v2.161.1

Reverts

• feat(cli): cdk rollback (#31407) (#31657) (29bf223)

---

Alpha modules (2.161.1-alpha.0)

v2.161.0

Features

• update L1 CloudFormation resource definitions (#31640) (79d9c4d), closes /docs.aws.amazon.com/datasync/latest/userguide/create-locations-cli.html#create-location-s3
• bedrock: support meta llama3-2 (#31568) (4ddc702)
• cli: cdk rollback (#31407) (0755561), closes #30546
• cli: notices on bootstrap version (#31555) (b0e4a54)
• ecs: support restart policy for container (#31228) (a22e8cc), closes #31127 #31425
• logs: add metric methods for log group IncomingLogEvents and IncomingBytes (#31535) (2813eb2), closes #30034
• rds: support for local write forwarding in an Aurora Mysql cluster (#31524) (48c4192), closes #31523
• s3-deployment: added property outputObjectKeys for BucketDeployment (#31452) (54c01cb), closes #28579

Bug Fixes

• appsync: lambda authorizer permission is not scoped to appsync api arn (#31567) (c7cee15), closes #31550 /docs.aws.amazon.com/controltower/latest/controlreference/lambda-rules.html#ct-lambda-pr-2
• batch: remove default optimal for arm based instance types and add error checks (#31510) (7e80cc9), closes #31148
• cdk: cdk diff --quiet to print stack name when there is diffs (#30186) (bcf9209), closes #27128
• cli: deployment errors are printed 3 times (#31389) (4b00ffe)
• core: isTaggable function can return undefined instead of false (#31600) (be70c82), closes #26495
• core: apps that use token-aware-stringify are construct-instantiation-order-dependent (#31470) (4128bf1), closes #31345 #31345
• core: file asset publishing role not used in cdk diff to upload large templates (#31597) (be1207b), closes #29936 /github.com/aws/aws-cdk/blob/main/packages/aws-cdk/lib/api/bootstrap/bootstrap-template.yaml#L275 /github.com/aws/aws-cdk/blob/4b00ffeb86b3ebb9a0190c2842bd36ebb4043f52/packages/aws-cdk/lib/api/deployments.ts#L605
• core: throw on intrinsics in CFN update and create policies (#31578) (9410361), closes #27578 #30740
• lambda: configuring log retention fails on 70+ Lambdas (#31340) (a2d42d2), closes #31338
• lambda-nodejs: remove smithy models from bundling for AWS SDK v3 runtimes (under feature flag) (#31639) (19ee46d)
• pipelines: "Node with duplicate id" on duplicate stack names (#31328) (16b74f3), closes #30960
• rds: fixed the IAM policy that grantConnect() generates for DatabaseInstanceReadReplica (#31579) (52f676c), closes #31061
• stack: check stack tags for deploy-time values (#31457) (abd1768), closes #28017
• update L1 CloudFormation resource definitions by removing outdated schema overrides (#31539) (218331b)

---

Alpha modules (2.161.0-alpha.0)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• kinesisfirehose-destinations: the logging and logGroup properties in DestinationLoggingProps have been removed and replaced with a single optional property loggingConfig which accepts a class of type LoggingConfig.

Details

Combine the logging and logGroup properties into a single new optional property called loggingConfig which accepts a class of type LoggingConfig.

LoggingConfig is an abstract class which can be instantiated through either an instance of EnableLogging or DisableLogging which can be used in the following 3 ways:

import * as logs from 'aws-cdk-lib/aws-logs';

const logGroup = new logs.LogGroup(this, 'Log Group');
declare const bucket: s3.Bucket;

// 1. Enable logging with no parameters - a log group will be created for you
const destinationWithLogging = new destinations.S3Bucket(bucket, {
  loggingConfig: new destinations.EnableLogging(),
});

// 2. Enable a logging and pass in a logGroup to be used
const destinationWithLoggingAndMyLogGroup = new destinations.S3Bucket(bucket, {
  loggingConfig: new destinations.EnableLogging(logGroup),
});

// 3. Disable logging (does not accept any parameters so it is now impossible to provide a logGroup in this case)
const destinationWithoutLogging = new destinations.S3Bucket(bucket, {
  loggingConfig: new destinations.DisableLogging(),
});

Description of how you validated changes

unit + integ test

Checklist

• My code adheres to the CONTRIBUTING GUIDE and DESIGN GUIDELINES

Features

• ec2: add interface endpoint dynamodb (#30162) (182804a), closes #29547
• pipes-sources: add Kinesis and DynamoDB (#29476) (00c2efb), closes #29378 #29377
• pipes-targets: add API destination (#30756) (5e08c98), closes /github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-events-targets/lib/api-gateway.ts#L11-L32
• pipes-targets: add Kinesis (#30656) (d0c99d8)
• redshift: supports excludeCharacters settings for DatabaseSecret (#30563) ([a1c46cf](a1c46cf...

