All notable changes to this project will be documented in this file. See standard-version for commit guidelines.
2.50.0 (2022-11-01)
- aws-ecs-patterns: entryPoint and command support within ApplicationLoadBalancedFargateService and ApplicationLoadBalancedEc2Service (#22609) (6925293), closes #17092
- codedeploy: CodeDeploy deployment group construct for ECS (#22295) (efd24d1), closes #1559
- core: automatic cross stack, cross region references (under feature flag) (#22008) (f1b5497)
- ec2: Vpc supports reserving space for future AZs (#22705) (7b51ea9)
- stepfunctions: add intrinsic functions (#22431) (8f85b08), closes #22068 #22629
- opensearch: log group policies ignore incorrect error code on delete (#22364) (ebba9e3)
- revert jsii to version 1.69.0 (#22715) (0837c1a)
- apigateway: race condition exists between stage and cfnaccount in specrestapi (#22671) (4cb008b), closes #18925
- aws-events: restrict eventbus statementId to 64 characters (#22296) (fadbfc1), closes #22120 #21808
- stepfunctions-tasks: athenaStartQueryExecution task generates invalid s3 arn (#22692) (6e0cb2b), closes #22608
2.49.1 (2022-10-31)
2.49.0 (2022-10-27)
2.48.0 (2022-10-27)
- cfnspec: cloudformation spec v93.0.0 (#22562) (2afb718)
- cfnspec: cloudformation spec v94.0.0 (#22599) (e5be100)
- cfnspec: cloudformation spec v94.0.0 (#22649) (42160fc)
- cli: allow disabling parallel asset publishing (#22579) (69981ac), closes #19367
- ec2: Vpc supports allocating CIDR from AWS IPAM (#22458) (7ed9cd1)
- eks: support for Kubernetes version 1.22 (#22604) (91704aa), closes #20263
- rds: dual-stack mode support (#22596) (89a7365)
- apigateway: relax access log format check to allow either requestId or extendedRequestId (#22591) (1a16ad0)
- eks: kubectl layer must contain AWS CLI (#22559) (d8b4c09)
- ssm:
not working without version (#22618) (b33b9b0), closes #18729 #22311
2.47.0 (2022-10-20)
- apigateway: support multi-level paths for custom domains (#22463) (cdc5753), closes #15904
- config: add custom policy rule constructs (#21794) (09a5cc4), closes #21441
- elbv2: add dropInvalidHeaderFields for elbv2 (#22466) (91767f0), closes /
- breaking change to deployment config props (#22567) (be6074a), closes #22566
- apigateway: validation for path parts does not allow creation of resources with colon (#22531) (73c443a), closes #22477 #22477
- cli: hotswap deploy fails on multiple CfnEvaluationException (#22339) (7b47f41), closes #22323
- cloudwatch: remove region from dashboard ARN (#22524) (558d192)
- codeguruprofiler: incorrect profiling group name is returned when using importing (#22554) (9934619)
- cognito: cannot use same lambda function as trigger in multiple user pools (#22444) (b26fc00), closes #22315
- config: Creating multiple rules from the same lambda (#21594) (0d2b529), closes #17582
- iam: missing validation for actions added post instantiation of a policy statement (#21906) (10974d9), closes 40aws-cdk/aws-iam/lib/policy-statement.ts#L88-L95
- stepfunctions: JsonPath.listAt does not accept strings starting with
(#22472) (6f332ef), closes #22471
2.46.0 (2022-10-13)
- aws-certificatemanager: Add ability to specify the certificate name (#22301) (614ba92)
- aws-ec2: add metadata options support for launchTemplate construct (#22312) (9297bd0)
- cfnspec: cloudformation spec v92.0.0 (#22435) (064a1a6)
- cloudfront-origins: allow setting a user defined origin id (#22349) (239215f), closes #2756
- ec2: adds persist option to user data on windows instances (#21709) (cb1506f)
- sns: topic name with
suffix generated automatically (#22375) (ba201cf), closes #18740 - sqs: add enforceSSL property to enforce encryption of data in transit (#22363) (f1886cf)
- apigateway: cannot create an ApiKey with an imported RestApi (#22368) (83c4123), closes #22102
- apigateway: CORS OPTIONS method should not require auth (#22402) (ef72089), closes #8615
- core: asset bundling skipped when using --exclusively with custom stack name (#21248) (209ddea), closes /
- some custom resources don't work in opt-in regions (#22370) (456a2c7), closes #22022
- cli: state machine hotswap fails if the
change (#22396) (0d44db2) - core: Custom Resource type length validation (#22118) (c186e2d)
- custom-resources: provider can fail if S3 has brown-outs (#22362) (cdedf60)
- ec2: cannot deploy SecurityGroup with allowAllIpv6Outbound (#22414) (bb16d97), closes #22407
- ecs: removed explicit addition of ecs deployment type when circuit breaker is enabled (#22328) (635129c), closes #16126 #16919
- half-written asset zips can be uploaded if process is interrupted (#22393) (2ed006e), closes #18459
- "fix(ecs): removed explicit addition of ecs deployment type when circuit breaker is enabled (#22328)" (#22418) (0f002e2), closes /
2.45.0 (2022-10-06)
- add
method toStack
(#22337) (61b2ab7) - apigateway: add accessLogField static method (#22322) (3ce8e47), closes #21650
- apigateway: create BasePathMapping without stage (#21488) (9bb213c), closes #15806
- aws-cloudwatch: composite alarm actions suppression (#22330) (19c945e)
- cfn-include: allow cyclical dependencies (#22126) (2c8195a)
- cfnspec: cloudformation spec v91.0.0 (#22305) (0358d51)
- codedeploy: CodeDeploy deployment config constructs for Lambda and ECS (#22159) (6840d8e)
- codepipeline-actions: add elastic beanstalk deploy action (#22135) (d8acc8a), closes #2516
- core: allow overriding the stage name (#22223) (3d227e5), closes 40aws-cdk/core/lib/stage.ts#L139 40aws-cdk/core/lib/stack.ts#L1139-L1143 40aws-cdk/core/lib/stack.ts#L106-L111
- core: make
easier to subclass (#22308) (8b2b381) - sqs: add SQS managed server side encryption (#21591) (fa137eb), closes #17770
- certificatemanager: unable to set removal policy on DnsValidatedCertificate (#22122) (bae6554), closes #22040 #22040 #20649 #14519
- cli: large context causes E2BIG error during synthesis on Linux (#21373) (7040168), closes #21230 #19261
- core: addPropertyOverride doesn't work for all intrinsics (#22294) (e2deca0), closes #20608 #19971
- ec2: cannot allow all ipv6 traffic (#22279) (f7bbc94), closes #7094
- init: freshly generated go project doesn't build (#22310) (c6a4e71)
- region-info: SSM service principals are incorrect in opt-in regions (#22327) (b7f0889)
- s3: Bucket Key cannot be used with KMS_MANAGED key (#22331) (63d3c54)
- sns: race condition exists between sqs queue policy and sns subscription (#21797) (cf43b03)
- sqs: SSE-SQS is enabled by default and can't be disabled (#22321) (43547d3), closes #22137
- step-functions: arn is not valid across partitions (#22314) (6e16ffe)
- stepfunctions-tasks: emrcontainers has incorrect validation of entry point arguments (#22242) (a006b9a), closes #22061
2.44.0 (2022-09-28)
- assets: support drop-in docker replacements by setting
(#21838) (d52310e), closes 40aws-cdk/core/lib/bundling.ts#L523 #21836 - backup: add copy actions to backup plan rules (#22244) (d87a651), closes #22173
- cfnspec: cloudformation spec v89.0.0 (#22232) (953d684)
- cli:
cdk deploy --method=direct
is faster (#22079) (dd6ead4) - cloudwatch: add gauge widget (#22213) (d9f0e80), closes #22136
- core: 'postCliContext' property allows context that cannot be overridden by the CLI (#21743) (a618096)
- dynamodb: Changes how metricForOperation methods are used (#22097) (fcb311d), closes #21963
- logs: add dimensions to metric filter (#21654) (f834a45), closes / #16999
- pipelines: allow disabling use of change sets (#21619) (05723e7), closes #20827
- s3-deployment: extract flag to disable automatic unzipping (#21805) (91898b5), closes #8065
- aws-elasticloadbalancingv2: Validation for interval and timeout of application-target-group (#22225) (6128e39)
- cli: SSO credentials do not work when using a proxy (#22115) (c425e8c), closes #21328
- elbv2: Use correct format for parsing imported target group ARNs (#22153) (4704d4c)
- rds: changing engine versions would fail to update on DBInstances that were part of a DBCluster (#22185) (c070ace), closes #21758 #22180
- cannot use values that return an instance of a deprecated class for non TS / JS language (#22204) (4cad2cf)
2.43.1 (2022-09-23)
- cannot use values that return an instance of a deprecated class for non TS / JS language (#22204) (6182d33)
2.43.0 (2022-09-21)
- cfnspec: cloudformation spec v89.0.0 (#22105) (9726e8f)
- ec2: flowlog setting add MaxAggregationInterval (#22098) (dbede40)
- stepfunctions-tasks: additional IAM statements for AWS SDK service integration (#22070) (fbb941f), closes #22006
- api-gateway: SpecRestApi ignores disableExecuteApiEndpoint property (#22133) (a4364ce), closes #21295
- certificatemanager: unable to set removal policy on DnsValidatedCertificate (#22040) (b3c9464), closes #20649
- cli: "EACCES: Permission denied" on 'cdk init' (#22111) (384ba2b), closes #21049 #22090
- cli: Lambda hotswap fails if environment contains tokens (#22099) (8280709), closes #22088
- codedeploy: unable to configure disable automatically rollback (#22083) (ce27789), closes #21691
- s3-deployment: fails when
is a token with a long string representation (#22163) (ce59b6a)
2.42.1 (2022-09-19)
- init-templates: csharp and fsharp app init fails when path contains space (#22112) (89f64d4), closes aws/aws-cdk#21049
2.42.0 (2022-09-15)
- cfnspec: cloudformation spec v88.0.0 (#22026) (1f03e8c)
- cognito: add SAML user pool identity provider (#21879) (76d446b)
- lambda-event-sources: add filters to SQS, DynamoDB, and Kinesis event sources (#21917) (7ba5659), closes #17874
- redshift-alpha: directly add parameters to a parameter group or indirectly through a cluster (#20944) (0ad307b), closes #20656 #20656
- ssm: reference existing SSM list parameters (#21880) (8f7ee2b), closes #12477 #14364
- apigateway: Add contextOwnerAccountId log pattern (#21989) (c24027b), closes #21731
- aws-lambda: fail fast if a reserved environment variable is specified (#22039) (950ccd5)
- elasticloadbalancingv2: securityGroup property is not required in fromApplicationListenerAttributes (#21934) (e501ac9), closes #21930
- elbv2: connections not created for chained listener actions (#21939) (46cf825), closes #12994
- init-templates: csharp and fsharp app init fails when path contains space (#21049) (79c9ca1), closes #18803
- lambda-event-sources: cannot add sqs event source to an imported function (#21970) (c33bb81), closes #12607
- route53: vpc region in template overridden by stack region (#20530) (aedc888), closes #20496 #20496
2.41.0 (2022-09-07)
- assertions: add function for verifying the number of matching resource properties (#21707) (80cb527)
- custom-resource: allow AwsCustomResource to be placed in vpc (#21357) (62d7bf8)
- ec2: allow private non-nat subnets (#21699) (e1794e3)
- ecs: add
properties to LinuxParameters (#18703) (08eb1d6), closes #18460 - lambda-event-sources: add kafka consumerGroupId support (#21791) (b36bc11)
- compress aws-cdk-lib tablet file (#21854) (5a3db2d)
- ecs: add function for adding secrets to containers after instantiating them (#21826) (572f781), closes #18959
- aws-cdk: cdk bootstrap print JSON template when using --json option (#21852) (7bc3d18), closes #21456 #21456
- core:
doesn't record stack traces (#21931) (9f2ea45) - events: additional plaintext header are not set on eventbridge connection (#21857) (f3f4814)
- events-targets: cannot set retry policy to 0 retry attempts (#21900) (5549f16), closes 40aws-cdk/aws-events-targets/lib/util.ts#L54-L59 #21864
- stepfunctions: cfnSpec breaks definitionSubstitutions prop (#21887) (3adf841), closes #21653
2.40.0 (2022-08-31)
- cdk-cli-wrapper: add
argument for cdk deploy (#21762) (dab83cc) - core:
intrinsic functions (#21749) (7472fa4)
- certificatemanager: domainName not checked for length (#21807) (3e55092)
- ecs: secretToken required but declared as optional (#21745) (26ac81f), closes #21744
- ecs-patterns: add validation for queue and queue related props (#21717) (7e9bd7d)
- integ: write assertion stack name to integ manifest (#21809) (e2dc2cb), closes #21646
- servicecatalog: incorrect service in portfolio arn generation (#21770) (f9ca639), closes #20849
2.39.1 (2022-08-29)
2.39.0 (2022-08-25)
- aws-cloudwatch: add support for sparkline graphs in SingleValueWidget (#21684) (cf5d115), closes #21683
- certificatemanager: Allow opting out of transparency logging (#21686) (85b6db0)
- cfnspec: cloudformation spec v85.0.0 (#21679) (1a560b0)
- cli: re-introduce
option (#21681) (f001f7e), closes #20345 #21664 #21663 #21598 #21663 - cloudtrail: add configuration for IsOrganizationTrail (#21625) (f5a1057), closes #21578
- ecr-assets: expose property imageTag separately from imageUri in ECR assets (#21582) (5f32e0f)
- autoscaling: error not thrown when associatePublicIpAddress is set to false when specifying launchTemplate (#21714) (da61adc), closes #21576
- cli: build assets before deploying any stacks (#21513) (5cc0d35), closes #21511
- cli: CLI hangs for 10 minutes on expired credentials (#21052) (1e305e6)
- cli: ECS hotswap breaks Firelens configuration (#21748) (3d22f70), closes #21692
- cli: empty non top-level stack does not get deleted (#21624) (a6757b0), closes / / #20822 #20822
- codebuild: ReportGroup missing test permissions when set to CODE_COVERAGE (#21656) (17a4989), closes #21534
- core: feature flag values should be booleans (#21759) (daf885f), closes aws-cdk/aws-lambda/lib/function.ts#L1306
- ec2: Internet connectivity not established for private subnets (#21495) (5b1488d), closes #21348
2.38.1 (2022-08-18)
- cli: revert "feat(cli): --concurrency option" (#21664) (2ad2163b)
- cli: revert "feat(cli): cdk watch --concurrency" (#21665) (6048d4fc)
2.38.0 (2022-08-17)
- aws-cloudwatch-actions: add ssm incidents as alarm action (#21167) (471511e), closes #20553 #20552
- cfnspec: cloudformation spec v84.0.0 (#21574) (16c0c98)
- cli: --concurrency option (#20345) (0dd34dd), closes #1973 #19378
- cli: cdk watch --concurrency (#21598) (e48cf15), closes #20345 #21597
- cli: support hotswapping Lambda function's description and environment variables (#21532) (b1777d2), closes #82dbd4 #20787
- cloudfront: create distributions with HTTP/3 (#21613) (58101a6)
- core: use literal for stack.partition (under feature flag) (#21420) (401b428), closes #4092
- ec2: add P4DE instances (in developer preview) (#21590) (0c654e9), closes #20924 /
- ecs-patterns: refactor fargate interfaces and add support for runtimePlatform (#21529) (b4f9e5e), closes #20756 #20756 #18462
- pipelines: add static PipelineBase.isPipeline method (#21075) (ea11f33)
- s3: introduce a
method (#20081) (0ec31da) - servicediscovery: add support for API only services within a DNS namespace (#21494) (1920313)
- route53: misleading error message in
is undefined (#21596) (f44eb98), closes #10053 - duration doesn't get accurately compared in alb service base (#21584) (90786d6), closes #21560
- aws-apigateway: CloudWatch logging should be disabled by default (under feature flag) (#21546) (78c858f), closes #10878
- cloudfront: truncate long ResponseHeaderPolicy names (#21525) (a464ee1), closes #21524
- codepipeline-actions: cross stack reference causes stack cycle in sources that use CloudWatch Events (#20149) (adf4022), closes #3087 #8042 #10896
- codepipeline-actions: ecr source action doesn't trigger the pipeline (#21580) (f135b80), closes #10901
- kms: imported key ignores environment from arn (#21519) (c6dbb96), closes #21464
- lambda-event-sources:
does not supportISecret
(#21555) (bf0f07b), closes #21422 - route53-targets: InterfaceVpcEndpointTarget incorrectly accepts an imported endpoint (#21523) (cc0b005), closes #10432
2.37.1 (2022-08-10)
2.37.0 (2022-08-09)
- apigateway: add metrics for Stage and Method constructs (#20617) (3bf1361)
- aws-cdk-lib: aws-cdk-lib assembly file is compressed (#21481) (0767873)
- cfnspec: cloudformation spec v82.0.0 (#21473) (1124cbf)
- cfnspec: cloudformation spec v83.0.0 (#21498) (453b553)
- cli: support hotswapping Lambda function's description and environment variables (#21305) (fb92703), closes #20787
- cognito: allow retrieval of UserPoolClient generated client secret (#21262) (67a24ba)
- core: add network option to docker run command (#21450) (86e396a), closes #21447
- events: complex event pattern matching with the
class (#21310) (fe7651f) - lambda: add docker platform support for lambda (#21405) (48178ac)
- lambda-event-sources: add
(#21422) (82a597a) - logs: delete associated log group when stack is deleted (#21113) (2bdd504)
- cli:
does not handleCfnOutput
change correctly (#21461) (7ccc644), closes #19998 40aws-cdk/cloudformation-diff/lib/diff/types.ts#L10-L21 - custom-resources: AwsCustomResource requires a policy which updates immutable roles (#20966) (a02ef9c), closes #13232
- cx-api: bootstrap stack is validated even if the custom synthesizer does not require it (#21518) (afb1c2d), closes #21324 40aws-cdk/cx-api/lib/artifacts/asset-manifest-artifact.ts#L38-L41 40aws-cdk/cx-api/lib/artifacts/asset-manifest-artifact.ts#L58
- ec2: launch template missing tags (#21445) (3853728)
- ecs: setting updatePolicy results in error due to updateType having default value (#21025) (3103784)
- eks: missing question marks cause update cluster setting failure (#21463) (1000abe), closes #21185 #21436
- lambda: Function allows specifying vpcSubnets without vpc (#21369) (e9233fa), closes #21357
- opensearchservice: access denied when creating a new domain in regions without cognito support (#21395) (0e49aed), closes #21192
- pipelines: 'ConfirmPermissionsBroadening' incorrectly invokes lambda for AWS CLI v2 (#21462) (a913d60)
- ses: incorrect DKIM records for EmailIdentity (#21318) (54bad4c), closes #21306
2.36.0 (2022-08-08)
2.35.0 (2022-08-02)
- config: add support for eks-cluster-xxx-version managed rule (#21344) (82e8100), closes #21254
- core: cache fingerprints of large assets (#21321) (17f1ec8), closes #21297
- ec2: add missing endpoints to InterfaceVpcEndpointAwsService (#21401) (c64cccb), closes #21402 #21220 #21338 #19420
- events-targets: add dlq support for ecs target (#21396) (e82ba52), closes #21118
- fsx: support AutoImportPolicy in LustreFilesystem (#21301) (b1ce472)
- fsx: support DataCompressionType in LustreConfiguration (#21392) (214a792), closes #16431
- opensearch: add support for latest amazon opensearch service 1.3 (#21413) (aa55715), closes #21414
- pipelines: allow use of custom role for pipeline (#21299) (ff3c01a), closes #21412
- rds: add copyTagsToSnapshot to the construct props for ServerlessCluster and ServerlessClusterFromSnapshot (#21056) (47333a1), closes #20968
- appmesh: routes with weight 0 are assigned a weight of 1 (#21400) (fa0341f)
- cognito: UserPoolClient doesn't correctly respect authFlows (#21386) (daf178a), closes #16236
- core: asset fingerprint cache invalidation incorrectly uses mtime (#21374) (65a210a), closes #21321
- ecs: ec2Service placement strategies use incorrect casing which causes drift (#20946) (715158f), closes #20812
- ecs: new arn format not supported (under feature flag) (#18140) (9749a57), closes #16634 #18137
- eks: cannot disable cluster logging once it has been enabled (#21185) (e41b073), closes #18112 #20707 #19898
- events: archive construct does not have defaultChild set (#21345) (de7d825), closes #21263
- cli: cannot pass objects and numbers as context arguments (#21387) (2fa85b9), closes aws/aws-cdk#20068
2.34.2 (2022-07-29)
- cli: context value type conversion causing parse failures (21381)
2.34.1 (2022-07-29)
- Revert to
as dynamic runtime type-checking it introduced for Python results in incorrect code being produced.
