aws
diff --git a/‎CHANGELOG.v2.alpha.md‎
Lines changed: 12 additions & 0 deletions b/‎CHANGELOG.v2.alpha.md‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎CHANGELOG.v2.md‎
Lines changed: 32 additions & 0 deletions b/‎CHANGELOG.v2.md‎
Lines changed: 32 additions & 0 deletions
diff --git a/‎packages/@aws-cdk/aws-bedrock-alpha/bedrock/agents/agent-alias.ts‎
Lines changed: 7 additions & 0 deletions b/‎packages/@aws-cdk/aws-bedrock-alpha/bedrock/agents/agent-alias.ts‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎packages/@aws-cdk/aws-bedrock-alpha/bedrock/agents/agent.ts‎
Lines changed: 10 additions & 0 deletions b/‎packages/@aws-cdk/aws-bedrock-alpha/bedrock/agents/agent.ts‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎packages/@aws-cdk/aws-lambda-python-alpha/README.md‎
Lines changed: 17 additions & 4 deletions b/‎packages/@aws-cdk/aws-lambda-python-alpha/README.md‎
Lines changed: 17 additions & 4 deletions
diff --git a/‎packages/@aws-cdk/aws-lambda-python-alpha/lib/Dockerfile‎
Lines changed: 11 additions & 3 deletions b/‎packages/@aws-cdk/aws-lambda-python-alpha/lib/Dockerfile‎
Lines changed: 11 additions & 3 deletions
diff --git a/‎packages/@aws-cdk/aws-lambda-python-alpha/lib/bundling.ts‎
Lines changed: 12 additions & 2 deletions b/‎packages/@aws-cdk/aws-lambda-python-alpha/lib/bundling.ts‎
Lines changed: 12 additions & 2 deletions
diff --git a/‎packages/@aws-cdk/aws-lambda-python-alpha/lib/packaging.ts‎
Lines changed: 13 additions & 0 deletions b/‎packages/@aws-cdk/aws-lambda-python-alpha/lib/packaging.ts‎
Lines changed: 13 additions & 0 deletions
diff --git a/‎packages/@aws-cdk/aws-lambda-python-alpha/test/bundling.test.ts‎
Lines changed: 26 additions & 0 deletions b/‎packages/@aws-cdk/aws-lambda-python-alpha/test/bundling.test.ts‎
Lines changed: 26 additions & 0 deletions
@@ -2,6 +2,18 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [2.203.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.202.0-alpha.0...v2.203.0-alpha.0) (2025-07-01)
+
+
+### Features
+
+* **ec2:** support for client route enforcement for client VPN endpoint ([#34405](https://github.com/aws/aws-cdk/issues/34405)) ([063f4e7](https://github.com/aws/aws-cdk/commit/063f4e79d7416c52b622450222c5439e893ca74c))
+
+
+### Bug Fixes
+
+* **ec2:** don't use inferenceAccellerators in the constructors if not needed ([#34618](https://github.com/aws/aws-cdk/issues/34618)) ([054c6c5](https://github.com/aws/aws-cdk/commit/054c6c53982b8ba33ca31af6752b1662ed5752b8)), closes [#33505](https://github.com/aws/aws-cdk/issues/33505) [/github.com/aws/aws-cdk/issues/33505#issuecomment-2770818825](https://github.com/aws//github.com/aws/aws-cdk/issues/33505/issues/issuecomment-2770818825) [#34610](https://github.com/aws/aws-cdk/issues/34610)
+
 ## [2.202.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.201.0-alpha.0...v2.202.0-alpha.0) (2025-06-20)
 
 
 
