v1.47.0

⚠ BREAKING CHANGES

• stepfunctions-tasks: Dynamo* tasks no longer implementIStepFunctionsTask and have been replaced by constructs that can be instantiated directly. See README for examples

Features

• cfn-include: add support for retrieving parameter objects (#8658) (52dc123), closes #8657
• cfn-include: support logical id overrides (#8529) (d9c4f5e), closes #7375
• cloudwatch: CompositeAlarm (#8498) (1e6d293)
• efs: access point (#8631) (dde0ef5)
• stepfunctions: grant APIs for state machine construct (#8486) (fe71364), closes #5933
• stepfunctions-tasks: task constructs to call DynamoDB APIs (#8466) (a7cb3b7), closes #8108

Bug Fixes

• appsync: Not to throw an Error even if 'additionalAuthorizationModes' is undefined (#8673) (6b5d77b), closes #8666 #8668
• cli: cannot change policies or trust after initial bootstrap (#8677) (6e6b23e), closes #6581
• cli: crash on tiny reported terminal width (#8675) (a186c24), closes #8667
• toolkit: CLI tool fails on CloudFormation Throttling (#8711) (e512a40), closes #5637

v1.46.0

⚠ BREAKING CHANGES

• stepfunctions-tasks: constructs for EMR* have been introduced to replace
  previous implementation which implemented IStepFUnctionsTask.
• stepfunctions-tasks: sizeInGB property in VolumeSpecification has been renamed to volumeSize and is of type cdk.Size as we want to enable specifying any unit
• stepfunctions-tasks: ebsRootVolumeSize property in EmrCreateCluster is now of type cdk.Size as we want to enable specifying any unit
• stepfunctions-tasks: Tags in EmrCreateCluster type has changed from cdk.CfnTag[] to a map of string to string as we do not want to leak Cfn types
• rds: the attribute securityGroupId has been removed from IDatabaseCluster,
  use cluster.connections.securityGroups instead
• rds: DatabaseClusterAttributes.securityGroup has been changed to securityGroups, and its type to an array
• rds: InstanceProps.securityGroup has been changed to securityGroups, and its type to an array
• rds: the property engine can no longer be passed when creating a DatabaseInstanceReadReplica
• rds: the property 'instanceClass' in DatabaseInstanceNewProps has been renamed to 'instanceType'
• appsync: Changes way of auth config even for existing supported methods viz., User Pools and API Key.

Features

• amplify: add "404 (Rewrite)" RedirectStatus (#7944) (21dda30)
• amplify: support for GitLab source code provider (#8353) (f10da03)
• apigateway: define Resources on imported RestApi (#8270) (21a1de3), closes #7391 #1477 #7391 #8347
• appsync: add Construct for AppSync HTTP DataSource (#8009) (0592b36), closes #8007
• appsync: enhances and completes auth config (#7878) (6d7ce65)
• autoscaling: add instanceMonitoring option (#8213) (6e23ae7), closes #8212
• awslint: publish as an external module (#8558) (378939c)
• cfn-include: add support for all remaining CloudFormation functions except Fn::Sub (#8591) (8d699c5), closes #8590
• cfn-include: add support for CreationPolicy and UpdatePolicy resource attributes (#8457) (2fc5372)
• cfnspec: cloudformation spec v15.1.0 (#8547) (50f4a21)
• cli: allow disabling of Public Access Block Configuration on bootstrap Bucket (#8171) (33f4746)
• cli: new deployment monitoring (#8165) (f066c52)
• cloudtrail: cloudtrail module is now stable! (#8651) (835f375)
• cloudwatch: liveData in GraphWidget (#8579) (831092e), closes #8376
• cognito: user pool - account recovery (#8531) (1112abb), closes #8502
• cognito: user pool - identity provider attribute mapping (#8445) (1bd513b)
• cognito: user pool client - disable OAuth easily (#8496) (f69cdfd), closes #8429
• logs: MetricFilter exposes extracted Metric object (#8556) (a35a53b), closes #1353
• upgrade JSII to version 1.7.0 (#8632) (1d26dbd)
• cognito: user pools are now in developer preview (#8522) (4fcad9a)
• core,s3-assets: custom bundling docker command (#8481) (2a6d90c), closes #8460
• ec2: Add Step Functions interface endpoint (#8512) (d21231f)
• efs: removal policy on FileSystem (#8593) (b17863b)
• eks: expose cluster security group and encryption configuration (#8317) (03e85eb), closes #8276 #8276 #8236
• eks: timeout option helm charts (#8338) (d1403cc), closes #8215
• globalaccelerator: support Accelerator, Listener and EndpointGroup (#8221) (e4e8270), closes #5527
• kms: import an Alias by name (#8299) (4611e69), closes #5953
• lambda: configurable retries for log retention custom resource (#8258) (e17a49a), closes #8257
• rds: multiple security groups in Cluster and Instance (#8510) (31925c1)
• sns-subscriptions: Add support for SMS subscriptions (#8582) (82d8f11), closes #7882