2.34.0 (2022-07-28)
- api-gateway: allow configuration of deployment description (#21207) (03fc2bd)
- cfnspec: cloudformation spec v81.1.0 (#21307) (1f91112)
- cli: cannot pass objects and numbers as context arguments (#20068) (ec2d68a)
- ec2: add R6A instances (#21257) (f66f94e)
- ecs: add function to grant run permissions to task definition (#21241) (d7ac3bb), closes #20281
- lambda-event-sources: add AT_TIMESTAMP event source mapping starting position (#20741) (76e0768)
- aws-lambda: FunctionUrl incorrectly uses Alias ARNs (#21353) (2904d2a)
- bootstrap: remove image scanning configuration (#21342) (2d26916)
- cli: add validation of --notification-arns structure (#21270) (6d157d1), closes #20806
- ecr: Repository.addToResourcePolicy returns incorrect result (#21137) (5435215)
- ecs: firelens configFileValue is unnecessarily required (#20636) (b79b2e4)
- ecs-patterns: memory limit is not set at the container level (#21201) (f2098b7)
- pkglint: allow dependencies on L1 only modules (#21208) (f16fd69)
2.33.0 (2022-07-19)
- cfnspec: cloudformation spec v80.0.0 (#21159) (db4524a)
- cfnspec: cloudformation spec v81.0.0 (#21196) (7bf2433)
- cli: allow diffing against a processed template (#19908) (cd4851a)
- cognito: added verified attribute changes (#21180) (ad67594), closes #21179
- ec2: add ICMPv6 protocol (#20626) (99831b0)
- ecs-patterns: add capacityProviderStrategies props to (Application/Network)LoadBalanced(Ec2/Fargate)Service (#20879) (1f0656e), closes #18868
- stepfunctions: add
to import a state machine by resource name (#20036) (2b5bd59)
- aws-s3-assets: support asset url with two extension name like tar.gz (#20874) (673b0d1), closes #12699
- cfn-include: preserve unrecognized resource attributes (#19920) (f7f23a7)
- cli: CLI timeout fetching notices prints "unreachable" branch error message (#20308) (7c4cd96), closes #20069 /
- core: CustomResourceProvider assets are staged in node_modules (#20953) (901b225)
- integration test for appsync apikey auth fails with out of bound API key expiration (#21198) (37a44d7)
2.32.1 (2022-07-15)
- core: revert "fix(core): use node.path in skip bundling check for consistency with cdk deploy CLI" (#21174) (05ac2d8), closes #19950
2.32.0 (2022-07-14)
- backup: support RDS database cluster and serverless cluster (#17971) (53a6a47), closes #16457
- backup: vault lock (#21105) (a25677b), closes #21076
- cfnspec: cloudformation spec v79.0.0 (#21053) (68f09b7)
- cli: --force flag and glob-style key matches for context --reset (#19890) (39a7c1f), closes #19840 #19888
- codebuild: add support for new codebuild images (#20992) (9f3d71c), closes #20960
- core: add a description parameter for the NestedStackProps (#20930) (5ef106b), closes #16337
- ec2: expose interface endpoint service shortname (#20965) (ebfbf54)
- rds: support rolling instance updates to reduce downtime (#20054) (86790b6), closes #10595 #10595
- secretsmanager: create secret with secretObjectValue (#21091) (5f0eff2), closes #20461
- ses: DedicatedIpPool, ConfigurationSet and EmailIdentity (#20997) (541ce1b)
- stepfunctions-tasks: support parameters in StepFunctionsInvokeActivity (#21077) (10f8821), closes #21020
- apigateway: serialization exception with step functions integration (#20169) (6640338)
- aws-ec2: flow log destinationOptions requires all properties (#21042) (0a76009), closes #20765 / #21037
- aws-eks: cap generated stack names at 128 characters (#20528) (6e9963c), closes #20124
- cli:
flag is ignored in favor of theenableDiffNoFail
feature flag (#21107) (cad6fc5) - cli: CLI errors when run as a non-existent user (#21018) (e6015a9), closes #7937
- core: entrypoint option never used (#21124) (e123087)
- core: updatedProperties function name is misspelled (#21071) (7b389f0)
- core: use node.path in skip bundling check for consistency with cdk deploy CLI (#19950) (5cff2d9), closes #19927 / aws-cdk/cx-api/lib/cloud-artifact.ts#L143-L145 aws-cdk/core/lib/stack-synthesizers/_shared.ts#L66
- ec2: deprecated
enums are treated incorrectly (#21140) (0b5123a) - events-targets: api destination target ignores pathParameterValues and queryStringParameters (#21111) (8446c5c), closes #21101
- iam:
parameters accept array values (#21009) (0aad6c9), closes #20974 - kms: correctly recognize newly created resources (#21143) (0cd83cc), closes #19881
- logs:
does not have adefaultChild
(#21039) (4076153) - pipelines: cannot publish assets to more than 35 environments (#21010) (4b4af84)
- pipelines: reuseCrossRegionSupportStacks=true does not fail when existing pipeline is used (#20423) (9c0ccca)
- route53: publichostedzone import returns IHostedZone instead of IPublicHostedZone (#21007) (588ddf1), closes #21004
- sns-subscriptions: restrict encryption of queue to only the respective sns topic (under feature flag) (#20521) (4e0c80f), closes #20339
- flowlog has no default child (#21045) (b025abc)
- triggers: permissions race condition (#19455) (8ebb81b)
2.31.2 (2022-07-13)
- custom-resources: Custom resource provider framework not passing
to user function (#21117) (f00f952), closes aws#21065 aws#21109 aws#21058
2.31.1 (2022-07-08)
- custom-resources: Custom resource provider framework not passing
to user function (#21065) (f7b25b6), closes #21058
2.31.0 (2022-07-06)
- autoscaling: step scaling policy supports estimatedInstanceWarmup property (#20936) (e4c7b97)
- aws-s3: create default bucket policy when required (under feature flag) (#20765) (cefa453), closes / #18816
- cfnspec: cloudformation spec v78.1.0 (#20952) (20d6e09)
- dynamodb: imported tables always grant permissions for indexes (#20682) (4d003a5), closes #13703
- ec2: add additional instance type classes (#20972) (400ad91), closes #20924
- s3: Event Bridge notification can be enabled after the bucket is created (#20913) (b0b7a32)
- cli: standard log messages are sent to stderr when CI=true (#20957) (277340d), closes #7717
- cloudfront: fromOriginAccessIdentityName is a misnomer (#20772) (3e58e5a), closes #20141
- eks: latest
version isn't compatible with the chart version (#20826) (43a0cec) - route53: cannot delete existing alias record (#20858) (22681b1), closes #20847
- stepfunctions-tasks: SqsSendMessage is missing KMS permissions (#20990) (52b7019)
- custom resources log sensitive
field (#20899) (6b4f92f)
2.30.0 (2022-07-01)
- appmesh: ipv6 support for app mesh (#20766) (b1e6d62), closes #20737
- cognito: make
available onIUserPool
(#20799) (a1df570), closes #20285 - iam: PolicyStatements can be frozen (#20911) (3bf737b)
- lambda: grant function permissions to an AWS organization (#19975) (2566017), closes #19538 #20146
- rds: add missing aurora postgres versions (#20830) (2151a0e)
- apigateway: Explicitly test for undefined instead of falsey for stage default options (#20868) (b368a31)
- eks: revert shell=True and allow public ecr to work (#20724) (de153fc)
- pipelines: 'ConfirmPermissionsBroadening' uses wrong node version (#20861) (bac965e)
- secretsmanager: SecretRotation app does not set DeletionPolicy (#20901) (f2b4eff)
2.29.1 (2022-06-24)
2.29.0 (2022-06-22)
- apigateway: Add LambdaIntegrationOptions to LambdaRestApi (#17065) (b117469), closes #3269
- aws-eks: allow the use of graviton3 processors (#20543) (98b52de)
- cfnspec: cloudformation spec v76.0.0 (#20726) (4dbb246)
- events-targets: Add DLQ support for SNS target (#20062) (1148a47), closes #19741
- lambda: inline function code can exceed 4096 bytes (#20624) (a014c30)
- pipelines: add support for caching to codebuild steps (#20533) (81ef665), closes #16375 #19084
- route53: replace existing record sets (#20416) (2f92c35)
- secretsmanager: exclude characters for hosted rotation (#20768) (d66534a)
- servicediscovery: add hostedzoneid as attribute to namespace (#20583) (454d60f), closes #20510
- autoscaling: osType is wrong when using CloudformationInit with launchTemplate (#20759) (610b7b5)
- codepipeline: cannot deploy pipeline stack with crossAccountKeys twice (under feature flag) (#20745) (c262034), closes #18828
- core: CfnMapping values cannot be used in other stacks (#20616) (f5c2284), closes #18920
- core: Durations in the expected unit are not tested for integer-ness (#20742) (ddb4766)
- events-targets: cloudwatch logs requires specific input template (#20748) (26ff3c7), closes #19451
- iam: add
to prevent policies overwriting each other in multi-stack deployments (#20705) (703e62e), closes #16074 - iam: duplicate PolicyStatements lead to too many overflow policies (#20767) (e692ad2)
- init-templates: unable to initialize typescript templates (#20752) (665534d), closes #20751
- route53: improve fromHostedZoneId error message (#20755) (2cbbb79), closes #8406
2.28.1 (2022-06-15)
2.28.0 (2022-06-14)
- aws-ec2: control over VPC AZs (#20562) (58dffd8), closes #5847
- cfnspec: cloudformation spec v75.0.0 (#20605) (d19e706)
- cloudwatch: add
method in widget container classes (#18615) (9c31446), closes #18466 - codebuild: adds report group type property (#20178) (15bcc3c), closes #14279
- core: allow specifying Docker build targets (#20654) (f243f9e)
- ec2: allow the use of graviton3 processors (#20541) (b8d6cc7)
- ecs: add external network modes to ExternalTaskDefinition and TaskDefinition (#17762) (dd90feb)
- ecs-patterns: add ecs exec support (#18663) (23ee450), closes #15769 #15197 #15497
- lambda: Migrate away from NODEJS_10_X and NODEJS_12_X to NODEJS_14_X (#20595) (4537b3f), closes #20531 #20568 #19992 #20474
- opensearchservice: When a Domain has enforceHttps true, set the connections defaultPort (#20602) (a6fe2cb), closes #16251
- core: property overrides sometimes don't work with intrinsics (#20608) (49b397c), closes #19971 #19447
- core: RemovalPolicy.SNAPSHOT can be added to resources that do not support it (#20668) (d035c5a), closes #20653
- eks: add clusterLogging props to Fargate Cluster (#20707) (1882d7c), closes #19302
- events: eventSourceName does not accept tokens (#20719) (9b36f2e), closes #20718 #10772
- iam: conditions in FederatedPrincipal should be optional (#20621) (8c388a8)
- lambda: deprecate Python3.6 (#19988) (#20647) (c8f5cd2), closes #20085
- servicecatalog: ProductStackHistory does not accept nested directories (#20688) (d4fdb4e), closes #20658
2.27.0 (2022-06-02)
- core: so this PR attempts to smooth a rough edge by "locking"
is called. If the user attempts to override the id after that point, an error message will be thrown
- cfnspec: cloudformation spec v73.1.0 (backport #20587) (#20592) (01711e8)
- cognito: OpenID Connect identity provider (#20241) (33acc7c)
- core:
for custom resource provider (#20449) (7f2fccc) - lambda: add insights version (#19588) (68761dc), closes / /
- pipelines: pass role to s3 source action (#20576) (e2768e8), closes #20556
- s3: adds objectSizeLessThan property for s3 lifecycle rule (#20429) (2bf30df), closes #20425 #20372
- core: logicalId is consumed prior to being overridden (#20560) (e44c2c4), closes #14335
- ecr-assets: cannot build ARM images using modern stack synthesis (#20563) (9a23575), closes #20439
- ecs: canContainersAccessInstanceRole is ignored when passed in AsgCapacityProvider constructor (#20522) (dacefd6), closes #20293 #20293
- ecs: fix typo from fromServiceAtrributes to fromServiceAttributes (#20456) (f4439ce), closes #20458
- events-targets: EventBus IAM statements are only added for the first target (#20479) (74318c7), closes #19407
- iam: referencing the same immutable role twice makes it mutable (#20497) (264c02e), closes #7255
- lambda: function version ignores layer version changes (#20150) (f19ecef), closes #19098
- rds: clusters created from snapshots generate incorrect passwords (#20504) (4a87d39), closes #20434 #20473
- Default username in RoleSessionName (#20188) (b7bc10c), closes #19401 #7937 #19401
2.26.0 (2022-05-27)
- aws-ecr-assets: support the --platform option when building docker images (#20439) (adc0368), closes #12472 #16770 #16858
- lambda: validate function description length (#20476) (de027e2), closes #20475
- s3: adds objectSizeGreaterThan property for s3 lifecycle rule (#20425) (23690e4), closes #20372
- servicecatalog: ProductStackHistory can retain old ProductStack iterations (#20244) (1037b8c)
- core: NestedStack defaultChild is undefined (#20450) (0a49927), closes #11221
- iam: Role policies cannot grow beyond 10k (#20400) (75bfce7), closes #19276 #19939 #19835
- lambda: Fix typo in public subnet warning (#20470) (85f4e29)
- pipelines: too many CodeBuild steps inflate policy size (#20396) (f334060), closes #20189 #19276 #19939 #19835
- s3-deployment: default role does not get
permissions on… (#20492) (3e6ec5c)
2.25.0 (2022-05-20)
- cfnspec: cloudformation spec v69.0.0 (#20240) (e82b63f) and (#20331) (e9de4e9)
- cfnspec: cloudformation spec v72.0.0 (#20357) (c8fd84c)
- cli: make ecr images immutable when created from cdk bootstrap (#19937) (0ef4bb4), closes #18376
- cloudfront: REST API origin (#20335) (f7693e3)
- cognito:
for user pool (#20285) (10d13e4) - core: allow disabling of LogicalID Metadata in case of large manifest (#20433) (88ea829), closes #20211
- ec2: more router types (#20151) (33b983c), closes #19057 /
- iam: validate role path at build time (#16165) (65a5a46), closes #13747
- logs: additional log retention periods (#20347) (734faa5), closes #20346
- s3: add
property to lifecycle rule (#20348) (85604d9), closes #19784
- apigateway: arnForExecuteApi fails on tokenized path (#20323) (f7732a1), closes #20252
- assets: parallel docker image publishing fails on macOS (#20117) (a58a803), closes #20116
- cfn-include: allow CFN Functions in Tags (#19923) (4df9a4f), closes #16889
- cli: allow SSO profiles to be used as source profiles (#20340) (a0b29e9), closes #19897
- cloudwatch-actions: stack partition is hardcoded 'aws' in action arn (#20224) (0eb6c3b), closes #19765
- eks: Cluster.FromClusterAttributes ignores KubectlLambdaRole (#20373) (7e824ab), closes #20008
- iam: AccountPrincipal accepts values which aren't account IDs (#20292) (d0163f8), closes #20288
- pipelines: specifying the Action Role for CodeBuild steps (#18293) (719edfc), closes #18291 #18291
- rds: tokens should not be lowercased (#20287) (5429e55), closes #18802
- secretsmanager: automatic rotation cannot be disabled (#18906) (c50d60c), closes #18749
2.24.1 (2022-05-12)
2.24.0 (2022-05-11)
- cognito: UserPoolDomain.baseUrl() does not return FIPS-compliant url for gov cloud regions (#20200) (dd10df1), closes #20182 #12500
- stepfunctions: map property maxConcurrency is not token-aware (#20279) (14be764), closes #20152
2.23.0 (2022-05-04)
- cfnspec: cloudformation spec v68.0.0 (#20065) (f199fad)
- cloudwatch: Add CustomWidget (#19327) (489340e), closes #17579
- cloudwatch: expose dashboardName property on the L2 Dashboard construct (#17721) (8cb5dff), closes #17648
- ec2: add i4i instance type (#20134) (64c5064)
- iam: add convenience method
to ArnPrincipal (#20109) (c545bfe), closes / #19975 - lambda:
simplifies Alias creation (#20034) (a79bc47) - rds: add secret rotation to
(#20020) (abc3502), closes #12877 - servicecatalog: graduate to stable 🚀 (#19515) (4764591)
- lambda: grant invoke twice with different principals (#20174) (bb4c950)
- ubergen: expose exports in core module for v2 (#20176) (fc2cd48), closes #19773
2.22.0 (2022-04-27)
- aws-cognito: send emails with a verified domain (#19790) (1d2b1d3), closes #19762
- aws-eks: add annotations and labels to service accounts (#19609) (82aec9d), closes #19607
- cloudwatch: expose dashboardArn for CloudWatch dashboard L2 construct (#20059) (df9814f)
- rds: allow
to setcopyTagsToSnapshot
property (#19932) (40a6ceb), closes #19884
- tooling: container user's uid does not match host's uid (#20082) (e9670c8), closes #19979
- deploy monitor count is off if there are > 100 changes (#20067) (fd306ee), closes #11805
- eks: cluster cannot be created in opt-in regions (#20009) (ec06f48), closes #13748 #15579
- eks: remove incomplete support for k8s v1.22 (#20000) (d38a9e4), closes #19756 #19919
- imagebuilder: AmiDistributionConfiguration renders empty (#20045) (7bd7139)
- imagebuilder: revert property field typings (b2e0eb5)
- region-info: EMR service principal incorrect in China (#20014) (84649b8), closes #19867
2.21.1 (2022-04-22)
- imagebuilder: revert property field typings (5e4dca2)
2.21.0 (2022-04-22)
- autoscaling: Auto Scaling Group with Launch Template (#19066) (1581af0), closes #6734
- aws-ecr: make it easy to reference image tag or digest, use everywhere (#19799) (380774e), closes #13299 #15333
- cfnspec: cloudformation spec v66.0.0 (#19812) (43735fd), closes #19798
- cfnspec: cloudformation spec v66.1.0 (#19929) (8c8b6b6)
- cli: glob-style key matching to context --reset (#19840) (edb4119), closes #19797
- codebuild: add ability to customize build status reporting for third-party Git sources (#19408) (423d72f)
- codepipeline: allow to disable stage transition (#19911) (ac9901a), closes #1649
- lambda: function URLs (#19817) (4fd515a), closes #19798
- logs: add QueryDefinition L2 Construct (#18655) (fcf981b)
- route53: fromPublicHostedZoneAttributes method with zoneName (#19771) (7867dc4), closes #18700
- s3-deployment: ephemeral storage size property for bucket deployment (#19958) (3ce40b4), closes #19947
- check for accidental exposure of secrets (#19543) (789e8d2)
- autoscaling: update validation on maxInstanceLifetime (#19584) (d115b47)
- aws-cloudfront: Add sslSupportMethod (#19737) (c5a9679), closes #19476
- aws-ecr-assets: correct file existence validation in tests (#19945) (d4c13c0), closes 40aws-cdk/aws-ecr-assets/test/image-asset.test.ts#L387 #19944
- cfn-diff: allow resources to change types (#19891) (4f3a340), closes #13921
- cfn-include: detect a resource cycle in the included template (#19871) (2c2bc0b), closes #16654
- cfnspec: aws-sam deployment preferences hooks (#19732) (a205734)
- cfnSpec: wrong type for SAM API properties GatewayResponses and Models (#19885) (b214ede), closes #19870
- cli: hangs on retrieving notices (#19967) (daeeafa), closes #19542
- cli: stack monitor prints over error messages (#19859) (42e5d08), closes #19742
- cloudwatch: MathExpression
contract is not clear (#19825) (5472b11), closes #13942 #17126 - core: exportValue does not work on number attributes (#19818) (12459ca), closes #19537
- docdb: make most attributes of DatabaseClusterAttributes optional (#19625) (5f6d20c), closes #14492
- ecr: scanOnPush not supported in certain regions (#19940) (2ff3143), closes #19918
- ecs: get rid of EFS casing warnings (#19681) (eafc11a), closes #15025
- eks: malformed command when installing helm chart from OCI artifact (#19778) (f8babb8), closes /
- iam: role/group/user's path not included in ARN (#13258) (ef2b480), closes #13156
- lambda-event-sources: unsupported property
for KafkaEventSources (#19995) (383171b), closes #19917 - rds: MySQL 8.0 uses wrong Parameter for S3 export (#19775) (5a895a3), closes #19735
- stepfunctions: incorrect default documentation for integrationPattern (#19936) (4cb3b2b), closes #19815
2.20.0 (2022-04-07)
- cfnspec: cloudformation spec v63.0.0 (#19679) (dba96a9)
- cfnspec: cloudformation spec v65.0.0 (#19745) (796fc64)
- cli: add --build option (#19663) (eb9b8e2), closes #19667
- cli: preview of
cdk import
(#17666) (4f12209) - core: throw error when stack name exceeds max length (#19725) (1ffd45e)
- eks: add k8s v1.22 (#19756) (9a518c5)
- opensearch: Add latest Opensearch Version 1.2 (#19749) (a2ac36e)
- add new integration test runner (#19754) (1b4d010)
- eks: alb-controller v2.4.1 (#19653) (1ec08df)
- lambda: add support for ephemeral storage (#19552) (f1d9b6a), closes #19605
- s3: EventBridge bucket notifications (#18614) (d8e602b), closes #18076
- aws_applicationautoscaling: Add missing members to PredefinedMetric enum (#18978) (75a6fa7), closes #18969
- cli: apps with many resources scroll resource output offscreen (#19742) (053d22c), closes #19160
- cli: support attributes of DynamoDB Tables for hotswapping (#19620) (2321ece), closes #19421
