1.143.0 (2022-02-02)

Features

• amplify: support performance mode in Branch (#18598) (bdeb8eb), closes #18557
• cfnspec: cloudformation spec v54.0.0 (#18764) (71601c1)
• cloudwatch-actions: add ssm opsitem action for cloudwatch alarm (#16923) (9380885), closes #16861
• dynamodb: allow setting TableClass for a Table (#18719) (73a889e), closes #18718
• ec2: support KMS keys for block device mappings for both instances and launch templates (#18326) (17dbe5f), closes #18309
• ecr: add server-side encryption configuration (#16966) (c46acd5), closes #15400 #15571
• ecs: expose image name in container definition (#17793) (1947d7c)
• fsx: add support for FSx Lustre Persistent_2 deployment type (#18626) (6036d99)
• iot: add Action to republish MQTT messages to another MQTT topic (#18661) (7ac1215)

Bug Fixes

• core: correctly reference versionless secure parameters (#18730) (9f6e10e), closes #18729
• ec2: UserData.addSignalOnExitCommand does not work in combination with userDataCausesReplacement (#18726) (afdc550), closes #12749
• vpc: Vpc.fromLookup should throw if subnet group name tag is explicitly given and does not exist (#18714) (13e1c7f), closes #13962

Reverts

• "chore(cloudfront): encryption and enforceSSL on distribution s3 loggingBucket (#18264)" (#18772) (121e4a1), closes #18271 /docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html#AWS-logs-infrastructure-S3 #18676
• "chore(ec2): enforceSSL on flowLog s3 bucket (#18271)" (#18770) (a2eb092), closes /docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html#AWS-logs-infrastructure-S3 #18676

1.142.0 (2022-01-28)

Features

• cfnspec: cloudformation spec v53.1.0 (#18680) (f385059)
• cloudfront-origins: extend readTimeout maximum value for HttpOriginProps (#18697) (e64de67), closes #18628
• eks: cluster logging (#18112) (872277b), closes #4159
• iotevents: allow setting description, evaluation method and key of DetectorModel (#18644) (2eeaebc)
• lambda-python: support setting environment vars for bundling (#18635) (30e2233)

Bug Fixes

• aws-lambda-nodejs: pre compilation with tsc is not being run (#18062) (7ac7221), closes #18002
• pipelines: undeployable due to dependency cycle (#18686) (009d689), closes #18492 #18673

1.141.0 (2022-01-27)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• servicecatalog: TagOptions now have scope and props argument in constructor, and data is now passed via a allowedValueForTags field in props

Features

• assertions: support assertions on stack messages (#18521) (cb86e30), closes #18347
• assertions: support for conditions (#18577) (55ff1b2), closes #18560
• aws-ecs-patterns: adding support for custom HealthCheck while creating QueueProcessingFargateService (#18219) (0ca81a1), closes #15636
• certificatemanager: DnsValidatedCertificate DNS record cleanup (#18311) (36d356d), closes #3333 #7063
• cfnspec: cloudformation spec v53.1.0 (#18588) (a283a48)
• cfnspec: cloudformation spec v53.1.0 (#18658) (2eda19e)
• ec2: session timeout and login banner for client vpn endpoint (#18590) (7294118)
• ecs: add BaseService.fromServiceArnWithCluster() for use in CodePipeline (#18530) (3d192a9)
• iotevents: add DetectorModel L2 Construct (#18049) (d0960f1), closes #17711 #17711
• lambda-nodejs: Allow setting mainFields for esbuild (#18569) (0e78aeb)
• s3: custom role for the bucket notifications handler (#17794) (43f232d), closes #9918 #13241
• servicecatalog: Create TagOptions Construct (#18314) (903c4b6), closes #17753

