v1.82.0

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• eks: Existing self managed nodes may loose the ability to host additional services of type LoadBalancer . See #12269 (comment) for possible mitigations.

Bug Fixes

• eks: Self managed nodes cannot be added to LoadBalancers created via the LoadBalancer service type (#12269) (470a881)
• lambda-layer-*: unable to calculate layer asset hash due to missing file (#12293) (646f098), closes #12291

v1.81.0

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• eks: the @aws-cdk/eks.KubectlLayer layer class has been moved to @aws-cdk/lambda-layer-kubectl.KubectlLayer.

Features

• codebuild: add webhookTriggersBatchBuild option to third-party Git sources (#11743) (d9353b7), closes #11663
• codebuild: prevent using Secrets in plain-text environment variables (#12150) (998af8f)
• ecs: deployment circuit breaker support (#12168) (e8801a0)
• ecs-patterns: containerName for QueueProcessingEc2Service (88d4149), closes #10517
• Configre containerName for QueueProcessingFargateService (fad27f6)
• eks: aws-node-termination-handler for spot instances now pulls the image from public ECR (#12141) (c752fab), closes #12134
• eks: bundle kubectl, helm and awscli instead of SAR app (#12129) (63bc98f), closes #11874
• eks: option to disable manifest validation (#12012) (579b923), closes #11763
• eks: spot support for managed nodegroups (#11962) (6ccd00f), closes #11827
• elasticsearch: add support for version 7_8 and 7_9 (#12222) (09d1f6c), closes #12202
• elasticsearch: Support EnableVersionUpgrade update policy (#12239) (14f8b06), closes #12210
• rds: add grantConnect for RDS Proxy (#12243) (eb45ca8), closes #10133
• rds: add support for setting public accessibility (#12164) (b8f48e5), closes #12093
• s3: option to auto delete objects upon bucket removal (#12090) (32e9c23), closes #3297 #9751

Bug Fixes

• codebuild: missing permissions for SecretsManager environment variables (#12121) (1a13d8f)
• codebuild: Project lacks permissions to its log destinations (#12213) (b92ed51), closes #11444 #12179
• codepipeline-actions: use codebuild batch iam permissions when executeBatchBuild: true (#12181) (5279f37)
• elasticsearch: domain configured with access policies and a custom kms key fails to deploy (#11699) (245ee6a)

v1.80.0

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• eks: LegacyCluster was removed since it existed only for a transition period to allow gradual migration to the current cluster class.
• eks: kubectlEnabled property was removed, all clusters now support kubectl.
• core: Creation stack traces for Lazy values are no longer
  captured by default in order to speed up tests. Run with
  CDK_DEBUG=true (or cdk --debug) to capture stack traces.

Features

• ec2: Add VPC endpoints for Athena and Glue (#12073) (73ef6b1), closes #12072
• ecs-patterns: add ruleName optional parameter for ScheduledTask constructs (#12190) (b1318bd)
• eks: connect all custom resources to the cluster VPC (#10200) (eaa8222)
• lambda-nodejs: Expose optional props for advanced usage of esbuild (#12123) (ecc98ac)

Bug Fixes

• core: capturing stack traces still takes a long time (#12180) (71cd38c), closes #11170
• dynamodb: allow global replicas with Provisioned billing mode (#12159) (ab5a383), closes #11346
• lambda-nodejs: local bundling fails with relative depsLockFilePath (#12125) (d5afb55), closes #12115
• eks: Remove legacy and deprecated code (#12189) (6a20e61)

v1.79.0

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• apigatewayv2: HttpApi.fromApiId() has been replaced with
  HttpApi.fromHttpApiAttributes().
• elasticsearch: ES Domain LogGroup LogicalId will change, which will trigger new log group resources to be created

