v0.31.0

Bug Fixes

• aws-ecs: expose readonly service on LoadBalancedEc2Service (#2395) (52af870), closes #2378
• ecs: correct logic of healthcheck command (#2462) (fa29d3b), closes #2461
• ecs: fix memoryReservationLimit in LoadBalancedEcsService (#2463) (6b50927), closes #2263
• lambda: allow grantInvoke with principals (#2391) (b3792aa)
• update jsii to 0.10.5 (#2482) (e4ec30a)
• update jsii to v10.0.4 (#2479) (1df4e2d), closes #2478

Code Refactoring

• convert "import" to "from" methods (#2456) (862ed7b), closes #2450 #2428 #2424 #2429 #2425 #2422 #2423 #89

Features

• bootstrap: allow specifying the toolkit staging bucket name (#2407) (3bfc641), closes #2390
• codebuild: add webhook Filter Groups. (#2319) (fd74d07), closes #1842
• elbv2: add fixed response support for application load balancers (#2328) (750bc8b)

BREAKING CHANGES

• all Foo.import static methods are now Foo.fromFooAttributes
• all FooImportProps structs are now called FooAttributes
• stepfunctions.StateMachine.export has been removed.
• ses.ReceiptRule.name is now ses.ReceiptRule.receiptRuleName
• ses.ReceiptRuleSet.name is now ses.ReceiptRuleSet.receiptRuleSetName
• secretsmanager.AttachedSecret is now called secretsmanager.SecretTargetAttachment to match service semantics
• ecr.Repository.export has been removed
• s3.Bucket.bucketUrl is now called s3.Bucket.bucketWebsiteUrl
• lambda.Version.functionVersion is now called lambda.Version.version
• ec2.SecurityGroup.groupName is now ec2.SecurityGroup.securityGroupName
• cognito.UserPoolClient.clientId is now cognito.UserPoolClient.userPoolClientId
• apigateway.IRestApiResource is now apigateway.IResource
• apigateway.IResource.resourcePath is now apigateway.IResource.path
• apigateway.IResource.resourceApi is now apigateway.IResource.restApi

v0.30.0

Bug Fixes

• cdk-dasm: fix bin for cdk-dasm (#2383) (760f518)

Code Refactoring

• awslint: construct-base-is-private, resource-attribute (#2349) (973b506), closes #2426 #2409

Features

• cdk-test: check API compatibility (#2356) (1642925), closes #145
• codepipeline: allow creation of GitHub Pipelines without source trigger (#2332) (ed39a8c)
• elbv2: add TLS listener for NLB (#2122) (71d694f)

BREAKING CHANGES

• s3.Bucket.domainName renamed to s3.Bucket.bucketDomainName.
• codedeploy.IXxxDeploymentConfig.deploymentConfigArn is now a property and not a method.
• ec2.SecurityGroupBase is now private
• ec2.VpcNetworkBase is now private
• kinesis.StreamBase is now private
• kms.EncryptionKeyBase is now private
• logs.LogGroupBase is now private
• ssm.ParameterBase is now private
• eks.ClusterBase is now private
• codebuild.ProjectBase is now private
• codecommit.RepositoryBase is now private
• codedeploy.ServerDeploymentGroupBase is now private
• eks.ClusterBase is now private
• lambda.LayerVersionBase is now private
• rds.DatabaseClusterBase is now private
• secretsmanager.SecretBase is now private
• ses.ReceiptRuleSetBase is now private
• codepipeline: the pollForSourceChanges property in GitHubSourceAction has been renamed to trigger, and its type changed from a boolean to an enum.