Bug Fixes

• apigatewayv2: websocket api: allow all methods in grant manage connections (#18544) (41c8a3f), closes #18410
• aws-apigateway: cross region authorizer ref (#18444) (0e0a092)
• cli: hotswap should wait for lambda's updateFunctionCode to complete (#18536) (0e08eeb), closes #18386 #18386
• ecs: only works in 'aws' partition (#18496) (525ac07), closes #18429
• ecs-patterns: Fix Network Load Balancer Port assignments in ECS Patterns (#18157) (1393729), closes #18073
• elasticloadbalancingv2: ApplicationLoadBalancer.logAccessLogs does not grant all necessary permissions (#18558) (bde1795), closes #18367
• pipelines: CodeBuild projects are hard to tell apart (#18492) (f6dab8d)
• region-info: incorrect codedeploy service principals (#18505) (16db963)
• route53: add RoutingControlArn to HealthCheck patch (#18645) (c58e8bb), closes #18570
• s3: add missing safe actions to grantWrite, grantReadWrite and grantPut methods (#18494) (940d043), closes #13616
• secretsmanager: SecretRotation for secret imported by name has incorrect permissions (#18567) (9ed263c), closes #18424
• stepfunctions: task token integration cannot be used with API Gateway (#18595) (678eede), closes #14184 #14181
• stepfunctions-tasks: cluster creation fails with unresolved release labels (#18288) (9940952)
• synthetics: correct getbucketlocation policy (#13573) (e743525), closes #13572

1.140.0 (2022-01-20)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• apigatewayv2: HttpIntegrationType.LAMBDA_PROXY has been renamed to HttpIntegrationType.AWS_PROXY
• iot: the class FirehoseStreamAction has been renamed to FirehosePutRecordAction

Features

• apigatewayv2: HttpRouteIntegration supports AWS services integrations (#18154) (a8094c7), closes #16287
• apigatewayv2: support for mock integration type (#18129) (7779c14), closes #15008
• apigatewayv2: websocket api: api keys (#16636) (24f8f74)
• assertions: stringLikeRegexp() matcher (#18491) (b49b002)
• assertions: support for parameters (#18469) (d0d6fc5), closes #16720
• aws-neptune: add autoMinorVersionUpgrade to cluster props (#18394) (8b5320a), closes #17545
• aws-s3: support number of newer versions to retain in lifecycle policy (#18225) (e1731b1), closes #17996 #17996
• cfnspec: cloudformation spec v53.0.0 (#18468) (50637e0)
• cfnspec: cloudformation spec v53.0.0 (#18480) (38e1fe4)
• cfnspec: cloudformation spec v53.0.0 (#18524) (517d517)
• cfnspec: cloudformation spec v53.0.0 (#18551) (926310b)
• cli: support hotswapping Lambda functions that use Docker images (#18319) (6b553b7), closes #18302 #18408
• cli: support hotswapping Lambda functions with inline code (#18408) (d0b8512), closes #18319
• cli: watch streams resources' CloudWatch logs to the terminal (#18159) (a9038ae), closes #18122
• cognito: identity pools (#16190) (59fe395)
• ec2: add Hpc6a instances (#18445) (c7f39ca)
• ec2: add support for al2022 and amzn2 with kernel 5.x (#18117) (6b73d1d)
• ec2: create Peers via security group ids (#18248) (9d1b2c7), closes #7111
• ecs-service-extensions: Enable default logging to CloudWatch for extensions (under feature flag) (#17817) (06666f4)
• iot: add Action to put record to Kinesis Data stream (#18321) (1480213), closes #17703
• lambda-nodejs: ES modules (#18346) (e23b63f), closes #13274
• opensearch: added opensearch 1.1 to engineversion (#18432) (e01a57a), closes #18431

