v1.38.0

Features

• cloudfront: support geo restrictions for cloudfront distribution (#7345) (cf25ba0), closes #3456
• cloudwatch: legend positions in GraphWidgets (ada0de1), closes #3625
• codebuild: add support for test reports (4befefc), closes #7367
• core: custom resource provider helper (4a76973)
• ec2: EBS volume configuration for BastionHostLinux (207a8ec), closes #6945
• ecs: support multiple security groups when creating an ecs service (#7850) (456c469)
• iam: openid connect providers (20621ac), closes #5388 #3949 #6308
• add an example construct package (#7748) (2223584)
• lambda-nodejs: run parcel in a docker container (d86e500), closes #7169
• cloudformation spec v14.1.0 (#7822) (e133027)
• s3: new s3UrlForObject method on IBucket (#7508) (8fe4015), closes #7507
• stepfunctions: custom state as an escape hatch (c498f60)

Bug Fixes

• assets invalid fingerprint when 'exclude' captures root directory name (#7719) (a5c06a3), closes #7718
• aws-batch: gpuCount was ignored in JobDefinition creation (#7587) (0f1bf23)
• cli: parameter value reuse is not configurable (44310c9), closes #7041
• core: docs refer to "createNamingScheme" which was renamed to "allocateLogicalId" (#7840) (d79595d), closes #7527
• ecs: update minHealthyPercent constrain for ec2service using daemon strategy (#7814) (19e3fd8)
• ecs: using secret JSON field with fargate task does not fail (#7317) (cb03a60), closes #7272
• eks: "vendor response doesn't contain attribute" when updating version (#7830) (8cabae0), closes #7526 #7794
• s3: grantDelete with KMS SSE (#7528) (c6d1a21), closes #4380
• secretsmanager: add kms policy to allow secret to use kms key (5460717)

v1.37.0

⚠ BREAKING CHANGES

• amplify: mapSubDomain() called with an empty string for prefix now
  maps to the domain root.

Features

• amplify: add SPA redirect custom rule (#7320) (0ef9883)
• apigatewayv2: http api (#6432) (f3219c3), closes #5301
• appsync: export configured API key (#7380) (fa8c13c)
• aws-fsx: L2 construct for FSx for Lustre (#6653) (7363912)
• cfnspec: cloudformation spec v14.0.0 (#7664) (fa21274)
• cloudwatch: LogGroup Query Widget (1275952), closes #3681
• codebuild: allow taking the artifact name from the buildspec (f7d3cd6), closes #5955
• core: move all types from "assets" to "core" (#7708) (4a84c96)
• core: move all types from "aws-cloudformation" to "core" (#7736) (40fa93a), closes #4896 #7035 #7034
• core: stack termination protection (#7610) (7ed60b8), closes #1682
• ecr: support imageScanOnPush when creating the repository (9df5486), closes #7471
• lambda-nodejs: use docker instead of npm package for parcel-bundler (55c4d0b)

Bug Fixes

• amplify: cannot map branch to domain root (#7621) (da7c508), closes #7590
• cdk-assets: assets archiving corruption (#7653) (f8eddb8), closes #6925
• cli: cdk deploy cannot update stacks in REVIEW_IN_PROGRESS status (#7731) (a52b3e3), closes #6674
• cli: CLI can't be used in Lambda Function (0e96415), closes #7530
• cli: CLI ignores profile in cdk.json (#7398) (6784dc3), closes #3007
• cloudwatch: Alarm can't use MathExpression without submetrics (b59aed0), closes #7155
• ec2: new Instance fails in lookup Vpc (3161de8), closes #7580
• ec2: Vpc.fromLookup() does not work in unit tests (e869a0d), closes #6045
• ec2: can't add VPN connections to a VPC progressively (9498e05)
• ec2: default gateway endpoint fails without private subnets (c475783), closes #7619
• ec2: NAT instances don't route ICMP or UDP (a93534f), closes #7459
• eks: impossible to define multiple spot capacities (be6666b), closes #7136 #7524
• eks: missing required permission for fargate profile (723813f), closes #7614
• eks: ssm path for amazon linux 2 gpu ami is invalid (#7672) (5861d18), closes #6891
• iam: principal with implicit conditions overwrite each other (e72c353), closes #3227
• logs: grants don't work on imported LogGroups (5a1a929), closes #7096
• rds: Cluster does not work with imported VPC (#7666) (95c66a7), closes #6115

v1.36.1

Bug Fixes

• multiple breakages due to jest version upgrade (#7667) (e18312), closes #7657

v1.36.0

⚠ BREAKING CHANGES

• stepfunctions-tasks: payload in RunLambdaTask is now of type TaskInput and has a default of the state input instead of the empty object.
  You can migrate your current assignment to payload by supplying it to the TaskInput.fromObject() API

Features

• apigateway: gateway responses (#7441) (b0a65c1), closes #7071
• aws-ecs: add support for IPC and PID Mode for EC2 Task Definitions (1ee629e), closes #7186

Bug Fixes

• apigateway: authorizer is not attached to RestApi across projects (#7596) (1423c53), closes #7377
• cli: can't bootstrap environment not in app (9566cca)
• cli: context keys specified in cdk.json get moved to cdk.context.json (022eb66), closes #7399
• dynamodb: grant() is not available on ITable (#7618) (3b0a397), closes #7473
• dynamodb: grantXxx() does not grant in replication regions (98429e0), closes #7362
• eks: version update completes prematurely (#7526) (307c8b0), closes #7457
• stepfunctions-tasks: cannot specify part of execution data or task context as input to the RunLambda service integration (#7428) (a1d9884), closes #7371

v1.35.0

⚠ BREAKING CHANGES

• assets: cdk deploy now needs s3:ListBucket instead of s3:HeadObject.
• efs: Exported types no longer have the Efs prefix.
• efs: provisionedThroughputInMibps property is renamed to provisionedThroughputPerSecond and has the type Size.
• efs: The property fileSystemID is now renamed to fileSystemId in the now named FileSystemAttributes (previously, EfsFileSystemAttributes).
• efs: LifecyclePolicyProperty is now renamed to LifecyclePolicy.

