Skip to content
Permalink
master
Switch branches/tags
Go to file
22 contributors

Users who have contributed to this file

@eladb @rix0rrr @iliapolo @RomainMuller @NetaNir @skinny85 @nija-at @shivlaks @njlynch @otaviomacedo @jogold @aws-cdk-automation
7635 lines (5688 sloc) 893 KB

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

1.123.0 (2021-09-16)

Features

1.122.0 (2021-09-08)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

  • assertions: hasOutput(props: any) becomes hasOutput(logicalId: string, props: any)
  • assertions: findOutputs(props: any = {}) becomes findOutputs(logicalId: string, props: any = {})
  • assertions: hasMapping(props: any) becomes hasMapping(logicalId: string, props: any)
  • assertions: findMappings(props: any = {}) becomes findMappings(logicalId: string, props: any = {})

Features

Bug Fixes

  • apigatewayv2: some methods of the defaultStage are not available without casting it to IHttpStage (#15607) (27a0113)
  • assertions: output and mapping assertions do not accept logical id (#16329), closes #16242
  • assets: run executable command of container assets in cloud assembly root directory (#16094) (c2852c9), closes #15721
  • autoscaling: EbsDeviceVolumeType.IO2 is not a valid CloudFormation value (#16028) (492d33b), closes #16027
  • cli: 'deploy' and 'diff' silently does nothing when given unknown stack name (#16150) (74776f3), closes #15866
  • cloudwatch: cross account alarms does not support math expressions (#16333) (1ffd897), closes #16331
  • core: allow asset bundling when selinux is enabled (#15742) (dbfebb4)
  • iam: permissions boundary aspect doesn't always recognize roles (#16154) (c8bfcf6)
  • stepfunctions-tasks: Athena StartQueryExecution includes QueryExecutionContext even when object is empty (#16141) (6e2a3e0), closes #16133 #16133

1.121.0 (2021-09-01)

Features

Bug Fixes

  • apigatewayv2: api mapping key with two hyphens is disallowed (#16204) (0889564), closes #15948
  • rds: fromDatabaseInstanceAttributes() incorrectly stringifies ports with tokens (#16286) (41b831a), closes #11813
  • core: inconsistent analytics string across operating systems (#16300) (ff6082c), closes #15322
  • elasticloadbalancingv2: target group health check does not validate interval versus timeout (#16107) (a85ad39), closes #3703

1.120.0 (2021-08-26)

Features

Bug Fixes

  • apigatewayv2: http api - disallow empty string as domain name (#16044) (9c39bcb)
  • appsync: addSubscription only allows for field type (#16097) (000d151), closes #10078 #16071
  • cfnspec: changes to resource-level documentation not supported (#16170) (82e4b4f)
  • cli: Python init template does not work in directory with '-' (#15939) (3b2c790), closes #15938
  • cli: unknown command pytest in build container fails integration tests (#16134) (0f7c0b4), closes #15939
  • resourcegroups: ResourceGroup not using TagType.STANDARD, causes deploy failure (#16211) (cdee1af), closes #12986
  • s3: bucket is not emptied before update when the name changes (#16203) (b1d69d7), closes #14011
  • ses: drop spam rule appears in the incorrect order (#16146) (677fedc), closes #16091
  • sqs: unable to import a FIFO queue when the queue ARN is a token (#15976) (a1a65bc), closes #12466
  • ssm: StringParameter.fromStringParameterAttributes cannot accept version as a numeric Token (#16048) (eb54cd4), closes #11913
  • ec2: fix vpc endpoint incorrect issue in China region (#16139) (0d0db38), closes #9864
  • eks: insecure kubeconfig warning (#16063) (82dd282), closes #14560

1.119.0 (2021-08-17)

Features

Bug Fixes

  • core: asset bundling fails for non-existent user (#15313) (bf5882f), closes #15415
  • ec2: opaque error when insufficient NAT EIPs are configured (#16040) (a308cac), closes #16039
  • events: cross-account event targets that have a Role are broken (#15717) (f570c94), closes #15639
  • pipelines: repos with dashes cannot be used as additionalInputs (#16017) (400a59d), closes #15753
  • s3-deployment: BucketDeployment doesn't validate that distribution paths start with "/" (#15865) (f8d8795), closes #9317

1.118.0 (2021-08-10)

Features

Bug Fixes

1.117.0 (2021-08-05)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

  • assertions: Template.fromTemplate() is now renamed to Template.fromJSON() to provide clarity.
  • assertions: TemplateAssertions is now renamed to Template.

Features

  • aws-cloudfront: add enabled to web distribution (#15433) (7ad9348)
  • aws-ec2: Add SubnetFilter for Id and CIDR netmask (#15373) (407b02d), closes #15228
  • aws-kinesisfirehose: support for S3 destination encryption on DeliveryStream (#15558) (3888773), closes #15555
  • cfnspec: cloudformation spec v39.8.0 (#15885) (60e6b41)
  • cloudfront: Origin Shield support (#15453) (08ebbae), closes #12872
  • cloudfront: use TLS_V1_2_2021 SecurityPolicy as default version (under feature flag) (#15477) (7b64abf)
  • ec2: Add Transcribe interface endpoint (#15465) (929d6ae)
  • eks: support Kubernetes 1.21 (#15774) (83dd318), closes #15758
  • kinesisfirehose: add metrics functions to IDeliveryStream (#15618) (33909ed), closes #15543
  • kinesisfirehose: add support for backing up source records to S3 (#15725) (b86062f), closes #15724
  • kinesisfirehose: add support for BufferingHints (#15557) (099b584), closes #15554
  • kinesisfirehose: add support for Lambda data processors (#15704) (6244a81), closes #15703
  • kinesisfirehose: add support for server-side encryption on DeliveryStream (#15547) (74f3cda), closes #15546
  • kinesisfirehose: supports Kinesis data stream source for delivery stream (#15836) (afd5bf7), closes #15500 #10783
  • kinesisfirehose-destinations: add support for compression on S3 delivery stream destinations (#15550) (1eb56a0), closes #15548
  • kinesisfirehose-destinations: add support for prefixes in the S3 destination (#15552) (d227e48), closes #15551
  • lambda: cloudwatch lambda insights (#15439) (9efd800)
  • Route53: add support for RemovalPolicy in CrossAccountZoneDelegationRecord (#15782) (9eea4b8), closes #15211
  • s3-deployment: control object access (#15730) (f58cf3c)
  • servicecatalog: add CloudFormation Parameter constraint (#15770) (58fda91)
  • stepfunctions-tasks: add sns publish with message attributes (#14817) (bc99e82), closes #4702

Bug Fixes

  • assert: module is incompatible with jest@27 (#15666) (f446566)
  • appsync: graphqlapi throws incorrect error message for authorizationConfig (#15830) (1f23313), closes #15039
  • eks: Allow desiredsize minsize and maxsize to accept CfnParameters. (#15487) (fb43769)
  • chatbot: ARN validation in fromSlackChannelConfigurationArn fails for tokenized values (#15849) (440ca35), closes #15842
  • cli: move fail option into the diff command (#15829) (473c1d8)
  • ec2: volumename doesn't set name of volume (#15832) (b842702), closes #15831
  • elbv2: unresolved listener priority throws error (#15804) (fce9ac7)
  • pipelines: Prepare stage doesn't have AUTO_EXPAND capability (#15819) (a6fac49), closes #15711
  • s3: notifications are broken in some regions (#15884) (ee19196)
  • stepfunctions-tasks: Stage field not included in CallApiGatewayHttpApiEndpoint task definition (#15755) (4f38fe1), closes #14242