- cloudwatch: automatic metric math label cannot be suppressed (#17639) (7fa3bf2)
- codedeploy: add name validation for Application, Deployment Group and Deployment Configuration (#19473) (9185042)
- codedeploy: the Service Principal is wrong in isolated regions (#19729) (7e9a43d), closes #19399
- core:
incorrectly short-circuits complex expressions (#19680) (7f26fad) - core: detect and resolve stringified number tokens (#19578) (7d9ab2a), closes #19546 #19550
- core: reduce CFN template indent size to save bytes (#19656) (fd63ca3)
- ecs: 'desiredCount' and 'ephemeralStorageGiB' cannot be tokens (#19453) (c852239), closes #16648
- ecs: remove unnecessary error when adding volume to external task definition (#19774) (5446ded), closes #19259
- iam: policies aren't minimized as far as possible (#19764) (876ed8a), closes #19751
- logs: Faulty Resource Policy Generated (#19640) (1fdf122), closes #17544
2.19.0 (2022-03-31)
- aws-ec2: Enable/disable EC2 "Detailed Monitoring" (#19437) (94f9d27)
- core: add size.isUnresolved (#19569) (ed26731)
- ecs-patterns: PlacementStrategy and PlacementConstraint for many patterns (#19612) (0096e67)
- elbv2: use
on an imported application listener (#19293) (18a6b0c), closes #10902 - lambda: warn if you use
while also usingcurrentVersion
(#19464) (fd1fff9), closes #19273 #19318
- apigateway: allow using GENERATE_IF_NEEDED for the physical name in LambdaRestApi (#19638) (e817381), closes #9374
- apigateway: id in schema model maps to $id (#15113) (ac5a345), closes #14585
- aws-cognito: Lambda::Permission of lambdaTrigger should have a SourceArn (#19622) (c62eeb7), closes #19604
- docdb: DB Instance ARN uses 'docdb' as the service component instead of 'rds' (#19555) (6a63924), closes #19554
- eks: incorrect version of aws-node-termination-handler (#19510) (9c712cc)
- elbv2: unable to add multiple certificates to NLB (#19289) (e8142e9), closes #13490 #8918 #15328
- rds:
takes aSecret
, notISecret
(#19639) (a74d82e), closes #19409
2.18.0 (2022-03-28)
- cognito: configure SNS region for UserPool SMS messages (#19519) (6eb775e), closes #19434
- cloudformation spec v62.0.0 (#19553) (0352dee)
- autoscaling: support warm pools (#19214) (737e611)
- cfnspec: cloudformation spec v61.0.0 (#19457) (16d7552)
- cli: support SSO (#19454) (eba6052)
- cloudwatch: Additional Properties for Cloudwatch AlarmStatusWidget (#19387) (3c9ea5f), closes #19386
- ec2: add support for x2iezn instances (#19517) (8f6e20e)
- apigateway:
does not create required role and responses (#19486) (d59bee9) - bootstrap: rebootstrap breaks container Functions (#19446) (49ea263), closes #18473
- cli: templates don't include
(#19482) (5ce0983) - core: Aspects from symlinked modules are not applied (#19491) (eaeaed7), closes #18921 #18778 #19390 #18914
- ecr: setting imageScanningConfiguration to false does nothing on existing repository (#18078) (78bc870), closes #18077
- events: cannot have more than one cross-account Rule (#19441) (a257846), closes #12479 #12538
- iam: IAM Policies are too large to deploy (#19114) (3a4fe33), closes #18774 #16350 #18457 #18564 #19276
- lambda: support Lambda's new
authorization strategy (#19318) (d06b27f), closes #19273 - secretsmanager: secret rotation uses old application versions (#19490) (0c983ad), closes #19487
2.17.0 (2022-03-17)
- assertions: Add the
methods. (#19330) (6bdc9eb), closes #18874 - aws-lambda-nodejs: support additional esbuild configurations (#17788) (ab313a4)
- cfnspec: cloudformation spec v60.0.0 (#19347) (20da648)
- cli: parallel asset publishing (#19367) (c8cafef), closes #19193
- ec2: add support for x2idn and x2iedn instances (#19334) (9699efc)
- elbv2: add name validation for target group and load balancer names (#19385) (97e0973), closes / /
- lambda: dotnet6 runtime (#19144) (bbed27d)
- cli: failure to load malformed YAML is swallowed (#19338) (1875c28), closes #19335
- lambda-event-sources: increase batch size restriction (#19317) (1bc5144), closes #19285
- lambda-nodejs: cannot use esbuildArgs with older esbuild versions (#19343) (59a4d81)
- stepfunctions-tasks: migrate from deprecated batch properties (#19298) (75f5b3b), closes #18993
2.16.0 (2022-03-11)
- aws-apigateway: add ability to include authorizer context in apigw sfn integration (#18892) (e7c0c75), closes #18891
- cfnspec: cloudformation spec v59.0.0 (#19236) (f46a14d)
- codebuild: improved support for ARM build images (#19052) (4eac4de), closes #18916 #9817
- eks: Service Account names validation (#19251) (7c3099e), closes #18189
- elasticsearch: Decouple setting access policies from domain constructor (#15876) (cefdfd3)
- lambda-nodejs: support esbuild inject (#19221) (3432c45), closes #19133
- s3: add
for notification (#19250) (e0f863a), closes #19223
- aws-apigateway: missing comma to make failure response payload valid json (#19253) (b1fce4f), closes #19252
- aws-route53-targets: add support for custom cname_prefix urls in elastic beanstalk environment endpoint target (#18804) (289a794)
- cli:
logs always end with the 'truncated' message (#19241) (d3fdfe5), closes #18805 - cli: deprecated stack ids printed at the end of synth (#19216) (7d8a479), closes #18599
- cli: notices refresh doesn't respect the --no-notices flag (#19226) (b3c5fe8)
- efs: fix bug when setting both lifecyclePolicy and outOfInfrequentAccessPolicy (#19082) (d435ab6), closes #19058
- lambda-nodejs: local tsc detection with pre compilation (#19266) (5de7b86), closes #19242
- rds: allow cluster from snapshot to enable encrypted storage (#19175) (bd4141d), closes #17241
- rds: read replica instance cannot join domain (#19202) (cef8fec), closes #18786
- rds: subnet selection not respected for multi user secret rotation (#19237) (dc7a17c), closes #19233
2.15.0 (2022-03-01)
- cfnspec: cloudformation spec v58.0.0 (#19153) (a6b0a10)
- cli: hotswap support for resources in nested stacks (#18950) (2ea9da1)
- ec2: add c6a instances (#19113) (427cdfd)
- apigateway: fix strange vtl template for cors preflight request (#19104) (59ef06a), closes /
- aws-apigateway: api gateway usage plan (#19023) (5b764cc), closes #18994
- cli: cdk version displays notices (#19181) (fa16f7a)
- cli: long connection timeout slows the CLI down (#19187) (6595d04)
- custom-resources: physical resource id must be determined before isComplete (#18630) (c190367)
- dynamodb:
methods are missing thedynamodb:DescribeTable
permission (#19129) (4a44a65), closes #18773 - dynamodb:
doesn't include enough KMS permissions (#19102) (77f1e0b), closes #10010 - ec2: invalid volume type check for iops (#19073) (3f49f02)
- eks: Helm charts fail to install when provided as an asset (#19180) (9961257)
- lambda-nodejs:
property ofBundlingOptions
is ignored whennodeModules
are defined (#18456) (5c40b90), closes #18383 - stepfunctions-tasks: RUN_JOB integration pattern not supported for CallAwsService (#19186) (4b134b7), closes #19174
- apply tags to nested stack (#19128) (3af329b), closes #17463
- rds: MySQL Cluster version 8.0 uses wrong Parameter for S3 import (#19145) (96b2034), closes #19126
- triggers: not published as part of v2 (#19168) (8f727d1), closes #19164
- construct paths are not printed for nested stacks in CLI output (#18725) (b0e0155)
2.14.0 (2022-02-25)
- cli: bundle dependencies (#18667) (31d135f)
- cli: support for matching notices with arbitrary module names (#19088) (a87dee7)
- cli: support for notices (#18936) (d37fbbb)
- cloudfront-origins: extend max keepaliveTimeout of HttpOrigin to 180 (#18837) (171fdcd), closes #18697
- eks: Allow helm pull from OCI repositories (#18547) (7e624d9)
- lambda: add a fromFunctionName() method (#19076) (5b92cc3), closes #18255 #19031
- pipelines: ECR source action (#16385) (fc11ae2), closes #16378
- pipelines: step outputs (#19024) (0dec2ee), closes #17189 #18893 #15943 #16407
- rds: make VPC optional for serverless Clusters (#17413) (4f7818d), closes #17401
- cli: hotswapping is slow for many resources deployed at once (#19081) (040238e), closes #19021
- s3-notifications: notifications allowed with imported kms keys (#18989) (7441418)
- API compatibility check fails in CI pipeline (#19069) (6ec1005), closes #19070
- cloudfront: trim autogenerated cache policy name (#18953) (c7394c9), closes #18918
- elasticloadbalancingv2: validate port/protocol are not provided for lambda targets (#19043) (64d26cc), closes #12514
- route53: fix cross account delegation deployment dependency (#19047) (692a0d0), closes #19041
2.13.0 (2022-02-18)
- aws-stepfunctions-tasks: add environment property for SageMakerCreateTrainingJob (#18976) (60d6e66), closes #18919
- cfnspec: cloudformation spec v56.0.0 (#18930) (24a52ae)
- cfnspec: cloudformation spec v57.0.0 (#19030) (f0acbc4)
- cli: hotswap for appsync vtl mapping template changes (#18881) (9858002)
- codepipeline: add support for CloudFormation StackSet actions (#14225) (d8bc0d0)
- config: S3_BUCKET_LEVEL_PUBLIC_ACCESS_PROHIBITED managed rule (#18890) (1a7e3e2), closes #18888
- core: stack synthesizer that uses CLI credentials (#18963) (a36b72b), closes #16888
- ec2: allow imdsv2 usage on bastion host (#18955) (8c6777c)
- ecs: support version stages and ids for Secrets (#18174) (6d091c2), closes #18123
- events: API Destinations (#13729) (2adbc14)
- lambda: allow Topic to be dlq for Lambda (#18546) (f8d8fe4), closes #16246
- logs: custom Role for Kinesis destination (#13553) (bb96621), closes #7661
- rds: simpler way to configure parameters for instance and cluster (#18126) (3ba9088), closes #18124
- s3-deployment: add
attribute for sequencing (#15384) (edac101)
- assertions: 'pattern.indexOf' is not a function (#19009) (6df26e7)
- assertions: incorrect assertions when >1 messages on a resource (#18948) (072e1b9), closes #18840
- aws-cdk: include nested stacks when building changesets (#17396) (a7dbeef), closes #5722
- cli: handle attributes of AWS::Events::EventBus when hotswapping (#18834) (a30a32a), closes #18831
- core: undeployable due to invalid mapping (#18922) (db28485), closes #18789 #18789
- lambda: unlock use case for cross-account functions w/ preconfigured permissions (#18979) (023108a), closes #18228 #18781 #18967 #18781
- lambda: Validate Lambda "functionName" parameter (#17970) (a416a2d), closes #13264
- pipelines: self-mutate always adds analytics (#19010) (bc47b29), closes #18933
- stepfunctions: imported State Machine sill has region and account from its Stack, instead of its ARN (#19026) (23329b4), closes #17982
- python3 version check with Python 3.10 (#18754) (0ef6527)
- stepfunctions-tasks: EMR Create Cluster does not support dynamic allocation of step concurrency level (#18972) (d19e538)
2.12.0 (2022-02-08)
- cxapi: of behavior.
Instead, this PR gets rid of the entire set of FUTURE_FLAGS_DEFAULTS
set to false
-- there's no point to having them anyway, and it
gets rid of the associated merge conflicts.
Also shore up the docs for these flags a little.
2.11.0 (2022-02-08)
- assets: support networking mode for DockerImageAsset (#18114) (a7b39f5), closes #15516
- cfnspec: cloudformation spec v54.0.0 (#18764) (71601c1)
- cfnspec: cloudformation spec v55.0.0 (#18827) (a1d94b3)
- cli:
cdk diff
works for Nested Stacks (#18207) (1337b24), closes #5722 - cloudwatch-actions: add ssm opsitem action for cloudwatch alarm (#16923) (9380885), closes #16861
- dynamodb: allow setting TableClass for a Table (#18719) (73a889e), closes #18718
- ec2: support KMS keys for block device mappings for both instances and launch templates (#18326) (17dbe5f), closes #18309
- ecr: add server-side encryption configuration (#16966) (c46acd5), closes #15400 #15571
- ecs: expose image name in container definition (#17793) (1947d7c)
- fsx: add support for FSx Lustre Persistent_2 deployment type (#18626) (6036d99)
- s3-deployment: deploy data with deploy-time values (#18659) (d40e332), closes #12903
- core: correctly reference versionless secure parameters (#18730) (9f6e10e), closes #18729
- ec2:
does not work in combination withuserDataCausesReplacement
(#18726) (afdc550), closes #12749 - tooling: update vscode devcontainer image (#18455) (28647f7)
- vpc: Vpc.fromLookup should throw if subnet group name tag is explicitly given and does not exist (#18714) (13e1c7f), closes #13962
- "chore(cloudfront): encryption and enforceSSL on distribution s3 loggingBucket (#18264)" (#18772) (121e4a1), closes #18271 / #18676
- "chore(ec2): enforceSSL on flowLog s3 bucket (#18271)" (#18770) (a2eb092), closes / #18676
2.10.0 (2022-01-29)
- assertions: support assertions on stack messages (#18521) (cb86e30), closes #18347
- aws-ecs-patterns: adding support for custom HealthCheck while creating QueueProcessingFargateService (#18219) (0ca81a1), closes #15636
- certificatemanager: DnsValidatedCertificate DNS record cleanup (#18311) (36d356d), closes #3333 #7063
- cfnspec: cloudformation spec v53.1.0 (#18588) (a283a48)
- cfnspec: cloudformation spec v53.1.0 (#18658) (2eda19e)
- cfnspec: cloudformation spec v53.1.0 (#18680) (f385059)
- cloudfront-origins: extend
maximum value forHttpOriginProps
(#18697) (e64de67), closes #18628 - ec2: session timeout and login banner for client vpn endpoint (#18590) (7294118)
- ecs: add
for use in CodePipeline (#18530) (3d192a9) - eks: cluster logging (#18112) (872277b), closes #4159
- lambda-nodejs: Allow setting mainFields for esbuild (#18569) (0e78aeb)
- s3: custom role for the bucket notifications handler (#17794) (43f232d), closes #9918 #13241
- aws-apigateway: cross region authorizer ref (#18444) (0e0a092)
- aws-lambda-nodejs: pre compilation with tsc is not being run (#18062) (7ac7221), closes #18002
- cli: hotswap should wait for lambda's
to complete (#18536) (0e08eeb), closes #18386 #18386 - elasticloadbalancingv2: ApplicationLoadBalancer.logAccessLogs does not grant all necessary permissions (#18558) (bde1795), closes #18367
- pipelines: undeployable due to dependency cycle (#18686) (009d689), closes #18492 #18673
- region-info: incorrect codedeploy service principals (#18505) (16db963)
- route53: add RoutingControlArn to HealthCheck patch (#18645) (c58e8bb), closes #18570
- s3: add missing safe actions to
methods (#18494) (940d043), closes #13616 - secretsmanager: SecretRotation for secret imported by name has incorrect permissions (#18567) (9ed263c), closes #18424
- stepfunctions: task token integration cannot be used with API Gateway (#18595) (678eede), closes #14184 #14181
- stepfunctions-tasks: cluster creation fails with unresolved release labels (#18288) (9940952)
2.9.0 (2022-01-26)
- assertions:
matcher (#18491) (b49b002) - assertions: support for conditions (#18577) (55ff1b2), closes #18560
- assertions: support for parameters (#18469) (d0d6fc5), closes #16720
- cfnspec: cloudformation spec v53.0.0 (#18468) (50637e0)
- cfnspec: cloudformation spec v53.0.0 (#18480) (38e1fe4)
- cfnspec: cloudformation spec v53.0.0 (#18524) (517d517)
- cfnspec: cloudformation spec v53.0.0 (#18551) (926310b)
- cli: support hotswapping Lambda functions that use Docker images (#18319) (6b553b7), closes #18302 #18408
- cli: support hotswapping Lambda functions with inline code (#18408) (d0b8512), closes #18319
- cognito: identity pools (#16190) (59fe395)
- ec2: add Hpc6a instances (#18445) (c7f39ca)
- ec2: add support for al2022 and amzn2 with kernel 5.x (#18117) (6b73d1d)
- ec2: create Peers via security group ids (#18248) (9d1b2c7), closes #7111
- opensearch: added opensearch 1.1 to engineversion (#18432) (e01a57a), closes #18431
- apigateway:
property ofApiKeyProps
is ignored (#18407) (c31f9b4) - applicationautoscaling: typo in
(#18085) (626e6aa), closes #17209 - assertions: object partiality is dropped passing through arrays (#18525) (eb29e6f)
- cli:
cdk watch
constantly prints 'messages suppressed' (#18486) (9b266f4), closes #18451 - cli: warning to upgrade to bootstrap version >= undefined (#18489) (da5a305)
- ec2: interface endpoints do not work with
(#18554) (f55cd2b), closes #17600 - ec2: launch template names in imdsv2 not unique across stacks (under feature flag) (#17766) (2a80e4b)
- ecs: only works in 'aws' partition (#18496) (525ac07), closes #18429
- ecs-patterns: Fix Network Load Balancer Port assignments in ECS Patterns (#18157) (1393729), closes #18073
- elbv2: BaseLoadBalancer.vpc is not optional (#18474) (f511c17), closes aws/jsii#3342
- pipelines: "Maximum schema version supported" error (#18404) (a684ff4), closes #18370
- pipelines: CodeBuild projects are hard to tell apart (#18492) (f6dab8d)
- pipelines: graphnode dependencies can have duplicates (#18450) (2b0b5ea)
- secretsmanager: Secret requires KMS key for some same-account access (#17812) (91f3539), closes #15450
2.8.0 (2022-01-13)
- aws-s3: support number of newer versions to retain in lifecycle policy (#18225) (e1731b1), closes #17996 #17996
- cli: watch streams resources' CloudWatch logs to the terminal (#18159) (a9038ae), closes #18122
- ecs-service-extensions: Enable default logging to CloudWatch for extensions (under feature flag) (#17817) (06666f4)
2.7.0 (2022-01-12)
- aws-ecs: support runtime platform property for create fargate windows runtime. (#17622) (fa8f2e2), closes #17242
- cli: diff now uses the lookup Role for new-style synthesis (#18277) (2256680)
- eks: cluster tagging (#4995) (#18109) (304f5b6)
- iam: generate AccessKeys (#18180) (beb5706), closes #8432
- lambda-event-sources: adds
to kafka (#17920) (93cd776) - lambda-nodejs: ES modules (#18346) (e23b63f), closes #13274
- s3: add EventBridge bucket notifications (#18150) (912aeda), closes #18076
- aws-lambda-event-sources: unsupported properties for SelfManagedKafkaEventSource and ManagedKafkaEventSource (#17965) (5ddaef4), closes #17934
- cli: assets are KMS-encrypted using wrong key (#18340) (64ae9f3), closes #17668 #18262
- cli: breaks due to faulty version of
(#18324) (43bf9ae) - cli: breaks due to faulty version of
(#18324) (ddc2bc6) - pipelines:
silently fails auth (#18313) (c2c87d9), closes / / #15737
2.6.0 (2022-01-12)
- appmesh: allow a Virtual Node have as a backend a Virtual Service whose provider is that Node (#18265) (272b6b1), closes #17322
2.5.0 (2022-01-09)
- aws-kinesis: remove default shard count when stream mode is on-demand and set default mode to provisioned (#18221) (cac11bb), closes #18139
- cli: breaks due to faulty version of
(#18324) (#18328) (b851bc3)
2.4.0 (2022-01-06)
- cfn2ts: some "complex" property types within the generated
CloudFormation interfaces (i.e: properties of
constructs) with names starting with a capital letterI
followed by another capital letter are no longer incorrectly treated as behavioral interfaces, and might hence have different usage patterns in non-TypeScript languages. Such interfaces were previously very difficult to use in non-TypeScript languages, and required convoluted workarounds, which can now be removed. - opensearchservice: imported domain property
used to containhttps://
prefix, now the prefix is dropped and it returns the same value as adomainEndpoint
on a created domain
- apigateway: Add stage ARN attribute (#18170) (be7acfd), closes /
- aws-autoscaling: Add support for termination policies (#17936) (9e6f977), closes #15654
- aws-ec2: add g4ad instance types (#17927) (8cb6a76), closes / #17565
- aws-kinesis: add support for data streams capacity modes (#18074) (b265e46), closes #18050
- aws-s3: Adding Intelligent Tiering to Bucket (#18013) (890c4c5), closes #16191
- backup: support continuous backup and point-in-time restores (#17602) (24c6ef5), closes #15922
- bootstrap: ECR
is now enabled by default (#17994) (7588b51) - cfnspec: add CloudFormation documentation to L1 classes (#18101) (0ed661d)
- cfnspec: cloudformation spec v51.0.0 (#18274) (c208e60)
- cli: add message when resource is hotswapped (#18058) (e828c22), closes #17778
- cli: hotswap deployments for CodeBuild projects (#18161) (4ae4df8)
- cli: show how long
cdk deploy
steps take (#18230) (82fa742), closes #18213 - cli: support for hotswapping Lambda Versions and Aliases (#18145) (13d77b7), closes #18058 #17043
