Skip to content


Latest commit



3321 lines (2459 loc) · 530 KB

File metadata and controls

3321 lines (2459 loc) · 530 KB


All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

2.68.0 (2023-03-08)

Bug Fixes

  • apprunner-alpha: env vars and secrets can't solely be added via .add*() methods (#24346) (45195b6), closes #24345
  • cli: cannot cdk import resources with multiple identifiers (#24439) (a70ff1a), closes #20895
  • core: Fix dotnet version check to allow .NET 7.0 (#24467) (a4856e9), closes #24466
  • lambda-nodejs: esbuild preCompilation tsconfig precedence is wrong (#23871) (790a709)
  • lambda-nodejs: Required auto prefix of handler with index. breaks custom non-index handler settings used by layers (#24406) (d7a1c34), closes #24403
  • rds: add clusterResourceIdentifier property to database cluster (#23605) (6bda4e5)

2.67.0 (2023-03-02)


Bug Fixes

2.66.1 (2023-02-23)

Bug Fixes

2.66.0 (2023-02-21)


Bug Fixes

  • apigateway: rest api deployment does not depend on authorizers (#23215) (12e13c1)
  • cognito: changing installLatestAwsSdk breaks Client Secret reference (#23798) (844d407), closes #23796
  • ecs: validate ecs healthcheck (#24197) (89802a9)
  • eks: nested OCI repository names for private ECR helmchart deployments are not properly handled (#23378) (72f2a95)
  • lambda: RuntimeManagementMode.FUNCTION_UPDATE has wrong value (#24252) (fdb0cf1)

2.65.0 (2023-02-15)


Bug Fixes

2.64.0 (2023-02-09)


Bug Fixes

  • Use the correct LB full name when creating metrics for imported LBs (#23972) (16c23b7), closes #23853
  • cdk-assets: asset concurrency leaves a corrupted archive (#24026) (989454f)
  • cdk-assets: packaging assets is broken on Node older than 14.17 (#23994) (5bde92c), closes #23859
  • codedeploy: cross-region referenced groups use wrong config (#23986) (390ec78)
  • core: cross-stack reference error doesn't include violation (#23987) (c7ad66f)
  • ec2: Cannot deploy VPC flow log with other resources that requires bucket policies (#23889) (e646ad5), closes #18985
  • pipelines: cannot configure actionName for all sources (#24027) (9cd639b)
  • s3: infer bucketWebsiteUrl and bucketDomainName suffixes from bucket region (#23919) (252f052)
  • s3-deployment: wrong URL in BucketDeployment.deployedBucket.bucketWebsiteUrl (#24055) (ece46db), closes #23354

2.63.2 (2023-02-04)

2.63.1 (2023-02-03)


  • cdk-assets: packaging assets is broken on Node older than 14.17 (#23994) (1976f1a), closes #23859

2.63.0 (2023-01-31)


Bug Fixes

  • appsync: sanitized datasource name isn't exported (#23802) (0b25265)
  • imports from ESM modules cannot find correct type definitions (#23870) (356a128)
  • eks: reuse chart name as chart dir for helmchart deployment from OCI repository (#23392) (070f5ec)
  • aws-cdk-lib imports from ESM modules are broken (#23846) (cf2e498), closes #23813

2.62.2 (2023-01-27)

Bug Fixes

  • imports from ESM modules cannot find correct type definitions (#23870) (1b9f3f7)

2.62.1 (2023-01-26)

Bug Fixes

2.62.0 (2023-01-25)


Bug Fixes

2.61.1 (2023-01-20)

Bug Fixes

2.61.0 (2023-01-18)


  • cfnspec: cloudformation spec v107.0.0 (#23698) (aca8a25)
  • core: stack synthesizers can be shared between stacks (#23571) (0ce19f0)
  • logs: add unit to metric filter (#23608) (7cbe8ac)
  • opensearch: add support for latest amazon opensearch service 2.3 (#22943) (0303d6f)
  • pipeline: enable key rotation (#23620) (29d7336)
  • route53-patterns: use Certificate as the default certificate (under feature flag) (#23575) (77709c8)

Bug Fixes

  • aws-s3: log delivery may be incorrectly configured when target bucket is imported (#23552) (41327d8), closes #23547 #23588
  • cdk-assets: concurrent asset builds can leave a corrupted archive (#23677) (18e0481), closes #23290
  • cli: can not assume role from 2-level SSO (#23702) (c3a345b), closes #23520
  • cloudtrail: Trail fails during resource creation due to invalid template properties when management events are 'None' (#23569) (15ced88), closes #16387 #15488
  • lambda: ever-changing Version hash with LayerVersion from tokens (#23629) (88fc62d)
  • pipelines: cross-stack step dependencies have wrong name (#23594) (0d8142b), closes #21843
  • servicecatalog: incorrect objectkey produced from asset relative… (#23580) (b4a6120), closes #23560
  • stepfunctions-tasks: fix IAM policy statements for step functions API calls (#22959) (dce662c)

2.60.0 (2023-01-11)


Bug Fixes

2.59.0 (2023-01-03)


Bug Fixes

2.58.1 (2022-12-30)


2.58.0 (2022-12-28)


  • assertions: improve printing of match failures (#23453) (2676386)

2.57.0 (2022-12-27)


  • cfnspec: cloudformation spec v103.0.0 (#23452) (e49e57d)
  • lambda: add support for auto-instrumentation with ADOT Lambda layer (#23027) (fc70535)

Bug Fixes

  • cfnspec: v101.0.0 introduced specific types on several types that previously were typed as json (#23448) (4fbc182)
  • codedeploy: referenced Applications are not environment-aware (#23405) (96242d7)
  • s3: buckets with SSE-KMS silently fail to receive logs (#23385) (1b7a384)

2.56.1 (2022-12-23)

Bug Fixes

  • cfnspec: v101.0.0 introduced specific types on several types that previously were typed as json (#23448) (1b4e3a4)

2.56.0 (2022-12-21)


Bug Fixes

2.55.1 (2022-12-16)

Bug Fixes

2.55.0 (2022-12-14)


  • autoscaling: support default instance warmup for Auto Scaling groups (#23285) (3f706e2)
  • cfnspec: cloudformation spec v101.0.0 (#23294) (3951f09)
  • cognito: add new AdvancedSecurityMode property (#23261) (9cc9bd3)
  • core: add volumes-from option to docker run command for bundling (#22829) (813c2f1), closes #8799 #21660
  • s3: update runtime of notifications-handler to python3.9 (#23209) (b2d293d)
  • s3-deployment: add additional sources with addSource (#23321) (b34d0b7), closes #22857

Bug Fixes


2.54.0 (2022-12-07)


Bug Fixes

  • cli: typescript init templates fails with error in build step (#23125) (247d0f3), closes #23126
  • core: the string 'undefined' is recognized as a valid partition when looking up for fact values (#23023) (6f4dcfd)
  • integ-test: limit api response to avoid 4k limit (#23102) (437c21f)
  • kinesis: read permissions for stream do not include kinesis:DescribeStreamConsumer (#22794) (e53352d)
  • lambda: allow tokens in kafka consumer group id (#22993) (320cc25), closes #22932
  • lambda-nodejs: AWS SDK v2 is not available for node18.x runtime (#22989) (55bca78)
  • logs: Cannot set log removalPolicy: destroy to more than one LogRetention resources (#22755) (fee2fa2)
  • route53: cross-account delegation broken in opt-in regions (#23082) (5ba35e4), closes #23081
  • toolkit: endless wait if CDKToolkit stack is REVIEW_IN_PROGRESS (#23230) (477fa85)
  • triggers: unable to trigger two lambda functions (#22124) (a96d69c), closes #22110
  • bootstrapping.integtest.ts (#23084) (c594918)
  • ECS service replacement regression (#22978) (0292d3f), closes #22467


2.53.0 (2022-11-29)


  • lambda: Add SnapStart resource spec patch (4dda029)

2.52.1 (2022-11-28)

Bug Fixes

  • cli: typescript init templates fails with error in build step (#23125) (764b725), closes #23126

2.52.0 (2022-11-27)


  • ecs: enable Amazon ECS Service Connect (96ec613)

2.51.1 (2022-11-18)

Bug Fixes

2.51.0 (2022-11-18)


Bug Fixes


2.50.0 (2022-11-01)


  • aws-ecs-patterns: entryPoint and command support within ApplicationLoadBalancedFargateService and ApplicationLoadBalancedEc2Service (#22609) (6925293), closes #17092
  • codedeploy: CodeDeploy deployment group construct for ECS (#22295) (efd24d1), closes #1559
  • core: automatic cross stack, cross region references (under feature flag) (#22008) (f1b5497)
  • ec2: Vpc supports reserving space for future AZs (#22705) (7b51ea9)
  • stepfunctions: add intrinsic functions (#22431) (8f85b08), closes #22068 #22629

Bug Fixes

  • opensearch: log group policies ignore incorrect error code on delete (#22364) (ebba9e3)
  • revert jsii to version 1.69.0 (#22715) (0837c1a)
  • apigateway: race condition exists between stage and cfnaccount in specrestapi (#22671) (4cb008b), closes #18925
  • aws-events: restrict eventbus statementId to 64 characters (#22296) (fadbfc1), closes #22120 #21808
  • stepfunctions-tasks: athenaStartQueryExecution task generates invalid s3 arn (#22692) (6e0cb2b), closes #22608

2.49.1 (2022-10-31)

Bug Fixes

2.49.0 (2022-10-27)


Bug Fixes

  • eks: kubectl get handler output includes stderr (#22658) (66d1ed3)

2.48.0 (2022-10-27)


Bug Fixes

  • apigateway: relax access log format check to allow either requestId or extendedRequestId (#22591) (1a16ad0)
  • eks: kubectl layer must contain AWS CLI (#22559) (d8b4c09)
  • ssm: StringParameter.fromSecureStringParameterAttributes not working without version (#22618) (b33b9b0), closes #18729 #22311

2.47.0 (2022-10-20)


Bug Fixes

2.46.0 (2022-10-13)


