-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(ec2): can define Launch Templates (not use them yet) #12385
Conversation
This provides an initial implementation of a level 2 construct for EC2 Launch Templates.
/** | ||
* Properties of a LaunchTemplate. | ||
*/ | ||
export interface LaunchTemplateProps { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I defaulted with making all of the properties optional, since they all are completely optional in a Launch Template. Oddly, it is valid to create a completely empty Launch Template.
My thinking is that the PR is a good place to have a discussion regarding how opinionated the CDK's L2 should be regarding which properties are optional and which are not.
Four of the CloudFormation resources that can make use of LaunchTemplates are:
- EC2::EC2Fleet -- Uses an array of them, where each element of the array can override some of the LaunchTemplate values.
- EC2::SpotFleet -- Similar to EC2::Fleet in that it can use an array of LaunchTemplates, but the values that can be overriden are different.
- EC2::Instance -- Can use a single launch template, and the properties (ex: machine image) defined by the Launch Template are overriden by defining the equivalent top-level property in the EC2::Instance resource.
- AutoScaling::AutoScalingGroup -- Can use either a single Launch Template with no overrides. Or a mixed instances policy which uses a single launch template as a base template, but may optionally provide an override launch template for each element of an array of instance types.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is one of the reasons we ourselves have been getting stuck implementing it in the CDK. It just seems so open-ended and anything can be overridden at any point.
Thanks for this list! This is super helpful.
* | ||
* @default - This Launch Template does not specify a default AMI. | ||
*/ | ||
readonly machineImage?: IMachineImage; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A reasonable argument could be probably made for making this a required property; it would allow us to always provide a default userData and mimic the osType
+ userData
interface that is available on the Instance and AutoScalingGroup L2s.
Of the four uses of launch templates that are identified above, the Instance and AutoScalingGroup could both potentially provide a value for a machineImage outside of a particular launch template, but the later needs to provide the override using a launch template.
I'm not familiar enough with launch template use-cases to make a strong argument one way or the other; not sure if there are any uses that get broken if we make this required.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's do it like this and see where it breaks.
I'll 100% give you that the moment we make this required, someone will come by and say "but I use Launch Templates to give all my instances the same networking configuration but then configure the AMI on the Instance
class".
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
True enough. Let's leave it as optional.
roles: [this.role.roleName], | ||
}); | ||
|
||
if (props?.securityGroup) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems to be the only property of a LaunchTemplate that could tie it to a specific VPC. So, though it might be nice to be able to create one by default if we're not provided one, the lack of a VPC property on the LaunchTemplate prevents that.
The IConnectable
interface is really useful, so it seems sensible to me to want to have the L2 LaunchTemplate implement the interface. However, the inability to create a default security group makes the case of not being provided a security group a little weird -- you end up with a Connections object that has no actual security group(s) in it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see how it will be useful, but I'm still a little hesitant to create one automatically--especially as I can see use cases for Launch Templates where people don't want those (they will use LTs to set Spot Pricing for all instances but then create SGs for individual instances... or something).
I guess we can't!
Annotations.of(this).addError('Spot block duration must be exactly 1, 2, 3, 4, 5, or 6 hours.'); | ||
} | ||
|
||
this.role = props?.role ?? new iam.Role(this, 'Role', { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hrm. I'm thinking that it might not have been a good idea to default-create a Role for the launch template. Unfortunately, not doing so makes implementing IGrantable
impossible.
Reason for not creating it would be a potential use-case for LaunchTemplate within the LaunchTemplate spec of an ASG's MixedInstancesPolicy whereby the user provides a base LaunchTemplate that defines all of the common stuff (Role, UserData, AMI, etc) but then selectively overrides some of the non-Role fields (ex: AMI, CpuOptions, Placement) for certain instance types. If we default-create a Role, always, in the L2 then that sort of use-case ends up with the selective-override templates overriding the instance Role.
On the other hand, a user could simply pass the role from the base LaunchTemplate into the override LaunchTemplates in that case. Sure, the override templates would be defining a Role but it would be the same Role as in the base template -- so, functionally equivalent.
Thoughts? Opinions?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
On the surface, it seems that it might be possible to use a LazyRole
here, and use a Lazy
to create the CfnInstanceProfile
only if the LazyRole
has a statement, policy, or managed policy attached. Or if the LazyRole
has been instantiated, I suppose.
That's, perhaps, a little sketchy though.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah let's keep it as simple as we can for now, until we get a better grip on this.
Let's let LaunchTemplates
do as little as possible, except just hold on to some common objects/variables.
Any method that would normally interact with those unset members can throw an exception for all I care. Let's see where that takes us. It's easier to add magic in than to take it out later.
this.userData = props?.machineImage.getImage(this).userData; | ||
} | ||
const userDataToken = this.userData ? | ||
Lazy.string({ produce: () => Fn.base64(this.userData!.render()) }) : |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Similar reasoning to that, above, for not providing a default role... I'm thinking that this should probably be modified to set UserData
to undefined if this.userData
has no actual commands in it. i.e. Still automatically create this.userData
, but have the Lazy
generate undefined
if that userData would be empty.
Thoughts? Opinions?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems finicky. We'd have to introduce the concept of emptiness to a UserData first, as they won't necessarily render as empty, they might render to ""
, to "<powershell></powershell>"
or even more complex for a MIME UserData.
Let's just say you have to specify it to start with.
/** | ||
* Properties of a LaunchTemplate. | ||
*/ | ||
export interface LaunchTemplateProps { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is one of the reasons we ourselves have been getting stuck implementing it in the CDK. It just seems so open-ended and anything can be overridden at any point.
Thanks for this list! This is super helpful.
* | ||
* @default - This Launch Template does not specify a default AMI. | ||
*/ | ||
readonly machineImage?: IMachineImage; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's do it like this and see where it breaks.
I'll 100% give you that the moment we make this required, someone will come by and say "but I use Launch Templates to give all my instances the same networking configuration but then configure the AMI on the Instance
class".
* assumedBy: new iam.ServicePrincipal('ec2.amazonaws.com') | ||
* }); | ||
* | ||
* @default - A new Role is created. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wait, is it though?
Shouldn't this be just as optional as all the other fields, and not create anything by default to not mess with the downstream consumers too much?
* | ||
* @default No tags are specified. | ||
*/ | ||
readonly tagSpecifications?: LaunchTemplateTagSpecification[]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tags will have to be implemented in core and in cfn2ts
, to integrate with the aspect-based tagging (by doing it at the L1 level).
To start, let's take tagging out of this PR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Took a look at it... Looks to be a pretty monumental undertaking to add tagging support. That'll have to go on the CDK team's backlog.
LaunchTemplate tagging really does not look like it will integrate well with the current tagging abstractions. There is no tag
field on the LaunchTemplate (i.e. the template itself is not taggable), but rather a tagSpecification
member within the launchTemplateData
field that has its own unique format. i.e. It does not implement anything resembling ITaggable
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Addition... Perhaps I'm being too clever/hacky, but I figured out a way to get the L2 LaunchTemplate to interact with tagging aspects without having to make any changes to CDK core.
// ============================================ | ||
// Members for ILaunchTemplate interface | ||
/** | ||
* @inheritdoc |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fairly sure @inheritdoc
is not necessary.
roles: [this.role.roleName], | ||
}); | ||
|
||
if (props?.securityGroup) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see how it will be useful, but I'm still a little hesitant to create one automatically--especially as I can see use cases for Launch Templates where people don't want those (they will use LTs to set Spot Pricing for all instances but then create SGs for individual instances... or something).
I guess we can't!
|
||
// ============================================= | ||
|
||
constructor(scope: Construct, id: string, props?: LaunchTemplateProps) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you declare this as props: LaunchTemplateProps = {}
it saves a bunch of props?.
operators in this method.
}); | ||
|
||
this.userData = props?.userData; | ||
if (!this.userData !== undefined && props?.machineImage !== undefined) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
!this.userData !== undefined
I'm not sure the precedences work out correctly here.
But isn't the following just as easy:
this.userData = props.userData ?? props.machineImage?.getImage(this).userData
this.userData = props?.machineImage.getImage(this).userData; | ||
} | ||
const userDataToken = this.userData ? | ||
Lazy.string({ produce: () => Fn.base64(this.userData!.render()) }) : |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems finicky. We'd have to introduce the concept of emptiness to a UserData first, as they won't necessarily render as empty, they might render to ""
, to "<powershell></powershell>"
or even more complex for a MIME UserData.
Let's just say you have to specify it to start with.
* @param construct the instance/asg construct, used to host any warning | ||
* @param blockDevices list of block devices | ||
*/ | ||
function synthesizeBlockDeviceMappings<RT, NDT>(construct: Construct, blockDevices: BlockDevice[], noDeviceValue: NDT): RT[] { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As good as there! Minor comments, after those are addressed I'm totally ready to ship this.
const iamProfile: iam.CfnInstanceProfile | undefined = this._role ? new iam.CfnInstanceProfile(this, 'Profile', { | ||
roles: [this._role!.roleName], | ||
}) : undefined; | ||
const iamProfileToken = Lazy.string({ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This feels like it doesn't need to be lazy?
const iamProfileToken = iamProfile?.getAtt('Arn').toString();
?
Or if you MUST have that the type will be string
instead of string | undefined
(although why would you):
const iamProfileToken = iamProfile ? iamProfile.getAtt('Arn').toString() : Token.asString(undefined);
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, I got a little carried away with the Lazy
uses :-)
} | ||
|
||
this.tags = new TagManager(TagType.KEY_VALUE, 'AWS::EC2::LaunchTemplate'); | ||
const tagsToken = Lazy.any({ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Clever. Doesn't look too horrible. It may be unexpected that the L2 is taggable while the L1 isn't. But I can live with this, and if we have tests on it we can always refactor later.
*/ | ||
public get connections(): Connections { | ||
if (!this._connections) { | ||
throw new Error('connections not available on LaunchTemplate. You must provide a securityGroup when constructing the LaunchTemplate to make it available.'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe phrase this in terms of APIs the end user would see (as opposed to APIs the author would see):
LaunchTemplate can only be used as IConnectable if a securityGroup is provided...
*/ | ||
public get grantPrincipal(): iam.IPrincipal { | ||
if (!this._role) { | ||
throw new Error('grantPrincipal not available on LaunchTemplate. You must provide a role when constructing the LaunchTemplate to make it available.'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same here:
LaunchTemplate can only be used as IGrantable if...
* | ||
* @note Only available if you provide a role when constructing the LaunchTemplate. | ||
*/ | ||
public get role(): iam.IRole { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since the role
property isn't really implementing a protocol such as IGrantable
or IConnectable
, I'd be fine surfacing the reality here. Declare this just as
public readonly role?: iam.IRole;
And users can deal with the fact that it might or might not be set.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Because also: think about how Instance
would consume this.
It needs to do something like:
if (props.role) {
instanceRole = props.role;
} else if (!launchTemplate.role) { // <--- this should not throw then otherwise I can't inspect it
instanceRole = new iam.Role(...);
}
to make sure the instance ends up with an instance profile.
* | ||
* @note Only available if you provide a machineImage when constructing the LaunchTemplate | ||
*/ | ||
public get osType(): OperatingSystemType { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I thiiiiink... this might also benefit from just being able to be optional, like role
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, I agree. I'll switch all except for grantPrincipal and connection into just plain properties instead of getters.
* | ||
* @note Only available if you provide a machineImage or UserData when constructing the LaunchTemplate. | ||
*/ | ||
public get userData(): UserData { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And I think userData
as well...
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
