across stacks (under feature flag) (#17766) (2a80e4b)
• ecs: respect LogGroup's region for aws-log-driver (#18212) (b6e3e51), closes #17747
• elbv2: BaseLoadBalancer.vpc is not optional (#18474) (f511c17), closes aws/jsii#3342
• iot: FirehoseStreamAction is now called FirehosePutRecordAction (#18356) (c016a9f), closes /github.com/aws/aws-cdk/pull/18321#discussion_r781620195
• pipelines: "Maximum schema version supported" error (#18404) (a684ff4), closes #18370
• pipelines: graphnode dependencies can have duplicates (#18450) (2b0b5ea)
• secretsmanager: Secret requires KMS key for some same-account access (#17812) (91f3539), closes #15450

Reverts

• s3: add EventBridge bucket notifications (#18150) (#18507) (2041278)

1.139.0 (2022-01-11)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• apigatewayv2-authorizers: WebSocketLambdaAuthorizerProps.identitySource default changes from ['$request.header.Authorization'] to ['route.request.header.Authorization'].
• cfn2ts: some "complex" property types within the generated CloudFormation interfaces (i.e: properties of Cfn* constructs) with names starting with a capital letter I followed by another capital letter are no longer incorrectly treated as behavioral interfaces, and might hence have different usage patterns in non-TypeScript languages. Such interfaces were previously very difficult to use in non-TypeScript languages, and required convoluted workarounds, which can now be removed.

Features

• aws-ecs: support runtime platform property for create fargate windows runtime. (#17622) (fa8f2e2), closes #17242
• bootstrap: ECR ScanOnPush is now enabled by default (#17994) (7588b51)
• cfnspec: cloudformation spec v51.0.0 (#18274) (c208e60)
• cli: diff now uses the lookup Role for new-style synthesis (#18277) (2256680)
• eks: cluster tagging (#4995) (#18109) (304f5b6)
• iam: generate AccessKeys (#18180) (beb5706), closes #8432
• lambda-event-sources: adds AuthenticationMethod.CLIENT_CERTIFICATE_TLS_AUTH to kafka (#17920) (93cd776)
• pipelines: step dependencies (#18256) (e3359e0), closes #17945
• pipelines: support timeout in CodeBuildStep (#17351) (2aa3b8e)
• s3: add EventBridge bucket notifications (#18150) (912aeda), closes #18076
• sqs: add DLQ readonly property to Queue (#18232) (caa6788), closes #18083

Bug Fixes

• apigatewayv2-authorizers: incorrect identitySource default for WebSocketLambdaAuthorizer (#18315) (74eee1e), closes #18307
• appmesh: allow a Virtual Node have as a backend a Virtual Service whose provider is that Node (#18265) (272b6b1), closes #17322
• aws-kinesis: remove default shard count when stream mode is on-demand and set default mode to provisioned (#18221) (cac11bb), closes #18139
• aws-lambda-event-sources: unsupported properties for SelfManagedKafkaEventSource and ManagedKafkaEventSource (#17965) (5ddaef4), closes #17934
• cfn2ts: some property times have behavioral-interface names (#18275) (6359c12)
• cli: assets are KMS-encrypted using wrong key (#18340) (64ae9f3), closes #17668 #18262
• cli: breaks due to faulty version of colors (#18324) (ddc2bc6)
• codebuild: setting Cache.none() renders nothing in the template (#18194) (cd51a5d), closes #18165
• lambda: imported Function still has region and account from its Stack, instead of its ARN (#18255) (01bbe4c), closes #18228
• lambda-python: asset files are generated inside the 'asset-input' folder (#18306) (aff607a)
• lambda-python: bundle asset files correctly (#18335) (3822c85), closes #18301
• logs: respect region when importing log group (#18215) (be909bc), closes #18214
• pipelines: DockerCredential.dockerHub() silently fails auth (#18313) (c2c87d9), closes #15737
• route53: support multiple cross account DNS delegations (#17837) (76b5c0d), closes #17836

1.138.2 (2022-01-09)

Bug Fixes

• cli: breaks due to faulty version of colors (#18324) (43bf9ae)

1.138.1 (2022-01-07)

Bug Fixes

• lambda-python: asset files are generated inside the 'asset-input' folder (#18306) (b00b44e)

1.138.0 (2022-01-04)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• lambda-python: assetHashType and assetHash properties moved to new bundling property.
• lambda-python: Runtime is now required for LambdaPython

Features

• apigateway: Add stage ARN attribute (#18170) (be7acfd)
• aws-autoscaling: Add support for termination policies (#17936) (9e6f977), closes #15654
• aws-ec2: add g4ad instance types (#17927) (8cb6a76), closes #17565
• cfnspec: add CloudFormation documentation to L1 classes (#18101) (0ed661d)
• cli: hotswap deployments for CodeBuild projects (#18161) (4ae4df8)
• cli: show how long cdk deploy steps take (#18230) (82fa742), closes #18213
• cli: support for hotswapping Lambda Versions and Aliases (#18145) (13d77b7), closes #18058 #17043
• codepipeline: variables for CodeStar Connections source Action (#18086) (c99da16), closes #17807
• custom-resources: NoEcho for sensitive data in provider framework (#18097) (621a410)
• docdb: allow setting log retention (#18120) (002202f), closes #13191
• ec2: add Windows Server 2022 WindowsVersions (#18203) (dee732d), closes #18199
• glue: support partition index on tables (#17998) (c071367), closes #17589
• iot: Action to send messages to SQS queues (#18087) (37537fe), closes #17699
• iot: add Action to set a CloudWatch alarm (#18021) (de2369c), closes #17705
• lambda-python: support for providing a custom bundling docker image (#18082) (c3c4a97), closes #10298 #12949 #15391 #16234 #15306
• msk: add Kafka versions 2.6.3, 2.7.1 and 2.7.2 (#18191) (8832df1)
• secretsmanager: create secrets with specified values (#18098) (dd90b8e), closes #5810
• ssm: reference latest version of secure string parameters (#18187) (7d0680a), closes #17091

Bug Fixes

• amplify: deploy asset Custom Resource points to TS file (#18166) (a1508af)
• cloudfront-origins: policy not added for custom OAI (#18192) (c894ba1), closes #18185
• core: Duration.toString() throws an error (#18243) (df03df8), closes #18176
• core: overriding of Stack.addFileAsset() no longer has effect (#18116) (2290681), closes #17328
• events: event bus name only generated if no props passed (#18153) (9b81662), closes #18070
• lambda-python: runtime is now required (#18143) (98f1bb1), closes #10248
• region-info: ssm service principal - fix more regions (#18135) (ed30c44), closes #16188

Reverts

• cfnspec: add CloudFormation documentation to L1 classes (#18177) (2530016)

1.137.0 (2021-12-21)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• opensearchservice: imported domain property domainEndpoint used to contain https:// prefix, now the prefix is dropped and it returns the same value as a domainEndpoint on a created domain

Features

• apigatewayv2: http api - IAM authorizer support (#17519) (fd8e0e3), closes #15123
• aws-kinesis: add support for data streams capacity modes (#18074) (b265e46), closes #18050
• aws-s3: Adding Intelligent Tiering to Bucket (#18013) (890c4c5), closes #16191
• backup: support continuous backup and point-in-time restores (#17602) (24c6ef5), closes #15922
• cli: add message when resource is hotswapped (#18058) (e828c22), closes #17778
• cli: support hotswapping Lambda function tags (#17818) (e4485f4), closes #17664
• cli: watch command now starts with a deployment (#18057) (ace37a2), closes #17776
• codedeploy: loadbalancer support for imported Target Groups (#17848) (32f1c80), closes #9677
• codepipeline: add ability to not reuse cross-region support Stacks (#18043) (dcc9e59), closes #18018 #18018
• efs: add support for transitioning files from infrequent access to primary storage (#16522) (65414c6)
• eks: imported kubectl provider for imported clusters (#14689) (19a287f), closes #12107
• eks: install helm chart from asset (#17217) (d3fc8c0)
• iam: session tagging (#17689) (9f22b2f), closes #15908 #16725 #2041 #1578
• rds: Aurora clusters from snapshots (#17759) (e5259ee), closes #10936 #10130

Bug Fixes

• acm: DnsValidatedCertificate intermittently fails with "Cannot read property 'Name' of undefined" (#18033) (2b6c2da), closes #8282
• apigateway: race condition between Stage and CfnAccount (#18011) (f11766e)
• eks: can't deploy with Bottlerocket amiType (#17775) (b7be71c), closes #17641 #17641
• eks: cannot customize alb controller repository and version (#18081) (e4256c8), closes #18054
• eks: the defaultChild of a KubernetesManifest is not a CfnResource (#18052) (ef8ab72)
• opensearchservice: imported domain's domainendpoint is a url not an endpoint (#18027) (fd149b1), closes #18017
• core, s3-deployment: ResponseURL is logged by S3Deployment (#18048) (ed19828)
• pipelines: can't use exports from very long stack names (#18039) (465dabf), closes #17436
• region-info: ssm service principal is wrong in majority of regions (#17984) (77144f5), closes #16188 #17646

1.136.0 (2021-12-15)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• appsync: The CachingConfig#ttl property is now required.

• glue: the grantRead API previously included 'glue:BatchDeletePartition', and now it does not.

Features

• amplify: Add Amplify asset deployment resource (#16922) (499ba85), closes #16208
• apigateway: add option to set the base path when adding a domain name to a Rest API (#17915) (9af5b4d)
• apigatewayv2: Lambda authorizer for WebSocket API (#16886) (67cce37), closes #13869
• aws-applicationautoscaling: Allow autoscaling with "M out of N" datapoints (#17441) (c21320d), closes #17433
• aws-applicationautoscaling: enabling autoscaling for ElastiCache Redis cluster (#17919) (7f54ed6)
• aws-ecs: expose environment from containerDefinition (#17889) (4937cd0), closes #17867
• aws-s3: add support for BucketOwnerEnforced to S3 ObjectOwnershipType (#17961) (93fafc5), closes #17926
• cfnspec: cloudformation spec v51.0.0 (#17955) (c6b7a49), closes #17943
• cli: Hotswapping Support for S3 Bucket Deployments (#17638) (1df478b)
• codecommit: allow initializing a Repository with contents (#17968) (54b6cc6), closes #17967 #16958
• ec2: add d3 and d3en instances (#17782) (8b52196), closes /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html#cfn-ec2
• ec2: add high memory instances u-6tb1, u-9tb1, u-12tb1, u-18tb1, and u-24tb1 (#17964) (5497525)
• ec2: add im4gn and is4gen instances (#17780) (e057c8f), closes /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html#cfn-ec2
• iotevents: add IoT Events input L2 Construct (#17847) (9f03dc4), closes /github.com/aws/aws-cdk/issues/17711#issuecomment-986153267
• lambda: add cloudwatch lambda insights arm support (#17665) (02749b4), closes #17133

Bug Fixes

• appmesh: adding support with gateway route priority (#17694) (a61576f), closes #16821
• appsync: ttl property of CachingConfig is not required (#17981) (73e5fec)
• aws-autoscaling: notificationTargetArn should be optional in LifecycleHook (#16187) (4e7a275), closes #14641
• aws-lambda-nodejs: use closest lockfile when autodetecting (#16629) (c4ecd96), closes #15847 40aws-cdk/aws-lambda-nodejs/lib/function.ts#L137-L139 /github.com/aws/aws-cdk/issues/15847#issuecomment-903830384
• cli: asset publishing broken cross account (#18007) (2fc6895), closes #17668 #17988
• cli: hotswapping StateMachines with a name fails (#17892) (de67aae), closes #17716
• custom-resources: assumedRole from AwsCustomResource invocation leaked to next execution (#15776) (e138188), closes #15425
• glue: remove batchDeletePartition from grantRead() permissions (#17941) (3d64f9b), closes #17935 #15116
• logs: log retention fails with OperationAbortedException (#17688) (95b8da9), closes #17546
• rds: unable to use tokens as port in DatabaseInstance (#17995) (0745193), closes #17948

1.135.0 (2021-12-10)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• apigatewayv2-authorizers: The default value for the prop authorizerName in HttpJwtAuthorizerProps has changed.
• apigatewayv2-authorizers: HttpJwtAuthorizer now takes the construct id and the target jwt issuer as part of its constructor.
• apigatewayv2-authorizers: HttpLambdaAuthorizer now takes the construct id and the target lambda function handler as part of its constructor.
• apigatewayv2-authorizers: The default value for the prop authorizerName in HttpUserPoolAuthorizerProps has changed.
• apigatewayv2: The HttpIntegration and WebSocketIntegration classes require an "id" parameter to be provided during its initialization.
• apigatewayv2-integrations: The LambdaWebSocketIntegration is now renamed to WebSocketLambdaIntegration. The new class accepts the handler to the target lambda function directly in its constructor.
• apigatewayv2-integrations: HttpProxyIntegration and HttpProxyIntegrationProps are now renamed to HttpUrlIntegration and HttpUrlIntegrationProps respectively. The new class accepts the target url directly in its constructor.
• apigatewayv2-integrations: LambdaProxyIntegration and LambdaProxyIntegrationProps are now renamed to HttpLambdaIntegration and HttpLambdaIntegrationProps respectively. The new class accepts the lambda function handler directly in its constructor.
• apigatewayv2-integrations: HttpAlbIntegration now accepts the ELB listener directly in its constructor.
• apigatewayv2-integrations: HttpNlbIntegration now accepts the ELB listener directly in its constructor.
• apigatewayv2-integrations: HttpServiceDiscoveryIntegration now accepts the service discovery Service directly in its constructor.
• apigatewayv2-authorizers: UserPoolAuthorizerProps is now renamed to HttpUserPoolAuthorizerProps.
• apigatewayv2: The interface IHttpRouteIntegration is replaced by the abstract class HttpRouteIntegration.
• apigatewayv2: The interface IWebSocketRouteIntegration is now replaced by the abstract class WebSocketRouteIntegration.
• apigatewayv2: Previously, we allowed the usage of integration classes to be used with routes defined in multiple HttpApi instances (or WebSocketApi instances). This is now disallowed, and separate instances must be created for each instance of HttpApi or WebSocketApi.