Miscellaneous Chores

  • assertions: migrate more modules to use assertions (#15857) (45b484c)
  • assertions: rename TemplateAssertions to Template (#15823) (823dfda)

1.116.0 (2021-07-28)

Features

  • assertions: retrieve matching resources from the template (#15642) (a8b1c47)
  • aws-kinesisfirehose: DeliveryStream API and basic S3 destination (#15544) (1b5d525), closes #10810 #15499
  • cfnspec: cloudformation spec v39.7.0 (#15719) (2c4ef01)
  • cfnspec: cloudformation spec v39.7.0 (#15796) (dbe4641)
  • codebuild: add support for setting a BuildEnvironment Certificate (#15738) (76fb481), closes #15701
  • core: lazy mappings will only synthesize if keys are unresolved (#15617) (32ed229)
  • pipelines: CDK Pipelines is now Generally Available (#15667) (2e4cfae)
  • servicecatalog: add ability to set launch Role and deploy with StackSets (#15678) (c92548b)
  • stepfunctions: allow intrinsic functions for json path (#15320) (d9285cb)

Bug Fixes

1.115.0 (2021-07-21)

Features

Bug Fixes

  • appsync: update timestamp for apikey test (#15624) (9c4e51c), closes #15623
  • cfnspec: make EndpointConfiguration of AWS::Serverless::Api a union type (#15526) (dd38eff)
  • cli: cdk deploy is listing deprecated ids (#15603) (22f2499)
  • iam: PrincipalWithConditions.addCondition does not work (#15414) (fdce08c)
  • pipelines: CodeBuildStep.partialBuildSpec not used, buildspec control for legacy API (#15625) (d8dc818), closes #15169
  • pipelines: new pipeline stages aren't validated (#15665) (309b9b4)
  • pipelines: permissions check in legacy API does not work (#15660) (5e3cf2b)
  • pipelines: unresolved source names aren't handled properly (#15600) (4b7116d), closes #15592

1.114.0 (2021-07-15)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

  • appmesh: prefixPath property in HttpGatewayRouteMatch has been renamed to path, and its type changed from string to HttpGatewayRoutePathMatch
  • servicecatalog: AcceptLanguage enum has been renamed to MessageLanguage, and fields that accepted this enum have been updated to reflect this change.
  • servicecatalog: property acceptLanguage in PortfolioShareOptions has been renamed to messageLanguage.
  • servicecatalog: property acceptLanguage in PortfolioProps has been renamed to messageLanguage.
  • servicecatalog: property acceptLanguage in CloudFormationProductProps has been renamed messageLanguage.
  • appmesh: prefixPath property in HttpRouteMatch has been renamed to path, and its type changed from string to HttpRoutePathMatch

Features

  • appmesh: add Route matching on path, query parameters, metadata, and method name (#15470) (eeeec5d)
  • appmesh: add support for Gateway Route request matching and path rewriting (#15527) (1589ff8), closes #15305
  • appmesh: the App Mesh Construct Library is now Generally Available (stable) (#15560) (718d143), closes #9489
  • aws-ecs: New CDK constructs for ECS Anywhere task and service definitions (#14931) (3592b26)
  • bootstrap: widen lookup role permissions for future extension (#15423) (cafdd3c)
  • cfnspec: cloudformation spec v39.5.0 (#15536) (c98e40e)
  • pipelines: revised version of the API (#12326) (165ee3a), closes #10872
  • servicecatalog: Add portfolio-product association and tag update constraint (#15452) (b06f7bf)

Bug Fixes

  • ecr-assets: There is already a Construct with name 'Staging' when using tarball image (#15540) (594d7c6)

1.113.0 (2021-07-12)

Features

Bug Fixes

  • aws-ecs: token is added to Options instead of SecretOptions in SplunkLogDriver (#15408) (23abe22)

1.112.0 (2021-07-09)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

  • appmesh: the class HttpHeaderMatch has been renamed to HeaderMatch
  • appmesh: the class HttpRouteMatchMethod has been renamed to HttpRouteMethod
  • appmesh: ServiceDiscovery.cloudMap() method has been changed to accept positional arguments

Features

Bug Fixes

  • autoscaling: scaling intervals are incorrect if the bottom one does not start at 0 (#15345) (bf6f7ef), closes #10141
  • build: explicit non-private package not respected in packaging (#15435) (31e6b1a), closes #15203
  • cfnspec: .npmignore generated by cfnspec does not pass pkglint (#15409) (c432d48), closes #15064
  • cli: prevent 'Failed resources:' message when no failures and report all progress steps (#15207) (f3c1b6d)
  • codebuild: merge spec correctly when using strings (#15429) (3a65b9c)
  • events: Archive event pattern fields are not translated correctly (#15376) (afa5de1), closes #14905
  • iam: remove incorrect normalization of principal (#15248) (850cba0), closes #14274 #14274
  • iam: set principalAccount in AccountPrincipal and PrincipalWithConditions (#15430) (b95ee44)
  • lambda-nodejs: pnpm exec args separator order (#15410) (1d19b3b), closes #15164
  • pipelines: singlePublisherPerType overwrites assets buildspec file of other pipelines (#15356) (48dd771)
  • pipelines: unable to add assets stage to existing VPC pipeline (#15401) (b010239), closes #14343

Reverts

1.111.0 (2021-07-01)

Features

Bug Fixes

  • aws-elasticloadbalancingv2: cannot clear access logging bucket prefix (#15149) (2e93fb9), closes #14044
  • cloudfront: cannot set header including 'authorization' in OriginRequestPolicy (#15327) (3a2f642), closes #15286
  • codepipeline-actions: reduce S3SourceAction role permissions to just the key (#15304) (d2c76aa), closes #15112
  • core: unresolved tokens in generated nested stack outputs (#15380) (62e552c), closes #15155
  • eks: kubectl version 1.21.0 breaks object pruning (#15314) (74da5c1), closes #15072
  • pipelines: artifact bucket permissions missing for in-account deployments (#15348) (2a5e288), closes #15307
  • stepfunctions-tasks: EcsRunTask containerOverrides throws if container name doesn't match construct ID (#15190) (5f59787), closes #15171

1.110.1 (2021-06-28)

Bug Fixes

1.110.0 (2021-06-24)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

  • appmesh: static methods from TlsValidationTrust have been changed to accept positional arguments
  • appmesh: static methods from TlsCertificate have been changed to accept positional arguments
  • appmesh: the type TlsListener has been renamed to ListenerTlsOptions

Features

Bug Fixes

1.109.0 (2021-06-16)

Features

  • apigateway: disable execute api endpoint (#14526) (b3a7d5b)
  • aws-backup: Add arn attribute and grant method to backup vault (#14997) (04c0a07), closes #14996
  • cfnspec: cloudformation spec v38.0.0 (#15044) (632d518)
  • cfnspec: cloudformation spec v39.1.0 (#15144) (abc457e)
  • cloudfront: add fromFile for CF functions (#14980) (31c9338), closes #14967
  • codestarnotifications: new L2 constructs (#10833) (645ebe1), closes #9680
  • core: allow user to provide docker --security-opt when bundling (#14682) (a418ea6)
  • core: Support platform flag during asset build (#14908) (0189a9a)
  • dynamodb: exposes schema method to return partition and sort key of table or secondary indexes (#15111) (1137eb7), closes #7680
  • ecs-patterns: Add ability to configure VisibilityTimeout on QueueProcessing service pattern (#15052) (350d783)
  • ecs-patterns: allow specifying security groups on ScheduledTask pattern (#15096) (6bdf1c0), closes #5213 #14220
  • ecs-patterns: expose task target on ScheduledTask pattern (#15127) (c31c59a), closes #14971 #14953 #12609
  • lambda-event-sources: streams - report batch item failures (#14458) (3d4a13e), closes #12654
  • logs: make the addition of permissions to Lambda functions optional (#14222) (0c50ec9), closes #14198
  • migration: add constructs migration to rewrite script (#14916) (37a4c8d)
  • pipelines: add test commands to standard synth actions (#14979) (0bc8a8a)
  • servicecatalog: initial implementation of the Portfolio construct (#15099) (203cc45)

