v1.32.1

Bug Fixes

• iam: new IAM Condition type is unusable in Java (#7270) (85f606a)

v1.32.0

⚠ BREAKING CHANGES

• cognito: UserPoolClient construct no longer has the property
  userPoolClientClientSecret. The functionality to retrieve the client
  secret never existed in CloudFormation, so this property was not
  working in the first place.
• cognito: The userPoolClientName property on the UserPoolClient
  construct will throw an error if client name was not configured on the
  UserPoolClient during initialization. This property was previously
  incorrectly configured and was returning a not-implemented message from
  CloudFormation every time.
• amplify: use the sourceCodeProvider prop to connect your app to a source
  code provider. The props repository, accessToken and oauthToken do not exist
  anymore in AppProps.
• kinesis: retentionPeriodHours is now retentionPeriod and of type Duration
• eks: Cluster now creates a default managed nodegroup as its default capacity. Set the new cluster property defaultCapacityType to DefaultCapacityType.EC2 to preserve EC2 as its default capacity.
• cognito: add*Trigger() methods to configure
  lambda triggers has now been replaced by a single
  addTrigger() method.
• cognito: addTrigger() method will fail if a trigger
  was already configured for that user pool operation.
• iam: methods accepting iam conditions now requires passing {[key: string]: any} instead of plain any. You were always supposed to pass a map/dictionary in these locations, but the type system didn't enforce it. It now does.

Features

• amplify: source code providers (#6921) (3dc3d75), closes #6818
• apigateway: access logging (#6559) (7484935), closes #6501
• apigateway: auto-create RequestValidator from options to addMethod() (#6780) (573464d), closes #6193
• applicationautoscaling: add PredefinedMetric for Lambda provisioned concurrency autoscaling (#6394) (45b68d5), closes #6369
• aws-codebuild: add from codebuild image option (#7117) (de8e670), closes #2606
• aws-codebuild: add ProjectFileSystemLocation property to codebuild (#6539) (2195cc2), closes #6533
• bootstrap: require aws:SecureTransport for staging bucket (#7192) (ed106ea)
• cfnspec: cloudformation spec v11.6.0 (#6995) (9a552c2)
• cli: write stack outputs to a file (#7020) (75d5ee9), closes #1773
• codebuild: expose aws/windows/base:2.0 image (#7004) (9374642)
• codebuild: support AL2 3.0 & Standard 4.0 (#6968) (3254c5d)
• cognito: import an existing user pool client (#7091) (abc2144)
• cognito: user pool - OAuth2.0 authentication (#7141) (09852d0)
• core: Size unit representing digital information quantity (#6940) (22a560d)
• ec2: EFS interface VPC endpoint (#6961) (6e61889), closes #6960
• ecs: secret JSON key for environment variables (#6435) (97959f6), closes #5665
• eks: managed nodegroup support (#6759) (74169bf), closes #5086
• elbv2: health checks for Lambda targets (#7023) (cf8c831)
• iam: add arbitrary conditions to existing principals (#7015) (64bad91), closes #5855
• kinesis: stream encryption with the Kinesis master key (#7057) (bded683), closes #751
• kinesis: streams are encrypted by default (#7102) (d6ecf44)
• lambda: .net core 3.1 runtime (#7105) (ca2585c)
• lambda: currentVersion, version.addAlias() (#6771) (c94ce62), closes #6750 #5334
• lambda: ruby 2.7 runtime (#7024) (4994e0d), closes #6979
• cloudformation spec v12.0.0 (#7113) (1956ded)
• Support passing AssetOptions (#7099) (3925d9a)
• rds: aurora - iam role to import and export data from s3 (#6611) (aa60f89), closes #6610
• rds: database instance - auto scale allocated storage (#6788) (22ffae3), closes #6666
• stepfunctions: execution history logging options (#6933) (adb6954), closes #5754
• stepfunctions-tasks: dynamodb tasks (#6654) (435b66f), closes #6468

Bug Fixes

• acm-certificatemanager: DnsValidatedCertificateHandler support for SubjectAlternativeNames (#7050) (a711c01), closes #4659
• aws-ecs-patterns: revert commit f31f4e1 (#6987) (0af2d2e)
• aws-kinesis: test assume order between stacks (#7065) (17aab37)
• cli: can't use credential providers for stacks with assets (#7022) (afd7045), closes #7005
• cloudtrail: include s3KeyPrefix in bucket policy resource (#7053) (b49881f), closes #6741
• cognito: user pool - passwordPolicy.minLength is not optional in all cases ([#6971](https://github....