  • aws-certificatemanager: Add ability to specify the certificate name (#22301) (614ba92)
  • aws-ec2: add metadata options support for launchTemplate construct (#22312) (9297bd0)
  • cfnspec: cloudformation spec v92.0.0 (#22435) (064a1a6)
  • cloudfront-origins: allow setting a user defined origin id (#22349) (239215f), closes #2756
  • ec2: adds persist option to user data on windows instances (#21709) (cb1506f)
  • sns: topic name with .fifo suffix generated automatically (#22375) (ba201cf), closes #18740
  • sqs: add enforceSSL property to enforce encryption of data in transit (#22363) (f1886cf)

Bug Fixes


2.45.0 (2022-10-06)


Bug Fixes

2.44.0 (2022-09-28)


Bug Fixes

  • aws-elasticloadbalancingv2: Validation for interval and timeout of application-target-group (#22225) (6128e39)
  • cli: SSO credentials do not work when using a proxy (#22115) (c425e8c), closes #21328
  • elbv2: Use correct format for parsing imported target group ARNs (#22153) (4704d4c)
  • rds: changing engine versions would fail to update on DBInstances that were part of a DBCluster (#22185) (c070ace), closes #21758 #22180
  • cannot use values that return an instance of a deprecated class for non TS / JS language (#22204) (4cad2cf)

2.43.1 (2022-09-23)

Bug Fixes

  • cannot use values that return an instance of a deprecated class for non TS / JS language (#22204) (6182d33)

2.43.0 (2022-09-21)


  • cfnspec: cloudformation spec v89.0.0 (#22105) (9726e8f)
  • ec2: flowlog setting add MaxAggregationInterval (#22098) (dbede40)
  • stepfunctions-tasks: additional IAM statements for AWS SDK service integration (#22070) (fbb941f), closes #22006

Bug Fixes

  • api-gateway: SpecRestApi ignores disableExecuteApiEndpoint property (#22133) (a4364ce), closes #21295
  • certificatemanager: unable to set removal policy on DnsValidatedCertificate (#22040) (b3c9464), closes #20649
  • cli: "EACCES: Permission denied" on 'cdk init' (#22111) (384ba2b), closes #21049 #22090
  • cli: Lambda hotswap fails if environment contains tokens (#22099) (8280709), closes #22088
  • codedeploy: unable to configure disable automatically rollback (#22083) (ce27789), closes #21691
  • s3-deployment: fails when destinationKeyPrefix is a token with a long string representation (#22163) (ce59b6a)

2.42.1 (2022-09-19)


2.42.0 (2022-09-15)


Bug Fixes

  • apigateway: Add contextOwnerAccountId log pattern (#21989) (c24027b), closes #21731
  • aws-lambda: fail fast if a reserved environment variable is specified (#22039) (950ccd5)
  • elasticloadbalancingv2: securityGroup property is not required in fromApplicationListenerAttributes (#21934) (e501ac9), closes #21930
  • elbv2: connections not created for chained listener actions (#21939) (46cf825), closes #12994
  • init-templates: csharp and fsharp app init fails when path contains space (#21049) (79c9ca1), closes #18803
  • lambda-event-sources: cannot add sqs event source to an imported function (#21970) (c33bb81), closes #12607
  • route53: vpc region in template overridden by stack region (#20530) (aedc888), closes #20496 #20496

2.41.0 (2022-09-07)


  • assertions: add function for verifying the number of matching resource properties (#21707) (80cb527)
  • custom-resource: allow AwsCustomResource to be placed in vpc (#21357) (62d7bf8)
  • ec2: allow private non-nat subnets (#21699) (e1794e3)
  • ecs: add maxSwap and swappiness properties to LinuxParameters (#18703) (08eb1d6), closes #18460
  • lambda-event-sources: add kafka consumerGroupId support (#21791) (b36bc11)
  • compress aws-cdk-lib tablet file (#21854) (5a3db2d)
  • ecs: add function for adding secrets to containers after instantiating them (#21826) (572f781), closes #18959

Bug Fixes

2.40.0 (2022-08-31)


  • cdk-cli-wrapper: add progress argument for cdk deploy (#21762) (dab83cc)
  • core: Fn::ToJsonString and Fn::Length intrinsic functions (#21749) (7472fa4)

Bug Fixes

  • certificatemanager: domainName not checked for length (#21807) (3e55092)
  • ecs: secretToken required but declared as optional (#21745) (26ac81f), closes #21744
  • ecs-patterns: add validation for queue and queue related props (#21717) (7e9bd7d)
  • integ: write assertion stack name to integ manifest (#21809) (e2dc2cb), closes #21646
  • servicecatalog: incorrect service in portfolio arn generation (#21770) (f9ca639), closes #20849

2.39.1 (2022-08-29)

Bug Fixes

2.39.0 (2022-08-25)


Bug Fixes

2.38.1 (2022-08-18)


2.38.0 (2022-08-17)


Bug Fixes

  • route53: misleading error message in fromLookup if domainName is undefined (#21596) (f44eb98), closes #10053
  • duration doesn't get accurately compared in alb service base (#21584) (90786d6), closes #21560
  • aws-apigateway: CloudWatch logging should be disabled by default (under feature flag) (#21546) (78c858f), closes #10878
  • cloudfront: truncate long ResponseHeaderPolicy names (#21525) (a464ee1), closes #21524
  • codepipeline-actions: cross stack reference causes stack cycle in sources that use CloudWatch Events (#20149) (adf4022), closes #3087 #8042 #10896
  • codepipeline-actions: ecr source action doesn't trigger the pipeline (#21580) (f135b80), closes #10901
  • kms: imported key ignores environment from arn (#21519) (c6dbb96), closes #21464
  • lambda-event-sources: rootCACertificate does not support ISecret (#21555) (bf0f07b), closes #21422
  • route53-targets: InterfaceVpcEndpointTarget incorrectly accepts an imported endpoint (#21523) (cc0b005), closes #10432

2.37.1 (2022-08-10)

Bug Fixes

  • eks: revert "fix(eks): cannot disable cluster logging once it has been enabled" (#21545) (5515ce4)

2.37.0 (2022-08-09)


  • apigateway: add metrics for Stage and Method constructs (#20617) (3bf1361)
  • aws-cdk-lib: aws-cdk-lib assembly file is compressed (#21481) (0767873)
  • cfnspec: cloudformation spec v82.0.0 (#21473) (1124cbf)
  • cfnspec: cloudformation spec v83.0.0 (#21498) (453b553)
  • cli: support hotswapping Lambda function's description and environment variables (#21305) (fb92703), closes #20787
  • cognito: allow retrieval of UserPoolClient generated client secret (#21262) (67a24ba)
  • core: add network option to docker run command (#21450) (86e396a), closes #21447
  • events: complex event pattern matching with the Match class (#21310) (fe7651f)
  • lambda: add docker platform support for lambda (#21405) (48178ac)
  • lambda-event-sources: add rootCACertificate to SelfManagedKafkaEventSource (#21422) (82a597a)
  • logs: delete associated log group when stack is deleted (#21113) (2bdd504)

Bug Fixes

2.36.0 (2022-08-08)


  • aws-cdk-lib: aws-cdk-lib assembly file is compressed (#21481) (2e97dfe)

2.35.0 (2022-08-02)


Bug Fixes


2.34.2 (2022-07-29)

Bug Fixes

  • cli: context value type conversion causing parse failures (21381)

2.34.1 (2022-07-29)

Bug Fixes

  • Revert to jsii-pacmak@1.62.0 as dynamic runtime type-checking it introduced for Python results in incorrect code being produced.

2.34.0 (2022-07-28)


  • api-gateway: allow configuration of deployment description (#21207) (03fc2bd)
  • cfnspec: cloudformation spec v81.1.0 (#21307) (1f91112)
  • cli: cannot pass objects and numbers as context arguments (#20068) (ec2d68a)
  • ec2: add R6A instances (#21257) (f66f94e)
  • ecs: add function to grant run permissions to task definition (#21241) (d7ac3bb), closes #20281
  • lambda-event-sources: add AT_TIMESTAMP event source mapping starting position (#20741) (76e0768)

Bug Fixes

  • aws-lambda: FunctionUrl incorrectly uses Alias ARNs (#21353) (2904d2a)
  • bootstrap: remove image scanning configuration (#21342) (2d26916)
  • cli: add validation of --notification-arns structure (#21270) (6d157d1), closes #20806
  • ecr: Repository.addToResourcePolicy returns incorrect result (#21137) (5435215)
  • ecs: firelens configFileValue is unnecessarily required (#20636) (b79b2e4)
  • ecs-patterns: memory limit is not set at the container level (#21201) (f2098b7)
  • pkglint: allow dependencies on L1 only modules (#21208) (f16fd69)

2.33.0 (2022-07-19)


  • cfnspec: cloudformation spec v80.0.0 (#21159) (db4524a)
  • cfnspec: cloudformation spec v81.0.0 (#21196) (7bf2433)
  • cli: allow diffing against a processed template (#19908) (cd4851a)
  • cognito: added verified attribute changes (#21180) (ad67594), closes #21179
  • ec2: add ICMPv6 protocol (#20626) (99831b0)
  • ecs-patterns: add capacityProviderStrategies props to (Application/Network)LoadBalanced(Ec2/Fargate)Service (#20879) (1f0656e), closes #18868
  • stepfunctions: add fromStateMachineName to import a state machine by resource name (#20036) (2b5bd59)

Bug Fixes

2.32.1 (2022-07-15)

Bug Fixes


  • core: revert "fix(core): use node.path in skip bundling check for consistency with cdk deploy CLI" (#21174) (05ac2d8), closes #19950

2.32.0 (2022-07-14)


Bug Fixes

2.31.2 (2022-07-13)

Bug Fixes

2.31.1 (2022-07-08)

Bug Fixes

  • custom-resources: Custom resource provider framework not passing ResponseURL to user function (#21065) (f7b25b6), closes #21058

2.31.0 (2022-07-06)


Bug Fixes

  • cli: standard log messages are sent to stderr when CI=true (#20957) (277340d), closes #7717
  • cloudfront: fromOriginAccessIdentityName is a misnomer (#20772) (3e58e5a), closes #20141
  • eks: latest AlbController version isn't compatible with the chart version (#20826) (43a0cec)
  • route53: cannot delete existing alias record (#20858) (22681b1), closes #20847
  • stepfunctions-tasks: SqsSendMessage is missing KMS permissions (#20990) (52b7019)
  • custom resources log sensitive ResponseURL field (#20899) (6b4f92f)

