Releases: aws/aws-cdk
v2.164.0
Features
- cli: add ability to configure hotswap properties for ECS (#30511) (fee2cf8), closes #29618
- cognito: support email based MFA (#31816) (f9d6eef), closes #31815
- cognito: the Cognito Identity Pools module is now in Developer Preview (#31854) (b22899f)
Bug Fixes
- cli: cross-account asset publishing doesn't work without bootstrap stack (#31876) (427bf63), closes #31866
- cli: deploy-role is not authorized to perform DescribeStackResources (#31878) (8d06824)
- core: fix policy synthesizer logic for precreated roles (#31710) (aae03c9)
- dynamodb: replication regions are incompatible with resource policies in TableV2 and feature flag (#31513) (0b03eb0), closes #30705
- events-targets: kinesis Stream target with Customer-Managed KMS key causes EventBridge FailedInvocations (#31836) (58dfda0), closes #10996
Alpha modules (2.164.0-alpha.0)
Features
Bug Fixes
v2.163.1
v2.163.0
Features
- cli: garbage collect s3 assets (under
--unstable
flag) (#31611) (0a0e4ad) - cognito: support
emailVerified
forAttributeMapping
interface (#31632) (5de7835), closes #30467 #30467 - dynamodb: enable contributor insights for global secondary index (#30560) (799b541), closes #15671
- ecs-patterns: support NLB with TLS listener and target group (#30611) (f4f8abc), closes #8517
- efs: allow AccessPoint to set client token (#31184) (8208774)
- events: dead letter queue for an Event Bus (#30628) (318eae6), closes #30531
- fsx: specify file system type version for the Lustre file system (#31136) (252cca9), closes #31130
- fsx: support HDD storage type for a Lustre file systems (#30207) (2d9aefb), closes #30206
- iam: allow creating service principal using custom name (#31793) (3d650c3), closes #31767
- kms: allow
fromLookup
method to return dummy key if target key was not found (#31676) (34bdeca), closes #31574 /github.com/aws/aws-cdk/blob/v2.161.0/packages/aws-cdk-lib/aws-kms/lib/key.ts#L686 /github.com/aws/aws-cdk/issues/31574#issuecomment-2399080697 - rds: support local write forwarding for an aurora PostgreSQL cluster (#31803) (a32436a), closes #31802
- s3: support
transitionDefaultMinimumObjectSize
for life cycle (#31778) (4aa117b), closes #31777 /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-lifecycleconfiguration.html#cfn-s3 - update L1 CloudFormation resource definitions (#31752) (8067294)
- update L1 CloudFormation resource definitions (#31800) (fccb006)
- rds: support performance insights configuration at cluster level (#31385) (7d6bf77), closes #31375
- disallow cross account asset publishing in some scenarios (#31623) (edd031d)
- step-functions: add bucketNamePath in item reader (#31619) (97130d8), closes #29409
Bug Fixes
- cli:
cdk import
errors with 'S3 error: Access Denied' (#31727) (cd324d0), closes #31597 #31716 - lambda: filterRule.null() returns empty array (#31701) (5830ee1), closes #31458
- s3: add support for uppercase characters in legacy bucket names (#31813) (7bebf40), closes #31731
- stepfunctions-tasks: stateMachine construct doesn't generate a valid policy for default StateMachineRole (#31801) (efbbddb), closes #31714
Alpha modules (2.163.0-alpha.0)
Features
- ec2: disable api termination (#30620) (108737d)
- kinesisfirehose-alpha: refactor sourceStream property to support multiple types of sources (#31723) (0260046)
- pipes-enrichments: support API destination enrichment (#31312) (1557793), closes #29383
- pipes-targets: add CloudWatch Logs (#30665) (893769e)
Bug Fixes
v2.162.1
v2.162.0
Features
- appsync: add
ownerContact
property to theGraphqlApi
(#31585) (a8b2f01) - cdk: expose authorizer id and authorization type (#31622) (daaf0aa), closes #31605
- cli: cdk rollback (#31684) (3e40edc), closes #31407
- ecs: add fargate ephemeral storage encryption to cluster settings (#30759) (642a944), closes #30721
- eks: support eks with k8s 1.31 (#31707) (fc09bc1)
- elasticloadbalancingv2: support TCP idle timeout for Network Load Balancer Listener (#31584) (8d851a9), closes #31310
- update L1 CloudFormation resource definitions (#31688) (b211189)
- rds: enable
grantDataApiAccess
method for imported database cluster (#31280) (3c92012), closes #31116 /github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-rds/lib/cluster.ts#L983 /github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-rds/lib/cluster.ts#L523-L526
Bug Fixes
- core:
cdk diff
on large templates fails when passing intoolkitStackName
andqualifier
(#31636) (f603c97), closes #29179 - ecs: ecs exec cannot be enabled for ECS Anywhere (ecs.ExternalService) (#31374) (cff1fcd), closes #31181
- elasticloadbalancingv2:
http2Enabled
with true is ignored in ApplicationLoadBalancer (#31675) (c1b240e), closes #31609 - event-targets: ecsTask uses invalid task definition arn in policy (#31615) (4ada3ea), closes #30390 #30484
- iam: override Role.applyRemovalPolicy for customizeRoles (#31652) (35ed5c6), closes #31651
- s3: unable to update the s3 event notifications on an existing S3 bucket (#31431) (0a56c0d), closes #31303
Alpha modules (2.162.0-alpha.0)
⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES
- kinesisfirehose-alpha: replaced
destinations
property withdestination
(singular) and changed the type from array of Destinations to a single Destination. Old behaviour would only allow an array with a single Destination to be passed in anyway.