@@ -2,6 +2,38 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [2.203.0](https://github.com/aws/aws-cdk/compare/v2.202.0...v2.203.0) (2025-07-01)
+
+
+### ⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES
+
+* **cloudformation:** Some L1 resources experienced breaking changes due to updated CloudFormation resources. Please check the notes for each specific module for more information.
+
+ - ***aws-cdk-lib.aws_kendra.CfnDataSource.TemplateConfigurationProperty***: `template` property here has changed from `string` to `json`
+
+### Features
+
+* **rds:** instance engine lifecycle support ([#34719](https://github.com/aws/aws-cdk/issues/34719)) ([bab7413](https://github.com/aws/aws-cdk/commit/bab74137f17bb0759b1a922d8e88df5c0f6e9bc1)), closes [#34492](https://github.com/aws/aws-cdk/issues/34492)
+* report feature flag configuration into Cloud Assembly ([#34798](https://github.com/aws/aws-cdk/issues/34798)) ([76af7dc](https://github.com/aws/aws-cdk/commit/76af7dc8b5bc80dcc00ad9f3bbf6dc8fecfec5c3))
+* **backup:** add support for ScheduleExpressionTimezone ([#34603](https://github.com/aws/aws-cdk/issues/34603)) ([8ceea43](https://github.com/aws/aws-cdk/commit/8ceea437e332d4a1339c26f13b59b424ef389135)), closes [#34532](https://github.com/aws/aws-cdk/issues/34532)
+* **cloudformation:** update L1 CloudFormation resource definitions ([#34839](https://github.com/aws/aws-cdk/issues/34839)) ([4c75889](https://github.com/aws/aws-cdk/commit/4c75889fb44e16bc5ef979c5c6d42390ddc0a17b))
+* **cloudwatch:** add account id field for log query and metric widgets to support cross account visibility ([#34793](https://github.com/aws/aws-cdk/issues/34793)) ([ac4d09d](https://github.com/aws/aws-cdk/commit/ac4d09d91bcedc4dca144ba68b1951cc12c9b70c)), closes [#26105](https://github.com/aws/aws-cdk/issues/26105)
+* **lambda:** function log removal policy ([#34723](https://github.com/aws/aws-cdk/issues/34723)) ([0388483](https://github.com/aws/aws-cdk/commit/0388483537bbd2f6fef4e8dd3156341a90ee9d68)), closes [#34669](https://github.com/aws/aws-cdk/issues/34669)
+* **pipelines:** cdk-assets version is configurable ([#34802](https://github.com/aws/aws-cdk/issues/34802)) ([a361c9c](https://github.com/aws/aws-cdk/commit/a361c9ce325f6d1f63a62c69d26af4ce6b2e12f3))
+* update L1 CloudFormation resource definitions ([#34792](https://github.com/aws/aws-cdk/issues/34792)) ([074cb8c](https://github.com/aws/aws-cdk/commit/074cb8c8502463e658ab009c5bebf5a84ad6555b))
+
+
+### Bug Fixes
+
+* **codecov:** update codecov-upload.yml ([#34845](https://github.com/aws/aws-cdk/issues/34845)) ([8055016](https://github.com/aws/aws-cdk/commit/805501692991825aa4949bf830fa40e4e1c4cd6b)), closes [/github.com/aws/aws-cdk/blob/main/codecov.yml#L35](https://github.com/aws//github.com/aws/aws-cdk/blob/main/codecov.yml/issues/L35)
+* **codecov:** update codecov-upload.yml action to upload report with correct path ([#34814](https://github.com/aws/aws-cdk/issues/34814)) ([705e76b](https://github.com/aws/aws-cdk/commit/705e76bf22da1e743f22428aab4c36f900b484e5))
+* **stepfunctions-tasks:** properly serialize CallAwsServiceCrossRegion Lambda responses ([#34843](https://github.com/aws/aws-cdk/issues/34843)) ([a4b15df](https://github.com/aws/aws-cdk/commit/a4b15df5d1669056947df757471ad0b921335f23)), closes [#34768](https://github.com/aws/aws-cdk/issues/34768)
+
+
+### Reverts
+
+*  "ci: add tool to sync with project board" ([#34817](https://github.com/aws/aws-cdk/issues/34817)) ([1965014](https://github.com/aws/aws-cdk/commit/1965014d1233b956fc2c6cbbdf72bfade9aaab5d)), closes [aws/aws-cdk#34776](https://github.com/aws/aws-cdk/issues/34776)
+
 ## [2.202.0](https://github.com/aws/aws-cdk/compare/v2.201.0...v2.202.0) (2025-06-20)
 
 
 