v0.29.0

Bug Fixes

• acm: enabled validation of certificates on the zone name (#2133) (f216f96)
• aws-apigateway: add integrationHttpMethod prop to AwsIntegration (#2160) (dfc6665), closes #2105
• aws-cloudwatch: remove workaround on optional DashboardName (6c73d8a), closes #213
• aws-ecs: fix default daemon deploymentConfig values (#2210) (c2e806b), closes #2209
• aws-ecs: handle long ARN formats for services (#2176) (66df1c8), closes #1849
• aws-lambda: fix circular dependency with lambda and codedeploy (#2236) (382da6a)
• certificatemanager: remove bundled lambda devdependencies (#2186) (6728b41)
• codebuild: add validation for Source when the badge property is true (#2242) (07812b2), closes #1749
• core: allow CfnMapping.findInMap to use pseudo functions/params (#2220) (464cb6f), closes #1363
• core: Use different symbol for Stack.isStack versus CfnReference.isCfnReference (#2305) (c1e41ed)
• decdk: set the timeout in the schema tests to 10 seconds. (#2250) (8521b6f)
• dynamodb: remove global secondary index limit (#2301) (43afa3a), closes #2262
• ecr: Fix typo in ImportRepository error message (#2217) (b7c9b21)
• elasticloadbalancingv2: dependency between ALB and logging bucket (#2221) (99e085d), closes #1633
• java-app-template: invoke app.run() (#2300) (47ff448), closes #2289 awslabs/jsii#456
• lambda: avoid OperationAbortedException when using log retention (#2237) (12a118c)
• s3: Add validations for S3 bucket names (#2256) (f810265), closes #1308
• servicediscovery: allow to register multiple instances on a service (#2207) (9f88696)
• toolkit: don't fail when terminal width is 0 (#2355) (9c2220c), closes #2253
• toolkit: fix broken confirmation prompt (#2333) (4112c84)
• toolkit: options requiring arguments fail if not supplied (#2197) (0f6ce56), closes #2192
• toolkit: remove metadata warning if region does not have resource (#2216) (22ed67c)
• toolkit: stop 'cdk doctor' from printing AWS_ variables (#2357) (6209c6b), closes #1931
• codebuild: remove oauthToken property from source (#2252) (8705af3), closes #2252 #2199
• aws-ec2: correct InstanceSize.Nano spelling (#2215) (d22a154), closes #2215 #2214

Features

• aws-dynamodb-global: global dynamodb tables (experimental) (#2251) (ec367c8)
• aws-events-targets: centralized module for cloudwatch event targets (#2343) (1069938)
• cdk-dasm: generate cdk code from cloudformation (#2244) (b707782)
• cloudwatch: add support for time ranges in dashboards (#2248) (18c1723)
• codebuild: add support for more images (#2233) (87b1ea0), closes #2079
• codepipeline: add ECS deploy Action. (#2050) (d46b814), closes #1386
• codepipeline: change to stand-alone Artifacts. (#2338) (b778e10)
• codepipeline: make the default CodePipeline Bucket have an encryption key (#2241) (ef9bba5), closes #1924
• core: verify CfnOutput has a value and fix VPC export (#2219) (9e87661), closes #2012
• events-targets: LambdaFunction (#2350) (48d536b), closes #1663
• ec2: add support for vpc endpoints (#2104) (bbb3f34)
• lambda: introduce a new kind of Code, CfnParametersCode. (#2027) (4247966)
• cfnspec: update CloudFormation resources to v2.30.0 (#2239) (aebcde5)
• toolkit: stage assets under .cdk.assets (#2182) (2f74eb4), closes #1716 #2096

BREAKING CHANGES

• cloudwatch: Renamed MetricCustomization to MetricOptions.
• codepipeline: CodePipeline Actions no longer have the outputArtifact and outputArtifacts properties.
• codepipeline: inputArtifact(s) and additionalInputArtifacts properties were renamed to input(s) and extraInputs.
• codepipeline: outputArtifactName(s) and additionalOutputArtifactNames properties were renamed to output(s) and extraOutputs.
• codepipeline: The classes CodeBuildBuildAction and CodeBuildTestAction were merged into one class CodeBuildAction.
• codepipeline: The classes JenkinsBuildAction and JenkinsTestAction were merged into one class JenkinsAction.
• events-targets: lambda.Function no longer implements IEventRuleTarget. Instead, use @aws-cdk/aws-events-targets.LambdaFunction.
• aws-events-targets: sns.Topic no longer implements IEventRuleTarget. Use @aws-cdk/aws-events-targets.SnsTopic instead.
• codebuild: codebuild.Project no longer implements IEventRuleTarget. Use @aws-cdk/aws-events-targets.CodeBuildProject.
• core: the cdk.Root construct has been removed. Use cdk.App instead.
• stepfunctions: In stepfunctions.WaitProps: the props seconds, timestamp, secondsPath and timestampPath are now duration of a union-like class WaitDuration (e.g. duration: WaitDuration.seconds(n))
• codedeploy: In ...

v0.28.0

Bug Fixes

• aws-ecs: use executionRole for event rule target (#2165) (aa6f7bc), closes #2015

• core: remove cdk.Secret (#2068) (b53d04d), closes #2064

• feat(aws-iam): refactor grants, add OrganizationPrincipal (#1623) (1bb8ca9), closes #1623 #236

Code Refactoring

• cdk: introduce SecretValue to represent secrets (#2161) (a3d9f2e)