Features

• apigateway: step functions integration (#16827) (cb31547), closes #15081
• assertions: major improvements to the capture feature (#17713) (9a67ce7), closes #17009
• aws-s3-deployment: log retention option (#17779) (b60dc63)
• backup: enable WindowsVss Backup (#15934) (12fcb18), closes #14803 #14891
• cfnspec: cloudformation spec v49.0.0 (#17727) (7e0c9a3)
• cfnspec: cloudformation spec v50.0.0 (#17844) (cd3f24e), closes #17840 #17858
• cloudfront: Add support for response headers policy (#17359) (ea0acff), closes #17290
• cognito: user pool: adds custom sender (Email/SMS) lambda triggers (#17740) (7f45de4)
• core: add applyRemovalPolicy to IResource (#17746) (d64057f), closes #17728
• custom-resources: fixed Lambda function name (#17670) (5710fe5)
• docdb: implement audit and profiler logs (#17570) (4982aca), closes #17478
• ec2: add g5g instances (#17765) (1799f7e), closes /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html#cfn-ec2
• ec2: add m5zn instances (#17757) (845be10), closes /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html#cfn-ec2
• ec2: add m6a instances (#17764) (b06f120), closes /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html#cfn-ec2
• ec2: add mac1 instance (#17677) (88a5204), closes /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html#cfn-ec2 40aws-cdk/aws-ec2/lib/instance-types.ts#L573
• ec2: add r6i instances (#17663) (0138292), closes /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html#cfn-ec2
• ec2: add vpcName property to the VPC (#17940) (794e7cd)
• ec2: add vt1 instances (#17756) (245c059), closes /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html#cfn-ec2
• ec2: explicit mapPublicIpOnLaunch configuration for public subnets (#17346) (a1685c6)
• ec2: extend BastionHostLinux to support CloudFormationInit (#17507) (c62377e)
• ec2: propagate EC2 tags to volumes (#17840) (42cf186), closes /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html#cfn-ec2 #17844
• ecs-service-extensions: Auto scaling for Queue Extension (#17430) (df7b9b4)
• iam: support fromGroupName() for IAM groups (#17243) (29b379c)
• iot: add Action to capture CloudWatch metrics (#17503) (ec4187c), closes /github.com/aws/aws-cdk/pull/16681#issuecomment-942233029
• lambda: function construct exposes configured timeout (#17594) (87fd60f)
• lambda-event-sources: sqs: support reportBatchItemFailures (#17733) (3623982), closes #17690
• neptune: add engine version 1.1.0.0 and instance types t4g, r6g (#17669) (83e669d)
• rds: parameter group for replica instances (#17822) (b606a23), closes #17580
• s3: add GLACIER_IR storage class (#17829) (c291c44)
• s3: support Transfer Acceleration (#17636) (b432822), closes #12570
• secretsmanager: support secrets rotation in GovCloud (#17673) (a01678b), closes #14608
• servicecatalog: Add TagOptions to a CloudformationProduct (#17672) (2d19e15)
• stepfunctions-tasks: add 'Emr on Eks' tasks (#17103) (f2bf322), closes #15262 #15234

Bug Fixes

• apigateway: dataTraceEnabled does not default to false (#17906) (cc3bb1f)
• apigatewayv2: integration class does not render an integration resource (#17729) (3b5b97a), closes #13213
• apprunner: startCommand and environment are ignored in imageConfiguration (#16939) (d911c58), closes #16812
• appsync: add caching config to AppSync resolvers (#17815) (52b535b)
• appsync: empty caching config is created when not provided (#17947) (3a9f206)
• appsync: remove 'id' suffix to union definition key (#17787) (86e7780), closes #17771
• assert: support multiline strings with stringLike() (#17692) (37596e6)
• assets: remove the original-path metadata (#17901) (2b759ca), closes #17706
• aws-cdk-migration: Construct imports not rewritten (#17931) (f02fcb4), closes #17826
• aws-ec2: imported VPC subnets never recognized as PRIVATE_ISOLATED (#17496) (ba6a8ef)
• aws-elasticloadbalancingv2: Set stickiness.enabled unless target type is lambda (#17271) (168a98f), closes #17261
• cli: S3 asset uploads are rejected by commonly referenced encryption SCP (introduces bootstrap stack v9) (#17668) (8191f1f), closes #11265
• codepipeline: cannot trigger on all tags anymore in EcrSourceAction (#17270) (39fe11b), closes aws#13818 aws#13818
• codepipeline: cross-env pipeline cannot be created in Stage (#17730) (f17f29e), closes #17643
• codepipeline: default cross-region S3 buckets allow public access (#17722) (0b80db5), closes #16411
• cognito: remove invalid SES region check (#17868) (450f7ca), closes #17795
• core: bundling skipped with --exclusively option and stacks under stage (#17210) (cda6601), closes #12898 #15346
• docdb: secret rotation ignores excluded characters in password (#17609) (1fe2215), closes #17347 #17575
• dynamodb: add missing DynamoDB operations to enum (#17738) (f38e0ac)
• dynamodb: changing waitForReplicationToFinish fails deployment (#17842) (36b8fdb), closes #16983
• iam: AWS Managed Policy ARNs are not deduped (#17623) (ed4a4b4), closes #17552
• lambda-nodejs: bundling fails with a file dependency in nodeModules (#17851) (5737c33), closes #17830
• lambda-nodejs: bundling with nodeModules fails with paths containing spaces (#17632) (986f291), closes #17631
• pipelines: stack outputs used in stackSteps not recognized (#17311) (5e4a219), closes #17272
• s3-deployment: updating memoryLimit or vpc results in stack update failure (#17530) (2ba40d1), closes #7128
• stepfunctions: prefixes not appended to states in parallel branches (#17806) (a1da772), closes #17354

Miscellaneous Chores

• apigatewayv2: integration api re-organization (#17752) (29039e8)
• apigatewayv2-authorizers: re-organize authorizer api (#17772) (719f33e)

1.134.0 (2021-11-23)

Features

• apigatewayv2: domain endpoint type, security policy and endpoint migration (#17518) (261b331)
• cfnspec: cloudformation spec v49.0.0 (#17621) (ce638b4)
• docdb: add option to set the name of the generated Secret (#17574) (18c9ef7), closes #17572
• eks: ALB Controller (#17618) (1faf31d)
• msk: add Kafka version 2.6.2 (#17497) (5f1f476)

Bug Fixes

• assets: add missing SAM asset metadata information (#17591) (55df760), closes #14593
• aws-ecs: check for invalid capacityProviderName (#17291) (6e2fde4), closes #17321
• opensearch: correctly validate ebs configuration against instance types (#16911) (34af598), closes #11898

1.133.0 (2021-11-19)

Features

• apigatewayv2: websocket api: grant manage connections (#16872) (10dfa60), closes #14828
• assertions: support assertions over nested stacks (#16972) (bde44e7)
• aws-eks: support bottlerocket managed nodegroup (#17323) (2e6a1a9)
• cfnspec: cloudformation spec v48.0.0 (#17484) (6e8de96)
• cfnspec: cloudformation spec v49.0.0 (#17585) (d44d0e7)
• cognito: user pool: send emails using Amazon SES (#17117) (503720f), closes #6768
• ec2: add G5 instances (#17499) (eed70a0), closes /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html#cfn-ec2
• ec2: add m5n and m5dn instance types (#17488) (df30d4f)
• ec2: lookup security group by name (#17246) (5bf0d07), closes #4241
• ec2: vpc endpoints for codeguru (#17498) (21c2d2b), closes #16788
• ecs: Add SystemControls to ContainerDefinition (#16970) (b12a2c6), closes #16025
• eks: Allow passing of custom IAM role to Kube Ctl Lambda (#17196) (8fa293a)
• iot: add Action to put objects in S3 Buckets (#17307) (49b87db), closes /github.com/aws/aws-cdk/pull/16681#issuecomment-942233029
• iot: add Action to put records to a Firehose stream (#17466) (7cb5f2c), closes /github.com/aws/aws-cdk/pull/16681#issuecomment-942233029
• lambda: singleton function: access runtime, log group and configure layers and environment (#17372) (ec5b102)
• rds: validate backup retention for read replica instances (#17569) (9b2158b), closes #17356
• warn users when deprecated elements are used (#17328) (3721358)
• redshift: Add support for distStyle, distKey, sortStyle and sortKey to Table (#17135) (a137cd1), closes #17125
• servicecatalog: support local launch role name in launch role constraint (#17371) (b307b69)
• stepfunctions-tasks: Support DynamoAttributeValue.listFromJsonPath (#17376) (bc10e6f), closes #17375

Bug Fixes

• apigateway: SAM CLI asset metadata missing from SpecRestApi (#17293) (841cf99), closes #14593
• assets: SAM asset metadata missing from log retention and custom resource provider functions (#17551) (a90e959)
• autoscaling: add timezone property to Scheduled Action (#17330) (3154a58)
• aws-codebuild: add @aws-cdk/asserts to package deps (#17435) (9c77e94)
• aws-lambda-event-sources: Function.addEventSource fails for ManagedKafkaEventSource typed parameters (#17490) (a474ee8)
• aws-logs: include new policy.ts exports in index.ts exports (#17403) (a391468)
• cli: improve asset publishing times by up to 30% (#17409) (40d6a48), closes #17266
• cli: skip bundling for the 'watch' command (#17455) (af61b7f), closes #17391
• cloudwatch: render agnostic alarms in legacy style (#17538) (7c50ef8)
• ec2: Duplicate EIP when NatGatewayProps.eipAllocationIds is provided (#17235) (050f6fa)
• eks: Allow specifying subnets in Pinger (#17429) (6acee52)
• iot: unable to add the same lambda function to two TopicRule Actions (#17521) (eda1640), closes #17508
• kinesis: add required rights to trigger Lambda from Kinesis. Fixes issue #17312. (#17358) (0bfc15c)
• lambda: SAM CLI asset metadata missing from image Functions (#17368) (f52d9bf)
• NestedStack: add asset metadata to NestedStack resources for local tooling (#17343) (4ba40dc)
• redshift: tableNameSuffix evaluation (#17213) (f7c3217), closes #17064
• sns-subscriptions: enable cross region subscriptions to sqs and lambda (#17273) (3cd8d48), closes #7044 #13707
• ssm: fix service principals for all regions since ap-east-1 (#17047) (5900548), closes #16188

1.132.0 (2021-11-09)

Features

• apigatewayv2: http api - mTLS support (#17284) (54be156), closes #12559
• stepfunctions-tasks: add AutoTerminationPolicy to EmrCreateCluster (#16976) (27ad7d8)
• the assertions module is now stable! (#17395) (ede5e22)
• cfnspec: cloudformation spec v47.0.0 (#17392) (7100d43)
• lambda-nodejs: custom asset hash (#16412) (90da730), closes #16157

Bug Fixes

• codecommit: notifyOnPullRequestMerged method has a typo in its name (#17348) (cac5726)
• opensearch: domain doesn't handle tokens in capacity configuration (#17131) (2627939), closes #15014

1.131.0 (2021-11-07)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• apigatewayv2-authorizers: userPoolClient property in UserPoolAuthorizerProps is now renamed to userPoolClients.