Bug Fixes

  • aws-iam: prevent adding duplicate resources and actions (#14712) (a8298cb), closes #13611
  • cfn-include: NestedStack's Parameters are not converted to strings (#15098) (8ad33b8), closes #15092
  • cli: cdk synth too eager with validation in Pipelines (#15147) (ae98e88), closes #14613 #15130
  • cli: cdk synth doesn't output yaml for stacks with dependency stacks (#14805) (44feee6), closes #3721
  • cli: deployment error traceback overwritten by progress bar (#14812) (d4a0af1), closes #14780
  • cli: HTTP timeout is too low for some asset uploads (#13575) (23c58d6), closes #13183
  • cli: option --all selects stacks in nested assemblies (#15046) (0d00e50)
  • cli: partition is not being resolved at missing value lookup (#15146) (cc7191e), closes #15119
  • cli: stack glob patterns only select one stack (#15071) (fcd2a6e)
  • codebuild: Project's Role has permissions to the entire Bucket when using S3 as the source (#15112) (9d01b4f)
  • codebuild: Secret env variable as token from another account fails on Key decryption (#14483) (91e80d7), closes #14477
  • core: CloudFormation dynamic references can't be assigned to num… (#14913) (39aacc8), closes #14824
  • ecs: TagParameterContainerImage cannot be used across accounts (#15073) (486f2e5), closes #15070
  • kinesisanalytics-flink: set applicationName with L2 Application (#15060) (1de85f2), closes #15058
  • lambda: deployment failure when layers are added to container functions (#15037) (8127cf2), closes #14143
  • lambda-event-sources: kafka event source expects credentials even when accessed via vpc (#14804) (5eb1e75)
  • pipelines: assets buildspec can exceed 25k size limit (#14974) (f7f367f)
  • pipelines: PublishAssetsAction uses hard-coded role names (#15118) (bad9713)
  • pipelines: self-update role assumes hard-coded role names (#14969) (cbd7552), closes #14877 #9271
  • secretsmanager: support secrets rotation in partition 'aws-cn' (#14608) (5061a8d), closes #13385

1.108.1 (2021-06-11)

Features

  • cfnspec: cloudformation spec v39.1.0 (af74354)

1.108.0 (2021-06-09)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

  • cfnspec: imageScanningConfiguration property of ecr.CfnRepository now accepts scanOnPush instead of ScanOnPush (notice the casing change).
  • bootstrap: users of the modern bootstrap stack (notably: CDK Pipelines users) will need to re-run cdk bootstrap to update to bootstrap stack version '6'.

Features

Bug Fixes

1.107.0 (2021-06-02)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

  • appmesh: the creation property clientPolicy in VirtualNode has been renamed to tlsClientPolicy, and its type changed to TlsClientPolicy
  • appmesh: to create TlsClientPolicy, validation property must be defined.
  • appmesh: the creation property tlsCertificate in VirtualNode has been renamed to tls, and its type changed to TlsListener
  • appmesh: the tlsMode property has been removed from the options when creating a TlsCertificate, moved to the new TlsListener interface, and renamed mode

Features

Bug Fixes

  • appmesh: introduce the TlsClientPolicy and TlsValidation concepts (#14782) (8263c78), closes #12733
  • appmesh: TLS mode is set on the Certificate class (#14856) (061fd55)
  • elasticsearch: 'r6gd' not marked as supported type for instance storage (#14894) (d07a49f), closes #14773
  • lambda-nodejs: cannot bundle locally when consuming a node module with a NodejsFunction (#14914) (52da59c), closes #14739
  • rds: Add exception throw when az is defined for multi-az db instance (#14837) (fd8445f), closes #10949

1.106.1 (2021-05-26)

Bug Fixes

  • secretsmanager: revert "Automatically grant permissions to rotation Lambda (#14471)", fixes #14868

1.106.0 (2021-05-25)

Features

  • ecs-service-extensions: allow taskRole to be passed in on creation of an ECS service (3e257a0)
  • appmesh: add IAM grants for StreamAggregatedResources (#13596) (f4a2938), closes #11639
  • cfnspec: cloudformation spec v36.0.0 (#14791) (3a9f56d)
  • dynamodb: add ability to enable contributor insights on Table (#14742) (3c7a89d)
  • lambda: support Principal conditions in Permission (#14674) (b78a1bb), closes #8116
  • lambda-nodejs: pnpm support (#14772) (b02311c), closes #14757

Bug Fixes

  • cognito: user pool - phoneNumberVerified attribute fails deployment (#14699) (cd2589f), closes #14175
  • iam: permissions boundaries not added to custom resource roles (#14754) (f36feb5), closes #13310
  • lambda: changing reserved concurrency fails lambda version deployment (#14586) (f47d5cb), closes #11537
  • lambda-nodejs: esbuild detection with Yarn 2 in PnP mode (#14739) (5c84696)
  • pipelines: self-update build fails with named pipeline stack (#14729) (eff9c75), closes #10782

1.105.0 (2021-05-19)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

  • lambda-nodejs: using banner and footer now requires esbuild >= 0.9.0

Features

Bug Fixes

  • cli: Updated typo user to uses (#14357) (7fe329c)
  • core: cannot determine packaging when bundling that produces an archive is skipped (#14372) (163e812), closes #14369
  • ecr: add validations for ECR repository names (#12613) (396dca9), closes #9877
  • lambda: unable to access SingletonFunction vpc connections (#14533) (49d18ab), closes #6261
  • lambda-nodejs: banner and footer values not escaped (#14743) (81aa612), closes #13576
  • pipelines: self-mutating builds cannot be run in privileged mode (#14655) (73b9b4a), closes #11425
  • pipelines: stackOutput generates names too long to be used in useOutputs (#14680) (d81e06d), closes #13552
  • pipelines: synth fails if 'aws-cdk' is not in package.json (#14745) (0b8ee97), closes #14658

1.104.0 (2021-05-14)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

  • apigatewayv2: setting the authorizer of an API route to HttpNoneAuthorizer will now remove any existing authorizer on the route

Features

  • appsync: elasticsearch data source for graphql api (#14651) (2337b5d), closes #6063
  • cfnspec: cloudformation spec v35.2.0 (#14610) (799ce1a)
  • cloudwatch: GraphWidget supports period and statistic (#14679) (b240f6e)
  • cloudwatch: time range support for GraphWidget (#14659) (010a6b1), closes #4649
  • ecs: add support for EC2 Capacity Providers (#14386) (114f7cc)
  • secretsmanager: Automatically grant permissions to rotation Lambda (#14471) (85e00fa)

Bug Fixes

  • apigatewayv2: authorizer is not removed when HttpNoneAuthorizer is used (#14424) (3698a91)
  • ecs: Classes FargateService and Ec2Service have no defaultChild (#14691) (348e11e), closes #14665
  • events-targets: circular dependency when adding a KMS-encrypted SQS queue (#14638) (3063818), closes #11158
  • lambda: custom resource fails to connect to efs filesystem (#14431) (10a633c)
  • lambda-event-sources: incorrect documented defaults for stream types (#14562) (0ea24e9), closes #13908
  • lambda-nodejs: handler filename missing from error message (#14564) (256fd4c)

1.103.0 (2021-05-10)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

  • appmesh: HealthChecks require use of static factory methods
  • apigatewayv2: The metricXXX methods are no longer available in the IApi interface. The existing ones are moved into IHttpApi and new ones will be added to IWebsocketApi.
  • apigatewayv2: The metricXXX methods are no longer available in the IStage interface. The existing ones are moved into IHttpStage and new ones will be added to the IWebsocketStage.
  • lambda-nodejs: the default runtime version for NodejsFunction is now always NODEJS_14_X (previously the version was derived from the local NodeJS runtime and could be either 12.x or 14.x).