2.30.0 (2022-07-01)


Bug Fixes

  • apigateway: Explicitly test for undefined instead of falsey for stage default options (#20868) (b368a31)
  • eks: revert shell=True and allow public ecr to work (#20724) (de153fc)
  • pipelines: 'ConfirmPermissionsBroadening' uses wrong node version (#20861) (bac965e)
  • secretsmanager: SecretRotation app does not set DeletionPolicy (#20901) (f2b4eff)

2.29.1 (2022-06-24)

Bug Fixes

  • pipelines: 'ConfirmPermissionsBroadening' uses wrong node version (#20861) (47b5ca0)

2.29.0 (2022-06-22)


Bug Fixes

  • autoscaling: osType is wrong when using CloudformationInit with launchTemplate (#20759) (610b7b5)
  • codepipeline: cannot deploy pipeline stack with crossAccountKeys twice (under feature flag) (#20745) (c262034), closes #18828
  • core: CfnMapping values cannot be used in other stacks (#20616) (f5c2284), closes #18920
  • core: Durations in the expected unit are not tested for integer-ness (#20742) (ddb4766)
  • events-targets: cloudwatch logs requires specific input template (#20748) (26ff3c7), closes #19451
  • iam: add defaultPolicyName to prevent policies overwriting each other in multi-stack deployments (#20705) (703e62e), closes #16074
  • iam: duplicate PolicyStatements lead to too many overflow policies (#20767) (e692ad2)
  • init-templates: unable to initialize typescript templates (#20752) (665534d), closes #20751
  • route53: improve fromHostedZoneId error message (#20755) (2cbbb79), closes #8406

2.28.1 (2022-06-15)

Bug Fixes

2.28.0 (2022-06-14)


Bug Fixes

2.27.0 (2022-06-02)


  • core: so this PR attempts to smooth a rough edge by "locking" the logicalId when exportValue is called. If the user attempts to override the id after that point, an error message will be thrown


Bug Fixes

2.26.0 (2022-05-27)


Bug Fixes

2.25.0 (2022-05-20)


Bug Fixes

2.24.1 (2022-05-12)

2.24.0 (2022-05-11)


Bug Fixes

  • cognito: UserPoolDomain.baseUrl() does not return FIPS-compliant url for gov cloud regions (#20200) (dd10df1), closes #20182 #12500
  • stepfunctions: map property maxConcurrency is not token-aware (#20279) (14be764), closes #20152

2.23.0 (2022-05-04)


Bug Fixes

2.22.0 (2022-04-27)


  • aws-cognito: send emails with a verified domain (#19790) (1d2b1d3), closes #19762
  • aws-eks: add annotations and labels to service accounts (#19609) (82aec9d), closes #19607
  • cloudwatch: expose dashboardArn for CloudWatch dashboard L2 construct (#20059) (df9814f)
  • rds: allow DatabaseClusterFromSnapshot to set copyTagsToSnapshot property (#19932) (40a6ceb), closes #19884

Bug Fixes

2.21.1 (2022-04-22)

Bug Fixes

  • imagebuilder: revert property field typings (5e4dca2)

2.21.0 (2022-04-22)


Bug Fixes


2.20.0 (2022-04-07)


Bug Fixes

  • aws_applicationautoscaling: Add missing members to PredefinedMetric enum (#18978) (75a6fa7), closes #18969
  • cli: apps with many resources scroll resource output offscreen (#19742) (053d22c), closes #19160
  • cli: support attributes of DynamoDB Tables for hotswapping (#19620) (2321ece), closes #19421
  • cloudwatch: automatic metric math label cannot be suppressed (#17639) (7fa3bf2)
  • codedeploy: add name validation for Application, Deployment Group and Deployment Configuration (#19473) (9185042)
  • codedeploy: the Service Principal is wrong in isolated regions (#19729) (7e9a43d), closes #19399
  • core: incorrectly short-circuits complex expressions (#19680) (7f26fad)
  • core: detect and resolve stringified number tokens (#19578) (7d9ab2a), closes #19546 #19550
  • core: reduce CFN template indent size to save bytes (#19656) (fd63ca3)
  • ecs: 'desiredCount' and 'ephemeralStorageGiB' cannot be tokens (#19453) (c852239), closes #16648
  • ecs: remove unnecessary error when adding volume to external task definition (#19774) (5446ded), closes #19259
  • iam: policies aren't minimized as far as possible (#19764) (876ed8a), closes #19751
  • logs: Faulty Resource Policy Generated (#19640) (1fdf122), closes #17544

2.19.0 (2022-03-31)


  • aws-ec2: Enable/disable EC2 "Detailed Monitoring" (#19437) (94f9d27)
  • core: add size.isUnresolved (#19569) (ed26731)
  • ecs-patterns: PlacementStrategy and PlacementConstraint for many patterns (#19612) (0096e67)
  • elbv2: use addAction() on an imported application listener (#19293) (18a6b0c), closes #10902
  • lambda: warn if you use function.grantInvoke while also using currentVersion (#19464) (fd1fff9), closes #19273 #19318

Bug Fixes

2.18.0 (2022-03-28)


Bug Fixes

2.17.0 (2022-03-17)


Bug Fixes

  • cli: failure to load malformed YAML is swallowed (#19338) (1875c28), closes #19335
  • lambda-event-sources: increase batch size restriction (#19317) (1bc5144), closes #19285
  • lambda-nodejs: cannot use esbuildArgs with older esbuild versions (#19343) (59a4d81)
  • stepfunctions-tasks: migrate from deprecated batch properties (#19298) (75f5b3b), closes #18993

2.16.0 (2022-03-11)


Bug Fixes

  • aws-apigateway: missing comma to make failure response payload valid json (#19253) (b1fce4f), closes #19252
  • aws-route53-targets: add support for custom cname_prefix urls in elastic beanstalk environment endpoint target (#18804) (289a794)
  • cli: watch logs always end with the 'truncated' message (#19241) (d3fdfe5), closes #18805
  • cli: deprecated stack ids printed at the end of synth (#19216) (7d8a479), closes #18599
  • cli: notices refresh doesn't respect the --no-notices flag (#19226) (b3c5fe8)
  • efs: fix bug when setting both lifecyclePolicy and outOfInfrequentAccessPolicy (#19082) (d435ab6), closes #19058
  • lambda-nodejs: local tsc detection with pre compilation (#19266) (5de7b86), closes #19242
  • rds: allow cluster from snapshot to enable encrypted storage (#19175) (bd4141d), closes #17241
  • rds: read replica instance cannot join domain (#19202) (cef8fec), closes #18786
  • rds: subnet selection not respected for multi user secret rotation (#19237) (dc7a17c), closes #19233

2.15.0 (2022-03-01)


Bug Fixes

2.14.0 (2022-02-25)


Bug Fixes

  • cli: hotswapping is slow for many resources deployed at once (#19081) (040238e), closes #19021
  • s3-notifications: notifications allowed with imported kms keys (#18989) (7441418)
  • API compatibility check fails in CI pipeline (#19069) (6ec1005), closes #19070
  • cloudfront: trim autogenerated cache policy name (#18953) (c7394c9), closes #18918
  • elasticloadbalancingv2: validate port/protocol are not provided for lambda targets (#19043) (64d26cc), closes #12514
  • route53: fix cross account delegation deployment dependency (#19047) (692a0d0), closes #19041

2.13.0 (2022-02-18)


Bug Fixes

2.12.0 (2022-02-08)


  • cxapi: of behavior.

Instead, this PR gets rid of the entire set of FUTURE_FLAGS_DEFAULTS set to false -- there's no point to having them anyway, and it gets rid of the associated merge conflicts.

Also shore up the docs for these flags a little.

Miscellaneous Chores

  • cxapi: reduce merge conflicts in feature flags (#18411) (dcdb58a)

2.11.0 (2022-02-08)


Bug Fixes

  • core: correctly reference versionless secure parameters (#18730) (9f6e10e), closes #18729
  • ec2: UserData.addSignalOnExitCommand does not work in combination with userDataCausesReplacement (#18726) (afdc550), closes #12749
  • tooling: update vscode devcontainer image (#18455) (28647f7)
  • vpc: Vpc.fromLookup should throw if subnet group name tag is explicitly given and does not exist (#18714) (13e1c7f), closes #13962


2.10.0 (2022-01-29)


Bug Fixes

  • aws-apigateway: cross region authorizer ref (#18444) (0e0a092)
  • aws-lambda-nodejs: pre compilation with tsc is not being run (#18062) (7ac7221), closes #18002
  • cli: hotswap should wait for lambda's updateFunctionCode to complete (#18536) (0e08eeb), closes #18386 #18386
  • elasticloadbalancingv2: ApplicationLoadBalancer.logAccessLogs does not grant all necessary permissions (#18558) (bde1795), closes #18367
  • pipelines: undeployable due to dependency cycle (#18686) (009d689), closes #18492 #18673
  • region-info: incorrect codedeploy service principals (#18505) (16db963)
  • route53: add RoutingControlArn to HealthCheck patch (#18645) (c58e8bb), closes #18570
  • s3: add missing safe actions to grantWrite, grantReadWrite and grantPut methods (#18494) (940d043), closes #13616
  • secretsmanager: SecretRotation for secret imported by name has incorrect permissions (#18567) (9ed263c), closes #18424
  • stepfunctions: task token integration cannot be used with API Gateway (#18595) (678eede), closes #14184 #14181
  • stepfunctions-tasks: cluster creation fails with unresolved release labels (#18288) (9940952)

2.9.0 (2022-01-26)