v2.160.0

Features

• allow all sts options for roles assumed by the cli (#31089) (5e95ba2), closes #26157 #22535
• update L1 CloudFormation resource definitions (#31534) (cd17fed)
• core: configure Stack SNS notification ARNs on the Stack construct (#31107) (1593500), closes #8581
• stepfunctions: add support for EncryptionConfiguration (#30959) (b49032b)

---

Alpha modules (2.160.0-alpha.0)

Features

• kinesisanalytics-flink: support Apache Flink 1.20 (#31349) (b3b9aa8)

Bug Fixes

• cognito-identitypool-alpha: cannot configure roleMappings with imported userPool and client (#30421) (0fdd6a9), closes #30304 /github.com/aws/aws-cdk/blob/c3003ab41f0efc763f39eb2cab490c8a005e146b/packages/aws-cdk-lib/aws-cognito/lib/user-pool.ts#L902
• ec2: instance resourceSignalTimeout overwrites initOptions.timeout (#31446) (a29bf19), closes #30052

v2.159.1

Reverts

• fix(ec2): fixing vpc endpoint pattern for ecr and ecr docker (#31496) (f7e8452)

---

Alpha modules (2.159.1-alpha.0)

v2.159.0

Features

• update L1 CloudFormation resource definitions (#31484) (60ce351), closes /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2 /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2 /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2 /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2
• opensearch: support OpenSearch version 2.15 (#31398) (33eea3f)
• update L1 CloudFormation resource definitions (#31460) (e220e90)
• apigatewayv2: support for setting routeSelectionExpression for an HTTP API (#31373) (36baf51), closes #31104
• elasticloadbalancingv2: alb dualstack without public ipv4 (#30248) (4068af3), closes #30256
• events-target: support Dead Letter Queue for Kinesis Stream Event Target (#31435) (358f231), closes #31428 #13600
• stepfunctions-tasks: support idle timeout for EmrCreateCluster (#31142) (432ffaf), closes #29926
• vpcv2: implementation of add gateway method (#31224) (4b90bfc)

Bug Fixes

• cli: bootstrap respects qualifier from cdk.json (#31410) (44134ad), closes #28249
• cli: hotswapping appsync functions fails when API does not return function on the first page (#31406) (0da4f43), closes /github.com/aws/aws-cdk/blob/1e203753519e10e19ef0db87e1382377b609bcaa/packages/aws-cdk/lib/api/evaluate-cloudformation-template.ts#L23-L36
• cli: release outdir lock when synth fails (#30874) (b6ad97f), closes #27864
• cognito: deprecate privateKey and add privateKeyValue as typed SecureValue (#31409) (7ee183d), closes /github.com/aws/aws-cdk/blob/1e203753519e10e19ef0db87e1382377b609bcaa/packages/aws-cdk-lib/aws-cognito/lib/user-pool-idps/google.ts#L28
• ecs: reduce ecs service task role cloudwatch permissions when no log configured (under feature flag) (#31475) (de7ab7c)
• eks: fargateCluster compatibility with AuthenticationMode.API (#31267) (4d12833)
• eks: update private ecr repo url regex (#31394) (386fca3)
• lambda: invalid Version object created from Version.fromVersionArn (#31433) (1726abd)
• ssm: update ssm-context to prevent raising an error on missing parameter (#31415) (ff02cca), closes #7051 #22064 #7259
• pipelines ties cli version with cdk-assets version (#31261) (4392ab4), closes #31253

---

Alpha modules (2.159.0-alpha.0)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• kinesisfirehose-alpha: encryptionKey property is removed and encryption property type has changed from the StreamEncryption enum to the StreamEncryption class.

To pass in a KMS key for the customer managed key case, use StreamEncryption.customerManagedKey(key)

Details

Replaced encryption and encryptionKey properties with a single property encryption of type StreamEncryption and is used by calling one of the 3 methods:

SreamEncryption.unencrypted()
StreamEncryption.awsOwnedKey()
StreamEncryption.customerManagedKey(key?: IKey)

This makes it so it's not longer possible to pass in a key when the encryption type is AWS owned or unencrypted. The key is an optional parameter in StreamEncryption.customerManagedKey(key?: IKey) so following the previous behaviour, if a key is provided it will be used, otherwise a key will be created for the user.

Description of how you validated changes

Generated templates do not change so behaviour remains the same.

Updated integ/unit tests.

