chore(release): 2.142.0 #30223

aws-cdk-automation · 2024-05-15T20:34:14Z

…me updates related to sdk bundling (#30099) Closes #29836. While sdk v2 was not being used directly in the construct, we had some remnants of its use. Added a warning for users of Node 16 who do not bundle the sdk on what it will take to update to newer node versions. Also updated integ tests to make actual sdk v3 calls as well as clean up false references to v2. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/merge-back/2.141.0/CHANGELOG.md)

…ure from response objects being too large (#30115) ### Issue #23958, #25114 ### Reason for this change Using the `crossRegionReference` flag on `StackProps` can produce deployment errors associated with response objects being too large. The root cause of this is a CloudFormation limitation that restricts the total size of a custom resource provider response body to [4096 bytes](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/crpg-ref-responses.html). Using `crossRegionReference` will create a custom resource in both the producing stack and the consuming stack. The custom resource provider in the producing stack will respond back to CloudFormation with a response object that includes all exported parameter names and values. Similarly, the consuming stack will respond back to CloudFormation with a response object that includes all imported parameter names and values. The parameter names are created with the following naming format: `/cdk/exports/${consumingStackName}/${export-name}`. Users need to be careful about stack names and the use of nested stacks to limit the overall length of parameter names which will limit the size of the response body. This PR adds documentation to give more context about this issue and ways to help mitigate it. ### Description of changes Added documentation. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Issue # (if applicable) Closes #25418. ### Reason for this change KMS Keys cannot be referenced in hotswappable resources. CDK complains that this is a limitation: ``` Could not perform a hotswap deployment, because the CloudFormation template could not be resolved: We don't support attributes of the 'AWS::KMS::Key' resource. This is a CDK limitation. Please report it at https://github.com/aws/aws-cdk/issues/new/choose. ``` ### Description of changes Add KMS keys to the supported list of resource attributes for hotswapping. ### Description of how you validated changes Tests ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Recently got asked to debug why some community reviews were not properly getting tagged and these log statements would have helped. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Issue Closes #24882 ### Reason for this change As mentioned in the issue, some of the options for bootstrap were not showing up with `--help` ``` .option('example-permissions-boundary', { type: 'boolean', alias: ['epb', 'example-permissions-boundary'], desc: 'Use the example permissions boundary.', default: undefined, conflicts: 'custom-permissions-boundary' }) .option('custom-permissions-boundary', { type: 'string', alias: ['cpb', 'custom-permissions-boundary'], desc: 'Use the permissions boundary specified by name.', default: undefined, conflicts: 'example-permissions-boundary' }) ``` ### Description of changes Since alias conflicts with actual sub-command option, it fails silently and does not show the option with `--help` ### Description of how you validated changes Built the cdk locally and used `<local repo path>/aws-cdk/bin/cdk bootstrap --help` and verified the options are showing up ### Output `cdk bootstrap --help` output: ``` cdk bootstrap [ENVIRONMENTS..] Deploys the CDK toolkit stack into an AWS environment Options: -a, --app REQUIRED WHEN RUNNING APP: command-line for executing your app or a cloud assembly directory (e.g. "node bin/my-app.js"). Can also be specified in cdk.json or ~/.cdk.json [string] --build Command-line for a pre-synth build [string] -c, --context Add contextual string parameter (KEY=VALUE) [array] -p, --plugin Name or path of a node package that extend the CDK features. Can be specified multiple times [array] --trace Print trace for stack warnings [boolean] --strict Do not construct stacks with warnings [boolean] --lookups Perform context lookups (synthesis fails if this is disabled and context lookups need to be performed) [boolean] [default: true] --ignore-errors Ignores synthesis errors, which will likely produce an invalid output [boolean] [default: false] -j, --json Use JSON output instead of YAML when templates are printed to STDOUT [boolean] [default: false] -v, --verbose Show debug logs (specify multiple times