Bug Fixes

  • apigateway: enabled property of ApiKeyProps is ignored (#18407) (c31f9b4)
  • applicationautoscaling: typo in DYANMODB_WRITE_CAPACITY_UTILIZATION (#18085) (626e6aa), closes #17209
  • assertions: object partiality is dropped passing through arrays (#18525) (eb29e6f)
  • cli: cdk watch constantly prints 'messages suppressed' (#18486) (9b266f4), closes #18451
  • cli: warning to upgrade to bootstrap version >= undefined (#18489) (da5a305)
  • ec2: interface endpoints do not work with Vpc.fromLookup() (#18554) (f55cd2b), closes #17600
  • ec2: launch template names in imdsv2 not unique across stacks (under feature flag) (#17766) (2a80e4b)
  • ecs: only works in 'aws' partition (#18496) (525ac07), closes #18429
  • ecs-patterns: Fix Network Load Balancer Port assignments in ECS Patterns (#18157) (1393729), closes #18073
  • elbv2: BaseLoadBalancer.vpc is not optional (#18474) (f511c17), closes aws/jsii#3342
  • pipelines: "Maximum schema version supported" error (#18404) (a684ff4), closes #18370
  • pipelines: CodeBuild projects are hard to tell apart (#18492) (f6dab8d)
  • pipelines: graphnode dependencies can have duplicates (#18450) (2b0b5ea)
  • secretsmanager: Secret requires KMS key for some same-account access (#17812) (91f3539), closes #15450


2.8.0 (2022-01-13)


  • aws-s3: support number of newer versions to retain in lifecycle policy (#18225) (e1731b1), closes #17996 #17996
  • cli: watch streams resources' CloudWatch logs to the terminal (#18159) (a9038ae), closes #18122
  • ecs-service-extensions: Enable default logging to CloudWatch for extensions (under feature flag) (#17817) (06666f4)

Bug Fixes

2.7.0 (2022-01-12)


Bug Fixes

2.6.0 (2022-01-12)

Bug Fixes

  • appmesh: allow a Virtual Node have as a backend a Virtual Service whose provider is that Node (#18265) (272b6b1), closes #17322

2.5.0 (2022-01-09)

Bug Fixes

  • aws-kinesis: remove default shard count when stream mode is on-demand and set default mode to provisioned (#18221) (cac11bb), closes #18139
  • cli: breaks due to faulty version of colors (#18324) (#18328) (b851bc3)

2.4.0 (2022-01-06)


  • cfn2ts: some "complex" property types within the generated CloudFormation interfaces (i.e: properties of Cfn* constructs) with names starting with a capital letter I followed by another capital letter are no longer incorrectly treated as behavioral interfaces, and might hence have different usage patterns in non-TypeScript languages. Such interfaces were previously very difficult to use in non-TypeScript languages, and required convoluted workarounds, which can now be removed.
  • opensearchservice: imported domain property domainEndpoint used to contain https:// prefix, now the prefix is dropped and it returns the same value as a domainEndpoint on a created domain


Bug Fixes


  • cfnspec: add CloudFormation documentation to L1 classes (#18177) (2530016)

2.3.0 (2021-12-22)

2.2.0 (2021-12-15)


Bug Fixes

2.1.0 (2021-12-08)


Bug Fixes

  • aws-cdk: cdk diff always fails on diff (#17862) (6bb4a46), closes #4721
  • aws-ec2: imported VPC subnets never recognized as PRIVATE_ISOLATED (#17496) (ba6a8ef)
  • aws-elasticloadbalancingv2: Set stickiness.enabled unless target type is lambda (#17271) (168a98f), closes #17261
  • cli: S3 asset uploads are rejected by commonly referenced encryption SCP (introduces bootstrap stack v9) (#17668) (8191f1f), closes #11265
  • codepipeline: cannot trigger on all tags anymore in EcrSourceAction (#17270) (39fe11b), closes aws#13818 aws#13818
  • codepipeline: cross-env pipeline cannot be created in Stage (#17730) (f17f29e), closes #17643
  • core: bundling skipped with --exclusively option and stacks under stage (#17210) (cda6601), closes #12898 #15346
  • docdb: secret rotation ignores excluded characters in password (#17609) (1fe2215), closes #17347 #17575
  • dynamodb: add missing DynamoDB operations to enum (#17738) (f38e0ac)
  • dynamodb: changing waitForReplicationToFinish fails deployment (#17842) (36b8fdb), closes #16983
  • ecs-patterns: removeDefaultDesiredCount feature flag not expired properly (#17865) (7fb639a)
  • lambda: recognizeVersionProps featureFlag not defaulting correctly (#17866) (f19fc39), closes #17810
  • lambda-nodejs: bundling fails with a file dependency in nodeModules (#17851) (5737c33), closes #17830
  • lambda-nodejs: bundling with nodeModules fails with paths containing spaces (#17632) (986f291), closes #17631
  • pipelines: stack outputs used in stackSteps not recognized (#17311) (5e4a219), closes #17272
  • stepfunctions: prefixes not appended to states in parallel branches (#17806) (a1da772), closes #17354

2.0.0 (2021-12-02)


  • aws-cdk-lib is now stable! (fa2ecc9)

2.0.0-rc.33 (2021-11-26)

2.0.0-rc.32 (2021-11-25)

2.0.0-rc.31 (2021-11-23)


Bug Fixes

  • apigateway: SAM CLI asset metadata missing from SpecRestApi (#17293) (841cf99), closes #14593
  • assets: add missing SAM asset metadata information (#17591) (55df760), closes #14593
  • assets: SAM asset metadata missing from log retention and custom resource provider functions (#17551) (a90e959)
  • autoscaling: add timezone property to Scheduled Action (#17330) (3154a58)
  • aws-codebuild: add @aws-cdk/asserts to package deps (#17435) (9c77e94)
  • aws-ecs: check for invalid capacityProviderName (#17291) (6e2fde4), closes #17321
  • aws-lambda-event-sources: Function.addEventSource fails for ManagedKafkaEventSource typed parameters (#17490) (a474ee8)
  • aws-logs: include new policy.ts exports in index.ts exports (#17403) (a391468)
  • cli: improve asset publishing times by up to 30% (#17409) (40d6a48), closes #17266
  • cli: skip bundling for the 'watch' command (#17455) (af61b7f), closes #17391
  • cloudwatch: render agnostic alarms in legacy style (#17538) (7c50ef8)
  • ec2: Duplicate EIP when NatGatewayProps.eipAllocationIds is provided (#17235) (050f6fa)
  • eks: Allow specifying subnets in Pinger (#17429) (6acee52)
  • kinesis: add required rights to trigger Lambda from Kinesis. Fixes issue #17312. (#17358) (0bfc15c)
  • lambda: SAM CLI asset metadata missing from image Functions (#17368) (f52d9bf)
  • NestedStack: add asset metadata to NestedStack resources for local tooling (#17343) (4ba40dc)
  • opensearch: correctly validate ebs configuration against instance types (#16911) (34af598), closes #11898
  • s3-deployment: updating memoryLimit or vpc results in stack update failure (#17530) (2ba40d1), closes #7128
  • sns-subscriptions: enable cross region subscriptions to sqs and lambda (#17273) (3cd8d48), closes #7044 #13707
  • ssm: fix service principals for all regions since ap-east-1 (#17047) (5900548), closes #16188

2.0.0-rc.30 (2021-11-17)

2.0.0-rc.29 (2021-11-10)

2.0.0-rc.28 (2021-11-09)


Bug Fixes


2.0.0-rc.27 (2021-10-27)


Bug Fixes

  • rds: using both Instance imports & exports for Postgres fails deployment (#17060) (ab627c6), closes #16757

2.0.0-rc.26 (2021-10-25)

Bug Fixes

2.0.0-rc.25 (2021-10-22)


Bug Fixes

2.0.0-rc.24 (2021-10-13)


  • aws-chatbot: allow adding a sns topic in existing SlackChannel (#16643) (d29a20b), closes #15588
  • aws-ec2: userdata cfn-signal signal resource which is different than the attached resource (#16264) (f24a1ae)
  • backup: expose method to add statements to the vault policy (#16597) (3ff1537)
  • backup: option to prevent recovery point deletions (#16282) (6e71806)
  • cfnspec: cloudformation spec v41.1.0 (#16472) (28875f9)
  • cfnspec: cloudformation spec v41.1.0 (#16524) (124a7a1)
  • cfnspec: cloudformation spec v41.2.0 (#16550) (e047bd8)
  • cfnspec: cloudformation spec v42.0.0 (#16639) (2157acd)
  • cfnspec: cloudformation spec v43.0.0 (#16748) (7c473a6)
  • cfnspec: cloudformation spec v43.0.0 (#16820) (071756c)
  • cfnspec: cloudformation spec v43.0.0 (#16842) (ebb211b)
  • cli: hotswap deployments for ECS Services (#16864) (ad7288f)
  • cli: hotswap deployments for StepFunctions State Machines (#16489) (c3417f6)
  • cloudfront: support Behavior-specific viewer protocol policy for CloudFrontWebDistribution (#16389) (5c028c5), closes #7086
  • cloudwatch: support cross-environment search expressions (#16539) (c165138), closes #9039
  • config: EC2_INSTANCE_PROFILE_ATTACHED managed rule (#16011) (816a319)
  • ec2: add X2gd instances (#16810) (6d468d2), closes #16794
  • ec2/ecs: cacheInContext properties for machine images (#16021) (430f50a), closes #12484
  • ecr-assets: control docker image asset hash (#16070) (13f67e7), closes #15936
  • ecs-service-extensions: Publish Extension (#16326) (c6c5941)
  • eks: connectAutoScalingGroupCapacity on imported clusters (#14650) (7f7be08)
  • eks: add warning to fargateProfile (#16631) (41fdebb), closes #16349
  • elbv2: support ALB target for NLB (#16687) (27cc821), closes #16679
  • lambda: configure workdir for docker image based functions (#16111) (b3eafc2)
  • lambda: docker platform for architecture (#16858) (5c258a3)
  • lambda: support for ARM architecture (b3ba35e)
  • lambda: support for ARM architecture (#16719) (67b4921)
  • lambda: use bundling docker image from ECR public for dotnet and go runtimes (#16281) (9bbfd18)
  • lambda-event-sources: self managed kafka: support sasl/plain authentication (#16712) (d4ad93f)
  • opensearch: rebrand Elasticsearch as OpenSearch (e6c4ca5), closes aws/aws-cdk#16467
  • opensearch: rebrand Elasticsearch as OpenSearch (#16517) (fad855e)
  • pipeline: allow enabling KMS key rotation for cross-region Stacks (#16468) (2a629dd), closes #14381
  • pipelines: stack-level steps (#16215) (d499c85), closes #16148
  • rds: region replication for generated secrets (#16497) (1e9d8be), closes #16480
  • s3-deployment: enable efs support for handling large files in lambda (#15220) (2737119)
  • sns: adding support for firehose subscription protocol (#15764) (18aff6b)
  • stepfunctions-tasks: add step concurrency level to EmrCreateCluster (#15242) (1deea90), closes #15223
  • stepfunctions-tasks: AWS SDK service integrations (#16746) (ae840ff), closes #16780
  • allow stale bot trigger manually (#16586) (fc8cfee)
  • stepfunctions-tasks: support Associate Workflow Executions on StepFunctionsStartExecution via associateWithParent property (#16475) (7d3b90b), closes #14778