Features

• appmesh: add timeout support to Routes (#11973) (78c185d)
• core: expose custom resource provider's role (#11923) (06f26d3), closes /github.com/aws/aws-cdk/pull/9751#issuecomment-723554595
• ec2: add r5b instance type to instance class (#12027) (d276b02), closes #12025
• ecs-patterns: Add DeploymentController option to Fargate services (#10452) (2cd233a), closes aws/containers-roadmap#130 #10971
• eks: attach cluster security group to self-managed nodes (#12042) (1078bea)
• elasticsearch: support audit logs (#12106) (d10ea63), closes #12105
• ivs: add IVS L2 Constructs (#11454) (f813bff)
• lambda: encryption key for environment variables (#11893) (ccbaf83), closes #10837
• lambda-nodejs: expose more esbuild options (#12063) (bab21b3), closes #12046
• route53: Vpc endpoint service private dns (#10780) (8f6f9a8)
• s3-deployment: support vpc in BucketDeploymentProps (#12035) (6caf72f), closes #11734
• stepfunctions-tasks: add support for ModelClientConfig to SageMakerCreateTransformJob (#11892) (bf05092)

Bug Fixes

• ec2: 'encoded list token' error using Vpc imported from deploy-time lists (#12040) (0690da9)

• ec2: fromInterfaceVpcEndpointAttributes: Security Groups should not be required (#11857) (86ae5d6), closes #11050

• eks: failure to deploy cluster since aws-auth configmap exists (#12068) (dc8a98a), closes #12053

• eks: k8s resources accidentally deleted due to logical ID change (#12053) (019852e), closes #10397 #10397

• elasticsearch: Defining 2 domains with logging enabled in the same stack fails on construct id conflict (#12055) (ec3ce19), closes #12017

• elasticsearch: log policies are overwritten when creating 2 domains which also results in a failure while destroying the stack (#12056) (889d089), closes #12016

• stepfunctions-tasks: policies created for EMR tasks have ARNs that are not partition-aware (#11553) (1cf6713), closes #11503

• apigatewayv2: apiEndpoint is elevated to the IHttpApi interface (#11988) (bc5b9b6)

v1.78.0

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• cloudfront-origins: Default minimum origin SSL protocol for HttpOrigin and LoadBalancerOrigin changed from SSLv3 to TLSv1.2.
• apigatewayv2: domainName property under DomainName has been
  renamed to name.
• appmesh: the properties dnsHostName and awsCloudMap of VirtualNodeProps have been replaced with the property serviceDiscovery
• kms: change the default value of trustAccountIdentities to true,
  which will result in the key getting the KMS-recommended default key
  policy. This is enabled through the '@aws-cdk/aws-kms:defaultKeyPolicies'
  feature flag.

Features

• appmesh: add ClientPolicy to VirtualNode, VirtualGateway and VirtualService (#11563) (bfee58c)
• appmesh: change Virtual Node service discovery to a union-like class (#11926) (f75c264)
• appsync: support appsync functions for pipelineConfig (#10111) (cb703c7), closes #9092
• batch: Log configuration for job definitions (#11771) (84c959c), closes #11218
• cloudfront: responseHttpStatus defaults to httpStatus in errorResponses (#11879) (c6052ae)
• cloudfront: the Distribution construct is now Generally Available (stable) (#11919) (442bf7e)
• cloudfront-origins: ability to specify minimum origin SSL protocol (#11997) (a0aa61d), closes #11994
• cloudfront-origins: CloudFront Origins is now Generally Available (#12011) (daace16), closes #11919
• codeguruprofiler: the CodeGuru Profiler Construct Library is now Generally Available (stable) (#11924) (cbe7a10)
• ecs: introduce a new Image type, TagParameterContainerImage, to be used in CodePipeline (#11795) (4182c40), closes #1237 #7746
• eks: kubernetes resource pruning (#11932) (1fdd549), closes #10495
• kms: change default key policy to align with KMS best practices (under feature flag) (#11918) (ff695da), closes #5575 #8977 #10575 #11309
• s3: add support to set bucket OwnershipControls (#11834) (0d289cc), closes #11591

