aws/aws-cdk v2.235.0

on GitHub

⚠ BREAKING CHANGES

• ** L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed:

• aws-ecs: AWS::ECS::CapacityProvider: ManagedInstancesNetworkConfiguration.SecurityGroups property is now required.

• ecs: securityGroups is now required in ManagedInstancesCapacityProviderProps. CloudFormation has always required this field, so any code that omitted it would have failed at deployment time with a validation error. This change catches the error at compile time instead, improving the developer experience. If your code previously omitted securityGroups, you must now explicitly provide at least one security group.
• aws-cdk-lib: JobQueue.computeEnvironments contains an computeEnvironment: IComputeEnvironment → IComputeEnvironmentRef. BackupPlanRule.props contains a backupVault: IBackupVault → IBackupVaultRef. ApiDestination.fromApiDestinationAttributes() return type ApiDestination → IApiDestination. This should never have returned a class but always an interface, as is the standard for referencing factories. EventDestination.bus changed IEventBus →IEventBusRef; FlowLogDestination.bind() now returns and ICluster.executeCommandConfiguration contains a member changing type ILogGroup → ILogGroupRef.
• events: ApiDestination.fromApiDestinationAttributes() now returns an IApiDestination. It used to return an ApiDestination but this was a mistake, referencing methods always return a type by interface, not by class.EventDestination.bus used to be an IEventBus but is now an IEventBusRef; it needs to be type tested to assert it is actually an IEventBus if that is necessary.
• logs: the return types of FlowLogDestination.bind() and ICluster.executeCommandConfiguration now contain an ILogGroupRef instead of an ILogGroup, which guarantees less. These fields are for communication between constructs, and their values should not be used by application builders. If they do, they will need to add a cast or a type check.
• iot-actions: enableBatchConfig property is explicitly disabled by default. Even with this modification, the behavior of HttpAction remains unchanged from before, but only the Cfn template will be modified.

Features

• update L1 CloudFormation resource definitions (#36694) (861f437)
• apigatewayv2-integrations: add PutEvents support for EventBridge integration (#35766) (d879e4d), closes #35714 #35714
• ecs: add none log driver option for ECS containers (#35819) (5636820), closes #35795 #35795
• iot-actions: batching HTTP action messages (#36642) (fbc50ea)
• rds: add Read/Write IOPS metrics to DatabaseInstance and VolumeRead/Write IOPs metrics to DatabaseCluster (#35773) (d8e023d), closes #35327 #35327
• rds: support default auth scheme for RDS Proxy (#35635) (99f6c74), closes #35558
• spec2cdk: support for auto-generated grants in alpha modules (#36206) (776f837)
• synthetics: add syn-nodejs-3.0 runtime (#36652) (18f9fef), closes #36648
• synthetics: playwright 4.0 and 5.0 runtimes (#36590) (82cd9a6)

Bug Fixes

• aws-cdk-lib: reference interfaces for remaining services (#36359) (ed1f9de)
• core: make DetachedConstruct.node non-enumerable (#36672) (98d41ca), closes #36078 #36015
• ecs: make securityGroups required in ManagedInstancesCapacityProvider (#36685) (6734426)
• events: event Matcher class to be compatible with mergeEventPattern function (#36602) (e3f7dba), closes /github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-s3/lib/bucket.ts#L657-L657
• opensearchservice: use KMS Key ARN for cross-account encryption (#36020) (cccd94c), closes #36017
• stepfunctions: allow JSONata expressions for Map maxConcurrency (#36462) (2230c87), closes #36274
• RuntimeError: apiEndpoint is not configured on the imported HttpApi (revert of "chore(apigatewayv2): reference interfaces") (#36623) (fb17d39), closes aws/aws-cdk#36378

Miscellaneous Chores

• events: reference interfaces (#36535) (0bea5c9)
• logs: reference interfaces (#36566) (5b426b8)

Alpha modules (2.235.0-alpha.0)

⚠ BREAKING CHANGES

• bedrock-agentcore-alpha: The User Pool Client will be replaced and new Resource Server and Domain resources will be added for existing Gateway stacks using the default Cognito authorizer.

Checklist

• My code adheres to the CONTRIBUTING GUIDE and DESIGN GUIDELINES

Bug Fixes

• bedrock-agentcore-alpha: default Cognito User Pool for AgentCore Gateway is not set up for M2M authentication. (#36323) (5a5605a)