Bug Fixes


  • aws-eks: "fix(aws-eks): Support for http proxy in EKS onEvent lambda" (#16651) (376c837)

2.0.0-rc.23 (2021-09-22)

2.0.0-rc.22 (2021-09-15)

2.0.0-rc.21 (2021-09-08)


Bug Fixes

  • aws-rds: fromDatabaseInstanceAttributes incorrectly stringifies ports with tokens (#16286) (41b831a), closes #11813
  • core: allow asset bundling when selinux is enabled (#15742) (dbfebb4)
  • core: inconsistent analytics string across operating systems (#16300) (ff6082c), closes #15322
  • docs: unnecessary log group in Step Functions state machine x-ray example (#16159) (04d4547)
  • elasticloadbalancingv2: target group health check does not validate interval versus timeout (#16107) (a85ad39), closes #3703
  • s3: bucket is not emptied before update when the name changes (#16203) (b1d69d7), closes #14011


2.0.0-rc.20 (2021-09-01)


Bug Fixes

  • (aws-ec2): fix vpc endpoint incorrect issue in China region (#16139) (0d0db38), closes #9864
  • resourcegroups: ResourceGroup not using TagType.STANDARD, causes deploy failure (#16211) (cdee1af), closes #12986
  • sqs: unable to import a FIFO queue when the queue ARN is a token (#15976) (a1a65bc), closes #12466
  • ssm: StringParameter.fromStringParameterAttributes cannot accept version as a numeric Token (#16048) (eb54cd4), closes #11913

2.0.0-rc.19 (2021-08-25)


Bug Fixes

  • KubectlHandler - insecure kubeconfig warning (#16063) (82dd282), closes #14560
  • cfnspec: changes to resource-level documentation not supported (#16170) (82e4b4f)
  • cli: 'deploy' and 'diff' silently does nothing when given unknown stack name (#16073) (f35b032), closes #15866
  • cli: Python init template does not work in directory with '-' (#15939) (3b2c790), closes #15938
  • cli: unknown command pytest in build container fails integration tests (#16134) (0f7c0b4), closes #15939
  • ec2: opaque error when insufficient NAT EIPs are configured (#16040) (a308cac), closes #16039
  • events: cross-account event targets that have a Role are broken (#15717) (f570c94), closes #15639
  • s3-deployment: BucketDeployment doesn't validate that distribution paths start with "/" (#15865) (f8d8795), closes #9317
  • ses: drop spam rule appears in the incorrect order (#16146) (677fedc), closes #16091


2.0.0-rc.18 (2021-08-18)


Bug Fixes

2.0.0-rc.17 (2021-08-11)


Bug Fixes

  • aws-cloudwatch: unable to use generic extended statistics for cloudwatch alarms (#15720) (f593311)
  • aws-eks: Allow desiredsize minsize and maxsize to accept CfnParameters. (#15487) (fb43769)
  • chatbot: ARN validation in fromSlackChannelConfigurationArn fails for tokenized values (#15849) (440ca35), closes #15842
  • cli: move fail option into the diff command (#15829) (473c1d8)
  • ec2: volumename doesn't set name of volume (#15832) (b842702), closes #15831
  • elasticsearch: advancedOptions in domain has no effect (#15330) (81cbfec), closes #14067
  • elasticsearch: slow logs incorrectly disabled for Elasticsearch versions lower than 5.1 (#15714) (91cf79b), closes #15532 #15532
  • elbv2: unresolved listener priority throws error (#15804) (fce9ac7)
  • pipelines: new pipeline stages aren't validated (#15665) (309b9b4)
  • pipelines: permissions check in legacy API does not work (#15660) (5e3cf2b)
  • pipelines: Prepare stage doesn't have AUTO_EXPAND capability (#15819) (a6fac49), closes #15711
  • pipelines: Secrets Manager permissions not added to asset projects (#15718) (7668400), closes #15628
  • s3: notifications are broken in some regions (#15884) (ee19196)
  • stepfunctions: non-object arguments to recurseObject are incorrectly treated as objects (#14631) (e133bca), closes #12935 aws-cdk/aws-stepfunctions/lib/input.ts#L65
  • stepfunctions-tasks: instance type cannot be provided to SageMakerCreateTransformJob as input path (#15726) (6f2384d)
  • stepfunctions-tasks: Stage field not included in CallApiGatewayHttpApiEndpoint task definition (#15755) (4f38fe1), closes #14242

2.0.0-rc.16 (2021-08-04)

2.0.0-rc.15 (2021-07-28)


Bug Fixes

  • iam: PrincipalWithConditions.addCondition does not work (#15414) (fdce08c)

2.0.0-rc.14 (2021-07-21)

2.0.0-rc.13 (2021-07-20)

2.0.0-rc.12 (2021-07-14)


  • appmesh: static methods from TlsCertificate have been changed to accept positional arguments
  • appmesh: the type TlsListener has been renamed to ListenerTlsOptions


Bug Fixes

  • aws-elasticloadbalancingv2: cannot clear access logging bucket prefix (#15149) (2e93fb9), closes #14044
  • aws-iam: prevent adding duplicate resources and actions (#14712) (a8298cb), closes #13611
  • bootstrap: deploy-role could directly access buckets in target account (#15192) (d04e288), closes #12985 #14082 #13422
  • cdk-assets: content type not correctly set when publishing files (#15069) (9b1a4f9)
  • cfn-include: NestedStack's Parameters are not converted to strings (#15098) (8ad33b8), closes #15092
  • cli: cdk synth too eager with validation in Pipelines (#15147) (ae98e88), closes #14613 #15130
  • cli: cdk synth doesn't output yaml for stacks with dependency stacks (#14805) (44feee6), closes #3721
  • cli: deployment error traceback overwritten by progress bar (#14812) (d4a0af1), closes #14780
  • cli: HTTP timeout is too low for some asset uploads (#13575) (23c58d6), closes #13183
  • cli: option --all selects stacks in nested assemblies (#15046) (0d00e50)
  • cli: partition is not being resolved at missing value lookup (#15146) (cc7191e), closes #15119
  • cli: stack glob patterns only select one stack (#15071) (fcd2a6e)
  • cloudfront: cannot set header including 'authorization' in OriginRequestPolicy (#15327) (3a2f642), closes #15286
  • codebuild: Project's Role has permissions to the entire Bucket when using S3 as the source (#15112) (9d01b4f)
  • codebuild: Secret env variable as token from another account fails on Key decryption (#14483) (91e80d7), closes #14477
  • codepipeline-actions: reduce S3SourceAction role permissions to just the key (#15304) (d2c76aa), closes #15112
  • core: 1 hour renders as 60 minutes (#15125) (adcd8c3)
  • core: CloudFormation dynamic references can't be assigned to num… (#14913) (39aacc8), closes #14824
  • core: parsing an ARN with a slash after a colon in the resource part fails (#15166) (16b8a4e), closes /
  • ecs: TagParameterContainerImage cannot be used across accounts (#15073) (486f2e5), closes #15070
  • eks: kubectl version 1.21.0 breaks object pruning (#15314) (623689d), closes #15072
  • eks: kubectl version 1.21.0 breaks object pruning (#15314) (74da5c1), closes #15072
  • elasticsearch: Domain.fromDomainAttributes gives "Invalid URL" when endpoint is a token (#15219) (ecb5af8), closes #15188
  • lambda: deployment failure when layers are added to container functions (#15037) (8127cf2), closes #14143
  • lambda-event-sources: kafka event source expects credentials even when accessed via vpc (#14804) (5eb1e75)
  • lambda-nodejs: unstable asset hashes with bundling.nodeModules (#15229) (4b5418c), closes #15023
  • secretsmanager: support secrets rotation in partition 'aws-cn' (#14608) (5061a8d), closes #13385
  • stepfunctions-tasks: checking for task token in EcsRunTask containerOverrides causes memory explosion (#15187) (af53798), closes #15124
  • stepfunctions-tasks: EcsRunTask containerOverrides throws if container name doesn't match construct ID (#15190) (5f59787), closes #15171
  • stepfunctions-tasks: instance type for SageMakerCreateTrainingJob cannot be specified dynamically through JSONPath (#15215) (9280d95), closes #11928

2.0.0-rc.11 (2021-07-07)

2.0.0-rc.10 (2021-06-30)

2.0.0-rc.9 (2021-06-23)

2.0.0-rc.8 (2021-06-16)


  • ecs-patterns: Add Load Balancer name to ApplicationLoadBalancedFargateService props (#14831) (c432fb4)
  • ecs-patterns: Add support for Docker labels to ECS Patterns (#14783) (00c11b5)

Bug Fixes

  • ecs: Can't enable both Fargate and ASG capacity providers on ECS Cluster (#15012) (6b2d0e0), closes #14730

2.0.0-rc.7 (2021-06-09)


  • cfnspec: imageScanningConfiguration property of ecr.CfnRepository now accepts scanOnPush instead of ScanOnPush (notice the casing change).
  • appmesh: the creation property clientPolicy in VirtualGateway has been renamed to tlsClientPolicy, and its type changed to TlsClientPolicy
  • appmesh: to create TlsClientPolicy, validation property must be defined.