- cli: support hotswapping Lambda function tags (#17818) (e4485f4), closes #17664
- cli: watch command now starts with a deployment (#18057) (ace37a2), closes #17776
- codecommit: allow initializing a Repository with contents (#17968) (54b6cc6), closes #17967 #16958
- codedeploy: loadbalancer support for imported Target Groups (#17848) (32f1c80), closes #9677
- codepipeline: add ability to not reuse cross-region support Stacks (#18043) (dcc9e59), closes #18018 #18018
- codepipeline: variables for CodeStar Connections source Action (#18086) (c99da16), closes #17807
- custom-resources: NoEcho for sensitive data in provider framework (#18097) (621a410)
- docdb: allow setting log retention (#18120) (002202f), closes #13191
- ec2: add Windows Server 2022 WindowsVersions (#18203) (dee732d), closes #18199
- efs: add support for transitioning files from infrequent access to primary storage (#16522) (65414c6)
- eks: imported kubectl provider for imported clusters (#14689) (19a287f), closes issue#12107
- eks: install helm chart from asset (#17217) (d3fc8c0), closes #13496 #15899 / #9273
- iam: session tagging (#17689) (9f22b2f), closes #15908 #16725 #2041 #1578
- pipelines: step dependencies (#18256) (e3359e0), closes #17945
- pipelines: support timeout in CodeBuildStep (#17351) (2aa3b8e)
- rds: Aurora clusters from snapshots (#17759) (e5259ee), closes #10936 #10130
- secretsmanager: create secrets with specified values (#18098) (dd90b8e), closes #5810
- sqs: add DLQ readonly property to Queue (#18232) (caa6788), closes #18083
- ssm: reference latest version of secure string parameters (#18187) (7d0680a), closes #17091
- acm: DnsValidatedCertificate intermittently fails with "Cannot read property 'Name' of undefined" (#18033) (2b6c2da), closes #8282
- apigateway: race condition between Stage and CfnAccount (#18011) (f11766e)
- cfn2ts: some property times have behavioral-interface names (#18275) (6359c12)
- cloudfront-origins: policy not added for custom OAI (#18192) (c894ba1), closes #18185
- codebuild: setting Cache.none() renders nothing in the template (#18194) (cd51a5d), closes #18165
- core:
throws an error (#18243) (df03df8), closes #18176 - core: overriding of
no longer has effect (#18116) (2290681), closes #17328 - eks: can't deploy with Bottlerocket amiType (#17775) (b7be71c), closes #17641 #17641
- eks: cannot customize alb controller repository and version (#18081) (e4256c8), closes #18054
- eks: the
of aKubernetesManifest
is not aCfnResource
(#18052) (ef8ab72) - events: event bus name only generated if no props passed (#18153) (9b81662), closes #18070
- lambda: imported Function still has region and account from its Stack, instead of its ARN (#18255) (01bbe4c), closes #18228
- logs: respect region when importing log group (#18215) (be909bc), closes #18214
- opensearchservice: imported domain's
is a url not an endpoint (#18027) (fd149b1), closes #18017 - pipelines: can't use exports from very long stack names (#18039) (465dabf), closes #17436
- rds: unable to use tokens as port in
(#17995) (0745193), closes #17948 - region-info: ssm service principal - fix more regions (#18135) (ed30c44), closes #16188
- region-info: ssm service principal is wrong in majority of regions (#17984) (77144f5), closes #16188 #17646
- route53: support multiple cross account DNS delegations (#17837) (76b5c0d), closes #17836
- ResponseURL is logged by S3Deployment (#18048) (ed19828)
2.3.0 (2021-12-22)
2.2.0 (2021-12-15)
- apigateway: add option to set the base path when adding a domain name to a Rest API (#17915) (9af5b4d)
- aws-applicationautoscaling: Allow autoscaling with "M out of N" datapoints (#17441) (c21320d), closes #17433
- aws-applicationautoscaling: enabling autoscaling for ElastiCache Redis cluster (#17919) (7f54ed6)
- aws-ecs: expose environment from containerDefinition (#17889) (4937cd0), closes #17867
- aws-s3: add support for BucketOwnerEnforced to S3 ObjectOwnershipType (#17961) (93fafc5), closes #17926
- cfnspec: cloudformation spec v50.0.0 (#17844) (cd3f24e), closes #17840 #17858
- cfnspec: cloudformation spec v51.0.0 (#17955) (c6b7a49), closes #17943
- cli: Hotswapping Support for S3 Bucket Deployments (#17638) (1df478b)
- ec2: add d3 and d3en instances (#17782) (8b52196), closes /
- ec2: add high memory instances u-6tb1, u-9tb1, u-12tb1, u-18tb1, and u-24tb1 (#17964) (5497525)
- ec2: add im4gn and is4gen instances (#17780) (e057c8f), closes /
- ec2: add vpcName property to the VPC (#17940) (794e7cd)
- ec2: propagate EC2 tags to volumes (#17840) (42cf186), closes / #17844
- lambda: add cloudwatch lambda insights arm support (#17665) (02749b4), closes #17133
- apigateway: dataTraceEnabled does not default to false (#17906) (cc3bb1f)
- appmesh: adding support with gateway route priority (#17694) (a61576f), closes #16821
- assets: remove the original-path metadata (#17901) (2b759ca), closes #17706
- aws-autoscaling: notificationTargetArn should be optional in LifecycleHook (#16187) (4e7a275), closes #14641
- aws-cdk-migration: Construct imports not rewritten (#17931) (f02fcb4), closes #17826
- aws-lambda-nodejs: use closest lockfile when autodetecting (#16629) (c4ecd96), closes #15847 40aws-cdk/aws-lambda-nodejs/lib/function.ts#L137-L139 /
- cli: asset publishing broken cross account (#18007) (2fc6895), closes #17668 #17988
- cli: hotswapping StateMachines with a name fails (#17892) (de67aae), closes #17716
- codepipeline: default cross-region S3 buckets allow public access (#17722) (0b80db5), closes #16411
- cognito: remove invalid SES region check (#17868) (450f7ca), closes #17795
- custom-resources: assumedRole from AwsCustomResource invocation leaked to next execution (#15776) (e138188), closes #15425
- iam: AWS Managed Policy ARNs are not deduped (#17623) (ed4a4b4), closes #17552
- logs: log retention fails with OperationAbortedException (#17688) (95b8da9), closes #17546
2.1.0 (2021-12-08)
- apigateway: step functions integration (#16827) (cb31547), closes #15081
- assertions: major improvements to the capture feature (#17713) (9a67ce7), closes #17009
- aws-s3-deployment: log retention option (#17779) (b60dc63)
- backup: enable WindowsVss Backup (#15934) (12fcb18), closes #14803 #14891
- cfnspec: cloudformation spec v49.0.0 (#17727) (7e0c9a3)
- cloudfront: Add support for response headers policy (#17359) (ea0acff), closes #17290
- cognito: user pool: adds custom sender (Email/SMS) lambda triggers (#17740) (7f45de4)
- core: add applyRemovalPolicy to IResource (#17746) (d64057f), closes #17728
- custom-resources: fixed Lambda function name (#17670) (5710fe5)
- docdb: implement audit and profiler logs (#17570) (4982aca), closes #17478
- ec2: add g5g instances (#17765) (1799f7e), closes /
- ec2: add m5zn instances (#17757) (845be10), closes /
- ec2: add m6a instances (#17764) (b06f120), closes /
- ec2: add mac1 instance (#17677) (88a5204), closes / 40aws-cdk/aws-ec2/lib/instance-types.ts#L573
- ec2: add r6i instances (#17663) (0138292), closes /
- ec2: add vt1 instances (#17756) (245c059), closes /
- ec2: explicit mapPublicIpOnLaunch configuration for public subnets (#17346) (a1685c6)
- ec2: extend BastionHostLinux to support CloudFormationInit (#17507) (c62377e)
- ecs-service-extensions: Auto scaling for Queue Extension (#17430) (df7b9b4)
- iam: support
for IAM groups (#17243) (29b379c) - lambda: function construct exposes configured timeout (#17594) (87fd60f)
- lambda-event-sources: sqs: support reportBatchItemFailures (#17733) (3623982), closes #17690
- rds: parameter group for replica instances (#17822) (b606a23), closes #17580
- s3: add GLACIER_IR storage class (#17829) (c291c44)
- s3: support Transfer Acceleration (#17636) (b432822), closes #12570
- secretsmanager: support secrets rotation in GovCloud (#17673) (a01678b), closes #14608
- stepfunctions-tasks: add 'Emr on Eks' tasks (#17103) (f2bf322), closes #15262 #15234
- aws-cdk:
cdk diff
always fails on diff (#17862) (6bb4a46), closes #4721 - aws-ec2: imported VPC subnets never recognized as PRIVATE_ISOLATED (#17496) (ba6a8ef)
- aws-elasticloadbalancingv2: Set stickiness.enabled unless target type is lambda (#17271) (168a98f), closes #17261
- cli: S3 asset uploads are rejected by commonly referenced encryption SCP (introduces bootstrap stack v9) (#17668) (8191f1f), closes #11265
- codepipeline: cannot trigger on all tags anymore in EcrSourceAction (#17270) (39fe11b), closes aws#13818 aws#13818
- codepipeline: cross-env pipeline cannot be created in
(#17730) (f17f29e), closes #17643 - core: bundling skipped with --exclusively option and stacks under stage (#17210) (cda6601), closes #12898 #15346
- docdb: secret rotation ignores excluded characters in password (#17609) (1fe2215), closes #17347 #17575
- dynamodb: add missing DynamoDB operations to enum (#17738) (f38e0ac)
- dynamodb: changing
fails deployment (#17842) (36b8fdb), closes #16983 - ecs-patterns: removeDefaultDesiredCount feature flag not expired properly (#17865) (7fb639a)
- lambda: recognizeVersionProps featureFlag not defaulting correctly (#17866) (f19fc39), closes #17810
- lambda-nodejs: bundling fails with a file dependency in
(#17851) (5737c33), closes #17830 - lambda-nodejs: bundling with
fails with paths containing spaces (#17632) (986f291), closes #17631 - pipelines: stack outputs used in stackSteps not recognized (#17311) (5e4a219), closes #17272
- stepfunctions: prefixes not appended to states in parallel branches (#17806) (a1da772), closes #17354
2.0.0 (2021-12-02)
- aws-cdk-lib is now stable! (fa2ecc9)
2.0.0-rc.33 (2021-11-26)
2.0.0-rc.32 (2021-11-25)
2.0.0-rc.31 (2021-11-23)
- assertions: support assertions over nested stacks (#16972) (bde44e7)
- aws-eks: support bottlerocket managed nodegroup (#17323) (2e6a1a9)
- cfnspec: cloudformation spec v48.0.0 (#17484) (6e8de96)
- cfnspec: cloudformation spec v49.0.0 (#17585) (d44d0e7)
- cfnspec: cloudformation spec v49.0.0 (#17621) (ce638b4)
- cognito: user pool: send emails using Amazon SES (#17117) (503720f), closes #6768
- docdb: add option to set the name of the generated Secret (#17574) (18c9ef7), closes #17572
- ec2: add G5 instances (#17499) (eed70a0), closes /
- ec2: add m5n and m5dn instance types (#17488) (df30d4f)
- ec2: lookup security group by name (#17246) (5bf0d07), closes #4241
- ec2: vpc endpoints for codeguru (#17498) (21c2d2b), closes #16788
- ecs: Add SystemControls to ContainerDefinition (#16970) (b12a2c6), closes #16025
- eks: ALB Controller (#17618) (1faf31d)
- rds: validate backup retention for read replica instances (#17569) (9b2158b), closes #17356
- warn users when deprecated elements are used (#17328) (3721358)
- eks: Allow passing of custom IAM role to Kube Ctl Lambda (#17196) (8fa293a)
- lambda: singleton function: access runtime, log group and configure layers and environment (#17372) (ec5b102)
- stepfunctions-tasks: Support
(#17376) (bc10e6f), closes #17375
- apigateway: SAM CLI asset metadata missing from SpecRestApi (#17293) (841cf99), closes #14593
- assets: add missing SAM asset metadata information (#17591) (55df760), closes #14593
- assets: SAM asset metadata missing from log retention and custom resource provider functions (#17551) (a90e959)
- autoscaling: add timezone property to Scheduled Action (#17330) (3154a58)
- aws-codebuild: add @aws-cdk/asserts to package deps (#17435) (9c77e94)
- aws-ecs: check for invalid capacityProviderName (#17291) (6e2fde4), closes #17321
- aws-lambda-event-sources:
fails forManagedKafkaEventSource
typed parameters (#17490) (a474ee8) - aws-logs: include new
exports inindex.ts
exports (#17403) (a391468) - cli: improve asset publishing times by up to 30% (#17409) (40d6a48), closes #17266
- cli: skip bundling for the 'watch' command (#17455) (af61b7f), closes #17391
- cloudwatch: render agnostic alarms in legacy style (#17538) (7c50ef8)
- ec2: Duplicate EIP when NatGatewayProps.eipAllocationIds is provided (#17235) (050f6fa)
- eks: Allow specifying subnets in Pinger (#17429) (6acee52)
- kinesis: add required rights to trigger Lambda from Kinesis. Fixes issue #17312. (#17358) (0bfc15c)
- lambda: SAM CLI asset metadata missing from image Functions (#17368) (f52d9bf)
- NestedStack: add asset metadata to NestedStack resources for local tooling (#17343) (4ba40dc)
- opensearch: correctly validate ebs configuration against instance types (#16911) (34af598), closes #11898
- s3-deployment: updating memoryLimit or vpc results in stack update failure (#17530) (2ba40d1), closes #7128
- sns-subscriptions: enable cross region subscriptions to sqs and lambda (#17273) (3cd8d48), closes #7044 #13707
- ssm: fix service principals for all regions since ap-east-1 (#17047) (5900548), closes #16188
2.0.0-rc.30 (2021-11-17)
2.0.0-rc.29 (2021-11-10)
2.0.0-rc.28 (2021-11-09)
- stepfunctions-tasks: add
(#16976) (27ad7d8) - the assertions module is now stable! (#17395) (ede5e22)
- aws-route53-targets: Support for Elastic Beanstalk environment URLs (#16305) (bc07cb0)
- certificatemanager: requesting private certificates issued by Private Certificate Authority (#16315) (e26f5be), closes #10076
- cfnspec: cloudformation spec v46.0.0 (#17223) (d9f7b58)
- cfnspec: cloudformation spec v46.0.0 (#17334) (e0f1180)
- cfnspec: cloudformation spec v47.0.0 (#17350) (ea71b4e), closes #17290 #17223
- cfnspec: cloudformation spec v47.0.0 (#17353) (7886607)
- cfnspec: cloudformation spec v47.0.0 (#17392) (7100d43)
- cli: added
field to cdk.json (#17176) (57ad1e0) - cli: deployment progress shows stack name (#16604) (322cf10)
- cli: introduce the 'watch' command (#17240) (0adc8b7)
- codebuild: add fromEcrRepository to LinuxGpuBuildImage (#17170) (7585680), closes #16500
- codepipeline: add construct for registering custom Actions (#17041) (c66ac89), closes #17039
- core: Docker tags can be prefixed (#17028) (d298696)
- core: subtract Durations (#16734) (7a333b0), closes #16535
- docdb: add the ability to exclude characters when generating passwords (#17262) (135f7d3), closes #15732
- ec2: add c5ad instances (#16428) (0318253)
- ec2: add c6i instances (#17237) (25cea18), closes /
- ec2: include p4d instance class (#17147) (6e13adc)
- ec2: VPC endpoint for AWS Xray (#16788) (c24af54), closes #16306
- ecs-service-extensions: Target tracking policies for Service Extensions (#17101) (6420b18)
- eks: expose FargateCluster's defaultProfile (#17130) (e461601), closes #16149
- events: DLQ support for EventBus target (#16383) (dbb3f25), closes #15954
- lambda-nodejs: add sourcesContent in BundlingOptions (#17280) (ea56e69), closes #17256
- lambda-nodejs: custom asset hash (#16412) (90da730), closes #16157
- lambda-nodejs: esbuild charset option (#16726) (56033a2), closes #16668
- lambda-nodejs: typescript emitDecoratorMetadata support (#16543) (55d3c50), closes #13767
- logs: add support for cloudwatch logs resource policy (#17015) (e9a461d), closes #5343 aws-cdk/aws-elasticsearch/lib/log-group-resource-policy.ts#L25 aws-cdk/aws-events-targets/lib/log-group-resource-policy.ts#L26 aws-cdk/aws-events-targets/lib/log-group-resource-policy.ts#L26 #5343
- rds: support backtrackWindow in DatabaseCluster (#17160) (fcd17e9), closes #9369 #9369
- sns: addSubscription returns the created Subscription (#16785) (62f389e)
- cli:
wmic not found
on modern Windows systems (#17070) (332ce4d), closes #16419 - cli: cdk ls --long outputs less-friendly stack IDs for nested assemblies (#17263) (864c50e), closes #14379
- cli: downgrade bootstrap stack error message needs a hint for new-style synthesis (#16237) (e55301b)
- codecommit: notifyOnPullRequestMerged method has a typo in its name (#17348) (cac5726)
- opensearch: domain doesn't handle tokens in capacity configuration (#17131) (2627939), closes #15014
- java and python templates are broken (#17357) (5f6d550)
- aws-eks: proxy support and allow assigning a security group to all cluster handler functions (#17200) (7bbd10d), closes 40aws-cdk/aws-eks/lib/cluster-resource-provider.ts#L69-L96 / 40aws-cdk/aws-eks/lib/cluster-resource-handler/index.ts#L48 40aws-cdk/aws-eks/lib/cluster-resource-handler/common.ts#L59 40aws-cdk/aws-eks/lib/cluster-resource-handler/cluster.ts#L56 40aws-cdk/aws-eks/lib/cluster-resource-handler/cluster.ts#L196 40aws-cdk/aws-eks/lib/cluster-resource-handler/cluster.ts#L198 40aws-cdk/aws-eks/lib/kubectl-provider.ts#L83
- cli: no longer disable rollback by default for hotswap deployments (#17317) (e32b616), closes #17267
- cognito: ambiguous error message when same trigger is added twice (#16917) (4ae78b0)
- core: SecretValue.secretsManager fails for tokenized secret-id (#16230) (5831456), closes #16166
- custom-resources: invalid service name leads to unhelpful error message (#16718) (354686b), closes #7312
- ec2: functions addIngressRule and addEgressRule detect unresolved tokens as duplicates (#17221) (d4952c3), closes #17201
- elasticloadbalancingv2: always set stickiness (#17111) (0a23953), closes #16620
- lambda-event-sources: dynamo batch size cannot be a CfnParameter (#16540) (56974ac), closes #16221
- lambda-nodejs: yarn berry goes into immutable mode in CI (#17086) (cc8dd69), closes #17082
- logs: Apply tags to log retention Lambda (#17029) (a6aaa64), closes #15032
- pipelines:
not working (#17279) (9e81dc7), closes #17224 - s3: enforce that fromBucketAttributes supplies a valid bucket name (#16915) (30ac0cc)
2.0.0-rc.27 (2021-10-27)
- cloudfront: add amplify managed cache policy (#16880) (8d0c555)
- ec2: add region parameter for UserData via addS3DownloadCommand (#16667) (691d377), closes #8287
- ec2: add vpcArn to IVpc and Vpc (#16666) (7b31376), closes #16493
- ec2: add X2g instances (for RDS) (#17081) (443a23e), closes / #16948
- ec2: look up VPC from different regions (#16728) (f1e244b), closes #10208
- route53: Expose VpcEndpointServiceDomainName domain name as a property (#16458) (e063fbd)
- rds: using both Instance imports & exports for Postgres fails deployment (#17060) (ab627c6), closes #16757
2.0.0-rc.26 (2021-10-25)
2.0.0-rc.25 (2021-10-22)
- aws-autoscaling: add flag and aspect to require imdsv2 (#16052) (ef7e20d)
- codebuild: add support for small ARM machine type (#16635) (55fbc86), closes #16633
- codepipeline: add support for string user parameters to the Lambda invoke action (#16946) (e19ea31), closes #16776
- dynamodb: add option to skip waiting for global replication to finish (#16983) (254601f), closes #16611
- ec2: add aspect to require imdsv2 (#16051) (0947b21)
- eks: configure serviceIpv4Cidr on the cluster (#16957) (72102c7), closes / #16541
- events: Add DLQ support for SQS target (#16916) (7fda903), closes #16417
- stepfunctions-tasks: add
property toSageMakerCreateTrainingJobProps
(#16792) (69ac520), closes #16779
- cfn-diff: correctly handle Date strings in diff (#16591) (86f2714), closes #16444
- core: asset hash is different between linux and windows (#16945) (59950dd), closes #14555 #16928
- custom-resources: Role Session Name can exceed maximum size (#16680) (3617b70)
- ecs: imported services don't have account & region set correctly (#16997) (dc6f743), closes #11199 #11199 #15944
- ecs-patterns: minScalingCapacity cannot be set to 0 (#16961) (589f284), closes #15632 #14336
- events: PhysicalName.GENERATE_IF_NEEDED does not work for EventBus (#17008) (707fa00), closes #14337
- lambda: docker image function fails when insightsVersion is specified (#16781) (d0e15cc), closes #16642
- lambda-layer-node-proxy-agent: Replace use of package.json with Dockerfile command
npm install [package]@[version]
(#17078) (a129046) - opensearch: add validation to domainName property (#17017) (3ec6832), closes #17016
- pipelines:
fails for deep directory (#17074) (403d3ce), closes #16936 - ssm: StringParameter accepts ParameterType.AWS_EC2_IMAGE_ID as type (#16884) (2b353be), closes #16806
2.0.0-rc.24 (2021-10-13)
- aws-chatbot: allow adding a sns topic in existing SlackChannel (#16643) (d29a20b), closes #15588
- aws-ec2: userdata cfn-signal signal resource which is different than the attached resource (#16264) (f24a1ae)
