v2.139.0

Features

• appconfig: constrain environments to a single deployment at a time (#29500) (3dd834d), closes #29345
• ecs: support pidMode for FargateTaskDefinition (#29670) (ed75b16), closes #29619
• ecs: support adding docker labels after container construction (#29734) (8e215b3), closes #29728
• efs: replicating file systems (#29347) (a15dc93), closes #21455
• ses-actions: WorkMail rule action (#29854) (6fdc458)
• update L1 CloudFormation resource definitions (#29924) (27b7a45)

Bug Fixes

• CLI: diff --template crashes (#29896) (466f170), closes #29890
• CLI: bootstrap shows no hotswap changes when there are no changes (#29877) (2126ee5), closes #25736
• custom-resource-handler: auto-delete-[objects|images] breaks on cloudformation rollback (#29581) (69ea52f)
• custom-resources: cannot set logging for state machine generated in CompleteHandler (#28706) (99041b2), closes #27283 #28577 #28744 #27310 #28699 #28587
• eks: incorrect nodegroupName(under feature flag) (#29794) (8bb8c55)
• elasticloadbalancingv2: crossZoneEnabled does not support false for ALB (#29907) (f6c902e)
• events-targets: ApiGateway events target should accept IRestApi (#29397) (8e1fefd), closes #16423 /github.com/aws/aws-cdk/pull/16542#discussion_r713676896 /github.com/aws/aws-cdk/pull/16542#issuecomment-925051255
• s3-notifications: cdk destroy deletes external/existing s3 notification events (#29939) (7360a88)
• ses-actions: permissions too wide for S3 action (#29833) (2da544f), closes #29811 #29823 /docs.aws.amazon.com/ses/latest/dg/receiving-email-permissions.html#receiving-email-permissions-s3

---

Alpha modules (2.139.0-alpha.0)

v2.138.0

Features

• AppSync: addRdsDataSource support for DatabaseCluster (#29544) (1894f2d), closes #29302
• cognito: support provider details for UserPoolIdentityProviderSaml (#29588) (375f1a6), closes #29494 #29598
• custom-resources: add logging property to AwsSdkCall and create Logging class (#29648) (b049064)
• ec2: well-known port aliases (#29793) (f10494c)
• elasticloadbalancingv2: add removeSuffix param for ExternalApplicationListener.addAction() (#29746) (f4af330), closes #29496
• route53: DNSSEC zone signing (#28604) (213fffc)
• sns: add TracingConfig prop (#29783) (f14b60f), closes #29714
• stepfunctions-tasks: add httpinvoke step functions task (#28673) (178e481), closes #28278
• update L1 CloudFormation resource definitions (#29798) (7103fed), closes /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-launchtemplate.html#aws-resource-ec2 /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-launchtemplate.html#aws-resource-ec2 /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html#cfn-ec2 /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html#cfn-ec2

Bug Fixes

• ecs-patterns: integ test failed with certificate error (#29623) (5347369), closes /github.com/aws/aws-cdk/pull/29186#issuecomment-1959231406 /github.com/aws/aws-cdk/pull/29186#issuecomment-1959231406
• eks: add support of Helm charts located in ECR of AWS CN region (#29778) (0da25e5), closes #28460
• globalaccelerator: changing installLatestAwsSdk breaks Security Group reference (#29620) (ece7eb6), closes #23796 /github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-globalaccelerator/lib/_accelerator-security-group.ts#L32
• lambda: version.fromVersionArn creates invalid Version object (#29820) (8198884)
• spec2cdk: get tag gives null result in Java CDK (#29870) (5a918d1)
• stepfunctions: the catch field in CustomState is not rendered (#29654) (77e9fc6)

---

Alpha modules (2.138.0-alpha.0)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• cognito-identitypool-alpha: The argument of IdentityPoolProviderUrl.userPool() has been changed from url: string to userPool: UserPool, userPoolClient: UserPoolClient. If you want to specify custom identifier string, use IdentityPoolProviderUrl.custom() instead.

Bug Fixes

• cognito-identitypool-alpha: inconvenient IdentityPoolProviderUrl.userPool() (#29025) (90a7734)

v2.137.0

Features

• assertions: add stack tagging assertions (#29247) (72f189d), closes #27620
• cloudfront: adding support for inline KeyValueStore sources (#29419) (5675010), closes #29204
• ec2: NatInstanceProviderV2 improvements (#29729) (4eb02a4), closes #29720
• elasticloadbalancingv2: application load balancer attributes (#29586) (067c4a5), closes #29585

Bug Fixes

• appsync: source api association does not depend on schema (#29455) (92a160b), closes #29044
• s3-deployment: BucketDeployment fails when bootstrap stack's StagingBucket is encrypted with customer managed KMS key (#29540) (0b429fb), closes #25100 #25100 #25100
• sns: contentBasedDeduplication is always false for imported topic (#29542) (4a9e683), closes #29532

---

Alpha modules (2.137.0-alpha.0)