Checklist

• My code adheres to the CONTRIBUTING GUIDE and DESIGN GUIDELINES

Features

• ivs: support RTMP ingest for IVS channel (#31380) (a907a7e)

Bug Fixes

• ec2: fixing vpc endpoint pattern for ecr and ecr docker (#31434) (95c49ab)

Miscellaneous Chores

• kinesisfirehose-alpha: refactor encryption property to combine encryptionKey (#31430) (8e92185)

v2.158.0

Bug Fixes

• cloudformation-include: can't use CFN intrinsics in Tags (#30515) (af9e6ba), closes #27594

---

Alpha modules (2.158.0-alpha.0)

Features

• amplify: support cache configuration for app (#31381) (b7bd041)
• iot: configure IoT Logging (#31352) (6348717), closes #31357

v2.157.0

Features

• update L1 CloudFormation resource definitions (#31361) (bc4dbfd)
• appsync: support DEBUG and INFO logging levels for AppSync GraphQL APIs (#31326) (4b9643f)
• lambda: added new property allowAllIpv6Outbound to FunctionOptions (#31013) (fa55194), closes #30994

Bug Fixes

• rds: proxy target group does not depend on database instances when using writer property for database cluster (#31354) (6542207), closes #31304 /github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-rds/lib/proxy.ts#L535-L539

---

Alpha modules (2.157.0-alpha.0)

v2.156.0

Features

• bedrock: add Stable Image Ultra, Stable Diffusion 3 Large, and Stable Image Core model identifiers (#31327) (586cb04)
• cloudfront: s3 origin access control L2 construct (#31254) (30675f0), closes #21771
• codebuild: support three arm-based compute types, Medium, X-Large and 2X-Large (#31214) (39492e9), closes #30869
• docdb: i/o optimized storage type (#30163) (7ed221c), closes #30165
• ecs-patterns: dualstack ALB (#30089) (98ea3db), closes #29039
• eks: support alb controller versions 2.7.0-2.8.2 (#31264) (a3863a6)
• events-targets: support for RedshiftDataParameters (#29462) (84c6442), closes #15712 #31017
• synthetics: syn-nodejs-puppeteer-9.0 as supported runtime (#31272) (c1d7782), closes #31271
• custom-resources: update python runtime for custom resources (#31166) (03ebca8), closes #31245

Bug Fixes

• custom-resources: remove presigned url from cloudwatch logs (#31322) (b5e4496)
• eks: albController incompatibility with AuthenticationMode.API mode (#31258) (427cd61)
• prlint: a review label doesn't appear when a PR is approved if there are too many comments (#31290) (1c63070), closes #31294 /github.com/aws/aws-cdk/pull/30920#issuecomment-2324932936 aws-cdk/prlint/lint.ts#L377 40aws-cdk/prlint/lint.ts#L376
• stepfunctions-tasks: add back BedrockInvokeModel to use JsonPath (#31325) (5b059b9), closes aws/aws-cdk#31308
• stepfunctions-tasks: fix bedrock input/output path in step-funct… (#31305) (a190935), closes #31302 PR#30298 #29229
• stepfunctions-tasks: sageMakerCreateTrainingJob does not correctly support empty inputDataConfig (#31210) (6d43146), closes #31132

---

Alpha modules (2.156.0-alpha.0)

Features

• location: support RouteCalculator (#30682) (574d383), closes #30681
• neptune-alpha: specify port for the cluster (#31137) (130b62b), closes #31074
• scheduler: validate schedule name length (#31200) (d0f9688)

Bug Fixes

• scheduler: the value of the description property is not reflected to the resource. (#31276) (a3332b6), closes #31269

v2.155.0

Features

• codebuild: macOS codebuild support (#31203) (823ff6e), closes #31170
• eks: preserveOnDelete for EKS addon (#30776) (23fba1c)
• kms: add multiRegion property to a Key (#31125) (3dc4c50)
• stepfunctions-tasks: add cpu and memory parameters to EcsRunTask (#30140) (986e378), closes #30027
• synthetics: add syn-python-selenium-4.0 runtime (#31101) (cc75ded), closes #30137 /docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Library_python_selenium.html#CloudWatch_Synthetics_runtimeversion-syn-python-selenium-4
• update L1 CloudFormation resource definitions (#31193) (e942b67)
• update L1 CloudFormation resource definitions (#31194) (5468983)
• update L1 CloudFormation resource definitions (#31221) (b754353)

Bug Fixes

• cloudfront: requirement of domainNames prevents moving a domain name between distributions (#31001) (acdf7d3), closes #29960 #29329
• eks: can't update authMode with the same mode (#31043) (64df08b)
• lambda-event-source: allow dynamodb filtering on boolean value (#31011) (9946ab0), closes #30734
• s3: bucket notifications in owning stack deletes bucket notifications from other stacks (#31091) (0b09e52)

---

Alpha modules (2.155.0-alpha.0)

Features

• ec2: ipv6AddressCount property for an instance (#31076) (e3e5e1c), closes #31075
• ec2: support throughput on LaunchTemplate EBS volumes (#30716) (6ed0bed), closes #24341 #22441
• location: support GeofenceCollection (#30711) (04d73ac), closes #30710

v2.154.1

Features

• update L1 CloudFormation resource definitions (#31193) (aa97525)
• update L1 CloudFormation resource definitions (#31194) (2191264)

Bug Fixes

• cloudfront: requirement of domainNames prevents moving a domain name between distributions (#31001) (1255ce3), closes #29960 #29329

---

Alpha modules (2.154.1-alpha.0)