Bug Fixes

• apigateway: deployment fails when domain name has uppercase letters (#8456) (1e6a8e9), closes #8428
• appsync: don't mix the json result with setting variables (#8290) (7ca74e0), closes #7026
• autoscaling: can't configure notificationTypes (#8294) (01ef1ca)
• cli: bootstrapping cannot be retried (#8577) (cad6649)
• cloudtrail: Invalid arn partition for GovCloud (#8248) (5189170), closes #8247
• core: asset bundling runs as root (#8492) (6df546f), closes #8489
• core: asset staging custom hash ...

v1.45.0

⚠ BREAKING CHANGES

• stepfunctions-tasks: constructs for SageMakerCreateTrainingJob and
  SageMakerCreateTransformJob replace previous implementation that
  implemented IStepFunctionsTask.
• stepfunctions-tasks: volumeSizeInGB property in ResourceConfig for
  SageMaker tasks are now type core.Size
• stepfunctions-tasks: maxPayload property in SagemakerTransformProps
  is now type core.Size
• stepfunctions-tasks: volumeKmsKeyId property in SageMakerCreateTrainingJob is now volumeEncryptionKey
• cognito: requiredAttributes on UserPool construct is now replaced with standardAttributes with a slightly modified signature.
• rds: DatabaseClusterProps.kmsKey has been renamed to storageEncryptionKey
• rds: DatabaseInstanceNewProps.performanceInsightKmsKey has been renamed to performanceInsightEncryptionKey
• rds: DatabaseInstanceSourceProps.secretKmsKey has been renamed to masterUserPasswordEncryptionKey
• rds: DatabaseInstanceProps.kmsKey has been renamed to storageEncryptionKey
• rds: DatabaseInstanceReadReplicaProps.kmsKey has been renamed to storageEncryptionKey
• rds: Login.kmsKey has been renamed to encryptionKey

Features

• assert: more powerful matchers (#8444) (ed6f763)
• cloud9: support AWS CodeCommit repository clone on launch (#8205) (4781f94), closes #8204
• codestar: support the GitHubRepository resource (#8209) (02ddab8), closes #8210
• cognito: allow mutable attributes for requiredAttributes (#7754) (1fabd98)
• core,s3-assets,lambda: custom asset bundling (#7898) (888b412)
• rds: rename 'kmsKey' properties to 'encryptionKey' (#8324) (4eefbbe)
• secretsmanager: deletionPolicy for secretsmanager (#8188) (f6fe36a), closes #6527
• secretsmanager: Secret.grantRead() also gives DescribeSecret permissions (#8409) (f44ae60), closes #6444 #7953
• stepfunctions-tasks: task constructs for creating and transforming SageMaker jobs (#8391) (480d4c0)

Bug Fixes

• apigateway: authorizerUri does not resolve to the correct partition (#8152) (f455273), closes #8098
• apigateway: methodArn not replacing path parameters with asterisks (#8206) (8fc3751), closes #8036
• aws-s3-deployment: Set proper s-maxage Cache Control header (#8434) (8d5b801), closes #6292
• cognito: error when using parameter for domainPrefix (#8399) (681b3bb), closes #8314
• dynamodb: old global table replicas cannot be deleted (#8224) (00884c7), closes #7189
• elbv2: addAction ignores conditions (#8385) (729cc0b), closes #8328
• elbv2: missing permission to write NLB access logs to S3 bucket (#8114) (d6a1265), closes #8113

v1.44.0

Features

• ecs-patterns: support min and max health percentage in queueprocessingservice (#8312) (6da564d)

v1.43.0

⚠ BREAKING CHANGES

• rds: the default retention policy for RDS Cluster and DbInstance is now 'Snapshot'
• cognito: OAuth flows authorizationCodeGrant and
  implicitCodeGrant in UserPoolClient are enabled by default.
• cognito: callbackUrl property in UserPoolClient is now
  optional and has a default.
• cognito: All OAuth scopes in a UserPoolClient are now enabled
  by default.

