Features
- aws-chatbot: allow adding a sns topic in existing SlackChannel (#16643) (d29a20b), closes #15588
- aws-ec2: userdata cfn-signal signal resource which is different than the attached resource (#16264) (f24a1ae)
- backup: expose method to add statements to the vault policy (#16597) (3ff1537)
- backup: option to prevent recovery point deletions (#16282) (6e71806)
- cfnspec: cloudformation spec v41.1.0 (#16472) (28875f9)
- cfnspec: cloudformation spec v41.1.0 (#16524) (124a7a1)
- cfnspec: cloudformation spec v41.2.0 (#16550) (e047bd8)
- cfnspec: cloudformation spec v42.0.0 (#16639) (2157acd)
- cfnspec: cloudformation spec v43.0.0 (#16748) (7c473a6)
- cfnspec: cloudformation spec v43.0.0 (#16820) (071756c)
- cfnspec: cloudformation spec v43.0.0 (#16842) (ebb211b)
- cli: hotswap deployments for ECS Services (#16864) (ad7288f)
- cli: hotswap deployments for StepFunctions State Machines (#16489) (c3417f6)
- cloudfront: support Behavior-specific viewer protocol policy for CloudFrontWebDistribution (#16389) (5c028c5), closes #7086
- cloudwatch: support cross-environment search expressions (#16539) (c165138), closes #9039
- config: EC2_INSTANCE_PROFILE_ATTACHED managed rule (#16011) (816a319)
- ec2: add X2gd instances (#16810) (6d468d2), closes #16794
- ec2/ecs:
cacheInContext
properties for machine images (#16021) (430f50a), closes #12484 - ecr-assets: control docker image asset hash (#16070) (13f67e7), closes #15936
- ecs-service-extensions: Publish Extension (#16326) (c6c5941)
- eks:
connectAutoScalingGroupCapacity
on imported clusters (#14650) (7f7be08) - eks: add warning to fargateProfile (#16631) (41fdebb), closes #16349
- elbv2: support ALB target for NLB (#16687) (27cc821), closes #16679
- lambda: configure workdir for docker image based functions (#16111) (b3eafc2)
- lambda: docker platform for architecture (#16858) (5c258a3)
- lambda: support for ARM architecture (b3ba35e)
- lambda: support for ARM architecture (#16719) (67b4921)
- lambda: use bundling docker image from ECR public for dotnet and go runtimes (#16281) (9bbfd18)
- lambda-event-sources: self managed kafka: support sasl/plain authentication (#16712) (d4ad93f)
- opensearch: rebrand Elasticsearch as OpenSearch (e6c4ca5), closes aws/aws-cdk#16467
- opensearch: rebrand Elasticsearch as OpenSearch (#16517) (fad855e)
- pipeline: allow enabling KMS key rotation for cross-region Stacks (#16468) (2a629dd), closes #14381
- pipelines: stack-level steps (#16215) (d499c85), closes #16148
- rds: region replication for generated secrets (#16497) (1e9d8be), closes #16480
- s3-deployment: enable efs support for handling large files in lambda (#15220) (2737119)
- sns: adding support for firehose subscription protocol (#15764) (18aff6b)
- stepfunctions-tasks: add step concurrency level to EmrCreateCluster (#15242) (1deea90), closes #15223
- stepfunctions-tasks: AWS SDK service integrations (#16746) (ae840ff), closes #16780
- allow stale bot trigger manually (#16586) (fc8cfee)
- stepfunctions-tasks: support Associate Workflow Executions on StepFunctionsStartExecution via associateWithParent property (#16475) (7d3b90b), closes #14778
Bug Fixes
- use registry.npmjs.com to fix shinkwrap resolves (#16607) (8f91531)
- assets: run executable command of container assets in cloud assembly root directory (#16094) (c2852c9), closes #15721
- autoscaling: EbsDeviceVolumeType.IO2 is not a valid CloudFormation value (#16028) (492d33b), closes #16027
- aws-ecs: add ASG capacity via Capacity Provider by not specifying machineImageType (#16361) (93b3fdc), closes #16360
- aws-eks: Support for http proxy in EKS onEvent lambda (#16609) (cf22280), closes /github.com/aws/aws-cdk/blob/7dae114b7aac46321b8d8572e6837428b4c633b2/tools/pkglint/lib/rules.ts#L1332
- aws-eks: support http proxy in EKS onEvent lambda (#16657) (87c9570), closes /github.com/aws/aws-cdk/pull/16657#issuecomment-928260661 /github.com/aws/aws-cdk/pull/16657#issuecomment-928529421 /github.com/aws/aws-cdk/blob/7dae114b7aac46321b8d8572e6837428b4c633b2/tools/pkglint/lib/rules.ts#L1332
- cli: 'deploy' and 'diff' silently does nothing when given unknown stack name (#16150) (74776f3), closes #15866
- cli: progress bar overshoots count by 1 for stack updates (#16168) (0c8ecb8)
- cloudformation-diff: cdk diff not picking up differences if old/new value is in format n.n.n (#16050) (38426c9), closes #15935
- cloudfront: EdgeFunctions cannot be created when IDs contain spaces (#16845) (b0752c5), closes #16832
- cloudwatch: alarms with accountId fails in regions that don't support cross-account alarms (#16875) (54472a0), closes #16874
- cloudwatch: cross account alarms does not support math expressions (#16333) (1ffd897), closes #16331
- codebuild: add build image AMAZON_LINUX_2_ARM_2 (#16931) (370cb31), closes #16930
- config: add SourceAccount condition to Lambda permission (#16617) (cfcaf45)
- config: the IGW mapping to correct resource type (#16464) (23d9b6a), closes #16463
- core: asset hash of symlinked dir is wrong (#16429) (36ff738)
- ec2: set proper role for --role argument of cfn-init (#16503) (cdbd65d), closes #16501
- elasticloadbalancingv2: Incorrect validation on
NetworkLoadBalancer.configureHealthCheck()
(#16445) (140892a) - iam:
User.fromUserArn
does not work for ARNs that include a path (#16269) (5c69c94), closes 40aws-cdk/aws-iam/lib/role.ts#L191-L194 #16256 - iam: not possible to represent
Principal: *
(#16843) (6829a2a) - lambda: currentVersion fails when architecture specified (#16849) (8a0d369), closes #16814
- revert: "fix: CDK does not honor NO_PROXY settings (#16751)" (#16761) (eda7e84), closes /github.com/aws/aws-cdk/pull/16751/files#r720549975
- route53-targets: ApiGateway does not accept RestApiBase (#16610) (20071bb), closes #16227
- s3: auto-delete fails when bucket has been deleted manually (#16645) (7b4fa72), closes #16619
- s3: setting
autoDeleteObjects
tofalse
empties the bucket (#16756) (21836f2), closes #16603 - CDK does not honor NO_PROXY settings (#16751) (ceab036), closes #7121
- correct package names in support scripts (ebfd5f2)
- remove invalid entry from stale issue bot config (#16587) (5461859)
- set ROSETTA_MAX_WORKER_COUNT in pack.sh (#16738) (5d06641)
- iam: permissions boundary aspect doesn't always recognize roles (#16154) (c8bfcf6)
- logs: log retention fails with OperationAbortedException (#16083) (3e9f04d), closes aws#15709
- sns: cannot use numeric filter policy with 0 values (#16551) (62b6762), closes #16549
- SSM API docs: Typo
SecretString
->SecureString
and note how SecureStrings cannot be created via CDK (#16228) (950e875)