Features

• apigatewayv2-authorizers: http api - allow multiple user pool clients per HttpUserPoolAuthorizer (#16903) (747eb7c), closes #15431
• certificatemanager: requesting private certificates issued by Private Certificate Authority (#16315) (e26f5be), closes #10076
• cfnspec: cloudformation spec v46.0.0 (#17223) (d9f7b58)
• cfnspec: cloudformation spec v46.0.0 (#17334) (e0f1180)
• cfnspec: cloudformation spec v47.0.0 (#17350) (ea71b4e), closes #17290 #17223
• cfnspec: cloudformation spec v47.0.0 (#17353) (7886607)
• cli: added build field to cdk.json (#17176) (57ad1e0)
• cli: introduce the 'watch' command (#17240) (0adc8b7)
• codepipeline: add construct for registering custom Actions (#17041) (c66ac89), closes #17039
• docdb: add the ability to exclude characters when generating passwords (#17262) (135f7d3), closes #15732
• ec2: add c6i instances (#17237) (25cea18)
• ecs-service-extensions: Target tracking policies for Service Extensions (#17101) (6420b18)
• eks: expose FargateCluster's defaultProfile (#17130) (e461601), closes #16149
• iot: allow setting description and enabled of TopicRule (#17225) (a9aae09)
• iot: allow setting errorAction of TopicRule (#17287) (e412308)
• iot-actions: Add the action to put CloudWatch Logs (#17228) (a7c869e)
• lambda-nodejs: add sourcesContent in BundlingOptions (#17280) (ea56e69), closes #17256
• logs: add support for cloudwatch logs resource policy (#17015) (e9a461d), closes #5343
• servicecatalog: allow creating a CFN Product Version with CDK code (#17144) (f8d0ef5)
• synthetics: add static cron method to schedule class (#17250) (1ab9b26), closes #16402

Bug Fixes

• aws-eks: proxy support and allow assigning a security group to all cluster handler functions (#17200) (7bbd10d), closes #12469
• cli: wmic not found on modern Windows systems (#17070) (332ce4d), closes #16419
• cli: cdk ls --long outputs less-friendly stack IDs for nested assemblies (#17263) (864c50e), closes #14379
• cli: no longer disable rollback by default for hotswap deployments (#17317) (e32b616), closes #17267
• cognito: ambiguous error message when same trigger is added twice (#16917) (4ae78b0)
• ec2: functions addIngressRule and addEgressRule detect unresolved tokens as duplicates (#17221) (d4952c3), closes #17201
• lambda-nodejs: yarn berry goes into immutable mode in CI (#17086) (cc8dd69), closes #17082
• pipelines: additionalInputs not working (#17279) (9e81dc7), closes #17224
• s3: enforce that fromBucketAttributes supplies a valid bucket name (#16915) (30ac0cc)

Reverts

• "chore: activate 'rosetta infuse' feature (#17191)" (#17329) (c8cd515)

1.130.0 (2021-10-29)

Features

• amplify: Add support for custom headers in the App (#17102) (9f3abd7), closes #17084
• aws-route53-targets: Support for Elastic Beanstalk environment URLs (#16305) (bc07cb0)
• cli: deployment progress shows stack name (#16604) (322cf10)
• cloudfront: add amplify managed cache policy (#16880) (8d0c555)
• codebuild: add fromEcrRepository to LinuxGpuBuildImage (#17170) (7585680), closes #16500
• core: Docker tags can be prefixed (#17028) (d298696)
• core: subtract Durations (#16734) (7a333b0), closes #16535
• ec2: add c5ad instances (#16428) (0318253)
• ec2: add region parameter for UserData via addS3DownloadCommand (#16667) (691d377), closes #8287
• ec2: add vpcArn to IVpc and Vpc (#16666) (7b31376), closes #16493
• ec2: add X2g instances (for RDS) (#17081) (443a23e), closes /github.com/aws/aws-cdk/issues/16948#issuecomment-946254267 #16948
• ec2: include p4d instance class (#17147) (6e13adc)
• ec2: look up VPC from different regions (#16728) (f1e244b), closes #10208
• ec2: VPC endpoint for AWS Xray (#16788) (c24af54), closes #16306
• events: DLQ support for EventBus target (#16383) (dbb3f25), closes #15954
• iot: add the TopicRule L2 construct (#16681) (86f85ce), closes #16602
• iot: allow setting Actions of TopicRule (#17110) (0cabb9f), closes #16681 /github.com/aws/aws-cdk/pull/16681#discussion_r733912215
• iot: create new aws-iot-actions module (#17112) (06838e6), closes #16681 /github.com/aws/aws-cdk/pull/16681#discussion_r733912215
• lambda-nodejs: esbuild charset option (#16726) (56033a2), closes #16668
• lambda-nodejs: typescript emitDecoratorMetadata support (#16543) (55d3c50), closes #13767
• rds: support backtrackWindow in DatabaseCluster (#17160) (fcd17e9), closes #9369 #9369
• route53: Expose VpcEndpointServiceDomainName domain name as a property (#16458) (e063fbd)
• sns: addSubscription returns the created Subscription (#16785) (62f389e)
• synthetics: add syn-nodejs-puppeteer-3.3 runtime (#17132) (8343bec)

Bug Fixes

• cli: downgrade bootstrap stack error message needs a hint for new-style synthesis (#16237) (e55301b)
• core: DefaultSynthesizer deployments are never skipped (#17099) (c74b012), closes #16959
• core: SecretValue.secretsManager fails for tokenized secret-id (#16230) (5831456), closes #16166
• custom-resources: invalid service name leads to unhelpful error message (#16718) (354686b), closes #7312
• custom-resources: Role Session Name can exceed maximum size (#16680) (3617b70)
• elasticloadbalancingv2: always set stickiness (#17111) (0a23953), closes #16620
• lambda-event-sources: dynamo batch size cannot be a CfnParameter (#16540) (56974ac), closes #16221
• logs: Apply tags to log retention Lambda (#17029) (a6aaa64), closes #15032
• rds: using both Instance imports & exports for Postgres fails deployment (#17060) (ab627c6), closes #16757
• redshift: cluster uses key ARN instead of key ID (#17108) (bdf30c6), closes #17032

1.129.0 (2021-10-21)

Features

• aws-autoscaling: add flag and aspect to require imdsv2 (#16052) (ef7e20d)
• codebuild: add support for small ARM machine type (#16635) (55fbc86), closes #16633
• dynamodb: add option to skip waiting for global replication to finish (#16983) (254601f), closes #16611
• ec2: add aspect to require imdsv2 (#16051) (0947b21)
• eks: configure serviceIpv4Cidr on the cluster (#16957) (72102c7), closes #16541
• events: Add DLQ support for SQS target (#16916) (7fda903), closes #16417
• msk: add Kafka version 2.8.1 (#16881) (7db5c8c)
• stepfunctions-tasks: add enableNetworkIsolation property to SageMakerCreateTrainingJobProps (#16792) (69ac520), closes #16779

Bug Fixes

• apigatewayv2: unable to retrieve domain url for default stage (#16854) (c6db91e), closes #16638
• cfn-diff: correctly handle Date strings in diff (#16591) (86f2714), closes #16444
• ecs: imported services don't have account & region set correctly (#16997) (dc6f743), closes #11199 #11199 #15944
• events: PhysicalName.GENERATE_IF_NEEDED does not work for EventBus (#17008) (707fa00), closes #14337
• lambda: docker image function fails when insightsVersion is specified (#16781) (d0e15cc), closes #16642
• lambda-layer-node-proxy-agent: Replace use of package.json with Dockerfile command npm install [package]@[version] (#17078) (a129046)
• opensearch: add validation to domainName property (#17017) (3ec6832), closes #17016
• pipelines: additionalInputs fails for deep directory (#17074) (403d3ce), closes #16936

1.128.0 (2021-10-14)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• assertions: Starting this release, the assertions module will be published to Maven with the name 'assertions' instead of 'cdk-assertions'.

Features

• apigatewayv2-integrations: http api - support for request parameter mapping (#15630) (0452aed)
• cli: hotswap deployments for ECS Services (#16864) (ad7288f)
• codepipeline: add support for string user parameters to the Lambda invoke action (#16946) (e19ea31), closes #16776
• lambda: docker platform for architecture (#16858) (5c258a3)
• lambda-event-sources: self managed kafka: support sasl/plain authentication (#16712) (d4ad93f)
• stepfunctions-tasks: AWS SDK service integrations (#16746) (ae840ff), closes #16780

Bug Fixes

• ecs: add ASG capacity via Capacity Provider by not specifying machineImageType (#16361) (93b3fdc), closes #16360
• servicecatalog: Allow users to create multiple product versions from assets. (#16914) (958d755)
• codebuild: add build image AMAZON_LINUX_2_ARM_2 (#16931) (370cb31), closes #16930
• core: asset hash is different between linux and windows (#16945) (59950dd), closes #14555 #16928
• ecs-patterns: minScalingCapacity cannot be set to 0 (#16961) (589f284), closes #15632 #14336
• ssm: StringParameter accepts ParameterType.AWS_EC2_IMAGE_ID as type (#16884) (2b353be), closes #16806
• use registry.npmjs.com to fix shinkwrap resolves (#16607) (8f91531)

Miscellaneous Chores

• assertions: consistent naming in maven (#16921) (0dcd9ec)

1.127.0 (2021-10-08)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• assertions: Match.absentProperty() becomes Match.absent(), and its type changes from string to Matcher.

Features

• appsync: Lambda Authorizer for AppSync GraphqlApi (#16743) (bdbe8b6), closes #16380
• chatbot: allow adding a sns topic in existing SlackChannel (#16643) (d29a20b), closes #15588
• cfnspec: cloudformation spec v43.0.0 (#16748) (7c473a6)
• cli: hotswap deployments for StepFunctions State Machines (#16489) (c3417f6)
• ec2: add X2gd instances (#16810) (6d468d2), closes #16794
• ecr-assets: control docker image asset hash (#16070) (13f67e7), closes #15936
• elbv2: support ALB target for NLB (#16687) (27cc821), closes #16679

Bug Fixes

• assertions: hasResourceProperties is incompatible with Match.not and Match.absent (#16678) (6f0a507), closes #16626
• cloudfront: EdgeFunctions cannot be created when IDs contain spaces (#16845) (b0752c5), closes #16832
• cloudwatch: alarms with accountId fails in regions that don't support cross-account alarms (#16875) (54472a0), closes #16874
• iam: not possible to represent Principal: * (#16843) (6829a2a)
• lambda: currentVersion fails when architecture specified (#16849) (8a0d369), closes #16814
• s3: auto-delete fails when bucket has been deleted manually (#16645) (7b4fa72), closes #16619

Miscellaneous Chores

• assertions: replace absentProperty() with absent() and support it as a Matcher type (#16653) (c980185)

1.126.0 (2021-10-05)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• assertions: The templateMatches() API previously performed an exact match. The default behavior has been updated to be "object-like".

Features

• assertions: matcher support for templateMatches() API (#16789) (0fb2179)
• apprunner: support the Service L2 construct (#15810) (3cea941), closes #14813
• aws-ec2: userdata cfn-signal signal resource which is different than the attached resource (#16264) (f24a1ae)
• backup: expose method to add statements to the vault policy (#16597) (3ff1537)
• cfnspec: cloudformation spec v42.0.0 (#16639) (2157acd)
• cloudfront: support Behavior-specific viewer protocol policy for CloudFrontWebDistribution (#16389) (5c028c5), closes #7086
• cloudwatch: support cross-environment search expressions (#16539) (c165138), closes #9039
• eks: connectAutoScalingGroupCapacity on imported clusters (#14650) (7f7be08)
• eks: add warning to fargateProfile (#16631) (41fdebb), closes #16349
• stepfunctions-tasks: add step concurrency level to EmrCreateCluster (#15242) (1deea90), closes #15223
• allow stale bot trigger manually (#16586) (fc8cfee)

Bug Fixes

• eks: Support for http proxy in EKS onEvent lambda (#16609) (cf22280), closes /github.com/aws/aws-cdk/blob/7dae114b7aac46321b8d8572e6837428b4c633b2/tools/pkglint/lib/rules.ts#L1332
• eks: support http proxy in EKS onEvent lambda (#16657) (87c9570), closes /github.com/aws/aws-cdk/pull/16657#issuecomment-928260661 /github.com/aws/aws-cdk/pull/16657#issuecomment-928529421 /github.com/aws/aws-cdk/blob/7dae114b7aac46321b8d8572e6837428b4c633b2/tools/pkglint/lib/rules.ts#L1332
• cli: progress bar overshoots count by 1 for stack updates (#16168) (0c8ecb8)
• config: add SourceAccount condition to Lambda permission (#16617) (cfcaf45)
• elasticloadbalancingv2: Incorrect validation on NetworkLoadBalancer.configureHealthCheck() (#16445) (140892a)
• iam: User.fromUserArn does not work for ARNs that include a path (#16269) (5c69c94), closes 40aws-cdk/aws-iam/lib/role.ts#L191-L194 #16256
• s3: setting autoDeleteObjects to false empties the bucket (#16756) (21836f2), closes #16603
• route53-targets: ApiGateway does not accept RestApiBase (#16610) (20071bb), closes #16227
• sns: cannot use numeric filter policy with 0 values (#16551) (62b6762), closes #16549

Reverts

• aws-eks: "fix(aws-eks): Support for http proxy in EKS onEvent lambda" (#16651) (376c837)

1.125.0 (2021-09-29)

Features

• lambda: support for ARM architecture (b3ba35e)

1.124.0 (2021-09-21)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• assertions: the findResources() API previously returned a list of resources, but now returns a map of logical id to resource.
• assertions: the findOutputs() API previously returned a list of outputs, but now returns a map of logical id to output.
• assertions: the findMappings() API previously returned a list of mappings, but now returns a map of logical id to mapping.