This provides an initial implementation of a level 2 construct for EC2 Launch Templates. It is a start that is intended to help get the ball rolling on implementation of Launch Template support within the CDK. It is a step towards resolving aws#6734 Launch Templates have value even without the integrations into Instance and AutoScalingGroup being implemented yet. Thus, the intention with this PR is to solely implement the L2 for LaunchTemplate. Future work in a separate PR would be required to implement its integration into Instance, AutoScalingGroup, and others. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This provides an initial implementation of a level 2 construct for EC2 Launch Templates. It is a start that is intended to help get the ball rolling on implementation of Launch Template support within the CDK. It is a step towards resolving aws#6734 Launch Templates have value even without the integrations into Instance and AutoScalingGroup being implemented yet. Thus, the intention with this PR is to solely implement the L2 for LaunchTemplate. Future work in a separate PR would be required to implement its integration into Instance, AutoScalingGroup, and others. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This provides an initial implementation of a level 2 construct for EC2 Launch Templates. It is a start that is intended to help get the ball rolling on implementation of Launch Template support within the CDK. It is a step towards resolving aws#6734 Launch Templates have value even without the integrations into Instance and AutoScalingGroup being implemented yet. Thus, the intention with this PR is to solely implement the L2 for LaunchTemplate. Future work in a separate PR would be required to implement its integration into Instance, AutoScalingGroup, and others. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This provides an initial implementation of a level 2 construct for EC2 Launch Templates. It is a start that is intended to help get the ball rolling on implementation of Launch Template support within the CDK. It is a step towards resolving aws#6734 Launch Templates have value even without the integrations into Instance and AutoScalingGroup being implemented yet. Thus, the intention with this PR is to solely implement the L2 for LaunchTemplate. Future work in a separate PR would be required to implement its integration into Instance, AutoScalingGroup, and others. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…chineImege is provided (#23593) closes #23592 Reading through the discussion in PR #12385, which introduced the original code, I could not find any reason not to create userData when machineImage is provided. They also agreed with the design [here](#12385 (comment)), but it seems it accidentally became out of scope at the time. This change should not be considered as a breaking change because we are just adding empty userData to launchTemplates whose userData is not specified explicitly, and it will not have any effect on the existing behavior. * Users who already sets a userData explicitly: * will not see any change to their synthesized template, as this PR only modifies userData when it is not set explicitly. * Users who is not using userData: * will see a userData is added to their template. But the userData is empty and does nothing. It should not have any effect on the previous behavior. ---- ### All Submissions: * [X] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Construct Runtime Dependencies: * [ ] This PR adds new construct runtime dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-construct-runtime-dependencies) ### New Features * [X] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [X] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…chineImege is provided (aws#23593) closes aws#23592 Reading through the discussion in PR aws#12385, which introduced the original code, I could not find any reason not to create userData when machineImage is provided. They also agreed with the design [here](aws#12385 (comment)), but it seems it accidentally became out of scope at the time. This change should not be considered as a breaking change because we are just adding empty userData to launchTemplates whose userData is not specified explicitly, and it will not have any effect on the existing behavior. * Users who already sets a userData explicitly: * will not see any change to their synthesized template, as this PR only modifies userData when it is not set explicitly. * Users who is not using userData: * will see a userData is added to their template. But the userData is empty and does nothing. It should not have any effect on the previous behavior. ---- ### All Submissions: * [X] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Construct Runtime Dependencies: * [ ] This PR adds new construct runtime dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-construct-runtime-dependencies) ### New Features * [X] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [X] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…chineImege is provided (aws#23593) closes aws#23592 Reading through the discussion in PR aws#12385, which introduced the original code, I could not find any reason not to create userData when machineImage is provided. They also agreed with the design [here](aws#12385 (comment)), but it seems it accidentally became out of scope at the time. This change should not be considered as a breaking change because we are just adding empty userData to launchTemplates whose userData is not specified explicitly, and it will not have any effect on the existing behavior. * Users who already sets a userData explicitly: * will not see any change to their synthesized template, as this PR only modifies userData when it is not set explicitly. * Users who is not using userData: * will see a userData is added to their template. But the userData is empty and does nothing. It should not have any effect on the previous behavior. ---- ### All Submissions: * [X] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Construct Runtime Dependencies: * [ ] This PR adds new construct runtime dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-construct-runtime-dependencies) ### New Features * [X] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [X] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…chineImege is provided (aws#23593) closes aws#23592 Reading through the discussion in PR aws#12385, which introduced the original code, I could not find any reason not to create userData when machineImage is provided. They also agreed with the design [here](aws#12385 (comment)), but it seems it accidentally became out of scope at the time. This change should not be considered as a breaking change because we are just adding empty userData to launchTemplates whose userData is not specified explicitly, and it will not have any effect on the existing behavior. * Users who already sets a userData explicitly: * will not see any change to their synthesized template, as this PR only modifies userData when it is not set explicitly. * Users who is not using userData: * will see a userData is added to their template. But the userData is empty and does nothing. It should not have any effect on the previous behavior. ---- ### All Submissions: * [X] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Construct Runtime Dependencies: * [ ] This PR adds new construct runtime dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-construct-runtime-dependencies) ### New Features * [X] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [X] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [Amazon.CDK.Lib](https://togithub.com/aws/aws-cdk) | nuget | minor | `2.46.0` -> `2.70.0` | --- ### Release Notes <details> <summary>aws/aws-cdk</summary> ### [`v2.70.0`](https://togithub.com/aws/aws-cdk/releases/v2.70.0) ##### Features - **cfnspec:** cloudformation spec v116.0.0 ([#​24662](https://togithub.com/aws/aws-cdk/issues/24662)) ([e8158af](https://togithub.com/aws/aws-cdk/commit/e8158af34eb6402c79edbc171746fb5501775c68)) - **cloudwatch:** added defaultInterval prop to cw-dashboard ([#​24707](https://togithub.com/aws/aws-cdk/issues/24707)) ([d4717cf](https://togithub.com/aws/aws-cdk/commit/d4717cf035c9f7027d8081ea1f15a631044315e8)) - **ec2:** CFN-init support for systemd ([#​24683](https://togithub.com/aws/aws-cdk/issues/24683)) ([f3fe8e1](https://togithub.com/aws/aws-cdk/commit/f3fe8e1c4348194f89b47a276e6c85328b1044fa)) - **ec2:** SSM sessions ([#​24673](https://togithub.com/aws/aws-cdk/issues/24673)) ([9744a82](https://togithub.com/aws/aws-cdk/commit/9744a8295fab28f1e8c38a0b980935f7546990e6)) - **ecr:** add option to auto delete images upon ECR repository removal ([#​24572](https://togithub.com/aws/aws-cdk/issues/24572)) ([7de5b00](https://togithub.com/aws/aws-cdk/commit/7de5b00dcf24c4f6721317860c7e42c485e3ca58)), closes [#​15932](https://togithub.com/aws/aws-cdk/issues/15932) [#​12618](https://togithub.com/aws/aws-cdk/issues/12618) [#​15932](https://togithub.com/aws/aws-cdk/issues/15932) - **elasticloadbalancing:** classic load balancer supports ec2 instances ([#​24353](https://togithub.com/aws/aws-cdk/issues/24353)) ([25b6edd](https://togithub.com/aws/aws-cdk/commit/25b6edd9d83e4766a2cb064b8eb8e3c6198b4f53)), closes [#​23500](https://togithub.com/aws/aws-cdk/issues/23500) - **servicecatalogappregistry-alpha:** Introduce flag to control application sharing and association behavior for cross-account stacks ([#​24408](https://togithub.com/aws/aws-cdk/issues/24408)) ([2167289](https://togithub.com/aws/aws-cdk/commit/2167289658e8f3431ec815c741277dc1be1aa110)), closes [aws-cdk/aws-servicecatalogappregistry/lib/aspects/stack-associator.ts#L91-L95](https://togithub.com/aws-cdk/aws-servicecatalogappregistry/lib/aspects/stack-associator.ts/issues/L91-L95) ##### Bug Fixes - **bootstrap:** remove Security Hub finding KMS.2 ([#​24588](https://togithub.com/aws/aws-cdk/issues/24588)) ([274c3d5](https://togithub.com/aws/aws-cdk/commit/274c3d54dcc0b9534d1ede287fe3672ec9883dbe)), closes [/docs.aws.amazon.com/securityhub/latest/userguide/kms-controls.html#kms-2](https://togithub.com/aws//docs.aws.amazon.com/securityhub/latest/userguide/kms-controls.html/issues/kms-2) - **cli:** no change deployment prints "hotswap deployment skipped" without hotswap flag ([#​24602](https://togithub.com/aws/aws-cdk/issues/24602)) ([79151fd](https://togithub.com/aws/aws-cdk/commit/79151fd7f4916defeb1e17d3bcdbec1e119ec994)) - **cli:** user agent is reported as `undefined/undefined` ([#​24663](https://togithub.com/aws/aws-cdk/issues/24663)) ([3e8d8d8](https://togithub.com/aws/aws-cdk/commit/3e8d8d8e1b9a88376a6460094dea0c08ce19742e)) - **eks:** fail to update cluster by disabling logging props ([#​24688](https://togithub.com/aws/aws-cdk/issues/24688)) ([767cf93](https://togithub.com/aws/aws-cdk/commit/767cf93eb131c707f8243e8f3779dd3bad89271a)) - **sfn:** stop replacing JsonPath.DISCARD with `null` ([#​24717](https://togithub.com/aws/aws-cdk/issues/24717)) ([413b643](https://togithub.com/aws/aws-cdk/commit/413b64347f333573b2a07150e87244bd4c11d264)), closes [#​24593](https://togithub.com/aws/aws-cdk/issues/24593) - **toolkit:** RWLock.acquireRead is not re-entrant ([#​24702](https://togithub.com/aws/aws-cdk/issues/24702)) ([3b7431b](https://togithub.com/aws/aws-cdk/commit/3b7431b6ac27f8557c22a8959ae1ce431f6d2167)) - **WAFv2:** add patch to revert struct names ([#​24651](https://togithub.com/aws/aws-cdk/issues/24651)) ([dfa09d1](https://togithub.com/aws/aws-cdk/commit/dfa09d133523f0457a9ab2369bde13b44c398c30)), closes [/github.com/aws/aws-cdk/commit/affe040c8443be074822254d1e75a28b264cd801#diff-827a2fd012e049c7ccedffa0360c12e7d967a173f36b8150de73ef6adc42ee4cL175-L357](https://togithub.com/aws//github.com/aws/aws-cdk/commit/affe040c8443be074822254d1e75a28b264cd801/issues/diff-827a2fd012e049c7ccedffa0360c12e7d967a173f36b8150de73ef6adc42ee4cL175-L357) *** #### Alpha modules (2.70.0-alpha.0) ##### ⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES - **servicecatalogappregistry:** This commit contains destructive changes to the RAM Share. Since the application RAM share name is calculated by the application construct, where one method is added. Integration test detects a breaking change where RAM share will be created. Integration test snapshot is updated to cater this destructive change. ##### Features - **servicecatalogappregistry:** add attribute groups to an application ([#​24672](https://togithub.com/aws/aws-cdk/issues/24672)) ([7baffa2](https://togithub.com/aws/aws-cdk/commit/7baffa239a7904cd73ac73537101ed5bd40aa9a0)) ### [`v2.69.0`](https://togithub.com/aws/aws-cdk/releases/v2.69.0) ##### Features - **custom-resources:** AwsCustomResource copy physicalResourceId from request when omit it in onUpdate ([#​24194](https://togithub.com/aws/aws-cdk/issues/24194)) ([21ad7a7](https://togithub.com/aws/aws-cdk/commit/21ad7a7a0462a00c491ed104163d2065828a9aa1)), closes [#​23843](https://togithub.com/aws/aws-cdk/issues/23843) - **docdb:** added ability to enable performance insights ([#​24039](https://togithub.com/aws/aws-cdk/issues/24039)) ([c897f44](https://togithub.com/aws/aws-cdk/commit/c897f44ea438487a8bf48053dead667c35cade02)), closes [#​24036](https://togithub.com/aws/aws-cdk/issues/24036) - **ecr-assets:** Support cache-from and cache-to flags ([#​24024](https://togithub.com/aws/aws-cdk/issues/24024)) ([4e02566](https://togithub.com/aws/aws-cdk/commit/4e02566fab0f6c6708c9ee766e2805adbb329f18)) - **eks:** support for Kubernetes version 1.25 ([#​24484](https://togithub.com/aws/aws-cdk/issues/24484)) ([70fd3e9](https://togithub.com/aws/aws-cdk/commit/70fd3e97e5b3555f4036ada6e562cec4359cadeb)), closes [#​24282](https://togithub.com/aws/aws-cdk/issues/24282) - **rds:** add support for minor versions of PostgreSQL: 14.7, 13.10, 12.14, and 11.19 ([#​24539](https://togithub.com/aws/aws-cdk/issues/24539)) ([15cb919](https://togithub.com/aws/aws-cdk/commit/15cb919fab9d20d0e8f0485662131cbb10980269)) - **rds:** PostgreSQL engine version 15.2 ([#​24463](https://togithub.com/aws/aws-cdk/issues/24463)) ([59d795b](https://togithub.com/aws/aws-cdk/commit/59d795b6e8d77b2d2d099169eaeb83a66c9d6a1a)), closes [#​24462](https://togithub.com/aws/aws-cdk/issues/24462) ##### Bug Fixes - **custom-resource:** custom resources fail with data containing multi-byte utf8 chars ([#​24501](https://togithub.com/aws/aws-cdk/issues/24501)) ([9bd5078](https://togithub.com/aws/aws-cdk/commit/9bd507842f567ee3e450c3f44e5c3dccc7c42ae6)), closes [#​24491](https://togithub.com/aws/aws-cdk/issues/24491) - **ecr-assets:** prefix cache arguments correctly ([#​24524](https://togithub.com/aws/aws-cdk/issues/24524)) ([d451b30](https://togithub.com/aws/aws-cdk/commit/d451b3014a1d39e0a6ea18c2ec79a547b187adc5)) - **pipelines:** Ubuntu 5 images will be slow, move to Ubuntu 6 ([#​24544](https://togithub.com/aws/aws-cdk/issues/24544)) ([1f62c43](https://togithub.com/aws/aws-cdk/commit/1f62c438fb68332a492b624bad65159cc9c0308f)) - **sfn:** can't override toStateJson() from other languages ([#​24593](https://togithub.com/aws/aws-cdk/issues/24593)) ([e955d18](https://togithub.com/aws/aws-cdk/commit/e955d18052b8ec397c06ae6994b96bb7558e12bb)), closes [#​14639](https://togithub.com/aws/aws-cdk/issues/14639) *** #### Alpha modules (2.69.0-alpha.0) ##### Features - **kinesisanalytics-flink:** VPC support for Flink applications ([#​24442](https://togithub.com/aws/aws-cdk/issues/24442)) ([7c7ad6d](https://togithub.com/aws/aws-cdk/commit/7c7ad6d18bd0d48a30858c1964d27d8a02b274ae)), closes [40aws-cdk/aws-lambda/lib/function.ts#L170](https://togithub.com/40aws-cdk/aws-lambda/lib/function.ts/issues/L170) [#​21104](https://togithub.com/aws/aws-cdk/issues/21104) ### [`v2.68.0`](https://togithub.com/aws/aws-cdk/releases/v2.68.0) ##### Bug Fixes - **apprunner-alpha:** env vars and secrets can't solely be added via .add\*() methods ([#​24346](https://togithub.com/aws/aws-cdk/issues/24346)) ([45195b6](https://togithub.com/aws/aws-cdk/commit/45195b6f2e5162eaa795d3a412d89dd09680aa8b)), closes [#​24345](https://togithub.com/aws/aws-cdk/issues/24345) - **cli:** cannot `cdk import` resources with multiple identifiers ([#​24439](https://togithub.com/aws/aws-cdk/issues/24439)) ([a70ff1a](https://togithub.com/aws/aws-cdk/commit/a70ff1ad332af780c052e3117b73df060deee7ae)), closes [#​20895](https://togithub.com/aws/aws-cdk/issues/20895) - **core:** Fix dotnet version check to allow .NET 7.0 ([#​24467](https://togithub.com/aws/aws-cdk/issues/24467)) ([a4856e9](https://togithub.com/aws/aws-cdk/commit/a4856e997684f84476fe92e00afcd4da76a69b04)), closes [#​24466](https://togithub.com/aws/aws-cdk/issues/24466) - **lambda-nodejs:** esbuild preCompilation tsconfig precedence is wrong ([#​23871](https://togithub.com/aws/aws-cdk/issues/23871)) ([790a709](https://togithub.com/aws/aws-cdk/commit/790a709d758333f4622c5fb860d9bbb48dee7106)) - **lambda-nodejs:** Required auto prefix of `handler` with `index.