Bug Fixes
- cli: Move version check TTL file to home directory (#2774) (1ae11c0)
- cli: correctly pass Stack-level Tags (#2829) (e0718ef), closes #2822
- cli: Hide @types/yargs types from types (#2907) (095d8e2), closes #2895
- cloudformation-diff: string.replace error on
cdk context
(#2870) (b8a1c8e), closes #2854 - codebuild: API cleanup. (#2745) (c3667d7)
- codebuild: correctly handle permissions for Projects inside VPC. (#2662) (390baf1), closes #2651 #2652
- core: make IResolvable.creationStack required (#2912) (7c6ebb6)
- core: use default account/region when environment is not specified (#2867) (e9a4a79), closes #2728 #2853 #2866
- ecs: downscope permissions required by instance draining hook (#2761) (9ea6148)
- ecs-patterns: update constructs for ECS/Fargate consistency (#2795) (1378e2d)
- events-targets: event targets can have the same construct id (#2744) (210dd0f), closes #2377
- iam: support adding permissions to imported roles (#2805) (936464f), closes #2381 #2651 #2652 #2662
- cli: Correct java init template (#2889) (b3b3ba9)
- rds: allow setting backupRetentionPeriod=0 (#2875) (b0730dd)
- rds: fix unresolved endpoint socket address (#2846) (902636a), closes #2711
- sqs: remove 'Batch' permissions (#2806) (654cb37), closes #2381
Code Refactoring
- apigateway: API cleanups (#2903) (53e1191)
- assets: API cleanups (#2910) (83eee09)
- codebuild: introduce BuildSpec object (#2820) (86a2192)
- codepipeline: rename
name
inStageProps
tostageName
. (#2882) (be574a1) - core: revisit the Stack API (#2818) (47afdc2), closes #2728
- dynamodb: API cleanups (#2905) (d229836)
- ecs: Asset ContainerImage no longer takes Construct arguments (#2906) (8f400e7)
- ecs: rename
hwType
tohardwareType
(#2916) (1aa0589), closes #2896 - lambda: renamed the lambda.Runtime enum values from NodeJS to Nodejs (#2815) (10c37dd), closes #980
- lambda: Standardize Lambda API (#2876) (6446b78)
- logs: API cleanups (#2909) (06221ac)
- secretsmanager: API cleanups (#2908) (60f46c8)
- ssm: API cleanups (#2904) (bd1bcf5)
- clean up API for removal policy across the library (#2893) (65014ab)
- sns: move subscribers to
aws-sns-subscribers
(#2804) (9ef899c) - events: clean up Events APIs (#2840) (1e23921), closes #2840
- iam: cleanup of IAM library (#2823) (b735d1c), closes #2823
Features
- cli: Expose props in CFN resources and remove propertyOverrides (#2372) (#2372) (aa61dfb), closes #2100
- cli: deploy/destory require explicit stack selection if app contains more than a single stack (#2772) (118a716), closes #2731
- cli: Remove stack rename support (#2819) (0f30e39), closes #2670
- cloudformation: add option to restrict data returned AwsCustomResource (#2859) (a691900), closes #2825
- cloudformation: Add removalPolicy on CustomResource (#2770) (859248a)
- cloudfront: add Lambda associations (#2760) (b088c8c)
- codepipeline: final form of the CodeBuild Pipeline action. (#2716) (c10fc9a)
- core: show token creation stack trace upon resolve error (#2886) (f4c8dcd)
- ecs: add metrics for Fargate services (#2798) (acf015d)
- ecs-patterns: LoadBalancedFargateService - allow specifying containerName and role (#2764) (df12197)
- elasticloadbalancing: add crossZone load balancing (#2787) (192bab7), closes #2786
- lambda: Expose $LATEST function version (#2792) (55d1bc8), closes #2776
- s3: add CORS Property to S3 Bucket (#2101) (#2843) (1a386d8)
- s3: add missing storage classes and API cleanups (#2834) (5cd9609), closes #2708
- stepfunctions: add grantStartExecution() (#2793) (da32176)
- stepfunctions: add support for AmazonSageMaker APIs (#2808) (8b1f3ed), closes #1314
- stepfunctions: waitForTaskToken for Lambda, SQS, SNS (#2686) (d017a14), closes #2658 #2735
- formalize the concept of physical names, and use them for cross-environment CodePipelines. (#1924) (6daaca8)
BREAKING CHANGES
- assets:
AssetProps.packaging
has been removed and is now automatically discovered based on the file type. - assets:
ZipDirectoryAsset
has been removed, useaws-s3-assets.Asset
. - assets:
FileAsset
has been removed, useaws-s3-assets.Asset
. - lambda:
Code.directory
andCode.file
have been removed. UseCode.asset
. - assets-docker: The module has been renamed to aws-ecr-assets
- ecs: the property that specifies the type of EC2 AMI optimized for ECS was renamed to
hardwareType
fromhwType
. - codebuild: the method addToRoleInlinePolicy in CodeBuild's Project class has been removed.