Bug Fixes

2.0.0-rc.6 (2021-06-02)

2.0.0-rc.5 (2021-05-28)


  • appmesh: the creation property tlsCertificate in VirtualGatewayListener has been renamed to tls, and its type changed to TlsListener
  • appmesh: the tlsMode property has been removed from the options when creating a TlsCertificate, moved to the new TlsListener interface, and renamed mode
  • lambda-nodejs: using banner and footer now requires esbuild >= 0.9.0


Bug Fixes

  • cli: Updated typo user to uses (#14357) (7fe329c)
  • cognito: user pool - phoneNumberVerified attribute fails deployment (#14699) (cd2589f), closes #14175
  • core: cannot determine packaging when bundling that produces an archive is skipped (#14372) (163e812), closes #14369
  • ecr: add validations for ECR repository names (#12613) (396dca9), closes #9877
  • ecs: Classes FargateService and Ec2Service have no defaultChild (#14691) (348e11e), closes #14665
  • events-targets: circular dependency when adding a KMS-encrypted SQS queue (#14638) (3063818), closes #11158
  • iam: permissions boundaries not added to custom resource roles (#14754) (f36feb5), closes #13310
  • lambda: changing reserved concurrency fails lambda version deployment (#14586) (f47d5cb), closes #11537
  • lambda: unable to access SingletonFunction vpc connections (#14533) (49d18ab), closes #6261
  • lambda-nodejs: banner and footer values not escaped (#14743) (81aa612), closes #13576
  • lambda-nodejs: esbuild detection with Yarn 2 in PnP mode (#14739) (5c84696)
  • rds: Add exception throw when az is defined for multi-az db instance (#14837) (fd8445f), closes #10949 #10949

2.0.0-rc.4 (2021-05-19)


fixes aws#11640


Bug Fixes

  • cli: synth fails if there was an error when synthesizing the stack (#14613) (71c61e8)
  • lambda: custom resource fails to connect to efs filesystem (#14431) (10a633c)
  • lambda-event-sources: incorrect documented defaults for stream types (#14562) (0ea24e9), closes #13908
  • lambda-nodejs: handler filename missing from error message (#14564) (256fd4c)

2.0.0-rc.3 (2021-05-12)


IApi interface. The existing ones are moved into IHttpApi and new ones will be added to IWebsocketApi. the IStage interface. The existing ones are moved into IHttpStage and new ones will be added to the IWebsocketStage.

  • lambda-nodejs: the default runtime version for NodejsFunction is now always NODEJS_14_X (previously the version was derived from the local NodeJS runtime and could be either 12.x or 14.x).


Bug Fixes

  • aws-cloudwatch: fix for space in alarm name in alarms for compos… (#13963) (7cdd541)
  • cfn-include: correctly parse Fn::Sub expressions containing serialized JSON (#14512) (fd6d6d0), closes #14095
  • assert matches more than the template on multiple CDK copies (#14544) (f8abdbf), closes #14468
  • cli: 'cdk deploy *' should not deploy stacks in nested assemblies (#14542) (93a3549)
  • cli: 'cdk synth' not able to fail if stacks have errors (#14475) (963d1c7)
  • CodeBuild: add resource only once per secret (#14510) (affaaad)
  • lambda-nodejs: non-deterministic runtime version (#14538) (527f662), closes #13893
  • rds: instance identifiers and endpoints of a Cluster are blank (#14394) (9597d97), closes #14377
  • s3: urlForObject does not consider explicit bucket region (#14315) (e11d537)
  • ssm: dynamic SSM parameter reference breaks with lists (#14527) (3d1baac), closes #14205 #14476

2.0.0-rc.2 (2021-05-11)


IApi interface. The existing ones are moved into IHttpApi and new ones will be added to IWebsocketApi. the IStage interface. The existing ones are moved into IHttpStage and new ones will be added to the IWebsocketStage.

  • lambda-nodejs: the default runtime version for NodejsFunction is now always NODEJS_14_X (previously the version was derived from the local NodeJS runtime and could be either 12.x or 14.x).


Bug Fixes

  • aws-cloudwatch: fix for space in alarm name in alarms for compos… (#13963) (7cdd541)
  • cfn-include: correctly parse Fn::Sub expressions containing serialized JSON (#14512) (fd6d6d0), closes #14095
  • assert matches more than the template on multiple CDK copies (#14544) (f8abdbf), closes #14468
  • cli: 'cdk deploy *' should not deploy stacks in nested assemblies (#14542) (93a3549)
  • cli: 'cdk synth' not able to fail if stacks have errors (#14475) (963d1c7)
  • CodeBuild: add resource only once per secret (#14510) (affaaad)
  • lambda-nodejs: non-deterministic runtime version (#14538) (527f662), closes #13893
  • rds: instance identifiers and endpoints of a Cluster are blank (#14394) (9597d97), closes #14377
  • s3: urlForObject does not consider explicit bucket region (#14315) (e11d537)
  • ssm: dynamic SSM parameter reference breaks with lists (#14527) (3d1baac), closes #14205 #14476

2.0.0-rc.1 (2021-04-28)

2.0.0-alpha.14 (2021-04-28)


  • neptune: InstanceType changed from enum to enum-like static factory.


Bug Fixes

  • aws-ecs-patterns, aws-elasticloadbalancingv2: Pass TargetGroup P… (#14092) (a655819), closes #14091
  • codebuild: Secret env variable from another account fails on Key decryption (#14226) (8214338), closes #14043
  • codepipeline-actions: CodeCommit source action fails when it's cross-account (#14260) (1508e60), closes #12391 #14156
  • ec2: r5ad instance-type has incorrect value (#14179) (c80e1cf)
  • iam: unable to configure name of SAML Provider (#14296) (904202a), closes #14294
  • pipelines: Use LinuxBuildImage.STANDARD_5_0 for Assets and UpdatePipeline stages (#14338) (f93d940)

2.0.0-alpha.13 (2021-04-21)

2.0.0-alpha.12 (2021-04-21)


  • appmesh: HTTP2 VirtualNodeListeners must be now created with Http2VirtualNodeListenerOptions
  • appmesh: HTTP2 VirtualGatewayListeners must be now created with Http2VirtualGatewayListenerOptions


Bug Fixes

  • codepipeline: detect the account of the Action from its backing resource's account, not its Stack's account (#14224) (d88e915), closes #14165
  • pipelines: incorrect BuildSpec in synth step if synthesized with --output (#14211) (0f5c74f), closes #13303

2.0.0-alpha.11 (2021-04-19)


  • codepipeline-actions: the Action ServiceCatalogDeployAction has been renamed to ServiceCatalogDeployActionBeta1
  • codepipeline-actions: the type ServiceCatalogDeployActionProps has been renamed to ServiceCatalogDeployActionBeta1Props


  • certificatemanager: allow tagging DnsValidatedCertificate (#13990) (8360feb), closes #12382 #12382
  • codebuild: allow setting concurrent build limit (#14185) (3107d03)
  • codepipeline: introduce the Action abstract class (#14009) (4b6a6cc)
  • ecs: add support for elastic inference accelerators in ECS task defintions (#13950) (23986d7), closes #12460
  • eks: Pass args to avoid DescribeCluster call and make nodes join the cluster faster (#12659) (f5616cc)
  • elasticloadbalancing: rename 'sslCertificateId' property of LB listener to 'sslCertificateArn'; deprecate sslCertificateId property (#13766) (1a30272), closes #9303 #9303

Bug Fixes

  • aws-cloudfront: distribution comment length not validated (#14020) (#14094) (54fddc6)

  • aws-ecs-patterns: fixes #11123 allow for https listeners to use non Route 53 DNS if a certificate is provided (#14004) (e6c85e4)

  • cfn-include: allow deploy-time values in Parameter substitutions in Fn::Sub expressions (#14068) (111d26a), closes #14047

  • core: toJsonString() does not deal correctly with list tokens (#14138) (1a6d39f), closes #14088

  • fsx: Weekday.SUNDAY incorrectly evaluates to 0 (should be 7) (#14081) (708f23e), closes #14080

  • rds: allow Instances to be referenced across environments (#13865) (74c7fff), closes #13832

  • codepipeline-actions: change the name of the ServiceCatalogDeployAction (#13780) (a99e901)

2.0.0-alpha.10 (2021-03-31)


  • core: The type of the image property in BundlingOptions is changed from BundlingDockerImage to DockerImage.
  • core: The return type of the DockerImage.fromBuild() API is changed from BundlingDockerImage to DockerImage.
  • lambda-nodejs: The type of image property in the Bundling class is changed from BundlingDockerImage to DockerImage.
  • lambda-nodejs: The type of dockerImage property in BundlingOptions is changed from BundlingDockerImage to DockerImage.
  • apigatewayv2: The type of allowMethods property under corsPreflight section is changed from HttpMethod to CorsHttpMethod.
  • lambda-nodejs: the default runtime of a NodejsFunction is now Node.js 14.x if the environment from which it is deployed uses Node.js >= 14 and Node.js 12.x otherwise.
  • appmesh: Backend, backend default and Virtual Service client policies structures are being altered
  • appmesh: you must use the backend default interface to define backend defaults in VirtualGateway. The property name also changed from backendsDefaultClientPolicy to backendDefaults
  • appmesh: you must use the backend default interface to define backend defaults in VirtualNode, (the property name also changed from backendsDefaultClientPolicy to backendDefaults), and the Backend class to define a backend
  • appmesh: you can no longer attach a client policy to a VirtualService
  • apigatewayv2: HttpApiMapping (and related interfaces for Attributed and Props) has been renamed to ApiMapping
  • apigatewayv2: CommonStageOptions has been renamed to StageOptions
  • apigatewayv2: HttpStage.fromStageName has been removed in favour of HttpStage.fromHttpStageAttributes
  • apigatewayv2: DefaultDomainMappingOptions has been removed in favour of DomainMappingOptions
  • apigatewayv2: HttpApiProps.defaultDomainMapping has been changed from DefaultDomainMappingOptions to DomainMappingOptions
  • apigatewayv2: HttpApi.defaultStage has been changed from HttpStage to IStage
  • apigatewayv2: IHttpApi.defaultStage has been removed


Bug Fixes

  • apigatewayv2: error while configuring ANY as an allowed method in CORS (#13313) (34bb338), closes #13280 #13643

  • appmesh: Move Client Policy from Virtual Service to backend structure (#12943) (d3f4284), closes #11996

  • autoscaling: AutoScaling on percentile metrics doesn't work (#13366) (46114bb), closes #13144

  • aws-ecs: drain hook lambda allows tasks to stop gracefully (#13559) (3e1148e), closes #13506

  • cfn-include: allow boolean values for string-typed properties (#13508) (e5dab7c)

  • cfn-include: allow dynamic mappings to be used in Fn::FindInMap (#13428) (623675d)

  • cloudfront: cannot add two EdgeFunctions with same aliases (#13324) (1f35351), closes #13237