@@ -1,6 +1,8 @@
 import { ArnFormat, aws_bedrock as bedrock, IResource, Resource, Stack } from 'aws-cdk-lib';
 import * as events from 'aws-cdk-lib/aws-events';
 import * as iam from 'aws-cdk-lib/aws-iam';
+import { addConstructMetadata } from 'aws-cdk-lib/core/lib/metadata-resource';
+import { propertyInjectable } from 'aws-cdk-lib/core/lib/prop-injectable';
 import { Construct } from 'constructs';
 import { IAgent } from './agent';
 
@@ -186,7 +188,10 @@ export interface AgentAliasAttributes {
  * Class to create an Agent Alias with CDK.
  * @cloudformationResource AWS::Bedrock::AgentAlias
  */
+@propertyInjectable
 export class AgentAlias extends AgentAliasBase {
+  /** Uniquely identifies this class. */
+  public static readonly PROPERTY_INJECTION_ID: string = '@aws-cdk.aws-bedrock-alpha.AgentAlias';
   // ------------------------------------------------------
   // Imports
   // ------------------------------------------------------
@@ -229,6 +234,8 @@ export class AgentAlias extends AgentAliasBase {
   // ------------------------------------------------------
   constructor(scope: Construct, id: string, props: AgentAliasProps) {
     super(scope, id);
+    // Enhanced CDK Analytics Telemetry
+    addConstructMetadata(this, props);
 
     // ------------------------------------------------------
     // Set properties or defaults
 
@@ -6,6 +6,8 @@ import * as events from 'aws-cdk-lib/aws-events';
 import * as iam from 'aws-cdk-lib/aws-iam';
 import * as kms from 'aws-cdk-lib/aws-kms';
 import * as s3 from 'aws-cdk-lib/aws-s3';
+import { addConstructMetadata, MethodMetadata } from 'aws-cdk-lib/core/lib/metadata-resource';
+import { propertyInjectable } from 'aws-cdk-lib/core/lib/prop-injectable';
 import { Construct, IConstruct } from 'constructs';
 // Internal Libs
 import { AgentActionGroup } from './action-group';
@@ -333,7 +335,11 @@ export interface AgentAttributes {
  * Class to create (or import) an Agent with CDK.
  * @cloudformationResource AWS::Bedrock::Agent
  */
+@propertyInjectable
 export class Agent extends AgentBase implements IAgent {
+  /** Uniquely identifies this class. */
+  public static readonly PROPERTY_INJECTION_ID: string = '@aws-cdk.aws-bedrock-alpha.Agent';
+
   /**
    * Static Method for importing an existing Bedrock Agent.
    */
@@ -429,6 +435,8 @@ export class Agent extends AgentBase implements IAgent {
   // ------------------------------------------------------
   constructor(scope: Construct, id: string, props: AgentProps) {
     super(scope, id);
+    // Enhanced CDK Analytics Telemetry
+    addConstructMetadata(this, props);
 
     // ------------------------------------------------------
     // Validate props
@@ -580,6 +588,7 @@ export class Agent extends AgentBase implements IAgent {
    * - Lambda function invoke permissions if executor is present
    * - S3 GetObject permissions if apiSchema.s3File is present
    */
+  @MethodMetadata()
   public addActionGroup(actionGroup: AgentActionGroup) {
     validation.throwIfInvalid(this.validateActionGroup, actionGroup);
     this.actionGroups.push(actionGroup);
@@ -640,6 +649,7 @@ export class Agent extends AgentBase implements IAgent {
    *
    * @default - No collaboration configuration.
    */
+  @MethodMetadata()
   public addActionGroups(...actionGroups: AgentActionGroup[]) {
     actionGroups.forEach(ag => this.addActionGroup(ag));
   }
 
@@ -65,22 +65,23 @@ new python.PythonFunction(this, 'MyFunction', {
 
 ## Packaging
 
-If `requirements.txt`, `Pipfile` or `poetry.lock` exists at the entry path, the construct will handle installing all required modules in a [Lambda compatible Docker container](https://gallery.ecr.aws/sam/build-python3.7) according to the `runtime` and with the Docker platform based on the target architecture of the Lambda function.
+If `requirements.txt`, `Pipfile`, `uv.lock` or `poetry.lock` exists at the entry path, the construct will handle installing all required modules in a [Lambda compatible Docker container](https://gallery.ecr.aws/sam/build-python3.13) according to the `runtime` and with the Docker platform based on the target architecture of the Lambda function.
 