- dynamodb:
TableOptions.pitrEnabled
renamed topointInTimeRecovery
. - dynamodb:
TableOptions.sseEnabled
renamed toserverSideEncryption
. - dynamodb:
TableOptions.ttlAttributeName
renamed totimeToLiveAttribute
. - dynamodb:
TableOptions.streamSpecification
renamedstream
. - ecs:
ContainerImage.fromAsset()
now takes only build directory
directly (no need to passscope
orid
anymore). - secretsmanager:
ISecret.secretJsonValue
renamed tosecretValueFromJson
. - ssm:
ParameterStoreString
has been removed. UseStringParameter.fromStringParameterAttributes
. - ssm:
ParameterStoreSecureString
has been removed. UseStringParameter.fromSecureStringParameterAttributes
. - ssm:
ParameterOptions.name
was renamed toparameterName
. - logs:
newStream
renamed toaddStream
and doesn't need a scope - logs:
newSubscriptionFilter
renamed toaddSubscriptionFilter
and doesn't need a scope - logs:
newMetricFilter
renamed toaddMetricFilter
and doesn't need a scope - logs:
NewSubscriptionFilterProps
renamed toSubscriptionProps
- logs:
NewLogStreamProps
renamed toLogStreamOptions
- logs:
NewMetricFilterProps
renamed toMetricFilterOptions
- logs:
JSONPattern
renamed toJsonPattern
- apigateway:
MethodOptions.authorizerId
is now calledauthorizer
and accepts anIAuthorizer
which is a placeholder interface for the authorizer resource. - apigateway:
restapi.executeApiArn
renamed toarnForExecuteApi
. - apigateway:
restapi.latestDeployment
anddeploymentStage
are now read-only. - events:
EventPattern.detail
is now a map. - events:
scheduleExpression: string
is nowschedule: Schedule
. - multiple modules have been changed to use
cdk.RemovalPolicy
to configure the resource's removal policy. - core:
applyRemovalPolicy
is nowCfnResource.applyRemovalPolicy
. - core:
RemovalPolicy.Orphan
has been renamed toRetain
. - core:
RemovalPolicy.Forbid
has been removed, useRetain
. - ecr:
RepositoryProps.retain
is nowremovalPolicy
, and defaults toRetain
instead of remove since ECR is a stateful resource - kms:
KeyProps.retain
is nowremovalPolicy
- logs:
LogGroupProps.retainLogGroup
is nowremovalPolicy
- logs:
LogStreamProps.retainLogStream
is nowremovalPolicy
- rds:
DatabaseClusterProps.deleteReplacePolicy
is nowremovalPolicy
- rds:
DatabaseInstanceNewProps.deleteReplacePolicy
is nowremovalPolicy
- codebuild: rename BuildSource to Source, S3BucketSource to S3Source, BuildArtifacts to Artifacts, S3BucketBuildArtifacts to S3Artifacts
- codebuild: the classes CodePipelineBuildSource, CodePipelineBuildArtifacts, NoBuildSource, and NoBuildArtifacts have been removed
- codebuild: rename buildScriptAsset and buildScriptAssetEntrypoint to buildScript and buildScriptEntrypoint, respectively
- cli: All L1 ("Cfn") Resources attributes are now prefixed with
attr
instead of the resource type. For example, in S3bucket.bucketArn
is nowbucket.attrArn
. propertyOverrides
has been removed from all "Cfn" resources, instead
users can now read/write resource properties directly on the resource class. For example, instead oflambda.propertyOverrides.runtime
just uselambda.runtime
.- codepipeline: the property designating the name of the stage when creating a CodePipeline is now called
stageName
instead ofname
- codepipeline: the output and extraOutputs properties of the CodeBuildAction were merged into one property, outputs.
