cdk 2.51.0

v2.51.0

on Node.js Yarn

Features

• assertions: allResources and allResourcesProperties methods (#22007) (2430537), closes #21269
• cfnspec: cloudformation spec v96.0.0 (#22775) (aa19ec0)
• cfnspec: cloudformation spec v97.0.0 (#22876) (e29df69)
• codebuild: interactive breakpoints using SSM (#22728) (bf165a1)
• cognito: deletion protection for user pools (#22765) (9bde9f3)
• ec2: change log format in Vpc flow logs (#22430) (26779f8), closes #16279 /github.com/aws/aws-cdk/pull/16279#discussion_r808075037 #19316
• iam: customize IAM role creation behavior (#22856) (b25e526), closes #22749 #22862
• lambda: add nodejs18.x runtime (#22964) (176feef)
• lambda-layer-awscli): depend on @awscdk/asset-awscli-v1 and reduce aws-cdk-lib size (#22823) (4bdb18e)
• lambda-layer-kubectl: depend on @awscdk/asset-kubectl-v20 and reduce aws-cdk-lib size (#22677) (6c606d0)
• lambda-layer-node-proxy-agent: depend on @awscdk/asset-node-proxy-agent-v5 and reduce aws-cdk-lib size (#22769) (4d4e8cc)

Bug Fixes

• cli: asset prebuild breaks some custom bootstrap scenarios (#22930) (fc4668d), closes #21965
• cli: assetParallelism option in cdk.json is not recognized (#22781) (e2a9c77)
• cli: synthesis stops on expired AWS credentials (#22861) (0a55e91)
• cloudfront: custom originId not used for multiple behaviors with same origin (#22830) (2f1e2e9), closes #22758
• cloudfront: OriginShield not easily disabled once enabled on an origin (#22791) (6be4cf6)
• ecs: adding a circuit breaker causes Service replacement (under feature flag) (#22467) (9437d4f), closes #16126 #16919 #22328
• events-targets: encrypted queues get too wide permissions (under feature flag) (#22740) (a36f2f0)
• iam: oidc provider fetches leaf certificate thumbprint instead of root (#22802) (280b876), closes 40aws-cdk/aws-iam/lib/oidc-provider/external.ts#L40 40aws-cdk/aws-iam/lib/oidc-provider/external.ts#L46 40aws-cdk/aws-eks/lib/oidc-provider.ts#L49
• s3-deployment: responseURL is in CloudWatch Logs (#22952) (863548d)
• CDK does not work in FIPS-restricted environments (#22878) (76a56ad)
• events-targets: policy restricts access to the same account as the Queue, not the Rule (#22766) (0083256)
• iam: service principals use unnecessary exceptions (under feature flag) (#22819) (65d8e3d)
• region-info: EC2 service principal is incorrect in GovCloud regions (#22589) (1c707eb)
• s3: remove restriction of creating lifecycle rule for noncurrent objects when bucket versionining is not set up (#22803) (b20a6b4), closes #22392
• stepfunctions-tasks: custom resource uses subprocess with Shell=true (#22752) (bd056d1)

Reverts

• "chore: add AWSLINT_SAVE to the PR buildspec (#22743)" (#22782) (df5830c)

Alpha modules (2.51.0-alpha.0)

Features

• gamelift: add BuildFleet L2 Construct for GameLift (#22835) (834fab4)
• gamelift: add GameServerGroup L2 Construct for GameLift (#22762) (ef74116)
• integ-runner: support config file (#22937) (4f49efe)
• integ-runner: support custom --app commands (#22761) (a7bb6e1), closes #22521
• integ-runner: support custom --test-regex to match integ test files (#22786) (fa1a439), closes #22761 #22521
• integ-runner: support snapshot diff on nested stacks (#22881) (5b3d06d)
• sagemaker: add EndpointConfig L2 construct (#22865) (0e97c15), closes #2809
• sagemaker: add Model L2 construct (#22549) (93915f1), closes #2809

Bug Fixes

• gamelift: restrict policy to access Script / Build content in S3 (#22767) (c936002)