Features
- iot-alpha: support for account audit configuration (#31661) (fc19571), closes #31663
- pipes-targets: add EventBridge (#30654) (842f49a)
Bug Fixes
Miscellaneous Chores
v2.161.1
v2.161.0
Features
- update L1 CloudFormation resource definitions (#31640) (79d9c4d), closes /docs.aws.amazon.com/datasync/latest/userguide/create-locations-cli.html#create-location-s3
- bedrock: support meta llama3-2 (#31568) (4ddc702)
- cli:
cdk rollback
(#31407) (0755561), closes #30546 - cli: notices on bootstrap version (#31555) (b0e4a54)
- ecs: support restart policy for container (#31228) (a22e8cc), closes #31127 #31425
- logs: add metric methods for log group IncomingLogEvents and IncomingBytes (#31535) (2813eb2), closes #30034
- rds: support for local write forwarding in an Aurora Mysql cluster (#31524) (48c4192), closes #31523
- s3-deployment: added property outputObjectKeys for BucketDeployment (#31452) (54c01cb), closes #28579
Bug Fixes
- appsync: lambda authorizer permission is not scoped to appsync api arn (#31567) (c7cee15), closes #31550 /docs.aws.amazon.com/controltower/latest/controlreference/lambda-rules.html#ct-lambda-pr-2
- batch: remove default optimal for arm based instance types and add error checks (#31510) (7e80cc9), closes #31148
- cdk:
cdk diff --quiet
to print stack name when there is diffs (#30186) (bcf9209), closes #27128 - cli: deployment errors are printed 3 times (#31389) (4b00ffe)
- core:
isTaggable
function can return undefined instead of false (#31600) (be70c82), closes #26495 - core: apps that use token-aware-stringify are construct-instantiation-order-dependent (#31470) (4128bf1), closes #31345 #31345
- core: file asset publishing role not used in
cdk diff
to upload large templates (#31597) (be1207b), closes #29936 /github.com/aws/aws-cdk/blob/main/packages/aws-cdk/lib/api/bootstrap/bootstrap-template.yaml#L275 /github.com/aws/aws-cdk/blob/4b00ffeb86b3ebb9a0190c2842bd36ebb4043f52/packages/aws-cdk/lib/api/deployments.ts#L605 - core: throw on intrinsics in CFN update and create policies (#31578) (9410361), closes #27578 #30740
- lambda: configuring log retention fails on 70+ Lambdas (#31340) (a2d42d2), closes #31338
- lambda-nodejs: remove smithy models from bundling for AWS SDK v3 runtimes (under feature flag) (#31639) (19ee46d)
- pipelines: "Node with duplicate id" on duplicate stack names (#31328) (16b74f3), closes #30960
- rds: fixed the IAM policy that grantConnect() generates for DatabaseInstanceReadReplica (#31579) (52f676c), closes #31061
- stack: check stack tags for deploy-time values (#31457) (abd1768), closes #28017
- update L1 CloudFormation resource definitions by removing outdated schema overrides (#31539) (218331b)
Alpha modules (2.161.0-alpha.0)
⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES
- kinesisfirehose-destinations: the
logging
andlogGroup
properties inDestinationLoggingProps
have been removed and replaced with a single optional propertyloggingConfig
which accepts a class of typeLoggingConfig
.
Details
Combine the logging
and logGroup
properties into a single new optional property called loggingConfig
which accepts a class of type LoggingConfig
.
LoggingConfig
is an abstract class which can be instantiated through either an instance of EnableLogging
or DisableLogging
which can be used in the following 3 ways:
import * as logs from 'aws-cdk-lib/aws-logs';
const logGroup = new logs.LogGroup(this, 'Log Group');
declare const bucket: s3.Bucket;
// 1. Enable logging with no parameters - a log group will be created for you
const destinationWithLogging = new destinations.S3Bucket(bucket, {
loggingConfig: new destinations.EnableLogging(),
});
// 2. Enable a logging and pass in a logGroup to be used
const destinationWithLoggingAndMyLogGroup = new destinations.S3Bucket(bucket, {
loggingConfig: new destinations.EnableLogging(logGroup),
});
// 3. Disable logging (does not accept any parameters so it is now impossible to provide a logGroup in this case)
const destinationWithoutLogging = new destinations.S3Bucket(bucket, {
loggingConfig: new destinations.DisableLogging(),
});
Description of how you validated changes
unit + integ test
Checklist
- My code adheres to the CONTRIBUTING GUIDE and DESIGN GUIDELINES
Features
- ec2: add interface endpoint dynamodb (#30162) (182804a), closes #29547
- pipes-sources: add Kinesis and DynamoDB (#29476) (00c2efb), closes #29378 #29377
- pipes-targets: add API destination (#30756) (5e08c98), closes /github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-events-targets/lib/api-gateway.ts#L11-L32
- pipes-targets: add Kinesis (#30656) (d0c99d8)
- redshift: supports excludeCharacters settings for DatabaseSecret (#30563) ([a1c46cf](a1c46cf...