Features

Bug Fixes

  • apigatewayv2: incorrect metric names for client and server-side errors (#14541) (551182e), closes #14503
  • assert matches more than the template on multiple CDK copies (#14544) (f8abdbf), closes #14468
  • apigatewayv2-integrations: fix broken lambda websocket integration uri (#13820) (f0d5c25), closes #13679
  • cfn-include: correctly parse Fn::Sub expressions containing serialized JSON (#14512) (fd6d6d0), closes #14095
  • cli: 'cdk deploy *' should not deploy stacks in nested assemblies (#14542) (93a3549)
  • cli: synth fails if there was an error when synthesizing the stack (#14613) (71c61e8)
  • lambda-nodejs: non-deterministic runtime version (#14538) (527f662), closes #13893
  • ssm: dynamic SSM parameter reference breaks with lists (#14527) (3d1baac), closes #14205 #14476

1.102.0 (2021-05-04)

Features

Bug Fixes

  • aws-cloudwatch: fix for space in alarm name in alarms for compos… (#13963) (7cdd541)
  • cli: 'cdk synth' not able to fail if stacks have errors (#14475) (963d1c7)
  • CodeBuild: add resource only once per secret (#14510) (affaaad)
  • neptune: use correct L1 of DBParameterGroup (#14447) (057f61f), closes #14446
  • rds: instance identifiers and endpoints of a Cluster are blank (#14394) (9597d97), closes #14377
  • s3: urlForObject does not consider explicit bucket region (#14315) (e11d537)

1.101.0 (2021-04-28)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

  • neptune: InstanceType changed from enum to enum-like static factory.

Features

  • autoscaling: add getter/setter for instance termination protection (#14308) (d3bdcfd), closes #14283
  • aws-autoscaling: add support for NewInstancesProtectedFromScaleIn (#14283) (da9828b)
  • custom-resources: AwsSdkCall can assume Role for cross-account custom resources (#13916) (a0690b9)
  • ec2: create NAT Gateways with fixed IPs (#14250) (24c992a), closes #11884 #4067
  • events: API Gateway target (#13823) (ce789bf), closes #12708
  • iam: add imported user to a group (#13698) (bf513bc)
  • neptune: change InstanceType to class that is built from string (#14273) (fc618f9), closes #13923
  • route53: add support for parentHostedZoneName for CrossAccountZoneDelegationRecord (#14097) (572ee40)

Bug Fixes

  • aws-ecs-patterns, aws-elasticloadbalancingv2: Pass TargetGroup ProtocolVersion as parameters to higher level constructs (#14092) (a655819), closes #14091
  • codebuild: Secret env variable from another account fails on Key decryption (#14226) (8214338), closes #14043
  • codepipeline-actions: CodeCommit source action fails when it's cross-account (#14260) (1508e60), closes #12391 #14156
  • ec2: r5ad instance-type has incorrect value (#14179) (c80e1cf)
  • iam: unable to configure name of SAML Provider (#14296) (904202a), closes #14294
  • pipelines: Use LinuxBuildImage.STANDARD_5_0 for Assets and UpdatePipeline stages (#14338) (f93d940)

1.100.0 (2021-04-20)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

  • appmesh: HTTP2 VirtualNodeListeners must be now created with Http2VirtualNodeListenerOptions
  • appmesh: HTTP2 VirtualGatewayListeners must be now created with Http2VirtualGatewayListenerOptions
  • codepipeline-actions: the Action ServiceCatalogDeployAction has been renamed to ServiceCatalogDeployActionBeta1
  • codepipeline-actions: the type ServiceCatalogDeployActionProps has been renamed to ServiceCatalogDeployActionBeta1Props
  • events-targets: The BatchJob integration now requires the arn and the Resource for the jobQueue and the jobDefinition
  • lambda-event-sources: cluster was removed from ManagedKafkaEventSourceProps and replaced with clusterArn
  • route53-targets: ApiGatewayv2Domain was replaced with ApiGatewayv2DomainProperties which accepts regionalDomainName and regionalHostedZoneId
  • stepfunctions-tasks: CallApiGatewayHttpApiEndpoint API now requires the apiId and it's containing Stack
  • stepfunctions-tasks: BatchSubmitJob now accept jobDefinitionArn, jobQueueArn and their respective Resource
  • stepfunctions-tasks: RunBatchJob now accept jobDefinitionArn, jobQueueArn and their respective Resource

Features

  • apigateway: integration timeout (#14154) (d02770e), closes #14123
  • appmesh: add Connection Pools for VirtualNode and VirtualGateway (#13917) (8a949dc), closes #11647
  • certificatemanager: allow tagging DnsValidatedCertificate (#13990) (8360feb), closes #12382 #12382
  • codebuild: allow setting concurrent build limit (#14185) (3107d03)
  • codepipeline: introduce the Action abstract class (#14009) (4b6a6cc)
  • ecs: add support for elastic inference accelerators in ECS task defintions (#13950) (23986d7), closes #12460
  • eks: Pass bootstrap.sh args to avoid DescribeCluster call and make nodes join the cluster faster (#12659) (f5616cc)
  • secretsmanager: replicate secrets to multiple regions (#14266) (b3c288d), closes #14061

Bug Fixes

  • codepipeline: incorrect determination of the Action's account when using an imported resource (#14224) (d88e915), closes #14165
  • core: toJsonString() does not deal correctly with list tokens (#14138) (1a6d39f), closes #14088
  • pipelines: incorrect BuildSpec in synth step if synthesized with --output (#14211) (0f5c74f), closes #13303
  • rds: database instances cannot be to be referenced in a different region (#13865) (74c7fff), closes #13832

1.99.0 (2021-04-13)

Features

  • elasticloadbalancing: rename 'sslCertificateId' property of LB listener to 'sslCertificateArn'; deprecate sslCertificateId property (#13766) (1a30272), closes #9303 #9303

Bug Fixes

  • aws-cloudfront: distribution comment length not validated (#14020) (#14094) (54fddc6)
  • aws-ecs-patterns: fixes #11123 allow for https listeners to use non Route 53 DNS if a certificate is provided (#14004) (e6c85e4)
  • cfn-include: allow deploy-time values in Parameter substitutions in Fn::Sub expressions (#14068) (111d26a), closes #14047
  • fsx: Weekday.SUNDAY incorrectly evaluates to 0 (should be 7) (#14081) (708f23e), closes #14080

1.98.0 (2021-04-12)

Features

Bug Fixes

1.97.0 (2021-04-06)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

  • elasticsearch: vpcOptions was removed. Use vpc, vpcSubnets and securityGroups instead.