Bug Fixes

• apigateway: base path url cannot contain upper case characters (#11799) (8069a7e)
• cfn-include: cfn-include fails in monocdk (#11595) (45e43f2), closes #11342
• cli: cross-account deployment no longer works (#11966) (6fb3448), closes #11350 #11792 #11792
• codebuild: incorrect SSM Parameter ARN in Project's IAM permissions (#11917) (7a09c18), closes #9980
• core: autogenerated exports do not account for stack name length (#11909) (0df79a2), closes #9733
• ecs: cannot disable container insights of an ECS cluster (#9151) (e328f22), closes #9149
• eks: kubectl provider out-of-memory for large manifests/charts (now 1GiB) (#11957) (2ec2948), closes #11787
• synthetics: metricFailed uses Average instead of Sum by default (#11941) (3530e8c)
• apigatewayv2: rename 'domainName' to 'name' in the DomainName construct (#11989) (1be831a)

v2.0.0-alpha.0

chore: add CHANGELOG entry for 2.0.0-alpha.0 (#12013)

Keep the text simple. Calling out the list of changes is not important
for the first release. Subsequent releases will carry the standard
format of features and bug fixes.


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

v1.77.0

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• apigatewayv2: The VpcLink.fromVpcLinkId() API has been
  replaced with VpcLink.fromVpcLinkAttributes().
• secretsmanager: (feature flag) Secret.secretName for owned secrets will now return
  only the secret name (without suffix) and not the full resource name. This is
  enabled through the @aws-cdk/secretsmanager:parseOwnedSecretName flag.
• lambda-nodejs: bundling customization options like minify or sourceMap are now gathered under a new bundling prop.
• lambda-nodejs: bundlingEnvironment is now bundling.environment
• lambda-nodejs: bundlingDockerImage is now bundling.dockerImage

Features

• apigatewayv2: private integration with imported services (#11661) (6bf0da0), closes #11603
• cfn-include: preserve properties of resources that are not in the current CFN schema (#11822) (45677ca), closes #9717
• cfn-include: the cloudformation-include module is now Generally Available (stable) (#11882) (11df56b)
• cfnspec: cloudformation spec v21.0.0 (#11694) (d1d9fc4)
• cli: support WebIdentityCredentials (as used by EKS) (#11559) (5cfbe6c), closes #11543
• cloudfront: Lambda@Edge construct (#10500) (3b30123), closes #9833 #1575 #9862
• codepipeline-actions: support executeBatchBuild on CodeBuildAction (#11741) (3dcd1a8), closes #11662
• cognito: user pool client - token validity (#11752) (78b3c39), closes #11689
• ecr: authorization token retrieval grants (#11783) (c072981)
• ecs-patterns: allow to select vpc subnets for LB fargate service (#11823) (869c884), closes #8621
• lambda-nodejs: command hooks (#11583) (0608670), closes #11468
• lambda-python: support poetry packaging for PythonFunction (#11850) (c5c258a), closes #11753

Bug Fixes

• codebuild: Project lacks permissions for SSM ParameterStore environment variables (#11770) (3c5c2f4), closes #11769
• codepipeline-actions: incorrect IAM statement in StepFunctionInvokeAction (#11728) (ece9b23), closes #11397 #11688
• core: custom resource providers cannot be used in CDK Pipelines (#11807) (48b3fa9), closes #11760
• core: floating list tokens synthesize to template (#11899) (60875a5), closes #11750
• core: init templates not initialized when running the CLI from source (#11731) (2e067d7), closes #11665
• core: regression: source directory is fingerprinted even if bundling is skipped (#11440) (3cbc7fa), closes #11008 /github.com/aws/aws-cdk/pull/11008/files#diff-62eef996be8abeb157518522c3cbf84a33dd4751c103304df87b04eb6d7bbab6L160 #11008 40aws-cdk/core/lib/asset-staging.ts#L159-L160 #11459 #11460
• ec2: instance not replaced when changing asset in UserData (#11780) (17bde5a), closes #11704
• eks: addManifest can accept any but only works if a map is passed (#11768) (f85c08c), closes #11483
• events: match values in event pattern array are not deduplicated (#11744) (a07b987)
• iam: OIDC provider cannot be imported from parameter (#11789) (cacb1d7), closes #11705
• kinesis: Unable to use retention periods longer than 7 days (#11798) (80e5d90)
• lambda-nodejs: automatic entry finding with compilerOptions.outDir (#11729) (1000cf9)
• lambda-nodejs: maximum call stack size exceeded or converting circular structure to JSON (#11698) (4401725), closes #11693 #11726 #11762
• lambda-nodejs: yarn cannot find a writable cache (#11656) (b16a8d3)
• redshift: multi-node redshift cluster not allowing parameter (#11677) (13c05be), closes #11610
• secretsmanager: secretName for owned secrets includes suffix (under feature flag) (#11736) (f6b4334), closes #11202 #11727
• sqs: queueUrl property has incorrect region and account for imported queue (#11651) (7b8b665)
• stepfunctions-tasks: instance type cannot be provided to SageMakerCreateEndpointConfig as input path (#11749) (5fb0ea6), closes #11605