Bug Fixes

• integ-tests: httpApiCall.expect with resolved URL (#29705) (49b4aa1), closes #29700 #29701

v2.136.1

Reverts

• chore(ec2): update WindowsVersions enum (#29737) (0e9d5ca), closes #29736

---

Alpha modules (2.136.1-alpha.0)

v2.136.0

Features

• rds: specify PreferredMaintenanceWindow in reader or writer props (#29686) (615ee2d), closes #29687
• stepfunction: add enableExecuteCommand to sfn ECSRunTask (#29638) (d5b8594), closes #29637

Bug Fixes

• cli: diff with changeset fails if deploy role cannot be assumed (#29718) (21dba21), closes #29650
• cloudwatch-actions: LambdaAction fails if added to multiple action types (#29515) (a12887b), closes #29514
• iam: grantAssumeRole silently fails with service and account principals (#29452) (36fd79d), closes #24507
• pipelines: codeStar connection accepts nested repository (#29631) (10357c0), closes #27504
• s3-assets: throw if path property is empty (#29425) (2814011), closes #29410

---

Alpha modules (2.136.0-alpha.0)

v2.135.0

Features

• lambda: adding support for Ruby3.3 lambda runtime (#29680) (e63c777)
• update L1 CloudFormation resource definitions (#29677) (99e9589), closes /docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.requirements.html#aurora-serverless-v2 /docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.requirements.html#aurora-serverless-v2
• route53: allow specifying an STS region when creating a cross-account zone delegation (#29466) (fe4bc1d)
• sns: add signature version prop (#29543) (dffedca), closes #29539

Bug Fixes

• cli: cdk watch for Lambdas with Advanced Logging Controls do not stream logs to the terminal (#29451) (4dbf5c8), closes #29448 /github.com/aws/aws-cdk/blob/main/packages/aws-cdk/lib/api/logs/find-cloudwatch-logs.ts#L114
• cli: ecs hotswap deployment waits correctly for success or failure (#28448) (5c30255)
• ec2: global vpc endpoint support (#29563) (df48fd7), closes #29560 10.0.0.2#53 10.0.0.2#53
• eks: missing support for "InstanceTypes" attribute assignment for AL2023 AMIs (#29505) (e77ce26), closes #29335
• events-targets: hardcoded AWS partition in ECS task resource ARN (#29633) (69cff2e), closes #29610
• route53: allow records with a weight of 0 (#29595) (cc7e95b), closes #29556
• add validation for ALB access log bucket when KMS key is provided (#29382) (2cc2449), closes #22031

---

Alpha modules (2.135.0-alpha.0)

v2.134.0

Features

• update L1 CloudFormation resource definitions (#29605) (bf34b6c)
• update L1 CloudFormation resource definitions (#29606) (432f97d)
• apigatewayv2: add missing WebSocketIntegration props (#29566) (7534dcd), closes #29562
• appsync: queryDepthLimit and resolverCountLimit props on GraphqlApi (#29182) (ba6d0b3)
• cli: warn of non-existent stacks in cdk destroy (#27921) (f0d1d67), closes #27179
• codepipeline-actions: show status reason in the pipeline for failed change set executions (#29534) (6d16337)
• eks: trainium instance types (#29155) (507b709), closes #29131
• elasticloadbalancingv2: denyAllIgwTraffic and clientRoutingPolicy for NLB (#29521) (7fe8ad3), closes #29520
• elasticloadbalancingv2: client keepalive for ALB (#29504) (9b79f94), closes #29503
• elasticloadbalancingv2: enforce security group inbound rules prop (#29522) (8df2823), closes #29516
• update L1 CloudFormation resource definitions (#29530) (1fdac0c)
• update L1 CloudFormation resource definitions (#29569) (c9fb4f7)
• update L1 CloudFormation resource definitions (#29573) (53d2094)
• rds: eliminating the need for explicit secret.grantRead() invokes when using DataAPI with Aurora cluster (#29399) (bc9d0b4), closes #29362 /github.com/aws/aws-cdk/pull/29338#discussion_r1512026791

Bug Fixes

• CLI: cdk diff stack deletion causes a race condition (#29492) (067539a), closes #29265
• cloudformation-diff: move aws-sdk to dependency for cfn-diff to get CFN types resolved in exports (#28768) (28c4be3), closes #28680 #28679
• cloudwatch: cloudwatch ec2 alarm action with multiple dimension results in error (#29364) (cc37778)
• cloudwatch: unrecognized statistic warning when using percentileRank statistic in Stats helper (#29498) (f2ad980), closes #29465
• ecs-patterns: integ test unable to create ECS service (#29490) (6faa60e), closes /github.com/aws/aws-cdk/pull/29186#issuecomment-1959231406
• elasticloadbalancingv2: allow alb slow start duration of 0 seconds (#29445) (cf2351b), closes #29437
• kms: kms key grant methods misidentify region when enclosing stack is different region (#29315) (9076d6e)
• opensearch: cannot disable cluster logging (#29205) (c7fcaf7), closes #29294

Reverts

• "feat(cli): warn of non-existent stacks in cdk destroy" (#29577) (f60e6e9), closes aws/aws-cdk#27921 40aws-cdk-testing/cli-integ/tests/cli-integ-tests/cli.integtest.ts#L190 /github.com/aws/aws-cdk/blob/07ce8ecc42782475d099b89944571375341c28d3/packages/aws-cdk/lib/api/cxapp/cloud-executable.ts#L86