 Python bundles are only recreated and published when a file in a source directory has changed.
 Therefore (and as a general best-practice), it is highly recommended to commit a lockfile with a
 list of all transitive dependencies and their exact versions. This will ensure that when any dependency version is updated, the bundle asset is recreated and uploaded.
 
-To that end, we recommend using [`pipenv`] or [`poetry`] which have lockfile support.
+To that end, we recommend using [`pipenv`], [`uv`] or [`poetry`] which have lockfile support.
 
 - [`pipenv`](https://pipenv-fork.readthedocs.io/en/latest/basics.html#example-pipfile-lock)
 - [`poetry`](https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control)
+- [`uv`](https://docs.astral.sh/uv/concepts/projects/sync/#exporting-the-lockfile)
 
 Packaging is executed using the `Packaging` class, which:
 
 1. Infers the packaging type based on the files present.
-2. If it sees a `Pipfile` or a `poetry.lock` file, it exports it to a compatible `requirements.txt` file with credentials (if they're available in the source files or in the bundling container).
-3. Installs dependencies using `pip`.
+2. If it sees a `Pipfile`, `uv.lock` or a `poetry.lock` file, it exports it to a compatible `requirements.txt` file with credentials (if they're available in the source files or in the bundling container).
+3. Installs dependencies using `pip` or `uv`.
 4. Copies the dependencies into an asset that is bundled for the Lambda package.
 