Bug Fixes

• apigateway: enabled property of ApiKeyProps is ignored (#18407) (c31f9b4)
• applicationautoscaling: typo in DYANMODB_WRITE_CAPACITY_UTILIZATION (#18085) (626e6aa), closes #17209
• assertions: object partiality is dropped passing through arrays (#18525) (eb29e6f)
• cli: cdk watch constantly prints 'messages suppressed' (#18486) (9b266f4), closes #18451
• cli: warning to upgrade to bootstrap version >= undefined (#18489) (da5a305)
• ec2: interface endpoints do not work with Vpc.fromLookup() (#18554) (f55cd2b), closes #17600
• ec2: launch template names in imdsv2 not unique across stacks (under feature flag) (#17766) (2a80e4b)
• ecs: respect LogGroup's region for aws-log-driver (#18212) (b6e3e51), closes #17747
• elbv2: BaseLoadBalancer.vpc is not optional (#18474) (f511c17), closes aws/jsii#3342
• iot: FirehoseStreamAction is now called FirehosePutRecordAction (#18356) (c016a9f), closes /github.com/aws/aws-cdk/pull/18321#discussion_r781620195
• pipelines: "Maximum schema version supported" error (#18404) (a684ff4), closes #18370
• pipelines: graphnode dependencies can have duplicates (#18450) (2b0b5ea)
• secretsmanager: Secret requires KMS key for some same-account access (#17812) (91f3539), closes #15450

Reverts

• s3: add EventBridge bucket notifications (#18150) (#18507) (2041278)

1.139.0 (2022-01-11)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• apigatewayv2-authorizers: WebSocketLambdaAuthorizerProps.identitySource default changes from ['$request.header.Authorization'] to ['route.request.header.Authorization'].
• cfn2ts: some "complex" property types within the generated CloudFormation interfaces (i.e: properties of Cfn* constructs) with names starting with a capital letter I followed by another capital letter are no longer incorrectly treated as behavioral interfaces, and might hence have different usage patterns in non-TypeScript languages. Such interfaces were previously very difficult to use in non-TypeScript languages, and required convoluted workarounds, which can now be removed.

Features

• aws-ecs: support runtime platform property for create fargate windows runtime. (#17622) (fa8f2e2), closes #17242
• bootstrap: ECR ScanOnPush is now enabled by default (#17994) (7588b51)
• cfnspec: cloudformation spec v51.0.0 (#18274) (c208e60)
• cli: diff now uses the lookup Role for new-style synthesis (#18277) (2256680)
• eks: cluster tagging (#4995) (#18109) (304f5b6)
• iam: generate AccessKeys (#18180) (beb5706), closes #8432
• lambda-event-sources: adds AuthenticationMethod.CLIENT_CERTIFICATE_TLS_AUTH to kafka (#17920) (93cd776)
• pipelines: step dependencies (#18256) (e3359e0), closes #17945
• pipelines: support timeout in CodeBuildStep (#17351) (2aa3b8e)
• s3: add EventBridge bucket notifications (#18150) (912aeda), closes #18076
• sqs: add DLQ readonly property to Queue (#18232) (caa6788), closes #18083

Bug Fixes

• apigatewayv2-authorizers: incorrect identitySource default for WebSocketLambdaAuthorizer (#18315) (74eee1e), closes #18307
• appmesh: allow a Virtual Node have as a backend a Virtual Service whose provider is that Node (#18265) (272b6b1), closes #17322
• aws-kinesis: remove default shard count when stream mode is on-demand and set default mode to provisioned (#18221) (cac11bb), closes #18139
• aws-lambda-event-sources: unsupported properties for SelfManagedKafkaEventSource and ManagedKafkaEventSource (#17965) (5ddaef4), closes #17934
• cfn2ts: some property times have behavioral-interface names (#18275) (6359c12)
• cli: assets are KMS-encrypted using wrong key (#18340) (64ae9f3), closes #17668 #18262
• cli: breaks due to faulty version of colors (#18324) (ddc2bc6)
• codebuild: setting Cache.none() renders nothing in the template (#18194) (cd51a5d), closes #18165
• lambda: imported Function still has region and account from its Stack, instead of its ARN (#18255) (01bbe4c), closes #18228
• lambda-python: asset files are generated inside the 'asset-input' folder (#18306) (aff607a)
• lambda-python: bundle asset files correctly (#18335) (3822c85), closes #18301
• logs: respect region when importing log group (#18215) (be909bc), closes #18214
• pipelines: DockerCredential.dockerHub() silently fails auth (#18313) (c2c87d9), closes #15737
• route53: support multiple cross account DNS delegations (#17837) (76b5c0d), closes #17836

1.138.2 (2022-01-09)

Bug Fixes

• cli: breaks due to faulty version of colors (#18324) (43bf9ae)