Features

Bug Fixes

1.96.0 (2021-04-01)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

  • globalaccelerator: automatic naming algorithm has been changed: if you have existing Accelerators you will need to pass an explicit name to prevent them from being replaced. All endpoints are now added by calling addEndpoint() with a target-specific class that can be found in @aws-cdk/aws-globalaccelerator-endpoints. The generated Security Group is now looked up by calling endpointGroup.connectionsPeer().
  • docdb: DatabaseClusterProps.instanceProps was hoisted and all its properties are now available one level up directly in DatabaseClusterProps.
  • docdb: DatabaseInstanceProps.instanceClass renamed to DatabaseInstanceProps.instanceType.
  • core: The type of the image property in BundlingOptions is changed from BundlingDockerImage to DockerImage.
  • core: The return type of the DockerImage.fromBuild() API is changed from BundlingDockerImage to DockerImage.

Features

Bug Fixes

  • aws-ecs: broken splunk-logging tag-option in fargate platform version 1.4 (#13882) (e9d9299), closes #13881
  • cloudfront: auto-generated cache policy name might conflict cross-region (#13737) (4f067cb), closes #13629
  • cloudfront: Origin Request Policy headers enforce soft limit of 10 (#13907) (9b0a6cf), closes #13410 #13903
  • codebuild: allow passing the ARN of the Secret in environment variables (#13706) (6f6e079), closes #12703
  • codebuild: take the account & region of an imported Project from its ARN (#13708) (fb65123), closes #13694
  • codedeploy: script installing CodeDeploy agent fails (#13758) (25e8d04), closes #13755
  • cognito: imported userpool not retaining environment from arn (#13715) (aa9fd9c), closes #13691
  • core: BundlingDockerImage.fromAsset() does not return a BundlingDockerImage (#13846) (7176a5d)
  • dynamodb: table with replicas fails to deploy with "Unresolved resource dependencies" error (#13889) (5c99d0d)
  • iam: Role import doesn't fail when forgetting the region in the ARN (#13821) (560a853), closes #13812
  • rds: fail with a descriptive error if Cluster's instance count is a deploy-time value (#13765) (dd22e8f), closes #13558
  • yaml-cfn: do not deserialize year-month-date as strings (#13745) (ffea818), closes #13709

1.95.2 (2021-04-01)

1.95.1 (2021-03-25)

Bug Fixes

  • codebuild: module fails to load with error "Cannot use import statement outside a module" (b1ffd33), closes #13699 #13699

1.95.0 (2021-03-25)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

  • lambda-nodejs: The type of image property in the Bundling class is changed from BundlingDockerImage to DockerImage.
  • lambda-nodejs: The type of dockerImage property in BundlingOptions is changed from BundlingDockerImage to DockerImage.
  • apigatewayv2: The type of allowMethods property under corsPreflight section is changed from HttpMethod to CorsHttpMethod.
  • lambda-nodejs: the default runtime of a NodejsFunction is now Node.js 14.x if the environment from which it is deployed uses Node.js >= 14 and Node.js 12.x otherwise.

Features

Bug Fixes

  • apigatewayv2: error while configuring ANY as an allowed method in CORS (#13313) (34bb338), closes #13280 #13643

  • aws-ecs: drain hook lambda allows tasks to stop gracefully (#13559) (3e1148e), closes #13506

  • codebuild: Fixed build spec file format to return yaml (#13445) (fab93c6)

  • codedeploy: Use aws-cli instead of awscli for yum (#13655) (449ce12)

  • codepipeline-actions: BitBucketAction fails with S3 "Access denied" error (#13637) (77ce45d), closes #13557

  • core: toJsonString() cannot handle list intrinsics (#13544) (a5be042), closes #13465

  • events,applicationautoscaling: specifying a schedule rate in seconds results in an error (#13689) (5d62331), closes #13566

  • lambda: incorrect values for prop UntrustedArtifactOnDeployment (#13667) (0757686), closes #13586

  • neptune: create correct IAM statement in grantConnect() (#13641) (2e7f046), closes #13640

  • s3: Notifications fail to deploy due to incompatible node runtime (#13624) (aa32cf6)

  • lambda-nodejs: prepare code to reduce merge conflicts when deprecated APIs are stripped (#13738) (ca391b5)

  • lambda-nodejs: update default runtime (#13664) (ca42461)

1.94.1 (2021-03-16)

Bug Fixes

  • s3: Notifications fail to deploy due to incompatible node runtime (#13624) (26bc3d4)

1.94.0 (2021-03-16)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

  • appmesh: Backend, backend default and Virtual Service client policies structures are being altered
  • appmesh: you must use the backend default interface to define backend defaults in VirtualGateway. The property name also changed from backendsDefaultClientPolicy to backendDefaults
  • appmesh: you must use the backend default interface to define backend defaults in VirtualNode, (the property name also changed from backendsDefaultClientPolicy to backendDefaults), and the Backend class to define a backend
  • appmesh: you can no longer attach a client policy to a VirtualService

Features

Bug Fixes

1.93.0 (2021-03-11)

Features

Bug Fixes

  • cfn-include: allow boolean values for string-typed properties (#13508) (e5dab7c)
  • ec2: fix typo's in WindowsImage constants (#13446) (781aa97)
  • elasticloadbalancingv2: upgrade to v1.92.0 drops certificates on ALB if more than 2 certificates exist (#13490) (01b94f8), closes #13332 #13437
  • events: imported EventBus does not correctly register source account (#13481) (57e5404), closes #13469
  • iam: oidc-provider can't pull from hosts requiring SNI (#13397) (90dbfb5)
  • iam: policy statement tries to validate tokens (#13493) (8d592ea), closes #13479
  • init: Python init template's stack ID doesn't match other languages (#13480) (3f1c02d)
  • stepfunctions: no validation on state machine name (#13387) (6c3d407), closes #13289

1.92.0 (2021-03-06)

  • ecs-patterns: the desiredCount property stored on the above constructs will be optional, allowing them to be undefined. This is enabled through the @aws-cdk/aws-ecs-patterns:removeDefaultDesiredCount feature flag. We would recommend all CDK users to set the @aws-cdk/aws-ecs-patterns:removeDefaultDesiredCount flag to true for all of their existing applications.

BREAKING CHANGES TO EXPERIMENTAL FEATURES

  • apigatewayv2: HttpApiMapping (and related interfaces for Attributed and Props) has been renamed to ApiMapping
  • apigatewayv2: CommonStageOptions has been renamed to StageOptions
  • apigatewayv2: HttpStage.fromStageName has been removed in favour of HttpStage.fromHttpStageAttributes
  • apigatewayv2: DefaultDomainMappingOptions has been removed in favour of DomainMappingOptions
  • apigatewayv2: HttpApiProps.defaultDomainMapping has been changed from DefaultDomainMappingOptions to DomainMappingOptions
  • apigatewayv2: HttpApi.defaultStage has been changed from HttpStage to IStage
  • apigatewayv2: IHttpApi.defaultStage has been removed
  • aws-appsync: RdsDataSource now takes a ServerlessCluster instead of a DatabaseCluster
  • aws-appsync: graphqlapi.addRdsDataSource now takes databaseName as its fourth argument

Features

Bug Fixes

1.91.0 (2021-02-23)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

  • aws-appsync: RdsDataSource now takes a ServerlessCluster instead of a DatabaseCluster
  • aws-appsync: graphqlapi.addRdsDataSource now takes databaseName as its fourth argument

