aws/aws-cdk v2.159.0

on GitHub

Features

• update L1 CloudFormation resource definitions (#31484) (60ce351), closes /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2 /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2 /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2 /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2
• opensearch: support OpenSearch version 2.15 (#31398) (33eea3f)
• update L1 CloudFormation resource definitions (#31460) (e220e90)
• apigatewayv2: support for setting routeSelectionExpression for an HTTP API (#31373) (36baf51), closes #31104
• elasticloadbalancingv2: alb dualstack without public ipv4 (#30248) (4068af3), closes #30256
• events-target: support Dead Letter Queue for Kinesis Stream Event Target (#31435) (358f231), closes #31428 #13600
• stepfunctions-tasks: support idle timeout for EmrCreateCluster (#31142) (432ffaf), closes #29926
• vpcv2: implementation of add gateway method (#31224) (4b90bfc)

Bug Fixes

• cli: bootstrap respects qualifier from cdk.json (#31410) (44134ad), closes #28249
• cli: hotswapping appsync functions fails when API does not return function on the first page (#31406) (0da4f43), closes /github.com/aws/aws-cdk/blob/1e203753519e10e19ef0db87e1382377b609bcaa/packages/aws-cdk/lib/api/evaluate-cloudformation-template.ts#L23-L36
• cli: release outdir lock when synth fails (#30874) (b6ad97f), closes #27864
• cognito: deprecate privateKey and add privateKeyValue as typed SecureValue (#31409) (7ee183d), closes /github.com/aws/aws-cdk/blob/1e203753519e10e19ef0db87e1382377b609bcaa/packages/aws-cdk-lib/aws-cognito/lib/user-pool-idps/google.ts#L28
• ecs: reduce ecs service task role cloudwatch permissions when no log configured (under feature flag) (#31475) (de7ab7c)
• eks: fargateCluster compatibility with AuthenticationMode.API (#31267) (4d12833)
• eks: update private ecr repo url regex (#31394) (386fca3)
• lambda: invalid Version object created from Version.fromVersionArn (#31433) (1726abd)
• ssm: update ssm-context to prevent raising an error on missing parameter (#31415) (ff02cca), closes #7051 #22064 #7259
• pipelines ties cli version with cdk-assets version (#31261) (4392ab4), closes #31253

Alpha modules (2.159.0-alpha.0)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• kinesisfirehose-alpha: encryptionKey property is removed and encryption property type has changed from the StreamEncryption enum to the StreamEncryption class.

To pass in a KMS key for the customer managed key case, use StreamEncryption.customerManagedKey(key)

Details

Replaced encryption and encryptionKey properties with a single property encryption of type StreamEncryption and is used by calling one of the 3 methods:

SreamEncryption.unencrypted()
StreamEncryption.awsOwnedKey()
StreamEncryption.customerManagedKey(key?: IKey)

This makes it so it's not longer possible to pass in a key when the encryption type is AWS owned or unencrypted. The key is an optional parameter in StreamEncryption.customerManagedKey(key?: IKey) so following the previous behaviour, if a key is provided it will be used, otherwise a key will be created for the user.

Description of how you validated changes

Generated templates do not change so behaviour remains the same.

Updated integ/unit tests.

Checklist

• My code adheres to the CONTRIBUTING GUIDE and DESIGN GUIDELINES

Features

• ivs: support RTMP ingest for IVS channel (#31380) (a907a7e)

Bug Fixes

• ec2: fixing vpc endpoint pattern for ecr and ecr docker (#31434) (95c49ab)

Miscellaneous Chores

• kinesisfirehose-alpha: refactor encryption property to combine encryptionKey (#31430) (8e92185)