Features

• backup: Vault, Plan and Selection (#7074) (c8aa92d)
• cfnspec: cloudformation spec v13.0.0 (#7504) (6903869)
• cloudtrail: Lambda Function data events (4a70138)
• cognito: user pool domain (#7224) (feadd6c), closes #6787
• stepfunctions: retrieve all reachable states from a given state in a state machine definition (#7324) (ac3b330), closes #7256

Bug Fixes

• assets: infrequent "ValidationError: S3 error: Access Denied" (#7556) (00c9deb), closes #6430 #7553
• apigateway: changing RestApi policy does not trigger new deployment (#7115) (1b3aeaf), fixes #5354
• route53: cannot add tags to HostedZone (#7531) (2729804), closes #7445
• efs: drop Efs prefix from all exported types (#7481) (ddd47cd)

v1.34.1

Bug Fixes

• cli: Javascript init-templates cannot be synthesized (ce4b8dd), closes #7356

v1.34.0

⚠ BREAKING CHANGES

• glue: DateFormat constant names are now UPPERCASE (JSON, AVRO, LOGSTASH, ...)

Features

• cognito: add mutable property in cognito user pool custom attribute (#7190) (16e85df), closes #7011 #7011 #7011 #7011
• ecs: add Fargate 1.4.0 support (#7267) (5c83a46)

Bug Fixes

• cloudwatch: can't override Alarm statistic with percentile (d5918c3), closes #7341
• glue: DataFormat constants are not visible in non-JS languages (#7458) (e5d4c31)
• monocdk: assert package has incorrect imports (#7404) (825c9e1)
• stepfunctions-tasks: encryptionKey is Key instead of IKey (#7429) (f1e2c67)

v1.33.1

Bug Fixes

• jsii version conflict due to upgrade from v1.1.0 to v1.3.0 (f2fdfe5), closes #7426

v1.33.0

⚠ BREAKING CHANGES

• kinesis: grantRead() API no longer provides permissions to kinesis:DescribeStream as it provides permissions to kinesis:DescribeStreamSummary and kinesis:SubscribeToShard in it's place. If it's still desired, it can be added through the grant() API on the stream.
• kinesis: grantWrite() API no longer has DescribeStream permissions as it has been replaced by ListShards for shard discovery

Features

• cfnspec: cloudformation spec v12.2.0 (#7248) (1475d5a)
• Support AppSync DataSource type: NONE (f35a4db)
• cfnspec: cloudformation spec v12.3.0 (#7359) (a80918f)
• ec2: expose blockDevices in CommonAutoScalingGroupProps (#7291) (5fe4480)
• ec2: filtering selected subnets by availability zone (2d3e612)
• eks: support a new option to create bottlerocket capacity. (e9f691f), closes #7268
• kinesis: grantRead now allows the ListShards action and grant is now public (#6141) (563fba4), closes #3357
• kinesis: add grant API to IStream to add permissions to a Stream (#7354) (c223406)
• kinesis: the aws-kinesis module is now stable (#7349) (4ab3ffa), closes #5874
• update "constructs" to 3.x (#7408) (8f8d20f), closes #6978

Bug Fixes

• appsync: Don't create serviceRole for datasource type NONE (6d1cb11), closes #7360
• cli: --app command does not work when executing a command without arguments (#7249) (994414c), closes #6930
• cli: parameter values with multiple = symbols get truncated (#7226) (b7ddf5b), closes #7246
• cloudwatch: Alarm annotation ignores datapointsToAlarm (#7202) (92fb853), closes #7152
• cloudwatch: Dashboard Spacer doesn't require empty props object (ca2f923)
• new IAM Condition type is unusable in Java (#7270) (ffb2e1e)
• core: unable to reference resources across multiple nested stacks (#7187) (000f0c2), closes #6473 #7059 #7059 #5888
• ec2: can reference VpcEndpointService id and service name (1007a22)
• efs: support tagging + filesystem naming (3dd8058)
• eks: missing permissions to add and remove tags when creating EKS cluster resource (#7302) (b14172d), closes #7163
• eks: unable to create KubernetesResources in another stack (#7322) (54129c8), closes #7231
• elbv2: imported LoadBalancer ignores pathPatterns prop (8ed2e0c), closes #7303
• route53-patterns: HttpsRedirect redirects to index.html (278fe29), closes /github.com/aws/aws-cdk/issues/5700#issuecomment-614112813 /github.com/aws/aws-cdk/issues/5700#issuecomment-614816819
• s3: allow accessLogsPrefix without accessLogsBucket (#6709) (4c199f6), closes #6599

v1.32.2

Bug Fixes

• cli: profile AssumeRole credentials don't work via proxy (#7292)