Features

Bug Fixes

1.90.1 (2021-02-19)

Bug Fixes

1.90.0 (2021-02-17)

Features

Bug Fixes

  • apigatewayv2: HttpApi and Route in different stacks creates cycles (#13010) (b5efb88), closes #13021
  • aws-rds: correct Policy resource for Proxy::grantConnect() (#12416) (b3197db), closes #12415
  • cfn-diff: correctly handle version strings like '0.0.0' (#13022) (34a921b), closes #13016
  • cfn2ts: correctly choose between string and object without required properties in a union (#12954) (b7137c5), closes #12854
  • cloudfront: bucket policy for Origin Access Identities is overly permissive (#13087) (cc28312), closes #3486 #13086
  • cloudfront: EdgeFunction us-east-1 stack created in different account (#13055) (2f1fc95), closes #12789
  • codecommit: take the region and account of an imported Repository from its ARN (#13066) (5f0ee88), closes #13025
  • codedeploy: allow the install agent script's commands to exit with errors (#12782) (23d52a5), closes #12764
  • codepipeline-actions: use BatchGetBuildBatches permission for batch builds (#13018) (09ba573)
  • core: exportValue() does not work with resource names (#13052) (46043e0), closes #13002 #12918
  • ec2: volume props validations are incorrect (#12821) (12cddff), closes #12816 #12816 #12074
  • rds: proxy cannot connect to cluster/instance (#12953) (4b0abbc)
  • tools: doc block links not clickable in VS Code (#12336) (4f17f92)

1.89.0 (2021-02-09)

Features

Bug Fixes

1.88.0 (2021-02-03)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

  • appmesh: the properties virtualRouter and virtualNode of VirtualServiceProps have been replaced with the union-like class VirtualServiceProvider
  • appmesh: the method addVirtualService has been removed from IMesh
  • cloudfront: experimental EdgeFunction stack names have changed from 'edge-lambda-stack-${region}' to 'edge-lambda-stack-${stackid}' to support multiple independent CloudFront distributions with EdgeFunctions.

Features

Bug Fixes

1.87.1 (2021-01-28)

Bug Fixes

  • apigateway: stack update fails to replace api key (38cbe62), closes #12698

1.87.0 (2021-01-27)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

  • s3-deployment: User metadata keys of bucket objects will change from x-amz-meta-x-amz-meta-x-amzn-meta-mykey to x-amz-meta-mykey.
  • core: users of modern synthesis (DefaultSynthesizer, used by CDK Pipelines) must upgrade their bootstrap stacks. Run cdk bootstrap.

Features

  • aws-codebuild: add enableBatchBuilds() to Project (#12531) (0568390)
  • aws-codepipeline-actions: Add Full Clone support for CodeCommit (#12558) (d169688), closes #12236
  • batch: Compute Resources placement group (#12203) (fe37174)
  • eks: Graduate to stable (#12640) (b5ba7cd)
  • stepfunctions-tasks: EcsRunTask now uses taskDefinition family instead of ARN (#12436) (abde96b), closes #12080
  • stepfunctions-tasks: support databrew startJobRun task (#12532) (eacd2f7)

Bug Fixes

1.86.0 (2021-01-21)

Features

Bug Fixes

1.85.0 (2021-01-14)

  • s3-deployment: This version includes an important update, please upgrade to prevent deployment failure. This is in prepartion of Lambda deprecation of the request module in boto, more details are available in AWS blog. Note, users of versions < 1.81.0 will not be impacted by this deprecation, but are still encouraged to upgrade to the latest version.
  • s3: The grantWrite() and grantReadWrite() methods no longer add the s3:PutObject* permissions that included s3:PutObjectAcl, which could be used to grant read/write object access to IAM principals in other accounts. This change is gated behind the @aws-cdk/aws-s3:grantWriteWithoutAcl feature flag, so make sure to set it to true in the context key of your cdk.json file when upgrading. If you still need the principal to have s3:PutObjectAcl permissions after upgrading, use the new grantPutAcl() method.

Features

  • apigatewayv2: http api - disable execute api endpoint (#12426) (1724da7), closes #12241
  • appmesh: add listener TLS certificates for VirtualNodes and VirtualGateways (#11863) (175a257), closes #10051
  • cfnspec: CloudFormation resource specification update to v23.0.0 (#12490) (a7a2236)

Bug Fixes

  • appsync: rds data source configured with cluster arn (#12255) (d0305f3), closes #11536
  • aws-ecs: Support configuring Windows capacity for cluster ASGs (#12365) (6d9a0f1)
  • eks: aws-node-termination-handler incorrectly deployed to on-demand instances as well (#12369) (05c0b5f), closes #12368
  • s3: Bucket.grantWrite() no longer adds s3:PutObject* permission (#12391) (cd437cf)
  • s3-deployment: stop using deprecated API's that will cause breakage post 01/31/21 (#12491) (f50f928)
  • sns: require topic name for fifo topic #12386 (#12437) (37d8ccc)

1.84.0 (2021-01-12)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

  • apigatewayv2: subnets prop in VpcLink resource now takes SubnetSelection instead of ISubnet[]

Features

Bug Fixes

  • apigatewayv2: vpclink - explicit subnet specification still causes private subnets to be included (#12401) (336a58f), closes #12083
  • cli: CLI doesn't read context from ~/.cdk.json (#12394) (2389a9b), closes #10823 #4802
  • core: DefaultStackSynthesizer bucket prefix missing for template assets (#11855) (50a3d3a), closes #10710 #11327
  • dynamodb: missing grantRead for ConditionCheckItem (#12313) (e157007)
  • ec2: interface endpoint AZ lookup does not guard against broken situations (#12033) (80f0bfd)
  • eks: nodegroup synthesis fails when configured with an AMI type that is not compatible to the default instance type (#12441) (5f6f0f9), closes #12389
  • elasticsearch: domain fails due to log publishing keys on unsupported cluster versions (#11622) (e6bb96f)
  • elbv2: can't import two application listeners into the same scope (#12373) (6534dcf), closes #12132
  • logs: custom resource Lambda uses old NodeJS version (#12228) (29c4943)
  • stepfunctions-tasks: EvaluateExpression does not support JSON paths with dash (#12248) (da1ed08), closes #12221

1.83.0 (2021-01-06)

Features

Bug Fixes

  • aws-ecs: update desired count to be optional (#12223) (455540b)
  • cli: cross account asset upload no longer works (#12155) (1c8cb11)
  • cloudfront: cross-region EdgeFunction does not work within a Stage (#12103) (98d781c), closes #12092
  • cloudfront: EdgeFunction fails with newStyleStackSynthesis (#12356) (fb02736), closes #12172
  • lambda: make the Version hash calculation stable (#12364) (4da50e5)
  • rds: add the dependency on proxy targets to ensure dbInstance (#12237) (8f74169), closes #11311
  • cli: IAM differences table printing is broken (#12330) (062bf5f)

1.82.0 (2021-01-03)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

Bug Fixes

  • eks: Self managed nodes cannot be added to LoadBalancers created via the LoadBalancer service type (#12269) (470a881)
  • lambda-layer-*: unable to calculate layer asset hash due to missing file (#12293) (646f098), closes #12291

1.81.0 (2020-12-30)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

  • eks: the @aws-cdk/eks.KubectlLayer layer class has been moved to @aws-cdk/lambda-layer-kubectl.KubectlLayer.