Features

• assertions: capture matching value (#16426) (cc74f92)
• assertions: findXxx() APIs now includes the logical id as part of its result (#16454) (532a72b)
• assertions: match into serialized json (#16456) (fed30fc)
• batch: fargate support for jobs (#15848) (066bcb1), closes #13591 #13590 #13591
• cfnspec: cloudformation spec v41.1.0 (#16472) (28875f9)
• cfnspec: cloudformation spec v41.1.0 (#16524) (124a7a1)
• cfnspec: cloudformation spec v41.2.0 (#16550) (e047bd8)
• ec2/ecs: cacheInContext properties for machine images (#16021) (430f50a), closes #12484
• ecs-service-extensions: Publish Extension (#16326) (c6c5941)
• glue: Job construct (#12506) (fc74110), closes #12443
• lambda: configure workdir for docker image based functions (#16111) (b3eafc2)
• lambda: use bundling docker image from ECR public for dotnet and go runtimes (#16281) (9bbfd18)
• neptune: add engine version 1.0.5.0 (#16394) (deaac4a), closes #16388
• pipeline: allow enabling KMS key rotation for cross-region Stacks (#16468) (2a629dd), closes #14381
• rds: region replication for generated secrets (#16497) (1e9d8be), closes #16480
• redshift: manage database users and tables via cdk (#15931) (a9d5118), closes #9815
• s3-deployment: enable efs support for handling large files in lambda (#15220) (2737119)
• sns: adding support for firehose subscription protocol (#15764) (18aff6b)
• stepfunctions-tasks: support Associate Workflow Executions on StepFunctionsStartExecution via associateWithParent property (#16475) (7d3b90b), closes #14778

Bug Fixes

• apigatewayv2: ApiMapping does not depend on DomainName (#16201) (1e247d8), closes #15464
• cloudformation-diff: cdk diff not picking up differences if old/new value is in format n.n.n (#16050) (38426c9), closes #15935
• config: the IGW mapping to correct resource type (#16464) (23d9b6a), closes #16463
• core: asset hash of symlinked dir is wrong (#16429) (36ff738)
• ec2: set proper role for --role argument of cfn-init (#16503) (cdbd65d), closes #16501
• logs: log retention fails with OperationAbortedException (#16083) (3e9f04d), closes aws#15709
• route53resolver: FirewallDomainList throws with wildcard domains (#16538) (643e5ee), closes #16527
• SSM API docs: Typo SecretString -> SecureString and note how SecureStrings cannot be created via CDK (#16228) (950e875)

1.123.0 (2021-09-16)

Features

• opensearch: rebrand Elasticsearch as OpenSearch (e6c4ca5), closes aws/aws-cdk#16467

1.122.0 (2021-09-08)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• assertions: hasOutput(props: any) becomes hasOutput(logicalId: string, props: any)
• assertions: findOutputs(props: any = {}) becomes findOutputs(logicalId: string, props: any = {})
• assertions: hasMapping(props: any) becomes hasMapping(logicalId: string, props: any)
• assertions: findMappings(props: any = {}) becomes findMappings(logicalId: string, props: any = {})

Features

• ec2: Allow ApplyCloudformationInitOptions to set additional params (#16121) (1d94646), closes #16004
• backup: option to prevent recovery point deletions (#16282) (6e71806)
• cli: hotswap deployments (#15748) (6e55c95)
• config: EC2_INSTANCE_PROFILE_ATTACHED managed rule (#16011) (816a319)
• ec2: rename SubnetTypes to improve clarity with EC2 conventions (#16348) (2023004), closes #15929
• ec2: vpc endpoint for aws keyspaces (#16306) (ad425d0)
• ecs-service-extensions: Subscribe Extension (#16049) (66baca5)
• elasticloadbalancingv2: ALPN policy support for NLB listener (#15956) (5427578)
• kms: support fromLookup in KMS key to get key by alias name (#15652) (34a57ed), closes #8822
• lambda: python 3.9 runtime (#16366) (a534829)
• pipelines: stack-level steps (#16215) (d499c85), closes #16148
• stepfunctions-tasks: await the eval so async ops can be passed to tasks.EvaluateExpression (#16290) (174b066)

Bug Fixes

• apigatewayv2: some methods of the defaultStage are not available without casting it to IHttpStage (#15607) (27a0113)
• assertions: output and mapping assertions do not accept logical id (#16329), closes #16242
• assets: run executable command of container assets in cloud assembly root directory (#16094) (c2852c9), closes #15721
• autoscaling: EbsDeviceVolumeType.IO2 is not a valid CloudFormation value (#16028) (492d33b), closes #16027
• cli: 'deploy' and 'diff' silently does nothing when given unknown stack name (#16150) (74776f3), closes #15866
• cloudwatch: cross account alarms does not support math expressions (#16333) (1ffd897), closes #16331
• core: allow asset bundling when selinux is enabled (#15742) (dbfebb4)
• iam: permissions boundary aspect doesn't always recognize roles (#16154) (c8bfcf6)
• stepfunctions-tasks: Athena StartQueryExecution includes QueryExecutionContext even when object is empty (#16141) (6e2a3e0), closes #16133 #16133

1.121.0 (2021-09-01)

Features

• assertions: 'not' matcher (#16240) (b838f95), closes #15868
• cloudfront-origins: add custom headers to S3Origin (#16161) (f42b233), closes #16160
• cfnspec: cloudformation spec v40.1.0 (#16254) (fe81be7)
• cli: support --no-rollback flag (#16293) (d763d90), closes #16289
• core: normalize line endings in asset hash calculation (#16276) (01bf6e2)
• ec2: add m6i instances (#16081) (a42a1ea)
• ecs: add support for Fargate PV1.4 ephemeral storage (#15440) (f1bf935), closes #14570
• ecs-patterns: add capacity provider strategies to queue processing service pattern (#15684) (f40e8d6), closes #14781
• ecs-patterns: Allow configuration of SSL policy for listeners created by ECS patterns (#15210) (2c3d21e), closes #11841 #8816
• route53resolver: DNS Firewall (#15031) (ffdcd94)
• stepfunctions-tasks: support allocation strategies in EMR CreateCluster (#16296) (5a5da57), closes #16252
• synthetics: add Python runtime and latest Nodejs runtime (#16069) (de218ba), closes #15138 #16177

Bug Fixes

• apigatewayv2: api mapping key with two hyphens is disallowed (#16204) (0889564), closes #15948
• rds: fromDatabaseInstanceAttributes() incorrectly stringifies ports with tokens (#16286) (41b831a), closes #11813
• core: inconsistent analytics string across operating systems (#16300) (ff6082c), closes #15322
• elasticloadbalancingv2: target group health check does not validate interval versus timeout (#16107) (a85ad39), closes #3703

1.120.0 (2021-08-26)

Features

• assertions: queries and assertions against the Outputs and Mappings sections (#15892) (90f95e1)
• stepfunctions: add support to heartbeat error inside catch block (#16078) (2372b3c), closes #16084
• cfnspec: cloudformation spec v40.0.0 (#16183) (b059124)
• cloudwatch: add support for cross-account alarms (#16007) (e547ba0), closes #15959
• codecommit: make Repository a source for CodeStar Notifications (#15739) (ae34d4a)
• cognito: user pools - device tracking (#16055) (64019bb), closes #15013
• docdb: cluster - deletion protection (#15216) (0f7beb2)
• ecs: add support for Bottlerocket on ARM64 (#15454) (cd280a8), closes #14466
• lambda: nodejs14.x supports inline code (#16131) (305f683)
• rds: support 's3export' for Postgres database instances (#16124) (1d54a45), closes #14546 #10370 #14546
• s3-deployment: exclude and include filters (#16054) (d42e89e), closes #14362 #14362

Bug Fixes

• apigatewayv2: http api - disallow empty string as domain name (#16044) (9c39bcb)
• appsync: addSubscription only allows for field type (#16097) (000d151), closes #10078 #16071
• cfnspec: changes to resource-level documentation not supported (#16170) (82e4b4f)
• cli: Python init template does not work in directory with '-' (#15939) (3b2c790), closes #15938
• cli: unknown command pytest in build container fails integration tests (#16134) (0f7c0b4), closes #15939
• resourcegroups: ResourceGroup not using TagType.STANDARD, causes deploy failure (#16211) (cdee1af), closes #12986
• s3: bucket is not emptied before update when the name changes (#16203) (b1d69d7), closes #14011
• ses: drop spam rule appears in the incorrect order (#16146) (677fedc), closes #16091
• sqs: unable to import a FIFO queue when the queue ARN is a token (#15976) (a1a65bc), closes #12466
• ssm: StringParameter.fromStringParameterAttributes cannot accept version as a numeric Token (#16048) (eb54cd4), closes #11913
• ec2: fix vpc endpoint incorrect issue in China region (#16139) (0d0db38), closes #9864
• eks: insecure kubeconfig warning (#16063) (82dd282), closes #14560

1.119.0 (2021-08-17)

Features

• apigatewayv2: http api - domain url for a stage (#15973) (bb5d587), closes #15801
• assets: exclude "cdk.out" from docker assets (#16034) (84a831a), closes #14841 #14842
• aws-apigateway: import existing usage plan (#15771) (97fc290), closes #12677
• cfnspec: cloudformation spec v39.9.0 (#15987) (e0d6181)

Bug Fixes

• core: asset bundling fails for non-existent user (#15313) (bf5882f), closes #15415
• ec2: opaque error when insufficient NAT EIPs are configured (#16040) (a308cac), closes #16039
• events: cross-account event targets that have a Role are broken (#15717) (f570c94), closes #15639
• pipelines: repos with dashes cannot be used as additionalInputs (#16017) (400a59d), closes #15753
• s3-deployment: BucketDeployment doesn't validate that distribution paths start with "/" (#15865) (f8d8795), closes #9317

1.118.0 (2021-08-10)

Features

• aws-elbv2: ALB target group routing algorithms (#15622) (6b32b2f), closes #15160
• cognito: add support for token revocation in UserPoolClient (#15317) (8cb0e97), closes #15126
• pipelines: add synthCodeBuildDefaults (#15627) (04b8d40)

Bug Fixes

• ec2: "clientVpnEndoint" => "clientVpnEndpoint" (#14902) (c3b872a), closes #13810

1.117.0 (2021-08-05)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• assertions: Template.fromTemplate() is now renamed to Template.fromJSON() to provide clarity.
• assertions: TemplateAssertions is now renamed to Template.