to increase verbosity) [count] [default: false] --debug Enable emission of additional debugging information, such as creation stack traces of tokens [boolean] [default: false] --profile Use the indicated AWS profile as the default environment [string] --proxy Use the indicated proxy. Will read from HTTPS_PROXY environment variable if not specified [string] --ca-bundle-path Path to CA certificate to use when validating HTTPS requests. Will read from AWS_CA_BUNDLE environment variable if not specified [string] -i, --ec2creds Force trying to fetch EC2 instance credentials. Default: guess EC2 instance status [boolean] --version-reporting Include the "AWS::CDK::Metadata" resource in synthesized templates (enabled by default) [boolean] --path-metadata Include "aws:cdk:path" CloudFormation metadata for each resource (enabled by default) [boolean] --asset-metadata Include "aws:asset:*" CloudFormation metadata for resources that uses assets (enabled by default)[boolean] -r, --role-arn ARN of Role to use when invoking CloudFormation [string] --staging Copy assets to the output directory (use --no-staging to disable the copy of assets which allows local debugging via the SAM CLI to reference the original source files) [boolean] [default: true] -o, --output Emits the synthesized cloud assembly into a directory (default: cdk.out) [string] --notices Show relevant notices [boolean] --no-color Removes colors and other style from console output [boolean] [default: false] --ci Force CI detection. If CI=true then logs will be sent to stdout instead of stderr [boolean] [default: false] --version Show version number [boolean] -b, --bootstrap-bucket-name, The name of the CDK toolkit bucket; --toolkit-bucket-name bucket will be created and must not exist [string] --bootstrap-kms-key-id AWS KMS master key ID used for the SSE-KMS encryption [string] --example-permissions-boundary, Use the example permissions --epb boundary. [boolean] --custom-permissions-boundary, --cpb Use the permissions boundary specified by name. [string] --bootstrap-customer-key Create a Customer Master Key (CMK) for the bootstrap bucket (you will be charged but can customize permissions, modern bootstrapping only) [boolean] --qualifier String which must be unique for each bootstrap stack. You must configure it on your CDK app if you change this from the default. [string] --public-access-block-configuration Block public access configuration on CDK toolkit bucket (enabled by default) [boolean] -t, --tags Tags to add for the stack (KEY=VALUE) [array] [default: []] --execute Whether to execute ChangeSet (--no-execute will NOT execute the ChangeSet) [boolean] [default: true] --trust The AWS account IDs that should be trusted to perform deployments into this environment (may be repeated, modern bootstrapping only) [array] [default: []] --trust-for-lookup The AWS account IDs that should be trusted to look up values in this environment (may be repeated, modern bootstrapping only) [array] [default: []] --cloudformation-execution-policies The Managed Policy ARNs that should be attached to the role performing deployments into this environment (may be repeated, modern bootstrapping only) [array] [default: []] -f, --force Always bootstrap even if it would downgrade template version [boolean] [default: false] --termination-protection Toggle CloudFormation termination protection on the bootstrap stacks [boolean] --show-template Instead of actual bootstrapping, print the current CLI's bootstrapping template to stdout for customization [boolean] [default: false] --toolkit-stack-name The name of the CDK toolkit stack to create [string] --template Use the template from the given file instead of the built-in one (use --show-template to obtain an example) [string] --previous-parameters Use previous values for existing parameters (you must specify all parameters on every deployment if this is disabled) [boolean] [default: true] -h, --help Show help [boolean] ``` TLDR; ``` --example-permissions-boundary, Use the example permissions --epb boundary. [boolean] --custom-permissions-boundary, --cpb Use the permissions boundary specified by name. [string] ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Issue # (if applicable) N/A ### Reason for this change Cluster can be upgraded/created to Postgres 16.2 via the console/CLI but not CDK. ### Description of changes Adds support for Postgres 16.2 Aurora cluster, 16.2 instances are already supported. ### Description of how you validated changes N/A ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Issue # (if applicable) Closes #29999 ### Reason for this change As described in the issue [comment](#29999 (comment)). ### Description of changes ### Description of how you validated changes 1. added more unit tests. 