1.138.1 (2022-01-07)

Bug Fixes

• lambda-python: asset files are generated inside the 'asset-input' folder (#18306) (b00b44e)

1.138.0 (2022-01-04)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• lambda-python: assetHashType and assetHash properties moved to new bundling property.
• lambda-python: Runtime is now required for LambdaPython

Features

• apigateway: Add stage ARN attribute (#18170) (be7acfd)
• aws-autoscaling: Add support for termination policies (#17936) (9e6f977), closes #15654
• aws-ec2: add g4ad instance types (#17927) (8cb6a76), closes #17565
• cfnspec: add CloudFormation documentation to L1 classes (#18101) (0ed661d)
• cli: hotswap deployments for CodeBuild projects (#18161) (4ae4df8)
• cli: show how long cdk deploy steps take (#18230) (82fa742), closes #18213
• cli: support for hotswapping Lambda Versions and Aliases (#18145) (13d77b7), closes #18058 #17043
• codepipeline: variables for CodeStar Connections source Action (#18086) (c99da16), closes #17807
• custom-resources: NoEcho for sensitive data in provider framework (#18097) (621a410)
• docdb: allow setting log retention (#18120) (002202f), closes #13191
• ec2: add Windows Server 2022 WindowsVersions (#18203) (dee732d), closes #18199
• glue: support partition index on tables (#17998) (c071367), closes #17589
• iot: Action to send messages to SQS queues (#18087) (37537fe), closes #17699
• iot: add Action to set a CloudWatch alarm (#18021) (de2369c), closes #17705
• lambda-python: support for providing a custom bundling docker image (#18082) (c3c4a97), closes #10298 #12949 #15391 #16234 #15306
• msk: add Kafka versions 2.6.3, 2.7.1 and 2.7.2 (#18191) (8832df1)
• secretsmanager: create secrets with specified values (#18098) (dd90b8e), closes #5810
• ssm: reference latest version of secure string parameters (#18187) (7d0680a), closes #17091

Bug Fixes

• amplify: deploy asset Custom Resource points to TS file (#18166) (a1508af)
• cloudfront-origins: policy not added for custom OAI (#18192) (c894ba1), closes #18185
• core: Duration.toString() throws an error (#18243) (df03df8), closes #18176
• core: overriding of Stack.addFileAsset() no longer has effect (#18116) (2290681), closes #17328
• events: event bus name only generated if no props passed (#18153) (9b81662), closes #18070
• lambda-python: runtime is now required (#18143) (98f1bb1), closes #10248
• region-info: ssm service principal - fix more regions (#18135) (ed30c44), closes #16188

Reverts

• cfnspec: add CloudFormation documentation to L1 classes (#18177) (2530016)

1.137.0 (2021-12-21)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• opensearchservice: imported domain property domainEndpoint used to contain https:// prefix, now the prefix is dropped and it returns the same value as a domainEndpoint on a created domain

Features

• apigatewayv2: http api - IAM authorizer support (#17519) (fd8e0e3), closes #15123
• aws-kinesis: add support for data streams capacity modes (#18074) (b265e46), closes #18050
• aws-s3: Adding Intelligent Tiering to Bucket (#18013) (890c4c5), closes #16191
• backup: support continuous backup and point-in-time restores (#17602) (24c6ef5), closes #15922
• cli: add message when resource is hotswapped (#18058) (e828c22), closes #17778
• cli: support hotswapping Lambda function tags (#17818) (e4485f4), closes #17664
• cli: watch command now starts with a deployment (#18057) (ace37a2), closes #17776
• codedeploy: loadbalancer support for imported Target Groups (#17848) (32f1c80), closes #9677
• codepipeline: add ability to not reuse cross-region support Stacks (#18043) (dcc9e59), closes #18018 #18018
• efs: add support for transitioning files from infrequent access to primary storage (#16522) (65414c6)
• eks: imported kubectl provider for imported clusters (#14689) (19a287f), closes #12107
• eks: install helm chart from asset (#17217) (d3fc8c0)
• iam: session tagging (#17689) (9f22b2f), closes #15908 #16725 #2041 #1578
• rds: Aurora clusters from snapshots (#17759) (e5259ee), closes #10936 #10130