- backup: expose method to add statements to the vault policy (#16597) (3ff1537)
- backup: option to prevent recovery point deletions (#16282) (6e71806)
- cfnspec: cloudformation spec v41.1.0 (#16472) (28875f9)
- cfnspec: cloudformation spec v41.1.0 (#16524) (124a7a1)
- cfnspec: cloudformation spec v41.2.0 (#16550) (e047bd8)
- cfnspec: cloudformation spec v42.0.0 (#16639) (2157acd)
- cfnspec: cloudformation spec v43.0.0 (#16748) (7c473a6)
- cfnspec: cloudformation spec v43.0.0 (#16820) (071756c)
- cfnspec: cloudformation spec v43.0.0 (#16842) (ebb211b)
- cli: hotswap deployments for ECS Services (#16864) (ad7288f)
- cli: hotswap deployments for StepFunctions State Machines (#16489) (c3417f6)
- cloudfront: support Behavior-specific viewer protocol policy for CloudFrontWebDistribution (#16389) (5c028c5), closes #7086
- cloudwatch: support cross-environment search expressions (#16539) (c165138), closes #9039
- config: EC2_INSTANCE_PROFILE_ATTACHED managed rule (#16011) (816a319)
- ec2: add X2gd instances (#16810) (6d468d2), closes #16794
- ec2/ecs:
properties for machine images (#16021) (430f50a), closes #12484 - ecr-assets: control docker image asset hash (#16070) (13f67e7), closes #15936
- ecs-service-extensions: Publish Extension (#16326) (c6c5941)
- eks:
on imported clusters (#14650) (7f7be08) - eks: add warning to fargateProfile (#16631) (41fdebb), closes #16349
- elbv2: support ALB target for NLB (#16687) (27cc821), closes #16679
- lambda: configure workdir for docker image based functions (#16111) (b3eafc2)
- lambda: docker platform for architecture (#16858) (5c258a3)
- lambda: support for ARM architecture (b3ba35e)
- lambda: support for ARM architecture (#16719) (67b4921)
- lambda: use bundling docker image from ECR public for dotnet and go runtimes (#16281) (9bbfd18)
- lambda-event-sources: self managed kafka: support sasl/plain authentication (#16712) (d4ad93f)
- opensearch: rebrand Elasticsearch as OpenSearch (e6c4ca5), closes aws/aws-cdk#16467
- opensearch: rebrand Elasticsearch as OpenSearch (#16517) (fad855e)
- pipeline: allow enabling KMS key rotation for cross-region Stacks (#16468) (2a629dd), closes #14381
- pipelines: stack-level steps (#16215) (d499c85), closes #16148
- rds: region replication for generated secrets (#16497) (1e9d8be), closes #16480
- s3-deployment: enable efs support for handling large files in lambda (#15220) (2737119)
- sns: adding support for firehose subscription protocol (#15764) (18aff6b)
- stepfunctions-tasks: add step concurrency level to EmrCreateCluster (#15242) (1deea90), closes #15223
- stepfunctions-tasks: AWS SDK service integrations (#16746) (ae840ff), closes #16780
- allow stale bot trigger manually (#16586) (fc8cfee)
- stepfunctions-tasks: support Associate Workflow Executions on StepFunctionsStartExecution via associateWithParent property (#16475) (7d3b90b), closes #14778
- use to fix shinkwrap resolves (#16607) (8f91531)
- assets: run executable command of container assets in cloud assembly root directory (#16094) (c2852c9), closes #15721
- autoscaling: EbsDeviceVolumeType.IO2 is not a valid CloudFormation value (#16028) (492d33b), closes #16027
- aws-ecs: add ASG capacity via Capacity Provider by not specifying machineImageType (#16361) (93b3fdc), closes #16360
- aws-eks: Support for http proxy in EKS onEvent lambda (#16609) (cf22280), closes /
- aws-eks: support http proxy in EKS onEvent lambda (#16657) (87c9570), closes / / /
- cli: 'deploy' and 'diff' silently does nothing when given unknown stack name (#16150) (74776f3), closes #15866
- cli: progress bar overshoots count by 1 for stack updates (#16168) (0c8ecb8)
- cloudformation-diff: cdk diff not picking up differences if old/new value is in format n.n.n (#16050) (38426c9), closes #15935
- cloudfront: EdgeFunctions cannot be created when IDs contain spaces (#16845) (b0752c5), closes #16832
- cloudwatch: alarms with accountId fails in regions that don't support cross-account alarms (#16875) (54472a0), closes #16874
- cloudwatch: cross account alarms does not support math expressions (#16333) (1ffd897), closes #16331
- codebuild: add build image AMAZON_LINUX_2_ARM_2 (#16931) (370cb31), closes #16930
- config: add SourceAccount condition to Lambda permission (#16617) (cfcaf45)
- config: the IGW mapping to correct resource type (#16464) (23d9b6a), closes #16463
- core: asset hash of symlinked dir is wrong (#16429) (36ff738)
- ec2: set proper role for --role argument of cfn-init (#16503) (cdbd65d), closes #16501
- elasticloadbalancingv2: Incorrect validation on
(#16445) (140892a) - iam:
does not work for ARNs that include a path (#16269) (5c69c94), closes 40aws-cdk/aws-iam/lib/role.ts#L191-L194 #16256 - iam: not possible to represent
Principal: *
(#16843) (6829a2a) - lambda: currentVersion fails when architecture specified (#16849) (8a0d369), closes #16814
- revert: "fix: CDK does not honor NO_PROXY settings (#16751)" (#16761) (eda7e84), closes /
- route53-targets: ApiGateway does not accept RestApiBase (#16610) (20071bb), closes #16227
- s3: auto-delete fails when bucket has been deleted manually (#16645) (7b4fa72), closes #16619
- s3: setting
empties the bucket (#16756) (21836f2), closes #16603 - CDK does not honor NO_PROXY settings (#16751) (ceab036), closes #7121
- correct package names in support scripts (ebfd5f2)
- remove invalid entry from stale issue bot config (#16587) (5461859)
- set ROSETTA_MAX_WORKER_COUNT in (#16738) (5d06641)
- iam: permissions boundary aspect doesn't always recognize roles (#16154) (c8bfcf6)
- logs: log retention fails with OperationAbortedException (#16083) (3e9f04d), closes aws#15709
- sns: cannot use numeric filter policy with 0 values (#16551) (62b6762), closes #16549
- SSM API docs: Typo
and note how SecureStrings cannot be created via CDK (#16228) (950e875)
2.0.0-rc.23 (2021-09-22)
2.0.0-rc.22 (2021-09-15)
2.0.0-rc.21 (2021-09-08)
- aws-cloudfront-origins: add custom headers to S3Origin (#16161) (f42b233), closes #16160
- cfnspec: cloudformation spec v40.1.0 (#16254) (fe81be7)
- cli: hotswap deployments (#15748) (6e55c95)
- cli: support
flag (#16293) (d763d90), closes #16289 - codecommit: make Repository a source for CodeStar Notifications (#15739) (ae34d4a)
- core: normalize line endings in asset hash calculation (#16276) (01bf6e2)
- ec2: add m6i instances (#16081) (a42a1ea)
- ecs: add support for Fargate PV1.4 ephemeral storage (#15440) (f1bf935), closes #14570
- ecs-patterns: add capacity provider strategies to queue processing service pattern (#15684) (f40e8d6), closes #14781
- ecs-patterns: Allow configuration of SSL policy for listeners created by ECS patterns (#15210) (2c3d21e), closes #11841 #8816
- ecs-service-extensions: Subscribe Extension (#16049) (66baca5)
- rds: support 's3export' for Postgres database instances (#16124) (1d54a45), closes #14546 #10370 #14546
- stepfunctions-tasks: await the eval so async ops can be passed to tasks.EvaluateExpression (#16290) (174b066)
- stepfunctions-tasks: support allocation strategies in EMR CreateCluster (#16296) (5a5da57), closes #16252
- aws-rds: fromDatabaseInstanceAttributes incorrectly stringifies ports with tokens (#16286) (41b831a), closes #11813
- core: allow asset bundling when selinux is enabled (#15742) (dbfebb4)
- core: inconsistent analytics string across operating systems (#16300) (ff6082c), closes #15322
- docs: unnecessary log group in Step Functions state machine x-ray example (#16159) (04d4547)
- elasticloadbalancingv2: target group health check does not validate interval versus timeout (#16107) (a85ad39), closes #3703
- s3: bucket is not emptied before update when the name changes (#16203) (b1d69d7), closes #14011
2.0.0-rc.20 (2021-09-01)
- cloudwatch: add support for cross-account alarms (#16007) (e547ba0), closes #15959
- cognito: user pools - device tracking (#16055) (64019bb), closes #15013
- docdb: cluster - deletion protection (#15216) (0f7beb2)
- lambda: nodejs14.x supports inline code (#16131) (305f683)
- (aws-ec2): fix vpc endpoint incorrect issue in China region (#16139) (0d0db38), closes #9864
- resourcegroups: ResourceGroup not using TagType.STANDARD, causes deploy failure (#16211) (cdee1af), closes #12986
- sqs: unable to import a FIFO queue when the queue ARN is a token (#15976) (a1a65bc), closes #12466
- ssm: StringParameter.fromStringParameterAttributes cannot accept version as a numeric Token (#16048) (eb54cd4), closes #11913
2.0.0-rc.19 (2021-08-25)
- assets: exclude "cdk.out" from docker assets (#16034) (84a831a), closes #14841 #14841 #14842
- aws-stepfunctions: add support to heartbeat error inside catch block (#16078) (2372b3c), closes #16084
- cfnspec: cloudformation spec v39.10.0 (#16114) (7e0ad5d)
- cfnspec: cloudformation spec v40.0.0 (#16183) (b059124)
- ecs: add support for Bottlerocket on ARM64 (#15454) (cd280a8), closes #14466
- s3-deployment: exclude and include filters (#16054) (d42e89e), closes #14362 #14362
- KubectlHandler - insecure kubeconfig warning (#16063) (82dd282), closes #14560
- cfnspec: changes to resource-level documentation not supported (#16170) (82e4b4f)
- cli: 'deploy' and 'diff' silently does nothing when given unknown stack name (#16073) (f35b032), closes #15866
- cli: Python init template does not work in directory with '-' (#15939) (3b2c790), closes #15938
- cli: unknown command pytest in build container fails integration tests (#16134) (0f7c0b4), closes #15939
- ec2: opaque error when insufficient NAT EIPs are configured (#16040) (a308cac), closes #16039
- events: cross-account event targets that have a Role are broken (#15717) (f570c94), closes #15639
- s3-deployment: BucketDeployment doesn't validate that distribution paths start with "/" (#15865) (f8d8795), closes #9317
- ses: drop spam rule appears in the incorrect order (#16146) (677fedc), closes #16091
- cli: 'deploy' and 'diff' silently does nothing when given unknown stack name (#16125) (f2d77d3), closes aws/aws-cdk#16073
2.0.0-rc.18 (2021-08-18)
- aws-apigateway: import existing usage plan (#15771) (97fc290), closes #12677
- aws-elbv2: ALB target group routing algorithms (#15622) (6b32b2f), closes #15160
- cfnspec: cloudformation spec v39.9.0 (#15987) (e0d6181)
- cognito: add support for token revocation in UserPoolClient (#15317) (8cb0e97), closes #15126
- pipelines: add
(#15627) (04b8d40)
- core: asset bundling fails for non-existent user (#15313) (bf5882f), closes #15415 #15415
- ec2: "clientVpnEndoint" => "clientVpnEndpoint" (#14902) (c3b872a), closes #13810
- pipelines: repos with dashes cannot be used as additionalInputs (#16017) (400a59d), closes #15753
2.0.0-rc.17 (2021-08-11)
- aws-cloudfront: add enabled to web distribution (#15433) (7ad9348)
- aws-ec2: Add SubnetFilter for Id and CIDR netmask (#15373) (407b02d), closes #15228
- cfnspec: cloudformation spec v39.7.0 (#15719) (2c4ef01)
- cfnspec: cloudformation spec v39.7.0 (#15796) (dbe4641)
- cfnspec: cloudformation spec v39.8.0 (#15885) (60e6b41)
- cloudfront: Origin Shield support (#15453) (08ebbae), closes #12872 /
- cloudfront: use TLS_V1_2_2021 SecurityPolicy as default version (under feature flag) (#15477) (7b64abf)
- codebuild: add support for setting a BuildEnvironment Certificate (#15738) (76fb481), closes #15701
- core: lazy mappings will only synthesize if keys are unresolved (#15617) (32ed229)
- ec2: Add Transcribe interface endpoint (#15465) (929d6ae)
- eks: support Kubernetes 1.21 (#15774) (83dd318), closes #15758
- lambda: cloudwatch lambda insights (#15439) (9efd800)
- pipelines: CDK Pipelines is now Generally Available (#15667) (2e4cfae)
- Route53: add support for RemovalPolicy in CrossAccountZoneDelegationRecord (#15782) (9eea4b8), closes #15211
- s3-deployment: control object access (#15730) (f58cf3c)
- stepfunctions: allow intrinsic functions for json path (#15320) (d9285cb)
- stepfunctions-tasks: add sns publish with message attributes (#14817) (bc99e82), closes #4702
- aws-cloudwatch: unable to use generic extended statistics for cloudwatch alarms (#15720) (f593311)
- aws-eks: Allow desiredsize minsize and maxsize to accept CfnParameters. (#15487) (fb43769)
- chatbot: ARN validation in fromSlackChannelConfigurationArn fails for tokenized values (#15849) (440ca35), closes #15842
- cli: move fail option into the diff command (#15829) (473c1d8)
- ec2: volumename doesn't set name of volume (#15832) (b842702), closes #15831
- elasticsearch: advancedOptions in domain has no effect (#15330) (81cbfec), closes #14067
- elasticsearch: slow logs incorrectly disabled for Elasticsearch versions lower than 5.1 (#15714) (91cf79b), closes #15532 #15532
- elbv2: unresolved listener priority throws error (#15804) (fce9ac7)
- pipelines: new pipeline stages aren't validated (#15665) (309b9b4)
- pipelines: permissions check in legacy API does not work (#15660) (5e3cf2b)
- pipelines: Prepare stage doesn't have AUTO_EXPAND capability (#15819) (a6fac49), closes #15711
- pipelines: Secrets Manager permissions not added to asset projects (#15718) (7668400), closes #15628
- s3: notifications are broken in some regions (#15884) (ee19196)
- stepfunctions: non-object arguments to recurseObject are incorrectly treated as objects (#14631) (e133bca), closes #12935 aws-cdk/aws-stepfunctions/lib/input.ts#L65
- stepfunctions-tasks: instance type cannot be provided to SageMakerCreateTransformJob as input path (#15726) (6f2384d)
- stepfunctions-tasks: Stage field not included in CallApiGatewayHttpApiEndpoint task definition (#15755) (4f38fe1), closes #14242
2.0.0-rc.16 (2021-08-04)
2.0.0-rc.15 (2021-07-28)
- lambda-nodejs: source map mode (#15621) (b934976), closes #14857
- rds: allow setting copyTagsToSnapshot on Clusters (#15553) (f7c6289), closes #15521
2.0.0-rc.14 (2021-07-21)
2.0.0-rc.13 (2021-07-20)
2.0.0-rc.12 (2021-07-14)
- appmesh: static methods from
have been changed to accept positional arguments - appmesh: the type
has been renamed toListenerTlsOptions
- apigateway: disable execute api endpoint (#14526) (b3a7d5b)
- aws-backup: Add arn attribute and grant method to backup vault (#14997) (04c0a07), closes #14996
- cdk-assets: externally-configured Docker credentials (#15290) (e530195), closes #10999 #11774
- cfnspec: cloudformation spec v38.0.0 (#15044) (271d948)
- cfnspec: cloudformation spec v38.0.0 (#15044) (632d518)
- cfnspec: cloudformation spec v39.1.0 (#15144) (abc457e)
- cfnspec: cloudformation spec v39.3.0 (#15311) (94eb3a8)
- cli: read outputs-file parameter from cdk.json (#15095) (9e933ca), closes #14307
- cloudfront: add fromFile for CF functions (#14980) (31c9338), closes #14967
- cloudwatch: use
instead ofany
for cloudwatch dimension values (#15097) (dc3cf13), closes #14978 - codepipeline: allow granting manual approval permissions (#15102) (b2037d3)
- codestarnotifications: new L2 constructs (#10833) (645ebe1), closes #9680
- core: allow user to provide docker --security-opt when bundling (#14682) (a418ea6)
- core: Support platform flag during asset build (#14908) (0189a9a)
- dynamodb: allow using Kinesis stream in Table (#15199) (7bc6c6e), closes #14534
- dynamodb: exposes schema method to return partition and sort key of table or secondary indexes (#15111) (1137eb7), closes #7680
- ecs-patterns: Add ability to configure VisibilityTimeout on QueueProcessing service pattern (#15052) (350d783)
- ecs-patterns: allow specifying security groups on ScheduledTask pattern (#15096) (6bdf1c0), closes #5213 #14220
- ecs-patterns: expose task target on ScheduledTask pattern (#15127) (c31c59a), closes #14971 #14953 #12609
- eks: taints for managed node groups (#14792) (0556e6b)
- events: allows importing event bus from name (#15087) (e39b6c5), closes #14072
- lambda-event-sources: streams - report batch item failures (#14458) (3d4a13e), closes #12654
- logs: make the addition of permissions to Lambda functions optional (#14222) (0c50ec9), closes #14198
- migration: add constructs migration to rewrite script (#14916) (37a4c8d)
- s3: notifications to existing buckets (#15158) (7d218c2), closes #2004
- secretsmanager: Allow cross account grant (#14834) (ea40cfe)
- secretsmanager: automatically grant permissions to rotation Lambda (#14882) (ad283b6)
- cloudformation spec v39.1.0 (af74354)
- sns: add sns service trust to keys for encrypted queue subscriptions (#14960) (ccc2e30), closes #2504
- sqs: add support for high throughput fifo (#15202) (d0c9602), closes #15063
- aws-elasticloadbalancingv2: cannot clear access logging bucket prefix (#15149) (2e93fb9), closes #14044
- aws-iam: prevent adding duplicate resources and actions (#14712) (a8298cb), closes #13611
- bootstrap:
could directly access buckets in target account (#15192) (d04e288), closes #12985 #14082 #13422 - cdk-assets: content type not correctly set when publishing files (#15069) (9b1a4f9)
- cfn-include: NestedStack's Parameters are not converted to strings (#15098) (8ad33b8), closes #15092
- cli:
cdk synth
too eager with validation in Pipelines (#15147) (ae98e88), closes #14613 #15130 - cli: cdk synth doesn't output yaml for stacks with dependency stacks (#14805) (44feee6), closes #3721
- cli: deployment error traceback overwritten by progress bar (#14812) (d4a0af1), closes #14780
- cli: HTTP timeout is too low for some asset uploads (#13575) (23c58d6), closes #13183
- cli: option
selects stacks in nested assemblies (#15046) (0d00e50) - cli: partition is not being resolved at missing value lookup (#15146) (cc7191e), closes #15119
- cli: stack glob patterns only select one stack (#15071) (fcd2a6e)
- cloudfront: cannot set header including 'authorization' in OriginRequestPolicy (#15327) (3a2f642), closes #15286
- codebuild: Project's Role has permissions to the entire Bucket when using S3 as the source (#15112) (9d01b4f)
- codebuild: Secret env variable as token from another account fails on Key decryption (#14483) (91e80d7), closes #14477
- codepipeline-actions: reduce S3SourceAction role permissions to just the key (#15304) (d2c76aa), closes #15112
- core:
1 hour
renders as60 minutes
(#15125) (adcd8c3) - core: CloudFormation dynamic references can't be assigned to num… (#14913) (39aacc8), closes #14824
- core: parsing an ARN with a slash after a colon in the resource part fails (#15166) (16b8a4e), closes /
- ecs: TagParameterContainerImage cannot be used across accounts (#15073) (486f2e5), closes #15070
- eks: kubectl version 1.21.0 breaks object pruning (#15314) (623689d), closes #15072
- eks: kubectl version 1.21.0 breaks object pruning (#15314) (74da5c1), closes #15072
- elasticsearch: Domain.fromDomainAttributes gives "Invalid URL" when endpoint is a token (#15219) (ecb5af8), closes #15188
- lambda: deployment failure when layers are added to container functions (#15037) (8127cf2), closes #14143
- lambda-event-sources: kafka event source expects credentials even when accessed via vpc (#14804) (5eb1e75)
- lambda-nodejs: unstable asset hashes with bundling.nodeModules (#15229) (4b5418c), closes #15023
- secretsmanager: support secrets rotation in partition 'aws-cn' (#14608) (5061a8d), closes #13385
- stepfunctions-tasks: checking for task token in EcsRunTask containerOverrides causes memory explosion (#15187) (af53798), closes #15124
- stepfunctions-tasks: EcsRunTask containerOverrides throws if container name doesn't match construct ID (#15190) (5f59787), closes #15171
- stepfunctions-tasks: instance type for SageMakerCreateTrainingJob cannot be specified dynamically through JSONPath (#15215) (9280d95), closes #11928
2.0.0-rc.11 (2021-07-07)
2.0.0-rc.10 (2021-06-30)
2.0.0-rc.9 (2021-06-23)
2.0.0-rc.8 (2021-06-16)
- ecs-patterns: Add Load Balancer name to ApplicationLoadBalancedFargateService props (#14831) (c432fb4)
- ecs-patterns: Add support for Docker labels to ECS Patterns (#14783) (00c11b5)
- ecs: Can't enable both Fargate and ASG capacity providers on ECS Cluster (#15012) (6b2d0e0), closes #14730
2.0.0-rc.7 (2021-06-09)
- cfnspec:
property ofecr.CfnRepository
now acceptsscanOnPush
instead ofScanOnPush
(notice the casing change).