Features

• cfn-include: add support for Conditions (#8144) (33212d2)
• cognito: addDomain() on an imported user pool (#8123) (49c9f99)
• cognito: sign in url for a UserPoolDomain (#8155) (e942936)
• cognito: user pool identity provider with support for Facebook & Amazon (#8134) (1ad919f)
• dynamodb: allow providing indexes when importing a Table (#8245) (9ee61eb), closes #6392
• events-targets: kinesis stream as event rule target (#8176) (21ebc2d), closes #2997
• lambda-nodejs: allow passing env vars to container (#8169) (1755cf2), closes #8031
• rds: change the default retention policy of Cluster and DB Instance to Snapshot (#8023) (2d83328), closes #3298
• redshift: add initial L2 Redshift construct (#5730) (703f0fa), closes #5711
• s3: supports RemovalPolicy for BucketPolicy (#8158) (cb71f34), closes #7415
• stepfunctions-tasks: start a nested state machine execution as a construct (#8178) (3000dd5)
• stepfunctions-tasks: task state construct to submit a job to AWS Batch (#8115) (bc41cd5)

Bug Fixes

• apigateway: deployment is not updated when OpenAPI definition is updated (#8207) (d28c947), closes #8159
• app-delivery: could not use PipelineDeployStackAction more than once in a Stage (#8217) (9a54447), closes #3984 #8183
• cli: termination protection not updated when change set has no changes (#8275) (29d3145)
• codepipeline: allow multiple CodeCommit source actions using events (#8018) (103c144), closes #7802
• codepipeline: correctly handle CODEBUILD_CLONE_REF in BitBucket source (#7107) (ac001b8)
• codepipeline: unhelpful artifact validation messages (#8256) (2a2406e)
• core: CFN version and description template sections were merged incorrectly (#8251) (b7e328d), closes #8151
• lambda: SingletonFunction.grantInvoke() API fails with error 'No child with id' (#8296) (a8b1815), closes #8240
• rds: cannot delete a stack with DbCluster set to 'Retain' (#8110) (c2e534e), closes #5282
• sqs: unable to use CfnParameter 'valueAsNumber' to specify queue properties (#8252) (8ec405f), closes #7126

v1.42.1

Bug Fixes

• lambda: SingletonFunction.grantInvoke() API fails with error 'No child with id' (#8296) (b4e264c), closes #8240

v1.42.0

⚠ BREAKING CHANGES

• cloudtrail: API signatures of addS3EventSelectors and
  addLambdaEventSelectors have changed. Their parameters are now
  strongly typed to accept IBucket and IFunction respectively.
• cloudtrail: addS3EventSelectors and addLambdaEventSelectors
  can no longer be used to configure all S3 data events or all Lambda data
  events. Two new APIs logAllS3DataEvents() and
  logAllLambdaDataEvents() have been introduced to achieve this.
• cloudtrail: The property snsTopic is now of the type ITopic.

Features

• cfnspec: cloudformation spec v14.4.0 (#8195) (99e7330)
• cloudtrail: create cloudwatch event without needing to create a Trail (#8076) (0567a23), closes #6716
• cloudtrail: user specified log group (#8079) (0a3785b), closes #6162
• codeguruprofiler: ProfilingGroup (#7895) (995088a)
• codepipeline: use a special bootstrapless synthesizer for cross-region support Stacks (#8091) (575f1db), closes #8082
• cognito: user pool - case sensitivity for sign in (460394f), closes #7988 #7235
• core: CfnJson enables intrinsics in hash keys (#8099) (195cd40), closes #8084
• eks: improve security using IRSA conditions (#8084) (35a01a0)
• elbv2: Supports new types of listener rule conditions (#7848) (3d30ffa), closes #3888
• secretsmanager: adds grantWrite to Secret (#7858) (3fed84b)
• sns: add support for subscription DLQ in SNS (383cdb8)
• stepfunctions: new service integration classes for Lambda, SNS, and SQS (#7946) (c038848), closes #6715 #6489
• stepfunctions: support paths in Pass state (#8070) (86eac6a), closes #7181
• stepfunctions-tasks: task for starting a job run in AWS Glue (#8143) (a721e67)