---

Alpha modules (2.134.0-alpha.0)

Features

• kinesisanalytics-flink: add support for Flink 1.18 (#29554) (8fd8ee8), closes /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kinesisanalyticsv2-application.html#aws-resource-kinesisanalyticsv2

Bug Fixes

• glue: s3 path specified in --spark-event-logs-path needs to end with slash (#29357) (4ff3565), closes #29356

v2.133.0

Features

• CLI: improved nested stack diff (#29172) (135b520)
• codepipeline: change default pipeline type to V2 (under feature flag) (#29096) (e85231c), closes /github.com/aws/aws-cdk/pull/28538#discussion_r1471761574 /github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-codepipeline/lib/pipeline.ts#L492
• ec2: add APPCONFIG and APPCONFIGDATA to InterfaceVpcEndpointAwsService (#29408) (baaa50c)
• ecs-patterns: support securityGroups in NetworkLoadBalancedFargateService (#29431) (00e8a7b), closes #29430 /github.com/aws/aws-cdk/pull/29186#issuecomment-1959231406
• opensearchservice: cold storage option (#29387) (ce52c7e), closes #29366
• rds: proxy for mariadb (#29412) (6fef789), closes #29402
• stepfunctions-tasks: start glue crawler (#29016) (5592553), closes #24188
• update L1 CloudFormation resource definitions (#29438) (5b910f0)

Bug Fixes

• cli: cdk ls returns stack id instead of stack display name (#29447) (77189be), closes #29420
• lambda-nodejs: fixing esbuildArgs to take in account re-specified keys (#29167) (919d16f), closes #25385
• stepfunctions: the retry field in CustomState is not iterable (#29403) (a1fbd51), closes #29274

Reverts

• prevent changeset diff for non-deployed stacks (#29485) (fac4a9c), closes #29394 #29172

---

Alpha modules (2.133.0-alpha.0)

v2.132.1

Bug Fixes

• cli: cdk ls returns stack id instead of stack display name (#29447) (effad1c), closes #29420

---

Alpha modules (2.132.1-alpha.0)

v2.132.0

Features

• autoscaling: add support for InstanceRefresh suspended process (#29113) (f5e7717)
• autoscaling: support custom termination policy with lambda (#29340) (2ebb409), closes #19750
• codepipeline: executionMode property for Pipeline (#29148) (3bb2944), closes #29147
• ec2: add NAT instance V2 support using AL2023 (#29013) (7fa6bbf)
• elasticloadbalancingv2: health check interval greater than timeout (#29075) (576d034), closes #29062
• rds: add ability to specify PreferredMaintenanceWindow to RDS cluster database instances (#29033) (9c82bca), closes #16954
• rds: enable data api for aurora cluster (#29338) (82690f7), closes #28574
• stepfunctions-tasks: start build batch integration (#29296) (4f2b757), closes #29119
• list stack dependencies (#28995) (a7fac9d)
• update L1 CloudFormation resource definitions (#29349) (8b01f45)

Bug Fixes

• batch: windows does not support readonlyRootFilesystem (#29145) (7205143), closes #29140
• changelog: changelog for v2.131.0 has some errors (#29352) (1b56897)
• cli: prevent changeset diff for non-deployed stacks (#29394) (d33caff), closes #29265
• cloudwatch: allow up to 30 dimensions for metric (#29341) (ebe2adf), closes #29322
• custom-resources: correctly convert values to Date type (#28398) (38bdb92), closes /github.com/aws/aws-cdk/blob/1a9c30e55e58203bd0a61de82711cf10f1e04851/packages/aws-cdk-lib/custom-resources/lib/helpers-internal/sdk-v3-metadata.json#L174 #27962
• custom-resources: log statement exposes information prohibited by security guideline (#29406) (11621e7)
• ecs-patterns: resolve not being able to create ECS service in integ.alb-ecs-service-command-entry-point (#29333) (6a69d5b), closes /github.com/aws/aws-cdk/pull/29186#issuecomment-1959231406
• events_targets: installing latest aws sdk fails in cn partition (#29374) (f0383d6)
• events-targets: ecs:TagResource permission (#28898) (4af0dfc), closes #28854
• lambda-nodejs: support bundling aws-sdk as part of the bundled code asset (#29207) (2378635), closes #25492 #25492
• rds: DatabaseCluster.instanceEndpoints doesn't include writer endpoint (#29337) (ca59616), closes #29279
• rds: incorrect error message for rds proxies (#29404) (2dbb381), closes #29402
• spec2cdk: use modern type when building tag type (#29389) (3fb0254)
• sqs: redrivePermission is set to byQueue no matter what value is specified (#29130) (aa8484a), closes #29129 #29129
• stepfunctions: maxConcurrency does not support JsonPath (#29330) (b19f822), closes #20835 #20279

---

Alpha modules (2.132.0-alpha.0)

Bug Fixes

• glue: PythonRayExecutableProps has innaccurate properties (#28625) (7994733), closes #28570