Features

Bug Fixes

  • codebuild: missing permissions for SecretsManager environment variables (#12121) (1a13d8f)
  • codebuild: Project lacks permissions to its log destinations (#12213) (b92ed51), closes #11444 #12179
  • codepipeline-actions: use codebuild batch iam permissions when executeBatchBuild: true (#12181) (5279f37)
  • elasticsearch: domain configured with access policies and a custom kms key fails to deploy (#11699) (245ee6a)

1.80.0 (2020-12-22)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

  • eks: LegacyCluster was removed since it existed only for a transition period to allow gradual migration to the current cluster class.
  • eks: kubectlEnabled property was removed, all clusters now support kubectl.
  • core: Creation stack traces for Lazy values are no longer captured by default in order to speed up tests. Run with CDK_DEBUG=true (or cdk --debug) to capture stack traces.

Features

  • ec2: Add VPC endpoints for Athena and Glue (#12073) (73ef6b1), closes #12072
  • ecs-patterns: add ruleName optional parameter for ScheduledTask constructs (#12190) (b1318bd)
  • eks: connect all custom resources to the cluster VPC (#10200) (eaa8222)
  • lambda-nodejs: Expose optional props for advanced usage of esbuild (#12123) (ecc98ac)

Bug Fixes

1.79.0 (2020-12-17)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

  • apigatewayv2: HttpApi.fromApiId() has been replaced with HttpApi.fromHttpApiAttributes().
  • elasticsearch: ES Domain LogGroup LogicalId will change, which will trigger new log group resources to be created

Features

Bug Fixes

  • ec2: 'encoded list token' error using Vpc imported from deploy-time lists (#12040) (0690da9)

  • ec2: fromInterfaceVpcEndpointAttributes: Security Groups should not be required (#11857) (86ae5d6), closes #11050

  • eks: failure to deploy cluster since aws-auth configmap exists (#12068) (dc8a98a), closes #12053

  • eks: k8s resources accidentally deleted due to logical ID change (#12053) (019852e), closes #10397 #10397

  • elasticsearch: Defining 2 domains with logging enabled in the same stack fails on construct id conflict (#12055) (ec3ce19), closes #12017

  • elasticsearch: log policies are overwritten when creating 2 domains which also results in a failure while destroying the stack (#12056) (889d089), closes #12016

  • stepfunctions-tasks: policies created for EMR tasks have ARNs that are not partition-aware (#11553) (1cf6713), closes #11503

  • apigatewayv2: apiEndpoint is elevated to the IHttpApi interface (#11988) (bc5b9b6)

1.78.0 (2020-12-11)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

  • cloudfront-origins: Default minimum origin SSL protocol for HttpOrigin and LoadBalancerOrigin changed from SSLv3 to TLSv1.2.
  • apigatewayv2: domainName property under DomainName has been renamed to name.
  • appmesh: the properties dnsHostName and awsCloudMap of VirtualNodeProps have been replaced with the property serviceDiscovery
  • kms: change the default value of trustAccountIdentities to true, which will result in the key getting the KMS-recommended default key policy. This is enabled through the '@aws-cdk/aws-kms:defaultKeyPolicies' feature flag.

Features

  • appmesh: add ClientPolicy to VirtualNode, VirtualGateway and VirtualService (#11563) (bfee58c)
  • appmesh: change Virtual Node service discovery to a union-like class (#11926) (f75c264)
  • appsync: support appsync functions for pipelineConfig (#10111) (cb703c7), closes #9092
  • batch: Log configuration for job definitions (#11771) (84c959c), closes #11218
  • cloudfront: responseHttpStatus defaults to httpStatus in errorResponses (#11879) (c6052ae)
  • cloudfront: the Distribution construct is now Generally Available (stable) (#11919) (442bf7e)
  • cloudfront-origins: ability to specify minimum origin SSL protocol (#11997) (a0aa61d), closes #11994
  • cloudfront-origins: CloudFront Origins is now Generally Available (#12011) (daace16), closes #11919
  • codeguruprofiler: the CodeGuru Profiler Construct Library is now Generally Available (stable) (#11924) (cbe7a10)
  • ecs: introduce a new Image type, TagParameterContainerImage, to be used in CodePipeline (#11795) (4182c40), closes #1237 #7746
  • eks: kubernetes resource pruning (#11932) (1fdd549), closes #10495
  • kms: change default key policy to align with KMS best practices (under feature flag) (#11918) (ff695da), closes #5575 #8977 #10575 #11309
  • s3: add support to set bucket OwnershipControls (#11834) (0d289cc), closes #11591

Bug Fixes

  • apigateway: base path url cannot contain upper case characters (#11799) (8069a7e)
  • cfn-include: cfn-include fails in monocdk (#11595) (45e43f2), closes #11342
  • cli: cross-account deployment no longer works (#11966) (6fb3448), closes #11350 #11792 #11792
  • codebuild: incorrect SSM Parameter ARN in Project's IAM permissions (#11917) (7a09c18), closes #9980
  • core: autogenerated exports do not account for stack name length (#11909) (0df79a2), closes #9733
  • ecs: cannot disable container insights of an ECS cluster (#9151) (e328f22), closes #9149
  • eks: kubectl provider out-of-memory for large manifests/charts (now 1GiB) (#11957) (2ec2948), closes #11787
  • synthetics: metricFailed uses Average instead of Sum by default (#11941) (3530e8c)
  • apigatewayv2: rename 'domainName' to 'name' in the DomainName construct (#11989) (1be831a)

1.77.0 (2020-12-07)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

  • apigatewayv2: The VpcLink.fromVpcLinkId() API has been replaced with VpcLink.fromVpcLinkAttributes().
  • secretsmanager: (feature flag) Secret.secretName for owned secrets will now return only the secret name (without suffix) and not the full resource name. This is enabled through the @aws-cdk/secretsmanager:parseOwnedSecretName flag.
  • lambda-nodejs: bundling customization options like minify or sourceMap are now gathered under a new bundling prop.
  • lambda-nodejs: bundlingEnvironment is now bundling.environment
  • lambda-nodejs: bundlingDockerImage is now bundling.dockerImage

Features

Bug Fixes

1.76.0 (2020-12-01)

Features

1.75.0 (2020-11-24)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

  • appmesh: renames gateway listener static methods to use shorter names
  • appmesh: renames gateway route static methods to use shorter names
  • appmesh: changes Route's spec to a union-like class. RouteSpec is now defined using protocol variant static methods
  • efs: keyId property uses the ARN instead of the keyId to support cross-account encryption key usage. The filesystem will be replaced.
  • lambda-nodejs: local bundling now requires esbuild to be installed.
  • lambda-nodejs: projectRoot has been replaced by depsLockFilePath. It should point to your dependency lock file (package-lock.json or yarn.lock)
  • lambda-nodejs: parcelEnvironment has been renamed to bundlingEnvironment
  • lambda-nodejs: sourceMaps has been renamed to sourceMap
  • appmesh: IVirtualNode no longer has the addBackends() method. A backend can be added to VirtualNode using the addBackend() method which accepts a single IVirtualService
  • appmesh: IVirtualNode no longer has the addListeners() method. A listener can be added to VirtualNode using the addListener() method which accepts a single VirtualNodeListener
  • appmesh: VirtualNode no longer has a default listener. It is valid to have a VirtualNode without any listeners
  • appmesh: the construction property listener of VirtualNode has been renamed to listeners, and its type changed to an array of listeners
  • appmesh: the struct VirtualNodeListener has been removed. To create Virtual Node listeners, use the static factory methods of the VirtualNodeListener class