- lambda:
- Renamed
Function.addLayer
toaddLayers
and made it variadic - Removed
IFunction.handler
property - Removed
IVersion.versionArn
property (the value is atfunctionArn
) - Removed
SingletonLayerVersion
- Stopped exporting
LogRetention
- Renamed
- cli: if an app includes more than one stack "cdk deploy" and "cdk destroy" now require that an explicit selector will be passed. Use "cdk deploy '*'" if you want to select all stacks.
- iam:
PolicyStatement
no longer has a fluid API, and accepts a
props object to be able to set the important fields. - iam: rename
ImportedResourcePrincipal
toUnknownPrincipal
. - iam:
managedPolicyArns
renamed tomanagedPolicies
, takes
return value fromManagedPolicy.fromAwsManagedPolicyName()
. - iam:
PolicyDocument.postProcess()
is now removed. - iam:
PolicyDocument.addStatement()
renamed toaddStatements
. - iam:
PolicyStatement
is no longerIResolvable
, call.toStatementJson()
to retrieve the IAM policy statement JSON. - iam:
AwsPrincipal
has been removed, useArnPrincipal
instead. - s3:
s3.StorageClass
is now an enum-like class instead of a regular
enum. This means that you need to call.value
in order to obtain it's value. - s3:
s3.Coordinates
renamed tos3.Location
- codepipeline:
Artifact.s3Coordinates
renamed toArtifact.s3Location
. - codebuild: buildSpec argument is now a
BuildSpec
object. - lambda:
lambda.Runtime.NodeJS*
are nowlambda.Runtime.Nodejs*
- core: multiple changes to the
Stack
API - core:
stack.name
renamed tostack.stackName
- core:
stack.stackName
will return the concrete stack name. UseAws.stackName
to indicate { Ref: "AWS::StackName" }. - core:
stack.account
andstack.region
will return the concrete account/region only if they are explicitly specified when the stack is defined (under theenv
prop). Otherwise, they will return a token that resolves to the AWS::AccountId and AWS::Region intrinsic references. UseContext.getDefaultAccount()
andContext.getDefaultRegion()
to obtain the defaults passed through the toolkit in case those are needed. UseToken.isUnresolved(v)
to check if you have a concrete or intrinsic. - core:
stack.logicalId
has been removed. Usestack.getLogicalId()
- core:
stack.env
has been removed, usestack.account
,stack.region
andstack.environment
instead - core:
stack.accountId
renamed tostack.account
(to allow treating account more abstractly) - core:
AvailabilityZoneProvider
can now be accessed throughContext.getAvailabilityZones()
- core:
SSMParameterProvider
can now be accessed throughContext.getSsmParameter()
- core:
parseArn
is nowArn.parse
- core:
arnFromComponents
is nowarn.format
- core:
node.lock
andnode.unlock
are now private - core:
stack.requireRegion
andrequireAccountId
have been removed. UseToken.unresolved(stack.region)
instead - core:
stack.parentApp
have been removed. UseApp.isApp(stack.node.root)
instead. - core:
stack.missingContext
is now private - core:
stack.renameLogical
have been renamed tostack.renameLogicalId
- core:
IAddressingScheme
,HashedAddressingScheme
andLogicalIDs
are now internal. OverrideStack.allocateLogicalId
to customize how logical IDs are allocated to resources. - cli: The CLI no longer accepts
--rename
, and the stack
names are now immutable on the stack artifact. - sns: using a queue, lambda, email, URL as SNS Subscriber now
requires an integration object from the@aws-cdk/aws-sns-subscribers
package. - ecs-patterns: Renamed QueueWorkerService for base, ec2 and fargate to QueueProcessingService, QueueProcessingEc2Service, and QueueProcessingFargateService.
- iam:
roleName
inRoleProps
is now of typePhysicalName
- s3:
bucketName
inBucketProps
is now of typePhysicalName
- codebuild:
roleName
inRoleProps
is now of typePhysicalName