 **Lambda with a requirements.txt**
@@ -109,6 +110,18 @@ Packaging is executed using the `Packaging` class, which:
 ├── poetry.lock # your poetry lock file has to be present at the entry path
 ```
 
+**Lambda with a uv.lock**
+
+Reference: https://docs.astral.sh/uv/concepts/projects/layout/
+
+```plaintext
+.
+├── lambda_function.py # exports a function named 'handler'
+├── pyproject.toml # your poetry project definition
+├── uv.lock # your uv lock file has to be present at the entry path
+├── .python-version # this file is ignored, python version is configured via Runtime
+```
+
 **Excluding source files**
 
 You can exclude files from being copied using the optional bundling string array parameter `assetExcludes`:
 
@@ -9,6 +9,7 @@ ARG HTTPS_PROXY
 # pipenv 2022.4.8 is the last version with Python 3.6 support
 ARG PIPENV_VERSION=2022.4.8
 ARG POETRY_VERSION=1.5.1
+ARG UV_VERSION=0.6.9
 
 # Add virtualenv path
 ENV PATH="/usr/app/venv/bin:$PATH"
@@ -19,6 +20,9 @@ ENV PIP_CACHE_DIR=/tmp/pip-cache
 # set the poetry cache
 ENV POETRY_CACHE_DIR=/tmp/poetry-cache
 
+# set the uv cache
+ENV UV_CACHE_DIR=/tmp/uv-cache
+
 RUN \
 # create a new virtualenv for python to use
 # so that it isn't using root
@@ -33,10 +37,14 @@ RUN \
     mkdir /tmp/poetry-cache && \
 # Ensure all users can write to poetry cache
     chmod -R 777 /tmp/poetry-cache && \
-# Install pipenv and poetry
-    pip install pipenv==$PIPENV_VERSION poetry==$POETRY_VERSION && \
+# Create a new location for the uv cache
+    mkdir /tmp/uv-cache && \
+# Ensure all users can write to uv cache
+    chmod -R 777 /tmp/uv-cache && \
+# Install pipenv, poetry and uv
+    pip install pipenv==$PIPENV_VERSION poetry==$POETRY_VERSION uv==${UV_VERSION} && \
 # Ensure no temporary files remain in the caches
-    rm -rf /tmp/pip-cache/* /tmp/poetry-cache/*
+    rm -rf /tmp/pip-cache/* /tmp/poetry-cache/* /tmp/uv-cache/*
 
 # Setting a non-root user to run default command, 
 # This will be overridden later when the Docker container is running, using either the local OS user or props.user.
 
@@ -122,15 +122,25 @@ export class Bundling implements CdkBundlingOptions {
     const packaging = Packaging.fromEntry(options.entry, options.poetryIncludeHashes, options.poetryWithoutUrls);
     let bundlingCommands: string[] = [];
     bundlingCommands.push(...options.commandHooks?.beforeBundling(options.inputDir, options.outputDir) ?? []);
-    const exclusionStr = options.assetExcludes?.map(item => `--exclude='${item}'`).join(' ');
+
+    const excludes = options.assetExcludes ?? [];
+    if (packaging.dependenciesFile == DependenciesFile.UV && !excludes.includes('.python-version')) {
+      excludes.push('.python-version');
+    }
+
+    const exclusionStr = excludes.map(item => `--exclude='${item}'`).join(' ');
     bundlingCommands.push([
       'rsync', '-rLv', exclusionStr ?? '', `${options.inputDir}/`, options.outputDir,
     ].filter(item => item).join(' '));
     bundlingCommands.push(`cd ${options.outputDir}`);
     bundlingCommands.push(packaging.exportCommand ?? '');
-    if (packaging.dependenciesFile) {
+
+    if (packaging.dependenciesFile == DependenciesFile.UV) {
+      bundlingCommands.push(`uv pip install -r ${DependenciesFile.PIP} --target ${options.outputDir}`);
+    } else if (packaging.dependenciesFile) {
       bundlingCommands.push(`python -m pip install -r ${DependenciesFile.PIP} -t ${options.outputDir}`);
     }
+
     bundlingCommands.push(...options.commandHooks?.afterBundling(options.inputDir, options.outputDir) ?? []);
     return bundlingCommands;
   }
 
@@ -5,6 +5,7 @@ export enum DependenciesFile {
   PIP = 'requirements.txt',
   POETRY = 'poetry.lock',
   PIPENV = 'Pipfile.lock',
+  UV = 'uv.lock',
   NONE = '',
 }
 
@@ -79,6 +80,16 @@ export class Packaging {
     });
   }
 
+  /**
+   * Packaging with `uv`.
+   */
+  public static withUv() {
+    return new Packaging({
+      dependenciesFile: DependenciesFile.UV,
+      exportCommand: `uv export --frozen --no-emit-workspace --no-dev --no-editable -o ${DependenciesFile.PIP}`,
+    });
+  }
+
   /**
    * No dependencies or packaging.
    */
@@ -93,6 +104,8 @@ export class Packaging {
       return this.withPoetry({ poetryIncludeHashes, poetryWithoutUrls });
     } else if (fs.existsSync(path.join(entry, DependenciesFile.PIP))) {
       return this.withPip();
+    } else if (fs.existsSync(path.join(entry, DependenciesFile.UV))) {
+      return this.withUv();
     } else {
       return this.withNoPackaging();
     }
 
@@ -582,3 +582,29 @@ test('with command hooks', () => {
     }),
   }));
 });
+
+test('Bundling a function with uv dependencies', () => {
+  const entry = path.join(__dirname, 'lambda-handler-uv');
+
+  const assetCode = Bundling.bundle({
+    entry: path.join(entry, '.'),
+    runtime: Runtime.PYTHON_3_13,
+    outputPathSuffix: 'python',
+  });
+
+  expect(Code.fromAsset).toHaveBeenCalledWith(entry, expect.objectContaining({
+    bundling: expect.objectContaining({
+      command: [
+        'bash', '-c',
+        "rsync -rLv --exclude='.python-version' /asset-input/ /asset-output/python && cd /asset-output/python && uv export --frozen --no-emit-workspace --no-dev --no-editable -o requirements.txt && uv pip install -r requirements.txt --target /asset-output/python",
+      ],
+    }),
+  }));
+
+  const files = fs.readdirSync(assetCode.path);
+  expect(files).toContain('index.py');
+  expect(files).toContain('pyproject.toml');
+  expect(files).toContain('uv.lock');
+  // Contains hidden files.
+  expect(files).toContain('.ignorefile');
+});