2. added a new integ test 3. I have deployed this in my AWS account ```ts import { App, Stack, CfnParameter, aws_iam as iam, CfnOutput, } from 'aws-cdk-lib'; const app = new App(); const stack = new Stack(app, 'dummy-stack'); const userArn = 'arn:aws:iam::123456789012:user/OthersExternalIamUser'; const userparam = new CfnParameter(stack, 'UserParameter', { default: userArn, }); const imported = iam.User.fromUserArn(stack, 'imported-user', userArn); const imported2 = iam.User.fromUserArn(stack, 'imported-user2', userparam.valueAsString ); new CfnOutput(stack, 'User', { value: imported.principalAccount! }); new CfnOutput(stack, 'User2', { value: imported2.principalAccount! }); ``` And the output is correct: ``` Outputs: dummy-stack.User = 123456789012 dummy-stack.User2 = 123456789012 ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Exposes the [CaCertificateIdentifier](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-docdb-dbinstance.html#cfn-docdb-dbinstance-cacertificateidentifier) property of [AWS::DocDB::DBInstance](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-docdb-dbinstance.html) in the L2 constructs `DatabaseCluster` and `DatabaseInstance` of `aws_docdb`. This allows specifying a custom CA identifier using the CaCertificate class. Usage with `DatabaseCluster`: ```typescript new DatabaseCluster(stack, 'Database', { // ... instanceType: InstanceType.of(InstanceClass.R5, InstanceSize.LARGE), instanceCaCertificate: CaCertificate.RDS_CA_RSA4096_G1, // ... }); ``` Usage with `DatabaseInstance`: ```typescript new DatabaseInstance(stack, 'Instance', { cluster: databaseCluster, instanceType: InstanceType.of(InstanceClass.R5, InstanceSize.LARGE), caCertificate: CaCertificate.RDS_CA_RSA4096_G1, }); ``` This is modelled on #27138. Closes #28356. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Fix code formatting in README to make examples readable ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Closes #30132 ### Reason for this change Slight misspelling of enum values. ### Description of changes Fixed the name. Deprecated the old values. Changed values in tests & readmes ### Description of how you validated changes No behavior change as underlying value is the same. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Issue # (if applicable) Closes #29731 ### Reason for this change * Diffs that are only present in the change set are ignored ### Description of changes * Include changes to properties that are only present in the changeset ### Description of how you validated changes * Here is an image of what the change looks like, with the fix on the right and the old behavior on the left. I did this with a CDK app that is the same as given in the example from the customer who opened the issue (29731), but the app also includes a new queue (which is in the left and right). <img width="851" alt="29731Fix" src="https://github.com/aws/aws-cdk/assets/108292982/2c6e9464-5c36-4697-88fd-2929cdbcf8cc"> * manual, unit, and integration tested. Ran all integration tests that mention `cdk diff`: ``` [INTEG TEST::cdk diff] Starting (pid 34550)... [INTEG TEST::cdk diff] Done (13725 ms). [INTEG TEST::cdk diff --fail on multiple stacks exits with error if any of the stacks contains a diff] Starting (pid 34550)... [INTEG TEST::cdk diff --fail on multiple stacks exits with error if any of the stacks contains a diff] Done (80833 ms). [INTEG TEST::cdk diff --fail with multiple stack exits with if any of the stacks contains a diff] Starting (pid 34550)... [INTEG TEST::cdk diff --fail with multiple stack exits with if any of the stacks contains a diff] Done (81796 ms). [INTEG TEST::cdk diff --security-only successfully outputs sso-permission-set-without-managed-policy information] Starting (pid 34550)... [INTEG TEST::cdk diff --security-only successfully outputs sso-permission-set-without-managed-policy information] Done (7394 ms). [INTEG TEST::cdk diff --security-only successfully outputs sso-permission-set-with-managed-policy information] Starting (pid 34550)... [INTEG TEST::cdk diff --security-only successfully outputs sso-permission-set-with-managed-policy information] Done (7043 ms). [INTEG TEST::cdk diff --security-only successfully outputs sso-assignment information] Starting (pid 34550)... [INTEG TEST::cdk diff --security-only successfully outputs sso-assignment information] Done (6930 ms). [INTEG TEST::cdk diff --security-only successfully outputs sso-access-control information] Starting (pid 34550)... [INTEG TEST::cdk diff --security-only successfully outputs sso-access-control information] Done (6958 ms). [INTEG TEST::cdk diff --security-only --fail exits when security diff for sso access control config] Starting (pid 34550)... [INTEG TEST::cdk diff --security-only --fail exits when security diff for sso access control config] Done (6945 ms). [INTEG TEST::cdk diff --security-only --fail exits when security diff for sso-perm-set-without-managed-policy] Starting (pid 34550)... [INTEG TEST::cdk diff --security-only --fail exits when security diff for sso-perm-set-without-managed-policy] Done (7042 ms). [INTEG TEST::cdk diff --security-only --fail exits when security diff for sso-perm-set-with-managed-policy] Starting (pid 34550)... [INTEG TEST::cdk diff --security-only --fail exits when security diff for sso-perm-set-with-managed-policy] Done (7131 ms). [INTEG TEST::cdk diff --security-only --fail exits when security diff for sso-assignment] Starting (pid 34550)... [INTEG TEST::cdk diff --security-only --fail exits when security diff for sso-assignment] Done (7225 ms). [INTEG TEST::cdk diff --security-only --fail exits when security changes are present] Starting (pid 34550)... [INTEG TEST::cdk diff --security-only --fail exits when security changes are present] Done (7124 ms). [INTEG TEST::cdk diff --quiet does not print 'There were no differences' message for stacks which have no differences] Starting (pid 34550)... [INTEG TEST::cdk diff --quiet does not print 'There were no differences' message for stacks which have no differences] Done (75387 ms). [INTEG TEST::cdk diff picks up changes that are only present in changeset] Starting (pid 34550)... [INTEG TEST::cdk diff picks up changes that are only present in changeset] Done (98624 ms). PASS tests/cli-integ-tests/cli.integtest.js (414.667 s) ● Console console.log Using regions: us-east-1 at log (../../lib/with-aws.ts:36:11) Test Suites: 2 skipped, 1 passed, 1 of 3 total Tests: 90 skipped, 14 passed, 104 total Snapshots: 0 total Time: 414.86 s Ran all test suites with tests matching "cdk diff". ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…ects` (#30096) ### Issue # (if applicable) [29873](#29873) ### Description of changes This the documentation update to notify users that upon setting the `autoDeleteObjects` to `true` we would also add a new policy `s3:PutBucketPolicy` to handle race conditions. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Issue # (if applicable) Closes #28584 ### Reason for this change To have in place updates for EKS clusters when subnets or SG values are changed. ### Description of changes Removed `replaceVpc` logic and introduced `updateVpc` to track changes and errors to handle multiple updates in one go ### Description of how you validated changes Have tested the changes by first deploying a cluster with below config: ```ts const vpc = ec2.Vpc.fromLookup(stack, 'Vpc', { isDefault: true }); new eks.Cluster(stack, 'Cluster', { vpc, ...getClusterVersionConfig(stack, eks.KubernetesVersion.V1_24), defaultCapacity: 0, }); ``` TestCase - 1 Update both subnets and Access at the same time ```ts new eks.Cluster(stack, 'Cluster', { vpc, ...getClusterVersionConfig(stack, eks.KubernetesVersion.V1_29), defaultCapacity: 0, tags: { foo: 'bar', }, endpointAccess: eks.EndpointAccess.PUBLIC, vpcSubnets: [{ subnetType: ec2.SubnetType.PUBLIC }], }); ``` Error below is thrown for Cluster custom resource - ``` { "errorType": "Error", "errorMessage": "Only one type of update - VpcConfigUpdate, LoggingUpdate or EndpointAccessUpdate can be allowed", "stack": [ "Error: Only one type of update - VpcConfigUpdate, LoggingUpdate or EndpointAccessUpdate can be allowed", " at Pi.onUpdate (/var/task/index.js:55:651127)", " at Pi.onEvent (/var/task/index.js:55:647590)", " at Runtime.yR [as handler] (/var/task/index.js:55:657995)", " at Runtime.handleOnceNonStreaming (file:///var/runtime/index.mjs:1173:29)" ] } ``` TestCase - 2 Update subnets to public ```ts new eks.Cluster(stack, 'Cluster', { vpc, ...getClusterVersionConfig(stack, eks.KubernetesVersion.V1_29), defaultCapacity: 0, vpcSubnets: [{ subnetType: ec2.SubnetType.PUBLIC }], }); ``` ``` { "updates": { "replaceName": false, "updateVpc": true, "updateAccess": false, "replaceRole": false, "updateVersion": false, "updateEncryption": false, "updateLogging": false } } ``` ``` { clientName: 'EKSClient', commandName: 'UpdateClusterConfigCommand', input: { name: 'Cluster9EE0221C-0b6f58b0698348aea43866b93a62b2c9', resourcesVpcConfig: { subnetIds: [Array], securityGroupIds: [Array] } }, output: { update: { createdAt: 2024-05-08T20:55:00.013Z, errors: [], id: '7d5cd243-5536-3f52-b5ca-4c6e6c044529', params: [Array], status: 'InProgress', type: 'VpcConfigUpdate' } }, metadata: {} } ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