v2.160.0
Features
- allow all
sts
options for roles assumed by the cli (#31089) (5e95ba2), closes #26157 #22535 - update L1 CloudFormation resource definitions (#31534) (cd17fed)
- core: configure Stack SNS notification ARNs on the Stack construct (#31107) (1593500), closes #8581
- stepfunctions: add support for EncryptionConfiguration (#30959) (b49032b)
Alpha modules (2.160.0-alpha.0)
Features
Bug Fixes
- cognito-identitypool-alpha: cannot configure roleMappings with imported userPool and client (#30421) (0fdd6a9), closes #30304 /github.com/aws/aws-cdk/blob/c3003ab41f0efc763f39eb2cab490c8a005e146b/packages/aws-cdk-lib/aws-cognito/lib/user-pool.ts#L902
- ec2: instance resourceSignalTimeout overwrites initOptions.timeout (#31446) (a29bf19), closes #30052
v2.159.1
v2.159.0
Features
- update L1 CloudFormation resource definitions (#31484) (60ce351), closes /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2 /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2 /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2 /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2
- opensearch: support OpenSearch version 2.15 (#31398) (33eea3f)
- update L1 CloudFormation resource definitions (#31460) (e220e90)
- apigatewayv2: support for setting
routeSelectionExpression
for an HTTP API (#31373) (36baf51), closes #31104 - elasticloadbalancingv2: alb dualstack without public ipv4 (#30248) (4068af3), closes #30256
- events-target: support Dead Letter Queue for Kinesis Stream Event Target (#31435) (358f231), closes #31428 #13600
- stepfunctions-tasks: support idle timeout for EmrCreateCluster (#31142) (432ffaf), closes #29926
- vpcv2: implementation of add gateway method (#31224) (4b90bfc)
Bug Fixes
- cli: bootstrap respects qualifier from cdk.json (#31410) (44134ad), closes #28249
- cli: hotswapping appsync functions fails when API does not return function on the first page (#31406) (0da4f43), closes /github.com/aws/aws-cdk/blob/1e203753519e10e19ef0db87e1382377b609bcaa/packages/aws-cdk/lib/api/evaluate-cloudformation-template.ts#L23-L36
- cli: release outdir lock when synth fails (#30874) (b6ad97f), closes #27864
- cognito: deprecate privateKey and add privateKeyValue as typed SecureValue (#31409) (7ee183d), closes /github.com/aws/aws-cdk/blob/1e203753519e10e19ef0db87e1382377b609bcaa/packages/aws-cdk-lib/aws-cognito/lib/user-pool-idps/google.ts#L28
- ecs: reduce ecs service task role cloudwatch permissions when no log configured (under feature flag) (#31475) (de7ab7c)
- eks: fargateCluster compatibility with AuthenticationMode.API (#31267) (4d12833)
- eks: update private ecr repo url regex (#31394) (386fca3)
- lambda: invalid Version object created from Version.fromVersionArn (#31433) (1726abd)
- ssm: update ssm-context to prevent raising an error on missing parameter (#31415) (ff02cca), closes #7051 #22064 #7259
- pipelines ties cli version with cdk-assets version (#31261) (4392ab4), closes #31253
Alpha modules (2.159.0-alpha.0)
⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES
- kinesisfirehose-alpha:
encryptionKey
property is removed andencryption
property type has changed from theStreamEncryption
enum to theStreamEncryption
class.
To pass in a KMS key for the customer managed key case, use StreamEncryption.customerManagedKey(key)
Details
Replaced encryption
and encryptionKey
properties with a single property encryption
of type StreamEncryption
and is used by calling one of the 3 methods:
SreamEncryption.unencrypted()
StreamEncryption.awsOwnedKey()
StreamEncryption.customerManagedKey(key?: IKey)
This makes it so it's not longer possible to pass in a key when the encryption type is AWS owned or unencrypted. The key
is an optional parameter in StreamEncryption.customerManagedKey(key?: IKey)
so following the previous behaviour, if a key is provided it will be used, otherwise a key will be created for the user.
Description of how you validated changes
Generated templates do not change so behaviour remains the same.
Updated integ/unit tests.
Checklist
- My code adheres to the CONTRIBUTING GUIDE and DESIGN GUIDELINES