cdk 1.64.0

v1.64.0

on Node.js Yarn

Known Issues

• eks: ❗ Upgrading an existing cluster with service accounts will cause them to be deleted. If you are using service accounts and upgrading to this version from 1.61.1 or below, please apply the workaround suggested here before deploying.
• eks: ❗ FargateCluster and KubernetesPatch breaks deployment. See #10537.

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• codedeploy: the default policy for LambdaDeploymentGroup no longer contains sns:Publish on * permissions

• cfn-include: the construction property 'nestedStacks' of class 'CfnInclude' has been renamed to 'loadNestedStacks'

• rds: removed protected member subnetGroup from DatabaseCluster classes

• rds: Cluster now has deletionProtection enabled if its removal policy is RETAIN

• rds: Instance now has deletionProtection enabled by default only if its removal policy is RETAIN

• eks: Clusters previously running k8s version other than 1.15 and bottlerocket AMI(aws-k8s-1.15 variant) will trigger AMI and node replacement.

Features

• cfn-include: add 'loadNestedStack()' method (#10292) (9d6817f)
• cfn-include: the package cloudformation-include is now 'Developer Preview' (#10436) (d45a57c)
• cfnspec: cloudformation spec v18.3.0 (#10385) (dbdc7ff)
• cli: skip bundling for operations where stack is not needed (#9889) (28cee39), closes #9540
• codedeploy: change LambdaDeploymentGroup default managed policy to AWSCodeDeployRoleForLambdaLimited (#10276) (13e7bde)
• cognito: user pool client logout urls (#10301) (5111837)
• custom-resource: allow referencing resource id in updates/deletes (#10327) (a726dad), closes #10305
• ec2: generic ssm backed machine image (#10369) (1dbad6e)
• ec2: user-defined subnet selectors (#10112) (491113d)
• eks: bottlerocket versoin follows the cluster k8s versoin (#10189) (19638a6), closes #10188
• events-targets: supports to specify fargate platform version (#10223) (3dcd01e), closes #10186
• lambda-nodejs: custom bundling image (#10270) (a2174a4), closes #10194
• pipelines: support VPC property in ShellScriptAction (#10240) (08a3c55), closes #9982
• rds: add SQL Server version 15.00.4043.16.v1 (#10289) (a578ef8), closes #10273
• rds: S3 import and export for DatabaseInstances (#10370) (80a2ac9), closes #4419
• rds: support existing cluster subnet groups (#10391) (a1df511), closes #9991
• redshift: support existing cluster subnet groups (#10340) (5ad8cdb), closes #9241
• secretsmanager: import secrets by name (#10309) (a8e8ed3), closes #7444 #7949 #7994
• add support for the 'Version' resource attribute (#10376) (aac235a)
• stepfunctions: added new condition operators (#9920) (b8490f2)
• stepfunctions: support X-Ray tracing (#10371) (#10374) (ad011c0)
• stepfunctions-tasks: handle Lambda service exceptions (#10386) (edf75b6)

Bug Fixes

• bootstrap: no longer creates KMS master key by default (#10365) (bedd4c0), closes #10115
• bootstrapping: --cloudformation-execution-policies not checked (#10337) (ad9a705)
• cfn-include: allow referring to Conditions in Outputs and Rules (#10373) (4751f42)
• cfn-include: correctly handle the 'AWS::CloudFormation::CustomResource' resource type (#10415) (1a5a024)
• cli: --profile is ignored if AWS_ variables are set (#10362) (957a12e)
• cli: cdk synth fails if AWS_ credentials have expired (#10343) (406f665), closes #7849
• cli: stack outputs aren't sorted (#10328) (9f430fc)
• cloudwatch: LTE operator renders wrong symbol (#10418) (2543584), closes #8913
• codebuild: Project.addFileSystemLocation does not work without providing locations at construction (#10460) (994d3c3), closes #10442
• core: CfnParameter of Number type cannot be used as a string (#10422) (28adc88), closes #10228
• diff: deepEqual may miss difference other than DependsOn (#10394) (9bcaf75), closes #10322
• diff: allow strings to be passed for boolean properties (#10378) (673dd82)
• diff: handle YAML short-forms like '!GetAtt' in diff (#10381) (457e109), closes #6537
• dynamodb: cannot change serverSideEncryption from true to false (#8450) (7a266b5), closes #8286
• ec2: InitFile does not work on Windows (#10450) (84b9d5e), closes #10390
• eks: cannot import a cluster with cdk managed kubectlPrivateSubnets (#10459) (10d0a36)
• eks: circular dependencies when security groups from other stacks are used (#10339) (857acbb)
• lambda: unable to add permissions to imported lambda functions (#8828) (9bf8e13), closes #7588
• lambda-nodejs: local parcel not detected (#10268) (457fab8)
• pipelines: make CdkPipeline build stage optional (#10345) (e9ffa67), closes #10148
• rds: cannot use s3ImportBuckets or s3ExportBuckets with aurora postgres (#10132) (cb6fef8), closes #4419 #8201
• SSM Association 'parameters' property has incorrect type (#10316) (7b5c9d2), closes #3092
• rds: standardize removal policies and deletion protection (#10412) (75811c1)
• redshift: cluster defaultChild broken after adding subnet group (#10389) (746dfe2), closes #10340
• s3-notifications: lambda destination creates a circular dependency when bucket and lambda are in different stacks (#10426) (7222b5d)
• ecs: DockerVolumeConfiguration.labels changed from an array to a map. This was a long standing latent bug and in fact configuring labels in the old format would have resulted in the wrong behavior. (#10385)