v1.31.0

⚠ BREAKING CHANGES

• .NET Core v3.1 is required with JSII v1.1

Features

• cloud9: Support Cloud9 EC2 Environment (#6298) (f50b876)
• codepipeline: add experimental support for the BitBucket source action (#6756) (95bb1ad), closes #6710
• eks: KubernetesPatch (#6753) (c7fab5b), closes #6723
• events: AWS Batch event target (#6570) (73899a9)

Bug Fixes

• acm: Allow tokens as a part of the hosted zone name (#6685) (acfb6ef), closes #6133

• aws-ecs-patterns: only create an A record if LB is public (#6895) (f31f4e1), closes #6702

• cdk-assets: context path not honored by Docker asset build (#6957) (1edd507), closes #6954 #6814

• cloudwatch: unhelpful error when reusing metric IDs (#6892) (60253a3)

• cognito: user pool - link style email verification fails to deploy (#6938) (b5c60d5), closes #6811

• ec2: spelling error in Instance's subnet selection logic. (#6752) (564561a)

• iam: immutable role cannot be used as a construct (#6920) (56be032), closes #6885

• .NET Core 3.1 is required with JSII v1.1 (#6951) (24f12d6)

v1.30.0

Features

• cloudwatch: standard set of graph colors (#6747) (97ae931)

Bug Fixes

• core: IConstruct no longer extends IDependable (#6794) (19bb16a), closes #6792

v1.29.0

🚀 To enable new CDK projects such as CDK for Kubernetes, we have released the constructs programming model as an independent library called constructs. The @aws-cdk/core.Construct class is now a subclass of the base constructs.Construct.

⚠ BREAKING CHANGES

• cognito: UserPoolAttribute has been removed. It is no longer
  required to defined a UserPool.
• ec2: if you implemented a custom subclass of IMachineImage it must now always return a userData object.

Features

• cli: add permissions to the bootstrap action role for cdk deploy (#6684) (52fd078)
• codebuild: add support for Source Credentials (#6722) (a6e2d28)
• cognito: user pool - custom & mandatory standard attributes (#6487) (6dfb677), closes #1747
• cognito: user pool - MFA, password policy and email settings (#6717) (cc35dad)
• core: the "constructs" module (#6623) (eded95b)
• ec2: availabilityZone is optional when importing subnet (d10fe67), closes #6607
• lambda-event-sources: failure handling for stream event sources (#5929) (5028009), closes #5236

Bug Fixes

• aws-ecs-pattern: allow ScheduledTaskBase to run on a public subnet (#6624) (b9a1408), closes #6312
• SecretValue.secretManager validates non-ARN ids do not contain : (#6371) (7cb8c3f)
• aws-logs: remove validation of retentionInDays for unresolved tokens (#6727) (43a3420), closes #6690
• ec2: MachineImages create appropriate UserData (7a10f0f)

v1.28.0

⚠ BREAKING CHANGES

• batch: computeEnvironments is now required
• batch: the allocationStrategy property was moved from ComputeEnvironmentProps to the ComputeResources interface, which is where it semantically belongs.
• custom-resources: getDataString was renamed to getResponseField.
• custom-resources: getData was renamed to getResponseFieldReference.
• custom-resources: catchErrorPattern was renamed to ignoreErrorCodesMatching. In addition, a few synth time validations were added when using this property. See Error Handling for details.
• custom-resources: policyStatements property was removed in favor of a required policy property. Refer to Execution Policy for more details.

Features

• amplify: App, Branch and Domain (#5177) (e126048)
• apigateway: authorizationScopes for a Method (#6502) (3887cd2)
• apigateway: DomainName supports SecurityPolicy (#6374) (e8c2e0c)
• apigateway: rate limited API key (#6509) (040906f), closes #6405
• batch: ec2 launch template support (#6602) (2b02693)
• cfnspec: cloudformation spec v11.3.0 (#6598) (ee3a530)
• cli: pass CloudFormation parameters to "cdk deploy" (#6385) (6551124), closes #1237
• core: duration.toHumanString() (#6691) (d833bea)
• custom-resources: enforce user opt-in when auto-generating SDK call policies (0f5c24e), closes #5873
• custom-resources: log retention for AwsCustomResource (#6698) (bf5ab69)
• custom-resources: module is now stable :) (#6584) (a2a738c)
• custom-resources: rename catchErrorPattern to ignoreErrorCodesMatching (#6553) (94599f8), closes #5873
• custom-resources: rename getData* to getResponseField* (#6556) (d5867b4), closes #5873
• dynamodb: expose stream features on ITable (#6635) (52e8b95), closes #6344
• efs: create EFS file systems (#6373) (a0fb518), closes #6286 #6286
• elbv2: support pathpattern array (#6558) (c3ee413), closes #6497
• iam: policy document from json (#6486) (bf08988)
• prlinter: support exempting checks from pr based on a label (#6693) (77cbe80)
• stepfunctions-tasks: run batch job (#6396) (de1a36b), closes #6467
• cloudformation spec v11.4.0 (#6700) (b28b427)