  • cloudwatch: cannot create Alarms from labeled metrics that start with a digit (#13560) (278029f), closes #13434

  • cloudwatch: MathExpression period of <5 minutes is not respected (#13078) (d9ee914), closes #9156

  • cloudwatch: metric label not rendered into Alarms (#13070) (cbcc712)

  • codebuild: allow FILE_PATH webhook filter for BitBucket (#13186) (cbed348), closes #13175

  • codebuild: allow passing the ARN of the Secret in environment variables (#13706) (6f6e079), closes #12703

  • codebuild: Fixed build spec file format to return yaml (#13445) (fab93c6)

  • codebuild: module fails to load with error "Cannot use import statement outside a module" (b1ffd33), closes #13699 #13699

  • codedeploy: script installing CodeDeploy agent fails (#13758) (25e8d04), closes #13755

  • codedeploy: Use aws-cli instead of awscli for yum (#13655) (449ce12)

  • codepipeline-actions: BitBucketAction fails with S3 "Access denied" error (#13637) (77ce45d), closes #13557

  • cognito: imported userpool not retaining environment from arn (#13715) (aa9fd9c), closes #13691

  • core: toJsonString() cannot handle list intrinsics (#13544) (a5be042), closes #13465

  • core: custom resource provider NODEJS_12 now looks like Lambda's NODEJS_12_X, add Node 14 (#13301) (3413b2f)

  • dynamodb: replicas not created on table replacement (#13300) (c7c424f), closes #12332

  • ec2: fix typo's in WindowsImage constants (#13446) (781aa97)

  • ec2: NAT provider's default outbound rules cannot be disabled (#12674) (664133a), closes #12673

  • ec2: readme grammar (#13180) (fe4f056)

  • ec2: Security Groups support all protocols (#13593) (8c6b3eb), closes #13403

  • ec2: Throw error on empty InitFile content (#13009) (#13119) (81a78a3)

  • ecr: Allow referencing an EcrImage by digest instead of tag (#13299) (266a621), closes #5082

  • ecr: Generate valid CloudFormation for imageScanOnPush (#13420) (278fba5), closes #13418

  • ecs: services essential container exceptions thrown too soon (#13240) (c174f6c), closes #13239

  • elasticloadbalancingv2: should allow more than 2 certificates (#13332) (d3155e9), closes #13150

  • elasticloadbalancingv2: upgrade to v1.92.0 drops certificates on ALB if more than 2 certificates exist (#13490) (01b94f8), closes #13332 #13437

  • events: cannot trigger multiple Lambdas from the same Rule (#13260) (c8c1762), closes #13231

  • init: Python init template's stack ID doesn't match other languages (#13480) (3f1c02d)

  • use NodeJS 14 for all packaged custom resources (#13488) (20a2820), closes #13534 #13484

  • events: imported ECS Task Definition cannot be used as target (#13293) (6f7cebd), closes #12811

  • events: imported EventBus does not correctly register source account (#13481) (57e5404), closes #13469

  • events,applicationautoscaling: specifying a schedule rate in seconds results in an error (#13689) (5d62331), closes #13566

  • iam: oidc-provider can't pull from hosts requiring SNI (#13397) (90dbfb5)

  • iam: policy statement tries to validate tokens (#13493) (8d592ea), closes #13479

  • lambda: fromDockerBuild output is located under /asset (#13539) (77449f6), closes #13439

  • lambda: incorrect values for prop UntrustedArtifactOnDeployment (#13667) (0757686), closes #13586

  • lambda-nodejs: paths with spaces break esbuild (#13312) (f983fbb), closes #13311

  • neptune: create correct IAM statement in grantConnect() (#13641) (2e7f046), closes #13640

  • python: change Python namespace to aws_cdk (#13489) (2ff5ca1)

  • rds: fail with a descriptive error if Cluster's instance count is a deploy-time value (#13765) (dd22e8f), closes #13558

  • region-info: ap-northeast-3 data not correctly registered (#13564) (64da84b), closes #13561

  • s3: Notifications fail to deploy due to incompatible node runtime (#13624) (26bc3d4)

  • s3: Notifications fail to deploy due to incompatible node runtime (#13624) (aa32cf6)

  • stepfunctions: SageMakeUpdateEndpoint adds insufficient permissions (#13170) (6126e49), closes #11594

  • stepfunctions: no validation on state machine name (#13387) (6c3d407), closes #13289

  • core: remove all references to BundlingDockerImage in the public API (#13814) (9cceb3f)

  • lambda-nodejs: prepare code to reduce merge conflicts when deprecated APIs are stripped (#13738) (ca391b5)

  • lambda-nodejs: update default runtime (#13664) (ca42461)

2.0.0-alpha.9 (2021-03-24)


  • lambda-nodejs: the default runtime of a NodejsFunction is now Node.js 14.x if the environment from which it is deployed uses Node.js >= 14 and Node.js 12.x otherwise.
  • appmesh: Backend, backend default and Virtual Service client policies structures are being altered
  • appmesh: you must use the backend default interface to define backend defaults in VirtualGateway. The property name also changed from backendsDefaultClientPolicy to backendDefaults
  • appmesh: you must use the backend default interface to define backend defaults in VirtualNode, (the property name also changed from backendsDefaultClientPolicy to backendDefaults), and the Backend class to define a backend
  • appmesh: you can no longer attach a client policy to a VirtualService
  • apigatewayv2: HttpApiMapping (and related interfaces for Attributed and Props) has been renamed to ApiMapping
  • apigatewayv2: CommonStageOptions has been renamed to StageOptions
  • apigatewayv2: HttpStage.fromStageName has been removed in favour of HttpStage.fromHttpStageAttributes
  • apigatewayv2: DefaultDomainMappingOptions has been removed in favour of DomainMappingOptions
  • apigatewayv2: HttpApiProps.defaultDomainMapping has been changed from DefaultDomainMappingOptions to DomainMappingOptions
  • apigatewayv2: HttpApi.defaultStage has been changed from HttpStage to IStage
  • apigatewayv2: IHttpApi.defaultStage has been removed


Bug Fixes

  • appmesh: Move Client Policy from Virtual Service to backend structure (#12943) (d3f4284), closes #11996

  • autoscaling: AutoScaling on percentile metrics doesn't work (#13366) (46114bb), closes #13144

  • aws-ecs: drain hook lambda allows tasks to stop gracefully (#13559) (3e1148e), closes #13506

  • cfn-include: allow boolean values for string-typed properties (#13508) (e5dab7c)

  • cfn-include: allow dynamic mappings to be used in Fn::FindInMap (#13428) (623675d)

  • cloudfront: cannot add two EdgeFunctions with same aliases (#13324) (1f35351), closes #13237

  • cloudwatch: cannot create Alarms from labeled metrics that start with a digit (#13560) (278029f), closes #13434

  • cloudwatch: MathExpression period of <5 minutes is not respected (#13078) (d9ee914), closes #9156

  • cloudwatch: metric label not rendered into Alarms (#13070) (cbcc712)

  • codebuild: allow FILE_PATH webhook filter for BitBucket (#13186) (cbed348), closes #13175

  • codedeploy: Use aws-cli instead of awscli for yum (#13655) (449ce12)

  • core: toJsonString() cannot handle list intrinsics (#13544) (a5be042), closes #13465

  • core: custom resource provider NODEJS_12 now looks like Lambda's NODEJS_12_X, add Node 14 (#13301) (3413b2f)

  • dynamodb: replicas not created on table replacement (#13300) (c7c424f), closes #12332

  • ec2: fix typo's in WindowsImage constants (#13446) (781aa97)

  • ec2: NAT provider's default outbound rules cannot be disabled (#12674) (664133a), closes #12673

  • ec2: readme grammar (#13180) (fe4f056)

  • ec2: Security Groups support all protocols (#13593) (8c6b3eb), closes #13403

  • ec2: Throw error on empty InitFile content (#13009) (#13119) (81a78a3)

  • ecr: Allow referencing an EcrImage by digest instead of tag (#13299) (266a621), closes #5082

  • ecr: Generate valid CloudFormation for imageScanOnPush (#13420) (278fba5), closes #13418

  • ecs: services essential container exceptions thrown too soon (#13240) (c174f6c), closes #13239

  • elasticloadbalancingv2: should allow more than 2 certificates (#13332) (d3155e9), closes #13150

  • elasticloadbalancingv2: upgrade to v1.92.0 drops certificates on ALB if more than 2 certificates exist (#13490) (01b94f8), closes #13332 #13437

  • events: cannot trigger multiple Lambdas from the same Rule (#13260) (c8c1762), closes #13231

  • events: imported ECS Task Definition cannot be used as target (#13293) (6f7cebd), closes #12811

  • events: imported EventBus does not correctly register source account (#13481) (57e5404), closes #13469

  • iam: oidc-provider can't pull from hosts requiring SNI (#13397) (90dbfb5)

  • iam: policy statement tries to validate tokens (#13493) (8d592ea), closes #13479

  • init: Python init template's stack ID doesn't match other languages (#13480) (3f1c02d)

  • lambda: fromDockerBuild output is located under /asset (#13539) (77449f6), closes #13439

  • lambda: incorrect values for prop UntrustedArtifactOnDeployment (#13667) (0757686), closes #13586

  • lambda-nodejs: paths with spaces break esbuild (#13312) (f983fbb), closes #13311

  • neptune: create correct IAM statement in grantConnect() (#13641) (2e7f046), closes #13640

  • python: change Python namespace to aws_cdk (#13489) (2ff5ca1)

  • region-info: ap-northeast-3 data not correctly registered (#13564) (64da84b), closes #13561

  • s3: Notifications fail to deploy due to incompatible node runtime (#13624) (aa32cf6)

  • s3: Notifications fail to deploy due to incompatible node runtime (#13624) (26bc3d4)

  • stepfunctions: SageMakeUpdateEndpoint adds insufficient permissions (#13170) (6126e49), closes #11594

  • stepfunctions: no validation on state machine name (#13387) (6c3d407), closes #13289

  • use NodeJS 14 for all packaged custom resources (#13488) (20a2820), closes #13534 #13484

  • lambda-nodejs: update default runtime (#13664) (ca42461)

2.0.0-alpha.8 (2021-03-17)


