v2.125.0

Features

• applicationautoscaling: validate evaluationPeriods and datapointsToAlarm for step scaling policy (#28880) (4034adb)
• batch: add fargate Runtime Platform properties to ECS Fargate C… (#28841) (ac8251f), closes #26484
• CLI: Diff Supports Import Change Sets (#28787) (d973615), closes #28336
• cloudfront: retrieve default distribution metrics (#28894) (8e115db), closes #28893
• cognito: validate oidc provider name (#28802) (534794c), closes #28667
• sqs: support for permission settings for dead letter source queues (#28745) (9e21803), closes #19766

Bug Fixes

• stepfunctions-tasks: mediapackagevod service generates wrong action in role policy (#28775) (305dae0), closes #28774
• revert deprecation of logRetention properties (#28934) (f89a7d2), closes #28919
• apigatewayv2: WebSocketAwsIntegration ignores requestParameters and integrationPassThrough behaviors (#28921) (990ead3)
• eks: Could not use ec2 instance type and size that their names contains dashes (#28040) (b32f47c), closes #27587

---

Alpha modules (2.125.0-alpha.0)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• integ-runner: Parsing of the cli input caused arguments passed after the first instance --language <language> to be interpreted as a language as well. This prevented passing a test name after providing cli options. To overcome this limitation, integ-runner now requires an explicit --language option for each language you want to include: integ-runner --language javascript --language python. This was already documented that way and always the intended way to use this feature.
• neptune-alpha: Corrected LogRetention IDs for DatabaseCluster. Previously, regardless of the log type, the string ‘objectObject’ was always included, but after the correction, the log type is now included.

Features

• app-staging-synthesizer-alpha: encryption type for staging bucket (#28903) (69f4b8d), closes #28815
• pipes: EventBridge Pipes alpha module (#28388) (2d9106b), closes #23495

Bug Fixes

• integ-runner: cannot pass test name after --language (#28922) (f9fbbb4)
• neptune-alpha: multiple cloudwatchLogsExports cannot be set when configuring log retention (#28643) (56794fc), closes #26295

v2.124.0

Features

• update L1 CloudFormation resource definitions (#28878) (98cea43), closes /docs.aws.amazon.com/datasync/latest/userguide/create-s3-location.html#create-s3
• update L1 CloudFormation resource definitions (#28886) (6a7a24a)
• cloudfront: additional cloudfront distribution metrics (#28777) (95d187e), closes #22922
• cloudfront: associate key value stores to functions (#28571) (5ede456), closes #28377
• route53: latency based routing (#28723) (169fd91), closes #28722
• s3: date-based partitioning for log objects (#28790) (2952408), closes /docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-loggingconfiguration.html#cfn-s3 #28141
• sns: suffix matching to sub filter (#28795) (2bf6d82), closes #28765

Bug Fixes

• cloudwatch-actions: multiple alarms with LambdaAction for the same Lambda fail (under feature flag) (#28712) (b1e3dfd)
• cognito: allow custom email msg placeholder (#28832) (1dbfa14)
• eks: helm uninstall in custom resource handler does not respect Wait (#28830) (7a30f5d), closes #28831
• iam: allow intrinsic functions in deletion policy (#28834) (2801355)
• iam: SamlConsolePrincipal returns incorrect url in GovCloud and ISO regions (#28704) (c1f2abb), closes #25723
• opensearch: always create CloudWatch Logs resource policy when logging is enabled (#28707) (a5a8855), closes #23637
• rds: proxy target is missing KMS permissions (#28858) (c17dbde), closes #28850

---

Alpha modules (2.124.0-alpha.0)

v2.123.0

Features

• apigatewayv2: AWS type websocket api integration in http api (#28718) (4d7374e), closes /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-integration.html#cfn-apigatewayv2
• autoscaling: datapointsToAlarm property for step scaling policy (#28792) (baf2bfb), closes #28749
• core: add validations for export name in CfnOutput (#28575) (513d9fb), closes #28563
• core: custom resources deprecate logRetention in favor of logGroup (#28783) (ea34c89), closes #28737
• dynamodb: import data from the bucket (#28610) (45b8398), closes #21825
• ec2: flow logs from TransitGateway and TransitGatewayAttachment (#28605) (a238590), closes #27222
• ecs: add neuron to ecs AMI hardware type (#28819) (ef1d64e), closes #28198
• ecs: support for explicit activation of the circuit breaker (#28611) (bbb9555), closes #27131
• ecs-patterns: cooldown parameter to QueueProcessingServiceBaseProps (#28730) (b3b672a), closes #8298
• logs: support data protection custom data identifiers (#28553) (1222aaa), closes #28430
• rds: allocatedStorage parameter for DatabaseInstanceReadReplica (#28789) (df8fbc4), closes #17083
• rds: Kerberos authentication support in Aurora Database Clusters (#28559) (bdf4285), closes /github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-rds/lib/instance.ts#L625 /github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-rds/lib/instance.ts#L633 #28050
• stepfunctions: support Map ItemSelector (#28771) (b226a8c), closes #27913 #23265
• update L1 CloudFormation resource definitions (#28811) (1b6be8b)