Features

• aws-cloudfront: add enabled to web distribution (#15433) (7ad9348)
• aws-ec2: Add SubnetFilter for Id and CIDR netmask (#15373) (407b02d), closes #15228
• aws-kinesisfirehose: support for S3 destination encryption on DeliveryStream (#15558) (3888773), closes #15555
• cfnspec: cloudformation spec v39.8.0 (#15885) (60e6b41)
• cloudfront: Origin Shield support (#15453) (08ebbae), closes #12872
• cloudfront: use TLS_V1_2_2021 SecurityPolicy as default version (under feature flag) (#15477) (7b64abf)
• ec2: Add Transcribe interface endpoint (#15465) (929d6ae)
• eks: support Kubernetes 1.21 (#15774) (83dd318), closes #15758
• kinesisfirehose: add metrics functions to IDeliveryStream (#15618) (33909ed), closes #15543
• kinesisfirehose: add support for backing up source records to S3 (#15725) (b86062f), closes #15724
• kinesisfirehose: add support for BufferingHints (#15557) (099b584), closes #15554
• kinesisfirehose: add support for Lambda data processors (#15704) (6244a81), closes #15703
• kinesisfirehose: add support for server-side encryption on DeliveryStream (#15547) (74f3cda), closes #15546
• kinesisfirehose: supports Kinesis data stream source for delivery stream (#15836) (afd5bf7), closes #15500 #10783
• kinesisfirehose-destinations: add support for compression on S3 delivery stream destinations (#15550) (1eb56a0), closes #15548
• kinesisfirehose-destinations: add support for prefixes in the S3 destination (#15552) (d227e48), closes #15551
• lambda: cloudwatch lambda insights (#15439) (9efd800)
• Route53: add support for RemovalPolicy in CrossAccountZoneDelegationRecord (#15782) (9eea4b8), closes #15211
• s3-deployment: control object access (#15730) (f58cf3c)
• servicecatalog: add CloudFormation Parameter constraint (#15770) (58fda91)
• stepfunctions-tasks: add sns publish with message attributes (#14817) (bc99e82), closes #4702

Bug Fixes

• assert: module is incompatible with jest@27 (#15666) (f446566)
• appsync: graphqlapi throws incorrect error message for authorizationConfig (#15830) (1f23313), closes #15039
• eks: Allow desiredsize minsize and maxsize to accept CfnParameters. (#15487) (fb43769)
• chatbot: ARN validation in fromSlackChannelConfigurationArn fails for tokenized values (#15849) (440ca35), closes #15842
• cli: move fail option into the diff command (#15829) (473c1d8)
• ec2: volumename doesn't set name of volume (#15832) (b842702), closes #15831
• elbv2: unresolved listener priority throws error (#15804) (fce9ac7)
• pipelines: Prepare stage doesn't have AUTO_EXPAND capability (#15819) (a6fac49), closes #15711
• s3: notifications are broken in some regions (#15884) (ee19196)
• stepfunctions-tasks: Stage field not included in CallApiGatewayHttpApiEndpoint task definition (#15755) (4f38fe1), closes #14242

Miscellaneous Chores

• assertions: migrate more modules to use assertions (#15857) (45b484c)
• assertions: rename TemplateAssertions to Template (#15823) (823dfda)

1.116.0 (2021-07-28)

Features

• assertions: retrieve matching resources from the template (#15642) (a8b1c47)
• aws-kinesisfirehose: DeliveryStream API and basic S3 destination (#15544) (1b5d525), closes #10810 #15499
• cfnspec: cloudformation spec v39.7.0 (#15719) (2c4ef01)
• cfnspec: cloudformation spec v39.7.0 (#15796) (dbe4641)
• codebuild: add support for setting a BuildEnvironment Certificate (#15738) (76fb481), closes #15701
• core: lazy mappings will only synthesize if keys are unresolved (#15617) (32ed229)
• pipelines: CDK Pipelines is now Generally Available (#15667) (2e4cfae)
• servicecatalog: add ability to set launch Role and deploy with StackSets (#15678) (c92548b)
• stepfunctions: allow intrinsic functions for json path (#15320) (d9285cb)

Bug Fixes

• aws-cloudwatch: unable to use generic extended statistics for cloudwatch alarms (#15720) (f593311)
• elasticsearch: advancedOptions in domain has no effect (#15330) (81cbfec), closes #14067
• elasticsearch: slow logs incorrectly disabled for Elasticsearch versions lower than 5.1 (#15714) (91cf79b), closes #15532 #15532
• pipelines: Secrets Manager permissions not added to asset projects (#15718) (7668400), closes #15628
• stepfunctions: non-object arguments to recurseObject are incorrectly treated as objects (#14631) (e133bca), closes #12935 aws-cdk/aws-stepfunctions/lib/input.ts#L65
• stepfunctions-tasks: instance type cannot be provided to SageMakerCreateTransformJob as input path (#15726) (6f2384d)

1.115.0 (2021-07-21)

Features

• apigatewayv2: websocket - callback url (#15227) (349de7c), closes #14836
• apigatewayv2-integrations: http private integrations - tls config (#15469) (6453769), closes #14036
• appsync: optional operation parameter for lambdaRequest mapping template (#15283) (efd2e68), closes #15274 #14079
• aws-efs: grant support on FileSystem (#14999) (09591c6), closes #14998
• cli: add ability to specify an external id for the deploy-role (#15604) (2647cf3)
• lambda-nodejs: source map mode (#15621) (b934976), closes #14857
• pipelines: confirm IAM changes before starting the deployment (#15441) (ebba618), closes #12748
• rds: allow setting copyTagsToSnapshot on Clusters (#15553) (f7c6289), closes #15521
• servicecatalog: Add stack event notification constraint (#15610) (4e40db3)
• servicecatalog: Add TagOptions for portfolio (#15612) (e7760ee)

Bug Fixes

• appsync: update timestamp for apikey test (#15624) (9c4e51c), closes #15623
• cfnspec: make EndpointConfiguration of AWS::Serverless::Api a union type (#15526) (dd38eff)
• cli: cdk deploy is listing deprecated ids (#15603) (22f2499)
• iam: PrincipalWithConditions.addCondition does not work (#15414) (fdce08c)
• pipelines: CodeBuildStep.partialBuildSpec not used, buildspec control for legacy API (#15625) (d8dc818), closes #15169
• pipelines: new pipeline stages aren't validated (#15665) (309b9b4)
• pipelines: permissions check in legacy API does not work (#15660) (5e3cf2b)
• pipelines: unresolved source names aren't handled properly (#15600) (4b7116d), closes #15592

1.114.0 (2021-07-15)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• appmesh: prefixPath property in HttpGatewayRouteMatch has been renamed to path, and its type changed from string to HttpGatewayRoutePathMatch
• servicecatalog: AcceptLanguage enum has been renamed to MessageLanguage, and fields that accepted this enum have been updated to reflect this change.
• servicecatalog: property acceptLanguage in PortfolioShareOptions has been renamed to messageLanguage.
• servicecatalog: property acceptLanguage in PortfolioProps has been renamed to messageLanguage.
• servicecatalog: property acceptLanguage in CloudFormationProductProps has been renamed messageLanguage.
• appmesh: prefixPath property in HttpRouteMatch has been renamed to path, and its type changed from string to HttpRoutePathMatch

Features

• appmesh: add Route matching on path, query parameters, metadata, and method name (#15470) (eeeec5d)
• appmesh: add support for Gateway Route request matching and path rewriting (#15527) (1589ff8), closes #15305
• appmesh: the App Mesh Construct Library is now Generally Available (stable) (#15560) (718d143), closes #9489
• aws-ecs: New CDK constructs for ECS Anywhere task and service definitions (#14931) (3592b26)
• bootstrap: widen lookup role permissions for future extension (#15423) (cafdd3c)
• cfnspec: cloudformation spec v39.5.0 (#15536) (c98e40e)
• pipelines: revised version of the API (#12326) (165ee3a), closes #10872
• servicecatalog: Add portfolio-product association and tag update constraint (#15452) (b06f7bf)

Bug Fixes

• ecr-assets: There is already a Construct with name 'Staging' when using tarball image (#15540) (594d7c6)

1.113.0 (2021-07-12)

Features

• assets: docker images from tar file (#15438) (76f06fc), closes #15419
• codepipeline-actions: support combining batch build artifacts in CodeBuildAction (#15457) (0952f1f), closes #15455
• events: cross-region event rules (#14731) (c62afe9)

Bug Fixes

• aws-ecs: token is added to Options instead of SecretOptions in SplunkLogDriver (#15408) (23abe22)

1.112.0 (2021-07-09)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• appmesh: the class HttpHeaderMatch has been renamed to HeaderMatch
• appmesh: the class HttpRouteMatchMethod has been renamed to HttpRouteMethod
• appmesh: ServiceDiscovery.cloudMap() method has been changed to accept positional arguments

Features

• acm: DaysToExpiry metric (#15424) (ff044ed)
• appmesh: add support for shared Meshes (#15353) (6a68873)
• appmesh: allow setting the DnsResponseType in DNS ServiceDiscovery (#15388) (647acfa)
• appmesh: rename the class HttpHeaderMatch to HeaderMatch (#15468) (d88b45e)
• appmesh: rename the class HttpRouteMatchMethod to HttpRouteMethod (#15466) (fc01d22)
• autoscaling: ScalingEvents.TERMINATION_EVENTS (#15302) (af7ad2c)
• aws-elasticloadbalancingv2: Allow listing added listeners on application load balancers (#15259) (a80ad42), closes #11841
• cfnspec: cloudformation spec v39.3.0 (#15446) (71c0a4c)
• cloudwatch: allow arbitrary statistics in Metric and Alarm (#15387) (86a44f9)
• core: add docker security option to asset bundling (#15204) (cbee18a), closes #14681
• ec2: add rds-data vpc endpoint (#15240) (e61a5b8)
• events: DLQ and retry policy support for BatchJob target (#15308) (5ecf257), closes #15238
• pipelines: Docker registry credentials (#15364) (e289822), closes #10999 #11774

Bug Fixes

• autoscaling: scaling intervals are incorrect if the bottom one does not start at 0 (#15345) (bf6f7ef), closes #10141
• build: explicit non-private package not respected in packaging (#15435) (31e6b1a), closes #15203
• cfnspec: .npmignore generated by cfnspec does not pass pkglint (#15409) (c432d48), closes #15064
• cli: prevent 'Failed resources:' message when no failures and report all progress steps (#15207) (f3c1b6d)
• codebuild: merge spec correctly when using strings (#15429) (3a65b9c)
• events: Archive event pattern fields are not translated correctly (#15376) (afa5de1), closes #14905
• iam: remove incorrect normalization of principal (#15248) (850cba0), closes #14274 #14274
• iam: set principalAccount in AccountPrincipal and PrincipalWithConditions (#15430) (b95ee44)
• lambda-nodejs: pnpm exec args separator order (#15410) (1d19b3b), closes #15164
• pipelines: singlePublisherPerType overwrites assets buildspec file of other pipelines (#15356) (48dd771)
• pipelines: unable to add assets stage to existing VPC pipeline (#15401) (b010239), closes #14343

Reverts

• migration: add constructs migration to rewrite script (#15461) (adee46c), reverts #14916

1.111.0 (2021-07-01)

Features

• assertions: 'arrayWith' and 'objectLike' matchers (#15195) (20e2b79)
• cdk-assets: externally-configured Docker credentials (#15290) (e530195), closes #10999 #11774
• cfnspec: cloudformation spec v39.3.0 (#15311) (94eb3a8)
• cfnspec: cloudformation spec v39.3.0 (#15362) (5d0954a)
• cli: add option --security-only to diff (#15374) (6b639be)
• cloudwatch: revert trimmed mean stat in graph widgets (#15368) (d630d7f)
• cloudwatch: trimmed mean stat in graph widgets (#15316) (60f6d82)
• codebuild: improve merging of BuildSpecs (#15332) (e68087d), closes #15169
• ecs: Adding support for secretOptions in Firelens log driver (#15351) (c3096ea), closes #8174
• secretsmanager: Allow cross account grant (#14834) (ea40cfe)
• servicecatalog: initial implementation of the Product construct (#15185) (fe3e0f2)
• servicecatalogappregistry: allow Applications to associate with AttributeGroups and Stacks (#15371) (06619fe)
• sns: add sns service trust to keys for encrypted queue subscriptions (#14960) (ccc2e30), closes #2504
• sqs: add support for high throughput fifo (#15202) (d0c9602), closes #15063
• stepfunctions-tasks: add EventBridgePutEvents task integration (#15165) (1799f4c), closes #15033

Bug Fixes

• aws-elasticloadbalancingv2: cannot clear access logging bucket prefix (#15149) (2e93fb9), closes #14044
• cloudfront: cannot set header including 'authorization' in OriginRequestPolicy (#15327) (3a2f642), closes #15286
• codepipeline-actions: reduce S3SourceAction role permissions to just the key (#15304) (d2c76aa), closes #15112
• core: unresolved tokens in generated nested stack outputs (#15380) (62e552c), closes #15155
• eks: kubectl version 1.21.0 breaks object pruning (#15314) (74da5c1), closes #15072
• pipelines: artifact bucket permissions missing for in-account deployments (#15348) (2a5e288), closes #15307
• stepfunctions-tasks: EcsRunTask containerOverrides throws if container name doesn't match construct ID (#15190) (5f59787), closes #15171

1.110.1 (2021-06-28)

Bug Fixes

• eks: kubectl version 1.21.0 breaks object pruning (#15314) (623689d), closes #15072

1.110.0 (2021-06-24)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• appmesh: static methods from TlsValidationTrust have been changed to accept positional arguments
• appmesh: static methods from TlsCertificate have been changed to accept positional arguments
• appmesh: the type TlsListener has been renamed to ListenerTlsOptions