- appmesh: the creation property
has been renamed totlsClientPolicy
, and its type changed toTlsClientPolicy
- appmesh: to create
property must be defined.
- cfnspec: cloudformation spec v37.1.0 (#14951) (aee0f58)
- cli: new bootstrap supports cross-account lookups (#14874) (f66f4b8), closes #8905
- cloudfront: add L2 support for CloudFront functions (#14511) (40d2ff9)
- cognito: user pool - customize mfa message (#14241) (a12db62)
- custom-resources: support custom lambda role in provider framework (#12131) (bc01207), closes #12126
- ec2: Implement UserData methods in MultipartUserData (#14347) (d1b6ce4)
- ecs: Adding support for ECS Exec (#14670) (b35328c)
- eks: support Kubernetes 1.20 (#14758) (1956ef6), closes #14756
- elb: set accessLoggingPolicy property with L2 LoadBalancer (#14983) (252dfa2), closes #14972
- events: support embedded string variables (#13487) (a5d27aa), closes #9191 #9191
- kms: introduce
method (#14859) (1ff5b9e), closes #9719 #14795 #14809 - route-53: add ability to create DS Records (#14726) (f0c9726)
- Parameterize bootstrap stack version (#14626) (a37108c)
- route53-targets: route53 record target (#14820) (b22da80), closes #14800
- s3: support ExpiredObjectDeleteMarker (#14970) (f932e0f), closes #14752
- cli: cross account docker image assets upload no longer works (#14816) (14fbb11), closes #14815
- cli: image publishing role doesn't have docker pull permissions (#14662) (beaffa9), closes #14656
- core: property overrides fail for references (#15018) (ebac8bc)
- docs: fixed typos in documentation (#14760) (ced9b38)
- ec2: add missing entry for XLARGE3 (#14750) (af6d49f)
- elasticsearch: 'r6gd' not marked as supported type for instance storage (#14894) (d07a49f), closes #14773
- events: AwsApi warns if service does not exist (#13352) (3bad98f), closes #13090
- lambda-nodejs: cannot bundle locally when consuming a node module with a NodejsFunction (#14914) (52da59c), closes #14739
- lambda-nodejs: pnpm exec command (#14954) (df16d40), closes #14757 #14772
- s3:
had redundantGetObject*
permissions (#14573) (f9be15d), closes #14572 - stepfunctions: repeated object references not allowed even if not a circular reference (#14628) (486990f), closes #14596
2.0.0-rc.6 (2021-06-02)
2.0.0-rc.5 (2021-05-28)
- appmesh: the creation property
has been renamed totls
, and its type changed toTlsListener
- appmesh: the
property has been removed from the options when creating aTlsCertificate
, moved to the newTlsListener
interface, and renamedmode
- lambda-nodejs: using
now requiresesbuild
>= 0.9.0
- dynamodb: add ability to enable contributor insights on Table (#14742) (3c7a89d)
- allow taskRole to be passed in on creation of an ECS service (3e257a0)
- cfnspec: cloudformation spec v36.0.0 (#14791) (3a9f56d)
- cfnspec: cloudformation spec v37.0.0 (#14873) (8bb4357)
- cloudwatch: GraphWidget supports period and statistic (#14679) (b240f6e)
- custom-resources: restrict output of AwsCustomResource to list of paths (#14041) (773ca8c), closes /
- lambda: support Principal conditions in Permission (#14674) (b78a1bb), closes #8116
- lambda-nodejs: pnpm support (#14772) (b02311c), closes #14757
- stepfunctions: Add support for ResultSelector (#14648) (50d486a), closes #9904
- cli: Updated typo user to uses (#14357) (7fe329c)
- cognito: user pool - phoneNumberVerified attribute fails deployment (#14699) (cd2589f), closes #14175
- core: cannot determine packaging when bundling that produces an archive is skipped (#14372) (163e812), closes #14369
- ecr: add validations for ECR repository names (#12613) (396dca9), closes #9877
- ecs: Classes FargateService and Ec2Service have no defaultChild (#14691) (348e11e), closes #14665
- events-targets: circular dependency when adding a KMS-encrypted SQS queue (#14638) (3063818), closes #11158
- iam: permissions boundaries not added to custom resource roles (#14754) (f36feb5), closes #13310
- lambda: changing reserved concurrency fails lambda version deployment (#14586) (f47d5cb), closes #11537
- lambda: unable to access SingletonFunction vpc connections (#14533) (49d18ab), closes #6261
- lambda-nodejs: banner and footer values not escaped (#14743) (81aa612), closes #13576
- lambda-nodejs: esbuild detection with Yarn 2 in PnP mode (#14739) (5c84696)
- rds: Add exception throw when az is defined for multi-az db instance (#14837) (fd8445f), closes #10949 #10949
2.0.0-rc.4 (2021-05-19)
fixes aws#11640
- cfnspec: cloudformation spec v35.2.0 (#14610) (799ce1a)
- cloudwatch: time range support for GraphWidget (#14659) (010a6b1), closes #4649
- cloudwatch: validate parameters for a metric dimensions (closes #3116) (#14365) (4a24d61)
- ecs: add support for EC2 Capacity Providers (#14386) (114f7cc)
- elbv2: preserveClientIp for NetworkTargetGroup (#14589) (d676ffc)
- kms: allow specifying key spec and key usage (#14478) (10ae1a9), closes #5639
- secretsmanager: Automatically grant permissions to rotation Lambda (#14471) (85e00fa)
- cli: synth fails if there was an error when synthesizing the stack (#14613) (71c61e8)
- lambda: custom resource fails to connect to efs filesystem (#14431) (10a633c)
- lambda-event-sources: incorrect documented defaults for stream types (#14562) (0ea24e9), closes #13908
- lambda-nodejs: handler filename missing from error message (#14564) (256fd4c)
2.0.0-rc.3 (2021-05-12)
interface. The existing ones are moved into IHttpApi
and new
ones will be added to IWebsocketApi
the IStage
interface. The existing ones are moved into IHttpStage
and new ones will be added to the IWebsocketStage
- lambda-nodejs: the default runtime version for
is now alwaysNODEJS_14_X
(previously the version was derived from the local NodeJS runtime and could be either 12.x or 14.x).
- aws-ecs: Expose logdriver "mode" property (#13965) (28fce22), closes #13845
- cfnspec: cloudformation spec v35.0.0 (#14411) (49e49e7)
- cfnspec: cloudformation spec v35.1.0 (#14518) (bcdff3d)
- cli: directly deploy stacks in nested assemblies (#14379) (5a6fa7f)
- docdb: Support multiple security groups to DatabaseCluster (#13290) (1a97b66)
- elasticsearch: Support version 7.10 (#14320) (f3a830c)
- kinesis: Basic stream level metrics (#12556) (5f1b576), closes #12555
- rds: allow turning on IAM authentication for Clusters (#13958) (0e59708), closes #13722
- aws-cloudwatch: fix for space in alarm name in alarms for compos… (#13963) (7cdd541)
- cfn-include: correctly parse Fn::Sub expressions containing serialized JSON (#14512) (fd6d6d0), closes #14095
matches more than the template on multiple CDK copies (#14544) (f8abdbf), closes #14468- cli: 'cdk deploy *' should not deploy stacks in nested assemblies (#14542) (93a3549)
- cli: 'cdk synth' not able to fail if stacks have errors (#14475) (963d1c7)
- CodeBuild: add resource only once per secret (#14510) (affaaad)
- lambda-nodejs: non-deterministic runtime version (#14538) (527f662), closes #13893
- rds: instance identifiers and endpoints of a Cluster are blank (#14394) (9597d97), closes #14377
- s3: urlForObject does not consider explicit bucket region (#14315) (e11d537)
- ssm: dynamic SSM parameter reference breaks with lists (#14527) (3d1baac), closes #14205 #14476
2.0.0-rc.2 (2021-05-11)
interface. The existing ones are moved into IHttpApi
and new
ones will be added to IWebsocketApi
the IStage
interface. The existing ones are moved into IHttpStage
and new ones will be added to the IWebsocketStage
- lambda-nodejs: the default runtime version for
is now alwaysNODEJS_14_X
(previously the version was derived from the local NodeJS runtime and could be either 12.x or 14.x).
- aws-ecs: Expose logdriver "mode" property (#13965) (28fce22), closes #13845
- cfnspec: cloudformation spec v35.0.0 (#14411) (49e49e7)
- cfnspec: cloudformation spec v35.1.0 (#14518) (bcdff3d)
- cli: directly deploy stacks in nested assemblies (#14379) (5a6fa7f)
- docdb: Support multiple security groups to DatabaseCluster (#13290) (1a97b66)
- elasticsearch: Support version 7.10 (#14320) (f3a830c)
- kinesis: Basic stream level metrics (#12556) (5f1b576), closes #12555
- rds: allow turning on IAM authentication for Clusters (#13958) (0e59708), closes #13722
- aws-cloudwatch: fix for space in alarm name in alarms for compos… (#13963) (7cdd541)
- cfn-include: correctly parse Fn::Sub expressions containing serialized JSON (#14512) (fd6d6d0), closes #14095
matches more than the template on multiple CDK copies (#14544) (f8abdbf), closes #14468- cli: 'cdk deploy *' should not deploy stacks in nested assemblies (#14542) (93a3549)
- cli: 'cdk synth' not able to fail if stacks have errors (#14475) (963d1c7)
- CodeBuild: add resource only once per secret (#14510) (affaaad)
- lambda-nodejs: non-deterministic runtime version (#14538) (527f662), closes #13893
- rds: instance identifiers and endpoints of a Cluster are blank (#14394) (9597d97), closes #14377
- s3: urlForObject does not consider explicit bucket region (#14315) (e11d537)
- ssm: dynamic SSM parameter reference breaks with lists (#14527) (3d1baac), closes #14205 #14476
2.0.0-rc.1 (2021-04-28)
2.0.0-alpha.14 (2021-04-28)
- neptune:
changed from enum to enum-like static factory.
- aws-autoscaling: add support for NewInstancesProtectedFromScaleIn (#14283) (da9828b)
- custom-resources: AwsSdkCall can assume Role for cross-account custom resources (#13916) (a0690b9)
- ec2: create NAT Gateways with fixed IPs (#14250) (24c992a), closes #11884 #4067
- events: API Gateway target (#13823) (ce789bf), closes #12708
- iam: add imported user to a group (#13698) (bf513bc)
- neptune: change InstanceType to class that is built from string (#14273) (fc618f9), closes #13923
- secretsmanager: replicate secrets to multiple regions (#14266) (b3c288d), closes #14061
- aws-ecs-patterns, aws-elasticloadbalancingv2: Pass TargetGroup P… (#14092) (a655819), closes #14091
- codebuild: Secret env variable from another account fails on Key decryption (#14226) (8214338), closes #14043
- codepipeline-actions: CodeCommit source action fails when it's cross-account (#14260) (1508e60), closes #12391 #14156
- ec2: r5ad instance-type has incorrect value (#14179) (c80e1cf)
- iam: unable to configure name of SAML Provider (#14296) (904202a), closes #14294
- pipelines: Use LinuxBuildImage.STANDARD_5_0 for Assets and UpdatePipeline stages (#14338) (f93d940)
2.0.0-alpha.13 (2021-04-21)
2.0.0-alpha.12 (2021-04-21)
- appmesh: HTTP2
s must be now created withHttp2VirtualNodeListenerOptions
- appmesh: HTTP2
s must be now created withHttp2VirtualGatewayListenerOptions
- apigateway: integration timeout (#14154) (d02770e), closes #14123
- appmesh: add Connection Pools for VirtualNode and VirtualGateway (#13917) (8a949dc), closes #11647
- codepipeline: detect the account of the Action from its backing resource's account, not its Stack's account (#14224) (d88e915), closes #14165
- pipelines: incorrect BuildSpec in synth step if synthesized with
(#14211) (0f5c74f), closes #13303
2.0.0-alpha.11 (2021-04-19)
- codepipeline-actions: the Action
has been renamed toServiceCatalogDeployActionBeta1
- codepipeline-actions: the type
has been renamed toServiceCatalogDeployActionBeta1Props
- certificatemanager: allow tagging DnsValidatedCertificate (#13990) (8360feb), closes #12382 #12382
- codebuild: allow setting concurrent build limit (#14185) (3107d03)
- codepipeline: introduce the Action abstract class (#14009) (4b6a6cc)
- ecs: add support for elastic inference accelerators in ECS task defintions (#13950) (23986d7), closes #12460
- eks: Pass args to avoid DescribeCluster call and make nodes join the cluster faster (#12659) (f5616cc)
- elasticloadbalancing: rename 'sslCertificateId' property of LB listener to 'sslCertificateArn'; deprecate sslCertificateId property (#13766) (1a30272), closes #9303 #9303
aws-cloudfront: distribution comment length not validated (#14020) (#14094) (54fddc6)
aws-ecs-patterns: fixes #11123 allow for https listeners to use non Route 53 DNS if a certificate is provided (#14004) (e6c85e4)
cfn-include: allow deploy-time values in Parameter substitutions in Fn::Sub expressions (#14068) (111d26a), closes #14047
does not deal correctly with list tokens (#14138) (1a6d39f), closes #14088 -
fsx: Weekday.SUNDAY incorrectly evaluates to 0 (should be 7) (#14081) (708f23e), closes #14080
rds: allow Instances to be referenced across environments (#13865) (74c7fff), closes #13832
codepipeline-actions: change the name of the ServiceCatalogDeployAction (#13780) (a99e901)
2.0.0-alpha.10 (2021-03-31)
- core: The type of the
property inBundlingOptions
is changed fromBundlingDockerImage
. - core: The return type of the
API is changed fromBundlingDockerImage
. - lambda-nodejs: The type of
property in theBundling
class is changed fromBundlingDockerImage
. - lambda-nodejs: The type of
property inBundlingOptions
is changed fromBundlingDockerImage
. - apigatewayv2: The type of
property undercorsPreflight
section is changed fromHttpMethod
. - lambda-nodejs: the default runtime of a
is now Node.js 14.x if the environment from which it is deployed uses Node.js >= 14 and Node.js 12.x otherwise. - appmesh: Backend, backend default and Virtual Service client policies structures are being altered
- appmesh: you must use the backend default interface to define backend defaults in
. The property name also changed frombackendsDefaultClientPolicy
- appmesh: you must use the backend default interface to define backend defaults in
, (the property name also changed frombackendsDefaultClientPolicy
), and theBackend
class to define a backend - appmesh: you can no longer attach a client policy to a
- apigatewayv2:
(and related interfaces forAttributed
) has been renamed toApiMapping
- apigatewayv2:
has been renamed toStageOptions
- apigatewayv2:
has been removed in favour ofHttpStage.fromHttpStageAttributes
- apigatewayv2:
has been removed in favour ofDomainMappingOptions
- apigatewayv2:
has been changed fromDefaultDomainMappingOptions
- apigatewayv2:
has been changed fromHttpStage
- apigatewayv2:
has been removed
- acmpca: make the ACM PCA module Generally Available (stable) (#13778) (7ca79ff)
- amplify-domain: Added config for auto subdomain creation (#13342) (4c63f09)
- apigatewayv2: http api - default authorizer options (#13172) (53d9661)
- apigatewayv2: websocket api (#13031) (fe1c839), closes #2872
- appmesh: add missing route match features (#13350) (b71efd9), closes #11645
- appmesh: add route retry policies (#13353) (66f7053), closes #11642
- aws-elasticloadbalancingv2: add protocol version for ALB TargetGroups (#13570) (165a3d8), closes #12869
- aws-events: Event Bus target (#12926) (ea91aa3), closes #9473
- aws-route53-targets: add global accelerator target to route53 alias targets (#13407) (2672a55), closes #12839
- cfnspec: cloudformation spec v30.0.0 (#13365) (ae0185d)
- cfnspec: cloudformation spec v30.1.0 (#13519) (7711981)
- cfnspec: cloudformation spec v31.0.0 (#13633) (9b1c786)
- cfnspec: cloudformation spec v31.1.0 (#13763) (41a2b2e)
- cloudwatch: EC2 actions (#13281) (319cfcd), closes #13228
- codebuild: allow setting queued timeout (#13467) (e09250b), closes #11364
- codepipeline-actions: Add detectChanges option to BitBucketSourceAction (#13656) (f2436bf)
- cognito: user pools - sign in with apple (#13160) (b965589)
- core:
parameter in the CustomResourceProvider (#13275) (78831cf), closes #13277 #13276 - core: customize bundling output packaging (#13152) (6eca979)
- dynamodb: custom timeout for replication operation (#13354) (6a5a4f2), closes #10249
- ec2: Add VPC endpoint for RDS (#12497) (fc87574), closes #12402
- ec2: client vpn endpoint (#12234) (4fde59a), closes #4206
- ec2: ESP and AH IPsec protocols for Security Groups (#13471) (f5a6647), closes #13403
- ec2: multipart user data (#11843) (ed94c5e), closes #8315
- ecr: add imageTagMutability prop (#10557) (c4dc3bc), closes #4640
- ecs: ability to access tag parameter value of TagParameterContainerImage (#13340) (e567a41), closes #13202
- ecs: add port mappings to containers with props (#13262) (f511639), closes #13261
- ecs: allow selection of container and port for SRV service discovery records (#12798) (a452bc3), closes #12796
- ecs: allow users to provide a CloudMap service to associate with an ECS service (#13192) (a7d314c), closes #10057
- ecs-patterns: Add ECS deployment circuit breaker support to higher-level constructs (#12719) (e80a98a), closes #12534 #12360
- elbv2: allow control of ingress rules on redirect listener (#12768) (b7b441f), closes #12766
- events:
method for granular grants (#13429) (122a232), closes #11228 - events: archive events (#12060) (465cd9c), closes #11531
- events: dead letter queue for Lambda Targets (#11617) (1bb3650), closes #11612
- events: dead-letter queue support for CodeBuild (#13448) (abfc0ea), closes #13447
- events: dead-letter queue support for StepFunctions (#13450) (0ebcb41), closes #13449
- events: retry-policy support (#13660) (7966f8d), closes #13659
- events,applicationautoscaling: schedule can be a token (#13064) (b1449a1)
- iam: SAML identity provider (#13393) (faa0c06), closes #5320
- init-templates: app template comes with hint comments for 'env' (#13696) (b940710), closes #12321
- lambda: Code.fromDockerBuild (#13318) (ad01099), closes #13273
- lambda-event-sources: msk and self-managed kafka event sources (#12507) (73209e1), closes #12099
- lambda-event-sources: support for batching window to sqs event source (#13406) (6743e3b), closes #11722 #11724 #13770
- lambda-event-sources: tumbling window (#13412) (e9f2773), closes #13411
- neptune: high level constructs for db clusters and instances (#12763) (c366837), closes aws#12762
- neptune: Support IAM authentication (#13462) (6c5b1f4), closes #13461
- rds: make rds secret name configurable (#13626) (62a91b7), closes #8984
- region-info: added AppMesh ECR account for af-south-1 region (#12814) (b3fba43)
- sns: enable passing PolicyDocument to TopicPolicy (#10559) (0d9c300), closes #7934
- stepfunctions-tasks: Support calling ApiGateway REST and HTTP APIs (#13033) (cc608d0), closes #11565 #11566 #11565
apigatewayv2: error while configuring ANY as an allowed method in CORS (#13313) (34bb338), closes #13280 #13643
appmesh: Move Client Policy from Virtual Service to backend structure (#12943) (d3f4284), closes #11996
autoscaling: AutoScaling on percentile metrics doesn't work (#13366) (46114bb), closes #13144
aws-ecs: drain hook lambda allows tasks to stop gracefully (#13559) (3e1148e), closes #13506
cfn-include: allow boolean values for string-typed properties (#13508) (e5dab7c)
cfn-include: allow dynamic mappings to be used in Fn::FindInMap (#13428) (623675d)
cloudfront: cannot add two EdgeFunctions with same aliases (#13324) (1f35351), closes #13237
cloudwatch: cannot create Alarms from labeled metrics that start with a digit (#13560) (278029f), closes #13434
cloudwatch: MathExpression period of <5 minutes is not respected (#13078) (d9ee914), closes #9156
cloudwatch: metric
not rendered into Alarms (#13070) (cbcc712) -
codebuild: allow FILE_PATH webhook filter for BitBucket (#13186) (cbed348), closes #13175
codebuild: allow passing the ARN of the Secret in environment variables (#13706) (6f6e079), closes #12703
codebuild: Fixed build spec file format to return yaml (#13445) (fab93c6)
codebuild: module fails to load with error "Cannot use import statement outside a module" (b1ffd33), closes #13699 #13699
codedeploy: script installing CodeDeploy agent fails (#13758) (25e8d04), closes #13755
codedeploy: Use aws-cli instead of awscli for yum (#13655) (449ce12)
codepipeline-actions: BitBucketAction fails with S3 "Access denied" error (#13637) (77ce45d), closes #13557
cognito: imported userpool not retaining environment from arn (#13715) (aa9fd9c), closes #13691
cannot handle list intrinsics (#13544) (a5be042), closes #13465 -
core: custom resource provider NODEJS_12 now looks like Lambda's NODEJS_12_X, add Node 14 (#13301) (3413b2f)
dynamodb: replicas not created on table replacement (#13300) (c7c424f), closes #12332
ec2: fix typo's in WindowsImage constants (#13446) (781aa97)
ec2: NAT provider's default outbound rules cannot be disabled (#12674) (664133a), closes #12673