  • apigatewayv2: HttpApiMapping (and related interfaces for Attributed and Props) has been renamed to ApiMapping
  • apigatewayv2: CommonStageOptions has been renamed to StageOptions
  • apigatewayv2: HttpStage.fromStageName has been removed in favour of HttpStage.fromHttpStageAttributes
  • apigatewayv2: DefaultDomainMappingOptions has been removed in favour of DomainMappingOptions
  • apigatewayv2: HttpApiProps.defaultDomainMapping has been changed from DefaultDomainMappingOptions to DomainMappingOptions
  • apigatewayv2: HttpApi.defaultStage has been changed from HttpStage to IStage
  • apigatewayv2: IHttpApi.defaultStage has been removed


Bug Fixes

  • cfn-include: allow boolean values for string-typed properties (#13508) (e5dab7c)
  • cfn-include: allow dynamic mappings to be used in Fn::FindInMap (#13428) (623675d)
  • cloudfront: cannot add two EdgeFunctions with same aliases (#13324) (1f35351), closes #13237
  • cloudwatch: MathExpression period of <5 minutes is not respected (#13078) (d9ee914), closes #9156
  • cloudwatch: metric label not rendered into Alarms (#13070) (cbcc712)
  • codebuild: allow FILE_PATH webhook filter for BitBucket (#13186) (cbed348), closes #13175
  • core: custom resource provider NODEJS_12 now looks like Lambda's NODEJS_12_X, add Node 14 (#13301) (3413b2f)
  • dynamodb: replicas not created on table replacement (#13300) (c7c424f), closes #12332
  • ec2: fix typo's in WindowsImage constants (#13446) (781aa97)
  • ec2: NAT provider's default outbound rules cannot be disabled (#12674) (664133a), closes #12673
  • ec2: readme grammar (#13180) (fe4f056)
  • ec2: Throw error on empty InitFile content (#13009) (#13119) (81a78a3)
  • ecr: Allow referencing an EcrImage by digest instead of tag (#13299) (266a621), closes #5082
  • ecr: Generate valid CloudFormation for imageScanOnPush (#13420) (278fba5), closes #13418
  • ecs: services essential container exceptions thrown too soon (#13240) (c174f6c), closes #13239
  • elasticloadbalancingv2: should allow more than 2 certificates (#13332) (d3155e9), closes #13150
  • elasticloadbalancingv2: upgrade to v1.92.0 drops certificates on ALB if more than 2 certificates exist (#13490) (01b94f8), closes #13332 #13437
  • events: cannot trigger multiple Lambdas from the same Rule (#13260) (c8c1762), closes #13231
  • events: imported ECS Task Definition cannot be used as target (#13293) (6f7cebd), closes #12811
  • events: imported EventBus does not correctly register source account (#13481) (57e5404), closes #13469
  • iam: oidc-provider can't pull from hosts requiring SNI (#13397) (90dbfb5)
  • init: Python init template's stack ID doesn't match other languages (#13480) (3f1c02d)
  • lambda-nodejs: paths with spaces break esbuild (#13312) (f983fbb), closes #13311
  • python: change Python namespace to aws_cdk (#13489) (90f5311)
  • stepfunctions: SageMakeUpdateEndpoint adds insufficient permissions (#13170) (6126e49), closes #11594
  • stepfunctions: no validation on state machine name (#13387) (6c3d407), closes #13289

2.0.0-alpha.7 (2021-03-10)


  • apigatewayv2: HttpApiMapping (and related interfaces for Attributed and Props) has been renamed to ApiMapping
  • apigatewayv2: CommonStageOptions has been renamed to StageOptions
  • apigatewayv2: HttpStage.fromStageName has been removed in favour of HttpStage.fromHttpStageAttributes
  • apigatewayv2: DefaultDomainMappingOptions has been removed in favour of DomainMappingOptions
  • apigatewayv2: HttpApiProps.defaultDomainMapping has been changed from DefaultDomainMappingOptions to DomainMappingOptions
  • apigatewayv2: HttpApi.defaultStage has been changed from HttpStage to IStage
  • apigatewayv2: IHttpApi.defaultStage has been removed


Bug Fixes

  • cfn-include: allow dynamic mappings to be used in Fn::FindInMap (#13428) (623675d)
  • cloudfront: cannot add two EdgeFunctions with same aliases (#13324) (1f35351), closes #13237
  • cloudwatch: MathExpression period of <5 minutes is not respected (#13078) (d9ee914), closes #9156
  • cloudwatch: metric label not rendered into Alarms (#13070) (cbcc712)
  • codebuild: allow FILE_PATH webhook filter for BitBucket (#13186) (cbed348), closes #13175
  • core: custom resource provider NODEJS_12 now looks like Lambda's NODEJS_12_X, add Node 14 (#13301) (3413b2f)
  • dynamodb: replicas not created on table replacement (#13300) (c7c424f), closes #12332
  • ec2: NAT provider's default outbound rules cannot be disabled (#12674) (664133a), closes #12673
  • ec2: readme grammar (#13180) (fe4f056)
  • ec2: Throw error on empty InitFile content (#13009) (#13119) (81a78a3)
  • ecr: Allow referencing an EcrImage by digest instead of tag (#13299) (266a621), closes #5082
  • ecr: Generate valid CloudFormation for imageScanOnPush (#13420) (278fba5), closes #13418
  • ecs: services essential container exceptions thrown too soon (#13240) (c174f6c), closes #13239
  • elasticloadbalancingv2: should allow more than 2 certificates (#13332) (d3155e9), closes #13150
  • events: cannot trigger multiple Lambdas from the same Rule (#13260) (c8c1762), closes #13231
  • events: imported ECS Task Definition cannot be used as target (#13293) (6f7cebd), closes #12811
  • iam: oidc-provider can't pull from hosts requiring SNI (#13397) (90dbfb5)
  • lambda-nodejs: paths with spaces break esbuild (#13312) (f983fbb), closes #13311
  • python: change Python namespace to aws_cdk (#13489) (90f5311)
  • stepfunctions: SageMakeUpdateEndpoint adds insufficient permissions (#13170) (6126e49), closes #11594

2.0.0-alpha.6 (2021-03-03)


  • ecs-patterns: ** the desiredCount property stored on the above constructs will be optional, allowing them to be undefined. This is enabled through the @aws-cdk/aws-ecs-patterns:removeDefaultDesiredCount feature flag. We would recommend all aws-cdk users to set the REMOVE_DEFAULT_DESIRED_COUNT flag to true for all of their existing applications.

Fixes: aws#12990

  • aws-appsync: RdsDataSource now takes a ServerlessCluster instead of a DatabaseCluster


Bug Fixes

2.0.0-alpha.5 (2021-02-17)


Bug Fixes

2.0.0-alpha.4 (2021-02-10)


  • appmesh: the properties virtualRouter and virtualNode of VirtualServiceProps have been replaced with the union-like class VirtualServiceProvider
  • appmesh: the method addVirtualService has been removed from IMesh
  • cloudfront: experimental EdgeFunction stack names have changed from 'edge-lambda-stack-${region}' to 'edge-lambda-stack-${stackid}' to support multiple independent CloudFront distributions with EdgeFunctions.


Bug Fixes

  • apigateway: stack update fails to replace api key (38cbe62), closes #12698
  • apigateway: stack update fails to replace api key (#12745) (ffe7e42), closes #12698
  • cfn-include: AWS::CloudFormation resources fail in monocdk (#12758) (5060782), closes #11595
  • cli, codepipeline: renamed bootstrap stack still not supported (#12771) (40b32bb), closes #12594 #12732
  • cloudfront: use node addr for edgeStackId name (#12702) (c429bb7), closes #12323
  • codedeploy: wrong syntax on Windows 'installAgent' flag (#12736) (238742e), closes #12734
  • codepipeline: permission denied for Action-level environment variables (#12761) (99fd074), closes #12742
  • core: append file extension to s3 asset key in new style synthesizer (#12765) (77b9d39), closes #12740
  • core: incorrect GetParameter permissions in nonstandard partitions (#12813) (be7202f)
  • ec2: ARM-backed bastion hosts try to run x86-based Amazon Linux AMI (#12280) (1a73d76), closes #12279
  • efs: EFS fails to create when using a VPC with multiple subnets per availability zone (#12097) (889d673), closes #10170
  • iam: cannot use the same Role for multiple Config Rules (#12724) (2f6521a), closes #12714
  • lambda: codeguru profiler not set up for Node runtime (#12712) (59db763), closes #12624

2.0.0-alpha.3 (2021-02-03)


  • aws-codebuild: add enableBatchBuilds() to Project (#12531) (0568390)
  • batch: Compute Resources placement group (#12203) (fe37174)

2.0.0-alpha.2 (2021-01-27)


  • s3-deployment: User metadata keys of bucket objects will change from x-amz-meta-x-amz-meta-x-amzn-meta-mykey to x-amz-meta-mykey.
  • core: users of modern synthesis (DefaultSynthesizer, used by CDK Pipelines) must upgrade their bootstrap stacks. Run cdk bootstrap.


Bug Fixes

2.0.0-alpha.1 (2021-01-21)


  • apigatewayv2: subnets prop in VpcLink resource now takes SubnetSelection instead of ISubnet[]
  • eks: Existing self managed nodes may loose the ability to host additional services of type LoadBalancer . See aws#12269 (comment) for possible mitigations.
  • eks: the @aws-cdk/eks.KubectlLayer layer class has been moved to @aws-cdk/lambda-layer-kubectl.KubectlLayer.
  • eks: LegacyCluster was removed since it existed only for a transition period to allow gradual migration to the current cluster class.
  • eks: kubectlEnabled property was removed, all clusters now support kubectl.
  • core: Creation stack traces for Lazy values are no longer captured by default in order to speed up tests. Run with CDK_DEBUG=true (or cdk --debug) to capture stack traces.
  • apigatewayv2: HttpApi.fromApiId() has been replaced with HttpApi.fromHttpApiAttributes().
  • elasticsearch: ES Domain LogGroup LogicalId will change, which will trigger new log group resources to be created
  • cloudfront-origins: Default minimum origin SSL protocol for HttpOrigin and LoadBalancerOrigin changed from SSLv3 to TLSv1.2.


Bug Fixes

2.0.0-alpha.0 (2020-12-11)

This is the first alpha release of CDK 2.0. 🎉