@TheRealAmazonKendra

…folder (#29830) ### Issue # (if applicable) Closes #22928 #22530 I'm reopening as the original was closed due to inactivity. ### Reason for this change When the template is synthesized, if it is larger than 50kb and cannot be inlined in the CFN request, CLI writes it to the filesystem to be uploaded to S3. Unlike regular deployments `import` overrides the template, when it does so the code responsible for writing the large template to the filesystem writes to the project root. This code reproduces the issue: ``` import * as cdk from "aws-cdk-lib"; import { Construct } from "constructs"; import * as sqs from "aws-cdk-lib/aws-sqs"; import * as iam from "aws-cdk-lib/aws-iam"; export class AwsCdkImportBugStack extends cdk.Stack { constructor(scope: Construct, id: string, props?: cdk.StackProps) { super(scope, id, props); for (let i = 0; i < 70; i++) { const q = new sqs.Queue(this, `AwsCdkImportBugQueue${i}`, { visibilityTimeout: cdk.Duration.seconds(300), enforceSSL: true, }); } // new sqs.Queue(this, `AwsCdkImportBugQueue`, { // visibilityTimeout: cdk.Duration.seconds(300), // enforceSSL: true, // removalPolicy: cdk.RemovalPolicy.RETAIN, // }); } } ``` Deploy the stack, uncomment the queue, and try to import. This error happens: ``` $ npx cdk import AwsCdkImportBugStack AwsCdkImportBugStack/AwsCdkImportBugQueue/Resource (AWS::SQS::Queue): enter QueueUrl (empty to skip): https://sqs.eu-central-1.amazonaws.com/<cut>/AwsCdkBugStack-keep186A2ECA-IznVNwytuY1b AwsCdkImportBugStack/AwsCdkImportBugQueue/Policy/Resource (AWS::SQS::QueuePolicy): enter Id (empty to skip): Skipping import of AwsCdkImportBugStack/AwsCdkImportBugQueue/Policy/Resource AwsCdkImportBugStack: importing resources into stack... [0%] start: Publishing 06a2c6415fd2982e3285e9d615e5f9b99d1d795a9064479fbe6b88455ac62f6c:current [100%] fail: ENOENT: no such file or directory, open '/home/nburtsev/projects/aws-cdk-import-bug/cdk.out/AwsCdkImportBugStack.template.json-06a2c6415fd2982e3285e9d615e5f9b99d1d795a9064479fbe6b88455ac62f6c.yaml' ❌ AwsCdkImportBugStack failed: Error: Failed to publish one or more assets. See the error messages above for more information. at publishAssets (/home/nburtsev/projects/aws-cdk-import-bug/node_modules/aws-cdk/lib/index.js:420:84876) at process.processTicksAndRejections (node:internal/process/task_queues:95:5) at async deployStack (/home/nburtsev/projects/aws-cdk-import-bug/node_modules/aws-cdk/lib/index.js:430:391) at async ResourceImporter.importResources (/home/nburtsev/projects/aws-cdk-import-bug/node_modules/aws-cdk/lib/index.js:433:171694) at async ResourceImporter.importResourcesFromMap (/home/nburtsev/projects/aws-cdk-import-bug/node_modules/aws-cdk/lib/index.js:433:171357) at async CdkToolkit.import (/home/nburtsev/projects/aws-cdk-import-bug/node_modules/aws-cdk/lib/index.js:433:205058) at async exec4 (/home/nburtsev/projects/aws-cdk-import-bug/node_modules/aws-cdk/lib/index.js:488:54378) Failed to publish one or more assets. See the error messages above for more information. ``` The file is created, it's just in the project root not in cdk.out: ``` ~/projects/aws-cdk-import-bug $ ls -la total 284 drwxr-xr-x 7 nburtsev users 4096 Mar 22 10:48 . drwxr-xr-x 8 nburtsev users 4096 Mar 22 10:11 .. -rw-r--r-- 1 nburtsev users 64131 Mar 22 10:48 AwsCdkImportBugStack.template.json-06a2c6415fd2982e3285e9d615e5f9b99d1d795a9064479fbe6b88455ac62f6c.yaml drwxr-xr-x 2 nburtsev users 4096 Mar 22 10:12 bin -rw-r--r-- 1 nburtsev users 3185 Mar 22 10:12 cdk.json drwxr-xr-x 2 nburtsev users 4096 Mar 22 10:48 cdk.out <cut> ``` ### Description of changes I've just added a path.join similar to how it is done in regular template generation. ### Description of how you validated changes I've added a test case but I believe tests are broken globally as per @TheRealAmazonKendra ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