Bug Fixes

• appsync: add dependency to logretention for graphql apis log group (#28548) (04e5480), closes #26564
• CLI: cdk diff is not clear enough about using read-only change sets (#28741) (bb50f97)
• lambda: lambda does not set environment variables for AWS_CODEGURU_PROFILER properties when creating Amazon CodeGuruProfiler profiling group (#28762) (2511956), closes #23511
• rds: Failed to create a Database Instance with Kerberos authentication configured (#28601) (b620f1b), closes #28600

---

Alpha modules (2.123.0-alpha.0)

Features

• iot-actions-alpha: open search action in IoT topic rule (#28748) (84b23cb)

Bug Fixes

• amplify: addBranch fails synth with "cannot find entry file..." (#28772) (cb522bb), closes #28658 #28764
• redshift: enableRebootForParameterChanges fails synth with "cannot find entry file…" (#28760) (4952f36)

v2.122.0

Features

• CodePipelineActions: Add support for custom events in CodeCommit source action (#28008) (c3802c4), closes #12045
• ec2: add dual stack vpc support (#28480) (caf83f1), closes #894
• ecs: L2 for ebs task attach (#28691) (fc0a89a)
• ecs: support for capacity provider managed instance draining (#28672) (aaa2a09)
• efs: One-Zone filesystem (#28501) (c0085d5), closes /github.com/aws/aws-cdk/issues/15864#issuecomment-895483167 #15864
• efs: transition to archive for FileSystem (#28719) (03c08b0), closes #28720
• elbv2: Implement IConnectable to NLB (#28494) (1e69cc6), closes #26735
• firehose-destinations-alpha: support zero buffering (#28716) (db2e78e), closes #28714
• lambda: deprecate logRetention properties in favor of logGroup (#28737) (4a09720)
• rds: Add log group property to RDS instance and RDS cluster (#28676) (9aa7281)
• route53: weighted routing (#28705) (4a0c24d), closes #26753
• update L1 CloudFormation resource definitions (#28677) (b2c60cb), closes /docs.aws.amazon.com/transfer/latest/userguide/create-b2b-server.html#configure-as2
• update L1 CloudFormation resource definitions (#28684) (cbe2378), closes /docs.aws.amazon.com/kendra/latest/dg/ds-schemas.html#ds-s3

Bug Fixes

• cli: program execution fails without debug information (#28687) (8fbd385)
• cli: running the cli with --debug does not print stack traces (#28669) (dd04725)
• cloudformation-diff: Fix aws-sdk dependency issue (#28680) (109b2ab), closes #28679
• ec2: max iops value for io2 EBS volume is wrong (#28695) (a30a205), closes /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-volume.html#cfn-ec2
• ecs: EC2 metadata access is blocked when using EC2 capacity provider for autoscaling (#28437) (30a0d33), closes /github.com/aws/aws-cdk/blame/2d9de189e583186f2b77386ae4fcfff42c864568/packages/aws-cdk-lib/aws-ecs/lib/cluster.ts#L502-L504 #28270 #28270
• lambda: circular dependencies when EFS and Lambda are deployed in separate stacks (#28560) (6e9045f), closes /github.com/aws/aws-cdk/blob/dde59755cb71aee73a58f3b2c2068f2ae01e9b72/packages/aws-cdk-lib/aws-lambda/lib/function.ts#L1416 /github.com/aws/aws-cdk/blob/dde59755cb71aee73a58f3b2c2068f2ae01e9b72/packages/aws-cdk-lib/aws-ec2/lib/connections.ts#L157 /github.com/aws/aws-cdk/blob/dde59755cb71aee73a58f3b2c2068f2ae01e9b72/packages/aws-cdk-lib/aws-ec2/lib/security-group.ts#L84 /github.com/aws/aws-cdk/blob/dde59755cb71aee73a58f3b2c2068f2ae01e9b72/packages/aws-cdk-lib/aws-ec2/lib/connections.ts#L139 /github.com/aws/aws-cdk/blob/dde59755cb71aee73a58f3b2c2068f2ae01e9b72/packages/aws-cdk-lib/aws-ec2/lib/connections.ts#L141 #18759
• opensearchservice: OpenSearchAccessPolicy unnecessarily attempts to install latest sdk version (#28688) (d07deec)
• rds: RDS Parameter Group doesn't support custom removal policy (#28660) (617a595)