Features

• appmesh: allow configuring mutual TLS (#15101) (e47a01f), closes /github.com/aws/aws-cdk/pull/14782#discussion_r636334863 #12733
• assertions: an initial version of the CDK 'assert' library, now experimentally available in all supported languages (#15173) (367fe7e)
• cli: read outputs-file parameter from cdk.json (#15095) (9e933ca), closes #14307
• cloudwatch: use string instead of any for cloudwatch dimension values (#15097) (dc3cf13), closes #14978
• codepipeline: allow granting manual approval permissions (#15102) (b2037d3)
• dynamodb: allow using Kinesis stream in Table (#15199) (7bc6c6e), closes #14534
• eks: taints for managed node groups (#14792) (0556e6b)
• events: allows importing event bus from name (#15087) (e39b6c5), closes #14072
• msk: IAM access control for clusters (#14647) (1fe680c)
• msk: use L2 ACM PCA in cluster authentication props (#15110) (aa86a24)
• pipelines: add pre-install commands to asset action (#15067) (f238779)
• s3: notifications to existing buckets (#15158) (7d218c2), closes #2004
• secretsmanager: automatically grant permissions to rotation Lambda (#14882) (ad283b6)
• servicecatalogappregistry: initial L2 construct for Application (#15140) (881737c)
• servicecatalogappregistry: Initial L2 construct for Attribute Group (#15282) (4330fe8)
• synthetics: support canary environment variables (#15082) (df9f13f), closes #10515 #9300

Bug Fixes

• amplify: deployment does not remove basic auth (#15243) (e5c0d59), closes #15028
• bootstrap: deploy-role could directly access buckets in target account (#15192) (d04e288), closes #12985 #14082 #13422
• cdk-assets: content type not correctly set when publishing files (#15069) (9b1a4f9)
• core: 1 hour renders as 60 minutes (#15125) (adcd8c3)
• core: parsing an ARN with a slash after a colon in the resource part fails (#15166) (16b8a4e), closes /github.com/aws/aws-cdk/pull/15140/files#r653112073
• elasticsearch: Domain.fromDomainAttributes gives "Invalid URL" when endpoint is a token (#15219) (ecb5af8), closes #15188
• lambda-nodejs: unstable asset hashes with bundling.nodeModules (#15229) (4b5418c), closes #15023
• servicecatalog: Portfolio fails validation when passed Tokens as its properties (#15208) (ce727c1)
• stepfunctions-tasks: checking for task token in EcsRunTask containerOverrides causes memory explosion (#15187) (af53798), closes #15124
• stepfunctions-tasks: instance type for SageMakerCreateTrainingJob cannot be specified dynamically through JSONPath (#15215) (9280d95), closes #11928

1.109.0 (2021-06-16)

Features

• apigateway: disable execute api endpoint (#14526) (b3a7d5b)
• aws-backup: Add arn attribute and grant method to backup vault (#14997) (04c0a07), closes #14996
• cfnspec: cloudformation spec v38.0.0 (#15044) (632d518)
• cfnspec: cloudformation spec v39.1.0 (#15144) (abc457e)
• cloudfront: add fromFile for CF functions (#14980) (31c9338), closes #14967
• codestarnotifications: new L2 constructs (#10833) (645ebe1), closes #9680
• core: allow user to provide docker --security-opt when bundling (#14682) (a418ea6)
• core: Support platform flag during asset build (#14908) (0189a9a)
• dynamodb: exposes schema method to return partition and sort key of table or secondary indexes (#15111) (1137eb7), closes #7680
• ecs-patterns: Add ability to configure VisibilityTimeout on QueueProcessing service pattern (#15052) (350d783)
• ecs-patterns: allow specifying security groups on ScheduledTask pattern (#15096) (6bdf1c0), closes #5213 #14220
• ecs-patterns: expose task target on ScheduledTask pattern (#15127) (c31c59a), closes #14971 #14953 #12609
• lambda-event-sources: streams - report batch item failures (#14458) (3d4a13e), closes #12654
• logs: make the addition of permissions to Lambda functions optional (#14222) (0c50ec9), closes #14198
• migration: add constructs migration to rewrite script (#14916) (37a4c8d)
• pipelines: add test commands to standard synth actions (#14979) (0bc8a8a)
• servicecatalog: initial implementation of the Portfolio construct (#15099) (203cc45)

Bug Fixes

• aws-iam: prevent adding duplicate resources and actions (#14712) (a8298cb), closes #13611
• cfn-include: NestedStack's Parameters are not converted to strings (#15098) (8ad33b8), closes #15092
• cli: cdk synth too eager with validation in Pipelines (#15147) (ae98e88), closes #14613 #15130
• cli: cdk synth doesn't output yaml for stacks with dependency stacks (#14805) (44feee6), closes #3721
• cli: deployment error traceback overwritten by progress bar (#14812) (d4a0af1), closes #14780
• cli: HTTP timeout is too low for some asset uploads (#13575) (23c58d6), closes #13183
• cli: option --all selects stacks in nested assemblies (#15046) (0d00e50)
• cli: partition is not being resolved at missing value lookup (#15146) (cc7191e), closes #15119
• cli: stack glob patterns only select one stack (#15071) (fcd2a6e)
• codebuild: Project's Role has permissions to the entire Bucket when using S3 as the source (#15112) (9d01b4f)
• codebuild: Secret env variable as token from another account fails on Key decryption (#14483) (91e80d7), closes #14477
• core: CloudFormation dynamic references can't be assigned to num… (#14913) (39aacc8), closes #14824
• ecs: TagParameterContainerImage cannot be used across accounts (#15073) (486f2e5), closes #15070
• kinesisanalytics-flink: set applicationName with L2 Application (#15060) (1de85f2), closes #15058
• lambda: deployment failure when layers are added to container functions (#15037) (8127cf2), closes #14143
• lambda-event-sources: kafka event source expects credentials even when accessed via vpc (#14804) (5eb1e75)
• pipelines: assets buildspec can exceed 25k size limit (#14974) (f7f367f)
• pipelines: PublishAssetsAction uses hard-coded role names (#15118) (bad9713)
• pipelines: self-update role assumes hard-coded role names (#14969) (cbd7552), closes #14877 #9271
• secretsmanager: support secrets rotation in partition 'aws-cn' (#14608) (5061a8d), closes #13385

1.108.1 (2021-06-11)

Features

• cfnspec: cloudformation spec v39.1.0 (af74354)

1.108.0 (2021-06-09)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• cfnspec: imageScanningConfiguration property of ecr.CfnRepository now accepts scanOnPush instead of ScanOnPush (notice the casing change).
• bootstrap: users of the modern bootstrap stack (notably: CDK Pipelines users) will need to re-run cdk bootstrap to update to bootstrap stack version '6'.

Features

• cfnspec: cloudformation spec v37.1.0 (#14951) (aee0f58)
• Parameterize bootstrap stack version (#14626) (a37108c)
• cli: new bootstrap supports cross-account lookups (#14874) (f66f4b8), closes #8905
• cognito: user pool - customize mfa message (#14241) (a12db62)
• custom-resources: support custom lambda role in provider framework (#12131) (bc01207), closes #12126
• ec2: Implement UserData methods in MultipartUserData (#14347) (d1b6ce4)
• ecs: Adding support for ECS Exec (#14670) (b35328c)
• ecs-patterns: Add Load Balancer name to ApplicationLoadBalancedFargateService props (#14831) (c432fb4)
• ecs-patterns: Add support for Docker labels to ECS Patterns (#14783) (00c11b5)
• elb: set accessLoggingPolicy property with L2 LoadBalancer (#14983) (252dfa2), closes #14972
• events: support embedded string variables (#13487) (a5d27aa), closes #9191 #9191
• kms: introduce fromCfnKey() method (#14859) (1ff5b9e), closes #9719 #14795 #14809
• route-53: add ability to create DS Records (#14726) (f0c9726)
• route53-targets: route53 record target (#14820) (b22da80), closes #14800
• s3: support ExpiredObjectDeleteMarker (#14970) (f932e0f), closes #14752

Bug Fixes

• apigatewayv2: http api - default route does not use the default authorizer (#14904) (25412a6)
• cli: cross account docker image assets upload no longer works (#14816) (14fbb11), closes #14815
• cli: image publishing role doesn't have docker pull permissions (#14662) (beaffa9), closes #14656
• core: property overrides fail for references (#15018) (ebac8bc)
• docs: fixed typos in documentation (#14760) (ced9b38)
• ec2: add missing entry for XLARGE3 (#14750) (af6d49f)
• ecs: Can't enable both Fargate and ASG capacity providers on ECS Cluster (#15012) (6b2d0e0), closes #14730
• events: AwsApi warns if service does not exist (#13352) (3bad98f), closes #13090
• lambda-nodejs: pnpm exec command (#14954) (df16d40), closes #14757 #14772
• s3: autoDeleteObjects had redundant GetObject* permissions (#14573) (f9be15d), closes #14572
• stepfunctions: repeated object references not allowed even if not a circular reference (#14628) (486990f), closes #14596

1.107.0 (2021-06-02)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• appmesh: the creation property clientPolicy in VirtualNode has been renamed to tlsClientPolicy, and its type changed to TlsClientPolicy
• appmesh: to create TlsClientPolicy, validation property must be defined.
• appmesh: the creation property tlsCertificate in VirtualNode has been renamed to tls, and its type changed to TlsListener
• appmesh: the tlsMode property has been removed from the options when creating a TlsCertificate, moved to the new TlsListener interface, and renamed mode

Features

• cfnspec: cloudformation spec v37.0.0 (#14873) (8bb4357)
• cloudfront: add L2 support for CloudFront functions (#14511) (40d2ff9)
• eks: support Kubernetes 1.20 (#14758) (1956ef6), closes #14756
• pipelines: allow switching to one CodeBuild action for same-typed assets (#13803) (ed72ad3)

Bug Fixes

• appmesh: introduce the TlsClientPolicy and TlsValidation concepts (#14782) (8263c78), closes #12733
• appmesh: TLS mode is set on the Certificate class (#14856) (061fd55)
• elasticsearch: 'r6gd' not marked as supported type for instance storage (#14894) (d07a49f), closes #14773
• lambda-nodejs: cannot bundle locally when consuming a node module with a NodejsFunction (#14914) (52da59c), closes #14739
• rds: Add exception throw when az is defined for multi-az db instance (#14837) (fd8445f), closes #10949

1.106.1 (2021-05-26)

Bug Fixes

• secretsmanager: revert "Automatically grant permissions to rotation Lambda (#14471)", fixes #14868

1.106.0 (2021-05-25)

Features

• ecs-service-extensions: allow taskRole to be passed in on creation of an ECS service (3e257a0)
• appmesh: add IAM grants for StreamAggregatedResources (#13596) (f4a2938), closes #11639
• cfnspec: cloudformation spec v36.0.0 (#14791) (3a9f56d)
• dynamodb: add ability to enable contributor insights on Table (#14742) (3c7a89d)
• lambda: support Principal conditions in Permission (#14674) (b78a1bb), closes #8116
• lambda-nodejs: pnpm support (#14772) (b02311c), closes #14757

Bug Fixes

• cognito: user pool - phoneNumberVerified attribute fails deployment (#14699) (cd2589f), closes #14175
• iam: permissions boundaries not added to custom resource roles (#14754) (f36feb5), closes #13310
• lambda: changing reserved concurrency fails lambda version deployment (#14586) (f47d5cb), closes #11537
• lambda-nodejs: esbuild detection with Yarn 2 in PnP mode (#14739) (5c84696)
• pipelines: self-update build fails with named pipeline stack (#14729) (eff9c75), closes #10782

1.105.0 (2021-05-19)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• lambda-nodejs: using banner and footer now requires esbuild >= 0.9.0

Features

• apigatewayv2: http api - lambda authorizer (#13181) (4da78f6), closes #10534
• custom-resources: restrict output of AwsCustomResource to list of paths (#14041) (773ca8c), closes #2825
• stepfunctions: Add support for ResultSelector (#14648) (50d486a), closes #9904

Bug Fixes

• cli: Updated typo user to uses (#14357) (7fe329c)
• core: cannot determine packaging when bundling that produces an archive is skipped (#14372) (163e812), closes #14369
• ecr: add validations for ECR repository names (#12613) (396dca9), closes #9877
• lambda: unable to access SingletonFunction vpc connections (#14533) (49d18ab), closes #6261
• lambda-nodejs: banner and footer values not escaped (#14743) (81aa612), closes #13576
• pipelines: self-mutating builds cannot be run in privileged mode (#14655) (73b9b4a), closes #11425
• pipelines: stackOutput generates names too long to be used in useOutputs (#14680) (d81e06d), closes #13552
• pipelines: synth fails if 'aws-cdk' is not in package.json (#14745) (0b8ee97), closes #14658

1.104.0 (2021-05-14)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• apigatewayv2: setting the authorizer of an API route to HttpNoneAuthorizer will now remove any existing authorizer on the route

Features

• appsync: elasticsearch data source for graphql api (#14651) (2337b5d), closes #6063
• cfnspec: cloudformation spec v35.2.0 (#14610) (799ce1a)
• cloudwatch: GraphWidget supports period and statistic (#14679) (b240f6e)
• cloudwatch: time range support for GraphWidget (#14659) (010a6b1), closes #4649
• ecs: add support for EC2 Capacity Providers (#14386) (114f7cc)
• secretsmanager: Automatically grant permissions to rotation Lambda (#14471) (85e00fa)

Bug Fixes

• apigatewayv2: authorizer is not removed when HttpNoneAuthorizer is used (#14424) (3698a91)
• ecs: Classes FargateService and Ec2Service have no defaultChild (#14691) (348e11e), closes #14665
• events-targets: circular dependency when adding a KMS-encrypted SQS queue (#14638) (3063818), closes #11158
• lambda: custom resource fails to connect to efs filesystem (#14431) (10a633c)
• lambda-event-sources: incorrect documented defaults for stream types (#14562) (0ea24e9), closes #13908
• lambda-nodejs: handler filename missing from error message (#14564) (256fd4c)

1.103.0 (2021-05-10)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• appmesh: HealthChecks require use of static factory methods
• apigatewayv2: The metricXXX methods are no longer available in the IApi interface. The existing ones are moved into IHttpApi and new ones will be added to IWebsocketApi.
• apigatewayv2: The metricXXX methods are no longer available in the IStage interface. The existing ones are moved into IHttpStage and new ones will be added to the IWebsocketStage.
• lambda-nodejs: the default runtime version for NodejsFunction is now always NODEJS_14_X (previously the version was derived from the local NodeJS runtime and could be either 12.x or 14.x).