Features

• codepipeline: move all of the Pipeline Actions to their dedicated package. (#2098) (b314ecf)
• codepipeline: re-factor the CodePipeline Action bind method to take a Role separately from the Pipeline. (#2085) (ffe0046)
• ec2: support reserving IP space in VPCs (#2090) (4819ff4)
• Add python support to cdk init (#2130) (997dbcc)
• ecs: support AWS Cloud Map (service discovery) (#2065) (4864cc8), closes #1554
• lambda: add a newVersion method. (#2099) (6fc179a)
• update CloudFormation resource spec to v2.29.0 (#2170) (ebc490d)

BREAKING CHANGES

• The secretsmanager.SecretString class has been removed in favor of cdk.SecretValue.secretsManager(id[, options])
• The following prop types have been changed from string to cdk.SecretValue: codepipeline-actions.AlexaSkillDeployAction.clientSecret, codepipeline-actions.AlexaSkillDeployAction.refreshToken, codepipeline-actions.GitHubSourceAction.oauthToken, iam.User.password
• secretsmanager.Secret.stringValue and jsonFieldValue have been removed. Use secretsmanage.Secret.secretValue and secretJsonValue instead.
• secretsmanager.Secret.secretString have been removed. Use cdk.SecretValue.secretsManager() or secretsmanager.Secret.import(..).secretValue.
• The class cdk.Secret has been removed. Use cdk.SecretValue instead.
• The class cdk.DynamicReference is no longer a construct, and it's constructor signature was changed and was renamed cdk.CfnDynamicReference.
• grant(function.role) and grant(project.role) are now grant(function) and grant(role).
• core: Replace use of cdk.Secret with secretsmanager.SecretString (preferred) or ssm.ParameterStoreSecureString.
• codepipeline: this changes the package of all CodePipeline Actions to be aws-codepipeline-actions.
• codepipeline: this moves all classes from the aws-codepipeline-api package to the aws-codepipeline package.
• codepipeline: this changes the CodePipeline Action naming scheme from .PipelineAction (s3.PipelineSourceAction) to codepipeline_actions.Action (codepipeline_actions.S3SourceAction).

v0.27.0

Highlights

• Python support (experimental)
• You can now run the CLI through npx cdk
• Make sure to go through the BREAKING CHANGES section below

Bug Fixes

• autoscaling: verify public subnets for associatePublicIpAddress (#2077) (1e3d41e)
• ec2: descriptive error message when selecting 0 subnets (#2025) (0de2206), closes #2011
• lambda: use Alias ARN directly (#2091) (bc40494)
• rds: remove Instance class (#2081) (6699fed)
• secretsmanager: allow templated string creation (#2010) (4e105a3)
• secretsmanager/ssm: verify presence of parameter name (#2066) (b93350f)
• serverless: rename aws-serverless to aws-sam (#2074) (4a82f13)
• stepfunctions: make Fail.error optional (#2042) (86e9d03)

Code Refactoring

• readonly struct properties and hide internals (#2106) (66dd228), closes awslabs/cdk-ops#321

Features

• toolkit:: new 'cdk' package to allow executing the cli through npx cdk (#2113) (32bca05)
• Python Support (#2009) (e6083fa)
• core: present reason for cyclic references (#2061) (e82e208)
• lambda: add support for log retention (#2067) (63132ec), closes #667 #667
• rds: cluster retention, reference KMS key by object (#2063) (99ab46d)
• secretsmanager/rds: support credential rotation (#2052) (bf79c82)
• toolkit: introduce the concept of auto-deployed Stacks. (#2046) (abacc66)

BREAKING CHANGES

• lambda: cloudWatchLogsRetentionTimeDays in @aws-cdk/aws-cloudtrail
  now uses a logs.RetentionDays instead of a LogRetention.
• core: stack._toCloudFormation method is now unavailable and is replaced by @aws-cdk/assert.SynthUtils.toCloudFormation(stack).
• rds: replaced kmsKeyArn: string by kmsKey: kms.IEncryptionKey in DatabaseClusterProps
• autoscaling: VpcNetwork.isPublicSubnet() has been renamed to
  VpcNetwork.isPublicSubnetIds().
• serverless: renamed aws-serverless to aws-sam
• ec2: vpcPlacement has been renamed to vpcSubnets
  on all objects, subnetsToUse has been renamed to subnetType.
  natGatewayPlacement has been renamed to natGatewaySubnets.
• All properties of all structs (interfaces that do not begin with an "I") are now readonly since it is passed by-value and not by-ref (Python is the first language to require that). This may impact code in all languages that assumed it is possible to mutate these structs. Let us know if this blocks you in any way.