Features

Bug Fixes

  • autoscaling: targetRequestsPerSecond is actually requests per minute (#11457) (39e277f), closes #11446
  • aws-custom-resource: module fails loading when bundled with parcel (#11487) (421d4e4)
  • cli: credential provider plugins cannot be used with modern synthesis (#11350) (9e91306)
  • cloudfront: origin ID exceeds undocumented 128 character limit (#11523) (90f0b9d), closes #11504
  • core: DefaultStackSynthesizer supports object prefix for s3 assets (#11327) (1b5f218)
  • core: missing context in Stages is not filled by CLI (#11461) (a4a555a), closes #9226
  • core: reusing StackSynthesizer leads to unsynthesized Stacks (#11635) (f03c889), closes #11528
  • efs: cannot use encryption key imported from another account (#11524) (3578d84), closes #7641
  • eks: cluster creation fails when configured with an imported public subnet and private endpoint (#11620) (2c045ce)
  • iam: attach policy to imported User (#11493) (0a8971c), closes #10913 #11046 #10527
  • init: TypeScript code is not being recompiled automatically (#11470) (9843e71)
  • lambda: failed to add permission to an imported lambda from another account (#11369) (715a030), closes #11278 #11141 #11141
  • pipelines: synthesizes incorrect paths on Windows (#11464) (2ca31a8), closes #11359 #11405 #11424
  • pipelines: wrong runOrder for manual approval when using extraRunOrderSpace (#11511) (9b72fc8)
  • stepfunctions: metric* helpers not available on imported state machines (#11509) (83c0543)
  • stepfunctions-tasks: encryption is required for AthenaStartQueryExecution (#11355) (f26a592)
  • stepfunctions-tasks: incorrect policy for Athena prevents database deletions (#11427) (58e6576), closes #11357

1.74.0 (2020-11-17)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

  • appmesh: IVirtualNode no longer has the addBackends() method. A backend can be added to VirtualNode using the addBackend() method which accepts a single IVirtualService
  • appmesh: IVirtualNode no longer has the addListeners() method. A listener can be added to VirtualNode using the addListener() method which accepts a single VirtualNodeListener
  • appmesh: VirtualNode no longer has a default listener. It is valid to have a VirtualNode without any listeners
  • appmesh: the construction property listener of VirtualNode has been renamed to listeners, and its type changed to an array of listeners
  • appmesh: the struct VirtualNodeListener has been removed. To create Virtual Node listeners, use the static factory methods of the VirtualNodeListener class

Features

Bug Fixes

1.73.0 (2020-11-11)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

  • apigatewayv2: LambdaProxyIntegration and HttpProxyIntegration classes have moved to the @aws-cdk/aws-apigatewayv2-integrations module.
  • appmesh: VirtualRouter's Listeners are no longer a struct; use the static factory methods of the VirtualNodeListener class to obtain instances of them
  • appmesh: VirtualRouter accepts a list of listeners instead of a single listener
  • appmesh: all fromResourceName() methods in the AppMesh module have been replaced with fromResourceAttributes()

Features

Bug Fixes

  • apigateway: api key not supported for SpecRestApi (#11235) (52da8cb), closes #11079

  • appsync: HttpDataSource extends BackedDataSource instead of BaseDataSource (#11185) (4b4d011), closes #11183

  • cfn-include: Fn::FindInMap cannot be used for boolean properties (#11323) (47b698e), closes #11300

  • cli: deployments are skipped if stack is in a _failed state (#10847) (4887ba6), closes #10784

  • cli: Python id parameter in init template conflicts with built-in (#10874) (37a149b)

  • cloudwatch: composite alarm ARN uses wrong separator (#11186) (3009490)

  • elasticsearch: use correct latency metric names (#11175) (7ab5ab8), closes #11174

  • rds: customizing secret results in unusable password and lost attachment (#11237) (a4567f5), closes #11040

  • apigatewayv2: move lambda and http proxy integrations to the 'integrations' module (#11339) (17611d6)

1.72.0 (2020-11-06)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

  • rds: Serverless cluster enableHttpEndpoint renamed to enableDataApi
  • stepfunctions-tasks: type of outputLocation in the experimental Athena StartQueryExecution has been changed to s3.Location from string

Features

Bug Fixes

  • apigateway: changes to gateway response does not trigger auto deployment (#11068) (0c8264a), closes #10963
  • cfnspec: incorrect Route 53 health check configuration properties in CloudFormation specification (#11280) (f3c8b50), closes #issuecomment-717435271 #11096
  • cli: --no-previous-parameters incorrectly skips updates (#11288) (1bfc649)
  • core: many nested stacks make NodeJS run out of memory (#11250) (c124886)
  • core: multiple library copies lead to 'Assets must be defined within Stage or App' error (#11113) (fcfed39), closes #10314
  • core: support docker engine v20.10.0-beta1 (#11124) (87887a3)
  • dynamodb: Misconfigured metrics causing empty graphs (#11283) (9968669)
  • ecs: redirect config should honor openListener flag (#11115) (ed6e7ed)
  • event-targets: circular dependency when the lambda target is in a different stack (#11217) (e21f249), closes #10942
  • pipelines: asset stage can't support more than 50 assets (#11284) (5db8e80), closes #9353
  • secretsmanager: can't export secret name from Secret (#11202) (5dcdecb), closes #10914
  • secretsmanager: Secret.fromSecretName doesn't work with ECS (#11042) (fe1ce73), closes #10309 #10519
  • stepfunctions: stack overflow when referenced json path finding encounters a circular object graph (#11225) (f14d823), closes #9319
  • stepfunctions-tasks: Athena* APIs have incorrect supported integration patterns (#11188) (0f66833), closes #11045 #11246
  • stepfunctions-tasks: incorrect S3 permissions for AthenaStartQueryExecution (#11203) (b35c423)
  • explicitly set the 'ImagePullPrincipalType' of image (#11264) (29aa223), closes #10569

1.71.0 (2020-10-29)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

  • synthetics: runtime is now a required property.

BREAKING CHANGES TO EXPERIMENTAL FEATURES

  • core: Creation stack traces for Lazy values are no longer captured by default. The CDK_DEBUG=true environment variable must be set in order to capture stack traces (this is also achieved by using the --debug option of the cdk CLI). Users should not need those stack traces most of the time, and should only enable creation stack trace captures when tyring to troubleshoot a resolution error that they are otherwise unable to trace back.

Features

  • autoscaling: CloudFormation init for ASGs (#9674) (bdf1d30), closes #9065 #9664
  • cli: --all flag to select all stacks (#10745) (bcd9d0a), closes #3222
  • cli: change virtualenv directory to .venv to comply with python recommendation (#10995) (a4a41b5), closes #9134
  • cli: disable version check (#10975) (575e47e), closes #10974
  • core: make creationStack collection for Lazy opt-in (#11170) (a3fae02)
  • init-templates: Java init template tests updated to JUnit 5 (#11101) (e0c00a1), closes #10694
  • upgrade "constructs" to 3.2.0 (#11145) (d85e3ed)
  • redshift: add publiclyAccessible prop (#11162) (9f8a6de), closes #11161
  • stepfunctions-tasks: Support for Athena APIs: StartQueryExecution, StopQueryExeuction, GetQueryResults and GetQueryExecution (#11045) (19180cc)
  • synthetics: The CloudWatch Synthetics Construct Library is now in Developer Preview (#11180) (b3b5f48)