Features

• appmesh: change HealthChecks to use protocol-specific union-like classes (#14432) (063ddc7)
• aws-ecs: Expose logdriver "mode" property (#13965) (28fce22), closes #13845
• cloudwatch: validate parameters for a metric dimensions (closes #3116) (#14365) (4a24d61)
• docdb: Support multiple security groups to DatabaseCluster (#13290) (1a97b66)
• elbv2: preserveClientIp for NetworkTargetGroup (#14589) (d676ffc)
• kinesis: Basic stream level metrics (#12556) (5f1b576), closes #12555
• kms: allow specifying key spec and key usage (#14478) (10ae1a9), closes #5639
• lambda-go: higher level construct for golang lambdas (#11842) (0948cc7)
• msk: Cluster L2 Construct (#9908) (ce119ba)

Bug Fixes

• apigatewayv2: incorrect metric names for client and server-side errors (#14541) (551182e), closes #14503
• assert matches more than the template on multiple CDK copies (#14544) (f8abdbf), closes #14468
• apigatewayv2-integrations: fix broken lambda websocket integration uri (#13820) (f0d5c25), closes #13679
• cfn-include: correctly parse Fn::Sub expressions containing serialized JSON (#14512) (fd6d6d0), closes #14095
• cli: 'cdk deploy *' should not deploy stacks in nested assemblies (#14542) (93a3549)
• cli: synth fails if there was an error when synthesizing the stack (#14613) (71c61e8)
• lambda-nodejs: non-deterministic runtime version (#14538) (527f662), closes #13893
• ssm: dynamic SSM parameter reference breaks with lists (#14527) (3d1baac), closes #14205 #14476

1.102.0 (2021-05-04)

Features

• cfnspec: cloudformation spec v35.0.0 (#14411) (49e49e7)
• cfnspec: cloudformation spec v35.1.0 (#14518) (bcdff3d)
• cli: directly deploy stacks in nested assemblies (#14379) (5a6fa7f)
• elasticsearch: Support version 7.10 (#14320) (f3a830c)
• rds: allow turning on IAM authentication for Clusters (#13958) (0e59708), closes #13722
• synthetics: update CloudWatch Synthetics NodeJS runtime (#14157) (3283225)

Bug Fixes

• aws-cloudwatch: fix for space in alarm name in alarms for compos… (#13963) (7cdd541)
• cli: 'cdk synth' not able to fail if stacks have errors (#14475) (963d1c7)
• CodeBuild: add resource only once per secret (#14510) (affaaad)
• neptune: use correct L1 of DBParameterGroup (#14447) (057f61f), closes #14446
• rds: instance identifiers and endpoints of a Cluster are blank (#14394) (9597d97), closes #14377
• s3: urlForObject does not consider explicit bucket region (#14315) (e11d537)

1.101.0 (2021-04-28)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• neptune: InstanceType changed from enum to enum-like static factory.

Features

• autoscaling: add getter/setter for instance termination protection (#14308) (d3bdcfd), closes #14283
• aws-autoscaling: add support for NewInstancesProtectedFromScaleIn (#14283) (da9828b)
• custom-resources: AwsSdkCall can assume Role for cross-account custom resources (#13916) (a0690b9)
• ec2: create NAT Gateways with fixed IPs (#14250) (24c992a), closes #11884 #4067
• events: API Gateway target (#13823) (ce789bf), closes #12708
• iam: add imported user to a group (#13698) (bf513bc)
• neptune: change InstanceType to class that is built from string (#14273) (fc618f9), closes #13923
• route53: add support for parentHostedZoneName for CrossAccountZoneDelegationRecord (#14097) (572ee40)

Bug Fixes

• aws-ecs-patterns, aws-elasticloadbalancingv2: Pass TargetGroup ProtocolVersion as parameters to higher level constructs (#14092) (a655819), closes #14091
• codebuild: Secret env variable from another account fails on Key decryption (#14226) (8214338), closes #14043
• codepipeline-actions: CodeCommit source action fails when it's cross-account (#14260) (1508e60), closes #12391 #14156
• ec2: r5ad instance-type has incorrect value (#14179) (c80e1cf)
• iam: unable to configure name of SAML Provider (#14296) (904202a), closes #14294
• pipelines: Use LinuxBuildImage.STANDARD_5_0 for Assets and UpdatePipeline stages (#14338) (f93d940)

1.100.0 (2021-04-20)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• appmesh: HTTP2 VirtualNodeListeners must be now created with Http2VirtualNodeListenerOptions
• appmesh: HTTP2 VirtualGatewayListeners must be now created with Http2VirtualGatewayListenerOptions
• codepipeline-actions: the Action ServiceCatalogDeployAction has been renamed to ServiceCatalogDeployActionBeta1
• codepipeline-actions: the type ServiceCatalogDeployActionProps has been renamed to ServiceCatalogDeployActionBeta1Props
• events-targets: The BatchJob integration now requires the arn and the Resource for the jobQueue and the jobDefinition
• lambda-event-sources: cluster was removed from ManagedKafkaEventSourceProps and replaced with clusterArn
• route53-targets: ApiGatewayv2Domain was replaced with ApiGatewayv2DomainProperties which accepts regionalDomainName and regionalHostedZoneId
• stepfunctions-tasks: CallApiGatewayHttpApiEndpoint API now requires the apiId and it's containing Stack
• stepfunctions-tasks: BatchSubmitJob now accept jobDefinitionArn, jobQueueArn and their respective Resource
• stepfunctions-tasks: RunBatchJob now accept jobDefinitionArn, jobQueueArn and their respective Resource

Features

• apigateway: integration timeout (#14154) (d02770e), closes #14123
• appmesh: add Connection Pools for VirtualNode and VirtualGateway (#13917) (8a949dc), closes #11647
• certificatemanager: allow tagging DnsValidatedCertificate (#13990) (8360feb), closes #12382 #12382
• codebuild: allow setting concurrent build limit (#14185) (3107d03)
• codepipeline: introduce the Action abstract class (#14009) (4b6a6cc)
• ecs: add support for elastic inference accelerators in ECS task defintions (#13950) (23986d7), closes #12460
• eks: Pass bootstrap.sh args to avoid DescribeCluster call and make nodes join the cluster faster (#12659) (f5616cc)
• secretsmanager: replicate secrets to multiple regions (#14266) (b3c288d), closes #14061

Bug Fixes

• codepipeline: incorrect determination of the Action's account when using an imported resource (#14224) (d88e915), closes #14165
• core: toJsonString() does not deal correctly with list tokens (#14138) (1a6d39f), closes #14088
• pipelines: incorrect BuildSpec in synth step if synthesized with --output (#14211) (0f5c74f), closes #13303
• rds: database instances cannot be to be referenced in a different region (#13865) (74c7fff), closes #13832

1.99.0 (2021-04-13)

Features

• elasticloadbalancing: rename 'sslCertificateId' property of LB listener to 'sslCertificateArn'; deprecate sslCertificateId property (#13766) (1a30272), closes #9303 #9303

Bug Fixes

• aws-cloudfront: distribution comment length not validated (#14020) (#14094) (54fddc6)
• aws-ecs-patterns: fixes #11123 allow for https listeners to use non Route 53 DNS if a certificate is provided (#14004) (e6c85e4)
• cfn-include: allow deploy-time values in Parameter substitutions in Fn::Sub expressions (#14068) (111d26a), closes #14047
• fsx: Weekday.SUNDAY incorrectly evaluates to 0 (should be 7) (#14081) (708f23e), closes #14080

1.98.0 (2021-04-12)

Features

• codepipeline-actions: introduce the CodeStarConnectionsSourceAction (#13781) (8782e67), closes #10632
• efs: graduate to stable 🚀 (#14033) (3c03d87)
• elasticloadbalancingv2: add grpc code matcher for alb (#13948) (a37f178), closes #13570 #13947
• region-info: graduate to stable 🚀 (#14013) (0d2755b)
• route-53: add ability to create NS Records (#13895) (02c7c1d), closes #13816

Bug Fixes

• apigateway: cannot remove first api key from usage plan (#13817) (036d869), closes #11876
• cloudfront: cannot use same EdgeFunction in multiple stacks (#13790) (8e2325c)
• lambda-nodejs: esbuild define parameters are incorrectly encoded (#14065) (5378a77), closes #13842
• rds: deploy fails with "SubnetGroup not found" (#13986) (ad326da), closes #13976
• route53: cannot set TTL to 0 (#14060) (ecc9bf3), closes #14039
• s3: SSL enforcement doesn't apply on top level bucket requests (#13961) (d0e831a), closes #13760
• stepfunctions: state machine name validation fails when tokens are used. (#13970) (58de0de), closes #13946 #13912

1.97.0 (2021-04-06)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• elasticsearch: vpcOptions was removed. Use vpc, vpcSubnets and securityGroups instead.

Features

• appmesh: Implement Outlier Detection for Virtual Nodes (#13952) (965f130)
• cx-api: graduate to stable 🚀 (#13859) (d99e13d)
• eks: Support secretsEncryptionKey in FargateCluster (#13866) (56c6f98)
• eks: Support bootstrap.sh --dns-cluster-ip arg (#13890) (56cd863)
• elasticsearch: graduate to stable 🚀 (#13900) (767cd31)
• s3-deployment: graduate to stable 🚀 (#13906) (567d64d)
• ses: graduate to stable 🚀 (#13913) (4f9a715)
• ses-actions: graduate to stable 🚀 (#13864) (24f8307)

Bug Fixes

• aws-rds: ServerlessCluster.clusterArn is not correct when clusterIdentifier includes upper cases string. (#13710) (a8f5b6c), closes #12795
• cli: broken java init template (#13988) (c6ca2ab), closes #13964
• cloudfront: Cache Policy headers enforce soft limit of 10 (#13904) (8a66244), closes #13425 #13903
• codepipeline-actions: EcrSourceAction triggers on a push to every tag (#13822) (c5a2add), closes #13818

1.96.0 (2021-04-01)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• globalaccelerator: automatic naming algorithm has been changed: if you have existing Accelerators you will need to pass an explicit name to prevent them from being replaced. All endpoints are now added by calling addEndpoint() with a target-specific class that can be found in @aws-cdk/aws-globalaccelerator-endpoints. The generated Security Group is now looked up by calling endpointGroup.connectionsPeer().
• docdb: DatabaseClusterProps.instanceProps was hoisted and all its properties are now available one level up directly in DatabaseClusterProps.
• docdb: DatabaseInstanceProps.instanceClass renamed to DatabaseInstanceProps.instanceType.
• core: The type of the image property in BundlingOptions is changed from BundlingDockerImage to DockerImage.
• core: The return type of the DockerImage.fromBuild() API is changed from BundlingDockerImage to DockerImage.