v1.76.0

Features

• lambda: container images (#11809) (02ced10)

v1.75.0

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• appmesh: renames gateway listener static methods to use shorter names
• appmesh: renames gateway route static methods to use shorter names
• appmesh: changes Route's spec to a union-like class. RouteSpec is now defined using protocol variant static methods
• efs: keyId property uses the ARN instead of the keyId to support cross-account encryption key usage. The filesystem will be replaced.
• lambda-nodejs: local bundling now requires esbuild to be installed.
• lambda-nodejs: projectRoot has been replaced by depsLockFilePath. It should point to your dependency lock file (package-lock.json or yarn.lock)
• lambda-nodejs: parcelEnvironment has been renamed to bundlingEnvironment
• lambda-nodejs: sourceMaps has been renamed to sourceMap
• appmesh: IVirtualNode no longer has the addBackends() method. A backend can be added to VirtualNode using the addBackend() method which accepts a single IVirtualService
• appmesh: IVirtualNode no longer has the addListeners() method. A listener can be added to VirtualNode using the addListener() method which accepts a single VirtualNodeListener
• appmesh: VirtualNode no longer has a default listener. It is valid to have a VirtualNode without any listeners
• appmesh: the construction property listener of VirtualNode has been renamed to listeners, and its type changed to an array of listeners
• appmesh: the struct VirtualNodeListener has been removed. To create Virtual Node listeners, use the static factory methods of the VirtualNodeListener class

Features

• applicationautoscaling: Add KAFKA to ServiceNamespace (#11394) (b5c3f84)
• appmesh: add listener timeout to Virtual Nodes (#10793) (62baa7b)
• appmesh: change Route's spec to a union-like class (#11343) (f0de91f)
• appmesh: updates gateway resources to use shorter static method names (#11560) (df4d1d3)
• cfnspec: cloudformation spec v20.0.0 (#11319) (8c17a35)
• cfnspec: cloudformation spec v20.2.0 (#11429) (025992b)
• cfnspec: cloudformation spec v20.3.0 (#11539) (3246b67)
• cli: add --no-lookups flag to disable context lookups (#11489) (0445a6e), closes #11461
• codebuild: allow setting the Project's logging configuration (#11444) (6a4b22d), closes #3856
• codeguruprofiler: CodeGuruProfiler Construct Library is now in Developer Preview (#11558) (1da6715)
• codepipeline-actions: Add deployment timeout to EcsDeployAction (#11407) (7d9d575)
• core: add easy importValue to CfnOutput (#11368) (c71a4e9), closes #11360
• ecs: allow HTTPS connections from LB to task (#11381) (0f6e2da)
• ecs: environment files for containers in EC2 task definitions (8cb74ea)
• ecs: secret JSON field for Fargate tasks (#11348) (03e7cd5), closes /github.com/aws/containers-roadmap/issues/385#issuecomment-722696672 #11341
• efs: import access point - fromAccessPointAttributes() (#10712) (ec72c85)
• events-targets: add CloudWatch LogGroup Target (#10598) (98e9b59), closes #9953
• iam: specify initial PolicyDocument for inline Policy (#11430) (a8c4f17), closes #11236
• lambda-nodejs: esbuild bundling (#11289) (7a82850), closes #10286 #9130 #9312 #11222
• logs: Add KMS key support to LogGroup (#11363) (21ccfce), closes #11211
• stepfunctions-tasks: support overriding all properties of CodeBuild StartBuild integration (#10356) (58efbad), closes #10302