ec2: Security Groups support all protocols (#13593) (8c6b3eb), closes #13403
ec2: Throw error on empty InitFile content (#13009) (#13119) (81a78a3)
ecr: Allow referencing an EcrImage by digest instead of tag (#13299) (266a621), closes #5082
ecr: Generate valid CloudFormation for imageScanOnPush (#13420) (278fba5), closes #13418
ecs: services essential container exceptions thrown too soon (#13240) (c174f6c), closes #13239
elasticloadbalancingv2: should allow more than 2 certificates (#13332) (d3155e9), closes #13150
elasticloadbalancingv2: upgrade to v1.92.0 drops certificates on ALB if more than 2 certificates exist (#13490) (01b94f8), closes #13332 #13437
events: cannot trigger multiple Lambdas from the same Rule (#13260) (c8c1762), closes #13231
init: Python init template's stack ID doesn't match other languages (#13480) (3f1c02d)
use NodeJS 14 for all packaged custom resources (#13488) (20a2820), closes #13534 #13484
events: imported ECS Task Definition cannot be used as target (#13293) (6f7cebd), closes #12811
events: imported EventBus does not correctly register source account (#13481) (57e5404), closes #13469
events,applicationautoscaling: specifying a schedule rate in seconds results in an error (#13689) (5d62331), closes #13566
iam: oidc-provider can't pull from hosts requiring SNI (#13397) (90dbfb5)
iam: policy statement tries to validate tokens (#13493) (8d592ea), closes #13479
lambda: fromDockerBuild output is located under /asset (#13539) (77449f6), closes #13439
lambda: incorrect values for prop UntrustedArtifactOnDeployment (#13667) (0757686), closes #13586
lambda-nodejs: paths with spaces break esbuild (#13312) (f983fbb), closes #13311
neptune: create correct IAM statement in grantConnect() (#13641) (2e7f046), closes #13640
python: change Python namespace to
(#13489) (2ff5ca1) -
rds: fail with a descriptive error if Cluster's instance count is a deploy-time value (#13765) (dd22e8f), closes #13558
region-info: ap-northeast-3 data not correctly registered (#13564) (64da84b), closes #13561
s3: Notifications fail to deploy due to incompatible node runtime (#13624) (26bc3d4)
s3: Notifications fail to deploy due to incompatible node runtime (#13624) (aa32cf6)
adds insufficient permissions (#13170) (6126e49), closes #11594 -
stepfunctions: no validation on state machine name (#13387) (6c3d407), closes #13289
core: remove all references to BundlingDockerImage in the public API (#13814) (9cceb3f)
lambda-nodejs: prepare code to reduce merge conflicts when deprecated APIs are stripped (#13738) (ca391b5)
2.0.0-alpha.9 (2021-03-24)
- lambda-nodejs: the default runtime of a
is now Node.js 14.x if the environment from which it is deployed uses Node.js >= 14 and Node.js 12.x otherwise. - appmesh: Backend, backend default and Virtual Service client policies structures are being altered
- appmesh: you must use the backend default interface to define backend defaults in
. The property name also changed frombackendsDefaultClientPolicy
- appmesh: you must use the backend default interface to define backend defaults in
, (the property name also changed frombackendsDefaultClientPolicy
), and theBackend
class to define a backend - appmesh: you can no longer attach a client policy to a
- apigatewayv2:
(and related interfaces forAttributed
) has been renamed toApiMapping
- apigatewayv2:
has been renamed toStageOptions
- apigatewayv2:
has been removed in favour ofHttpStage.fromHttpStageAttributes
- apigatewayv2:
has been removed in favour ofDomainMappingOptions
- apigatewayv2:
has been changed fromDefaultDomainMappingOptions
- apigatewayv2:
has been changed fromHttpStage
- apigatewayv2:
has been removed
- amplify-domain: Added config for auto subdomain creation (#13342) (4c63f09)
- apigatewayv2: http api - default authorizer options (#13172) (53d9661)
- apigatewayv2: websocket api (#13031) (fe1c839), closes #2872
- appmesh: add missing route match features (#13350) (b71efd9), closes #11645
- appmesh: add route retry policies (#13353) (66f7053), closes #11642
- aws-elasticloadbalancingv2: add protocol version for ALB TargetGroups (#13570) (165a3d8), closes #12869
- aws-events: Event Bus target (#12926) (ea91aa3), closes #9473
- aws-route53-targets: add global accelerator target to route53 alias targets (#13407) (2672a55), closes #12839
- cfnspec: cloudformation spec v30.0.0 (#13365) (ae0185d)
- cfnspec: cloudformation spec v30.1.0 (#13519) (7711981)
- cfnspec: cloudformation spec v31.0.0 (#13633) (9b1c786)
- cloudwatch: EC2 actions (#13281) (319cfcd), closes #13228
- codebuild: allow setting queued timeout (#13467) (e09250b), closes #11364
- cognito: user pools - sign in with apple (#13160) (b965589)
- core:
parameter in the CustomResourceProvider (#13275) (78831cf), closes #13277 #13276 - core: customize bundling output packaging (#13152) (6eca979)
- dynamodb: custom timeout for replication operation (#13354) (6a5a4f2), closes #10249
- ec2: Add VPC endpoint for RDS (#12497) (fc87574), closes #12402
- ec2: ESP and AH IPsec protocols for Security Groups (#13471) (f5a6647), closes #13403
- ec2: multipart user data (#11843) (ed94c5e), closes #8315
- ecr: add imageTagMutability prop (#10557) (c4dc3bc), closes #4640
- ecs: ability to access tag parameter value of TagParameterContainerImage (#13340) (e567a41), closes #13202
- ecs: add port mappings to containers with props (#13262) (f511639), closes #13261
- ecs: allow selection of container and port for SRV service discovery records (#12798) (a452bc3), closes #12796
- ecs: allow users to provide a CloudMap service to associate with an ECS service (#13192) (a7d314c), closes #10057
- ecs-patterns: Add ECS deployment circuit breaker support to higher-level constructs (#12719) (e80a98a), closes #12534 #12360
- elbv2: allow control of ingress rules on redirect listener (#12768) (b7b441f), closes #12766
- events:
method for granular grants (#13429) (122a232), closes #11228 - events: archive events (#12060) (465cd9c), closes #11531
- events: dead letter queue for Lambda Targets (#11617) (1bb3650), closes #11612
- events: dead-letter queue support for CodeBuild (#13448) (abfc0ea), closes #13447
- events: dead-letter queue support for StepFunctions (#13450) (0ebcb41), closes #13449
- events,applicationautoscaling: schedule can be a token (#13064) (b1449a1)
- iam: SAML identity provider (#13393) (faa0c06), closes #5320
- lambda: Code.fromDockerBuild (#13318) (ad01099), closes #13273
- lambda-event-sources: msk and self-managed kafka event sources (#12507) (73209e1), closes #12099
- neptune: high level constructs for db clusters and instances (#12763) (c366837), closes aws#12762
- neptune: Support IAM authentication (#13462) (6c5b1f4), closes #13461
- rds: make rds secret name configurable (#13626) (62a91b7), closes #8984
- region-info: added AppMesh ECR account for af-south-1 region (#12814) (b3fba43)
- sns: enable passing PolicyDocument to TopicPolicy (#10559) (0d9c300), closes #7934
- stepfunctions-tasks: Support calling ApiGateway REST and HTTP APIs (#13033) (cc608d0), closes #11565 #11566 #11565
appmesh: Move Client Policy from Virtual Service to backend structure (#12943) (d3f4284), closes #11996
autoscaling: AutoScaling on percentile metrics doesn't work (#13366) (46114bb), closes #13144
aws-ecs: drain hook lambda allows tasks to stop gracefully (#13559) (3e1148e), closes #13506
cfn-include: allow boolean values for string-typed properties (#13508) (e5dab7c)
cfn-include: allow dynamic mappings to be used in Fn::FindInMap (#13428) (623675d)
cloudfront: cannot add two EdgeFunctions with same aliases (#13324) (1f35351), closes #13237
cloudwatch: cannot create Alarms from labeled metrics that start with a digit (#13560) (278029f), closes #13434
cloudwatch: MathExpression period of <5 minutes is not respected (#13078) (d9ee914), closes #9156
cloudwatch: metric
not rendered into Alarms (#13070) (cbcc712) -
codebuild: allow FILE_PATH webhook filter for BitBucket (#13186) (cbed348), closes #13175
codedeploy: Use aws-cli instead of awscli for yum (#13655) (449ce12)
cannot handle list intrinsics (#13544) (a5be042), closes #13465 -
core: custom resource provider NODEJS_12 now looks like Lambda's NODEJS_12_X, add Node 14 (#13301) (3413b2f)
dynamodb: replicas not created on table replacement (#13300) (c7c424f), closes #12332
ec2: fix typo's in WindowsImage constants (#13446) (781aa97)
ec2: NAT provider's default outbound rules cannot be disabled (#12674) (664133a), closes #12673
ec2: Security Groups support all protocols (#13593) (8c6b3eb), closes #13403
ec2: Throw error on empty InitFile content (#13009) (#13119) (81a78a3)
ecr: Allow referencing an EcrImage by digest instead of tag (#13299) (266a621), closes #5082
ecr: Generate valid CloudFormation for imageScanOnPush (#13420) (278fba5), closes #13418
ecs: services essential container exceptions thrown too soon (#13240) (c174f6c), closes #13239
elasticloadbalancingv2: should allow more than 2 certificates (#13332) (d3155e9), closes #13150
elasticloadbalancingv2: upgrade to v1.92.0 drops certificates on ALB if more than 2 certificates exist (#13490) (01b94f8), closes #13332 #13437
events: cannot trigger multiple Lambdas from the same Rule (#13260) (c8c1762), closes #13231
events: imported ECS Task Definition cannot be used as target (#13293) (6f7cebd), closes #12811
events: imported EventBus does not correctly register source account (#13481) (57e5404), closes #13469
iam: oidc-provider can't pull from hosts requiring SNI (#13397) (90dbfb5)
iam: policy statement tries to validate tokens (#13493) (8d592ea), closes #13479
init: Python init template's stack ID doesn't match other languages (#13480) (3f1c02d)
lambda: fromDockerBuild output is located under /asset (#13539) (77449f6), closes #13439
lambda: incorrect values for prop UntrustedArtifactOnDeployment (#13667) (0757686), closes #13586
lambda-nodejs: paths with spaces break esbuild (#13312) (f983fbb), closes #13311
neptune: create correct IAM statement in grantConnect() (#13641) (2e7f046), closes #13640
python: change Python namespace to
(#13489) (2ff5ca1) -
region-info: ap-northeast-3 data not correctly registered (#13564) (64da84b), closes #13561
s3: Notifications fail to deploy due to incompatible node runtime (#13624) (aa32cf6)
s3: Notifications fail to deploy due to incompatible node runtime (#13624) (26bc3d4)
adds insufficient permissions (#13170) (6126e49), closes #11594 -
stepfunctions: no validation on state machine name (#13387) (6c3d407), closes #13289
use NodeJS 14 for all packaged custom resources (#13488) (20a2820), closes #13534 #13484
2.0.0-alpha.8 (2021-03-17)
- apigatewayv2:
(and related interfaces forAttributed
) has been renamed toApiMapping
- apigatewayv2:
has been renamed toStageOptions
- apigatewayv2:
has been removed in favour ofHttpStage.fromHttpStageAttributes
- apigatewayv2:
has been removed in favour ofDomainMappingOptions
- apigatewayv2:
has been changed fromDefaultDomainMappingOptions
- apigatewayv2:
has been changed fromHttpStage
- apigatewayv2:
has been removed
- apigatewayv2: websocket api (#13031) (fe1c839), closes #2872
- aws-events: Event Bus target (#12926) (ea91aa3), closes #9473
- aws-route53-targets: add global accelerator target to route53 alias targets (#13407) (2672a55), closes #12839
- cfnspec: cloudformation spec v30.0.0 (#13365) (ae0185d)
- cloudwatch: EC2 actions (#13281) (319cfcd), closes #13228
- codebuild: allow setting queued timeout (#13467) (e09250b), closes #11364
- cognito: user pools - sign in with apple (#13160) (b965589)
- core:
parameter in the CustomResourceProvider (#13275) (78831cf), closes #13277 #13276 - core: customize bundling output packaging (#13152) (6eca979)
- dynamodb: custom timeout for replication operation (#13354) (6a5a4f2), closes #10249
- ec2: Add VPC endpoint for RDS (#12497) (fc87574), closes #12402
- ec2: ESP and AH IPsec protocols for Security Groups (#13471) (f5a6647), closes #13403
- ec2: multipart user data (#11843) (ed94c5e), closes #8315
- ecr: add imageTagMutability prop (#10557) (c4dc3bc), closes #4640
- ecs: ability to access tag parameter value of TagParameterContainerImage (#13340) (e567a41), closes #13202
- ecs: add port mappings to containers with props (#13262) (f511639), closes #13261
- ecs: allow selection of container and port for SRV service discovery records (#12798) (a452bc3), closes #12796
- ecs: allow users to provide a CloudMap service to associate with an ECS service (#13192) (a7d314c), closes #10057
- elbv2: allow control of ingress rules on redirect listener (#12768) (b7b441f), closes #12766
- events:
method for granular grants (#13429) (122a232), closes #11228 - events: archive events (#12060) (465cd9c), closes #11531
- events: dead letter queue for Lambda Targets (#11617) (1bb3650), closes #11612
- events: dead-letter queue support for CodeBuild (#13448) (abfc0ea), closes #13447
- events: dead-letter queue support for StepFunctions (#13450) (0ebcb41), closes #13449
- events,applicationautoscaling: schedule can be a token (#13064) (b1449a1)
- iam: SAML identity provider (#13393) (faa0c06), closes #5320
- lambda: Code.fromDockerBuild (#13318) (ad01099), closes #13273
- neptune: high level constructs for db clusters and instances (#12763) (c366837), closes aws#12762
- neptune: Support IAM authentication (#13462) (6c5b1f4), closes #13461
- region-info: added AppMesh ECR account for af-south-1 region (#12814) (b3fba43)
- cfn-include: allow boolean values for string-typed properties (#13508) (e5dab7c)
- cfn-include: allow dynamic mappings to be used in Fn::FindInMap (#13428) (623675d)
- cloudfront: cannot add two EdgeFunctions with same aliases (#13324) (1f35351), closes #13237
- cloudwatch: MathExpression period of <5 minutes is not respected (#13078) (d9ee914), closes #9156
- cloudwatch: metric
not rendered into Alarms (#13070) (cbcc712) - codebuild: allow FILE_PATH webhook filter for BitBucket (#13186) (cbed348), closes #13175
- core: custom resource provider NODEJS_12 now looks like Lambda's NODEJS_12_X, add Node 14 (#13301) (3413b2f)
- dynamodb: replicas not created on table replacement (#13300) (c7c424f), closes #12332
- ec2: fix typo's in WindowsImage constants (#13446) (781aa97)
- ec2: NAT provider's default outbound rules cannot be disabled (#12674) (664133a), closes #12673
- ec2: readme grammar (#13180) (fe4f056)
- ec2: Throw error on empty InitFile content (#13009) (#13119) (81a78a3)
- ecr: Allow referencing an EcrImage by digest instead of tag (#13299) (266a621), closes #5082
- ecr: Generate valid CloudFormation for imageScanOnPush (#13420) (278fba5), closes #13418
- ecs: services essential container exceptions thrown too soon (#13240) (c174f6c), closes #13239
- elasticloadbalancingv2: should allow more than 2 certificates (#13332) (d3155e9), closes #13150
- elasticloadbalancingv2: upgrade to v1.92.0 drops certificates on ALB if more than 2 certificates exist (#13490) (01b94f8), closes #13332 #13437
- events: cannot trigger multiple Lambdas from the same Rule (#13260) (c8c1762), closes #13231
- events: imported ECS Task Definition cannot be used as target (#13293) (6f7cebd), closes #12811
- events: imported EventBus does not correctly register source account (#13481) (57e5404), closes #13469
- iam: oidc-provider can't pull from hosts requiring SNI (#13397) (90dbfb5)
- init: Python init template's stack ID doesn't match other languages (#13480) (3f1c02d)
- lambda-nodejs: paths with spaces break esbuild (#13312) (f983fbb), closes #13311
- python: change Python namespace to
(#13489) (90f5311) - stepfunctions:
adds insufficient permissions (#13170) (6126e49), closes #11594 - stepfunctions: no validation on state machine name (#13387) (6c3d407), closes #13289
2.0.0-alpha.7 (2021-03-10)
- apigatewayv2:
(and related interfaces forAttributed
) has been renamed toApiMapping
- apigatewayv2:
has been renamed toStageOptions
- apigatewayv2:
has been removed in favour ofHttpStage.fromHttpStageAttributes
- apigatewayv2:
has been removed in favour ofDomainMappingOptions
- apigatewayv2:
has been changed fromDefaultDomainMappingOptions
- apigatewayv2:
has been changed fromHttpStage
- apigatewayv2:
has been removed
- apigatewayv2: websocket api (#13031) (fe1c839), closes #2872
- aws-events: Event Bus target (#12926) (ea91aa3), closes #9473
- aws-route53-targets: add global accelerator target to route53 alias targets (#13407) (2672a55), closes #12839
- cfnspec: cloudformation spec v30.0.0 (#13365) (ae0185d)
- cloudwatch: EC2 actions (#13281) (319cfcd), closes #13228
- codebuild: allow setting queued timeout (#13467) (e09250b), closes #11364
- cognito: user pools - sign in with apple (#13160) (b965589)
- core:
parameter in the CustomResourceProvider (#13275) (78831cf), closes #13277 #13276 - core: customize bundling output packaging (#13152) (6eca979)
- dynamodb: custom timeout for replication operation (#13354) (6a5a4f2), closes #10249
- ec2: Add VPC endpoint for RDS (#12497) (fc87574), closes #12402
- ec2: multipart user data (#11843) (ed94c5e), closes #8315
- ecs: ability to access tag parameter value of TagParameterContainerImage (#13340) (e567a41), closes #13202
- ecs: add port mappings to containers with props (#13262) (f511639), closes #13261
- ecs: allow selection of container and port for SRV service discovery records (#12798) (a452bc3), closes #12796
- elbv2: allow control of ingress rules on redirect listener (#12768) (b7b441f), closes #12766
- events: archive events (#12060) (465cd9c), closes #11531
- events: dead letter queue for Lambda Targets (#11617) (1bb3650), closes #11612
- events: dead-letter queue support for StepFunctions (#13450) (0ebcb41), closes #13449
- iam: SAML identity provider (#13393) (faa0c06), closes #5320
- lambda: Code.fromDockerBuild (#13318) (ad01099), closes #13273
- neptune: high level constructs for db clusters and instances (#12763) (c366837), closes aws#12762
- neptune: Support IAM authentication (#13462) (6c5b1f4), closes #13461
- region-info: added AppMesh ECR account for af-south-1 region (#12814) (b3fba43)
- cfn-include: allow dynamic mappings to be used in Fn::FindInMap (#13428) (623675d)
- cloudfront: cannot add two EdgeFunctions with same aliases (#13324) (1f35351), closes #13237
- cloudwatch: MathExpression period of <5 minutes is not respected (#13078) (d9ee914), closes #9156
- cloudwatch: metric
not rendered into Alarms (#13070) (cbcc712) - codebuild: allow FILE_PATH webhook filter for BitBucket (#13186) (cbed348), closes #13175
- core: custom resource provider NODEJS_12 now looks like Lambda's NODEJS_12_X, add Node 14 (#13301) (3413b2f)
- dynamodb: replicas not created on table replacement (#13300) (c7c424f), closes #12332
- ec2: NAT provider's default outbound rules cannot be disabled (#12674) (664133a), closes #12673
- ec2: readme grammar (#13180) (fe4f056)
- ec2: Throw error on empty InitFile content (#13009) (#13119) (81a78a3)
- ecr: Allow referencing an EcrImage by digest instead of tag (#13299) (266a621), closes #5082
- ecr: Generate valid CloudFormation for imageScanOnPush (#13420) (278fba5), closes #13418
- ecs: services essential container exceptions thrown too soon (#13240) (c174f6c), closes #13239
- elasticloadbalancingv2: should allow more than 2 certificates (#13332) (d3155e9), closes #13150
- events: cannot trigger multiple Lambdas from the same Rule (#13260) (c8c1762), closes #13231
- events: imported ECS Task Definition cannot be used as target (#13293) (6f7cebd), closes #12811
- iam: oidc-provider can't pull from hosts requiring SNI (#13397) (90dbfb5)
- lambda-nodejs: paths with spaces break esbuild (#13312) (f983fbb), closes #13311
- python: change Python namespace to
(#13489) (90f5311) - stepfunctions:
adds insufficient permissions (#13170) (6126e49), closes #11594
2.0.0-alpha.6 (2021-03-03)
- ecs-patterns: ** the desiredCount property stored on the above constructs will be optional, allowing them to be undefined. This is enabled through the
feature flag. We would recommend all aws-cdk users to set theREMOVE_DEFAULT_DESIRED_COUNT
flag to true for all of their existing applications.