` breaks custom non-`index` handler settings used by layers ([#​24406](https://togithub.com/aws/aws-cdk/issues/24406)) ([d7a1c34](https://togithub.com/aws/aws-cdk/commit/d7a1c34e540e12413319918a5d807060057a1a1b)), closes [#​24403](https://togithub.com/aws/aws-cdk/issues/24403) - **rds:** add clusterResourceIdentifier property to database cluster ([#​23605](https://togithub.com/aws/aws-cdk/issues/23605)) ([6bda4e5](https://togithub.com/aws/aws-cdk/commit/6bda4e5ae4205a917a00714433f136550c59e409)) *** #### Alpha modules (2.68.0-alpha.0) ##### ⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES - **servicecatalogappregistry:** This commit contains destructive changes to the RAM Share. Since the application RAM share name is calculated by the application construct, where one property is removed. Integration test detects a breaking change where RAM share will be created. Integration test snapshot is updated to cater this destructive change. ##### Features - **msk:** add Kafka version 3.3.2 ([#​24440](https://togithub.com/aws/aws-cdk/issues/24440)) ([1b2014e](https://togithub.com/aws/aws-cdk/commit/1b2014eef9e3f2190b2cce79c55f635cc1f167e3)), closes [#​24432](https://togithub.com/aws/aws-cdk/issues/24432) - **redshift:** column compression encodings and comments can now be customised ([#​24177](https://togithub.com/aws/aws-cdk/issues/24177)) ([1ca3e00](https://togithub.com/aws/aws-cdk/commit/1ca3e0027323e84aacade4d9bd058bbc5687a7ab)), closes [#​24165](https://togithub.com/aws/aws-cdk/issues/24165) [#​23597](https://togithub.com/aws/aws-cdk/issues/23597) [#​22506](https://togithub.com/aws/aws-cdk/issues/22506) - **redshift:** columns require an id attribute (under feature flag) ([#​24272](https://togithub.com/aws/aws-cdk/issues/24272)) ([9a07ab0](https://togithub.com/aws/aws-cdk/commit/9a07ab008d1b6d23e9a302921f1a5165a21fb128)), closes [#​24234](https://togithub.com/aws/aws-cdk/issues/24234) ##### Bug Fixes - **servicecatalogappregistry:** allow disabling automatic CfnOutput ([#​24483](https://togithub.com/aws/aws-cdk/issues/24483)) ([3db1a0d](https://togithub.com/aws/aws-cdk/commit/3db1a0d0bcf615871a225919eed235b78904e144)), closes [#​23779](https://togithub.com/aws/aws-cdk/issues/23779) - **servicecatalogappregistry:** Associate an application with attribute group ([#​24378](https://togithub.com/aws/aws-cdk/issues/24378)) ([d1264c1](https://togithub.com/aws/aws-cdk/commit/d1264c1c414257fb8dd5288fdc24cfe9605cdf90)) ### [`v2.67.0`](https://togithub.com/aws/aws-cdk/releases/v2.67.0) ##### Features - **apigateway:** minCompressionSize on SpecRestApi ([#​24067](https://togithub.com/aws/aws-cdk/issues/24067)) ([2a81f0f](https://togithub.com/aws/aws-cdk/commit/2a81f0f7d9eb73cd0e807904357a5daf7d6e5017)), closes [#​22926](https://togithub.com/aws/aws-cdk/issues/22926) - **bootstrap:** prevent accidental bootstrap overwrites ([#​24302](https://togithub.com/aws/aws-cdk/issues/24302)) ([3b251a5](https://togithub.com/aws/aws-cdk/commit/3b251a5e8e74332076c9e5dc810a80775fa77d61)) - **cli:** update csharp & fsharp template to net6.0 ([#​23926](https://togithub.com/aws/aws-cdk/issues/23926)) ([3bd611d](https://togithub.com/aws/aws-cdk/commit/3bd611dcbdf802dbc918d0ecedaf3ac3d9d73503)), closes [#​23921](https://togithub.com/aws/aws-cdk/issues/23921) - **codebuild:** adds file asset support to build-spec ([#​24289](https://togithub.com/aws/aws-cdk/issues/24289)) ([7cda567](https://togithub.com/aws/aws-cdk/commit/7cda5673fd3f6c5cd56ea59d71b14115f2a388f2)), closes [#​1138](https://togithub.com/aws/aws-cdk/issues/1138) - **ecs:** enable default capacity provider strategy ([#​23955](https://togithub.com/aws/aws-cdk/issues/23955)) ([5a30ea6](https://togithub.com/aws/aws-cdk/commit/5a30ea6536df0fda0e0e7bb89d45666f57fb8890)) - **eks:** add helm flag --skip-crds ([#​24213](https://togithub.com/aws/aws-cdk/issues/24213)) ([f68dbc2](https://togithub.com/aws/aws-cdk/commit/f68dbc2ce76a2df51081e959aa70e373a9bf5ac6)), closes [#​24296](https://togithub.com/aws/aws-cdk/issues/24296) - **sns:** Add FilterPolicyScope support ([#​23108](https://togithub.com/aws/aws-cdk/issues/23108)) ([d986e14](https://togithub.com/aws/aws-cdk/commit/d986e143df3cf9b42031eba0f5a2d9a71d6d9208)) - **stepfunctions-tasks:** add revision number ([#​24226](https://togithub.com/aws/aws-cdk/issues/24226)) ([643042b](https://togithub.com/aws/aws-cdk/commit/643042b8a15779b8a535567085b31424f4373515)), closes [#​23491](https://togithub.com/aws/aws-cdk/issues/23491) ##### Bug Fixes - **cdk-assets:** Error when building Docker Image Assets with Podman ([#​24003](https://togithub.com/aws/aws-cdk/issues/24003)) ([4b08e20](https://togithub.com/aws/aws-cdk/commit/4b08e20be3b829c752e425883da09188b2dcff72)), closes [/github.com/aws/aws-cdk/issues/16209#issue-978267269](https://togithub.com/aws//github.com/aws/aws-cdk/issues/16209/issues/issue-978267269) [#​16209](https://togithub.com/aws/aws-cdk/issues/16209) - **cloudwatch:** math expressions incorrectly warn about search and metrics ([#​24313](https://togithub.com/aws/aws-cdk/issues/24313)) ([f3596eb](https://togithub.com/aws/aws-cdk/commit/f3596eb26f1e4ab360875bf5f79a7de991d2a9ec)), closes [#​20136](https://togithub.com/aws/aws-cdk/issues/20136) - **ec2:** userData in launchTemplate is created automatically when machineImege is provided ([#​23593](https://togithub.com/aws/aws-cdk/issues/23593)) ([bb4311b](https://togithub.com/aws/aws-cdk/commit/bb4311bf05b64cc95a89a319743e3883fd3c5b15)), closes [#​23592](https://togithub.com/aws/aws-cdk/issues/23592) [/github.com/aws/aws-cdk/pull/12385#discussion_r564614928](https://togithub.com/aws//github.com/aws/aws-cdk/pull/12385/issues/discussion_r564614928) - **ecr-assets:** fix repeated deploys of stacks with tar assets ([#​23497](https://togithub.com/aws/aws-cdk/issues/23497)) ([c2296a8](https://togithub.com/aws/aws-cdk/commit/c2296a87116c7bbaf6103a03364326c760a8f952)), closes [#​18823](https://togithub.com/aws/aws-cdk/issues/18823) [#​18822](https://togithub.com/aws/aws-cdk/issues/18822) - **efs:** support tagging for access point ([#​24336](https://togithub.com/aws/aws-cdk/issues/24336)) ([f9af47f](https://togithub.com/aws/aws-cdk/commit/f9af47f1fe48e66412d95f3eeef931c9322ba5b7)), closes [#​20743](https://togithub.com/aws/aws-cdk/issues/20743) - **eks:** changing the subnets or securityGroupIds order causes an error ([#​24163](https://togithub.com/aws/aws-cdk/issues/24163)) ([09c2c19](https://togithub.com/aws/aws-cdk/commit/09c2c19f22979482020652d902a73dfcc4e593bd)), closes [#​24162](https://togithub.com/aws/aws-cdk/issues/24162) - **eks:** fix helm deploy login for public ECR repositories ([#​24104](https://togithub.com/aws/aws-cdk/issues/24104)) ([71ec6b6](https://togithub.com/aws/aws-cdk/commit/71ec6b660cf5062c12c5205dadfc28f893251e4f)), closes [#​23977](https://togithub.com/aws/aws-cdk/issues/23977) - **eks:** integ tests errors ([#​24276](https://togithub.com/aws/aws-cdk/issues/24276)) ([07f2d7b](https://togithub.com/aws/aws-cdk/commit/07f2d7b0b947cec31ed3132b95372b9975efa01e)) - **secretsmanager:** secret resource policy already exists in stack (under feature flag) ([#​24365](https://togithub.com/aws/aws-cdk/issues/24365)) ([7dd8b7e](https://togithub.com/aws/aws-cdk/commit/7dd8b7e1ce88a13e597e52ff95353d74ab4807f1)), closes [#​24383](https://togithub.com/aws/aws-cdk/issues/24383) - **servicecatalog:** wrong asset path is generated in case outdir is absolute ([#​24393](https://togithub.com/aws/aws-cdk/issues/24393)) ([0ebbf58](https://togithub.com/aws/aws-cdk/commit/0ebbf58bdd3307f536334beb5d1153e3ef660f18)), closes [#​24392](https://togithub.com/aws/aws-cdk/issues/24392) - **sns:** sns subscription filter policy condition limit should be 150 ([#​24269](https://togithub.com/aws/aws-cdk/issues/24269)) ([1e1131c](https://togithub.com/aws/aws-cdk/commit/1e1131c207de2df7d5881a57cc28daa59bad975a)) - Correct SamlConsolePrincipal for non-China ([#​24277](https://togithub.com/aws/aws-cdk/issues/24277)) ([e47646c](https://togithub.com/aws/aws-cdk/commit/e47646c0ff317a421b2f042158fcc0c7ae1aa2cf)), closes [#​24243](https://togithub.com/aws/aws-cdk/issues/24243) *** #### Alpha modules (2.67.0-alpha.0) ##### Features - **msk:** add Kafka versions 3.1.1, 3.2.0, and and 3.3.1 ([#​23918](https://togithub.com/aws/aws-cdk/issues/23918)) ([53a1d5f](https://togithub.com/aws/aws-cdk/commit/53a1d5fd81eabf5e9d846411754a554549f9f62c)), closes [#​23899](https://togithub.com/aws/aws-cdk/issues/23899) ##### Bug Fixes - **servicecatalogappregistry:** applicationName can not be changed after deployment ([#​24409](https://togithub.com/aws/aws-cdk/issues/24409)) ([6aa763f](https://togithub.com/aws/aws-cdk/commit/6aa763f100e5561f4554627116a458abba930480)) ### [`v2.66.1`](https://togithub.com/aws/aws-cdk/releases/v2.66.1) ##### Bug Fixes - Correct SamlConsolePrincipal for non-China ([#​24277](https://togithub.com/aws/aws-cdk/issues/24277)) ([d562871](https://togithub.com/aws/aws-cdk/commit/d562871824350483e80bf6a28868280381e9e83e)), closes [#​24243](https://togithub.com/aws/aws-cdk/issues/24243) *** #### Alpha modules (2.66.1-alpha.0) ### [`v2.66.0`](https://togithub.com/aws/aws-cdk/releases/v2.66.0) ##### Features - **cloudwatch:** parse all metrics statistics and support long format ([#​23095](https://togithub.com/aws/aws-cdk/issues/23095)) ([853e3d6](https://togithub.com/aws/aws-cdk/commit/853e3d631ef0490b0e2d14fdcf50df9f745de3eb)), closes [#​23074](https://togithub.com/aws/aws-cdk/issues/23074) [40aws-cdk/aws-cloudwatch/lib/metric.ts#L295-L296](https://togithub.com/40aws-cdk/aws-cloudwatch/lib/metric.ts/issues/L295-L296) - **core:** Size.bytes() ([#​24136](https://togithub.com/aws/aws-cdk/issues/24136)) ([9b2a45a](https://togithub.com/aws/aws-cdk/commit/9b2a45a6757c91011f47a6b3893cdfa0f4891002)), closes [#​24106](https://togithub.com/aws/aws-cdk/issues/24106) - **efs:** support file system policy ([#​24196](https://togithub.com/aws/aws-cdk/issues/24196)) ([5e0f44b](https://togithub.com/aws/aws-cdk/commit/5e0f44b05232c70f35f79d27f1294f943fbeb568)), closes [#​24042](https://togithub.com/aws/aws-cdk/issues/24042) - **logs:** Add support for multiple parse and filter statements in QueryString ([#​24022](https://togithub.com/aws/aws-cdk/issues/24022)) ([75eb933](https://togithub.com/aws/aws-cdk/commit/75eb9330194824cdf435ae64095813191fcd6e13)) - **stepfunctions:** removal policy for state machines ([#​24105](https://togithub.com/aws/aws-cdk/issues/24105)) ([5f33a26](https://togithub.com/aws/aws-cdk/commit/5f33a26937a78a7d28f913e86c3a2d0b00746e6a)) ##### Bug Fixes - **apigateway:** rest api deployment does not depend on authorizers ([#​23215](https://togithub.com/aws/aws-cdk/issues/23215)) ([12e13c1](https://togithub.com/aws/aws-cdk/commit/12e13c130cac347d5d042d414086e9e5aac5e31c)) - **cognito:** changing `installLatestAwsSdk` breaks Client Secret reference ([#​23798](https://togithub.com/aws/aws-cdk/issues/23798)) ([844d407](https://togithub.com/aws/aws-cdk/commit/844d4076c142fd88095f36dbc667d85c12e20bd5)), closes [#​23796](https://togithub.com/aws/aws-cdk/issues/23796) - **ecs:** validate ecs healthcheck ([#​24197](https://togithub.com/aws/aws-cdk/issues/24197)) ([89802a9](https://togithub.com/aws/aws-cdk/commit/89802a95360d698921c81a152d11ab6e46b00de3)) - **eks:** nested OCI repository names for private ECR helmchart deployments are not properly handled ([#​23378](https://togithub.com/aws/aws-cdk/issues/23378)) ([72f2a95](https://togithub.com/aws/aws-cdk/commit/72f2a95e994ef1b129a48bd548303ea39a3d3c9f)) - **lambda:** RuntimeManagementMode.FUNCTION_UPDATE has wrong value ([#​24252](https://togithub.com/aws/aws-cdk/issues/24252)) ([fdb0cf1](https://togithub.com/aws/aws-cdk/commit/fdb0cf13c0b18a436c02a272626ce9f9dde9c343)) *** #### Alpha modules (2.66.0-alpha.0) ##### Features - **apigatewayv2:** allow websockets routes to return response to client ([#​22984](https://togithub.com/aws/aws-cdk/issues/22984)) ([f8fe1d2](https://togithub.com/aws/aws-cdk/commit/f8fe1d292feb3fc39a99687bf454a829302c4ff5)) - **lambda-python:** add optional poetry bundling exclusion list parameter ([#​23670](https://togithub.com/aws/aws-cdk/issues/23670)) ([53beeae](https://togithub.com/aws/aws-cdk/commit/53beeaed04bfe295e9f840e65f9c89db00cac692)), closes [#​22585](https://togithub.com/aws/aws-cdk/issues/22585) [#​22585](https://togithub.com/aws/aws-cdk/issues/22585) - **redshift:** optionally reboot Clusters to apply parameter changes ([#​22063](https://togithub.com/aws/aws-cdk/issues/22063)) ([f61d950](https://togithub.com/aws/aws-cdk/commit/f61d950aaeba13bd6501b7c8971a9115f4a53f08)), closes [#​22009](https://togithub.com/aws/aws-cdk/issues/22009) [#​22055](https://togithub.com/aws/aws-cdk/issues/22055) [#​22059](https://togithub.com/aws/aws-cdk/issues/22059) ##### Bug Fixes - **servicecatalogappregistry:** Allow user to control stack id via stack name for Application stack ([#​24171](https://togithub.com/aws/aws-cdk/issues/24171)) ([0c7c7e4](https://togithub.com/aws/aws-cdk/commit/0c7c7e4a7c34957ff7877eda5171f82c5feaba1d)), closes [#​24160](https://togithub.com/aws/aws-cdk/issues/24160) ### [`v2.65.0`](https://togithub.com/aws/aws-cdk/releases/v2.65.0) ##### Features - **autoscaling:** L2 construct for enabling capacity rebalance of autoscaling ([#​24025](https://togithub.com/aws/aws-cdk/issues/24025)) ([d2c63f5](https://togithub.com/aws/aws-cdk/commit/d2c63f55f8657315ad4e4dd463cfcae07cb66e53)), closes [#​22625](https://togithub.com/aws/aws-cdk/issues/22625) - **chatbot:** support guardrail policies ([#​24114](https://togithub.com/aws/aws-cdk/issues/24114)) ([4c72a7d](https://togithub.com/aws/aws-cdk/commit/4c72a7dc3994ba190f1e1aa467d3087228bcb881)), closes [#​20788](https://togithub.com/aws/aws-cdk/issues/20788) - **core:** Allow passing Docker build secrets ([#​23778](https://togithub.com/aws/aws-cdk/issues/23778)) ([74512fa](https://togithub.com/aws/aws-cdk/commit/74512fa339e0a2937213f519c109ef1207e9d0c6)), closes [#​14910](https://togithub.com/aws/aws-cdk/issues/14910) [#​14395](https://togithub.com/aws/aws-cdk/issues/14395) - **elbv2:** add metrics to INetworkTargetGroup and IApplicationTargetGroup ([#​23993](https://togithub.com/aws/aws-cdk/issues/23993)) ([6a9e43f](https://togithub.com/aws/aws-cdk/commit/6a9e43f0c6f966df4671267eeda21638611dfb1c)), closes [#​23853](https://togithub.com/aws/aws-cdk/issues/23853) [#​10850](https://togithub.com/aws/aws-cdk/issues/10850) - **lambda:** add insights version 1.0.178.0 ([#​23836](https://togithub.com/aws/aws-cdk/issues/23836)) ([5272908](https://togithub.com/aws/aws-cdk/commit/527290854d0fa31e7f41497ede0c1b8b0e1b9ad4)) ##### Bug Fixes - **bootstrap:** remove Security Hub finding S3.10 ([#​24175](https://togithub.com/aws/aws-cdk/issues/24175)) ([a1da757](https://togithub.com/aws/aws-cdk/commit/a1da757ce348b4bd66a6d0e7776f2ff8e9f531b6)), closes [/docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-fsbp-controls.html#fsbp-s3-10](https://togithub.com/aws//docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-fsbp-controls.html/issues/fsbp-s3-10) - **codedeploy:** unable to remove alarms from deployment group ([#​23308](https://togithub.com/aws/aws-cdk/issues/23308)) ([eee005f](https://togithub.com/aws/aws-cdk/commit/eee005f4949d7438467c7448ba8326efa4b79221)) - **codepipeline:** x-env ECS deployment lacking support stack-dependency ([#​24053](https://togithub.com/aws/aws-cdk/issues/24053)) ([adfe4fa](https://togithub.com/aws/aws-cdk/commit/adfe4fa137bb748961b4a767d538335490e13ed1)), closes [#​24050](https://togithub.com/aws/aws-cdk/issues/24050) [#​24051](https://togithub.com/aws/aws-cdk/issues/24051) - **core:** messages are displayed multiple times per construct ([#​24019](https://togithub.com/aws/aws-cdk/issues/24019)) ([57770bb](https://togithub.com/aws/aws-cdk/commit/57770bb12ea6d77373f1e9e8e04f6757b440f277)), closes [#​9565](https://togithub.com/aws/aws-cdk/issues/9565) - **ec2:** enable set throughput param to CfnVolume ([#​24118](https://togithub.com/aws/aws-cdk/issues/24118)) ([32781f8](https://togithub.com/aws/aws-cdk/commit/32781f825352f9cb43d8fed5c122b454275b3076)), closes [#​24107](https://togithub.com/aws/aws-cdk/issues/24107) [#​24107](https://togithub.com/aws/aws-cdk/issues/24107) - **elbv2:** healthcheck interval is overly restrictive ([#​24157](https://togithub.com/aws/aws-cdk/issues/24157)) ([4f83e02](https://togithub.com/aws/aws-cdk/commit/4f83e02b85229ebdff3f32ba6fd662ffd707d8db)), closes [#​24156](https://togithub.com/aws/aws-cdk/issues/24156) - **iam:** PrincipalWithConditions.addCondition fails with a new key ([#​23782](https://togithub.com/aws/aws-cdk/issues/23782)) ([8951d01](https://togithub.com/aws/aws-cdk/commit/8951d013bea5dad54b94a6a683f56275ff4e6dba)), closes [#​23781](https://togithub.com/aws/aws-cdk/issues/23781) - **iam:** SamlConsolePrincipal does not work in China [#​22091](https://togithub.com/aws/aws-cdk/issues/22091) ([#​24034](https://togithub.com/aws/aws-cdk/issues/24034)) ([2902043](https://togithub.com/aws/aws-cdk/commit/29020435aeb1a9fb6401572520d0adca8155dc60)) - **pipelines:** SelfMutation CodeBuild project not accessible ([#​24073](https://togithub.com/aws/aws-cdk/issues/24073)) ([5942978](https://togithub.com/aws/aws-cdk/commit/594297862f2626b64b174d6998886a40f1b316be)) - **rds:** database proxies use ids as their resource names directly (under feature flag) ([#​23703](https://togithub.com/aws/aws-cdk/issues/23703)) ([03a0f79](https://togithub.com/aws/aws-cdk/commit/03a0f79b40e3be95de5421370703eb54c06b7dd7)), closes [#​18578](https://togithub.com/aws/aws-cdk/issues/18578) - **s3:** logging bucket blocks KMS_MANAGED encryption ([#​23514](https://togithub.com/aws/aws-cdk/issues/23514)) ([1e8926f](https://togithub.com/aws/aws-cdk/commit/1e8926fa9bcf561135beaa31379ec1f1e6f79901)) *** #### Alpha modules (2.65.0-alpha.0) ##### Features - **glue:** support Ray jobs ([#​23822](https://togithub.com/aws/aws-cdk/issues/23822)) ([8de50d6](https://togithub.com/aws/aws-cdk/commit/8de50d624c8703a12713dcffbc764688868f22b0)) - **redshift:** IAM roles can be attached to a cluster, post creation ([#​23791](https://togithub.com/aws/aws-cdk/issues/23791)) ([1a46808](https://togithub.com/aws/aws-cdk/commit/1a46808b03e8f6d09846f999ae3dc65b190f5f26)), closes [#​22632](https://togithub.com/aws/aws-cdk/issues/22632) - **synthetics:** support runtime 3.9 ([#​24101](https://togithub.com/aws/aws-cdk/issues/24101)) ([9d23cad](https://togithub.com/aws/aws-cdk/commit/9d23caded8aca42d3b78de1bc7e89c38a4d6805e)) ### [`v2.64.0`](https://togithub.com/aws/aws-cdk/releases/v2.64.0) ##### Features - **cfnspec:** cloudformation spec v109.0.0 ([#​23968](https://togithub.com/aws/aws-cdk/issues/23968)) ([5d59134](https://togithub.com/aws/aws-cdk/commit/5d5913455da2cdb834feef708fb01f9e77df656f)) - **cfnspec:** cloudformation spec v109.0.0 ([#​23984](https://togithub.com/aws/aws-cdk/issues/23984)) ([affe040](https://togithub.com/aws/aws-cdk/commit/affe040c8443be074822254d1e75a28b264cd801)) - **cli:** --hotswap will not use CFN anymore, --hotswap-fallback to fall back if necessary ([#​23653](https://togithub.com/aws/aws-cdk/issues/23653)) ([a5317ca](https://togithub.com/aws/aws-cdk/commit/a5317ca52f05ebc34d9f22196ab0ef36d5cac967)), closes [#​22784](https://togithub.com/aws/aws-cdk/issues/22784) [#​21773](https://togithub.com/aws/aws-cdk/issues/21773) [#​21556](https://togithub.com/aws/aws-cdk/issues/21556) [#​23640](https://togithub.com/aws/aws-cdk/issues/23640) - **elbv2:** add metrics to INetworkLoadBalancer and IApplicationLoadBalancer ([#​23853](https://togithub.com/aws/aws-cdk/issues/23853)) ([cb889bc](https://togithub.com/aws/aws-cdk/commit/cb889bc2c267654ca97e3d85a16a99a667d3584c)), closes [#​10850](https://togithub.com/aws/aws-cdk/issues/10850) - **iam:** implement IGrantable to Policy and ManagedPolicy ([#​22712](https://togithub.com/aws/aws-cdk/issues/22712)) ([d3df40f](https://togithub.com/aws/aws-cdk/commit/d3df40ff89c70b9243ec175747eb398368067095)), closes [#​10308](https://togithub.com/aws/aws-cdk/issues/10308) - **lambda:** enable RuntimeManagementConfig ([#​23891](https://togithub.com/aws/aws-cdk/issues/23891)) ([be4f971](https://togithub.com/aws/aws-cdk/commit/be4f97129f4237b39d0b99977eb597e2af49ed2a)), closes [#​23890](https://togithub.com/aws/aws-cdk/issues/23890) - **s3:** allow configuring S3 Object Lock ([#​23744](https://togithub.com/aws/aws-cdk/issues/23744)) ([bdcd6c8](https://togithub.com/aws/aws-cdk/commit/bdcd6c890878fb71c480bf40964f1b6ea0a5f270)), closes [#​5247](https://togithub.com/aws/aws-cdk/issues/5247) [#​21738](https://togithub.com/aws/aws-cdk/issues/21738) ##### Bug Fixes - Use the correct LB full name when creating metrics for imported LBs ([#​23972](https://togithub.com/aws/aws-cdk/issues/23972)) ([16c23b7](https://togithub.com/aws/aws-cdk/commit/16c23b7554923bf6c2703ba5f229e6c34b459a2f)), closes [#​23853](https://togithub.com/aws/aws-cdk/issues/23853) - **cdk-assets:** asset concurrency leaves a corrupted archive ([#​24026](https://togithub.com/aws/aws-cdk/issues/24026)) ([989454f](https://togithub.com/aws/aws-cdk/commit/989454f7e27f3cbf33180d8aab29d56472378126)) - **cdk-assets:** packaging assets is broken on Node older than 14.17 ([#​23994](https://togithub.com/aws/aws-cdk/issues/23994)) ([5bde92c](https://togithub.com/aws/aws-cdk/commit/5bde92c2ae29781aafd8c3817d08e93748c39885)), closes [#​23859](https://togithub.com/aws/aws-cdk/issues/23859) - **codedeploy:** cross-region referenced groups use wrong config ([#​23986](https://togithub.com/aws/aws-cdk/issues/23986)) ([390ec78](https://togithub.com/aws/aws-cdk/commit/390ec78437a55ad68757f8ce812535e9bc149a2a)) - **core:** cross-stack reference error doesn't include violation ([#​23987](https://togithub.com/aws/aws-cdk/issues/23987)) ([c7ad66f](https://togithub.com/aws/aws-cdk/commit/c7ad66fad6ca5aff5f2ae9754d263dea9d1de368)) - **ec2:** Cannot deploy VPC flow log with other resources that requires bucket policies ([#​23889](https://togithub.com/aws/aws-cdk/issues/23889)) ([e646ad5](https://togithub.com/aws/aws-cdk/commit/e646ad5b5496b176549f8c039a5ffabbf07403ff)), closes [#​18985](https://togithub.com/aws/aws-cdk/issues/18985) - **pipelines:** cannot configure actionName for all sources ([#​24027](https://togithub.com/aws/aws-cdk/issues/24027)) ([9cd639b](https://togithub.com/aws/aws-cdk/commit/9cd639b0f83e65fbe531d56210f68e99874f506e)) - **s3:** infer bucketWebsiteUrl and bucketDomainName suffixes from bucket region ([#​23919](https://togithub.com/aws/aws-cdk/issues/23919)) ([252f052](https://togithub.com/aws/aws-cdk/commit/252f052d4239b320ac542c7db256683425ad7eba)) - **s3-deployment:** wrong URL in BucketDeployment.deployedBucket.bucketWebsiteUrl ([#​24055](https://togithub.com/aws/aws-cdk/issues/24055)) ([ece46db](https://togithub.com/aws/aws-cdk/commit/ece46dbd939383f240023172a491767b51eaa722)), closes [#​23354](https://togithub.com/aws/aws-cdk/issues/23354) *** #### Alpha modules (2.64.0-alpha.0) ##### Features - **cloud9:** support setting environment owner ([#​23878](https://togithub.com/aws/aws-cdk/issues/23878)) ([08a2f36](https://togithub.com/aws/aws-cdk/commit/08a2f363093f39d04026778bb8d5d7f673698b57)), closes [#​22474](https://togithub.com/aws/aws-cdk/issues/22474) - **redshift:** Tables can include comments ([#​23847](https://togithub.com/aws/aws-cdk/issues/23847)) ([46cadd4](https://togithub.com/aws/aws-cdk/commit/46cadd4b2dd417e1484ba63389b33e1504cfd842)), closes [#​22682](https://togithub.com/aws/aws-cdk/issues/22682) ##### Bug Fixes - **servicecatalogappregistry:** default stack name is not meaningful and causes conflict when multiple stacks deployed to the same account-region ([#​23823](https://togithub.com/aws/aws-cdk/issues/23823)) ([420b5ff](https://togithub.com/aws/aws-cdk/commit/420b5ff2bd08311f2c8cabbe0787c0e0bf4f8ae3)) ### [`v2.63.2`](https://togithub.com/aws/aws-cdk/releases/v2.63.2) *** #### Alpha modules (2.63.2-alpha.0) ### [`v2.63.1`](https://togithub.com/aws/aws-cdk/releases/v2.63.1) ##### Reverts - **cdk-assets:** packaging assets is broken on Node older than 14.17 ([#​23994](https://togithub.com/aws/aws-cdk/issues/23994)) ([1976f1a](https://togithub.com/aws/aws-cdk/commit/1976f1a7f585b1adb582c5cb557b96ed38418fca)), closes [#​23859](https://togithub.com/aws/aws-cdk/issues/23859) *** #### Alpha modules (2.63.1-alpha.0) ### [`v2.63.0`](https://togithub.com/aws/aws-cdk/releases/v2.63.0) ##### Features - **cfnspec:** cloudformation spec v109.0.0 ([#​23868](https://togithub.com/aws/aws-cdk/issues/23868)) ([8ee97b0](https://togithub.com/aws/aws-cdk/commit/8ee97b039fd6e26fc8a305f285c61a08da4bfdc4)) - **cfnspec:** cloudformation spec v109.0.0 ([#​23929](https://togithub.com/aws/aws-cdk/issues/23929)) ([39f8a30](https://togithub.com/aws/aws-cdk/commit/39f8a304dfc68c0cbe3bab0b1d567b8d361c99ab)) - **core:** add creation policy configuration for appstream ([#​23607](https://togithub.com/aws/aws-cdk/issues/23607)) ([8909a04](https://togithub.com/aws/aws-cdk/commit/8909a04e13aa55eb102eac9f9f9ce74721e3fffc)), closes [#​23604](https://togithub.com/aws/aws-cdk/issues/23604) - **core:** allow asset bundling on docker remote host / docker in docker ([#​23576](https://togithub.com/aws/aws-cdk/issues/23576)) ([afce30a](https://togithub.com/aws/aws-cdk/commit/afce30a6e84a2f7e4eba499d3e71365a7939bef5)), closes [#​8799](https://togithub.com/aws/aws-cdk/issues/8799) - **stepfunctions:** task and heartbeat timeout specified by a path ([#​23755](https://togithub.com/aws/aws-cdk/issues/23755)) ([26e48c7](https://togithub.com/aws/aws-cdk/commit/26e48c7b36fecf114ff771909b377a2570aa36b3)), closes [#​15531](https://togithub.com/aws/aws-cdk/issues/15531) ##### Bug Fixes - **appsync:** sanitized datasource name isn't exported ([#​23802](https://togithub.com/aws/aws-cdk/issues/23802)) ([0b25265](https://togithub.com/aws/aws-cdk/commit/0b25265e5105d03fe6290e24462e45398695a11e)) - imports from ESM modules cannot find correct type definitions ([#​23870](https://togithub.com/aws/aws-cdk/issues/23870)) ([356a128](https://togithub.com/aws/aws-cdk/commit/356a128c78b78154ef01ee81ea9d8a60fc569939)) - **eks:** reuse chart name as chart dir for helmchart deployment from OCI repository ([#​23392](https://togithub.com/aws/aws-cdk/issues/23392)) ([070f5ec](https://togithub.com/aws/aws-cdk/commit/070f5ecebfba8a3f9b5771b251ee9b584aa89b67)) - `aws-cdk-lib` imports from ESM modules are broken ([#​23846](https://togithub.com/aws/aws-cdk/issues/23846)) ([cf2e498](https://togithub.com/aws/aws-cdk/commit/cf2e498d66f4e2c806ef473414b61e5748d41c7b)), closes [#​23813](https://togithub.com/aws/aws-cdk/issues/23813) *** #### Alpha modules (2.63.0-alpha.0) ##### Features - **synthetics:** Adding DeleteLambdaResourcesOnCanaryDeletion prop to the canary L2 ([#​23820](https://togithub.com/aws/aws-cdk/issues/23820)) ([45c191e](https://togithub.com/aws/aws-cdk/commit/45c191efa865e0aef6fc9d7fa4cd9d56d98a7cc9)) - **redshift:** support default role for redshift clusters ([#​22551](https://togithub.com/aws/aws-cdk/issues/22551)) ### [`v2.62.2`](https://togithub.com/aws/aws-cdk/releases/v2.62.2) ##### Bug Fixes - imports from ESM modules cannot find correct type definitions ([#​23870](https://togithub.com/aws/aws-cdk/issues/23870)) ([1b9f3f7](https://togithub.com/aws/aws-cdk/commit/1b9f3f7d3fa447a21e9ed38026cc428f7797390f)) *** #### Alpha modules (2.62.2-alpha.0) ### [`v2.62.1`](https://togithub.com/aws/aws-cdk/releases/v2.62.1) ##### Bug Fixes - `aws-cdk-lib` imports from ESM modules are broken ([#​23846](https://togithub.com/aws/aws-cdk/issues/23846)) ([46b93a9](https://togithub.com/aws/aws-cdk/commit/46b93a913743ab5791b9ae722293dfbeb9692eef)), closes [#​23813](https://togithub.com/aws/aws-cdk/issues/23813) *** #### Alpha modules (2.62.1-alpha.0) ### [`v2.62.0`](https://togithub.com/aws/aws-cdk/releases/v2.62.0) ##### Features - **certificatemanager:** deprecate DnsValidatedCertificate ([#​21982](https://togithub.com/aws/aws-cdk/issues/21982)) ([64bfbf9](https://togithub.com/aws/aws-cdk/commit/64bfbf9b981a32a4db1b07476144d280d6eced32)), closes [#​8934](https://togithub.com/aws/aws-cdk/issues/8934) [#​2914](https://togithub.com/aws/aws-cdk/issues/2914) [#​20698](https://togithub.com/aws/aws-cdk/issues/20698) [#​17349](https://togithub.com/aws/aws-cdk/issues/17349) [#​15217](https://togithub.com/aws/aws-cdk/issues/15217) [#​14519](https://togithub.com/aws/aws-cdk/issues/14519) - **cfnspec:** cloudformation spec v107.0.0 ([#​23750](https://togithub.com/aws/aws-cdk/issues/23750)) ([3dc40b4](https://togithub.com/aws/aws-cdk/commit/3dc40b4c9b660a8d50bc07646fa63ecbee6df958)) - **cfnspec:** cloudformation spec v108.0.0 ([#​23769](https://togithub.com/aws/aws-cdk/issues/23769)) ([ff0070d](https://togithub.com/aws/aws-cdk/commit/ff0070d61f18a6cdd77b027a7f6cd2baf976c3c9)) - **cfnspec:** cloudformation spec v108.0.0 ([#​23808](https://togithub.com/aws/aws-cdk/issues/23808)) ([858ff23](https://togithub.com/aws/aws-cdk/commit/858ff2363e110b355c2e9823664d087af991bb55)) - **lambda-event-sources:** events source mapping support for sqs max concurrency ([#​23714](https://togithub.com/aws/aws-cdk/issues/23714)) ([6dcec2d](https://togithub.com/aws/aws-cdk/commit/6dcec2d00363a286906dab19647816ddfd58f33a)) - **logs:** add grantRead function to LogGroup ([#​23280](https://togithub.com/aws/aws-cdk/issues/23280)) ([42ef507](https://togithub.com/aws/aws-cdk/commit/42ef50706f60a7f452698166fa2d9c93ca54bc0d)) ##### Bug Fixes - **appsync:** Populate construct name dynamically for lambda authorizer permission in appsync ([#​23777](https://togithub.com/aws/aws-cdk/issues/23777)) ([92f02e9](https://togithub.com/aws/aws-cdk/commit/92f02e92905252ee7e4fff32751e76da5052b14b)) - importing `aws-cdk-lib` is slow ([#​23813](https://togithub.com/aws/aws-cdk/issues/23813)) ([8aaeffb](https://togithub.com/aws/aws-cdk/commit/8aaeffbbb86e8a80cb87fa3314880bd7c2a893be)) - **bootstrap:** bootstrap stack version was not bumped during previous update ([#​23669](https://togithub.com/aws/aws-cdk/issues/23669)) ([f56cb70](https://togithub.com/aws/aws-cdk/commit/f56cb7004cc4f1017ded4b6a0593a744e8f6271e)) - **cfnspec:** incorrectly handling array result from jsondiff ([#​23795](https://togithub.com/aws/aws-cdk/issues/23795)) ([4a701f1](https://togithub.com/aws/aws-cdk/commit/4a701f1668177a509f1e2f7f3c5d2249070ec666)), closes [/github.com/andreyvit/json-diff/blob/35582a9d19f8b0b2773360d67937e57ce2866781/test/diff_test.coffee#L78](https://togithub.com/aws//github.com/andreyvit/json-diff/blob/35582a9d19f8b0b2773360d67937e57ce2866781/test/diff_test.coffee/issues/L78) - **cli:** only load sourcemap when `--debug` flag is enabled ([#​23752](https://togithub.com/aws/aws-cdk/issues/23752)) ([94102c1](https://togithub.com/aws/aws-cdk/commit/94102c1210a4d7906a03c81a1845466c988c06e7)) - **codeguruprofiler:** imported profiling group environment configured with stack region ([#​23568](https://togithub.com/aws/aws-cdk/issues/23568)) ([8bfa695](https://togithub.com/aws/aws-cdk/commit/8bfa695881f6b78a052ca5276a63d78c1a8c0dda)) - **lambda:** lambda functions that use triggers error when invoked ([#​23728](https://togithub.com/aws/aws-cdk/issues/23728)) ([37974ed](https://togithub.com/aws/aws-cdk/commit/37974ed91fda77a31aa99da75c1d7fb301135a5f)), closes [#​23062](https://togithub.com/aws/aws-cdk/issues/23062) [#​23062](https://togithub.com/aws/aws-cdk/issues/23062) [#​23407](https://togithub.com/aws/aws-cdk/issues/23407) [#​23407](https://togithub.com/aws/aws-cdk/issues/23407) - **lambda-nodejs:** aws-sdk version detection broken for self-defined runtimes ([#​23416](https://togithub.com/aws/aws-cdk/issues/23416)) ([8a7dffd](https://togithub.com/aws/aws-cdk/commit/8a7dffdd056ad6e4e1609deb43ba790a020b4997)), closes [#​22989](https://togithub.com/aws/aws-cdk/issues/22989) [/github.com/aws/aws-cdk/pull/22989/files#diff-cd86fbd4f2bbefcbcffc2143adccabafa1debe5981edbcdfcc766b5a705fe770R371-R383](https://togithub.com/aws//github.com/aws/aws-cdk/pull/22989/files/issues/diff-cd86fbd4f2bbefcbcffc2143adccabafa1debe5981edbcdfcc766b5a705fe770R371-R383) *** #### Alpha modules (2.62.0-alpha.0) ##### Features - **apprunner:** apprunner secrets manager ([#​23692](https://togithub.com/aws/aws-cdk/issues/23692)) ([a914fc0](https://togithub.com/aws/aws-cdk/commit/a914fc0614cd9aa634c5724c3474c99fd3888d98)) ##### Bug Fixes - **integ-runner:** cleanup tmp snapshot before running test ([#​23773](https://togithub.com/aws/aws-cdk/issues/23773)) ([366f2ab](https://togithub.com/aws/aws-cdk/commit/366f2ab6fbedaf33630a40d5306746c6d363f05c)) ### [`v2.61.1`](https://togithub.com/aws/aws-cdk/releases/v2.61.1) ##### Bug Fixes - **lambda:** lambda functions that use triggers error when invoked ([#​23728](https://togithub.com/aws/aws-cdk/issues/23728)) ([5fd9135](https://togithub.com/aws/aws-cdk/commit/5fd91352e4b625e003ee359563850852a50112ec)), closes [#​23062](https://togithub.com/aws/aws-cdk/issues/23062) [#​23062](https://togithub.com/aws/aws-cdk/issues/23062) [#​23407](https://togithub.com/aws/aws-cdk/issues/23407) [#​23407](https://togithub.com/aws/aws-cdk/issues/23407) *** #### Alpha modules (2.61.1-alpha.0) ### [`v2.61.0`](https://togithub.com/aws/aws-cdk/releases/v2.61.0) ##### Features - **cfnspec:** cloudformation spec v107.0.0 ([#​23698](https://togithub.com/aws/aws-cdk/issues/23698)) ([aca8a25](https://togithub.com/aws/aws-cdk/commit/aca8a256dcaf89b53f7af4f308b2f23e2e766902)) - **core:** stack synthesizers can be shared between stacks ([#​23571](https://togithub.com/aws/aws-cdk/issues/23571)) ([0ce19f0](https://togithub.com/aws/aws-cdk/commit/0ce19f0e1217a4a41a3a9c27049ab73c7fbc320d)) - **logs:** add unit to metric filter ([#​23608](https://togithub.com/aws/aws-cdk/issues/23608)) ([7cbe8ac](https://togithub.com/aws/aws-cdk/commit/7cbe8ac9286e5f7c3efb7f75aa859bf6b3bffecf)) - **opensearch:** add support for latest amazon opensearch service 2.3 ([#​22943](https://togithub.com/aws/aws-cdk/issues/22943)) ([0303d6f](https://togithub.com/aws/aws-cdk/commit/0303d6f7a71d2c70443df4433f0ff7554bcc4e56)) - **pipeline:** enable key rotation ([#​23620](https://togithub.com/aws/aws-cdk/issues/23620)) ([29d7336](https://togithub.com/aws/aws-cdk/commit/29d733677c4962199a848933a7415b47abb23a2f)) - **route53-patterns:** use `Certificate` as the default certificate (under feature flag) ([#​23575](https://togithub.com/aws/aws-cdk/issues/23575)) ([77709c8](https://togithub.com/aws/aws-cdk/commit/77709c8328fe664c1fca50223c8e64325cb70461)) ##### Bug Fixes - **aws-s3:** log delivery may be incorrectly configured when target bucket is imported ([#​23552](https://togithub.com/aws/aws-cdk/issues/23552)) ([41327d8](https://togithub.com/aws/aws-cdk/commit/41327d8e815b80c9148bd33751fdf1b70c3bc9cd)), closes [#​23547](https://togithub.com/aws/aws-cdk/issues/23547) [#​23588](https://togithub.com/aws/aws-cdk/issues/23588) - **cdk-assets:** concurrent asset builds can leave a corrupted archive ([#​23677](https://togithub.com/aws/aws-cdk/issues/23677)) ([18e0481](https://togithub.com/aws/aws-cdk/commit/18e0481a3bbcb92bd22ce4e83d4f02e03e484307)), closes [#​23290](https://togithub.com/aws/aws-cdk/issues/23290) - **cli:** can not assume role from 2-level SSO ([#​23702](https://togithub.com/aws/aws-cdk/issues/23702)) ([c3a345b](https://togithub.com/aws/aws-cdk/commit/c3a345be0eeb26e1b410d68643740f0aea8af4d7)), closes [#​23520](https://togithub.com/aws/aws-cdk/issues/23520) - **cloudtrail:** Trail fails during resource creation due to invalid template properties when management events are 'None' ([#​23569](https://togithub.com/aws/aws-cdk/issues/23569)) ([15ced88](https://togithub.com/aws/aws-cdk/commit/15ced888718531ddc59402f0c886c9b4f1fea67b)), closes [#​16387](https://togithub.com/aws/aws-cdk/issues/16387) [#​15488](https://togithub.com/aws/aws-cdk/issues/15488) - **lambda:** ever-changing Version hash with LayerVersion from tokens ([#​23629](https://togithub.com/aws/aws-cdk/issues/23629)) ([88fc62d](https://togithub.com/aws/aws-cdk/commit/88fc62d215d8c4aa3a4c423a06571ec45b51cec6)) - **pipelines:** cross-stack step dependencies have wrong name ([#​23594](https://togithub.com/aws/aws-cdk/issues/23594)) ([0d8142b](https://togithub.com/aws/aws-cdk/commit/0d8142bf6860cbebab9c1704f6ebf59b17a5704f)), closes [#​21843](https://togithub.com/aws/aws-cdk/issues/21843) - **servicecatalog:** incorrect objectkey produced from asset relative… ([#​23580](https://togithub.com/aws/aws-cdk/issues/23580)) ([b4a6120](https://togithub.com/aws/aws-cdk/commit/b4a6120af01b46bc688eebb8f8bb6fbde7f481fe)), closes [#​23560](https://togithub.com/aws/aws-cdk/issues/23560) - **stepfunctions-tasks:** fix IAM policy statements for step functions API calls ([#​22959](https://togithub.com/aws/aws-cdk/issues/22959)) ([dce662c](https://togithub.com/aws/aws-cdk/commit/dce662cae6eb493770d3c6f700c92a0b6c235195)) *** #### Alpha