Bug Fixes

• autoscaling: targetRequestsPerSecond is actually requests per minute (#11457) (39e277f), closes #11446
• aws-custom-resource: module fails loading when bundled with parcel (#11487) (421d4e4)
• cli: credential provider plugins cannot be used with modern synthesis (#11350) (9e91306)
• cloudfront: origin ID exceeds undocumented 128 character limit (#11523) (90f0b9d), closes #11504
• core: DefaultStackSynthesizer supports object prefix for s3 assets (#11327) (1b5f218)
• core: missing context in Stages is not filled by CLI (#11461) (a4a555a), closes #9226
• core: reusing StackSynthesizer leads to unsynthesized Stacks (#11635) (f03c889), closes #11528
• efs: cannot use encryption key imported from another account (#11524) (3578d84), closes #7641
• eks: cluster creation fails when configured with an imported public subnet and private endpoint (#11620) (2c045ce)
• iam: attach policy to imported User (#11493) (0a8971c), closes #10913 #11046 #10527
• init: TypeScript code is not being recompiled automatically (#11470) (9843e71)
• lambda: failed to add permission to an imported lambda from another account (#11369) ([715a030](715a0300ea44c7cfcb6ae9973b...

v1.74.0

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• appmesh: IVirtualNode no longer has the addBackends() method. A backend can be added to VirtualNode using the addBackend() method which accepts a single IVirtualService
• appmesh: IVirtualNode no longer has the addListeners() method. A listener can be added to VirtualNode using the addListener() method which accepts a single VirtualNodeListener
• appmesh: VirtualNode no longer has a default listener. It is valid to have a VirtualNode without any listeners
• appmesh: the construction property listener of VirtualNode has been renamed to listeners, and its type changed to an array of listeners
• appmesh: the struct VirtualNodeListener has been removed. To create Virtual Node listeners, use the static factory methods of the VirtualNodeListener class

Features

• applicationautoscaling: Add KAFKA to ServiceNamespace (#11394) (b5c3f84)
• appmesh: add listener timeout to Virtual Nodes (#10793) (62baa7b)
• cfnspec: cloudformation spec v20.0.0 (#11319) (8c17a35)
• cfnspec: cloudformation spec v20.2.0 (#11429) (025992b)
• codepipeline-actions: Add deployment timeout to EcsDeployAction (#11407) (7d9d575)
• core: add easy importValue to CfnOutput (#11368) (c71a4e9), closes #11360
• ecs: secret JSON field for Fargate tasks (#11348) (03e7cd5), closes /github.com/aws/containers-roadmap/issues/385#issuecomment-722696672 #11341
• efs: import access point - fromAccessPointAttributes() (#10712) (ec72c85)
• iam: specify initial PolicyDocument for inline Policy (#11430) (a8c4f17), closes #11236
• logs: Add KMS key support to LogGroup (#11363) (21ccfce), closes #11211
• stepfunctions-tasks: support overriding all properties of CodeBuild StartBuild integration (#10356) (58efbad), closes #10302

Bug Fixes

• autoscaling: targetRequestsPerSecond is actually requests per minute (#11457) (39e277f), closes #11446
• core: missing context in Stages is not filled by CLI (#11461) (a4a555a), closes #9226
• lambda: failed to add permission to an imported lambda from another account (#11369) (715a030), closes #11278 #11141 #11141
• pipelines: synthesizes incorrect paths on Windows (#11464) (2ca31a8), closes #11359 #11405 #11424
• stepfunctions-tasks: encryption is required for AthenaStartQueryExecution (#11355) (f26a592)
• stepfunctions-tasks: incorrect policy for Athena prevents database deletions (#11427) (58e6576), closes #11357