Bug Fixes

• acm: DnsValidatedCertificate intermittently fails with "Cannot read property 'Name' of undefined" (#18033) (2b6c2da), closes #8282
• apigateway: race condition between Stage and CfnAccount (#18011) (f11766e)
• eks: can't deploy with Bottlerocket amiType (#17775) (b7be71c), closes #17641 #17641
• eks: cannot customize alb controller repository and version (#18081) (e4256c8), closes #18054
• eks: the defaultChild of a KubernetesManifest is not a CfnResource (#18052) (ef8ab72)
• opensearchservice: imported domain's domainendpoint is a url not an endpoint (#18027) (fd149b1), closes #18017
• core, s3-deployment: ResponseURL is logged by S3Deployment (#18048) (ed19828)
• pipelines: can't use exports from very long stack names (#18039) (465dabf), closes #17436
• region-info: ssm service principal is wrong in majority of regions (#17984) (77144f5), closes #16188 #17646

1.136.0 (2021-12-15)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• appsync: The CachingConfig#ttl property is now required.

• glue: the grantRead API previously included 'glue:BatchDeletePartition', and now it does not.

Features

• amplify: Add Amplify asset deployment resource (#16922) (499ba85), closes #16208
• apigateway: add option to set the base path when adding a domain name to a Rest API (#17915) (9af5b4d)
• apigatewayv2: Lambda authorizer for WebSocket API (#16886) (67cce37), closes #13869
• aws-applicationautoscaling: Allow autoscaling with "M out of N" datapoints (#17441) (c21320d), closes #17433
• aws-applicationautoscaling: enabling autoscaling for ElastiCache Redis cluster (#17919) (7f54ed6)
• aws-ecs: expose environment from containerDefinition (#17889) (4937cd0), closes #17867
• aws-s3: add support for BucketOwnerEnforced to S3 ObjectOwnershipType (#17961) (93fafc5), closes #17926
• cfnspec: cloudformation spec v51.0.0 (#17955) (c6b7a49), closes #17943
• cli: Hotswapping Support for S3 Bucket Deployments (#17638) (1df478b)
• codecommit: allow initializing a Repository with contents (#17968) (54b6cc6), closes #17967 #16958
• ec2: add d3 and d3en instances (#17782) (8b52196), closes /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html#cfn-ec2
• ec2: add high memory instances u-6tb1, u-9tb1, u-12tb1, u-18tb1, and u-24tb1 (#17964) (5497525)
• ec2: add im4gn and is4gen instances (#17780) (e057c8f), closes /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html#cfn-ec2
• iotevents: add IoT Events input L2 Construct (#17847) (9f03dc4), closes /github.com/aws/aws-cdk/issues/17711#issuecomment-986153267
• lambda: add cloudwatch lambda insights arm support (#17665) (02749b4), closes #17133

Bug Fixes

• appmesh: adding support with gateway route priority (#17694) (a61576f), closes #16821
• appsync: ttl property of CachingConfig is not required (#17981) (73e5fec)
• aws-autoscaling: notificationTargetArn should be optional in LifecycleHook (#16187) (4e7a275), closes #14641
• aws-lambda-nodejs: use closest lockfile when autodetecting (#16629) (c4ecd96), closes #15847 40aws-cdk/aws-lambda-nodejs/lib/function.ts#L137-L139 /github.com/aws/aws-cdk/issues/15847#issuecomment-903830384
• cli: asset publishing broken cross account (#18007) (2fc6895), closes #17668 #17988
• cli: hotswapping StateMachines with a name fails (#17892) (de67aae), closes #17716
• custom-resources: assumedRole from AwsCustomResource invocation leaked to next execution (#15776) (e138188), closes #15425
• glue: remove batchDeletePartition from grantRead() permissions (#17941) (3d64f9b), closes #17935 #15116
• logs: log retention fails with OperationAbortedException (#17688) (95b8da9), closes #17546
• rds: unable to use tokens as port in DatabaseInstance (#17995) (0745193), closes #17948