#30020) ### Issue # (if applicable) Closes #29995. ### Reason for this change Only the `task` option is allowed for [`pidMode`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-pidmode) on Linux-based Fargate tasks. ### Description of changes This PR builds on the changes introduced in #29670 but fixes the handling of `pidMode` so that it matches the behavior allowed by CloudFormation and described in the [AWS User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-pidmode). ### Description of how you validated changes Updated the existing tests so that `task` is the only allowable `pidMode` setting if a Fargate task's OS is Linux-based. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…ognito (#30035) ### Issue # (if applicable) Closes #29781 ### Reason for this change Authorization scope is set even when the auth type is None. This will cause deployment failure >12:52:11 PM | CREATE_FAILED | AWS::ApiGateway::Method | ActionsApiGatewayI...oxyOPTIONS041B022A Resource handler returned message: "Invalid Method authorization type specified. Authorization Scopes are only valid for COGNITO_USER_POOLS authorization type (Servic e: ApiGateway, Status Code: 400, Request ID: f9c6357b-428e-42a8-884c-07b77939d165)" (RequestToken: bb8de2e9-37b7-ca15-9bd8-547bc7eea134, HandlerErrorCode: InvalidRequ est) ### Description of changes Check when auth type is not Cognito, set auth scope to none. Not a breaking change because original templates cannot deploy. ### Description of how you validated changes All existing and new tests pass. ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Issue When creating an instance directly through the asg, it is not possible to define the `keyPair`, in addition to bringing a warning message that the `keyName` will be removed This configuration allows sending the `keyPair` to the asg since the LaunchTemplate allows its integration Warning: > [WARNING] aws-cdk-lib.aws_ec2.LaunchTemplateProps#keyName is deprecated. Closes #29237 ### Reason for this change I'm working directly with CDK and needed to implement a way to use my `keyPair` and avoid warning that `keyName` will be removed soon when i'm creating my ASG ### Description of changes - Add `keyPair` to CommonAutoScalingGroupProps interface - Prevent `keyPair` and `keyName` from being set at the same time - Send `keyPair` when creating LaunchTemplate if flag `AUTOSCALING_GENERATE_LAUNCH_TEMPLATE` is enabled - Prevent `keyPair` if the flag `AUTOSCALING_GENERATE_LAUNCH_TEMPLATE` is disabled ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Issue # (if applicable) Closes #<issue number here>. ### Reason for this change ### Description of changes ### Description of how you validated changes ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Issue # (if applicable) N/A ### Reason for this change Newly hired, need to be added to list of team members. ### Description of changes Added my GitHub username to the list of core members. ### Description of how you validated changes N/A ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…30150) ### Issue # (if applicable) Closes #29779 ### Reason for this change `cooldown` cannot be set on step scaling and can cause deployment failure in certain regions. ### Description of changes Deprecate the property and ignore the value. Give a warning. ### Description of how you validated changes Unit test added. ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…onstruct (#30120) ### Issue # (if applicable) Closes #30090 ### Reason for this change As described in the issue. ### Description of changes Add copyTagsToSnapshot property to the DatabaseCluster Construct. ### Description of how you validated changes Add both unit tests and integ tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…target (#29584) ### Reason for this change Introduces support to configure AppSync GraphQLAPI as an EventBridge target. - announcement: https://aws.amazon.com/about-aws/whats-new/2024/01/amazon-eventbridge-appsync-target-buses/ - documentation: https://docs.aws.amazon.com/eventbridge/latest/userguide/target-appsync.html ### Description of changes - Expose `GraphQLEndpointArn` attribute in L2 GraphQLAPI construct - Implement `events.IRuleTarget` for `AppSync` ```ts rule.addTarget(new targets.AppSync(api, { graphQLOperation: 'mutation Publish($message: String!){ publish(message: $message) { message } }', variables: events.RuleTargetInput.fromObject({ message: 'hello world', }), deadLetterQueue: queue, })); ``` ### Description of how you validated changes unit test and integration tests ### Issue Solves #29884 ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Reason for this change Fix typo. encrpytion -> encryption ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Issue # (if applicable) Add missing DLC repository account information for multiple regions. ### Reason for this change As part of exteding support to new regions we require the `DLC_REPOSITORY_ACCOUNTS` for those specific regions in our `fact-tables`. ### Description of changes Added missing information for few regions we already provide support to. Also, updated the reference doc links since they are out of date and haven't been updated in a long time and we need to reference the new docs to fetch the required information. ### Description of how you validated changes ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Issue # (if applicable) Closes #29126. Related PR: #29127 Perhaps if one merges, the other will cause a conflict. ### Reason for this change We would be good to trigger pipelines by git pull request filters. - CFn and API docs - https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codepipeline-pipeline-gitconfiguration.html - https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codepipeline-pipeline-gitpullrequestfilter.html - https://docs.aws.amazon.com/codepipeline/latest/APIReference/API_GitPullRequestFilter.html ### Description of changes Add `gitPullRequestFilter` parameter with new interface into `GitConfiguration` interface. ### Description of how you validated changes Both unit and integ tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Issue Closes #27600. Closes #16811. ### Reason for this change PutBucketPolicy and PutBucketNotification API calls are happening at the same time and causing race condition because S3 does not allow parallel bucket edits. ### Description of changes Add dependency on bucket policy to custom resource so that PutBucketPolicy API call is always executed before PutBucketNotification. ### Description of how you validated changes I've reproduced the bug locally and this solution fixed it. ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…ons (#30077) ### Issue # (if applicable) N/A ### Reason for this change Doc correction for `retryOnServiceExceptions`. The code here was updated in #26474 , so that the error `Lambda.ClientExecutionTimeoutException` is handled automatically by [`retryOnServiceExceptions`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_stepfunctions_tasks.LambdaInvoke.html#retryonserviceexceptions). However, the documentation comment was not updated to reflect this change. ### Description of changes Explain that `Lambda.ClientExecutionTimeoutException` is also handled automatically as part of [retryOnServiceExceptions](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_stepfunctions_tasks.LambdaInvoke.html#retryonserviceexceptions) ### Description of how you validated changes N/A ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