v0.26.0

Bug Fixes

• aws-cdk: fix VpcNetwork.importFromContext() (#2008) (e1a1a7b), closes #1998
• aws-cdk: update F# template to latest CDK version (#2006) (bda12f2)
• cdk: merge cloudFormation tags with aspect tags (#1762) (bfb14b6), closes #1725
• cfn2ts: properly de-Tokenize L1 string-arrays (#2033) (1e50383), closes #2030
• core: allow embedding condition expression as strings (#2007) (6afa87f), closes #1984
• ecs: make TaskDefinition accept IRoles (#2034) (f32431a), closes #1925
• lambda: expose underlying function's role on the alias (#2024) (de296de)
• stepfunctions: Actually perform rendering of NotCondition (06b59d9)
• toolkit: 'cdk deploy' support updates to Outputs (#2029) (23509ae), closes #778
• toolkit: increase number of retries (#2053) (133dc98), closes #1647
• rename core classes adding a Cfn prefix (#1960) (5886bf6), closes #1462 #288

Code Refactoring

• name "toCloudFormation" internal (renamed to _toCloudFormation) (#2047) (515868b), closes #2044 #2016

Features

• aws-cdk: support fixed repository name for DockerImageAsset (#2032) (942f938)
• aws-rds: ability to add an existing security group to RDS cluster (#2021) (1f24336)
• cfn2ts: make cfn2ts output TSDoc-compatible docblocks (#2000) (c6c66e9)
• cfnspec: update to version 2.28.0 (#2035) (6a671f2)
• cloudformation: allow specifying additional inputs for deploy Actions (#2020) (2d463be), closes #1247
• core: can use Constructs to model applications (#1940) (32c2377), closes #1479
• ecs: support private registry authentication (#1737) (11ed691), closes #1698
• glue: add L2 resources for Database and Table (#1988) (3117cd3)
• region-info: Model region-specific information (#1839) (946b444), closes #1282
• servicediscovery: AWS Cloud Map construct library (#1804) (1187366)
• ses: add constructs for email receiving (#1971) (3790858)
• add more directories excluded and treated as source in the JetBrains script. (#1961) (a1df717)

BREAKING CHANGES

• “toCloudFormation” is now internal and should not be called directly. Instead use “app.synthesizeStack”
• ecs: ContainerImage.fromDockerHub has been renamed to ContainerImage.fromRegistry.
• rename Condition to CfnCondition.
• rename StackElement to CfnElement.
• rename Parameter to CfnParameter.
• rename Resource to CfnResource.
• rename Output to CfnOutput.
• rename Mapping to CfnMapping.
• rename Referenceable to CfnRefElement.
• rename IConditionExpression to ICfnConditionExpression.
• rename CfnReference to Reference.
• rename Rule to CfnRule.

v0.25.3

Bug Fixes

• aws-cloudtrail: correct created log policy when sendToCloudWatchLogs is true (#1966) (f06ff8e)
• aws-ec2: All SSM WindowsVersion entries (#1977) (85a1840)
• decdk: relax validation when not using constructs (#1999) (afbd591)

Features

• core: add fsharp init-template (#1912) (dfefb58)
• ec2: vpn metrics (#1979) (9319e13)

v0.25.2

Bug Fixes

• awslint: Don't fail if the @aws-cdk/cdk module is not present (#1953) (929e854)
• cdk-integ: Update cdk-integ to use new context file (#1962) (dbd2401)
• cloudfront: allow IBucket as CloudFront source (855f1f5), closes #1946
• cloudfront: pass viewerProtocolPolicy to the distribution's behaviors (#1932) (615ecd4)
• eks: remove 'const' from NodeType enum (#1970) (ac52989), closes #1969
• init: update the C# init sample with the new App API (#1919) (02f991d)

Features

• aws-certificatemanager: add DNSValidatedCertificate (#1797) (ae8870d), closes #605
• aws-ecs: add Fargate version 1.3.0 (#1968) (b529ad7)
• core: democratize synthesis and introduce artifacts (#1889) (4ab1cd3), closes #1716 #1893
• ec2: add support for vpn connections (#1899) (e150648), closes awslabs/jsii#231
• toolkit: add '--reuse-asset' option (#1918) (1767b61), closes #1916

v0.25.1

Bug Fixes

• toolkit: fix context passed in from command-line (#1939) (bec4a02), closes #1911