modules (2.61.0-alpha.0) ##### Features - **cli-lib:** \[JS/TS only] experimental support for programmatic CLI api ([#​22836](https://togithub.com/aws/aws-cdk/issues/22836)) ([0b6b716](https://togithub.com/aws/aws-cdk/commit/0b6b7166c3f0348cc33fd3a0d19637351ea3b05b)) ##### Bug Fixes - **glue:** --conf parameter is no longer a reserved keyword for glue jobs ([#​23673](https://togithub.com/aws/aws-cdk/issues/23673)) ([3d0f4ba](https://togithub.com/aws/aws-cdk/commit/3d0f4ba6dd92ad7b91b00fad6cbab873964683fc)) - **servicecatalogappregistry:** outputs are not deployable ([#​23652](https://togithub.com/aws/aws-cdk/issues/23652)) ([fa9eef0](https://togithub.com/aws/aws-cdk/commit/fa9eef081ead451a4d38bf083eda02af09fff482)), closes [#​23641](https://togithub.com/aws/aws-cdk/issues/23641) ### [`v2.60.0`](https://togithub.com/aws/aws-cdk/releases/v2.60.0) ##### Features - **appsync:** js resolver support ([#​23551](https://togithub.com/aws/aws-cdk/issues/23551)) ([2318384](https://togithub.com/aws/aws-cdk/commit/231838409cc1409c137ff27086e853ce2b0fbf1c)), closes [#​22921](https://togithub.com/aws/aws-cdk/issues/22921) - **appsync:** stabilize appsync module 🎆🎆 🎆 ([#​23633](https://togithub.com/aws/aws-cdk/issues/23633)) ([e5b0230](https://togithub.com/aws/aws-cdk/commit/e5b023089e168c50eda83a11db0e697b96caf7e9)), closes [#​6836](https://togithub.com/aws/aws-cdk/issues/6836) - **cfnspec:** cloudformation spec v106.0.0 ([#​23586](https://togithub.com/aws/aws-cdk/issues/23586)) ([f178c98](https://togithub.com/aws/aws-cdk/commit/f178c98d4473d8bb8d46d80c076fa520d03c623b)) - **cloudfront:** remove headers and server timing ([#​23558](https://togithub.com/aws/aws-cdk/issues/23558)) ([44a4812](https://togithub.com/aws/aws-cdk/commit/44a4812778d87af27809e5a733c6e5ea6b65004b)) - **cognito:** use secretsmanager secrets for clientSecretValue ([#​22885](https://togithub.com/aws/aws-cdk/issues/22885)) ([4baea78](https://togithub.com/aws/aws-cdk/commit/4baea78f415566dea499f4ce49fc24d4dc7c4ef7)) - **ec2:** subnet ipv4 cidr blocks on imported vpc ([#​23317](https://togithub.com/aws/aws-cdk/issues/23317)) ([e0885db](https://togithub.com/aws/aws-cdk/commit/e0885db29c8b45cfe9da1df8b55af2bf78892a04)) - **ecr-assets:** Support docker outputs flag ([#​23304](https://togithub.com/aws/aws-cdk/issues/23304)) ([61e5495](https://togithub.com/aws/aws-cdk/commit/61e5495105e06aba4c027fb33ae031da09a3ff33)), closes [#​20566](https://togithub.com/aws/aws-cdk/issues/20566) - **pipelines:** Expose stack output namespaces in custom `pipelines.Step`s ([#​23110](https://togithub.com/aws/aws-cdk/issues/23110)) ([14f6811](https://togithub.com/aws/aws-cdk/commit/14f6811b89a0ae374863a3b2bdd36997ce67883e)), closes [/github.com/aws/aws-cdk/issues/23000#issuecomment-1324379670](https://togithub.com/aws//github.com/aws/aws-cdk/issues/23000/issues/issuecomment-1324379670) ##### Bug Fixes - **acm:** domainName length constraint failure due to Tokens ([#​23567](https://togithub.com/aws/aws-cdk/issues/23567)) ([2d7e3c0](https://togithub.com/aws/aws-cdk/commit/2d7e3c0e9edfb8f3e30dc0c1efaeb03fde19db7c)), closes [#​23565](https://togithub.com/aws/aws-cdk/issues/23565) - **aws-custom-resource:** switch off `installLatestAwsSdk` by default ([#​23591](https://togithub.com/aws/aws-cdk/issues/23591)) ([c9b2548](https://togithub.com/aws/aws-cdk/commit/c9b2548126f01fd918009df0a42f0ab4c5e69cc3)), closes [#​23113](https://togithub.com/aws/aws-cdk/issues/23113) - **bootstrap:** KMS keys cannot be tagged ([#​21975](https://togithub.com/aws/aws-cdk/issues/21975)) ([0e552db](https://togithub.com/aws/aws-cdk/commit/0e552dbb63a97cd6a7a65cae80ae863609237e61)), closes [#​21281](https://togithub.com/aws/aws-cdk/issues/21281) - **events:** cross stack rules require concrete environment ([#​23549](https://togithub.com/aws/aws-cdk/issues/23549)) ([22d3341](https://togithub.com/aws/aws-cdk/commit/22d3341c2239b046473ded3fcbc85b5cbc4a37a1)), closes [#​18405](https://togithub.com/aws/aws-cdk/issues/18405) - **iam:** create stack based default policies for roles ([#​23100](https://togithub.com/aws/aws-cdk/issues/23100)) ([dea4216](https://togithub.com/aws/aws-cdk/commit/dea4216a3f2e6727a6bc49d632c03b3f0a416947)) - **lambda:** automatic `currentVersion` conflicts with explicit `Version` resource ([#​23636](https://togithub.com/aws/aws-cdk/issues/23636)) ([de68652](https://togithub.com/aws/aws-cdk/commit/de6865229ee824c01431ae27509dbcd3e1a83763)), closes [#​23225](https://togithub.com/aws/aws-cdk/issues/23225) *** #### Alpha modules (2.60.0-alpha.0) ##### Features - **gamelift:** add MatchmakingConfiguration L2 Construct for GameLift ([#​23326](https://togithub.com/aws/aws-cdk/issues/23326)) ([9b2573b](https://togithub.com/aws/aws-cdk/commit/9b2573b32e8535d3db21f07647f099c9e01eb292)) - **integ-runner:** support `--language` presets for JavaScript, TypeScript, Python and Go ([#​22058](https://togithub.com/aws/aws-cdk/issues/22058)) ([22673b2](https://togithub.com/aws/aws-cdk/commit/22673b2ea40c13b6c10a2c7c628ce5cc534f5840)), closes [#​21169](https://togithub.com/aws/aws-cdk/issues/21169) ### [`v2.59.0`](https://togithub.com/aws/aws-cdk/releases/v2.59.0) ##### Features - **cfnspec:** cloudformation spec v105.0.0 ([#​23501](https://togithub.com/aws/aws-cdk/issues/23501)) ([72bd3a0](https://togithub.com/aws/aws-cdk/commit/72bd3a0ce96c9fd98bbf2f3eb76db1336c8a3029)) - **s3:** use Bucket Policy for Server Access Logging grant (under feature flag) ([#​23386](https://togithub.com/aws/aws-cdk/issues/23386)) ([6975a7e](https://togithub.com/aws/aws-cdk/commit/6975a7ea06a5680bebd38ad5c26ab5bd566d33b1)), closes [#​22183](https://togithub.com/aws/aws-cdk/issues/22183) - **servicecatalog:** Add Product Stack Asset Support ([#​22857](https://togithub.com/aws/aws-cdk/issues/22857)) ([ceaac3a](https://togithub.com/aws/aws-cdk/commit/ceaac3ad49fcfdb89ec80c2784934589542e80b6)), closes [#​20690](https://togithub.com/aws/aws-cdk/issues/20690) ##### Bug Fixes - **lambda-nodejs:** unable to use `nodeModules` with pnpm ([#​21911](https://togithub.com/aws/aws-cdk/issues/21911)) ([7c752db](https://togithub.com/aws/aws-cdk/commit/7c752db4aa83b242098483fc006c1100d1be11a9)), closes [#​21910](https://togithub.com/aws/aws-cdk/issues/21910) - **servicecatalog:** make assetBuckets a required property ([#​23507](https://togithub.com/aws/aws-cdk/issues/23507)) ([10b6b96](https://togithub.com/aws/aws-cdk/commit/10b6b96f35ac32a60aa2bf4ea1856158392ae8ad)) *** #### Alpha modules (2.59.0-alpha.0) ### [`v2.58.1`](https://togithub.com/aws/aws-cdk/releases/v2.58.1) ##### Features - **cfnspec:** cloudformation spec v105.0.0 ([#​23501](https://togithub.com/aws/aws-cdk/issues/23501)) ([05c3411](https://togithub.com/aws/aws-cdk/commit/05c3411047ce1d5ad4f2d6e564a6b8d20f76bea6)) *** #### Alpha modules (2.58.1-alpha.0) ### [`v2.58.0`](https://togithub.com/aws/aws-cdk/releases/v2.58.0) ##### Features - **assertions:** improve printing of match failures ([#​23453](https://togithub.com/aws/aws-cdk/issues/23453)) ([2676386](https://togithub.com/aws/aws-cdk/commit/267638674474c4cac9be5ca0d7f8b9a538ba2e39)) *** #### Alpha modules (2.58.0-alpha.0) ### [`v2.57.0`](https://togithub.com/aws/aws-cdk/releases/v2.57.0) ##### Features - **cfnspec:** cloudformation spec v103.0.0 ([#​23452](https://togithub.com/aws/aws-cdk/issues/23452)) ([e49e57d](https://togithub.com/aws/aws-cdk/commit/e49e57d3106f62c5d64c428cba73b4107d664cba)) - **lambda:** add support for auto-instrumentation with ADOT Lambda layer ([#​23027](https://togithub.com/aws/aws-cdk/issues/23027)) ([fc70535](https://togithub.com/aws/aws-cdk/commit/fc70535fe699e72332d5ddb4543308e76a89594a)) ##### Bug Fixes - **cfnspec:** v101.0.0 introduced specific types on several types that previously were typed as json ([#​23448](https://togithub.com/aws/aws-cdk/issues/23448)) ([4fbc182](https://togithub.com/aws/aws-cdk/commit/4fbc1827b8978262da0b5b77b1ee9bc0ecfdcc3e)) - **codedeploy:** referenced Applications are not environment-aware ([#​23405](https://togithub.com/aws/aws-cdk/issues/23405)) ([96242d7](https://togithub.com/aws/aws-cdk/commit/96242d73c0ae853524a567aece86f8a8a514495c)) - **s3:** buckets with SSE-KMS silently fail to receive logs ([#​23385](https://togithub.com/aws/aws-cdk/issues/23385)) ([1b7a384](https://togithub.com/aws/aws-cdk/commit/1b7a384c330d168d64c0cd82118e5b5473d08a67)) *** #### Alpha modules (2.57.0-alpha.0) ##### Bug Fixes - **aws-redshift:** Columns are not dropped on removal from array ([#​23011](https://togithub.com/aws/aws-cdk/issues/23011)) ([2981313](https://togithub.com/aws/aws-cdk/commit/298131312b513c0e73865e6fff74c189ee99e328)), closes [#​22208](https://togithub.com/aws/aws-cdk/issues/22208) ### [`v2.56.1`](https://togithub.com/aws/aws-cdk/releases/v2.56.1) ##### Bug Fixes - **cfnspec:** v101.0.0 introduced specific types on several types that previously were typed as json ([#​23448](https://togithub.com/aws/aws-cdk/issues/23448)) ([1b4e3a4](https://togithub.com/aws/aws-cdk/commit/1b4e3a4b503d5d08e976ccf245c20f4430bcba46)) *** #### Alpha modules (2.56.1-alpha.0) ### [`v2.56.0`](https://togithub.com/aws/aws-cdk/releases/v2.56.0) ##### Features - **aws-cognito:** add AuthSessionValidity property on a UserPoolClient ([#​23040](https://togithub.com/aws/aws-cdk/issues/23040)) ([8896fb9](https://togithub.com/aws/aws-cdk/commit/8896fb902ad9c8d91a5ddb63df64963186bd09e1)), closes [#​22854](https://togithub.com/aws/aws-cdk/issues/22854) - **cfnspec:** cloudformation spec v102.0.0 ([#​23372](https://togithub.com/aws/aws-cdk/issues/23372)) ([480b0a5](https://togithub.com/aws/aws-cdk/commit/480b0a5098e51248bbf36ebf2bcec57cc791c2b0)) - **core:** CfnResource dependency methods ([#​23383](https://togithub.com/aws/aws-cdk/issues/23383)) ([ecedb00](https://togithub.com/aws/aws-cdk/commit/ecedb00ee3a3cfcaa2564a679fa635aff38f32d8)), closes [#​20419](https://togithub.com/aws/aws-cdk/issues/20419) [#​20418](https://togithub.com/aws/aws-cdk/issues/20418) - **lambda:** expose all docker run options to container bundling of all lambda variants ([#​23318](https://togithub.com/aws/aws-cdk/issues/23318)) ([02d0876](https://togithub.com/aws/aws-cdk/commit/02d0876bbb196e9fbeb32d977e7cf65229c8559d)), closes [#​22829](https://togithub.com/aws/aws-cdk/issues/22829) - **trigger:** Allow trigger to work with Lambda functions with long timeouts ([#​23062](https://togithub.com/aws/aws-cdk/issues/23062)) ([9fd3811](https://togithub.com/aws/aws-cdk/commit/9fd3811b3213a227b84d79348e635a520fc537c7)), closes [#​23058](https://togithub.com/aws/aws-cdk/issues/23058) ##### Bug Fixes - **apigateway:** allow multi-level base path mapping ([#​23362](https://togithub.com/aws/aws-cdk/issues/23362)) ([86b6c6f](https://togithub.com/aws/aws-cdk/commit/86b6c6f796cbd15b7c53a4c04 </details> --- ### Configuration 📅 **Schedule**: At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, click this checkbox. --- This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate).
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [Amazon.CDK.Lib](https://togithub.com/aws/aws-cdk) | nuget | minor | `2.46.0` -> `2.71.0` | --- ### Release Notes <details> <summary>aws/aws-cdk</summary> ### [`v2.71.0`](https://togithub.com/aws/aws-cdk/releases/v2.71.0) ##### Features - **core:** template validation after synthesis ([#​23951](https://togithub.com/aws/aws-cdk/issues/23951)) ([91d6509](https://togithub.com/aws/aws-cdk/commit/91d6509ce43285a20aca85d45e4017b7dcfbe49f)) ##### Bug Fixes - **lambda-nodejs:** pnpm no longer supports nodejs14.x ([#​24821](https://togithub.com/aws/aws-cdk/issues/24821)) ([a8e9370](https://togithub.com/aws/aws-cdk/commit/a8e9370012798a339f6d66f5d441723dd9984c86)) *** #### Alpha modules (2.71.0-alpha.0) ### [`v2.70.0`](https://togithub.com/aws/aws-cdk/releases/v2.70.0) ##### Features - **cfnspec:** cloudformation spec v116.0.0 ([#​24662](https://togithub.com/aws/aws-cdk/issues/24662)) ([e8158af](https://togithub.com/aws/aws-cdk/commit/e8158af34eb6402c79edbc171746fb5501775c68)) - **cloudwatch:** added defaultInterval prop to cw-dashboard ([#​24707](https://togithub.com/aws/aws-cdk/issues/24707)) ([d4717cf](https://togithub.com/aws/aws-cdk/commit/d4717cf035c9f7027d8081ea1f15a631044315e8)) - **ec2:** CFN-init support for systemd ([#​24683](https://togithub.com/aws/aws-cdk/issues/24683)) ([f3fe8e1](https://togithub.com/aws/aws-cdk/commit/f3fe8e1c4348194f89b47a276e6c85328b1044fa)) - **ec2:** SSM sessions ([#​24673](https://togithub.com/aws/aws-cdk/issues/24673)) ([9744a82](https://togithub.com/aws/aws-cdk/commit/9744a8295fab28f1e8c38a0b980935f7546990e6)) - **ecr:** add option to auto delete images upon ECR repository removal ([#​24572](https://togithub.com/aws/aws-cdk/issues/24572)) ([7de5b00](https://togithub.com/aws/aws-cdk/commit/7de5b00dcf24c4f6721317860c7e42c485e3ca58)), closes [#​15932](https://togithub.com/aws/aws-cdk/issues/15932) [#​12618](https://togithub.com/aws/aws-cdk/issues/12618) [#​15932](https://togithub.com/aws/aws-cdk/issues/15932) - **elasticloadbalancing:** classic load balancer supports ec2 instances ([#​24353](https://togithub.com/aws/aws-cdk/issues/24353)) ([25b6edd](https://togithub.com/aws/aws-cdk/commit/25b6edd9d83e4766a2cb064b8eb8e3c6198b4f53)), closes [#​23500](https://togithub.com/aws/aws-cdk/issues/23500) - **servicecatalogappregistry-alpha:** Introduce flag to control application sharing and association behavior for cross-account stacks ([#​24408](https://togithub.com/aws/aws-cdk/issues/24408)) ([2167289](https://togithub.com/aws/aws-cdk/commit/2167289658e8f3431ec815c741277dc1be1aa110)), closes [aws-cdk/aws-servicecatalogappregistry/lib/aspects/stack-associator.ts#L91-L95](https://togithub.com/aws-cdk/aws-servicecatalogappregistry/lib/aspects/stack-associator.ts/issues/L91-L95) ##### Bug Fixes - **bootstrap:** remove Security Hub finding KMS.2 ([#​24588](https://togithub.com/aws/aws-cdk/issues/24588)) ([274c3d5](https://togithub.com/aws/aws-cdk/commit/274c3d54dcc0b9534d1ede287fe3672ec9883dbe)), closes [/docs.aws.amazon.com/securityhub/latest/userguide/kms-controls.html#kms-2](https://togithub.com/aws//docs.aws.amazon.com/securityhub/latest/userguide/kms-controls.html/issues/kms-2) - **cli:** no change deployment prints "hotswap deployment skipped" without hotswap flag ([#​24602](https://togithub.com/aws/aws-cdk/issues/24602)) ([79151fd](https://togithub.com/aws/aws-cdk/commit/79151fd7f4916defeb1e17d3bcdbec1e119ec994)) - **cli:** user agent is reported as `undefined/undefined` ([#​24663](https://togithub.com/aws/aws-cdk/issues/24663)) ([3e8d8d8](https://togithub.com/aws/aws-cdk/commit/3e8d8d8e1b9a88376a6460094dea0c08ce19742e)) - **eks:** fail to update cluster by disabling logging props ([#​24688](https://togithub.com/aws/aws-cdk/issues/24688)) ([767cf93](https://togithub.com/aws/aws-cdk/commit/767cf93eb131c707f8243e8f3779dd3bad89271a)) - **sfn:** stop replacing JsonPath.DISCARD with `null` ([#​24717](https://togithub.com/aws/aws-cdk/issues/24717)) ([413b643](https://togithub.com/aws/aws-cdk/commit/413b64347f333573b2a07150e87244bd4c11d264)), closes [#​24593](https://togithub.com/aws/aws-cdk/issues/24593) - **toolkit:** RWLock.acquireRead is not re-entrant ([#​24702](https://togithub.com/aws/aws-cdk/issues/24702)) ([3b7431b](https://togithub.com/aws/aws-cdk/commit/3b7431b6ac27f8557c22a8959ae1ce431f6d2167)) - **WAFv2:** add patch to revert struct names ([#​24651](https://togithub.com/aws/aws-cdk/issues/24651)) ([dfa09d1](https://togithub.com/aws/aws-cdk/commit/dfa09d133523f0457a9ab2369bde13b44c398c30)), closes [/github.com/aws/aws-cdk/commit/affe040c8443be074822254d1e75a28b264cd801#diff-827a2fd012e049c7ccedffa0360c12e7d967a173f36b8150de73ef6adc42ee4cL175-L357](https://togithub.com/aws//github.com/aws/aws-cdk/commit/affe040c8443be074822254d1e75a28b264cd801/issues/diff-827a2fd012e049c7ccedffa0360c12e7d967a173f36b8150de73ef6adc42ee4cL175-L357) *** #### Alpha modules (2.70.0-alpha.0) ##### ⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES - **servicecatalogappregistry:** This commit contains destructive changes to the RAM Share. Since the application RAM share name is calculated by the application construct, where one method is added. Integration test detects a breaking change where RAM share will be created. Integration test snapshot is updated to cater this destructive change. ##### Features - **servicecatalogappregistry:** add attribute groups to an application ([#​24672](https://togithub.com/aws/aws-cdk/issues/24672)) ([7baffa2](https://togithub.com/aws/aws-cdk/commit/7baffa239a7904cd73ac73537101ed5bd40aa9a0)) ### [`v2.69.0`](https://togithub.com/aws/aws-cdk/releases/v2.69.0) ##### Features - **custom-resources:** AwsCustomResource copy physicalResourceId from request when omit it in onUpdate ([#​24194](https://togithub.com/aws/aws-cdk/issues/24194)) ([21ad7a7](https://togithub.com/aws/aws-cdk/commit/21ad7a7a0462a00c491ed104163d2065828a9aa1)), closes [#​23843](https://togithub.com/aws/aws-cdk/issues/23843) - **docdb:** added ability to enable performance insights ([#​24039](https://togithub.com/aws/aws-cdk/issues/24039)) ([c897f44](https://togithub.com/aws/aws-cdk/commit/c897f44ea438487a8bf48053dead667c35cade02)), closes [#​24036](https://togithub.com/aws/aws-cdk/issues/24036) - **ecr-assets:** Support cache-from and cache-to flags ([#​24024](https://togithub.com/aws/aws-cdk/issues/24024)) ([4e02566](https://togithub.com/aws/aws-cdk/commit/4e02566fab0f6c6708c9ee766e2805adbb329f18)) - **eks:** support for Kubernetes version 1.25 ([#​24484](https://togithub.com/aws/aws-cdk/issues/24484)) ([70fd3e9](https://togithub.com/aws/aws-cdk/commit/70fd3e97e5b3555f4036ada6e562cec4359cadeb)), closes [#​24282](https://togithub.com/aws/aws-cdk/issues/24282) - **rds:** add support for minor versions of PostgreSQL: 14.7, 13.10, 12.14, and 11.19 ([#​24539](https://togithub.com/aws/aws-cdk/issues/24539)) ([15cb919](https://togithub.com/aws/aws-cdk/commit/15cb919fab9d20d0e8f0485662131cbb10980269)) - **rds:** PostgreSQL engine version 15.2 ([#​24463](https://togithub.com/aws/aws-cdk/issues/24463)) ([59d795b](https://togithub.com/aws/aws-cdk/commit/59d795b6e8d77b2d2d099169eaeb83a66c9d6a1a)), closes [#​24462](https://togithub.com/aws/aws-cdk/issues/24462) ##### Bug Fixes - **custom-resource:** custom resources fail with data containing multi-byte utf8 chars ([#​24501](https://togithub.com/aws/aws-cdk/issues/24501)) ([9bd5078](https://togithub.com/aws/aws-cdk/commit/9bd507842f567ee3e450c3f44e5c3dccc7c42ae6)), closes [#​24491](https://togithub.com/aws/aws-cdk/issues/24491) - **ecr-assets:** prefix cache arguments correctly ([#​24524](https://togithub.com/aws/aws-cdk/issues/24524)) ([d451b30](https://togithub.com/aws/aws-cdk/commit/d451b3014a1d39e0a6ea18c2ec79a547b187adc5)) - **pipelines:** Ubuntu 5 images will be slow, move to Ubuntu 6 ([#​24544](https://togithub.com/aws/aws-cdk/issues/24544)) ([1f62c43](https://togithub.com/aws/aws-cdk/commit/1f62c438fb68332a492b624bad65159cc9c0308f)) - **sfn:** can't override toStateJson() from other languages ([#​24593](https://togithub.com/aws/aws-cdk/issues/24593)) ([e955d18](https://togithub.com/aws/aws-cdk/commit/e955d18052b8ec397c06ae6994b96bb7558e12bb)), closes [#​14639](https://togithub.com/aws/aws-cdk/issues/14639) *** #### Alpha modules (2.69.0-alpha.0) ##### Features - **kinesisanalytics-flink:** VPC support for Flink applications ([#​24442](https://togithub.com/aws/aws-cdk/issues/24442)) ([7c7ad6d](https://togithub.com/aws/aws-cdk/commit/7c7ad6d18bd0d48a30858c1964d27d8a02b274ae)), closes [40aws-cdk/aws-lambda/lib/function.ts#L170](https://togithub.com/40aws-cdk/aws-lambda/lib/function.ts/issues/L170) [#​21104](https://togithub.com/aws/aws-cdk/issues/21104) ### [`v2.68.0`](https://togithub.com/aws/aws-cdk/releases/v2.68.0) ##### Bug Fixes - **apprunner-alpha:** env vars and secrets can't solely be added via .add\*() methods ([#​24346](https://togithub.com/aws/aws-cdk/issues/24346)) ([45195b6](https://togithub.com/aws/aws-cdk/commit/45195b6f2e5162eaa795d3a412d89dd09680aa8b)), closes [#​24345](https://togithub.com/aws/aws-cdk/issues/24345) - **cli:** cannot `cdk import` resources with multiple identifiers ([#​24439](https://togithub.com/aws/aws-cdk/issues/24439)) ([a70ff1a](https://togithub.com/aws/aws-cdk/commit/a70ff1ad332af780c052e3117b73df060deee7ae)), closes [#​20895](https://togithub.com/aws/aws-cdk/issues/20895) - **core:** Fix dotnet version check to allow .NET 7.0 ([#​24467](https://togithub.com/aws/aws-cdk/issues/24467)) ([a4856e9](https://togithub.com/aws/aws-cdk/commit/a4856e997684f84476fe92e00afcd4da76a69b04)), closes [#​24466](https://togithub.com/aws/aws-cdk/issues/24466) - **lambda-nodejs:** esbuild preCompilation tsconfig precedence is wrong ([#​23871](https://togithub.com/aws/aws-cdk/issues/23871)) ([790a709](https://togithub.com/aws/aws-cdk/commit/790a709d758333f4622c5fb860d9bbb48dee7106)) - **lambda-nodejs:** Required auto prefix of `handler` with `index.` breaks custom non-`index` handler settings used by layers ([#​24406](https://togithub.com/aws/aws-cdk/issues/24406)) ([d7a1c34](https://togithub.com/aws/aws-cdk/commit/d7a1c34e540e12413319918a5d807060057a1a1b)), closes [#​24403](https://togithub.com/aws/aws-cdk/issues/24403) - **rds:** add clusterResourceIdentifier property to database cluster ([#​23605](https://togithub.com/aws/aws-cdk/issues/23605)) ([6bda4e5](https://togithub.com/aws/aws-cdk/commit/6bda4e5ae4205a917a00714433f136550c59e409)) *** #### Alpha modules (2.68.0-alpha.0) ##### ⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES - **servicecatalogappregistry:** This commit contains destructive changes to the RAM Share. Since the application RAM share name is calculated by the application construct, where one property is removed. Integration test detects a breaking change where RAM share will be created. Integration test snapshot is updated to cater this destructive change. ##### Features - **msk:** add Kafka version 3.3.2 ([#​24440](https://togithub.com/aws/aws-cdk/issues/24440)) ([1b2014e](https://togithub.com/aws/aws-cdk/commit/1b2014eef9e3f2190b2cce79c55f635cc1f167e3)), closes [#​24432](https://togithub.com/aws/aws-cdk/issues/24432) - **redshift:** column compression encodings and comments can now be customised ([#​24177](https://togithub.com/aws/aws-cdk/issues/24177)) ([1ca3e00](https://togithub.com/aws/aws-cdk/commit/1ca3e0027323e84aacade4d9bd058bbc5687a7ab)), closes [#​24165](https://togithub.com/aws/aws-cdk/issues/24165) [#​23597](https://togithub.com/aws/aws-cdk/issues/23597) [#​22506](https://togithub.com/aws/aws-cdk/issues/22506) - **redshift:** columns require an id attribute (under feature flag) ([#​24272](https://togithub.com/aws/aws-cdk/issues/24272)) ([9a07ab0](https://togithub.com/aws/aws-cdk/commit/9a07ab008d1b6d23e9a302921f1a5165a21fb128)), closes [#​24234](https://togithub.com/aws/aws-cdk/issues/24234) ##### Bug Fixes - **servicecatalogappregistry:** allow disabling automatic CfnOutput ([#​24483](https://togithub.com/aws/aws-cdk/issues/24483)) ([3db1a0d](https://togithub.com/aws/aws-cdk/commit/3db1a0d0bcf615871a225919eed235b78904e144)), closes [#​23779](https://togithub.com/aws/aws-cdk/issues/23779) - **servicecatalogappregistry:** Associate an application with attribute group ([#​24378](https://togithub.com/aws/aws-cdk/issues/24378)) ([d1264c1](https://togithub.com/aws/aws-cdk/commit/d1264c1c414257fb8dd5288fdc24cfe9605cdf90)) ### [`v2.67.0`](https://togithub.com/aws/aws-cdk/releases/v2.67.0) ##### Features - **apigateway:** minCompressionSize on SpecRestApi ([#​24067](https://togithub.com/aws/aws-cdk/issues/24067)) ([2a81f0f](https://togithub.com/aws/aws-cdk/commit/2a81f0f7d9eb73cd0e807904357a5daf7d6e5017)), closes [#​22926](https://togithub.com/aws/aws-cdk/issues/22926) - **bootstrap:** prevent accidental bootstrap overwrites ([#​24302](https://togithub.com/aws/aws-cdk/issues/24302)) ([3b251a5](https://togithub.com/aws/aws-cdk/commit/3b251a5e8e74332076c9e5dc810a80775fa77d61)) - **cli:** update csharp & fsharp template to net6.0 ([#​23926](https://togithub.com/aws/aws-cdk/issues/23926)) ([3bd611d](https://togithub.com/aws/aws-cdk/commit/3bd611dcbdf802dbc918d0ecedaf3ac3d9d73503)), closes [#​23921](https://togithub.com/aws/aws-cdk/issues/23921) - **codebuild:** adds file asset support to build-spec ([#​24289](https://togithub.com/aws/aws-cdk/issues/24289)) ([7cda567](https://togithub.com/aws/aws-cdk/commit/7cda5673fd3f6c5cd56ea59d71b14115f2a388f2)), closes [#​1138](https://togithub.com/aws/aws-cdk/issues/1138) - **ecs:** enable default capacity provider strategy ([#​23955](https://togithub.com/aws/aws-cdk/issues/23955)) ([5a30ea6](https://togithub.com/aws/aws-cdk/commit/5a30ea6536df0fda0e0e7bb89d45666f57fb8890)) - **eks:** add helm flag --skip-crds ([#​24213](https://togithub.com/aws/aws-cdk/issues/24213)) ([f68dbc2](https://togithub.com/aws/aws-cdk/commit/f68dbc2ce76a2df51081e959aa70e373a9bf5ac6)), closes [#​24296](https://togithub.com/aws/aws-cdk/issues/24296) - **sns:** Add FilterPolicyScope support ([#​23108](https://togithub.com/aws/aws-cdk/issues/23108)) ([d986e14](https://togithub.com/aws/aws-cdk/commit/d986e143df3cf9b42031eba0f5a2d9a71d6d9208)) - **stepfunctions-tasks:** add revision number ([#​24226](https://togithub.com/aws/aws-cdk/issues/24226)) ([643042b](https://togithub.com/aws/aws-cdk/commit/643042b8a15779b8a535567085b31424f4373515)), closes [#​23491](https://togithub.com/aws/aws-cdk/issues/23491) ##### Bug Fixes - **cdk-assets:** Error when building Docker Image Assets with Podman ([#​24003](https://togithub.com/aws/aws-cdk/issues/24003)) ([4b08e20](https://togithub.com/aws/aws-cdk/commit/4b08e20be3b829c752e425883da09188b2dcff72)), closes [/github.com/aws/aws-cdk/issues/16209#issue-978267269](https://togithub.com/aws//github.com/aws/aws-cdk/issues/16209/issues/issue-978267269) [#​16209](https://togithub.com/aws/aws-cdk/issues/16209) - **cloudwatch:** math expressions incorrectly warn about search and metrics ([#​24313](https://togithub.com/aws/aws-cdk/issues/24313)) ([f3596eb](https://togithub.com/aws/aws-cdk/commit/f3596eb26f1e4ab360875bf5f79a7de991d2a9ec)), closes [#​20136](https://togithub.com/aws/aws-cdk/issues/20136) - **ec2:** userData in launchTemplate is created automatically when machineImege is provided ([#​23593](https://togithub.com/aws/aws-cdk/issues/23593)) ([bb4311b](https://togithub.com/aws/aws-cdk/commit/bb4311bf05b64cc95a89a319743e3883fd3c5b15)), closes [#​23592](https://togithub.com/aws/aws-cdk/issues/23592) [/github.com/aws/aws-cdk/pull/12385#discussion_r564614928](https://togithub.com/aws//github.com/aws/aws-cdk/pull/12385/issues/discussion_r564614928) - **ecr-assets:** fix repeated deploys of stacks with tar assets ([#​23497](https://togithub.com/aws/aws-cdk/issues/23497)) ([c2296a8](https://togithub.com/aws/aws-cdk/commit/c2296a87116c7bbaf6103a03364326c760a8f952)), closes [#​18823](https://togithub.com/aws/aws-cdk/issues/18823) [#​18822](https://togithub.com/aws/aws-cdk/issues/18822) - **efs:** support tagging for access point ([#​24336](https://togithub.com/aws/aws-cdk/issues/24336)) ([f9af47f](https://togithub.com/aws/aws-cdk/commit/f9af47f1fe48e66412d95f3eeef931c9322ba5b7)), closes [#​20743](https://togithub.com/aws/aws-cdk/issues/20743) - **eks:** changing the subnets or securityGroupIds order causes an error ([#​24163](https://togithub.com/aws/aws-cdk/issues/24163)) ([09c2c19](https://togithub.com/aws/aws-cdk/commit/09c2c19f22979482020652d902a73dfcc4e593bd)), closes [#​24162](https://togithub.com/aws/aws-cdk/issues/24162) - **eks:** fix helm deploy login for public ECR repositories ([#​24104](https://togithub.com/aws/aws-cdk/issues/24104)) ([71ec6b6](https://togithub.com/aws/aws-cdk/commit/71ec6b660cf5062c12c5205dadfc28f893251e4f)), closes [#​23977](https://togithub.com/aws/aws-cdk/issues/23977) - **eks:** integ tests errors ([#​24276](https://togithub.com/aws/aws-cdk/issues/24276)) ([07f2d7b](https://togithub.com/aws/aws-cdk/commit/07f2d7b0b947cec31ed3132b95372b9975efa01e)) - **secretsmanager:** secret resource policy already exists in stack (under feature flag) ([#​24365](https://togithub.com/aws/aws-cdk/issues/24365)) ([7dd8b7e](https://togithub.com/aws/aws-cdk/commit/7dd8b7e1ce88a13e597e52ff95353d74ab4807f1)), closes [#​24383](https://togithub.com/aws/aws-cdk/issues/24383) - **servicecatalog:** wrong asset path is generated in case outdir is absolute ([#​24393](https://togithub.com/aws/aws-cdk/issues/24393)) ([0ebbf58](https://togithub.com/aws/aws-cdk/commit/0ebbf58bdd3307f536334beb5d1153e3ef660f18)), closes [#​24392](https://togithub.com/aws/aws-cdk/issues/24392) - **sns:** sns subscription filter policy condition limit should be 150 ([#​24269](https://togithub.com/aws/aws-cdk/issues/24269)) ([1e1131c](https://togithub.com/aws/aws-cdk/commit/1e1131c207de2df7d5881a57cc28daa59bad975a)) - Correct SamlConsolePrincipal for non-China ([#​24277](https://togithub.com/aws/aws-cdk/issues/24277)) ([e47646c](https://togithub.com/aws/aws-cdk/commit/e47646c0ff317a421b2f042158fcc0c7ae1aa2cf)), closes [#​24243](https://togithub.com/aws/aws-cdk/issues/24243) *** #### Alpha modules (2.67.0-alpha.0) ##### Features - **msk:** add Kafka versions 3.1.1, 3.2.0, and and 3.3.1 ([#​23918](https://togithub.com/aws/aws-cdk/issues/23918)) ([53a1d5f](https://togithub.com/aws/aws-cdk/commit/53a1d5fd81eabf5e9d846411754a554549f9f62c)), closes [#​23899](https://togithub.com/aws/aws-cdk/issues/23899) ##### Bug Fixes - **servicecatalogappregistry:** applicationName can not be changed after deployment ([#​24409](https://togithub.com/aws/aws-cdk/issues/24409)) ([6aa763f](https://togithub.com/aws/aws-cdk/commit/6aa763f100e5561f4554627116a458abba930480)) ### [`v2.66.1`](https://togithub.com/aws/aws-cdk/releases/v2.66.1) ##### Bug Fixes - Correct SamlConsolePrincipal for non-China ([#​24277](https://togithub.com/aws/aws-cdk/issues/24277)) ([d562871](https://togithub.com/aws/aws-cdk/commit/d562871824350483e80bf6a28868280381e9e83e)), closes [#​24243](https://togithub.com/aws/aws-cdk/issues/24243) *** #### Alpha modules (2.66.1-alpha.0) ### [`v2.66.0`](https://togithub.com/aws/aws-cdk/releases/v2.66.0) ##### Features - **cloudwatch:** parse all metrics statistics and support long format ([#​23095](https://togithub.com/aws/aws-cdk/issues/23095)) ([853e3d6](https://togithub.com/aws/aws-cdk/commit/853e3d631ef0490b0e2d14fdcf50df9f745de3eb)), closes [#​23074](https://togithub.com/aws/aws-cdk/issues/23074) [40aws-cdk/aws-cloudwatch/lib/metric.ts#L295-L296](https://togithub.com/40aws-cdk/aws-cloudwatch/lib/metric.ts/issues/L295-L296) - **core:** Size.bytes() ([#​24136](https://togithub.com/aws/aws-cdk/issues/24136)) ([9b2a45a](https://togithub.com/aws/aws-cdk/commit/9b2a45a6757c91011f47a6b3893cdfa0f4891002)), closes [#​24106](https://togithub.com/aws/aws-cdk/issues/24106) - **efs:** support file system policy ([#​24196](https://togithub.com/aws/aws-cdk/issues/24196)) ([5e0f44b](https://togithub.com/aws/aws-cdk/commit/5e0f44b05232c70f35f79d27f1294f943fbeb568)), closes [#​24042](https://togithub.com/aws/aws-cdk/issues/24042) - **logs:** Add support for multiple parse and filter statements in QueryString ([#​24022](https://togithub.com/aws/aws-cdk/issues/24022)) ([75eb933](https://togithub.com/aws/aws-cdk/commit/75eb9330194824cdf435ae64095813191fcd6e13)) - **stepfunctions:** removal policy for state machines ([#​24105](https://togithub.com/aws/aws-cdk/issues/24105)) ([5f33a26](https://togithub.com/aws/aws-cdk/commit/5f33a26937a78a7d28f913e86c3a2d0b00746e6a)) ##### Bug Fixes - **apigateway:** rest api deployment does not depend on authorizers ([#​23215](https://togithub.com/aws/aws-cdk/issues/23215)) ([12e13c1](https://togithub.com/aws/aws-cdk/commit/12e13c130cac347d5d042d414086e9e5aac5e31c)) - **cognito:** changing `installLatestAwsSdk` breaks Client Secret reference ([#​23798](https://togithub.com/aws/aws-cdk/issues/23798)) ([844d407](https://togithub.com/aws/aws-cdk/commit/844d4076c142fd88095f36dbc667d85c12e20bd5)), closes [#​23796](https://togithub.com/aws/aws-cdk/issues/23796) - **ecs:** validate ecs healthcheck ([#​24197](https://togithub.com/aws/aws-cdk/issues/24197)) ([89802a9](https://togithub.com/aws/aws-cdk/commit/89802a95360d698921c81a152d11ab6e46b00de3)) - **eks:** nested OCI repository names for private ECR helmchart deployments are not properly handled ([#​23378](https://togithub.com/aws/aws-cdk/issues/23378)) ([72f2a95](https://togithub.com/aws/aws-cdk/commit/72f2a95e994ef1b129a48bd548303ea39a3d3c9f)) - **lambda:** RuntimeManagementMode.FUNCTION_UPDATE has wrong value ([#​24252](https://togithub.com/aws/aws-cdk/issues/24252)) ([fdb0cf1](https://togithub.com/aws/aws-cdk/commit/fdb0cf13c0b18a436c02a272626ce9f9dde9c343)) *** #### Alpha modules (2.66.0-alpha.0) ##### Features - **apigatewayv2:** allow websockets routes to return response to client ([#​22984](https://togithub.com/aws/aws-cdk/issues/22984)) ([f8fe1d2](https://togithub.com/aws/aws-cdk/commit/f8fe1d292feb3fc39a99687bf454a829302c4ff5)) - **lambda-python:** add optional poetry bundling exclusion list parameter ([#​23670](https://togithub.com/aws/aws-cdk/issues/23670)) ([53beeae](https://togithub.com/aws/aws-cdk/commit/53beeaed04bfe295e9f840e65f9c89db00cac692)), closes [#​22585](https://togithub.com/aws/aws-cdk/issues/22585) [#​22585](https://togithub.com/aws/aws-cdk/issues/22585) - **redshift:** optionally reboot Clusters to apply parameter changes ([#​22063](https://togithub.com/aws/aws-cdk/issues/22063)) ([f61d950](https://togithub.com/aws/aws-cdk/commit/f61d950aaeba13bd6501b7c8971a9115f4a53f08)), closes [#​22009](https://togithub.com/aws/aws-cdk/issues/22009) [#​22055](https://togithub.com/aws/aws-cdk/issues/22055) [#​22059](https://togithub.com/aws/aws-cdk/issues/22059) ##### Bug Fixes - **servicecatalogappregistry:** Allow user to control stack id via stack name for Application stack ([#​24171](https://togithub.com/aws/aws-cdk/issues/24171)) ([0c7c7e4](https://togithub.com/aws/aws-cdk/commit/0c7c7e4a7c34957ff7877eda5171f82c5feaba1d)), closes [#​24160](https://togithub.com/aws/aws-cdk/issues/24160) ### [`v2.65.0`](https://togithub.com/aws/aws-cdk/releases/v2.65.0) ##### Features - **autoscaling:** L2 construct for enabling capacity rebalance of autoscaling ([#​24025](https://togithub.com/aws/aws-cdk/issues/24025)) ([d2c63f5](https://togithub.com/aws/aws-cdk/commit/d2c63f55f8657315ad4e4dd463cfcae07cb66e53)), closes [#​22625](https://togithub.com/aws/aws-cdk/issues/22625) - **chatbot:** support guardrail policies ([#​24114](https://togithub.com/aws/aws-cdk/issues/24114)) ([4c72a7d](https://togithub.com/aws/aws-cdk/commit/4c72a7dc3994ba190f1e1aa467d3087228bcb881)), closes [#​20788](https://togithub.com/aws/aws-cdk/issues/20788) - **core:** Allow passing Docker build secrets ([#​23778](https://togithub.com/aws/aws-cdk/issues/23778)) ([74512fa](https://togithub.com/aws/aws-cdk/commit/74512fa339e0a2937213f519c109ef1207e9d0c6)), closes [#​14910](https://togithub.com/aws/aws-cdk/issues/14910) [#​14395](https://togithub.com/aws/aws-cdk/issues/14395) - **elbv2:** add metrics to INetworkTargetGroup and IApplicationTargetGroup ([#​23993](https://togithub.com/aws/aws-cdk/issues/23993)) ([6a9e43f](https://togithub.com/aws/aws-cdk/commit/6a9e43f0c6f966df4671267eeda21638611dfb1c)), closes [#​23853](https://togithub.com/aws/aws-cdk/issues/23853) [#​10850](https://togithub.com/aws/aws-cdk/issues/10850) - **lambda:** add insights version 1.0.178.0 ([#​23836](https://togithub.com/aws/aws-cdk/issues/23836)) ([5272908](https://togithub.com/aws/aws-cdk/commit/527290854d0fa31e7f41497ede0c1b8b0e1b9ad4)) ##### Bug Fixes - **bootstrap:** remove Security Hub finding S3.10 ([#​24175](https://togithub.com/aws/aws-cdk/issues/24175)) ([a1da757](https://togithub.com/aws/aws-cdk/commit/a1da757ce348b4bd66a6d0e7776f2ff8e9f531b6)), closes [/docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-fsbp-controls.html#fsbp-s3-10](https://togithub.com/aws//docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-fsbp-controls.html/issues/fsbp-s3-10) - **codedeploy:** unable to remove alarms from deployment group ([#​23308](https://togithub.com/aws/aws-cdk/issues/23308)) ([eee005f](https://togithub.com/aws/aws-cdk/commit/eee005f4949d7438467c7448ba8326efa4b79221)) - **codepipeline:** x-env ECS deployment lacking support stack-dependency ([#​24053](https://togithub.com/aws/aws-cdk/issues/24053)) ([adfe4fa](https://togithub.com/aws/aws-cdk/commit/adfe4fa137bb748961b4a767d538335490e13ed1)), closes [#​24050](https://togithub.com/aws/aws-cdk/issues/24050) [#​24051](https://togithub.com/aws/aws-cdk/issues/24051) - **core:** messages are displayed multiple times per construct ([#​24019](https://togithub.com/aws/aws-cdk/issues/24019)) ([57770bb](https://togithub.com/aws/aws-cdk/commit/57770bb12ea6d77373f1e9e8e04f6757b440f277)), closes [#​9565](https://togithub.com/aws/aws-cdk/issues/9565) - **ec2:** enable set throughput param to CfnVolume ([#​24118](https://togithub.com/aws/aws-cdk/issues/24118)) ([32781f8](https://togithub.com/aws/aws-cdk/commit/32781f825352f9cb43d8fed5c122b454275b3076)), closes [#​24107](https://togithub.com/aws/aws-cdk/issues/24107) [#​24107](https://togithub.com/aws/aws-cdk/issues/24107) - **elbv2:** healthcheck interval is overly restrictive ([#​24157](https://togithub.com/aws/aws-cdk/issues/24157)) ([4f83e02](https://togithub.com/aws/aws-cdk/commit/4f83e02b85229ebdff3f32ba6fd662ffd707d8db)), closes [#​24156](https://togithub.com/aws/aws-cdk/issues/24156) - **iam:** PrincipalWithConditions.addCondition fails with a new key ([#​23782](https://togithub.com/aws/aws-cdk/issues/23782)) ([8951d01](https://togithub.com/aws/aws-cdk/commit/8951d013bea5dad54b94a6a683f56275ff4e6dba)), closes [#​23781](https://togithub.com/aws/aws-cdk/issues/23781) - **iam:** SamlConsolePrincipal does not work in China [#​22091](https://togithub.com/aws/aws-cdk/issues/22091) ([#​24034](https://togithub.com/aws/aws-cdk/issues/24034)) ([2902043](https://togithub.com/aws/aws-cdk/commit/29020435aeb1a9fb6401572520d0adca8155dc60)) - **pipelines:** SelfMutation CodeBuild project not accessible ([#​24073](https://togithub.com/aws/aws-cdk/issues/24073)) ([5942978](https://togithub.com/aws/aws-cdk/commit/594297862f2626b64b174d6998886a40f1b316be)) - **rds:** database proxies use ids as their resource names directly (under feature flag) ([#​23703](https://togithub.com/aws/aws-cdk/issues/23703)) ([03a0f79](https://togithub.com/aws/aws-cdk/commit/03a0f79b40e3be95de5421370703eb54c06b7dd7)), closes [#​18578](https://togithub.com/aws/aws-cdk/issues/18578) - **s3:** logging bucket blocks KMS_MANAGED encryption ([#​23514](https://togithub.com/aws/aws-cdk/issues/23514)) ([1e8926f](https://togithub.com/aws/aws-cdk/commit/1e8926fa9bcf561135beaa31379ec1f1e6f79901)) *** #### Alpha modules (2.65.0-alpha.0) ##### Features - **glue:** support Ray jobs ([#​23822](https://togithub.com/aws/aws-cdk/issues/23822)) ([8de50d6](https://togithub.com/aws/aws-cdk/commit/8de50d624c8703a12713dcffbc764688868f22b0)) - **redshift:** IAM roles can be attached to a cluster, post creation ([#​23791](https://togithub.com/aws/aws-cdk/issues/23791)) ([1a46808](https://togithub.com/aws/aws-cdk/commit/1a46808b03e8f6d09846f999ae3dc65b190f5f26)), closes [#​22632](https://togithub.com/aws/aws-cdk/issues/22632) - **synthetics:** support runtime 3.9 ([#​24101](https://togithub.com/aws/aws-cdk/issues/24101)) ([9d23cad](https://togithub.com/aws/aws-cdk/commit/9d23caded8aca42d3b78de1bc7e89c38a4d6805e)) ### [`v2.64.0`](https://togithub.com/aws/aws-cdk/releases/v2.64.0) ##### Features - **cfnspec:** cloudformation spec v109.0.0 ([#​23968](https://togithub.com/aws/aws-cdk/issues/23968)) ([5d59134](https://togithub.com/aws/aws-cdk/commit/5d5913455da2cdb834feef708fb01f9e77df656f)) - **cfnspec:** cloudformation spec v109.0.0 ([#​23984](https://togithub.com/aws/aws-cdk/issues/23984)) ([affe040](https://togithub.com/aws/aws-cdk/commit/affe040c8443be074822254d1e75a28b264cd801)) - **cli:** --hotswap will not use CFN anymore, --hotswap-fallback to fall back if necessary ([#​23653](https://togithub.com/aws/aws-cdk/issues/23653)) ([a5317ca](https://togithub.com/aws/aws-cdk/commit/a5317ca52f05ebc34d9f22196ab0ef36d5cac967)), closes [#​22784](https://togithub.com/aws/aws-cdk/issues/22784) [#​21773](https://togithub.com/aws/aws-cdk/issues/21773) [#​21556](https://togithub.com/aws/aws-cdk/issues/21556) [#​23640](https://togithub.com/aws/aws-cdk/issues/23640) - **elbv2:** add metrics to INetworkLoadBalancer and IApplicationLoadBalancer ([#​23853](https://togithub.com/aws/aws-cdk/issues/23853)) ([cb889bc](https://togithub.com/aws/aws-cdk/commit/cb889bc2c267654ca97e3d85a16a99a667d3584c)), closes [#​10850](https://togithub.com/aws/aws-cdk/issues/10850) - **iam:** implement IGrantable to Policy and ManagedPolicy ([#​22712](https://togithub.com/aws/aws-cdk/issues/22712)) ([d3df40f](https://togithub.com/aws/aws-cdk/commit/d3df40ff89c70b9243ec175747eb398368067095)), closes [#​10308](https://togithub.com/aws/aws-cdk/issues/10308) - **lambda:** enable RuntimeManagementConfig ([#​23891](https://togithub.com/aws/aws-cdk/issues/23891)) ([be4f971](https://togithub.com/aws/aws-cdk/commit/be4f97129f4237b39d0b99977eb597e2af49ed2a)), closes [#​23890](https://togithub.com/aws/aws-cdk/issues/23890) - **s3:** allow configuring S3 Object Lock ([#​23744](https://togithub.com/aws/aws-cdk/issues/23744)) ([bdcd6c8](https://togithub.com/aws/aws-cdk/commit/bdcd6c890878fb71c480bf40964f1b6ea0a5f270)), closes [#​5247](https://togithub.com/aws/aws-cdk/issues/5247) [#​21738](https://togithub.com/aws/aws-cdk/issues/21738) ##### Bug Fixes - Use the correct LB full name when creating metrics for imported LBs ([#​23972](https://togithub.com/aws/aws-cdk/issues/23972)) ([16c23b7](https://togithub.com/aws/aws-cdk/commit/16c23b7554923bf6c2703ba5f229e6c34b459a2f)), closes [#​23853](https://togithub.com/aws/aws-cdk/issues/23853) - **cdk-assets:** asset concurrency leaves a corrupted archive ([#​24026](https://togithub.com/aws/aws-cdk/issues/24026)) ([989454f](https://togithub.com/aws/aws-cdk/commit/989454f7e27f3cbf33180d8aab29d56472378126)) - **cdk-assets:** packaging assets is broken on Node older than 14.17 ([#​23994](https://togithub.com/aws/aws-cdk/issues/23994)) ([5bde92c](https://togithub.com/aws/aws-cdk/commit/5bde92c2ae29781aafd8c3817d08e93748c39885)), closes [#​23859](https://togithub.com/aws/aws-cdk/issues/23859) - **codedeploy:** cross-region referenced groups use wrong config ([#​23986](https://togithub.com/aws/aws-cdk/issues/23986)) ([390ec78](https://togithub.com/aws/aws-cdk/commit/390ec78437a55ad68757f8ce812535e9bc149a2a)) - **core:** cross-stack reference error doesn't include violation ([#​23987](https://togithub.com/aws/aws-cdk/issues/23987)) ([c7ad66f](https://togithub.com/aws/aws-cdk/commit/c7ad66fad6ca5aff5f2ae9754d263dea9d1de368)) - **ec2:** Cannot deploy VPC flow log with other resources that requires bucket policies ([#​23889](https://togithub.com/aws/aws-cdk/issues/23889)) ([e646ad5](https://togithub.com/aws/aws-cdk/commit/e646ad5b5496b176549f8c039a5ffabbf07403ff)), closes [#​18985](https://togithub.com/aws/aws-cdk/issues/18985) - **pipelines:** cannot configure actionName for all sources ([#​24027](https://togithub.com/aws/aws-cdk/issues/24027)) ([9cd639b](https://togithub.com/aws/aws-cdk/commit/9cd639b0f83e65fbe531d56210f68e99874f506e)) - **s3:** infer bucketWebsiteUrl and bucketDomainName suffixes from bucket region ([#​23919](https://togithub.com/aws/aws-cdk/issues/23919)) ([252f052](https://togithub.com/aws/aws-cdk/commit/252f052d4239b320ac542c7db256683425ad7eba)) - **s3-deployment:** wrong URL in BucketDeployment.deployedBucket.bucketWebsiteUrl ([#​24055](https://togithub.com/aws/aws-cdk/issues/24055)) ([ece46db](https://togithub.com/aws/aws-cdk/commit/ece46dbd939383f240023172a491767b51eaa722)), closes [#​23354](https://togithub.com/aws/aws-cdk/issues/23354) *** #### Alpha modules (2.64.0-alpha.0) ##### Features - **cloud9:** support setting environment owner ([#​23878](https://togithub.com/aws/aws-cdk/issues/23878)) ([08a2f36](https://togithub.com/aws/aws-cdk/commit/08a2f363093f39d04026778bb8d5d7f673698b57)), closes [#​22474](https://togithub.com/aws/aws-cdk/issues/22474) - **redshift:** Tables can include comments ([#​23847](https://togithub.com/aws/aws-cdk/issues/23847)) ([46cadd4](https://togithub.com/aws/aws-cdk/commit/46cadd4b2dd417e1484ba63389b33e1504cfd842)), closes [#​22682](https://togithub.com/aws/aws-cdk/issues/22682) ##### Bug Fixes - **servicecatalogappregistry:** default stack name is not meaningful and causes conflict when multiple stacks deployed to the same account-region ([#​23823](https://togithub.com/aws/aws-cdk/issues/23823)) ([420b5ff](https://togithub.com/aws/aws-cdk/commit/420b5ff2bd08311f2c8cabbe0787c0e0bf4f8ae3)) ### [`v2.63.2`](https://togithub.com/aws/aws-cdk/releases/v2.63.2) *** #### Alpha modules (2.63.2-alpha.0) ### [`v2.63.1`](https://togithub.com/aws/aws-cdk/releases/v2.63.1) ##### Reverts - **cdk-assets:** packaging assets is broken on Node older than 14.17 ([#​23994](https://togithub.com/aws/aws-cdk/issues/23994)) ([1976f1a](https://togithub.com/aws/aws-cdk/commit/1976f1a7f585b1adb582c5cb557b96ed38418fca)), closes [#​23859](https://togithub.com/aws/aws-cdk/issues/23859) *** #### Alpha modules (2.63.1-alpha.0) ### [`v2.63.0`](https://togithub.com/aws/aws-cdk/releases/v2.63.0) ##### Features - **cfnspec:** cloudformation spec v109.0.0 ([#​23868](https://togithub.com/aws/aws-cdk/issues/23868)) ([8ee97b0](https://togithub.com/aws/aws-cdk/commit/8ee97b039fd6e26fc8a305f285c61a08da4bfdc4)) - **cfnspec:** cloudformation spec v109.0.0 ([#​23929](https://togithub.com/aws/aws-cdk/issues/23929)) ([39f8a30](https://togithub.com/aws/aws-cdk/commit/39f8a304dfc68c0cbe3bab0b1d567b8d361c99ab)) - **core:** add creation policy configuration for appstream ([#​23607](https://togithub.com/aws/aws-cdk/issues/23607)) ([8909a04](https://togithub.com/aws/aws-cdk/commit/8909a04e13aa55eb102eac9f9f9ce74721e3fffc)), closes [#​23604](https://togithub.com/aws/aws-cdk/issues/23604) - **core:** allow asset bundling on docker remote host / docker in docker ([#​23576](https://togithub.com/aws/aws-cdk/issues/23576)) ([afce30a](https://togithub.com/aws/aws-cdk/commit/afce30a6e84a2f7e4eba499d3e71365a7939bef5)), closes [#​8799](https://togithub.com/aws/aws-cdk/issues/8799) - **stepfunctions:** task and heartbeat timeout specified by a path ([#​23755](https://togithub.com/aws/aws-cdk/issues/23755)) ([26e48c7](https://togithub.com/aws/aws-cdk/commit/26e48c7b36fecf114ff771909b377a2570aa36b3)), closes [#​15531](https://togithub.com/aws/aws-cdk/issues/15531) ##### Bug Fixes - **appsync:** sanitized datasource name isn't exported ([#​23802](https://togithub.com/aws/aws-cdk/issues/23802)) ([0b25265](https://togithub.com/aws/aws-cdk/commit/0b25265e5105d03fe6290e24462e45398695a11e)) - imports from ESM modules cannot find correct type definitions ([#​23870](https://togithub.com/aws/aws-cdk/issues/23870)) ([356a128](https://togithub.com/aws/aws-cdk/commit/356a128c78b78154ef01ee81ea9d8a60fc569939)) - **eks:** reuse chart name as chart dir for helmchart deployment from OCI repository ([#​23392](https://togithub.com/aws/aws-cdk/issues/23392)) ([070f5ec](https://togithub.com/aws/aws-cdk/commit/070f5ecebfba8a3f9b5771b251ee9b584aa89b67)) - `aws-cdk-lib` imports from ESM modules are broken ([#​23846](https://togithub.com/aws/aws-cdk/issues/23846)) ([cf2e498](https://togithub.com/aws/aws-cdk/commit/cf2e498d66f4e2c806ef473414b61e5748d41c7b)), closes [#​23813](https://togithub.com/aws/aws-cdk/issues/23813) *** #### Alpha modules (2.63.0-alpha.0) ##### Features - **synthetics:** Adding DeleteLambdaResourcesOnCanaryDeletion prop to the canary L2 ([#​23820](https://togithub.com/aws/aws-cdk/issues/23820)) ([45c191e](https://togithub.com/aws/aws-cdk/commit/45c191efa865e0aef6fc9d7fa4cd9d56d98a7cc9)) - **redshift:** support default role for redshift clusters ([#​22551](https://togithub.com/aws/aws-cdk/issues/22551)) ### [`v2.62.2`](https://togithub.com/aws/aws-cdk/releases/v2.62.2) ##### Bug Fixes - imports from ESM modules cannot find correct type definitions ([#​23870](https://togithub.com/aws/aws-cdk/issues/23870)) ([1b9f3f7](https://togithub.com/aws/aws-cdk/commit/1b9f3f7d3fa447a21e9ed38026cc428f7797390f)) *** #### Alpha modules (2.62.2-alpha.0) ### [`v2.62.1`](https://togithub.com/aws/aws-cdk/releases/v2.62.1) ##### Bug Fixes - `aws-cdk-lib` imports from ESM modules are broken ([#​23846](https://togithub.com/aws/aws-cdk/issues/23846)) ([46b93a9](https://togithub.com/aws/aws-cdk/commit/46b93a913743ab5791b9ae722293dfbeb9692eef)), closes [#​23813](https://togithub.com/aws/aws-cdk/issues/23813) *** #### Alpha modules (2.62.1-alpha.0) ### [`v2.62.0`](https://togithub.com/aws/aws-cdk/releases/v2.62.0) ##### Features - **certificatemanager:** deprecate DnsValidatedCertificate ([#​21982](https://togithub.com/aws/aws-cdk/issues/21982)) ([64bfbf9](https://togithub.com/aws/aws-cdk/commit/64bfbf9b981a32a4db1b07476144d280d6eced32)), closes [#​8934](https://togithub.com/aws/aws-cdk/issues/8934) [#​2914](https://togithub.com/aws/aws-cdk/issues/2914) [#​20698](https://togithub.com/aws/aws-cdk/issues/20698) [#​17349](https://togithub.com/aws/aws-cdk/issues/17349) [#​15217](https://togithub.com/aws/aws-cdk/issues/15217) [#​14519](https://togithub.com/aws/aws-cdk/issues/14519) - **cfnspec:** cloudformation spec v107.0.0 ([#​23750](https://togithub.com/aws/aws-cdk/issues/23750)) ([3dc40b4](https://togithub.com/aws/aws-cdk/commit/3dc40b4c9b660a8d50bc07646fa63ecbee6df958)) - **cfnspec:** cloudformation spec v108.0.0 ([#​23769](https://togithub.com/aws/aws-cdk/issues/23769)) ([ff0070d](https://togithub.com/aws/aws-cdk/commit/ff0070d61f18a6cdd77b027a7f6cd2baf976c3c9)) - **cfnspec:** cloudformation spec v108.0.0 ([#​23808](https://togithub.com/aws/aws-cdk/issues/23808)) ([858ff23](https://togithub.com/aws/aws-cdk/commit/858ff2363e110b355c2e9823664d087af991bb55)) - **lambda-event-sources:** events source mapping support for sqs max concurrency ([#​23714](https://togithub.com/aws/aws-cdk/issues/23714)) ([6dcec2d](https://togithub.com/aws/aws-cdk/commit/6dcec2d00363a286906dab19647816ddfd58f33a)) - **logs:** add grantRead function to LogGroup ([#​23280](https://togithub.com/aws/aws-cdk/issues/23280)) ([42ef507](https://togithub.com/aws/aws-cdk/commit/42ef50706f60a7f452698166fa2d9c93ca54bc0d)) ##### Bug Fixes - **appsync:** Populate construct name dynamically for lambda authorizer permission in appsync ([#​23777](https://togithub.com/aws/aws-cdk/issues/23777)) ([92f02e9](https://togithub.com/aws/aws-cdk/commit/92f02e92905252ee7e4fff32751e76da5052b14b)) - importing `aws-cdk-lib` is slow ([#​23813](https://togithub.com/aws/aws-cdk/issues/23813)) ([8aaeffb](https://togithub.com/aws/aws-cdk/commit/8aaeffbbb86e8a80cb87fa3314880bd7c2a893be)) - **bootstrap:** bootstrap stack version was not bumped during previous update ([#​23669](https://togithub.com/aws/aws-cdk/issues/23669)) ([f56cb70](https://togithub.com/aws/aws-cdk/commit/f56cb7004cc4f1017ded4b6a0593a744e8f6271e)) - **cfnspec:** incorrectly handling array result from jsondiff ([#​23795](https://togithub.com/aws/aws-cdk/issues/23795)) ([4a701f1](https://togithub.com/aws/aws-cdk/commit/4a701f1668177a509f1e2f7f3c5d2249070ec666)), closes [/github.com/andreyvit/json-diff/blob/35582a9d19f8b0b2773360d67937e57ce2866781/test/diff_test.coffee#L78](https://togithub.com/aws//github.com/andreyvit/json-diff/blob/35582a9d19f8b0b2773360d67937e57ce2866781/test/diff_test.coffee/issues/L78) - **cli:** only load sourcemap when `--debug` flag is enabled ([#​23752](https://togithub.com/aws/aws-cdk/issues/23752)) ([94102c1](https://togithub.com/aws/aws-cdk/commit/94102c1210a4d7906a03c81a1845466c988c06e7)) - **codeguruprofiler:** imported profiling group environment configured with stack region ([#​23568](https://togithub.com/aws/aws-cdk/issues/23568)) ([8bfa695](https://togithub.com/aws/aws-cdk/commit/8bfa695881f6b78a052ca5276a63d78c1a8c0dda)) - **lambda:** lambda functions that use triggers error when invoked ([#​23728](https://togithub.com/aws/aws-cdk/issues/23728)) ([37974ed](https://togithub.com/aws/aws-cdk/commit/37974ed91fda77a31aa99da75c1d7fb301135a5f)), closes [#​23062](https://togithub.com/aws/aws-cdk/issues/23062) [#​23062](https://togithub.com/aws/aws-cdk/issues/23062) [#​23407](https://togithub.com/aws/aws-cdk/issues/23407) [#​23407](https://togithub.com/aws/aws-cdk/issues/23407) - **lambda-nodejs:** aws-sdk version detection broken for self-defined runtimes ([#​23416](https://togithub.com/aws/aws-cdk/issues/23416)) ([8a7dffd](https://togithub.com/aws/aws-cdk/commit/8a7dffdd056ad6e4e1609deb43ba790a020b4997)), closes [#​22989](https://togithub.com/aws/aws-cdk/issues/22989) [/github.com/aws/aws-cdk/pull/22989/files#diff-cd86fbd4f2bbefcbcffc2143adccabafa1debe5981edbcdfcc766b5a705fe770R371-R383](https://togithub.com/aws//github.com/aws/aws-cdk/pull/22989/files/issues/diff-cd86fbd4f2bbefcbcffc2143adccabafa1debe5981edbcdfcc766b5a705fe770R371-R383) *** #### Alpha modules (2.62.0-alpha.0) ##### Features - **apprunner:** apprunner secrets manager ([#​23692](https://togithub.com/aws/aws-cdk/issues/23692)) ([a914fc0](https://togithub.com/aws/aws-cdk/commit/a914fc0614cd9aa634c5724c3474c99fd3888d98)) ##### Bug Fixes - **integ-runner:** cleanup tmp snapshot before running test ([#​23773](https://togithub.com/aws/aws-cdk/issues/23773)) ([366f2ab](https://togithub.com/aws/aws-cdk/commit/366f2ab6fbedaf33630a40d5306746c6d363f05c)) ### [`v2.61.1`](https://togithub.com/aws/aws-cdk/releases/v2.61.1) ##### Bug Fixes - **lambda:** lambda functions that use triggers error when invoked ([#​23728](https://togithub.com/aws/aws-cdk/issues/23728)) ([5fd9135](https://togithub.com/aws/aws-cdk/commit/5fd91352e4b625e003ee359563850852a50112ec)), closes [#​23062](https://togithub.com/aws/aws-cdk/issues/23062) [#​23062](https://togithub.com/aws/aws-cdk/issues/23062) [#​23407](https://togithub.com/aws/aws-cdk/issues/23407) [#​23407](https://togithub.com/aws/aws-cdk/issues/23407) *** #### Alpha modules (2.61.1-alpha.0) ### [`v2.61.0`](https://togithub.com/aws/aws-cdk/releases/v2.61.0) ##### Features - **cfnspec:** cloudformation spec v107.0.0 ([#​23698](https://togithub.com/aws/aws-cdk/issues/23698)) ([aca8a25](https://togithub.com/aws/aws-cdk/commit/aca8a256dcaf89b53f7af4f308b2f23e2e766902)) - **core:** stack synthesizers can be shared between stacks ([#​23571](https://togithub.com/aws/aws-cdk/issues/23571)) ([0ce19f0](https://togithub.com/aws/aws-cdk/commit/0ce19f0e1217a4a41a3a9c27049ab73c7fbc320d)) - **logs:** add unit to metric filter ([#​23608](https://togithub.com/aws/aws-cdk/issues/23608)) ([7cbe8ac](https://togithub.com/aws/aws-cdk/commit/7cbe8ac9286e5f7c3efb7f75aa859bf6b3bffecf)) - **opensearch:** add support for latest amazon opensearch service 2.3 ([#​22943](https://togithub.com/aws/aws-cdk/issues/22943)) ([0303d6f](https://togithub.com/aws/aws-cdk/commit/0303d6f7a71d2c70443df4433f0ff7554bcc4e56)) - **pipeline:** enable key rotation ([#​23620](https://togithub.com/aws/aws-cdk/issues/23620)) ([29d7336](https://togithub.com/aws/aws-cdk/commit/29d733677c4962199a848933a7415b47abb23a2f)) - **route53-patterns:** use `Certificate` as the default certificate (under feature flag) ([#​23575](https://togithub.com/aws/aws-cdk/issues/23575)) ([77709c8](https://togithub.com/aws/aws-cdk/commit/77709c8328fe664c1fca50223c8e64325cb70461)) ##### Bug Fixes - **aws-s3:** log delivery may be incorrectly configured when target bucket is imported ([#​23552](https://togithub.com/aws/aws-cdk/issues/23552)) ([41327d8](https://togithub.com/aws/aws-cdk/commit/41327d8e815b80c9148bd33751fdf1b70c3bc9cd)), closes [#​23547](https://togithub.com/aws/aws-cdk/issues/23547) [#​23588](https://togithub.com/aws/aws-cdk/issues/23588) - **cdk-assets:** concurrent asset builds can leave a corrupted archive ([#​23677](https://togithub.com/aws/aws-cdk/issues/23677)) ([18e0481](https://togithub.com/aws/aws-cdk/commit/18e0481a3bbcb92bd22ce4e83d4f02e03e484307)), closes [#​23290](https://togithub.com/aws/aws-cdk/issues/23290) - **cli:** can not assume role from 2-level SSO ([#​23702](https://togithub.com/aws/aws-cdk/issues/23702)) ([c3a345b](https://togithub.com/aws/aws-cdk/commit/c3a345be0eeb26e1b410d68643740f0aea8af4d7)), closes [#​23520](https://togithub.com/aws/aws-cdk/issues/23520) - **cloudtrail:** Trail fails during resource creation due to invalid template properties when management events are 'None' ([#​23569](https://togithub.com/aws/aws-cdk/issues/23569)) ([15ced88](https://togithub.com/aws/aws-cdk/commit/15ced888718531ddc59402f0c886c9b4f1fea67b)), closes [#​16387](https://togithub.com/aws/aws-cdk/issues/16387) [#​15488](https://togithub.com/aws/aws-cdk/issues/15488) - **lambda:** ever-changing Version hash with LayerVersion from tokens ([#​23629](https://togithub.com/aws/aws-cdk/issues/23629)) ([88fc62d](https://togithub.com/aws/aws-cdk/commit/88fc62d215d8c4aa3a4c423a06571ec45b51cec6)) - **pipelines:** cross-stack step dependencies have wrong name ([#​23594](https://togithub.com/aws/aws-cdk/issues/23594)) ([0d8142b](https://togithub.com/aws/aws-cdk/commit/0d8142bf6860cbebab9c1704f6ebf59b17a5704f)), closes [#​21843](https://togithub.com/aws/aws-cdk/issues/21843) - **servicecatalog:** incorrect objectkey produced from asset relative… ([#​23580](https://togithub.com/aws/aws-cdk/issues/23580)) ([b4a6120](https://togithub.com/aws/aws-cdk/commit/b4a6120af01b46bc688eebb8f8bb6fbde7f481fe)), closes [#​23560](https://togithub.com/aws/aws-cdk/issues/23560) - **stepfunctions-tasks:** fix IAM policy statements for step functions API calls ([#​22959](https://togithub.com/aws/aws-cdk/issues/22959)) ([dce662c](https://togithub.com/aws/aws-cdk/commit/dce662cae6eb493770d3c6f700c92a0b6c235195)) *** #### Alpha modules (2.61.0-alpha.0) ##### Features - **cli-lib:** \[JS/TS only] experimental support for programmatic CLI api ([#​22836](https://togithub.com/aws/aws-cdk/issues/22836)) ([0b6b716](https://togithub.com/aws/aws-cdk/commit/0b6b7166c3f0348cc33fd3a0d19637351ea3b05b)) ##### Bug Fixes - **glue:** --conf parameter is no longer a reserved keyword for glue jobs ([#​23673](https://togithub.com/aws/aws-cdk/issues/23673)) ([3d0f4ba](https://togithub.com/aws/aws-cdk/commit/3d0f4ba6dd92ad7b91b00fad6cbab873964683fc)) - **servicecatalogappregistry:** outputs are not deployable ([#​23652](https://togithub.com/aws/aws-cdk/issues/23652)) ([fa9eef0](https://togithub.com/aws/aws-cdk/commit/fa9eef081ead451a4d38bf083eda02af09fff482)), closes [#​23641](https://togithub.com/aws/aws-cdk/issues/23641) ### [`v2.60.0`](https://togithub.com/aws/aws-cdk/releases/v2.60.0) ##### Features - **appsync:** js resolver support ([#​23551](https://togithub.com/aws/aws-cdk/issues/23551)) ([2318384](https://togithub.com/aws/aws-cdk/commit/231838409cc1409c137ff27086e853ce2b0fbf1c)), closes [#​22921](https://togithub.com/aws/aws-cdk/issues/22921) - **appsync:** stabilize appsync module 🎆🎆 🎆 ([#​23633](https://togithub.com/aws/aws-cdk/issues/23633)) ([e5b0230](https://togithub.com/aws/aws-cdk/commit/e5b023089e168c50eda83a11db0e697b96caf7e9)), closes [#​6836](https://togithub.com/aws/aws-cdk/issues/6836) - **cfnspec:** cloudformation spec v106.0.0 ([#​23586](https://togithub.com/aws/aws-cdk/issues/23586)) ([f178c98](https://togithub.com/aws/aws-cdk/commit/f178c98d4473d8bb8d46d80c076fa520d03c623b)) - **cloudfront:** remove headers and server timing ([#​23558](https://togithub.com/aws/aws-cdk/issues/23558)) ([44a4812](https://togithub.com/aws/aws-cdk/commit/44a4812778d87af27809e5a733c6e5ea6b65004b)) - **cognito:** use secretsmanager secrets for clientSecretValue ([#​22885](https://togithub.com/aws/aws-cdk/issues/22885)) ([4baea78](https://togithub.com/aws/aws-cdk/commit/4baea78f415566dea499f4ce49fc24d4dc7c4ef7)) - **ec2:** subnet ipv4 cidr blocks on imported vpc ([#​23317](https://togithub.com/aws/aws-cdk/issues/23317)) ([e0885db](https://togithub.com/aws/aws-cdk/commit/e0885db29c8b45cfe9da1df8b55af2bf78892a04)) - **ecr-assets:** Support docker outputs flag ([#​23304](https://togithub.com/aws/aws-cdk/issues/23304)) ([61e5495](https://togithub.com/aws/aws-cdk/commit/61e5495105e06aba4c027fb33ae031da09a3ff33)), closes [#​20566](https://togithub.com/aws/aws-cdk/issues/20566) - **pipelines:** Expose stack output namespaces in custom `pipelines.Step`s ([#​23110](https://togithub.com/aws/aws-cdk/issues/23110)) ([14f6811](https://togithub.com/aws/aws-cdk/commit/14f6811b89a0ae374863a3b2bdd36997ce67883e)), closes [/github.com/aws/aws-cdk/issues/23000#issuecomment-1324379670](https://togithub.com/aws//github.com/aws/aws-cdk/issues/23000/issues/issuecomment-1324379670) ##### Bug Fixes - **acm:** domainName length constraint failure due to Tokens ([#​23567](https://togithub.com/aws/aws-cdk/issues/23567)) ([2d7e3c0](https://togithub.com/aws/aws-cdk/commit/2d7e3c0e9edfb8f3e30dc0c1efaeb03fde19db7c)), closes [#​23565](https://togithub.com/aws/aws-cdk/issues/23565) - **aws-custom-resource:** switch off `installLatestAwsSdk` by default ([#​23591](https://togithub.com/aws/aws-cdk/issues/23591)) ([c9b2548](https://togithub.com/aws/aws-cdk/commit/c9b2548126f01fd918009df0a42f0ab4c5e69cc3)), closes [#​23113](https://togithub.com/aws/aws-cdk/issues/23113) - **bootstrap:** KMS keys cannot be tagged ([#​21975](https://togithub.com/aws/aws-cdk/issues/21975)) ([0e552db](https://togithub.com/aws/aws-cdk/commit/0e552dbb63a97cd6a7a65cae80ae863609237e61)), closes [#​21281](https://togithub.com/aws/aws-cdk/issues/21281) - **events:** cross stack rules require concrete environment ([#​23549](https://togithub.com/aws/aws-cdk/issues/23549)) ([22d3341](https://togithub.com/aws/aws-cdk/commit/22d3341c2239b046473ded3fcbc85b5cbc4a37a1)), closes [#​18405](https://togithub.com/aws/aws-cdk/issues/18405) - **iam:** create stack based default policies for roles ([#​23100](https://togithub.com/aws/aws-cdk/issues/23100)) ([dea4216](https://togithub.com/aws/aws-cdk/commit/dea4216a3f2e6727a6bc49d632c03b3f0a416947)) - **lambda:** automatic `currentVersion` conflicts with explicit `Version` resource ([#​23636](https://togithub.com/aws/aws-cdk/issues/23636)) ([de68652](https://togithub.com/aws/aws-cdk/commit/de6865229ee824c01431ae27509dbcd3e1a83763)), closes [#​23225](https://togithub.com/aws/aws-cdk/issues/23225) *** #### Alpha modules (2.60.0-alpha.0) ##### Features - **gamelift:** add MatchmakingConfiguration L2 Construct for GameLift ([#​23326](https://togithub.com/aws/aws-cdk/issues/23326)) ([9b2573b](https://togithub.com/aws/aws-cdk/commit/9b2573b32e8535d3db21f07647f099c9e01eb292)) - **integ-runner:** support `--language` presets for JavaScript, TypeScript, Python and Go ([#​22058](https://togithub.com/aws/aws-cdk/issues/22058)) ([22673b2](https://togithub.com/aws/aws-cdk/commit/22673b2ea40c13b6c10a2c7c628ce5cc534f5840)), closes [#​21169](https://togithub.com/aws/aws-cdk/issues/21169) ### [`v2.59.0`](https://togithub.com/aws/aws-cdk/releases/v2.59.0) ##### Features - **cfnspec:** cloudformation spec v105.0.0 ([#​23501](https://togithub.com/aws/aws-cdk/issues/23501)) ([72bd3a0](https://togithub.com/aws/aws-cdk/commit/72bd3a0ce96c9fd98bbf2f3eb76db1336c8a3029)) - **s3:** use Bucket Policy for Server Access Logging grant (under feature flag) ([#​23386](https://togithub.com/aws/aws-cdk/issues/23386)) ([6975a7e](https://togithub.com/aws/aws-cdk/commit/6975a7ea06a5680bebd38ad5c26ab5bd566d33b1)), closes [#​22183](https://togithub.com/aws/aws-cdk/issues/22183) - **servicecatalog:** Add Product Stack Asset Support ([#​22857](https://togithub.com/aws/aws-cdk/issues/22857)) ([ceaac3a](https://togithub.com/aws/aws-cdk/commit/ceaac3ad49fcfdb89ec80c2784934589542e80b6)), closes [#​20690](https://togithub.com/aws/aws-cdk/issues/20690) ##### Bug Fixes - **lambda-nodejs:** unable to use `nodeModules` with pnpm ([#​21911](https://togithub.com/aws/aws-cdk/issues/21911)) ([7c752db](https://togithub.com/aws/aws-cdk/commit/7c752db4aa83b242098483fc006c1100d1be11a9)), closes [#​21910](https://togithub.com/aws/aws-cdk/issues/21910) - **servicecatalog:** make assetBuckets a required property ([#​23507](https://togithub.com/aws/aws-cdk/issues/23507)) ([10b6b96](https://togithub.com/aws/aws-cdk/commit/10b6b96f35ac32a60aa2bf4ea1856158392ae8ad)) *** #### Alpha modules (2.59.0-alpha.0) ### [`v2.58.1`](https://togithub.com/aws/aws-cdk/releases/v2.58.1) ##### Features - **cfnspec:** cloudformation spec v105.0.0 ([#​23501](https://togithub.com/aws/aws-cdk/issues/23501)) ([05c3411](https://togithub.com/aws/aws-cdk/commit/05c3411047ce1d5ad4f2d6e564a6b8d20f76bea6)) *** #### Alpha modules (2.58.1-alpha.0) ### [`v2.58.0`](https://togithub.com/aws/aws-cdk/releases/v2.58.0) ##### Features - **assertions:** improve printing of match failures ([#​23453](https://togithub.com/aws/aws-cdk/issues/23453)) ([2676386](https://togithub.com/aws/aws-cdk/commit/267638674474c4cac9be5ca0d7f8b9a538ba2e39)) *** #### Alpha modules (2.58.0-alpha.0) ### [`v2.57.0`](https://togithub.com/aws/aws-cdk/releases/v2.57.0) ##### Features - **cfnspec:** cloudformation spec v103.0.0 ([#​23452](https://togithub.com/aws/aws-cdk/issues/23452)) ([e49e57d](https://togithub.com/aws/aws-cdk/commit/e49e57d3106f62c5d64c428cba73b4107d664cba)) - **lambda:** add support for auto-instrumentation with ADOT Lambda layer ([#​23027](https://togithub.com/aws/aws-cdk/issues/23027)) ([fc70535](https://togithub.com/aws/aws-cdk/commit/fc70535fe699e72332d5ddb4543308e76a89594a)) ##### Bug Fixes - **cfnspec:** v101.0.0 introduced specific types on several types that previously were typed as json ([#​23448](https://togithub.com/aws/aws-cdk/issues/23448)) ([4fbc182](https://togithub.com/aws/aws-cdk/commit/4fbc1827b8978262da0b5b77b1ee9bc0ecfdcc3e)) - **codedeploy:** referenced Applications are not environment-aware ([#​23405](https://togithub.com/aws/aws-cdk/issues/23405)) ([96242d7](https://togithub.com/aws/aws-cdk/commit/96242d73c0ae853524a567aece86f8a8a514495c)) - **s3:** buckets with SSE-KMS silently fail to receive logs ([#​23385](https://togithub.com/aws/aws-cdk/issues/23385)) ([1b7a384](https://togithub.com/aws/aws-cdk/commit/1b7a384c330d168d64c0cd82118e5b5473d08a67)) *** #### Alpha modules (2.57.0-alpha.0) ##### Bug Fixes - **aws-redshift:** Columns are not dropped on removal from array ([#​23011](https://togithub.com/aws/aws-cdk/issues/23011)) ([2981313](https://togithub.com/aws/aws-cdk/commit/298131312b513c0e73865e6fff74c189ee99e328)), closes [#​22208](https://togithub.com/aws/aws-cdk/issues/22208) ### [`v2.56.1`](https://togithub.com/aws/aws-cdk/releases/v2.56.1) ##### Bug Fixes - **cfnspec:** v101.0.0 introduced specific types on several types that previously were typed as json ([#​23448](https://togithub.com/aws/aws-cdk/issues/23448)) ([1b4e3a4](https://togithub.com/aws/aws-cdk/commit/1b4e3a4b503d5d08e976ccf245c20f4430bcba46)) *** #### Alpha modules (2.56.1-alpha.0) ### [`v2.56.0`](https://togithub.com/aws/aws-cdk/releases/v2.56.0) ##### Features - **aws-cognito:** add AuthSessionValidity property on a UserPoolClient ([#​23040](https://togithub.com/aws/aws-cdk/issues/23040)) ([8896fb9](https://togithub.com/aws/aws-cdk/commit/8896fb902ad9c8d91a5ddb63df64963186bd09e1)), closes [#​22854](https://togithub.com/aws/aws-cdk/issues/22854) - **cfnspec:** cloudformation spec v102.0.0 ([#​23372](https://togithub.com/aws/aws-cdk/issues/23372)) ([480b0a5](https://togithub.com/aws/aws-cdk/commit/480b0a5098e51248bbf36ebf2bcec57cc791c2b0)) - **core:** CfnResource dependency methods ([#​23383](https://togithub.com/aws/aws-cdk/issues/23383)) ([ecedb00](https://togithub.com/aws/aws-cdk/commit/ecedb00ee3a3cfcaa2564a679fa635aff38f32d8)), closes [#​20419](https://togithub.com/aws/aws-cdk/issues/20419) [#​20418](https://togithub.com/aws/aws-cdk/issues/20418) - **lambda:** expose all docker run options to container bundling of all lambda variants ([#​23318](https://togithub.com/aws/aws-cdk/issues/23318)) ([02d0876](https://togithub.com/aws/aws-cdk/commit/02d0876bbb196e9fbeb32d977e7cf65229c8559d)), closes [#​22829](h </details> --- ### Configuration 📅 **Schedule**: At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, click this checkbox. --- This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate).
This provides an initial implementation of a level 2 construct for EC2 Launch Templates. It is a start that is intended to help get the ball rolling on implementation of Launch Template support within the CDK. It is a step towards resolving #6734
Launch Templates have value even without the integrations into Instance and AutoScalingGroup being implemented yet. Thus, the intention with this PR is to solely implement the L2 for LaunchTemplate. Future work in a separate PR would be required to implement its integration into Instance, AutoScalingGroup, and others.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license