Bug Fixes

• apigateway: type mismatch in C# when setting identitySources (#6649) (2d3e7b1), closes #6538 40aws-cdk/aws-apigateway/test/authorizers/integ.request-authorizer.ts#L26
• batch: computeEnvironments is now required for JobQueue (#6616) (0b6c865), closes #6615
• batch: managed compute environment now properly works with compute resources and instanceRole has correct docstring and type definition (#6549) (4e81334)
• certificatemanager: Route53 endpoint cannot be set and does not work for aws-cn (#6480) (9858cdb)
• cli: codepipeline cloudformation action in cross account fail writing outputArtifacts (#6594) (05cf78b)
• cloudwatch: missing LessThanLowerOrGreaterThanUpperThreshold (#6597) (9731555)
• codepipeline-actions: use IBaseService instead of BaseService in EcsDeployActionProps (#6412) (bed5357)
• eks: cannot upgrade version of clusters with an explicit name (#6064) (1dd7104)
• eks: sporadic broken pipe when deploying helm charts (#6522) (03df1f1), closes #6381
• iam: cannot add multiple conditions using same operator (348a952)

v1.27.0

⚠ BREAKING CHANGES

• cognito: UserPool.fromUserPoolAttributes() has been replaced
  by fromUserPoolId() and fromUserPoolArn().
• cognito: IUserPool no longer contains userPoolProviderName
  and userPoolProviderUrl.
• cognito: The property signInType of UserPool has been
  renamed to signInAliases and given a new type SignInAliases. The
  list of sign in types are now specified via boolean properties.
• cognito: The property usernameAliasAttributes of UserPool has
  been dropped and its functionality merged with the signInAliases
  property.
• cognito: The property autoVerifiedAttributes for UserPool is
  now renamed to autoVerify and its default has now changed. The new
  default is now determined by the value of signInAliases.
• appsync: Configuration the user pool authorization is now done through the
  authorizationConfig property. This allows us to specify a default
  authorization mode out of the supported ones, currently limited to
  Cognito user pools and API keys.
• custom-resources: physicalResourceId and physicalResourceIdPath
  were unified to a concrete type under the physicalResourceId property.
  Use PhysicalResourceId.fromResponse and PhysicalResourceId.of factory
  functions to specify it.

Features

• appsync: extend authorization configuration (#6260) (948881a), closes #6246 #6247
• aws-ec2: signal, download and execute helpers for UserData (#6029) (ee8f169), closes #623
• cognito: refresh modeling of import APIs, sign in & autoverified attrs (#6422) (c02e852)
• contributors: use 0.0.0 as a version marker (#6463) (d5f88c7), closes /github.com/aws/aws-cdk/pull/6463/files#diff-6a3371457528722a734f3c51d9238c13
• custom-resources: physical resource id union type (#6518) (d5000bc)
• lambda-event-sources: expose eventSourceMappingId (#5689) (5ea2679), closes #5430
• rds: master secret in DatabaseSecret (#6415) (a9e5b60), closes #6358
• stepfunctions-tasks: add step functions task to run glue job (#6258) (15d9bd7), closes #5266

Bug Fixes

• assert: haveResourceLike and countResourcesLike compatibility (#6202) (86c04f3)
• cli: fast "no-op" deploys do not consider tags (#6472) (5de87c1), closes #6463
• codepipeline: an action's role imported in a different stack adds a dependency to the CodePipeline stack (#6458) (86ea564)
• codepipeline: automatically named artifacts could contain illegal characters from stage/action names (#6460) (34aaca4)
• core: adds enableVersionUpgrade property to CfnUpdatePolicy (#6434) (f8cacb9), closes #6158
• custom-resources: AwsCustomResource with delete only action fails (#6363) (61a99e7), closes #6061
• docker: cannot use cdk docker assets as base image (#6471) (983dd40), closes #6466
• rds: setting timezone on DatabaseInstance causes internal failure (#6534) (9e2ac91), closes #6439
• stepfunctions: valid reference path '$' fails with an error (#6483) (221c83b), closes #6388

v1.26.0

⚠ BREAKING CHANGES

• apigateway: the interface now accepts endpointconfiguration property instead of endpoint type as defined by cfn
• lambda-nodejs: parcel-bundler v1.x is now a peer dependency of @aws-cdk/aws-lambda-nodejs. Please add it to your package.json.