v0.25.0

Bug Fixes

• toolkit: Don't collect runtime information when versionReporting is disabled (#1890) (f827a88)
• aws-codepipeline: update CFN example. (#1653) (5dec01a)
• aws-s3-deployment: add setup.cfg to fix pip install bug on mac (#1826) (759c708)
• cdk: move apply() from Construct to ConstructNode (#1738) (642c8a6), closes #1732
• cloudtrail: addS3EventSelector does not expose all options (#1854) (5c3431b), closes #1841
• cloudtrail: Invalid resource for policy when using sendToCloudWatchLogs (#1851) (816cfc0), closes #1848
• cloudwatch: fix name of 'MetricAlarmProps' (#1765) (c87f09a), closes #1760
• codebuild: accept IRole instead of Role (#1781) (f08ca15), closes #1778
• codedeploy: LambdaDeploymentGroup now takes IRole (#1840) (f6adb7c), closes #1833
• codepipeline: allow providing Tokens as the physical name of the Pipeline. (#1800) (f6aea1b), closes #1788
• core: improve error message if construct names conflict (#1706) (0ea4a78)
• core: performance improvements (#1750) (77b516f)
• ecs: rename capacity adding methods (#1715) (e3738ac)
• elbv2: explicitly implement IApplicationTargetGroup (#1806) (828a2d7), closes #1799
• init: add new parameter to C# example (#1831) (c7b99d8)
• kms: have EncryptionKeyBase implement IEncryptionKey (#1728) (49080c6)
• lambda: Add 'provided' runtime (#1764) (73d5bef), closes #1761
• lambda: add region check for environment variables (#1690) (846ed9f)
• ssm: Generate correct SSM Parameter ARN (#1726) (39df456)
• toolkit: correctly reset context from the shell command (#1903) (58025c0)
• toolkit: correcty load cdk.json file without context (#1900) (7731565)
• toolkit: ignore hidden files for 'cdk init' (#1766) (afdd173), closes #1758
• toolkit: only fail if errors are on selected stacks (#1807) (9c0cf8d), closes #1784 #1783
• toolkit: support diff on multiple stacks (#1855) (72d2535)
• build: Npm ignores files and folders named "core" by default (#1767) (42876e7), closes npm/npm-packlist#24
• core: stack.partition is never scoped (#1763) (c968588)

Features

• apigateway: add support for MethodResponse to aws-apigateway. (#1572) (46236d9)
• autoscaling: bring your own IAM role (#1727) (2016b8d), closes #1701
• aws-eks: add construct library for EKS (#1655) (22fc8b9), closes #991
• cfnspec: manually add VPCEndpointService (#1734) (f782958), closes #1659
• codebuild: add support for setting the gitCloneDepth property on Project sources. (#1798) (5408a53), closes #1789
• core: Add construct.node.stack attribute (#1753) (a46cfd8), closes #798
• dynamodb: partitionKey and sortKey are now immutable (#1744) (63ae0b4)
• ecs: allow ECS to be used declaratively (#1745) (2480f0f), closes #1618
• kms: Allow opting out of "Retain" deletion policy (#1685) (7706302)
• lambda: allow specify event sources in props (#1746) (a84157d)
• lambda-event-sources: "api" event source (#1742) (5c11680)
• route53: Convenience API for creating zone delegations (#1853) (f974531), closes #1847
• sns: Support raw message delivery (#1827) (cc0a28c)
• ssm: allow referencing "latest" version of SSM parameter (#1768) (9af36af), closes #1587
• toolkit: improve docker build time in CI (#1776) (1060b95), closes #1748
• codepipelines: re-structure the CodePipeline Construct library API. (#1590) (3c3db07)
• decdk: Prototype for declarative CDK (decdk) (#1618) (8713ac6)

BREAKING CHANGES

• cloudtrail: The CloudTrail.addS3EventSelector accepts an options
  object instead of only a ReadWriteType value.
• codedeploy: If an existing role is provided to a LambdaDeploymentGroup,
  you will need to provide the assuming service principal (codedeploy.amazonaws.com)
  yourself.
• core:$$** 'Aws' class returns unscoped Tokens, introduce a
  new class 'ScopedAws' which returns scoped Tokens.
• ssm: Rename parameter.valueAsString =>
  parameter.stringValue, rename parameter.valueAsList =>
  parameter.stringListValue, rename ssmParameter.parameterValue =>
  ssmParameter.stringValue or ssmParameter.stringListValue depending
  on type, rename secretString.value => secretString.stringValue,
  rename secret.toSecretString() =>secret.secretString
• cloudwatch: Rename 'MetricAarmProps' => 'MetricAlarmProps'.
• core: Stack.find(c) and Stack.tryFind(c) were
  replaced by c.node.stack.
• **dynamo...