⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES
- cdk-lib: The return type of
aws-cdk-lib.aws_ec2.SecurityGroup.determineRuleScope
was changed from a tuple ([SecurityGroupBase, string]
) to a struct with the same values, because tuple types are not supported over the jsii interoperability layer, butjsii@v1
was incorrectly allowing this to be represented as theJSON
primitive type. This made the API unusable in non-JS languages. The type of themetadata
property ofaws-cdk-lib.aws_s3_deployment.BucketDeploymentProps
was changed from an index-only struct to an inline map, becausejsii@v1
silently ignored the index signature (which is otherwise un-supported), resulting in an empty object in non-JS/TS languages. As a consequence, the values of that map can no longer beundefined
(asjsii
does not currently support nullable elements in collections).
Features
- apprunner-alpha: support autoDeploymentsEnabled flag for Service (#24612) (cf5a9c4), closes #24529
- cfnspec: cloudformation spec v117.0.0 (#24779) (1b94ea6)
- cfnspec: cloudformation spec v117.0.0 (#24841) (84630e9)
- cloudfront-origins: allow custom originPath for apigateway.RestApi constructs (#24023) (bc3db02)
- core: template validation after synthesis (#23951) (20aeb0f)
- dynamodb: adds deletion protection for tables (#24581) (6e400a9), closes #24540
- ecs: support pseudo terminal allocation in container definition (#24790) (3c0756a)
- efs: implement IResourceWithPolicy (#24453) (5771d79), closes #15805
- kms: Adds support for hmac and sm2 key spec (#23866) (f2f3c21), closes #23727
- s3: add
allowedActionPatterns
parameter to grantWrite (#24211) (5b5c36f), closes #24074 - s3-deployment: added
Source.dataYaml
helper function (#24579) (d969ddf), closes #24554 - added AllViewerExceptHostHeader as new OriginRequest policy (#24562) (8dbca12), closes #24552
Bug Fixes
- bootstrap: ECR repository produces Security Hub finding [ECR.3] because of missing lifecycle policy (#24735) (cdfa970)
- cli: cdk deploy output hook failure reason if cloudformation failed by hook (#24444) (9d4b66a)
- cli: pathMetadata and assetMetadata defaults cannot be configured in cdk.json (#24533) (45bc57a), closes #3573
- dynamodb: add missing iam permissions to custom resource for deleting dynamodb replica table (#24682) (f35b70b), closes #22069
- ec2: tokenised subnet.subnetId filtered by the SubnetIdSubnetFilter returns an empty array (#24625) (d0912ca), closes #24427
- ec2: VPC Flow Log record fields are not available (#24812) (65fb7a6), closes #24807
- ecs: cpu in container definition may be less than total cpu allocated to the container (#24647) (dc064be), closes #24629
- lambda-nodejs: pnpm no longer supports nodejs14.x (#24821) (b1c9ab2)
- logs-destinations: missing dependency to Permission Policy created by LambdaDestination (#24823) (72b3a95), closes #21941 /github.com/aws/aws-cdk/pull/22100#issue-1377109110
- logs-destinations: missing dependency to Policy created by KinesisDestination (#24811) (3c98d1e), closes #21827 /github.com/aws/aws-cdk/issues/21827#issuecomment-1382128416
- s3-deployment: physical id not set during failure scenario (#24428) (be4be99), closes #22670
- stepfunctions-tasks: updated EMR service role to use
AmazonEMRServicePolicy_v2
(under feature flag) (#23985) (f3fd183), closes #23915
Miscellaneous Chores
Alpha modules (2.72.0-alpha.0)
⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES
- servicecatalogappregistry: This commit involves share replacement during the deployment of
ApplicationAssociator
due to share construct id update. After this change, frequent share replacements due to structural change inApplication
construct should be avoided.Application.shareApplication
starts to require construct id (first argument) and share name (added inShareOption
) as input. - ivs: Renamed ChannelProps.name to ChannelProps.channelName
- Renamed PlaybackKeyPairProps.name to PlaybackKeyPairProps.playbackKeyPairName
- Channel now generates a physical name if one is not provided
- PlaybackKeyPair now generates a physical name if one is not provided