Reverts

• allowing log group config for SFN CR (#28699) (8a67f39), closes #27310

---

Alpha modules (2.122.0-alpha.0)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• appconfig: deploymentStrategyId prop in fromDeploymentStrategyId now takes a DeploymentStrategyId rather than a string. To import a predefined deployment strategy id, use DeploymentStrategyId.CANARY_10_PERCENT_20_MINUTES. Otherwise, use DeploymentStrategyId.fromString('abc123').
• appconfig: ApplicationProps.name renamed to ApplicationProps.applicationName
  • appconfig: EnvironmentProps.name renamed to EnvironmentProps.environmentName
  • appconfig: DeploymentStrategyProps.name renamed to DeploymentStrategyProps.deploymentStrategyName
  • appconfig: ExtensionProps.name renamed to ExtensionProps.extensionName

Bug Fixes

• amplify: addBranch fails synth with "cannot find entry file..." (#28658) (0f2b8f8), closes #27955 #28633 #28089
• appconfig: fromDeploymentStrategyId takes an enum-like class rather than a string (#28743) (2b59ed1), closes #28671
• appconfig: prefix names with resource name (#28742) (3960720), closes #28671

v2.121.1

Reverts

• allowing log group config for SFN CR (#28699) (f3f217e), closes #27310

---

Alpha modules (2.121.1-alpha.0)

v2.121.0

Features

• ec2: add dual stack vpc support (#28480) (754fd99), closes #894

---

Alpha modules (2.121.0-alpha.0)

v2.120.0

Features

• ecs: support for capacity provider managed instance draining (#28672) (cf97f47)

---

Alpha modules (2.120.0-alpha.0)

v2.119.0

Features

• certificatemanager: key algorithm support for PrivateCertificate and Certificate (#28597) (1822cc9), closes #22887
• cli: option to ignore no stacks (#28387) (37c79b9), closes #28371
• cloudwatch-actions: support alarm lambda action (#28484) (b9f4923), closes #28483
• codebuild: X-Large Linux compute type (#28642) (7912d88)
• opensearchservice: TLS security policy for TLS 1.3 and perfect forward secrecy (#28583) (9cf9baa)
• pipelines: expose crossRegionReplicationBuckets (#28447) (d184ac2), closes #28446
• rds: RDS for SQL Server 15.00.4345.5.v1 (#28614) (0f38b6e)
• rds: RDS for SQL Server 16 without a specific minor version (#28615) (382d261)
• signer: Notation-OCI-SHA384-ECDSA platform (#28612) (d7aa196), closes #28580
• update L1 CloudFormation resource definitions (#28613) (fdf4830)

Bug Fixes

• cli: cdk diff falsely reports resource replacements on trivial template changes (#28336) (10ed194)
• core: single-file bundling breaks due to left over temp dir (#28566) (a74aacf)
• ec2: passing keypair to instance unexpectedly does nothing (#28482) (22e6ce8), closes #28478
• ecs: unnecessary CloudWatch logs ResourcePolicy (#28495) (5f96d13), #22307 #20313
• stepfunctions: retry block in CustomState is always empty (#28598) (0042e53), closes #28586

---

Alpha modules (2.119.0-alpha.0)