Fixes: aws#12990
- aws-appsync: RdsDataSource now takes a ServerlessCluster instead of a DatabaseCluster
- apigateway: integrate with aws services in a different region (#13251) (d942699), closes #7009
- aws-s3: adds s3 bucket AWS FSBP option (#12804) (b9cdd52), closes #10969
- cfnspec: cloudformation spec v29.0.0 (#13249) (6318e26)
- cli: Configurable --change-set-name CLI flag (#13024) (18184df), closes #11075 /
- ecs-patterns: remove default desiredCount to align with cfn behaviour (under feature flag) (#13130) (a9caa45)
- elasticloadbalancingv2: Add support for application cookies (#13142) (23385dd)
- lambda: code signing config (#12656) (778ea27), closes #12216
- stepfunctions-tasks: add EKS call to SFN-tasks (#12779) (296a10d)
- synthetics: Update CloudWatch Synthetics NodeJS runtimes (#12907) (6aac3b6), closes #12906
- appsync: revert to allow resolver creation from data source (#12973) (d35f032), closes #12635 #11522
- aws-appsync: use serverlessCluster on rdsDataSource (#13206) (45cf387), closes #12567
- custom-resources: unable to use a resource attributes as dictionary keys in AwsCustomResource (#13074) (3cb3104), closes #13063
- eks:
creates un-necessary security group (#13178) (c5e8b6d) - lambda-nodejs: 'must use "outdir"' error with spaces in paths (#13268) (09723f5), closes #13210
- lambda-nodejs: invalid sample in documentation (#12404) (520c263)
- lambda-python: asset hash is non-deterministic (#12984) (37debc0), closes #12770 #12684
- incorrect peerDependency on "constructs" (#13255) (17244af)
- UserPool, Volume, ElasticSearch, FSx are now RETAIN by default (#12920) (5a54741), closes #12563
2.0.0-alpha.5 (2021-02-17)
- apigatewayv2: http api - jwt and cognito user pool authorizers (#10972) (dd90e54), closes #10534
- aws-kinesisanalyticsv2: L2 construct for Flink applications (#12464) (94279f3), closes /
- cfnspec: cloudformation spec v27.0.0 (#12960) (7730ac8)
- cli: change set name is now a constant, and --no-execute will always produce one (even if empty) (#12683) (00cdd2a), closes #11075
- core: configure bundling docker entrypoint (#12660) (6597a09), closes #11984
- elasticsearch: add custom endpoint options (#12904) (f67ab86), closes #12261
- redshift: add missing current generation RA3 NodeTypes (#12784) (f91a3f1), closes #12783
- stepfunctions: Implement IGrantable (#12830) (3b5ff05), closes #12829
- future flags 'core:enableStackNameDuplicates', 'aws-secretsmanager:parseOwnedSecretName' and 'aws-kms:defaultKeyPolicies' are no longer supported (#12644) (7554246)
- cfn-diff: correctly handle version strings like '0.0.0' (#13022) (34a921b), closes #13016
- cfn2ts: correctly choose between string and object without required properties in a union (#12954) (b7137c5), closes #12854
- codedeploy: allow the install agent script's commands to exit with errors (#12782) (23d52a5), closes #12764
- codepipeline-actions: use BatchGetBuildBatches permission for batch builds (#13018) (09ba573)
- ec2: MachineImage.genericLinux/Windows don't work in environment-agnostic stacks (#12546) (fbe7e89), closes #8759
- ec2: Subnet cidr missing for Vpc.from_lookup() (#12878) (9028269), closes #11821
- ec2: volume props validations are incorrect (#12821) (12cddff), closes #12816 #12816 #12074
- ec2: VpnConnection fails if
is a Token (#12923) (953957a), closes #11633 - kms: cross-environment usage fails when trustAccountIdentities is set (#12925) (2b917ec), closes #12921 #12741
- lambda-python: cryptography >= 3.4 is not supported by older pip version (#12934) (b68acf8), closes /
- tools: doc block links not clickable in VS Code (#12336) (4f17f92)
2.0.0-alpha.4 (2021-02-10)
- appmesh: the properties virtualRouter and virtualNode of VirtualServiceProps have been replaced with the union-like class VirtualServiceProvider
- appmesh: the method
has been removed fromIMesh
- cloudfront: experimental EdgeFunction stack names have changed from 'edge-lambda-stack-${region}' to 'edge-lambda-stack-${stackid}' to support multiple independent CloudFront distributions with EdgeFunctions.
- apigateway: cognito user pool authorizer (#12786) (ff1e5b3), closes #5618
- apigateway: import an existing Resource (#12785) (8a1a9b8), closes #4432
- appmesh: change VirtualService provider to a union-like class (#11978) (dfc765a), closes #9490
- aws-route53: cross account DNS delegations (#12680) (126a693), closes #8776
- cfnspec: cloudformation spec v26.0.0 (#12841) (f959b3a)
- cloudfront: add PublicKey and KeyGroup L2 constructs (#12743) (59cb6d0)
- cloudfront: add support for TrustedKeyGroups in Distribution and CloudFrontWebDistribution (#12847) (349a6e2), closes #11791
- core:
can be used to solve "deadly embrace" (#12778) (3b66088), closes #7602 #2036 - ec2: can define Launch Templates (not use them yet) (#12385) (32c0de7)
- ecr: Public Gallery authorization token (#12775) (8434294)
- ecs-patterns: Add PlatformVersion option to ScheduledFargateTask props (#12676) (3cbf38b), closes #12623
- elbv2: support for 2020 SSL policy (#12710) (1dd3d05), closes #12595
- iam: Permissions Boundaries (#12777) (415eb86), closes aws/aws-cdk-rfcs#5 #3242
- lambda: inline code for Python 3.8 (#12788) (8d3aaba), closes #6503
- lambda: layer version removal policy (#12792) (5664480), closes #12718
- lambda: nodejs14.x runtime (#12861) (12c224a)
- apigateway: stack update fails to replace api key (38cbe62), closes #12698
- apigateway: stack update fails to replace api key (#12745) (ffe7e42), closes #12698
- cfn-include: AWS::CloudFormation resources fail in monocdk (#12758) (5060782), closes #11595
- cli, codepipeline: renamed bootstrap stack still not supported (#12771) (40b32bb), closes #12594 #12732
- cloudfront: use node addr for edgeStackId name (#12702) (c429bb7), closes #12323
- codedeploy: wrong syntax on Windows 'installAgent' flag (#12736) (238742e), closes #12734
- codepipeline: permission denied for Action-level environment variables (#12761) (99fd074), closes #12742
- core: append file extension to s3 asset key in new style synthesizer (#12765) (77b9d39), closes #12740
- core: incorrect GetParameter permissions in nonstandard partitions (#12813) (be7202f)
- ec2: ARM-backed bastion hosts try to run x86-based Amazon Linux AMI (#12280) (1a73d76), closes #12279
- efs: EFS fails to create when using a VPC with multiple subnets per availability zone (#12097) (889d673), closes #10170
- iam: cannot use the same Role for multiple Config Rules (#12724) (2f6521a), closes #12714
- lambda: codeguru profiler not set up for Node runtime (#12712) (59db763), closes #12624
2.0.0-alpha.3 (2021-02-03)
- aws-codebuild: add
to Project (#12531) (0568390) - batch: Compute Resources placement group (#12203) (fe37174)
2.0.0-alpha.2 (2021-01-27)
- s3-deployment: User metadata keys of bucket objects will change from
. - core: users of modern synthesis (
, used by CDK Pipelines) must upgrade their bootstrap stacks. Runcdk bootstrap
- aws-codepipeline-actions: Add Full Clone support for CodeCommit (#12558) (d169688), closes #12236
- cfnspec: cloudformation spec v24.0.0 (#12615) (98ebe96), closes #12474
- cognito: allow to set read and write attributes in Cognito UserPoolClient (#7607) (552e1e9), closes #7407
- ec2: Support for new EBS types (#12074) (6a2ce55), closes #12071
- eks: Graduate to stable (#12640) (b5ba7cd)
- s3: Bucket keys (#12376) (d126fcc), closes #11828
- stepfunctions-tasks: EcsRunTask now uses taskDefinition family instead of ARN (#12436) (abde96b), closes #12080
- stepfunctions-tasks: support databrew startJobRun task (#12532) (eacd2f7)
- apigateway: cannot remove first api key from usage plan (#12505) (96cbe32), closes #11876
- apigatewayv2: multiple http integrations are created for each route (#12528) (855ce59), closes 40aws-cdk/aws-apigatewayv2/lib/http/route.ts#L128
- aws-ecs: Invalid user data defined for windows autoscaling groups (#12585) (638b995), closes #12583
- core: modern deployments fail if bootstrap stack is renamed (#12594) (e5c616f), closes #11952 #11420 #9053
- pipelines: assets broken in Pipelines synthesized from Windows (#12573) (5c3dce5), closes #12540
- pipelines: can't use CodePipeline variables in Synth environment variables (#12602) (736b260), closes #12061 #11178
- pipelines: unable to publish assets inside VPC (#12331) (a16f09c), closes #11815
- s3-deployment: User metadata keys have redundant triple
prefix (#12414) (6716181), closes #8459 - secretsmanager: fromSecretPartialArn() has incorrect grant policies (#12665) (560915e), closes #12411
- synthetics: default execution role breaks in non aws partitions (#12096) (c01272c), closes #12094
2.0.0-alpha.1 (2021-01-21)
- apigatewayv2:
prop inVpcLink
resource now takesSubnetSelection
instead ofISubnet[]
- eks: Existing self managed nodes may loose the ability to host additional services of type
. See aws#12269 (comment) for possible mitigations. - eks: the
layer class has been moved to@aws-cdk/lambda-layer-kubectl.KubectlLayer
. - eks:
was removed since it existed only for a transition period to allow gradual migration to the current cluster class.
- eks:
property was removed, all clusters now supportkubectl
- core: Creation stack traces for
values are no longer captured by default in order to speed up tests. Run withCDK_DEBUG=true
(orcdk --debug
) to capture stack traces. - apigatewayv2:
has been replaced withHttpApi.fromHttpApiAttributes()
. - elasticsearch: ES Domain LogGroup LogicalId will change, which will trigger new log group resources to be created
- cloudfront-origins: Default minimum origin SSL protocol for
changed from SSLv3 to TLSv1.2.
- apigatewayv2: http api - disable execute api endpoint (#12426) (1724da7), closes #12241
- appmesh: add listener TLS certificates for VirtualNodes and VirtualGateways (#11863) (175a257), closes #10051
- appmesh: add timeout support to Routes (#11973) (78c185d)
- aws-cloudfront: support minimum security protocol (#12231) (40976d9), closes #12199
- aws-kms: support waiting period (#12224) (9f451bd), closes #12218
- aws-lambda-nodejs: add esbuild
bundling option (#12424) (581f6af), closes #12423 - cdk-assets: add external asset support (#12259) (05a9980)
- cfnspec: CloudFormation resource specification update to v23.0.0 (#12490) (a7a2236)
- cfnspec: cloudformation spec v22.0.0 (#12204) (a5be2e9), closes #12170 #11974 #12114 #12028
- cli:
does not print template incdk synth
(#12178) (74458a0), closes #11970 - cloudfront: allow to specify stack ID for Lambda@Edge (#12163) (049e70c), closes #12136
- cloudfront-origins: ability to specify minimum origin SSL protocol (#11997) (a0aa61d), closes #11994
- cloudfront-origins: CloudFront Origins is now Generally Available (#12011) (daace16), closes #11919
- cloudwatch: full precision for SingleValueWidgets (#12274) (45d78f0), closes #8940 #12066
- codebuild: add
option (#11743) (d9353b7), closes / #11663 - codebuild: prevent using Secrets in plain-text environment variables (#12150) (998af8f)
- codebuild: support Standard 5.0 (#12434) (422dc8e), closes #12433
- codecommit: HTTPS GRC clone URL (#12312) (36b081e)
- core: expose custom resource provider's role (#11923) (06f26d3), closes /
- core: validate maximum amount of resources in a stack (#12193) (26121c8), closes #276
- ec2: add m6gd and r6gd metadata (#12302) (ce4eb20), closes #12301
- ec2: add r5b instance type to instance class (#12027) (d276b02), closes #12025
- ec2: Add VPC endpoints for Athena and Glue (#12073) (73ef6b1), closes #12072
- ecs: deployment circuit breaker support (#12168) (e8801a0)
- ecs-patterns: Add DeploymentController option to Fargate services (#10452) (2cd233a), closes aws/containers-roadmap#130 #10971
- ecs-patterns: add ruleName optional parameter for ScheduledTask constructs (#12190) (b1318bd)
- ecs-patterns: containerName for QueueProcessingEc2Service (88d4149), closes #10517
- eks: attach cluster security group to self-managed nodes (#12042) (1078bea)
- eks: aws-node-termination-handler for spot instances now pulls the image from public ECR (#12141) (c752fab), closes #12134
- eks: bundle kubectl, helm and awscli instead of SAR app (#12129) (63bc98f), closes #11874
- eks: connect all custom resources to the cluster VPC (#10200) (eaa8222)
- eks: option to disable manifest validation (#12012) (579b923), closes #11763
- eks: spot interruption handler can be disabled for self managed nodes (#12453) (6ac1f4f), closes #12451
- eks: spot support for managed nodegroups (#11962) (6ccd00f), closes #11827
- elasticsearch: add support for version 7_8 and 7_9 (#12222) (09d1f6c), closes #12202
- elasticsearch: Support
update policy (#12239) (14f8b06), closes #12210 - elasticsearch: support audit logs (#12106) (d10ea63), closes #12105
- elasticsearch: UltraWarm nodes (#12265) (3a9056d), closes #6462
- ivs: add IVS L2 Constructs (#11454) (f813bff)
- lambda: encryption key for environment variables (#11893) (ccbaf83), closes #10837
- lambda-nodejs: expose more esbuild options (#12063) (bab21b3), closes #12046
- lambda-nodejs: Expose optional props for advanced usage of esbuild (#12123) (ecc98ac)
- rds: add grantConnect for RDS Proxy (#12243) (eb45ca8), closes #10133
- rds: add support for setting public accessibility (#12164) (b8f48e5), closes #12093
- route53: Vpc endpoint service private dns (#10780) (8f6f9a8)
- s3: option to auto delete objects upon bucket removal (#12090) (32e9c23), closes #3297 #9751
- s3-deployment: support vpc in BucketDeploymentProps (#12035) (6caf72f), closes #11734
- sns: fifo topic with content-based deduplication support #11127 (#11588) (7e60d8e)
- stepfunctions-tasks: add support for ModelClientConfig to SageMakerCreateTransformJob (#11892) (bf05092)
- synthetics: Update Cloudwatch Synthetics canaries NodeJS runtimes (#11866) (4f6e377), closes #11870
- Configre containerName for QueueProcessingFargateService (fad27f6)
- remove the construct compatibility layer (#12054) (8d3c02c)
apigatewayv2: vpclink - explicit subnet specification still causes private subnets to be included (#12401) (336a58f), closes #12083
appsync: rds data source configured with cluster arn (#12255) (d0305f3), closes #11536
aws-ecs: Support configuring Windows capacity for cluster ASGs (#12365) (6d9a0f1)
aws-ecs: update desired count to be optional (#12223) (455540b)
cfn-include: cfn-include fails in monocdk (#11595) (45e43f2), closes #11342
cli: CLI doesn't read context from ~/.cdk.json (#12394) (2389a9b), closes #10823 #4802
cli: cross account asset upload no longer works (#12155) (1c8cb11)
cli: cross-account deployment no longer works (#11966) (6fb3448), closes #11350 #11792 #11792
cloudfront: cross-region EdgeFunction does not work within a Stage (#12103) (98d781c), closes #12092
cloudfront: EdgeFunction fails with newStyleStackSynthesis (#12356) (fb02736), closes #12172
codebuild: missing permissions for SecretsManager environment variables (#12121) (1a13d8f)
codebuild: Project lacks permissions to its log destinations (#12213) (b92ed51), closes #11444 #12179
codepipeline-actions: use codebuild batch iam permissions when
executeBatchBuild: true
(#12181) (5279f37) -
core: capturing stack traces still takes a long time (#12180) (71cd38c), closes #11170
core: DefaultStackSynthesizer bucket prefix missing for template assets (#11855) (50a3d3a), closes #10710 #11327
dynamodb: allow global replicas with Provisioned billing mode (#12159) (ab5a383), closes #11346
dynamodb: missing grantRead for ConditionCheckItem (#12313) (e157007)
ec2: 'encoded list token' error using Vpc imported from deploy-time lists (#12040) (0690da9)
ec2: fromInterfaceVpcEndpointAttributes: Security Groups should not be required (#11857) (86ae5d6), closes #11050
ec2: interface endpoint AZ lookup does not guard against broken situations (#12033) (80f0bfd)
ec2: Vpc.fromVpcAttributes cannot be used with EKS (#12569) (1cdc244), closes #12040 #12160
eks: aws-node-termination-handler incorrectly deployed to on-demand instances as well (#12369) (05c0b5f), closes #12368
eks: failure to deploy cluster since aws-auth configmap exists (#12068) (dc8a98a), closes #12053
eks: k8s resources accidentally deleted due to logical ID change (#12053) (019852e), closes #10397 #10397
eks: nodegroup synthesis fails when configured with an AMI type that is not compatible to the default instance type (#12441) (5f6f0f9), closes 40aws-cdk/aws-eks/lib/managed-nodegroup.ts#L294 40aws-cdk/aws-eks/lib/managed-nodegroup.ts#L302-L304 40aws-cdk/aws-eks/lib/managed-nodegroup.ts#L329-L330 40aws-cdk/aws-eks/lib/managed-nodegroup.ts#L324-L325
eks: Self managed nodes cannot be added to LoadBalancers created via the
service type (#12269) (470a881) -
elasticsearch: Defining 2 domains with logging enabled in the same stack fails on construct id conflict (#12055) (ec3ce19), closes #12017
elasticsearch: domain configured with access policies and a custom kms key fails to deploy (#11699) (245ee6a)
elasticsearch: domain fails due to log publishing keys on unsupported cluster versions (#11622) (e6bb96f)
elasticsearch: log policies are overwritten when creating 2 domains which also results in a failure while destroying the stack (#12056) (889d089), closes #12016
elbv2: can't import two application listeners into the same scope (#12373) (6534dcf), closes #12132
iam: Groups are erroneously accepted as the Principal of a policy (#11479) (#12549) (c9b0859)
lambda: make the Version hash calculation stable (#12364) (4da50e5)
lambda-layer-*: unable to calculate layer asset hash due to missing file (#12293) (646f098), closes #12291
lambda-nodejs: local bundling fails with relative depsLockFilePath (#12125) (d5afb55), closes #12115
logs: custom resource Lambda uses old NodeJS version (#12228) (29c4943)
rds: add the dependency on proxy targets to ensure dbInstance (#12237) (8f74169), closes #11311
s3: Bucket.grantWrite() no longer adds s3:PutObject* permission (#12391) (cd437cf)
s3-deployment: stop using deprecated API's that will cause breakage post 01/31/21 (#12491) (f50f928)
sns: require topic name for fifo topic #12386 (#12437) (37d8ccc)
stepfunctions-tasks: EvaluateExpression does not support JSON paths with dash (#12248) (da1ed08), closes #12221
stepfunctions-tasks: policies created for EMR tasks have ARNs that are not partition-aware (#11553) (1cf6713), closes #11503
apigatewayv2: apiEndpoint is elevated to the IHttpApi interface (#11988) (bc5b9b6)
This is the first alpha release of CDK 2.0. 🎉