@RaphaelManke

### Issue #29665 Closes #29665 ### Reason for this change Step Function target is not supported yet by pipes-targets. ### Description of changes - Added step function as a pipes target. - I've decided to make the `invocationType` a required parameter, since this made the code clearer and make users aware of how they want the step function to be invoked. The [AWS::Pipes::Pipe PipeTargetStateMachineParameters](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-pipes-pipe-pipetargetstatemachineparameters.html) has this as an optional parameter (defaulting to Request-Response), which can lead the user unknowingly in a broken pipe, because cdk's StateMachines [default](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_stepfunctions.StateMachine.html#statemachinetype) to Standard Workflow, which is not compatible with Request-Response Invocation Type. - Currently there seems no way to prevent users from creating a pipe with an imported Standard StateMachine and InvocationType Request-Response as the stateMachineType cant be read (or I dont know how :D) ### Description of how you validated changes - Added unit tests - Added integration test ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- I've talked with @RaphaelManke and he was fine for me opening up a PR (put him as a co-author nevertheless) :) *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Issue # (if applicable) Closes #<issue number here>. ### Reason for this change AWS CDK cannot configure Redshift multi-AZ cluster. ### Description of changes Add `multiAz` to `clusterProps`. ### Description of how you validated changes I've added both unit and integ tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Issue # (if applicable) Closes #29862 ### Reason for this change Exposes `BucketDeployment`'s `memoryLimit` prop in the `ProductStack` class. While not an ideal solution, this allows users to handle larger files ### Description of changes * Added `memoryLimit` to `ProductStackProps` and the internal `ProductStackSynthesizerProps` ### Description of how you validated changes Updated unit and integ tests ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Issue # (if applicable) N/A ### Reason for this change Newly hired, need to be added to list of team members. ### Description of changes Added my GitHub username to the list of core members. ### Description of how you validated changes N/A ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

aws-cdk-automation · 2024-05-15T21:01:34Z

AWS CodeBuild CI Report

CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
Commit ID: f294ac2
Result: SUCCEEDED
Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

mergify · 2024-05-15T21:01:52Z

Thank you for contributing! Your pull request will be automatically updated and merged without squashing (do not update manually, and be sure to allow changes to be pushed to your fork).

scanlonp and others added 30 commits May 8, 2024 20:20

Merge branch 'main' into merge-back/2.141.0

16637a2

chore(merge-back): 2.141.0 (#30118)

2779b5e

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/merge-back/2.141.0/CHANGELOG.md)

chore(prlint): exemption request is now case insensitive (#30127)

d19d97c

---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

chore(cloudfront): fix example formatting in README (#30133)

b2eb86c

Fix code formatting in README to make examples readable ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

schmiddy and others added 6 commits May 13, 2024 23:16

chore(release): 2.142.0

f294ac2

aws-cdk-automation added auto-approve pr/no-squash This PR should be merged instead of squash-merging it labels May 15, 2024

github-actions bot added the p2 label May 15, 2024

aws-cdk-automation requested a review from a team May 15, 2024 20:34

github-actions bot approved these changes May 15, 2024

View reviewed changes

aws-cdk-automation had a problem deploying to test-pipeline May 15, 2024 20:35 — with GitHub Actions Failure

mergify bot merged commit 289a1e3 into v2-release May 15, 2024
28 of 29 checks passed

mergify bot deleted the bump/2.142.0 branch May 15, 2024 21:01

github-actions bot mentioned this pull request May 20, 2024

Weekly PR metrics report #30274

Closed

github-actions bot mentioned this pull request Jun 1, 2024

Monthly PR metrics report #30414

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(release): 2.142.0 #30223

chore(release): 2.142.0 #30223

aws-cdk-automation commented May 15, 2024 •

edited

Loading

aws-cdk-automation commented May 15, 2024

mergify bot commented May 15, 2024

chore(release): 2.142.0 #30223

chore(release): 2.142.0 #30223

Conversation

aws-cdk-automation commented May 15, 2024 • edited Loading

aws-cdk-automation commented May 15, 2024

AWS CodeBuild CI Report

mergify bot commented May 15, 2024

aws-cdk-automation commented May 15, 2024 •

edited

Loading