Features

• neptune-alpha: engineVersion v1.3 (#28647) (957598b), closes #28648

v2.118.0

Features

• appsync: IntrospectionConfig property (#28500) (98ed6b3), closes #28429
• autoscaling: add support for InstanceRequirements property (#28464) (276e3a6), closes #28393
• cloudfront: CloudFront Function runtime property (#28099) (9b466ae), closes #28163
• cloudfront: Key Value Store L2 (#28473) (030db42), closes #28377
• codepipeline-actions: more convenient methods to CacheControl (#28491) (a59dc0c), closes #25477
• ecs: interactive option in ContainerDefinitionOptions (#28536) (1f9788f), closes #24326
• ecs: enable cluster to grant task protection API permissions to IAM entities (#28486) (9bc972b), closes #26233
• ecs: nvidia support to BottlerocketEcsVariant enum for gpu-accelerated tasks (#28488) (832e29a), closes #25980
• iam: validate roleName (#28509) (999c01a), closes #28502
• opensearchservice: ip address type for domain (#28497) (6b80338), closes #28436
• rds: timeout and timeoutAction properties to ServerlessCluster (#28534) (508825b), closes #27183
• rds: ClientPasswordAuthType property on DatabaseProxy (#28540) (669e6ff), closes #28415
• rds: new Aurora Postgres engine versions (#28508) (9d8b06f)
• stepfunctions-tasks: add timeout parameter for EmrCreateCluster (#28532) (ca91626), closes /github.com/aws/aws-cdk/pull/28529#discussion_r1438587964
• stepfunctions-tasks: add validations for EmrCreateCluster (#28529) (e0b725c)
• stepfunctions-tasks: additional allocation strategies for spot instance fleets in EmrCreateCluster (#28525) (94003ec)

Bug Fixes

• cli: direct deploy method fails when there are no updates (#28523) (dde5975), closes /github.com/aws/aws-cdk/blob/9d8b06f6478a98e01e3aaa86c1dbf22d6e861f05/packages/aws-cdk/lib/api/util/cloudformation.ts#L290-L296
• events: event bus fails with duplicate policy resource (#28521) (166967f), closes #27340 #28520
• iam: withConditions overrides Principal actions (#28510) (0b345c5), closes #28426
• rds: circular dependencies when creating multiple DatabaseProxies (#28471) (a12d9eb), closes /github.com/aws/aws-cdk/blob/cd54c4239ec29182e30fd91634505df560d6e5f8/packages/aws-cdk-lib/aws-rds/lib/cluster.ts#L446 #25633

---

Alpha modules (2.118.0-alpha.0)

Features

• glue: database description property (#27744) (cbac240), closes #27740
• glue-alpha: add cfn-glue-table-tableinput-parameters to Glue table construct (#27643) (8e15482)

Bug Fixes

• lambda-go: path with space breaks go build (#28554) (a8a639e), closes #28555

v2.117.0

Features

• update L1 CloudFormation resource definitions (#28489) (607dccb), closes /docs.aws.amazon.com/datasync/latest/userguide/working-with-locations.html#create-s3
• api-gateway-v2: Add method to generate flexible execute-api ARN (#28400) (0932027), closes #23301
• autoscaling: instance maintenance policy for AutoScalingGroup (#28092) (5eb2c26), closes #28042
• codebuild: Lambda compute for codebuild projects (#27934) (a4a4c6f), closes #28418
• core: option to disable cache for docker build (#27944) (84d81b6), closes #27916
• ec2: trn1 instance type (#28477) (ed02d5c)
• ecs: Implement method in ECS cluster to retrieve task ARN (#28381) (7635bbc), closes #26232
• ecs-patterns: support disabling CPU-based scaling and custom target utilization (#28315) (3cb3e02), closes #20706 #20706
• elasticloadbalancingv2: dualstack NetworkLoadBalancer (#27546) (e03a41f), closes /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-loadbalancer.html#cfn-elasticloadbalancingv2 #27538
• elasticloadbalancingv2: FIPS compliant SSL policy to ALB (#28479) (7bb72e1), closes #28455
• globalaccelerator: add support for ip addresses and type (#28055) (943abe8), closes #28051 #28209
• ses: synth-time naming validation for dedicatedIpPoolName (#28466) (be6ddb8), closes #28451

Bug Fixes

• core: core constructs fail with Error: Cannot find module '../dist/core/<file>.generated' (#28467) (cd54c42), closes #28251 #28465
• ecs-patterns: ApplicationMultipleTargetGroupsEc2Service ignores load balancer name (#28394) (9c0fecf), closes #23535

---

Alpha modules (2.117.0-alpha.0)

Bug Fixes

• lambda-python-alpha: bundling hash logic includes auth tokens in PIP urls, causing an unnecessary rebuild (#27903) (00331a7), closes #27331
• lambda-python-alpha: use function architecture (#18696) (#28449) (c724d27)