⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES
- appmesh: static methods from
TlsCertificatehave been changed to accept positional arguments - appmesh: the type
TlsListenerhas been renamed toListenerTlsOptions
Features
- apigateway: disable execute api endpoint (#14526) (b3a7d5b)
- aws-backup: Add arn attribute and grant method to backup vault (#14997) (04c0a07), closes #14996
- cdk-assets: externally-configured Docker credentials (#15290) (e530195), closes #10999 #11774
- cfnspec: cloudformation spec v38.0.0 (#15044) (271d948)
- cfnspec: cloudformation spec v38.0.0 (#15044) (632d518)
- cfnspec: cloudformation spec v39.1.0 (#15144) (abc457e)
- cfnspec: cloudformation spec v39.3.0 (#15311) (94eb3a8)
- cli: read outputs-file parameter from cdk.json (#15095) (9e933ca), closes #14307
- cloudfront: add fromFile for CF functions (#14980) (31c9338), closes #14967
- cloudwatch: use
stringinstead ofanyfor cloudwatch dimension values (#15097) (dc3cf13), closes #14978 - codepipeline: allow granting manual approval permissions (#15102) (b2037d3)
- codestarnotifications: new L2 constructs (#10833) (645ebe1), closes #9680
- core: allow user to provide docker --security-opt when bundling (#14682) (a418ea6)
- core: Support platform flag during asset build (#14908) (0189a9a)
- dynamodb: allow using Kinesis stream in Table (#15199) (7bc6c6e), closes #14534
- dynamodb: exposes schema method to return partition and sort key of table or secondary indexes (#15111) (1137eb7), closes #7680
- ecs-patterns: Add ability to configure VisibilityTimeout on QueueProcessing service pattern (#15052) (350d783)
- ecs-patterns: allow specifying security groups on ScheduledTask pattern (#15096) (6bdf1c0), closes #5213 #14220
- ecs-patterns: expose task target on ScheduledTask pattern (#15127) (c31c59a), closes #14971 #14953 #12609
- eks: taints for managed node groups (#14792) (0556e6b)
- events: allows importing event bus from name (#15087) (e39b6c5), closes #14072
- lambda-event-sources: streams - report batch item failures (#14458) (3d4a13e), closes #12654
- logs: make the addition of permissions to Lambda functions optional (#14222) (0c50ec9), closes #14198
- migration: add constructs migration to rewrite script (#14916) (37a4c8d)
- s3: notifications to existing buckets (#15158) (7d218c2), closes #2004
- secretsmanager: Allow cross account grant (#14834) (ea40cfe)
- secretsmanager: automatically grant permissions to rotation Lambda (#14882) (ad283b6)
- cloudformation spec v39.1.0 (af74354)
- sns: add sns service trust to keys for encrypted queue subscriptions (#14960) (ccc2e30), closes #2504
- sqs: add support for high throughput fifo (#15202) (d0c9602), closes #15063
Bug Fixes
- aws-elasticloadbalancingv2: cannot clear access logging bucket prefix (#15149) (2e93fb9), closes #14044
- aws-iam: prevent adding duplicate resources and actions (#14712) (a8298cb), closes #13611
- bootstrap:
deploy-rolecould directly access buckets in target account (#15192) (d04e288), closes #12985 #14082 #13422 - cdk-assets: content type not correctly set when publishing files (#15069) (9b1a4f9)
- cfn-include: NestedStack's Parameters are not converted to strings (#15098) (8ad33b8), closes #15092
- cli:
cdk synthtoo eager with validation in Pipelines (#15147) (ae98e88), closes #14613 #15130 - cli: cdk synth doesn't output yaml for stacks with dependency stacks (#14805) (44feee6), closes #3721
- cli: deployment error traceback overwritten by progress bar (#14812) (d4a0af1), closes #14780
- cli: HTTP timeout is too low for some asset uploads (#13575) (23c58d6), closes #13183
- cli: option
--allselects stacks in nested assemblies (#15046) (0d00e50) - cli: partition is not being resolved at missing value lookup (#15146) (cc7191e), closes #15119
- cli: stack glob patterns only select one stack (#15071) (fcd2a6e)
- cloudfront: cannot set header including 'authorization' in OriginRequestPolicy (#15327) (3a2f642), closes #15286
- codebuild: Project's Role has permissions to the entire Bucket when using S3 as the source (#15112) (9d01b4f)
- codebuild: Secret env variable as token from another account fails on Key decryption (#14483) (91e80d7), closes #14477
- codepipeline-actions: reduce S3SourceAction role permissions to just the key (#15304) (d2c76aa), closes #15112
- core:
1 hourrenders as60 minutes(#15125) (adcd8c3) - core: CloudFormation dynamic references can't be assigned to num… (#14913) (39aacc8), closes #14824
- core: parsing an ARN with a slash after a colon in the resource part fails (#15166) (16b8a4e), closes /github.com/aws/aws-cdk/pull/15140/files#r653112073
- ecs: TagParameterContainerImage cannot be used across accounts (#15073) (486f2e5), closes #15070
- eks: kubectl version 1.21.0 breaks object pruning (#15314) (623689d), closes #15072
- eks: kubectl version 1.21.0 breaks object pruning (#15314) (74da5c1), closes #15072
- elasticsearch: Domain.fromDomainAttributes gives "Invalid URL" when endpoint is a token (#15219) (ecb5af8), closes #15188
- lambda: deployment failure when layers are added to container functions (#15037) (8127cf2), closes #14143
- lambda-event-sources: kafka event source expects credentials even when accessed via vpc (#14804) (5eb1e75)
- lambda-nodejs: unstable asset hashes with bundling.nodeModules (#15229) (4b5418c), closes #15023
- secretsmanager: support secrets rotation in partition 'aws-cn' (#14608) (5061a8d), closes #13385
- stepfunctions-tasks: checking for task token in EcsRunTask containerOverrides causes memory explosion (#15187) (af53798), closes #15124
- stepfunctions-tasks: EcsRunTask containerOverrides throws if container name doesn't match construct ID (#15190) (5f59787), closes #15171
- stepfunctions-tasks: instance type for SageMakerCreateTrainingJob cannot be specified dynamically through JSONPath (#15215) (9280d95), closes #11928