Features

• autoscaling-common: graduate to stable 🚀 (#13862) (2d623d0)
• chatbot: graduate to stable 🚀 (#13863) (2384cdd)
• cli: app init template for golang (#13840) (41fd42b), closes aws/jsii#2678
• cloudformation-diff: graduate to stable 🚀 (#13857) (294f546)
• docdb: graduate to stable 🚀 (#13875) (169c2fc)
• ec2: allow disabling inline security group rules (#13613) (793230c)
• elasticloadbalancingv2: graduate to stable 🚀 (#13861) (08fa5ed)
• fsx: graduate to stable 🚀 (#13860) (b2322aa)
• globalaccelerator: graduate to stable 🚀 (#13843) (8571008)
• lambda: switch bundling images from DockerHub to ECR public gallery (#13473) (e2e008b), closes #11296
• lambda-event-sources: support for batching window to sqs event source (#13406) (6743e3b), closes #11722 #11724 #13770
• lambda-event-sources: tumbling window (#13412) (e9f2773), closes #13411
• lambda-nodejs: graduate to stable 🚀 (#13844) (37a5502)

Bug Fixes

• aws-ecs: broken splunk-logging tag-option in fargate platform version 1.4 (#13882) (e9d9299), closes #13881
• cloudfront: auto-generated cache policy name might conflict cross-region (#13737) (4f067cb), closes #13629
• cloudfront: Origin Request Policy headers enforce soft limit of 10 (#13907) (9b0a6cf), closes #13410 #13903
• codebuild: allow passing the ARN of the Secret in environment variables (#13706) (6f6e079), closes #12703
• codebuild: take the account & region of an imported Project from its ARN (#13708) (fb65123), closes #13694
• codedeploy: script installing CodeDeploy agent fails (#13758) (25e8d04), closes #13755
• cognito: imported userpool not retaining environment from arn (#13715) (aa9fd9c), closes #13691
• core: BundlingDockerImage.fromAsset() does not return a BundlingDockerImage (#13846) (7176a5d)
• dynamodb: table with replicas fails to deploy with "Unresolved resource dependencies" error (#13889) (5c99d0d)
• iam: Role import doesn't fail when forgetting the region in the ARN (#13821) (560a853), closes #13812
• rds: fail with a descriptive error if Cluster's instance count is a deploy-time value (#13765) (dd22e8f), closes #13558
• yaml-cfn: do not deserialize year-month-date as strings (#13745) (ffea818), closes #13709

1.95.2 (2021-04-01)

• Upgrade a downstream dependency(pac-resolver) of the aws-cdk (the CDK CLI), to mitigate CVE-2021-28918 (13914) (794c951)

1.95.1 (2021-03-25)

Bug Fixes

• codebuild: module fails to load with error "Cannot use import statement outside a module" (b1ffd33), closes #13699 #13699

1.95.0 (2021-03-25)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• lambda-nodejs: The type of image property in the Bundling class is changed from BundlingDockerImage to DockerImage.
• lambda-nodejs: The type of dockerImage property in BundlingOptions is changed from BundlingDockerImage to DockerImage.
• apigatewayv2: The type of allowMethods property under corsPreflight section is changed from HttpMethod to CorsHttpMethod.
• lambda-nodejs: the default runtime of a NodejsFunction is now Node.js 14.x if the environment from which it is deployed uses Node.js >= 14 and Node.js 12.x otherwise.

Features

• acmpca: make the ACM PCA module Generally Available (stable) (#13778) (7ca79ff)
• apigatewayv2: http api - default authorizer options (#13172) (53d9661)
• cfnspec: cloudformation spec v31.0.0 (#13633) (9b1c786)
• cfnspec: cloudformation spec v31.1.0 (#13763) (41a2b2e)
• codepipeline-actions: Add detectChanges option to BitBucketSourceAction (#13656) (f2436bf)
• ec2: client vpn endpoint (#12234) (4fde59a), closes #4206
• events: retry-policy support (#13660) (7966f8d), closes #13659
• init-templates: app template comes with hint comments for 'env' (#13696) (b940710), closes #12321
• lambda-event-sources: msk and self-managed kafka event sources (#12507) (73209e1), closes #12099
• rds: make rds secret name configurable (#13626) (62a91b7), closes #8984
• sns: enable passing PolicyDocument to TopicPolicy (#10559) (0d9c300), closes #7934

Bug Fixes

• apigatewayv2: error while configuring ANY as an allowed method in CORS (#13313) (34bb338), closes #13280 #13643
• aws-ecs: drain hook lambda allows tasks to stop gracefully (#13559) (3e1148e), closes #13506
• codebuild: Fixed build spec file format to return yaml (#13445) (fab93c6)
• codedeploy: Use aws-cli instead of awscli for yum (#13655) (449ce12)
• codepipeline-actions: BitBucketAction fails with S3 "Access denied" error (#13637) (77ce45d), closes #13557
• core: toJsonString() cannot handle list intrinsics (#13544) (a5be042), closes #13465
• events,applicationautoscaling: specifying a schedule rate in seconds results in an error (#13689) (5d62331), closes #13566
• lambda: incorrect values for prop UntrustedArtifactOnDeployment (#13667) (0757686), closes #13586
• neptune: create correct IAM statement in grantConnect() (#13641) (2e7f046), closes #13640
• s3: Notifications fail to deploy due to incompatible node runtime (#13624) (aa32cf6)

• lambda-nodejs: prepare code to reduce merge conflicts when deprecated APIs are stripped (#13738) (ca391b5)
• lambda-nodejs: update default runtime (#13664) (ca42461)

1.94.1 (2021-03-16)

Bug Fixes

• s3: Notifications fail to deploy due to incompatible node runtime (#13624) (26bc3d4)

1.94.0 (2021-03-16)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• appmesh: Backend, backend default and Virtual Service client policies structures are being altered
• appmesh: you must use the backend default interface to define backend defaults in VirtualGateway. The property name also changed from backendsDefaultClientPolicy to backendDefaults
• appmesh: you must use the backend default interface to define backend defaults in VirtualNode, (the property name also changed from backendsDefaultClientPolicy to backendDefaults), and the Backend class to define a backend
• appmesh: you can no longer attach a client policy to a VirtualService

Features

• appmesh: add missing route match features (#13350) (b71efd9), closes #11645
• aws-elasticloadbalancingv2: add protocol version for ALB TargetGroups (#13570) (165a3d8), closes #12869
• ecs-patterns: Add ECS deployment circuit breaker support to higher-level constructs (#12719) (e80a98a), closes #12534 #12360

Bug Fixes

• appmesh: Move Client Policy from Virtual Service to backend structure (#12943) (d3f4284), closes #11996
• autoscaling: AutoScaling on percentile metrics doesn't work (#13366) (46114bb), closes #13144
• cloudwatch: cannot create Alarms from labeled metrics that start with a digit (#13560) (278029f), closes #13434
• use NodeJS 14 for all packaged custom resources (#13488) (20a2820), closes #13534 #13484
• ec2: Security Groups support all protocols (#13593) (8c6b3eb), closes #13403
• lambda: fromDockerBuild output is located under /asset (#13539) (77449f6), closes #13439
• region-info: ap-northeast-3 data not correctly registered (#13564) (64da84b), closes #13561

1.93.0 (2021-03-11)

Features

• amplify-domain: Added config for auto subdomain creation (#13342) (4c63f09)
• appmesh: add route retry policies (#13353) (66f7053), closes #11642
• cfnspec: cloudformation spec v30.1.0 (#13519) (7711981)
• codebuild: allow setting queued timeout (#13467) (e09250b), closes #11364
• dynamodb: custom timeout for replication operation (#13354) (6a5a4f2), closes #10249
• ec2: ESP and AH IPsec protocols for Security Groups (#13471) (f5a6647), closes #13403
• ec2: multipart user data (#11843) (ed94c5e), closes #8315
• ecr: add imageTagMutability prop (#10557) (c4dc3bc), closes #4640
• ecs: ability to access tag parameter value of TagParameterContainerImage (#13340) (e567a41), closes #13202
• ecs: allow users to provide a CloudMap service to associate with an ECS service (#13192) (a7d314c), closes #10057
• events: EventBus.grantPutEventsTo method for granular grants (#13429) (122a232), closes #11228
• events: dead-letter queue support for CodeBuild (#13448) (abfc0ea), closes #13447
• events: dead-letter queue support for StepFunctions (#13450) (0ebcb41), closes #13449
• events,applicationautoscaling: schedule can be a token (#13064) (b1449a1)
• iam: SAML identity provider (#13393) (faa0c06), closes #5320
• neptune: Support IAM authentication (#13462) (6c5b1f4), closes #13461
• region-info: added AppMesh ECR account for af-south-1 region (#12814) (b3fba43)
• stepfunctions-tasks: Support calling ApiGateway REST and HTTP APIs (#13033) (cc608d0), closes #11565 #11566 #11565

Bug Fixes

• cfn-include: allow boolean values for string-typed properties (#13508) (e5dab7c)
• ec2: fix typo's in WindowsImage constants (#13446) (781aa97)
• elasticloadbalancingv2: upgrade to v1.92.0 drops certificates on ALB if more than 2 certificates exist (#13490) (01b94f8), closes #13332 #13437
• events: imported EventBus does not correctly register source account (#13481) (57e5404), closes #13469
• iam: oidc-provider can't pull from hosts requiring SNI (#13397) (90dbfb5)
• iam: policy statement tries to validate tokens (#13493) (8d592ea), closes #13479
• init: Python init template's stack ID doesn't match other languages (#13480) (3f1c02d)
• stepfunctions: no validation on state machine name (#13387) (6c3d407), closes #13289

1.92.0 (2021-03-06)

• ecs-patterns: the desiredCount property stored on the above constructs will be optional, allowing them to be undefined. This is enabled through the @aws-cdk/aws-ecs-patterns:removeDefaultDesiredCount feature flag. We would recommend all CDK users to set the @aws-cdk/aws-ecs-patterns:removeDefaultDesiredCount flag to true for all of their existing applications.

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• apigatewayv2: HttpApiMapping (and related interfaces for Attributed and Props) has been renamed to ApiMapping
• apigatewayv2: CommonStageOptions has been renamed to StageOptions
• apigatewayv2: HttpStage.fromStageName has been removed in favour of HttpStage.fromHttpStageAttributes
• apigatewayv2: DefaultDomainMappingOptions has been removed in favour of DomainMappingOptions
• apigatewayv2: HttpApiProps.defaultDomainMapping has been changed from DefaultDomainMappingOptions to DomainMappingOptions
• apigatewayv2: HttpApi.defaultStage has been changed from HttpStage to IStage
• apigatewayv2: IHttpApi.defaultStage has been removed
• aws-appsync: RdsDataSource now takes a ServerlessCluster instead of a DatabaseCluster
• aws-appsync: graphqlapi.addRdsDataSource now takes databaseName as its fourth argument

Features

• apigateway: integrate with aws services in a different region (#13251) (d942699), closes #7009
• apigatewayv2: websocket api (#13031) (fe1c839), closes #2872
• aws-appsync: add databaseName to rdsDataSource (#12575) (f92b65e), closes #12572
• aws-events: Event Bus target (#12926) (ea91aa3), closes #9473
• aws-route53-targets: add global accelerator target to route53 alias targets (#13407) (2672a55), closes #12839
• aws-s3: adds s3 bucket AWS FSBP option (#12804) (b9cdd52), closes #10969
• cfnspec: cloudformation spec v28.0.0 (#13101) (13c9859)
• cfnspec: cloudformation spec v29.0.0 (#13249) (6318e26)
• cfnspec: cloudformation spec v30.0.0 (#13365) (ae0185d)
• cli: Configurable --change-set-name CLI flag (#13024) (18184df), closes #11075 #12683
• cloudwatch: EC2 actions (#13281) (319cfcd), closes #13228
• cognito: user pools - sign in with apple (#13160) (b965589)
• core: description parameter in the CustomResourceProvider (#13275) (78831cf), closes #13277 #13276
• core: customize bundling output packaging (#13152) (6eca979)
• ec2: Add VPC endpoint for RDS (#12497) (fc87574), closes #12402
• ecs: add port mappings to containers with props (#13262) (f511639), closes #13261
• ecs: allow selection of container and port for SRV service discovery records (#12798) (a452bc3), closes #12796
• ecs-patterns: Add support for assignPublicIp for QueueProcessingFargateService (#13122) (3fb4600), closes #12815
• ecs-patterns: remove default desiredCount to align with cfn behaviour (under feature flag) (#13130) (a9caa45)
• elasticloadbalancingv2: Add support for application cookies (#13142) (23385dd)
• elbv2: allow control of ingress rules on redirect listener (#12768) (b7b441f), closes #12766
• events: archive events (#12060) (465cd9c), closes #11531
• events: dead letter queue for Lambda Targets (#11617) (1bb3650), closes #11612
• lambda: code signing config (#12656) (778ea27), closes #12216
• lambda: Code.fromDockerBuild (#13318) (ad01099), closes #13273
• lambda: Code.fromDockerBuildAsset (#12258) (09afed5), closes #11914
• neptune: high level constructs for db clusters and instances (#12763) (c366837), closes aws#12762
• stepfunctions-tasks: add EKS call to SFN-tasks (#12779) (296a10d)
• synthetics: Update CloudWatch Synthetics NodeJS runtimes (#12907) (6aac3b6), closes #12906