Bug Fixes

• apigateway: contextAccountId in AccessLogField incorrectly resolves to requestId (7b89e80), closes #7952 #7951
• autoscaling: add noDevice as a volume type (#7253) (751958b), closes #7242
• aws-eks: kubectlEnabled: false conflicts with addNodegroup (#8119) (8610889), closes #7993
• cli: paper cuts (#8164) (af2ea60)
• dynamodb: the maximum number of nonKeyAttributes is 100, not 20 (#8186) (0393528), closes #8095
• eks: unable to add multiple service accounts (#8122) (524440c)
• events: cannot use the same target account for 2 cross-account event sources (#8068) (395c07c), closes #8010
• lambda-nodejs: build fails on Windows (#8140) (04490b1), closes #8107
• cloudtrail: better typed event selector apis (#8097) (0028778)

v1.41.0

Features

• cloudtrail: create cloudwatch event without needing to create a Trail (#8076) (0567a23), closes #6716
• cognito: user pool - case sensitivity for sign in (460394f), closes #7988 #7235
• core: CfnJson enables intrinsics in hash keys (#8099) (195cd40), closes #8084
• secretsmanager: adds grantWrite to Secret (#7858) (3fed84b)
• sns: add support for subscription DLQ in SNS (383cdb8)
• stepfunctions: new service integration classes for Lambda, SNS, and SQS (#7946) (c038848), closes #6715 #6489

Bug Fixes

• apigateway: contextAccountId in AccessLogField incorrectly resolves to requestId (7b89e80), closes #7952 #7951
• autoscaling: add noDevice as a volume type (#7253) (751958b), closes #7242

v1.40.0

Features

• add support for Gitpod workspaces (20d5511)
• autoscaling: support max instance lifetime (d126c46), closes #7758
• cfn-include: add support for the DependsOn attribute (613df1b)
• docdb: high level constrcuts for db clusters and instances (#6511) (a376dd3)
• eks: IAM roles for service accounts (3f0d2c8), closes #6062 #5388 #3949
• elbv2: full Action support (2939105), closes #2563 #6310 #6308
• region-info: add information for us-gov, us-iso, and us-isob regions (afe0b00), closes #7876 #4669
• s3-asset: add httpUrl and s3ObjectUrl (eeff393), closes #7509 #7221

v1.39.0

⚠ BREAKING CHANGES

• cognito: An invalid template placeholder has been removed
  from the default verification email body in a user pool.

Features

• apigateway: create RestApi from an OpenAPI spec (31014ca), closes #4421
• apigateway: import existing VpcLink (#7811) (7b42f7f), closes #4178
• initial version of an improved CloudFormation template include experience (0132251), closes #3537
• apigateway: specify API key name and value in addApiKey() (#7714) (e93da2c), closes #3233 #7767
• apigatewayv2: HTTP API - configure CORS preflight (#7923) (9f35104), closes #7922
• cognito: user pool client - prevent user existence errors (c7f15f2), closes #7406
• dynamodb: support for Customer-managed CMK (#7425) (ff8219b), closes #7142
• ec2: lookup available AZs for Interface Endpoints (9fa3221)
• events-targets: support multiple security groups for an ECS task (#7857) (c6504e6), closes #3312
• init/java: model CDK version in property in Maven POMs (#7931) (ce5b8fb), closes #7862

Bug Fixes

• cli: cdk bootstrap cannot be used without supplying the --app argument (#7970) (540a7e6), closes #7510 #7906
• cognito: invalid default for verification email (#7790) (cb3c184), closes #7597
• core: consistent sorting of resource tags (0105efd), closes #7707
• core: hangs when used with yarn PnP (8579100), closes yarnpkg/berry#1298
• elbv2: race condition for Lambda backends (1819a6b), closes #4663 #7236
• iot1click: incorrect type for Project.deviceTemplates (#8000) (338ef92), closes #8001
• lambda: SingletonFunction ignores explicit declared dependencies (#7997) (91f913f), closes #7568
• stepfunctions-tasks: EvaluateExpression is limited to expressions that contain state paths (#7774) (97f4f01), closes #7655