Features

• apigateway: expose endpointconfiguration to include vpcEndpointIds (#6078) (99de6ca), closes #6038
• apigateway: lambda request authorizer (#5642) (031932d)
• appsync: mapping template for lambda proxy (#6288) (f865d5e)
• batch: add JobQueue, ComputeEnvironment and JobDefinition constructs (c8a22b1)
• cdk-assets: asset uploading tool (c505348)
• cli: faster "no-op" deployments (#6346) (d4a132b), closes #6046 #2553 #6216
• cfn: CloudFormation Resource Specification 11.1.0 (#6424) (ab9b77c)
• cognito: user pool verification and invitation messages (#6282) (faf6693)
• ecs-patterns: create dlq when queue is not provided for QueueProcessingService (#6356) (e307d7f)
• kms: trustAccountIdentities avoids cyclic stack dependencies (03f4ef2)
• rds: attach description to database secret (d5a4854)
• sns: support multiple tokens as url and email subscriptions (#6357) (e5493bd), closes #3996
• ssm: add ability to specify SSM Parameter tier (#6326) (9209ef6)

Bug Fixes

• aws-ecs: propagate dnsTtl property part of cloudMapOptions (#6370) (747bdb2), closes #6223
• cli: cdk deploy hangs when stack deployment fails (#6433) (4b11d99)
• cli: Python init templates are missing .gitignore file (#6350) (cd6cd42), closes #5566
• core: top-level resources cannot use long logical ids (#6419) (2a418b9), closes #6190 #6190
• ecs: support file as firelens config type (#6322) (f9996f3)
• lambda: erroneous inline code support for ruby (#6365) (8e21e78), closes #6302
• lambda-nodejs: parcel is too big to bundle (a93e4d5), closes #6340

v1.25.0

⚠ BREAKING CHANGES

• appsync: Changes MappingTemplate.dynamoDbPutItem() to accept
  PrimaryKey and AttributeValues, which allow configuring the primary
  key and to project an object to a set of attribute values.

Features

• appsync: more general mapping template for DynamoDB PutItem (#6236) (e9937d3), closes #6225
• aws-applicationautoscaling: support Lambda and Comprehend (#6191) (bdab747)
• cfn: update CloudFormation spec to v11.0.0 (#6311) (ea272fa)

Bug Fixes

• aws-lambda-nodejs: Fix parcel invocation when invoked from globally installed cdk cli (#6206) (ce96e08), closes #6204
• codepipeline: fixed typo in method docs within action.ts (78a39b7)
• eks: Helm release name length & --wait option. (#6276) (1811e00), closes /github.com/helm/helm/blob/b63822ed12de1badbb61736d2f7ea4e756ef757d/pkg/action/install.go#L52-L55
• lambda-nodejs: not meaningful parcel error message when build fails (#6277) (a97b48a), closes #6274

v1.24.0

Features

• assert: add countResourcesLike method (#6168) (491e2d9)
• cx-api: clean up features.ts (#6181) (efd6f3d), closes #6098
• dynamodb: add metrics for dynamodb table (#6149) (295391e)
• dynamodb: global tables version 2019.11.21 (#5821) (8c0c2b1), closes #5752
• ec2: smarter default for VPN route propagation (#6071) (5dd8aca), closes #6008
• ec2: VPC flow logs (a2fddec), closes #3493
• iam: add ability to create IAM role descriptions (cee8825)
• iam: descriptions for IAM Roles (a1294d3)
• cfnspec: update CloudFormation spec to 10.5.0 (#6195) (47a9949)
• iam: lookup ManagedPolicy via ARN (2df2023), closes #6186
• lambda: expose function.deadLetterQueue (6656047), closes #6170
• step-functions: grantStartExecution available on imported StateMachine (5ae81cd), closes #6173
• stepfunctions: EMR service integrations (c69b6d2), closes #5224

Bug Fixes

• cli: truncated 'cdk diff' output in pipes (aba1485)
• apigateway: deployment fails when Model's contentType is not specified (#6199) (0bf1403), closes #6161
• apigateway: stack deployment fails when a Stage is explicitly specified (#6165) (879601e), closes #6068
• cli: wrongly assume aws config file always exists (#6196) (23f8b9f)
• codebuild: badge is not allowed for CodeCommit sources (#6211) (433d957), closes #6205
• ec2: onePerAz does not work for looked-up VPCs (3332d06), closes #3126
• ecs-patterns: allow imported load balancers as inputs (7f8c90d)
• elasticloadbalancingv2: logAccessLogs in Base Load Balancer (#6197) (adbc3b9), closes #3794
• elbv2: validate rule priority is a positive number (#6222) (1fbaafe), closes #3794
• kms: add TagResource & UntagResource IAM permissions to default key policy (#6125) (e65a326), closes #6102